Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

classic Classic list List threaded Threaded
19 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

ISHIKAWA,chiaki
Hi,

Somebody ought to get down to the bottom of the issue which Coverity  
static checker has uncovered.

This is hilarious in a way. A very amusing bug in contrast to mundane  
memory bugs, etc. which I have been trying to fix in TB code.

valgrind, addresssanitizer won't be able to find this obviously.
Only a very through test coverage may have shown the strange lapse of  
coverage. But our test coverage is nowhere near complete...

Anyway, we should be so lucky that Coverity found this at this stage.

https://bugzilla.mozilla.org/show_bug.cgi?id=1277609
Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c))  
is never executed !?

BTW, the list of issues found by Coverity in TB code (about 500+)  
contains so many low-hanging fruits that a group of students can file a  
couple of hundred bugzilla entries easily (!). Hint, hint...

There *ARE* entries like the above which we can certainly understand to  
be problems but producing a patch takes time.

But I am quite sure given the nature of the issues found by Coverity, a  
couple of hundred bugs can be fixed easily by one liner (or two lines,  
etc.).

TIA
_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

R Kent James
On 6/2/2016 10:06 AM, ISHIKAWA,chiaki wrote:

> Hi,
>
> Somebody ought to get down to the bottom of the issue which Coverity
> static checker has uncovered.
>
> This is hilarious in a way. A very amusing bug in contrast to mundane
> memory bugs, etc. which I have been trying to fix in TB code.
>
> valgrind, addresssanitizer won't be able to find this obviously.
> Only a very through test coverage may have shown the strange lapse of
> coverage. But our test coverage is nowhere near complete...
>
> Anyway, we should be so lucky that Coverity found this at this stage.
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=1277609
> Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c))
> is never executed !?
>
> BTW, the list of issues found by Coverity in TB code (about 500+)
> contains so many low-hanging fruits that a group of students can file a
> couple of hundred bugzilla entries easily (!). Hint, hint...
>
> There *ARE* entries like the above which we can certainly understand to
> be problems but producing a patch takes time.
>
> But I am quite sure given the nature of the issues found by Coverity, a
> couple of hundred bugs can be fixed easily by one liner (or two lines,
> etc.).
>
> TIA

It would be good to have a findable reference to this. Is there a bug
filed? If not, could you file a bug for the entire class of results from
the sane, maybe with good first bug flagged?

:rkent

_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

ISHIKAWA,chiaki
R Kent James wrote:

> On 6/2/2016 10:06 AM, ISHIKAWA,chiaki wrote:
>> Hi,
>>
>> Somebody ought to get down to the bottom of the issue which Coverity
>> static checker has uncovered.
>>
>> This is hilarious in a way. A very amusing bug in contrast to mundane
>> memory bugs, etc. which I have been trying to fix in TB code.
>>
>> valgrind, addresssanitizer won't be able to find this obviously.
>> Only a very through test coverage may have shown the strange lapse of
>> coverage. But our test coverage is nowhere near complete...
>>
>> Anyway, we should be so lucky that Coverity found this at this stage.
>>
>> https://bugzilla.mozilla.org/show_bug.cgi?id=1277609
>> Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c))
>> is never executed !?
>>
>> BTW, the list of issues found by Coverity in TB code (about 500+)
>> contains so many low-hanging fruits that a group of students can file a
>> couple of hundred bugzilla entries easily (!). Hint, hint...
>>
>> There *ARE* entries like the above which we can certainly understand to
>> be problems but producing a patch takes time.
>>
>> But I am quite sure given the nature of the issues found by Coverity, a
>> couple of hundred bugs can be fixed easily by one liner (or two lines,
>> etc.).
>>
>> TIA
>
> It would be good to have a findable reference to this. Is there a bug
> filed? If not, could you file a bug for the entire class of results from
> the sane, maybe with good first bug flagged?
>
> :rkent
>
I am still learning how to use Coverity effectively.

It would be great to file a bug easily for each issue which Coverity has
uncovered, but I am afraid that at this moment, we have to file a
bugzilla manually (?).

I think I need someone who needs Coverity interface better than I do.

Yeah, filing the bug for 500+ issues manually overwhelms me :-)

TIA


_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

Jörg Knobloch
On 2/06/2016 21:23, R Kent James wrote:
 > It would be good to have a findable reference to this.

