Yes, I noticed that too - and Coverity was fairly eager to get a scan of the Qpid Java code back when we started, but they weren't ready to scan Java quite yet.
If anyone would like to tackle the Java scans, and is not yet signed up at coverity.com, please let me know and I'll help get you going. From: Rob Godfrey [mailto:[email protected]] Sent: Tuesday, July 02, 2013 10:41 AM To: qpid Cc: Steve Huston Subject: Re: New Defects reported by Coverity Scan for Apache-Qpid As an aside, I notice that they seem to have enabled scanning of Java projects as well as C++ now... we should maybe look to see what a coverity scan of the Java code looks like -- Rob On 2 July 2013 16:16, Ken Giusti <[email protected]<mailto:[email protected]>> wrote: Hi Steve, I've made a minor code change that seems to eliminate those locking false positives: http://svn.apache.org/viewvc?view=revision&revision=1498926 I've tried it against a local installation of Coverity. When you have a chance, can you kick off a coverity scan of upstream and see if we get the same results? If it eliminates the false positives, I'd consider Coverity's behavior buggy and would like to report it. BTW, I had no luck coming up with a model that would fix the issue. The tools don't give any (obvious) feedback as to how it's interpreting the model - or any way that I could find that would enable debugging of the model to find out what it was actually doing. -K ----- Original Message ----- > From: "Ken Giusti" <[email protected]<mailto:[email protected]>> > To: [email protected]<mailto:[email protected]> > Cc: [email protected]<mailto:[email protected]> > Sent: Monday, July 1, 2013 6:46:55 PM > Subject: Re: New Defects reported by Coverity Scan for Apache-Qpid > > Ok - I'll give it a go, stay tuned. > > -K > > ----- Original Message ----- > > From: "Steve Huston" <[email protected]<mailto:[email protected]>> > > To: [email protected]<mailto:[email protected]> > > Sent: Monday, July 1, 2013 2:32:14 PM > > Subject: RE: New Defects reported by Coverity Scan for Apache-Qpid > > > > Yes, there is a way - I can do it, probably because I'm the admin for the > > project. If you create one, I'll set it up. > > > > > -----Original Message----- > > > From: Ken Giusti [mailto:[email protected]<mailto:[email protected]>] > > > Sent: Monday, July 01, 2013 2:11 PM > > > To: [email protected]<mailto:[email protected]> > > > Subject: Re: New Defects reported by Coverity Scan for Apache-Qpid > > > > > > Hi Steve, > > > > > > I've marked that particular error as "false positive" in Coverity > > > Connect, > > > but > > > from what I can tell, the "right" way to fix such lock wrapper classes is > > > to > > > create a "model" for those wrapper classes. There's some documentation > > > here: > > > > > > http://scan5.coverity.com:8080/docs/en/cov_checker_ref.html#static_c_ch > > > ecker_LOCK > > > > > > > > > Is there a way to configure a model file for the coverity checker? A > > > quick > > > look > > > at our project page on the coverity web site didn't seem to allow that. > > > > > > > > > ----- Original Message ----- > > > > From: "Steve Huston" <[email protected]<mailto:[email protected]>> > > > > To: [email protected]<mailto:[email protected]> > > > > Sent: Monday, July 1, 2013 1:18:58 PM > > > > Subject: RE: New Defects reported by Coverity Scan for Apache-Qpid > > > > > > > > I agree, Ken. If anyone knows how to make Coverity stop this, please > > > > let me know. Else I'll check into it. I know there are a few ways to > > > > mark things as false positive. > > > > > > > > > -----Original Message----- > > > > > From: Ken Giusti > > > > > [mailto:[email protected]<mailto:[email protected]>] > > > > > Sent: Monday, July 01, 2013 1:17 PM > > > > > To: Qpid Dev > > > > > Subject: Re: New Defects reported by Coverity Scan for Apache-Qpid > > > > > > > > > > Unless I'm missing something subtle, this appears to be a false > > > > > positive. > > > > > > > > > > Coverity marked a few uses of ScopedLock with this error, but not > > > > > all, which seems curious. > > > > > > > > > > -K > > > > > > > > > > > > > > > ----- Forwarded Message ----- > > > > > > From: [email protected]<mailto:[email protected]> > > > > > > To: [email protected]<mailto:[email protected]> > > > > > > Sent: Sunday, June 30, 2013 5:39:43 PM > > > > > > Subject: New Defects reported by Coverity Scan for Apache-Qpid > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > __________________________________________________________ > > > > > ____________ > > > > > > __ > > > > > > CID 1040637: Missing unlock (LOCK) > > > > > > > > > > > > > > > /qpidbuilds/trunk/qpid/cpp/src/qpid/broker/amqp_0_10/Connection.cpp: > > > > > > 379 ( > > > > > > lock) > > > > > > 376 > > > > > > 377 void Connection::doIoCallbacks() { > > > > > > 378 if (!isOpen()) return; // Don't process IO callbacks > > > > > > until > > > > > > we > > > > > > are open. > > > > > > >>> > > > > > "qpid::sys::ScopedLock<qpid::sys::Mutex>::ScopedLock(qpid::sys::Mute > > > > > x > > > > > &)" > > > > > > >>> locks "this->ioCallbackLock.mutex". > > > > > > 379 ScopedLock<Mutex> l(ioCallbackLock); > > > > > > 380 while (!ioCallbacks.empty()) { > > > > > > 381 boost::function0<void> cb = ioCallbacks.front(); > > > > > > 382 ioCallbacks.pop(); > > > > > > 383 ScopedUnlock<Mutex> ul(ioCallbackLock); > > > > > > > > > > > > > > > > > > > > > /qpidbuilds/trunk/qpid/cpp/src/qpid/broker/amqp_0_10/Connection.cpp: > > > > > > 386 ( > > > > > > missing_unlock) > > > > > > 383 ScopedUnlock<Mutex> ul(ioCallbackLock); > > > > > > 384 cb(); // Lend the IO thread for management > > > > > > processing > > > > > > 385 } > > > > > > >>> CID 1040637: Missing unlock (LOCK) Returning without unlocking > > > > > > >>> "this->ioCallbackLock.mutex". > > > > > > 386 } > > > > > > 387 > > > > > > 388 bool Connection::doOutput() { > > > > > > 389 try { > > > > > > 390 doIoCallbacks(); > > > > > > > > > > > > > > > > > > > > __________________________________________________________ > > > > > ____________ > > > > > > __ To view the defects in Coverity Scan visit, > > > > > > http://scan.coverity.com > > > > > > > > > > > > To unsubscribe from the email notification for new defects, > > > > > > http://scan5.coverity.com/cgi-bin/unsubscribe.py > > > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------------- > > > > > - To unsubscribe, e-mail: > > > > > [email protected]<mailto:[email protected]> > > > > > For > > > > > additional commands, e-mail: > > > > > [email protected]<mailto:[email protected]> > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > > > > [email protected]<mailto:[email protected]> > > > > For additional > > > > commands, e-mail: > > > > [email protected]<mailto:[email protected]> > > > > > > > > > > -- > > > -K > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > > > [email protected]<mailto:[email protected]> > > > For additional > > > commands, e-mail: > > > [email protected]<mailto:[email protected]> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > [email protected]<mailto:[email protected]> > > For additional commands, e-mail: > > [email protected]<mailto:[email protected]> > > > > -- > -K > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [email protected]<mailto:[email protected]> > For additional commands, e-mail: > [email protected]<mailto:[email protected]> > > -- -K --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected]<mailto:[email protected]> For additional commands, e-mail: [email protected]<mailto:[email protected]>
