Forums » Ruby-core » Coverity Scan

I don't know if anyone else has signed up for access to the coverity
scan stuff, but it's pretty interesting.  I'd be happy to act as a proxy
for marking false positives.  I can post the code coverity marks, and
take action based on the feedback I receive.

For example:


1    	/*
2    	 *      tcltklib.c
3    	 *              Aug. 27, 1997   Y. Shigehiro
4    	 *              Oct. 24, 1997   Y. Matsumoto
5    	 */
6
7    	#define TCLTKLIB_RELEASE_DATE "2006-04-18"
.
.
.
1685 	VALUE
1686 	lib_eventloop_ensure(args)
1687 	    VALUE args;
1688 	{
1689 	    struct evloop_params *ptr = (struct evloop_params *)args;
1690 	    volatile VALUE current_evloop = rb_thread_current();
1691
1692 	    DUMP2("eventloop_ensure: current-thread : %lx", 
current_evloop);
1693 	    DUMP2("eventloop_ensure: eventloop-thread : %lx", 
eventloop_thread);
1694 	    if (eventloop_thread != current_evloop) {
1695 	        DUMP2("finish eventloop %lx (NOT current eventloop)",
current_evloop);
1696
1697 		rb_thread_critical = ptr->thr_crit_bup;
1698
1699 	        return Qnil;
1700 	    }
1701
1702 	    while((eventloop_thread = rb_ary_pop(eventloop_stack))) {
1703 	        DUMP2("eventloop-ensure: new eventloop-thread -> %lx",
1704 	              eventloop_thread);
1705
1706 	        if (eventloop_thread == current_evloop) {
1707 	            rbtk_eventloop_depth--;
1708 	            DUMP2("eventloop %lx : back from recursive call",
current_evloop);
1709 	            break;
1710 	        }
1711
1712 	        if (NIL_P(eventloop_thread)) {
1713 	          Tcl_DeleteTimerHandler(timer_token);
1714 	          timer_token = (Tcl_TimerToken)NULL;
1715
1716 	          break;
1717 	        }
1718
1719 	        if (RTEST(rb_funcall(eventloop_thread, ID_alive_p, 0, 0))) 
{
1720 	            DUMP2("eventloop-enshure: wake up parent %lx",
eventloop_thread);
1721 	            rb_thread_wakeup(eventloop_thread);
1722
1723 	            break;
1724 	        }
1725 	    }
1726

Event freed_arg: Pointer "ptr" freed by function "free"
Also see events: [deref_after_free]

1727 	    free(ptr);
1728

Event deref_after_free: Dereferencing freed pointer "ptr"
Also see events: [freed_arg]

1729 	    rb_thread_critical = ptr->thr_crit_bup;
1730
1731 	    DUMP2("finish current eventloop %lx", current_evloop);
1732 	    return Qnil;
1733 	}
1734

On 4/20/06, Pat Eyler <rubypate@gmail.com> wrote:
> I don't know if anyone else has signed up for access to the coverity
> scan stuff, but it's pretty interesting.  I'd be happy to act as a proxy
> for marking false positives.  I can post the code coverity marks, and
> take action based on the feedback I receive.
>

BTW, by taking action, I mean that I can mark these as:
  UNINSPECTED
  BUG
  FALSE
  RESOLVED
  IGNORE
  PENDING

From: "Pat Eyler" <rubypate@gmail.com>
Subject: Coverity Scan
Date: Fri, 21 Apr 2006 04:12:51 +0900
Message-ID: 
<5dc31fed0604201212q742c1d1ay5965d8b48d842c70@mail.gmail.com>
> Event freed_arg: Pointer "ptr" freed by function "free"
> Also see events: [deref_after_free]
> 
> 1727 	    free(ptr);
> 1728 	
> 
> Event deref_after_free: Dereferencing freed pointer "ptr"
> Also see events: [freed_arg]
> 
> 1729 	    rb_thread_critical = ptr->thr_crit_bup;

Than you for your report. I've fixed it on CVS.

should I continue to post these then?

Hi,

In message "Re: Coverity Scan"
    on Tue, 25 Apr 2006 05:32:04 +0900, "Pat Eyler" <rubypate@gmail.com> 
writes:

|should I continue to post these then?

Yes, please.  I have an account as well, but no good at reading
information from it.

							matz.