On 3/06/2016 05:19, ISHIKAWA,chiaki wrote:
> Yeah, filing the bug for 500+ issues manually overwhelms me

For problems reported by VIVA there is this tracking bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=710966

Jörg.

_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

ISHIKAWA,chiaki
In reply to this post by ISHIKAWA,chiaki
On 2016年06月03日 17:46, Jörg Knobloch wrote:

> On 2/06/2016 21:23, R Kent James wrote:
>> It would be good to have a findable reference to this.
>
> On 3/06/2016 05:19, ISHIKAWA,chiaki wrote:
>> Yeah, filing the bug for 500+ issues manually overwhelms me
>
> For problems reported by VIVA there is this tracking bug:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=710966
>
> Jörg.
>

Oh, in this sense, there is a meta bug for issues found by Coverity.

That is
Bug 1230156 - (coverity-analysis) [meta] Coverity Static Analysis fixes

(This includes the issues in M-C portion of the tree as well.)
If we want to have a subset that is specific only to C-C TB tree, I think we
can create one and
I will block that meta bug when I file bugzilla entries based on TB issues
bound by Coverity.)


_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

Wayne Mery
In reply to this post by R Kent James
On 6/2/2016 11:19 PM, ISHIKAWA,chiaki wrote:

> R Kent James wrote:
>> On 6/2/2016 10:06 AM, ISHIKAWA,chiaki wrote:
>>> Hi,
>>>
>>> Somebody ought to get down to the bottom of the issue which Coverity
>>> static checker has uncovered.
>>>
>>> This is hilarious in a way. A very amusing bug in contrast to mundane
>>> memory bugs, etc. which I have been trying to fix in TB code.
>>>
>>> valgrind, addresssanitizer won't be able to find this obviously.
>>> Only a very through test coverage may have shown the strange lapse of
>>> coverage. But our test coverage is nowhere near complete...
>>>
>>> Anyway, we should be so lucky that Coverity found this at this stage.
>>>
>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1277609
>>> Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c))
>>> is never executed !?
>>>
>>> BTW, the list of issues found by Coverity in TB code (about 500+)
>>> contains so many low-hanging fruits that a group of students can file a
>>> couple of hundred bugzilla entries easily (!). Hint, hint...
>>>
>>> There *ARE* entries like the above which we can certainly understand to
>>> be problems but producing a patch takes time.
>>>
>>> But I am quite sure given the nature of the issues found by Coverity, a
>>> couple of hundred bugs can be fixed easily by one liner (or two lines,
>>> etc.).
>>>
>>> TIA
>>
>> It would be good to have a findable reference to this. Is there a bug
>> filed? If not, could you file a bug for the entire class of results from
>> the sane, maybe with good first bug flagged?
>>
>> :rkent
>>
> I am still learning how to use Coverity effectively.
>
> It would be great to file a bug easily for each issue which Coverity has
> uncovered, but I am afraid that at this moment, we have to file a
> bugzilla manually (?).
>
> I think I need someone who needs Coverity interface better than I do.
>
> Yeah, filing the bug for 500+ issues manually overwhelms me :-)
>
> TIA

Given the large number you may want to be selective or prioritize what
bugs you file.  I suggest the components that should be priorities are
filters+bayes, database, backend, networking, imap and pop. (and hits
that can't possibly affect users, like "never executed", should be
deprioritized/ignored for now)

_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

tanstaafl-2
In reply to this post by ISHIKAWA,chiaki
On 6/2/2016 11:19 PM, ISHIKAWA,chiaki <[hidden email]> wrote:
> Yeah, filing the bug for 500+ issues manually overwhelms me :-)

I would be willing to help with this, that is why I asked for a link to
these bugs...
_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

Stefan Sitter-2
In reply to this post by ISHIKAWA,chiaki
On 03.06.2016 12:40, ishikawa wrote:
> Oh, in this sense, there is a meta bug for issues found by Coverity.
>
> That is Bug 1230156 - (coverity-analysis) [meta] Coverity Static
> Analysis fixes
>
> (This includes the issues in M-C portion of the tree as well.) If we
> want to have a subset that is specific only to C-C TB tree, I think
> we can create one and I will block that meta bug when I file bugzilla
> entries based on TB issues bound by Coverity.)

