Re: [Qemu-devel] Can we make better use of Coverity?

[Paolo Bonzini]

On 21/01/2015 15:57, Markus Armbruster wrote:
>> QEMU is also using a GLib model on Coverity Scan, as well as a
>> QEMU-specific model, which suggests one of the following:
> 
> What do you mean by "a GLib model"?  scripts/coverity-model.c?

Yes.  It models g_malloc0 in a way that avoids a lot of false positives,
but still is able to flag leaks.

>> 2) you are not weeding out false positives.
> 
> Guilty as charged.  The proper place to do that is the Scan service,
> where all of us can profit.

Yup.  So the numbers are off by a couple hundred or so, assuming 20%
false positive rate.

>> Between the model, the triaging, and the fixing efforts, our defect rate
>> has gone down from 0.88 to 0.24 in a year, which I think is pretty good.
>>  (We could probably it down to 0.15, it's hard to go below that).
> 
> As I said: "We've put in some effort, and we've gotten some mileage out
> of it, but I feel we could get more."

Definitely.  But we've gotten much more than "some mileage" IMO.

>>> Some of the new defects are avoidable.  For instance, we've added 16
>>> MISSING_BREAK.  Probably just missing /* fall through */, but we can't
>>> be sure without examining each case.  Patch review fail.
>>
>> Or just that we do not care.  Missing /* fall through */ should either
>> be flagged by the compiler,
> 
> Unfortunately, gcc doesn't.  Relying on tools for this is fine, but
> requires actual use of said tools.  Which this thread is about :)

Sure.  But even then, MISSING_BREAK is not the #1 reason to have
Coverity around. :)

Paolo