I took a quick look last night; only saw trivial issues. However the real problem for me is how to proceed. I was ignoring all C++ issues and intending looking at fixing/circumventing the bas C notes, starting with Engine and OOps, and those parts of Opcodes I wrote or hacked. I do not want to waste time if others are attacking these. The on-line nature of the information is definitely a negative force in organising the process; we need some way of marking which have been done ==John ff Quoting Stephen Kyne : > There is a way of telling Coverity to ignore certain items it might > throw up rather than editing the code. Triage I think it's > called.It's a good tool though, we use it at work and it can find a > lot of tricky bugs and even some locking issues.I think for C/C++ > though it can be overzealous with it's warnings, it's probably best > to judge each item or just fix high severity issues initially. > StephenDate: Thu, 23 Jan 2014 12:49:33 -0500 > From: michael.gogins@gmail.com > To: csound-devel@lists.sourceforge.net > Subject: Re: [Cs-dev] Coverity Scan > > John, all static analysis tools produce false positives. We just > have to look at the code and try to remove the warnings. I think we > should remove them if we can even if they are false positives. > Sometimes this is not so easy, then a comment in the code to that > effect is a very good idea. > > Best,Mike > -----------------------------------------------------Michael Gogins > Irreducible Productions > > http://michaelgogins.tumblr.com > Michael dot Gogins at gmail dot com > > > On Thu, Jan 23, 2014 at 12:04 PM, Felipe Sateler wrote: > > Mike, could you log in to the report viewer? It is kind of slow but it > > works for me... > > > > John, I have sent you an invite too. > > > > Coverity does have tools to signal to it that a flagged error is not > > actually an error, but I have not explored them. > > > > On Thu, Jan 23, 2014 at 12:13 PM, Michael Gogins > > wrote: > >> I now have a GitHub account and can sign into your Coverity project, but > >> when I try to view the actual defects I seem to just keep going in > >> circles... > >> > >> Regards, > >> Mike > >> > >> > >> ----------------------------------------------------- > >> Michael Gogins > >> Irreducible Productions > >> http://michaelgogins.tumblr.com > >> Michael dot Gogins at gmail dot com > >> > >> > >> On Thu, Jan 23, 2014 at 10:04 AM, Michael Gogins > >> wrote: > >>> > >>> Thanks again. I have created my account. > >>> > >>> Regards, > >>> Mike > >>> > >>> > >>> ----------------------------------------------------- > >>> Michael Gogins > >>> Irreducible Productions > >>> http://michaelgogins.tumblr.com > >>> Michael dot Gogins at gmail dot com > >>> > >>> > >>> On Thu, Jan 23, 2014 at 9:56 AM, Felipe Sateler > >>> wrote: > >>>> > >>>> Unfortunately the report is not downloadable, it is viewed through a > >>>> web report viewer. > >>>> > >>>> I have sent you an invite so that you can access the system (you can > >>>> use your github account to login if you want to, no need to create a > >>>> new account). > >>>> > >>>> On Thu, Jan 23, 2014 at 11:50 AM, Michael Gogins > >>>> wrote: > >>>> > Thanks! > >>>> > > >>>> > I have used other static analysis tools on Csound code myself, and have > >>>> > consistently recommended their use for some time. Please email me the > >>>> > scan, > >>>> > and I will try to fix some of these. > >>>> > > >>>> > Regards, > >>>> > Mike > >>>> > > >>>> > > >>>> > ----------------------------------------------------- > >>>> > Michael Gogins > >>>> > Irreducible Productions > >>>> > http://michaelgogins.tumblr.com > >>>> > Michael dot Gogins at gmail dot com > >>>> > > >>>> > > >>>> > On Thu, Jan 23, 2014 at 9:45 AM, Felipe Sateler > >>>> > wrote: > >>>> >> > >>>> >> Coverity is a static analysis tool (supposedly one of the best). It > >>>> >> offers free scans for open source projects, so I scanned the latest > >>>> >> 6.02 release of csound (default options) to see what can be found. > >>>> >> > >>>> >> Csound has 424 outstanding issues, of which coverity rates 94 as > >>>> >> high-impact. > >>>> >> > >>>> >> Problems types include: uninitialized variables, unbounded copies into > >>>> >> fixed-length buffers, dereference before null checks, printf > >>>> >> mismatches, and others. > >>>> >> > >>>> >> The full report is at https://scan.coverity.com/projects/1211, but you > >>>> >> need to request access to be able to see it (I don't think it is > >>>> >> possible to make the report public). If you are interested in looking > >>>> >> at the report, send a request and I'll approve it ASAP. > >>>> >> > >>>> >> -- > >>>> >> > >>>> >> Saludos, > >>>> >> Felipe Sateler > >>>> >> > >>>> >> > >>>> >> > >>>> >> >>>> ------------------------------------------------------------------------------ > >>>> >> CenturyLink Cloud: The Leader in Enterprise Cloud Services. > >>>> >> Learn Why More Businesses Are Choosing CenturyLink Cloud For > >>>> >> Critical Workloads, Development Environments & Everything In Between. > >>>> >> Get a Quote or Start a Free Trial Today. > >>>> >> > >>>> >> > >>>> >> >>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > >>>> >> _______________________________________________ > >>>> >> Csound-devel mailing list > >>>> >> Csound-devel@lists.sourceforge.net > >>>> >> https://lists.sourceforge.net/lists/listinfo/csound-devel > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > >>>> ------------------------------------------------------------------------------ > >>>> > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > >>>> > Learn Why More Businesses Are Choosing CenturyLink Cloud For > >>>> > Critical Workloads, Development Environments & Everything In Between. > >>>> > Get a Quote or Start a Free Trial Today. > >>>> > > >>>> > >>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > >>>> > _______________________________________________ > >>>> > Csound-devel mailing list > >>>> > Csound-devel@lists.sourceforge.net > >>>> > https://lists.sourceforge.net/lists/listinfo/csound-devel > >>>> > > >>>> > >>>> > >>>> > >>>> -- > >>>> > >>>> Saludos, > >>>> Felipe Sateler > >>>> > >>>> > >>>> ------------------------------------------------------------------------------ > >>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services. > >>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For > >>>> Critical Workloads, Development Environments & Everything In Between. > >>>> Get a Quote or Start a Free Trial Today. > >>>> > >>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > >>>> _______________________________________________ > >>>> Csound-devel mailing list > >>>> Csound-devel@lists.sourceforge.net > >>>> https://lists.sourceforge.net/lists/listinfo/csound-devel > >>> > >>> > >> > >> > >> ------------------------------------------------------------------------------ > >> CenturyLink Cloud: The Leader in Enterprise Cloud Services. > >> Learn Why More Businesses Are Choosing CenturyLink Cloud For > >> Critical Workloads, Development Environments & Everything In Between. > >> Get a Quote or Start a Free Trial Today. > >> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > >> _______________________________________________ > >> Csound-devel mailing list > >> Csound-devel@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/csound-devel > >> > > > > > > > > -- > > > > Saludos, > > Felipe Sateler > > > > ------------------------------------------------------------------------------ > > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > > Learn Why More Businesses Are Choosing CenturyLink Cloud For > > Critical Workloads, Development Environments & Everything In Between. > > Get a Quote or Start a Free Trial Today. > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > > _______________________________________________ > > Csound-devel mailing list > > Csound-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/csound-devel > > > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > Csound-devel mailing list > Csound-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/csound-devel ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Csound-devel mailing list Csound-devel@lists.sourceforge.net