There is dedicated keyword for coverity:
<https://bugzilla.mozilla.org/describekeywords.cgi#coverity>

If you set it on the filed bugs they will be easier to find
<https://bugzilla.mozilla.org/buglist.cgi?keywords=coverity&resolution=--->

/Stefan
_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

ISHIKAWA,chiaki
In reply to this post by tanstaafl-2
Tanstaafl wrote:
> On 6/2/2016 11:19 PM, ISHIKAWA,chiaki <[hidden email]> wrote:
>> Yeah, filing the bug for 500+ issues manually overwhelms me :-)
>
> I would be willing to help with this, that is why I asked for a link to
> these bugs...

Great to hear there are more people willing to take a look.

The following is a link to the web site, but I think there is a
registration process.

https://scan.coverity.com/projects/thunderbird

In my case, I read a blog post about it (Hmm, I wonder why I can't find
it now.), and left a comment and got added to the above project.
I have asked Andi who let me into the project to see what we should do.
(Simply pushing the addme button or asking someone to accept the new
member by private e-mail, etc.)

Stay tuned and I am happy to see more eyeballs looking over the list (!)

CI



_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

Wayne Mery
In reply to this post by tanstaafl-2
On 6/3/2016 6:52 PM, ISHIKAWA,chiaki wrote:

> Tanstaafl wrote:
>> On 6/2/2016 11:19 PM, ISHIKAWA,chiaki <[hidden email]> wrote:
>>> Yeah, filing the bug for 500+ issues manually overwhelms me :-)
>>
>> I would be willing to help with this, that is why I asked for a link to
>> these bugs...
>
> Great to hear there are more people willing to take a look.
>
> The following is a link to the web site, but I think there is a
> registration process.
>
> https://scan.coverity.com/projects/thunderbird
>
> In my case, I read a blog post about it (Hmm, I wonder why I can't find
> it now.), and left a comment and got added to the above project.
> I have asked Andi who let me into the project to see what we should do.
> (Simply pushing the addme button or asking someone to accept the new
> member by private e-mail, etc.)
>
> Stay tuned and I am happy to see more eyeballs looking over the list (!)
>
> CI

I sent an invitation to tanstaffl's address using
https://scan.coverity.com/projects/thunderbird?tab=invite

Note, you can choose to authenticate using github

_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

Philip Chee
On 04/06/2016 18:56, Wayne wrote:

> I sent an invitation to tanstaffl's address using
There's only one "f" in tanstaafl.

> https://scan.coverity.com/projects/thunderbird?tab=invite
>
> Note, you can choose to authenticate using github

Phil

--
Philip Chee <[hidden email]>, <[hidden email]>
http://flashblock.mozdev.org/ http://xsidebar.mozdev.org
Guard us from the she-wolf and the wolf, and guard us from the thief,
oh Night, and so be good for us to pass.
_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

ISHIKAWA,chiaki
In reply to this post by Wayne Mery
On 2016年06月04日 19:56, Wayne wrote:

> On 6/3/2016 6:52 PM, ISHIKAWA,chiaki wrote:
>> Tanstaafl wrote:
>>> On 6/2/2016 11:19 PM, ISHIKAWA,chiaki <[hidden email]> wrote:
>>>> Yeah, filing the bug for 500+ issues manually overwhelms me :-)
>>>
>>> I would be willing to help with this, that is why I asked for a link to
>>> these bugs...
>>
>> Great to hear there are more people willing to take a look.
>>
>> The following is a link to the web site, but I think there is a
>> registration process.
>>
>> https://scan.coverity.com/projects/thunderbird
>>
>> In my case, I read a blog post about it (Hmm, I wonder why I can't find
>> it now.), and left a comment and got added to the above project.
>> I have asked Andi who let me into the project to see what we should do.
>> (Simply pushing the addme button or asking someone to accept the new
>> member by private e-mail, etc.)
>>
>> Stay tuned and I am happy to see more eyeballs looking over the list (!)
>>
>> CI
>
> I sent an invitation to tanstaffl's address using
> https://scan.coverity.com/projects/thunderbird?tab=invite
>
> Note, you can choose to authenticate using github
>


I didn't know there is an invite button.

If someone becomes interested in this Thunderbird Coverity project, I think
I can send an invite just as Wayne did
or, according an e-mail I received from the parties who invited me to join
in the first place,
you can simply push [ADDME] button in

https://scan.coverity.com/projects/thunderbird
(I don't see the addme button any more because once I log in the project it
is not shown for obvious reasons?)

and explain in the comment field that you get to know this project from my
post and got interested:
the comment field that appears during the registration process, that is, the
rectangle in the lower-right corner seems to be the comment area.
The little explanation can help the responsible party to grant the access
with confidence. I hope no one abuses his/her access to the database.

BTW, I have marked most of the "High Impact Outstanding" issues for mail
(imap, mime, compose) portion* either as pending or bug: not that many maybe
a few dozens.
I have no idea what metrics Coverity uses to figure out the most "High
Impact Outstanding" issues from the
552 issues.

Pending cases seem to be a bug also, but I am not sure how to handle it:
some of them are so subtle and I am not entirely sure how to handle the
cases (can we call some features?)
It is a surprise that some bugs/features have lived so long in the code (!).

Anyway, I have just started. I will start filing the bugzilla entries for
the newly marked ones (mostly resource leaks and uninitialized variable
usage. Even though that the particular situation can get away without
initialization it is not obvious from reading the code alone. We should add
more comment or properly initialize the variable for *maintenability* alone.
Coverity is a friend in this sense to make the code more maintenable!)

Based on the comments I received here,
I have not touched ldap portion yet although there seems to be glaring
memory access issue. As a matter of fact, about half the 80+ "High Impact
Outstanding" issues are from "ldap" subdirectory.
Once I clear maybe a couple of dozen bugs in mail code, I may report a few
ldap bugs again. This is because some bugzilla entries I found by searching
for "ldap" keywords seem to be caused by some memory access issues found by
Coverity.

I hope we can make TB a more stable and reliable multi-platform mail client
by fixing these issues which Coverity found.
(I have been looking for a rock-solid mail client (tm) and any help from
humans and machines will be welcome!)


TIA


_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

Wayne Mery
In reply to this post by Wayne Mery
On 6/6/2016 2:18 AM, ishikawa wrote:

> On 2016年06月04日 19:56, Wayne wrote:
>> On 6/3/2016 6:52 PM, ISHIKAWA,chiaki wrote:
>>> Tanstaafl wrote:
>>>> On 6/2/2016 11:19 PM, ISHIKAWA,chiaki <[hidden email]> wrote:
>>>>> Yeah, filing the bug for 500+ issues manually overwhelms me :-)
>>>>
>>>> I would be willing to help with this, that is why I asked for a link to
>>>> these bugs...
>>>
>>> Great to hear there are more people willing to take a look.
>>>
>>> The following is a link to the web site, but I think there is a
>>> registration process.
>>>
>>> https://scan.coverity.com/projects/thunderbird
>>>
>>> In my case, I read a blog post about it (Hmm, I wonder why I can't find
>>> it now.), and left a comment and got added to the above project.
>>> I have asked Andi who let me into the project to see what we should do.
>>> (Simply pushing the addme button or asking someone to accept the new
>>> member by private e-mail, etc.)
>>>
>>> Stay tuned and I am happy to see more eyeballs looking over the list (!)
>>>
>>> CI
>>
>> I sent an invitation to tanstaffl's address using
>> https://scan.coverity.com/projects/thunderbird?tab=invite
>>
>> Note, you can choose to authenticate using github
>>
>
>
> I didn't know there is an invite button.
>
> If someone becomes interested in this Thunderbird Coverity project, I think
> I can send an invite just as Wayne did
> or, according an e-mail I received from the parties who invited me to join
> in the first place,
> you can simply push [ADDME] button in
>
> https://scan.coverity.com/projects/thunderbird
> (I don't see the addme button any more because once I log in the project it
> is not shown for obvious reasons?)
>
> and explain in the comment field that you get to know this project from my
> post and got interested:
> the comment field that appears during the registration process, that is, the
> rectangle in the lower-right corner seems to be the comment area.
> The little explanation can help the responsible party to grant the access
> with confidence. I hope no one abuses his/her access to the database.
>
> BTW, I have marked most of the "High Impact Outstanding" issues for mail
> (imap, mime, compose) portion* either as pending or bug: not that many maybe
> a few dozens.
> I have no idea what metrics Coverity uses to figure out the most "High
> Impact Outstanding" issues from the
> 552 issues.

"High Impact Outstanding" is not determined by metrics, but rather is
determined by the *type* of issue. i.e.
Resource leak
Memory - illegal access
Uninitialized variable
Memory - corruption
Various (some catch all category)


> Pending cases seem to be a bug also, but I am not sure how to handle it:
> some of them are so subtle and I am not entirely sure how to handle the
> cases (can we call some features?)
> It is a surprise that some bugs/features have lived so long in the code (!).
>
> Anyway, I have just started. I will start filing the bugzilla entries for
> the newly marked ones (mostly resource leaks and uninitialized variable
> usage. Even though that the particular situation can get away without
> initialization it is not obvious from reading the code alone. We should add
> more comment or properly initialize the variable for *maintenability* alone.
> Coverity is a friend in this sense to make the code more maintenable!)
>
> Based on the comments I received here,
> I have not touched ldap portion yet although there seems to be glaring
> memory access issue. As a matter of fact, about half the 80+ "High Impact
> Outstanding" issues are from "ldap" subdirectory.
> Once I clear maybe a couple of dozen bugs in mail code, I may report a few
> ldap bugs again. This is because some bugzilla entries I found by searching
> for "ldap" keywords seem to be caused by some memory access issues found by
> Coverity.
>
> I hope we can make TB a more stable and reliable multi-platform mail client
> by fixing these issues which Coverity found.
> (I have been looking for a rock-solid mail client (tm) and any help from
> humans and machines will be welcome!)
>
>
> TIA

Thanks for doing this. And I hope more like Charles step forward to help.
_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

ISHIKAWA,chiaki
In reply to this post by Stefan Sitter-2
Stefan Sitter wrote:

> On 03.06.2016 12:40, ishikawa wrote:
>> Oh, in this sense, there is a meta bug for issues found by Coverity.
>>
>> That is Bug 1230156 - (coverity-analysis) [meta] Coverity Static
>> Analysis fixes
>>
>> (This includes the issues in M-C portion of the tree as well.) If we
>> want to have a subset that is specific only to C-C TB tree, I think
>> we can create one and I will block that meta bug when I file bugzilla
>> entries based on TB issues bound by Coverity.)
>
> There is dedicated keyword for coverity:
> <https://bugzilla.mozilla.org/describekeywords.cgi#coverity>
>
> If you set it on the filed bugs they will be easier to find
> <https://bugzilla.mozilla.org/buglist.cgi?keywords=coverity&resolution=--->
>
> /Stefan

Yes,  I will set the keyword for future entries.

I am struggling to find a semi-automated way to file a bugzilla from
Coverity database so that I only have to pay attention to the
description part (and leaving the filling of keywarod "CID ddddd"
coverity ID, etc. to automated program.)
Does anyone have an idea how I can achieve it in a shortest time?



_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

Wayne Mery
In reply to this post by Stefan Sitter-2
On 6/7/2016 11:15 AM, ISHIKAWA,chiaki wrote:

> Stefan Sitter wrote:
>> On 03.06.2016 12:40, ishikawa wrote:
>>> Oh, in this sense, there is a meta bug for issues found by Coverity.
>>>
>>> That is Bug 1230156 - (coverity-analysis) [meta] Coverity Static
>>> Analysis fixes
>>>
>>> (This includes the issues in M-C portion of the tree as well.) If we
>>> want to have a subset that is specific only to C-C TB tree, I think
>>> we can create one and I will block that meta bug when I file bugzilla
>>> entries based on TB issues bound by Coverity.)
>>
>> There is dedicated keyword for coverity:
>> <https://bugzilla.mozilla.org/describekeywords.cgi#coverity>
>>
>> If you set it on the filed bugs they will be easier to find
>> <https://bugzilla.mozilla.org/buglist.cgi?keywords=coverity&resolution=--->
>>
>>
>> /Stefan
>
> Yes,  I will set the keyword for future entries.
>
> I am struggling to find a semi-automated way to file a bugzilla from
> Coverity database so that I only have to pay attention to the
> description part (and leaving the filling of keywarod "CID ddddd"
> coverity ID, etc. to automated program.)
> Does anyone have an idea how I can achieve it in a shortest time?

I'll post a shortcut later today

_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

Wayne Mery
In reply to this post by Stefan Sitter-2
On 6/7/2016 11:15 AM, ISHIKAWA,chiaki wrote:

> Stefan Sitter wrote:
>> On 03.06.2016 12:40, ishikawa wrote:
>>> Oh, in this sense, there is a meta bug for issues found by Coverity.
>>>
>>> That is Bug 1230156 - (coverity-analysis) [meta] Coverity Static
>>> Analysis fixes
>>>
>>> (This includes the issues in M-C portion of the tree as well.) If we
>>> want to have a subset that is specific only to C-C TB tree, I think
>>> we can create one and I will block that meta bug when I file bugzilla
>>> entries based on TB issues bound by Coverity.)
>>
>> There is dedicated keyword for coverity:
>> <https://bugzilla.mozilla.org/describekeywords.cgi#coverity>
>>
>> If you set it on the filed bugs they will be easier to find
>> <https://bugzilla.mozilla.org/buglist.cgi?keywords=coverity&resolution=--->
>>
>>
>> /Stefan
>
> Yes,  I will set the keyword for future entries.
>
> I am struggling to find a semi-automated way to file a bugzilla from
> Coverity database so that I only have to pay attention to the
> description part (and leaving the filling of keywarod "CID ddddd"
> coverity ID, etc. to automated program.)
> Does anyone have an idea how I can achieve it in a shortest time?

Create a bookmark of the URL below. In bookmarks assign a keyword to the
URL like "coveritybug", then in firefox url bar type the keyword and the
coverity number, like
   coveritybug 450412

You'll need to fill in the bug summary and description. Before you save
the bug report, please change to the proper code component (like
database, or networking: imap) for the coverity failure

<a href="https://bugzilla.mozilla.org/enter_bug.cgi?product=Mailnews%20Core&component=Backend&short_desc=(coverity)&blocked=1230156&version=Trunk&comment=Coverity%20found%20this:%0A%0A&keywords=coverity&status_whiteboard=CID%20%s&bug_file_loc=https://scan5.coverity.com/reports.htm%23v%s/p10193">https://bugzilla.mozilla.org/enter_bug.cgi?product=Mailnews%20Core&component=Backend&short_desc=(coverity)&blocked=1230156&version=Trunk&comment=Coverity%20found%20this:%0A%0A&keywords=coverity&status_whiteboard=CID%20%s&bug_file_loc=https://scan5.coverity.com/reports.htm%23v%s/p10193

_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?

ISHIKAWA,chiaki
On 2016年06月08日 05:19, Wayne wrote:

> On 6/7/2016 11:15 AM, ISHIKAWA,chiaki wrote:
>> Stefan Sitter wrote:
>>> On 03.06.2016 12:40, ishikawa wrote:
>>>> Oh, in this sense, there is a meta bug for issues found by Coverity.
>>>>
>>>> That is Bug 1230156 - (coverity-analysis) [meta] Coverity Static
>>>> Analysis fixes
>>>>
>>>> (This includes the issues in M-C portion of the tree as well.) If we
>>>> want to have a subset that is specific only to C-C TB tree, I think
>>>> we can create one and I will block that meta bug when I file bugzilla
>>>> entries based on TB issues bound by Coverity.)
>>>
>>> There is dedicated keyword for coverity:
>>> <https://bugzilla.mozilla.org/describekeywords.cgi#coverity>
>>>
>>> If you set it on the filed bugs they will be easier to find
>>> <https://bugzilla.mozilla.org/buglist.cgi?keywords=coverity&resolution=--->
>>>
>>>
>>> /Stefan
>>
>> Yes,  I will set the keyword for future entries.
>>
>> I am struggling to find a semi-automated way to file a bugzilla from
>> Coverity database so that I only have to pay attention to the
>> description part (and leaving the filling of keywarod "CID ddddd"
>> coverity ID, etc. to automated program.)
>> Does anyone have an idea how I can achieve it in a shortest time?
>
> Create a bookmark of the URL below. In bookmarks assign a keyword to the URL
> like "coveritybug", then in firefox url bar type the keyword and the
> coverity number, like
>   coveritybug 450412
>
> You'll need to fill in the bug summary and description. Before you save the
> bug report, please change to the proper code component (like database, or
> networking: imap) for the coverity failure
>
> <a href="https://bugzilla.mozilla.org/enter_bug.cgi?product=Mailnews%20Core&component=Backend&short_desc=(coverity)&blocked=1230156&version=Trunk&comment=Coverity%20found%20this:%0A%0A&keywords=coverity&status_whiteboard=CID%20%s&bug_file_loc=https://scan5.coverity.com/reports.htm%23v%s/p10193">https://bugzilla.mozilla.org/enter_bug.cgi?product=Mailnews%20Core&component=Backend&short_desc=(coverity)&blocked=1230156&version=Trunk&comment=Coverity%20found%20this:%0A%0A&keywords=coverity&status_whiteboard=CID%20%s&bug_file_loc=https://scan5.coverity.com/reports.htm%23v%s/p10193
>
>

Thank you. Will do.

CI
_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Coverity scripted bug reporting [was Re: Bug 1277609 - (Coverity) nsBayesianFilter.cpp: else if (IS_JA_TOUTEN(c)) is never executed !?]

Wayne Mery
In reply to this post by Wayne Mery
On 6/7/2016 4:19 PM, Wayne wrote:

> On 6/7/2016 11:15 AM, ISHIKAWA,chiaki wrote:
>> Stefan Sitter wrote:
>>> On 03.06.2016 12:40, ishikawa wrote:
>>>> Oh, in this sense, there is a meta bug for issues found by Coverity.
>>>>
>>>> That is Bug 1230156 - (coverity-analysis) [meta] Coverity Static
>>>> Analysis fixes
>>>>
>>>> (This includes the issues in M-C portion of the tree as well.) If we
>>>> want to have a subset that is specific only to C-C TB tree, I think
>>>> we can create one and I will block that meta bug when I file bugzilla
>>>> entries based on TB issues bound by Coverity.)
>>>
>>> There is dedicated keyword for coverity:
>>> <https://bugzilla.mozilla.org/describekeywords.cgi#coverity>
>>>
>>> If you set it on the filed bugs they will be easier to find
>>> <https://bugzilla.mozilla.org/buglist.cgi?keywords=coverity&resolution=--->
>>>
>>>
>>>
>>> /Stefan
>>
>> Yes,  I will set the keyword for future entries.
>>
>> I am struggling to find a semi-automated way to file a bugzilla from
>> Coverity database so that I only have to pay attention to the
>> description part (and leaving the filling of keywarod "CID ddddd"
>> coverity ID, etc. to automated program.)
>> Does anyone have an idea how I can achieve it in a shortest time?
>
> Create a bookmark of the URL below. In bookmarks assign a keyword to the
> URL like "coveritybug", then in firefox url bar type the keyword and the
> coverity number, like
>   coveritybug 450412
>
> You'll need to fill in the bug summary and description. Before you save
> the bug report, please change to the proper code component (like
> database, or networking: imap) for the coverity failure
>
> <a href="https://bugzilla.mozilla.org/enter_bug.cgi?product=Mailnews%20Core&component=Backend&short_desc=(coverity)&blocked=1230156&version=Trunk&comment=Coverity%20found%20this:%0A%0A&keywords=coverity&status_whiteboard=CID%20%s&bug_file_loc=https://scan5.coverity.com/reports.htm%23v%s/p10193">https://bugzilla.mozilla.org/enter_bug.cgi?product=Mailnews%20Core&component=Backend&short_desc=(coverity)&blocked=1230156&version=Trunk&comment=Coverity%20found%20this:%0A%0A&keywords=coverity&status_whiteboard=CID%20%s&bug_file_loc=https://scan5.coverity.com/reports.htm%23v%s/p10193

Chiaki asked (I think in a bug report) whether a script or tool exists
to file a bugzilla report from a coverity report - that that does more
than the browser keyword method I posted above.

I couldn't find anything from a some digging, including nothing at
https://developer.mozilla.org/en-US/docs/Debugging/Coverity

cc: Nick, Andi-Bogdan and Sylvestre who have made edits on
https://developer.mozilla.org/en-US/docs/Debugging/Coverity and might
know more.
_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

coverity thunderbird report

ISHIKAWA,chiaki
In reply to this post by ISHIKAWA,chiaki
Hi,

I am planning to submit Coverity's High Impact Standing issues to
bugzilla. (And I have been doing it for about a week now.)

Below is the correspondence of bugzilla entry and coverity defect
issue so far.  I sorted the coverity issues according to the module's
name in descending order so that mail* modules get listed first and
ldap and calendar modules listed later.

Already a few have been taken care of in bugzilla.

The progress/estimate time of completion.

If I file two bugzilla entries a day on weekdays, it will be four
weeks until all the high impact standing issues are filed.  If there
are others who can help this effort, it will finish sooner:
hint, hint :-)

There are bugs that were noticed in 2006 and not worked on so far.

I started at random, but I think I am going down the list below now
from top to bottom.
If someone can start to file bugzilla entries starting from the
bottom, that will be great.

Correspondence of bugzilla  entry # and coverity id #.

* --- fixed
+ --- review granted

bugzilla| coverity
--------+---------------
*1278954 | 1137542
+1278948 | 1137494
*1279247 | 1137493
  1279249 | 1137490  filed patch on the night of June 14

  1279538 | 1137489  <--- same bugzilla as below
          | 1137488  <--- same bugzilla as above

  1279542 | 1137487
  1279931 | 1137478
          | 1137352  ??? tough nut to crack
  1279934 |  749500
  1280056 |  450614
  1280066 |  450579
  1280273 |  450347
  1280277 |  450203
  1280492 | 1137543
  1280493 | 1137485
  1280495 | 1137546
  1280662 | 1137545
  1280664 | 1137544
          | 1137538
          | 1137537
          | 1137536
          | 1137535
          | 1137491
          |  451007
          |  450529
          |  450452
          |  450417
          |  450306
          | 1361771
          | 1137539
          | 1137473
          | 1137472
          | 1137471
          | 1137353 ??? tough nut to crack
          |  450503
          | 1137476
          | 1137475
          |  450277
          | 1361770
          | 1361768
          | 1260150
*1279560 | 1137669 patch submitted Jun 13 night.
          | 1137477
          | 1137470
  1278491 | 1137469
  1278494 |  450412

After finishing the initial list, I think I will move on to the
remaining Outstanding Defects.  There are probably about 250 or such
defects. (I have not counted, just a rough estimate.)

It is really interesting to look at some defects uncovered by
Coverity.  The defects are full of "thou shalt not code an
algorithm/routine/whatever thusly" sort of examples.  C's signed vs
unsign data types also caused lots of grief in the code, it seems.

So far, the lack of adequate comment hampers my understanding of the
code near where defect is found by Coverity. I am clueless to figure
out what the proper course of action to fix reported issue very often.
(But use of uninitialized variables must be dealt with one way or the
other. We don't want random behavior. It looks IMAP code seems to return
random value in error paths.)

BTW, I am doing this for a very selfish reason.
I want a rock solid mail client (tm) for my line of work (!) :-)

My office workflow relies on e-mails and I use thunderbird under both
Windows and linux.
At peak time, about 1000 e-mails with large attachments (mostly PDF,
PPT, etc. with the size of a few MB range) for proofreading work of a
conference/exhibition reach my mailbox in ONE month.
This volume of e-mails at peak time exercises TB very much and has
resulted in my discovery of bugs/issues of TB before.
(mails in a folder lost due to the inadequate check of file system
overflow during compaction. Saving an attachment to a write-protected
folder silently failed. 1GB, 2GB folder size limit in the past and the
failure of pop3 code to observe the size limit and try to download the
e-mail that would fail anyway, etc.)

Thus, any defects removed from TB are definite wins for me.

I chose TB over other mail clients.  TB seemed to be the only
multi-platform client with enough user base and good support back
then. Well, at least, source file was accessible.

If my fixing the defects of TB source code uncovered by Coverity helps
us to improve the stability of TB in the long run, I think that is
great. That the improved code is shared by everybody else is a win for
this open source software. (Not exactly GNU, but it comes close in
practice in the case of TB, I think.).

BTW, I think we should thank the company that produces Coverity that
it has made the tool available for mozilla software.  (Yeah, it is a
good marketing ploy, but it *IS* useful to make TB and FF more
reliable. Coverity's false positive rate has decreased very much over
the last 10 years. I can tell you that!)

Of course, I will appreciate if others can chip in, but given the TB's
community-assisted status, it may be a long time before all the
Coverity-found defects are eliminated.  Until that time, I will file
bugzilla entries one by one and try to produce patches as well if I
can think of them. Everybody is welcome to chip with the patch once
the bugzilla is filed, of course.

In the meantime, I hope I can get the patch set for "buffering without
excessive # of seeks" accepted on another front. That will be a
performance win (!) (not fixing any logical flaw except for
eliminating the unnecessary calls to Seek()).

Happy Hacking (in the old-fashioned good sense of the phrase)

CI

_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird