[PATCH v5] coverity: Store the modelling file in the source tree.

[PATCH v5] coverity: Store the modelling file in the source tree.

[Andrew Cooper]

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Keir Fraser <keir@xen.org>
CC: Jan Beulich <JBeulich@suse.com>
CC: Tim Deegan <tim@xen.org>
CC: Ian Campbell <Ian.Campbell@citrix.com>
CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
CC: George Dunlap <george.dunlap@eu.citrix.com>

---

George:
  This is just documentation, and it would be nice to include it as part of
  the 4.4 release.
---
 misc/coverity_model.c |   98 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 98 insertions(+)
 create mode 100644 misc/coverity_model.c

diff --git a/misc/coverity_model.c b/misc/coverity_model.c
new file mode 100644
index 0000000..418d25e
--- /dev/null
+++ b/misc/coverity_model.c
@@ -0,0 +1,98 @@
+/* Coverity Scan model
+ *
+ * This is a modelling file for Coverity Scan. Modelling helps to avoid false
+ * positives.
+ *
+ * - A model file can't import any header files.
+ * - Therefore only some built-in primitives like int, char and void are
+ *   available but not NULL etc.
+ * - Mode-ling doesn't need full structs and typedefs. Rudimentary structs
+ *   and similar types are sufficient.
+ * - An uninitialized local pointer is not an error. It signifies that the
+ *   variable could be either NULL or have some data.
+ *
+ * Coverity Scan doesn't pick up modifications automatically. The model file
+ * must be uploaded by an admin in the analysis.
+ *
+ * Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+ * 2011, 2012, 2013 Python Software Foundation; All Rights Reserved
+ *
+ * The Xen Coverity Scan modelling file used the cpython modelling file as a
+ * reference to get started (suggested by Coverty Scan themselves as a good
+ * example), but all content is Xen specific.
+ */
+
+/*
+ * Useful references:
+ *   https://scan.coverity.com/models
+ */
+
+/* Definitions */
+#define NULL (void *)0
+#define PAGE_SIZE 4096UL
+#define PAGE_MASK (~(PAGE_SIZE-1))
+
+#define assert(cond) /* empty */
+
+struct page_info {};
+
+/*
+ * Xen malloc.  Behaves exactly like regular malloc(), except it also contains
+ * an alignment parameter.
+ *
+ * TODO: work out how to correctly model bad alignments as errors.
+ */
+void *_xmalloc(unsigned long size, unsigned long align)
+{
+    int has_memory;
+
+    __coverity_negative_sink__(size);
+    __coverity_negative_sink__(align);
+
+    if ( has_memory )
+        return __coverity_alloc__(size);
+    else
+        return NULL;
+}
+
+/*
+ * Xen free.  Frees a pointer allocated by _xmalloc().
+ */
+void xfree(void *va)
+{
+    __coverity_free__(va);
+}
+
+
+/*
+ * map_domain_page() takes an existing domain page and possibly maps it into
+ * the Xen pagetables, to allow for direct access.  Model this as a memory
+ * allocation of exactly 1 page.
+ *
+ * map_domain_page() never fails. (It will BUG() before returning NULL)
+ *
+ * TODO: work out how to correctly model the behaviour that this function will
+ * only ever return page aligned pointers.
+ */
+void *map_domain_page(unsigned long mfn)
+{
+    return __coverity_alloc__(PAGE_SIZE);
+}
+
+/*
+ * unmap_domain_page() will unmap a page.  Model it as a free().
+ */
+void unmap_domain_page(const void *va)
+{
+    __coverity_free__(va);
+}
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
-- 
1.7.10.4

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[Ian Jackson]

Andrew Cooper writes ("[Xen-devel] [PATCH v5] coverity: Store the modelling file in the source tree."):
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> CC: Keir Fraser <keir@xen.org>
> CC: Jan Beulich <JBeulich@suse.com>
> CC: Tim Deegan <tim@xen.org>
> CC: Ian Campbell <Ian.Campbell@citrix.com>
> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
> CC: George Dunlap <george.dunlap@eu.citrix.com>

This is fine as far as it goes.  But surely we should also include
some build instructions.

Ian.

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[Andrew Cooper]

On 23/01/14 14:55, Ian Jackson wrote:
> Andrew Cooper writes ("[Xen-devel] [PATCH v5] coverity: Store the modelling file in the source tree."):
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
>> CC: Keir Fraser <keir@xen.org>
>> CC: Jan Beulich <JBeulich@suse.com>
>> CC: Tim Deegan <tim@xen.org>
>> CC: Ian Campbell <Ian.Campbell@citrix.com>
>> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
>> CC: George Dunlap <george.dunlap@eu.citrix.com>
> This is fine as far as it goes.  But surely we should also include
> some build instructions.
>
> Ian.

There arn't really build instruction.  The way to use it with coverity
scan is for one of the coverity scan admins to click the "Upload a new
modelling file" button.  Any scan initiated will use the latest
modelling file.

~Andrew

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[George Dunlap]

On 01/23/2014 02:28 PM, Andrew Cooper wrote:
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> CC: Keir Fraser <keir@xen.org>
> CC: Jan Beulich <JBeulich@suse.com>
> CC: Tim Deegan <tim@xen.org>
> CC: Ian Campbell <Ian.Campbell@citrix.com>
> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
> CC: George Dunlap <george.dunlap@eu.citrix.com>
>
> ---
>
> George:
>    This is just documentation, and it would be nice to include it as part of
>    the 4.4 release.
> ---
>   misc/coverity_model.c |   98 +++++++++++++++++++++++++++++++++++++++++++++++++
>   1 file changed, 98 insertions(+)
>   create mode 100644 misc/coverity_model.c
>
> diff --git a/misc/coverity_model.c b/misc/coverity_model.c
> new file mode 100644
> index 0000000..418d25e
> --- /dev/null
> +++ b/misc/coverity_model.c
> @@ -0,0 +1,98 @@
> +/* Coverity Scan model
> + *
> + * This is a modelling file for Coverity Scan. Modelling helps to avoid false
> + * positives.
> + *
> + * - A model file can't import any header files.
> + * - Therefore only some built-in primitives like int, char and void are
> + *   available but not NULL etc.
> + * - Mode-ling doesn't need full structs and typedefs. Rudimentary structs
> + *   and similar types are sufficient.
> + * - An uninitialized local pointer is not an error. It signifies that the
> + *   variable could be either NULL or have some data.
> + *
> + * Coverity Scan doesn't pick up modifications automatically. The model file
> + * must be uploaded by an admin in the analysis.

So this file isn't compiled; it's manually uploaded as part of the 
coverity scanning process; and could be provided out-of-band, but it's 
just convenient to put it in the tree, particularly if any of these 
things should change as things go forward.  (Hence comparing it to 
documentation.)  Is that right?

  -George

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[Andrew Cooper]

On 23/01/14 15:13, George Dunlap wrote:
> On 01/23/2014 02:28 PM, Andrew Cooper wrote:
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
>> CC: Keir Fraser <keir@xen.org>
>> CC: Jan Beulich <JBeulich@suse.com>
>> CC: Tim Deegan <tim@xen.org>
>> CC: Ian Campbell <Ian.Campbell@citrix.com>
>> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
>> CC: George Dunlap <george.dunlap@eu.citrix.com>
>>
>> ---
>>
>> George:
>>    This is just documentation, and it would be nice to include it as
>> part of
>>    the 4.4 release.
>> ---
>>   misc/coverity_model.c |   98
>> +++++++++++++++++++++++++++++++++++++++++++++++++
>>   1 file changed, 98 insertions(+)
>>   create mode 100644 misc/coverity_model.c
>>
>> diff --git a/misc/coverity_model.c b/misc/coverity_model.c
>> new file mode 100644
>> index 0000000..418d25e
>> --- /dev/null
>> +++ b/misc/coverity_model.c
>> @@ -0,0 +1,98 @@
>> +/* Coverity Scan model
>> + *
>> + * This is a modelling file for Coverity Scan. Modelling helps to
>> avoid false
>> + * positives.
>> + *
>> + * - A model file can't import any header files.
>> + * - Therefore only some built-in primitives like int, char and void
>> are
>> + *   available but not NULL etc.
>> + * - Mode-ling doesn't need full structs and typedefs. Rudimentary
>> structs
>> + *   and similar types are sufficient.
>> + * - An uninitialized local pointer is not an error. It signifies
>> that the
>> + *   variable could be either NULL or have some data.
>> + *
>> + * Coverity Scan doesn't pick up modifications automatically. The
>> model file
>> + * must be uploaded by an admin in the analysis.
>
> So this file isn't compiled; it's manually uploaded as part of the
> coverity scanning process; and could be provided out-of-band, but it's
> just convenient to put it in the tree, particularly if any of these
> things should change as things go forward.  (Hence comparing it to
> documentation.)  Is that right?
>
>  -George
>

Correct.  I believe internally Coverity compiles it (at least to an
AST), but that is completely opaque to users of Scan.

~Andrew

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[George Dunlap]

On 01/23/2014 03:19 PM, Andrew Cooper wrote:
> On 23/01/14 15:13, George Dunlap wrote:
>> On 01/23/2014 02:28 PM, Andrew Cooper wrote:
>>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
>>> CC: Keir Fraser <keir@xen.org>
>>> CC: Jan Beulich <JBeulich@suse.com>
>>> CC: Tim Deegan <tim@xen.org>
>>> CC: Ian Campbell <Ian.Campbell@citrix.com>
>>> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
>>> CC: George Dunlap <george.dunlap@eu.citrix.com>
>>>
>>> ---
>>>
>>> George:
>>>     This is just documentation, and it would be nice to include it as
>>> part of
>>>     the 4.4 release.
>>> ---
>>>    misc/coverity_model.c |   98
>>> +++++++++++++++++++++++++++++++++++++++++++++++++
>>>    1 file changed, 98 insertions(+)
>>>    create mode 100644 misc/coverity_model.c
>>>
>>> diff --git a/misc/coverity_model.c b/misc/coverity_model.c
>>> new file mode 100644
>>> index 0000000..418d25e
>>> --- /dev/null
>>> +++ b/misc/coverity_model.c
>>> @@ -0,0 +1,98 @@
>>> +/* Coverity Scan model
>>> + *
>>> + * This is a modelling file for Coverity Scan. Modelling helps to
>>> avoid false
>>> + * positives.
>>> + *
>>> + * - A model file can't import any header files.
>>> + * - Therefore only some built-in primitives like int, char and void
>>> are
>>> + *   available but not NULL etc.
>>> + * - Mode-ling doesn't need full structs and typedefs. Rudimentary
>>> structs
>>> + *   and similar types are sufficient.
>>> + * - An uninitialized local pointer is not an error. It signifies
>>> that the
>>> + *   variable could be either NULL or have some data.
>>> + *
>>> + * Coverity Scan doesn't pick up modifications automatically. The
>>> model file
>>> + * must be uploaded by an admin in the analysis.
>> So this file isn't compiled; it's manually uploaded as part of the
>> coverity scanning process; and could be provided out-of-band, but it's
>> just convenient to put it in the tree, particularly if any of these
>> things should change as things go forward.  (Hence comparing it to
>> documentation.)  Is that right?
>>
>>   -George
>>
> Correct.  I believe internally Coverity compiles it (at least to an
> AST), but that is completely opaque to users of Scan.

Right; I have a hard time coming up with a compelling reason to wait for 
this one.

Release-acked-by: George Dunlap <george.dunlap@eu.citrix.com>

The name of the file might be a bit confusing though, if people think it 
is supposed to be compliled... would it make sense maybe to call it 
".txt", and include some instructions at the top with a line that says 
"---- cut here 8< ---" or something?

  -George

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[Andrew Cooper]

On 24/01/14 16:52, George Dunlap wrote:
> On 01/23/2014 03:19 PM, Andrew Cooper wrote:
>> On 23/01/14 15:13, George Dunlap wrote:
>>> On 01/23/2014 02:28 PM, Andrew Cooper wrote:
>>>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
>>>> CC: Keir Fraser <keir@xen.org>
>>>> CC: Jan Beulich <JBeulich@suse.com>
>>>> CC: Tim Deegan <tim@xen.org>
>>>> CC: Ian Campbell <Ian.Campbell@citrix.com>
>>>> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
>>>> CC: George Dunlap <george.dunlap@eu.citrix.com>
>>>>
>>>> ---
>>>>
>>>> George:
>>>>     This is just documentation, and it would be nice to include it as
>>>> part of
>>>>     the 4.4 release.
>>>> ---
>>>>    misc/coverity_model.c |   98
>>>> +++++++++++++++++++++++++++++++++++++++++++++++++
>>>>    1 file changed, 98 insertions(+)
>>>>    create mode 100644 misc/coverity_model.c
>>>>
>>>> diff --git a/misc/coverity_model.c b/misc/coverity_model.c
>>>> new file mode 100644
>>>> index 0000000..418d25e
>>>> --- /dev/null
>>>> +++ b/misc/coverity_model.c
>>>> @@ -0,0 +1,98 @@
>>>> +/* Coverity Scan model
>>>> + *
>>>> + * This is a modelling file for Coverity Scan. Modelling helps to
>>>> avoid false
>>>> + * positives.
>>>> + *
>>>> + * - A model file can't import any header files.
>>>> + * - Therefore only some built-in primitives like int, char and void
>>>> are
>>>> + *   available but not NULL etc.
>>>> + * - Mode-ling doesn't need full structs and typedefs. Rudimentary
>>>> structs
>>>> + *   and similar types are sufficient.
>>>> + * - An uninitialized local pointer is not an error. It signifies
>>>> that the
>>>> + *   variable could be either NULL or have some data.
>>>> + *
>>>> + * Coverity Scan doesn't pick up modifications automatically. The
>>>> model file
>>>> + * must be uploaded by an admin in the analysis.
>>> So this file isn't compiled; it's manually uploaded as part of the
>>> coverity scanning process; and could be provided out-of-band, but it's
>>> just convenient to put it in the tree, particularly if any of these
>>> things should change as things go forward.  (Hence comparing it to
>>> documentation.)  Is that right?
>>>
>>>   -George
>>>
>> Correct.  I believe internally Coverity compiles it (at least to an
>> AST), but that is completely opaque to users of Scan.
>
> Right; I have a hard time coming up with a compelling reason to wait
> for this one.
>
> Release-acked-by: George Dunlap <george.dunlap@eu.citrix.com>
>
> The name of the file might be a bit confusing though, if people think
> it is supposed to be compliled... would it make sense maybe to call it
> ".txt", and include some instructions at the top with a line that says
> "---- cut here 8< ---" or something?
>
>  -George

Not really - Coverity uses the file extension to work out how to
interpret the modelling file.  ".c" is correct here, and will cause
smart text editors to apply proper syntax highlighting.

Alternates are .cpp and .java, depending on the primary language of the
project.

~Andrew

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[George Dunlap]

On 01/24/2014 04:57 PM, Andrew Cooper wrote:
> On 24/01/14 16:52, George Dunlap wrote:
>> On 01/23/2014 03:19 PM, Andrew Cooper wrote:
>>> On 23/01/14 15:13, George Dunlap wrote:
>>>> On 01/23/2014 02:28 PM, Andrew Cooper wrote:
>>>>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
>>>>> CC: Keir Fraser <keir@xen.org>
>>>>> CC: Jan Beulich <JBeulich@suse.com>
>>>>> CC: Tim Deegan <tim@xen.org>
>>>>> CC: Ian Campbell <Ian.Campbell@citrix.com>
>>>>> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
>>>>> CC: George Dunlap <george.dunlap@eu.citrix.com>
>>>>>
>>>>> ---
>>>>>
>>>>> George:
>>>>>      This is just documentation, and it would be nice to include it as
>>>>> part of
>>>>>      the 4.4 release.
>>>>> ---
>>>>>     misc/coverity_model.c |   98
>>>>> +++++++++++++++++++++++++++++++++++++++++++++++++
>>>>>     1 file changed, 98 insertions(+)
>>>>>     create mode 100644 misc/coverity_model.c
>>>>>
>>>>> diff --git a/misc/coverity_model.c b/misc/coverity_model.c
>>>>> new file mode 100644
>>>>> index 0000000..418d25e
>>>>> --- /dev/null
>>>>> +++ b/misc/coverity_model.c
>>>>> @@ -0,0 +1,98 @@
>>>>> +/* Coverity Scan model
>>>>> + *
>>>>> + * This is a modelling file for Coverity Scan. Modelling helps to
>>>>> avoid false
>>>>> + * positives.
>>>>> + *
>>>>> + * - A model file can't import any header files.
>>>>> + * - Therefore only some built-in primitives like int, char and void
>>>>> are
>>>>> + *   available but not NULL etc.
>>>>> + * - Mode-ling doesn't need full structs and typedefs. Rudimentary
>>>>> structs
>>>>> + *   and similar types are sufficient.
>>>>> + * - An uninitialized local pointer is not an error. It signifies
>>>>> that the
>>>>> + *   variable could be either NULL or have some data.
>>>>> + *
>>>>> + * Coverity Scan doesn't pick up modifications automatically. The
>>>>> model file
>>>>> + * must be uploaded by an admin in the analysis.
>>>> So this file isn't compiled; it's manually uploaded as part of the
>>>> coverity scanning process; and could be provided out-of-band, but it's
>>>> just convenient to put it in the tree, particularly if any of these
>>>> things should change as things go forward.  (Hence comparing it to
>>>> documentation.)  Is that right?
>>>>
>>>>    -George
>>>>
>>> Correct.  I believe internally Coverity compiles it (at least to an
>>> AST), but that is completely opaque to users of Scan.
>> Right; I have a hard time coming up with a compelling reason to wait
>> for this one.
>>
>> Release-acked-by: George Dunlap <george.dunlap@eu.citrix.com>
>>
>> The name of the file might be a bit confusing though, if people think
>> it is supposed to be compliled... would it make sense maybe to call it
>> ".txt", and include some instructions at the top with a line that says
>> "---- cut here 8< ---" or something?
>>
>>   -George
> Not really - Coverity uses the file extension to work out how to
> interpret the modelling file.  ".c" is correct here, and will cause
> smart text editors to apply proper syntax highlighting.
>
> Alternates are .cpp and .java, depending on the primary language of the
> project.

Yes, I assumed that *coverity* needs it to be a .c.  But it doesn't need 
to be a .c file in the xen tree -- the instructions could say, "Place 
the text below into a file named coverity_model.c".

  -George

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[Ian Campbell]

On Fri, 2014-01-24 at 16:59 +0000, George Dunlap wrote:
> On 01/24/2014 04:57 PM, Andrew Cooper wrote:
> > On 24/01/14 16:52, George Dunlap wrote:
> >> On 01/23/2014 03:19 PM, Andrew Cooper wrote:
> >>> On 23/01/14 15:13, George Dunlap wrote:
> >>>> On 01/23/2014 02:28 PM, Andrew Cooper wrote:
> >>>>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> >>>>> CC: Keir Fraser <keir@xen.org>
> >>>>> CC: Jan Beulich <JBeulich@suse.com>
> >>>>> CC: Tim Deegan <tim@xen.org>
> >>>>> CC: Ian Campbell <Ian.Campbell@citrix.com>
> >>>>> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
> >>>>> CC: George Dunlap <george.dunlap@eu.citrix.com>
> >>>>>
> >>>>> ---
> >>>>>
> >>>>> George:
> >>>>>      This is just documentation, and it would be nice to include it as
> >>>>> part of
> >>>>>      the 4.4 release.
> >>>>> ---
> >>>>>     misc/coverity_model.c |   98
> >>>>> +++++++++++++++++++++++++++++++++++++++++++++++++
> >>>>>     1 file changed, 98 insertions(+)
> >>>>>     create mode 100644 misc/coverity_model.c
> >>>>>
> >>>>> diff --git a/misc/coverity_model.c b/misc/coverity_model.c
> >>>>> new file mode 100644
> >>>>> index 0000000..418d25e
> >>>>> --- /dev/null
> >>>>> +++ b/misc/coverity_model.c
> >>>>> @@ -0,0 +1,98 @@
> >>>>> +/* Coverity Scan model
> >>>>> + *
> >>>>> + * This is a modelling file for Coverity Scan. Modelling helps to
> >>>>> avoid false
> >>>>> + * positives.
> >>>>> + *
> >>>>> + * - A model file can't import any header files.
> >>>>> + * - Therefore only some built-in primitives like int, char and void
> >>>>> are
> >>>>> + *   available but not NULL etc.
> >>>>> + * - Mode-ling doesn't need full structs and typedefs. Rudimentary
> >>>>> structs
> >>>>> + *   and similar types are sufficient.
> >>>>> + * - An uninitialized local pointer is not an error. It signifies
> >>>>> that the
> >>>>> + *   variable could be either NULL or have some data.
> >>>>> + *
> >>>>> + * Coverity Scan doesn't pick up modifications automatically. The
> >>>>> model file
> >>>>> + * must be uploaded by an admin in the analysis.
> >>>> So this file isn't compiled; it's manually uploaded as part of the
> >>>> coverity scanning process; and could be provided out-of-band, but it's
> >>>> just convenient to put it in the tree, particularly if any of these
> >>>> things should change as things go forward.  (Hence comparing it to
> >>>> documentation.)  Is that right?
> >>>>
> >>>>    -George
> >>>>
> >>> Correct.  I believe internally Coverity compiles it (at least to an
> >>> AST), but that is completely opaque to users of Scan.
> >> Right; I have a hard time coming up with a compelling reason to wait
> >> for this one.
> >>
> >> Release-acked-by: George Dunlap <george.dunlap@eu.citrix.com>
> >>
> >> The name of the file might be a bit confusing though, if people think
> >> it is supposed to be compliled... would it make sense maybe to call it
> >> ".txt", and include some instructions at the top with a line that says
> >> "---- cut here 8< ---" or something?
> >>
> >>   -George
> > Not really - Coverity uses the file extension to work out how to
> > interpret the modelling file.  ".c" is correct here, and will cause
> > smart text editors to apply proper syntax highlighting.
> >
> > Alternates are .cpp and .java, depending on the primary language of the
> > project.
> 
> Yes, I assumed that *coverity* needs it to be a .c.  But it doesn't need 
> to be a .c file in the xen tree -- the instructions could say, "Place 
> the text below into a file named coverity_model.c".

This file is uploaded via a web interface. It'd be far more convenient
to browse with the browesers file dialog to the exact file in the xen
source tree.

Perhaps a README next to the file? Perhaps
misc/coverity/{README,model.c} ?

Ian.

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[Andrew Cooper]

On 24/01/14 16:59, George Dunlap wrote:
> On 01/24/2014 04:57 PM, Andrew Cooper wrote:
>> On 24/01/14 16:52, George Dunlap wrote:
>>> On 01/23/2014 03:19 PM, Andrew Cooper wrote:
>>>> On 23/01/14 15:13, George Dunlap wrote:
>>>>> On 01/23/2014 02:28 PM, Andrew Cooper wrote:
>>>>>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
>>>>>> CC: Keir Fraser <keir@xen.org>
>>>>>> CC: Jan Beulich <JBeulich@suse.com>
>>>>>> CC: Tim Deegan <tim@xen.org>
>>>>>> CC: Ian Campbell <Ian.Campbell@citrix.com>
>>>>>> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
>>>>>> CC: George Dunlap <george.dunlap@eu.citrix.com>
>>>>>>
>>>>>> ---
>>>>>>
>>>>>> George:
>>>>>>      This is just documentation, and it would be nice to include
>>>>>> it as
>>>>>> part of
>>>>>>      the 4.4 release.
>>>>>> ---
>>>>>>     misc/coverity_model.c |   98
>>>>>> +++++++++++++++++++++++++++++++++++++++++++++++++
>>>>>>     1 file changed, 98 insertions(+)
>>>>>>     create mode 100644 misc/coverity_model.c
>>>>>>
>>>>>> diff --git a/misc/coverity_model.c b/misc/coverity_model.c
>>>>>> new file mode 100644
>>>>>> index 0000000..418d25e
>>>>>> --- /dev/null
>>>>>> +++ b/misc/coverity_model.c
>>>>>> @@ -0,0 +1,98 @@
>>>>>> +/* Coverity Scan model
>>>>>> + *
>>>>>> + * This is a modelling file for Coverity Scan. Modelling helps to
>>>>>> avoid false
>>>>>> + * positives.
>>>>>> + *
>>>>>> + * - A model file can't import any header files.
>>>>>> + * - Therefore only some built-in primitives like int, char and
>>>>>> void
>>>>>> are
>>>>>> + *   available but not NULL etc.
>>>>>> + * - Mode-ling doesn't need full structs and typedefs. Rudimentary
>>>>>> structs
>>>>>> + *   and similar types are sufficient.
>>>>>> + * - An uninitialized local pointer is not an error. It signifies
>>>>>> that the
>>>>>> + *   variable could be either NULL or have some data.
>>>>>> + *
>>>>>> + * Coverity Scan doesn't pick up modifications automatically. The
>>>>>> model file
>>>>>> + * must be uploaded by an admin in the analysis.
>>>>> So this file isn't compiled; it's manually uploaded as part of the
>>>>> coverity scanning process; and could be provided out-of-band, but
>>>>> it's
>>>>> just convenient to put it in the tree, particularly if any of these
>>>>> things should change as things go forward.  (Hence comparing it to
>>>>> documentation.)  Is that right?
>>>>>
>>>>>    -George
>>>>>
>>>> Correct.  I believe internally Coverity compiles it (at least to an
>>>> AST), but that is completely opaque to users of Scan.
>>> Right; I have a hard time coming up with a compelling reason to wait
>>> for this one.
>>>
>>> Release-acked-by: George Dunlap <george.dunlap@eu.citrix.com>
>>>
>>> The name of the file might be a bit confusing though, if people think
>>> it is supposed to be compliled... would it make sense maybe to call it
>>> ".txt", and include some instructions at the top with a line that says
>>> "---- cut here 8< ---" or something?
>>>
>>>   -George
>> Not really - Coverity uses the file extension to work out how to
>> interpret the modelling file.  ".c" is correct here, and will cause
>> smart text editors to apply proper syntax highlighting.
>>
>> Alternates are .cpp and .java, depending on the primary language of the
>> project.
>
> Yes, I assumed that *coverity* needs it to be a .c.  But it doesn't
> need to be a .c file in the xen tree -- the instructions could say,
> "Place the text below into a file named coverity_model.c".
>
>  -George

This file was deliberately placed in a brand new directory, away from
any Makefiles which might try to compile it for this reason.

Requiring users to post-process this file just to help prevent someone
from accidentally trying to compile it seems crazy IMO.  The worst that
happens is that someone tries to compile it and it fails to compile.

~Andrew

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[Ian Campbell]

On Thu, 2014-01-23 at 14:28 +0000, Andrew Cooper wrote:
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> CC: Keir Fraser <keir@xen.org>
> CC: Jan Beulich <JBeulich@suse.com>
> CC: Tim Deegan <tim@xen.org>
> CC: Ian Campbell <Ian.Campbell@citrix.com>
> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
> CC: George Dunlap <george.dunlap@eu.citrix.com>
> 
> ---
> 
> George:
>   This is just documentation, and it would be nice to include it as part of
>   the 4.4 release.
> ---
>  misc/coverity_model.c |   98 +++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 98 insertions(+)
>  create mode 100644 misc/coverity_model.c
> 
> diff --git a/misc/coverity_model.c b/misc/coverity_model.c
> new file mode 100644
> index 0000000..418d25e
> --- /dev/null
> +++ b/misc/coverity_model.c
> @@ -0,0 +1,98 @@
> +/* Coverity Scan model
> + *
> + * This is a modelling file for Coverity Scan. Modelling helps to avoid false
> + * positives.
> + *
> + * - A model file can't import any header files.
> + * - Therefore only some built-in primitives like int, char and void are
> + *   available but not NULL etc.
> + * - Mode-ling doesn't need full structs and typedefs. Rudimentary structs
> + *   and similar types are sufficient.
> + * - An uninitialized local pointer is not an error. It signifies that the
> + *   variable could be either NULL or have some data.
> + *
> + * Coverity Scan doesn't pick up modifications automatically. The model file
> + * must be uploaded by an admin in the analysis.
> + *
> + * Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
> + * 2011, 2012, 2013 Python Software Foundation; All Rights Reserved
> + *
> + * The Xen Coverity Scan modelling file used the cpython modelling file as a
> + * reference to get started (suggested by Coverty Scan themselves as a good
> + * example), but all content is Xen specific.

Given that you (I pressume?) wrote at least some of the C like stuff I
think you can include your copyright too as well as the Python one. Is
there actually any cpython stuff left?

If there were a link to the docs in this comment that would be good too.

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[Tim Deegan]

At 16:59 +0000 on 24 Jan (1390579158), George Dunlap wrote:
> On 01/24/2014 04:57 PM, Andrew Cooper wrote:
> > On 24/01/14 16:52, George Dunlap wrote:
> >> The name of the file might be a bit confusing though, if people think
> >> it is supposed to be compliled... would it make sense maybe to call it
> >> ".txt", and include some instructions at the top with a line that says
> >> "---- cut here 8< ---" or something?
> >>
> >>   -George
> > Not really - Coverity uses the file extension to work out how to
> > interpret the modelling file.  ".c" is correct here, and will cause
> > smart text editors to apply proper syntax highlighting.
> >
> > Alternates are .cpp and .java, depending on the primary language of the
> > project.
> 
> Yes, I assumed that *coverity* needs it to be a .c.  But it doesn't need 
> to be a .c file in the xen tree -- the instructions could say, "Place 
> the text below into a file named coverity_model.c".

+1.  I don't think it's confusing for humans but we don't want
e.g. ctags/cscope or IDEs picking up the coverity versions
of things.

Tim.

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[Ian Campbell]

On Fri, 2014-01-24 at 18:04 +0100, Tim Deegan wrote:
> At 16:59 +0000 on 24 Jan (1390579158), George Dunlap wrote:
> > On 01/24/2014 04:57 PM, Andrew Cooper wrote:
> > > On 24/01/14 16:52, George Dunlap wrote:
> > >> The name of the file might be a bit confusing though, if people think
> > >> it is supposed to be compliled... would it make sense maybe to call it
> > >> ".txt", and include some instructions at the top with a line that says
> > >> "---- cut here 8< ---" or something?
> > >>
> > >>   -George
> > > Not really - Coverity uses the file extension to work out how to
> > > interpret the modelling file.  ".c" is correct here, and will cause
> > > smart text editors to apply proper syntax highlighting.
> > >
> > > Alternates are .cpp and .java, depending on the primary language of the
> > > project.
> > 
> > Yes, I assumed that *coverity* needs it to be a .c.  But it doesn't need 
> > to be a .c file in the xen tree -- the instructions could say, "Place 
> > the text below into a file named coverity_model.c".
> 
> +1.  I don't think it's confusing for humans but we don't want
> e.g. ctags/cscope or IDEs picking up the coverity versions
> of things.

Do you run tags on the whole of xen.git? I run it individually on the
xen and tools subdirs, because all the other cruft in the tree is just
too noisy otherwise.

Ian.

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[Tim Deegan]

At 17:05 +0000 on 24 Jan (1390579538), Ian Campbell wrote:
> On Fri, 2014-01-24 at 18:04 +0100, Tim Deegan wrote:
> > At 16:59 +0000 on 24 Jan (1390579158), George Dunlap wrote:
> > > On 01/24/2014 04:57 PM, Andrew Cooper wrote:
> > > > On 24/01/14 16:52, George Dunlap wrote:
> > > >> The name of the file might be a bit confusing though, if people think
> > > >> it is supposed to be compliled... would it make sense maybe to call it
> > > >> ".txt", and include some instructions at the top with a line that says
> > > >> "---- cut here 8< ---" or something?
> > > >>
> > > >>   -George
> > > > Not really - Coverity uses the file extension to work out how to
> > > > interpret the modelling file.  ".c" is correct here, and will cause
> > > > smart text editors to apply proper syntax highlighting.
> > > >
> > > > Alternates are .cpp and .java, depending on the primary language of the
> > > > project.
> > > 
> > > Yes, I assumed that *coverity* needs it to be a .c.  But it doesn't need 
> > > to be a .c file in the xen tree -- the instructions could say, "Place 
> > > the text below into a file named coverity_model.c".
> > 
> > +1.  I don't think it's confusing for humans but we don't want
> > e.g. ctags/cscope or IDEs picking up the coverity versions
> > of things.
> 
> Do you run tags on the whole of xen.git?

Not usually; I guess it's no worse than the multiple architectures,
minios &c where it is.  So, stet as a .c.

Tim.

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[Andrew Cooper]

On 24/01/14 17:04, Ian Campbell wrote:
> On Thu, 2014-01-23 at 14:28 +0000, Andrew Cooper wrote:
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
>> CC: Keir Fraser <keir@xen.org>
>> CC: Jan Beulich <JBeulich@suse.com>
>> CC: Tim Deegan <tim@xen.org>
>> CC: Ian Campbell <Ian.Campbell@citrix.com>
>> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
>> CC: George Dunlap <george.dunlap@eu.citrix.com>
>>
>> ---
>>
>> George:
>>   This is just documentation, and it would be nice to include it as part of
>>   the 4.4 release.
>> ---
>>  misc/coverity_model.c |   98 +++++++++++++++++++++++++++++++++++++++++++++++++
>>  1 file changed, 98 insertions(+)
>>  create mode 100644 misc/coverity_model.c
>>
>> diff --git a/misc/coverity_model.c b/misc/coverity_model.c
>> new file mode 100644
>> index 0000000..418d25e
>> --- /dev/null
>> +++ b/misc/coverity_model.c
>> @@ -0,0 +1,98 @@
>> +/* Coverity Scan model
>> + *
>> + * This is a modelling file for Coverity Scan. Modelling helps to avoid false
>> + * positives.
>> + *
>> + * - A model file can't import any header files.
>> + * - Therefore only some built-in primitives like int, char and void are
>> + *   available but not NULL etc.
>> + * - Mode-ling doesn't need full structs and typedefs. Rudimentary structs
>> + *   and similar types are sufficient.
>> + * - An uninitialized local pointer is not an error. It signifies that the
>> + *   variable could be either NULL or have some data.
>> + *
>> + * Coverity Scan doesn't pick up modifications automatically. The model file
>> + * must be uploaded by an admin in the analysis.
>> + *
>> + * Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
>> + * 2011, 2012, 2013 Python Software Foundation; All Rights Reserved
>> + *
>> + * The Xen Coverity Scan modelling file used the cpython modelling file as a
>> + * reference to get started (suggested by Coverty Scan themselves as a good
>> + * example), but all content is Xen specific.
> Given that you (I pressume?) wrote at least some of the C like stuff I
> think you can include your copyright too as well as the Python one. Is
> there actually any cpython stuff left?
>
> If there were a link to the docs in this comment that would be good too.
>
>

See "Useful links" in the comment below this one in the file.

Most of this comment is from the cpython file, and I suppose technically
the "#define NULL (void)0" and "#define assert() /*empty*/" were.

But mainly, the cpython was just an example of an existing modelling
file, which was a substantially more useful when working out how to
write the Xen one than the Coverity documentation of which each of the
__coverity_$FOO() functions mean and do.

~Andrew

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[George Dunlap]

On 01/24/2014 05:02 PM, Andrew Cooper wrote:
> On 24/01/14 16:59, George Dunlap wrote:
>> On 01/24/2014 04:57 PM, Andrew Cooper wrote:
>>> On 24/01/14 16:52, George Dunlap wrote:
>>>> On 01/23/2014 03:19 PM, Andrew Cooper wrote:
>>>>> On 23/01/14 15:13, George Dunlap wrote:
>>>>>> On 01/23/2014 02:28 PM, Andrew Cooper wrote:
>>>>>>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
>>>>>>> CC: Keir Fraser <keir@xen.org>
>>>>>>> CC: Jan Beulich <JBeulich@suse.com>
>>>>>>> CC: Tim Deegan <tim@xen.org>
>>>>>>> CC: Ian Campbell <Ian.Campbell@citrix.com>
>>>>>>> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
>>>>>>> CC: George Dunlap <george.dunlap@eu.citrix.com>
>>>>>>>
>>>>>>> ---
>>>>>>>
>>>>>>> George:
>>>>>>>       This is just documentation, and it would be nice to include
>>>>>>> it as
>>>>>>> part of
>>>>>>>       the 4.4 release.
>>>>>>> ---
>>>>>>>      misc/coverity_model.c |   98
>>>>>>> +++++++++++++++++++++++++++++++++++++++++++++++++
>>>>>>>      1 file changed, 98 insertions(+)
>>>>>>>      create mode 100644 misc/coverity_model.c
>>>>>>>
>>>>>>> diff --git a/misc/coverity_model.c b/misc/coverity_model.c
>>>>>>> new file mode 100644
>>>>>>> index 0000000..418d25e
>>>>>>> --- /dev/null
>>>>>>> +++ b/misc/coverity_model.c
>>>>>>> @@ -0,0 +1,98 @@
>>>>>>> +/* Coverity Scan model
>>>>>>> + *
>>>>>>> + * This is a modelling file for Coverity Scan. Modelling helps to
>>>>>>> avoid false
>>>>>>> + * positives.
>>>>>>> + *
>>>>>>> + * - A model file can't import any header files.
>>>>>>> + * - Therefore only some built-in primitives like int, char and
>>>>>>> void
>>>>>>> are
>>>>>>> + *   available but not NULL etc.
>>>>>>> + * - Mode-ling doesn't need full structs and typedefs. Rudimentary
>>>>>>> structs
>>>>>>> + *   and similar types are sufficient.
>>>>>>> + * - An uninitialized local pointer is not an error. It signifies
>>>>>>> that the
>>>>>>> + *   variable could be either NULL or have some data.
>>>>>>> + *
>>>>>>> + * Coverity Scan doesn't pick up modifications automatically. The
>>>>>>> model file
>>>>>>> + * must be uploaded by an admin in the analysis.
>>>>>> So this file isn't compiled; it's manually uploaded as part of the
>>>>>> coverity scanning process; and could be provided out-of-band, but
>>>>>> it's
>>>>>> just convenient to put it in the tree, particularly if any of these
>>>>>> things should change as things go forward.  (Hence comparing it to
>>>>>> documentation.)  Is that right?
>>>>>>
>>>>>>     -George
>>>>>>
>>>>> Correct.  I believe internally Coverity compiles it (at least to an
>>>>> AST), but that is completely opaque to users of Scan.
>>>> Right; I have a hard time coming up with a compelling reason to wait
>>>> for this one.
>>>>
>>>> Release-acked-by: George Dunlap <george.dunlap@eu.citrix.com>
>>>>
>>>> The name of the file might be a bit confusing though, if people think
>>>> it is supposed to be compliled... would it make sense maybe to call it
>>>> ".txt", and include some instructions at the top with a line that says
>>>> "---- cut here 8< ---" or something?
>>>>
>>>>    -George
>>> Not really - Coverity uses the file extension to work out how to
>>> interpret the modelling file.  ".c" is correct here, and will cause
>>> smart text editors to apply proper syntax highlighting.
>>>
>>> Alternates are .cpp and .java, depending on the primary language of the
>>> project.
>> Yes, I assumed that *coverity* needs it to be a .c.  But it doesn't
>> need to be a .c file in the xen tree -- the instructions could say,
>> "Place the text below into a file named coverity_model.c".
>>
>>   -George
> This file was deliberately placed in a brand new directory, away from
> any Makefiles which might try to compile it for this reason.
>
> Requiring users to post-process this file just to help prevent someone
> from accidentally trying to compile it seems crazy IMO.  The worst that
> happens is that someone tries to compile it and it fails to compile.

Right, well a directory named "misc" probably won't remain empty for 
long. :-)  I'd prefer Ian's suggestion of misc/coverity/, or maybe just 
coverity/; but I'm not too particular about it.

(And the consensus seems to be that .c shoud be fine, so I'll go along 
with that too.)

  -George

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[Andrew Cooper]

On 24/01/14 17:24, George Dunlap wrote:
> On 01/24/2014 05:02 PM, Andrew Cooper wrote:
>> On 24/01/14 16:59, George Dunlap wrote:
>>> On 01/24/2014 04:57 PM, Andrew Cooper wrote:
>>>> On 24/01/14 16:52, George Dunlap wrote:
>>>>> On 01/23/2014 03:19 PM, Andrew Cooper wrote:
>>>>>> On 23/01/14 15:13, George Dunlap wrote:
>>>>>>> On 01/23/2014 02:28 PM, Andrew Cooper wrote:
>>>>>>>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
>>>>>>>> CC: Keir Fraser <keir@xen.org>
>>>>>>>> CC: Jan Beulich <JBeulich@suse.com>
>>>>>>>> CC: Tim Deegan <tim@xen.org>
>>>>>>>> CC: Ian Campbell <Ian.Campbell@citrix.com>
>>>>>>>> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
>>>>>>>> CC: George Dunlap <george.dunlap@eu.citrix.com>
>>>>>>>>
>>>>>>>> ---
>>>>>>>>
>>>>>>>> George:
>>>>>>>>       This is just documentation, and it would be nice to include
>>>>>>>> it as
>>>>>>>> part of
>>>>>>>>       the 4.4 release.
>>>>>>>> ---
>>>>>>>>      misc/coverity_model.c |   98
>>>>>>>> +++++++++++++++++++++++++++++++++++++++++++++++++
>>>>>>>>      1 file changed, 98 insertions(+)
>>>>>>>>      create mode 100644 misc/coverity_model.c
>>>>>>>>
>>>>>>>> diff --git a/misc/coverity_model.c b/misc/coverity_model.c
>>>>>>>> new file mode 100644
>>>>>>>> index 0000000..418d25e
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/misc/coverity_model.c
>>>>>>>> @@ -0,0 +1,98 @@
>>>>>>>> +/* Coverity Scan model
>>>>>>>> + *
>>>>>>>> + * This is a modelling file for Coverity Scan. Modelling helps to
>>>>>>>> avoid false
>>>>>>>> + * positives.
>>>>>>>> + *
>>>>>>>> + * - A model file can't import any header files.
>>>>>>>> + * - Therefore only some built-in primitives like int, char and
>>>>>>>> void
>>>>>>>> are
>>>>>>>> + *   available but not NULL etc.
>>>>>>>> + * - Mode-ling doesn't need full structs and typedefs.
>>>>>>>> Rudimentary
>>>>>>>> structs
>>>>>>>> + *   and similar types are sufficient.
>>>>>>>> + * - An uninitialized local pointer is not an error. It signifies
>>>>>>>> that the
>>>>>>>> + *   variable could be either NULL or have some data.
>>>>>>>> + *
>>>>>>>> + * Coverity Scan doesn't pick up modifications automatically. The
>>>>>>>> model file
>>>>>>>> + * must be uploaded by an admin in the analysis.
>>>>>>> So this file isn't compiled; it's manually uploaded as part of the
>>>>>>> coverity scanning process; and could be provided out-of-band, but
>>>>>>> it's
>>>>>>> just convenient to put it in the tree, particularly if any of these
>>>>>>> things should change as things go forward.  (Hence comparing it to
>>>>>>> documentation.)  Is that right?
>>>>>>>
>>>>>>>     -George
>>>>>>>
>>>>>> Correct.  I believe internally Coverity compiles it (at least to an
>>>>>> AST), but that is completely opaque to users of Scan.
>>>>> Right; I have a hard time coming up with a compelling reason to wait
>>>>> for this one.
>>>>>
>>>>> Release-acked-by: George Dunlap <george.dunlap@eu.citrix.com>
>>>>>
>>>>> The name of the file might be a bit confusing though, if people think
>>>>> it is supposed to be compliled... would it make sense maybe to
>>>>> call it
>>>>> ".txt", and include some instructions at the top with a line that
>>>>> says
>>>>> "---- cut here 8< ---" or something?
>>>>>
>>>>>    -George
>>>> Not really - Coverity uses the file extension to work out how to
>>>> interpret the modelling file.  ".c" is correct here, and will cause
>>>> smart text editors to apply proper syntax highlighting.
>>>>
>>>> Alternates are .cpp and .java, depending on the primary language of
>>>> the
>>>> project.
>>> Yes, I assumed that *coverity* needs it to be a .c.  But it doesn't
>>> need to be a .c file in the xen tree -- the instructions could say,
>>> "Place the text below into a file named coverity_model.c".
>>>
>>>   -George
>> This file was deliberately placed in a brand new directory, away from
>> any Makefiles which might try to compile it for this reason.
>>
>> Requiring users to post-process this file just to help prevent someone
>> from accidentally trying to compile it seems crazy IMO.  The worst that
>> happens is that someone tries to compile it and it fails to compile.
>
> Right, well a directory named "misc" probably won't remain empty for
> long. :-)  I'd prefer Ian's suggestion of misc/coverity/, or maybe
> just coverity/; but I'm not too particular about it.
>
> (And the consensus seems to be that .c shoud be fine, so I'll go along
> with that too.)
>
>  -George
>

I will send v6 moving it to misc/coverity/, and the result of the
copyright thread

~Andrew

Re: [PATCH v5] coverity: Store the modelling file in the source tree.

[Ian Campbell]

On Fri, 2014-01-24 at 17:11 +0000, Andrew Cooper wrote:
> On 24/01/14 17:04, Ian Campbell wrote:
> > On Thu, 2014-01-23 at 14:28 +0000, Andrew Cooper wrote:
> >> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> >> CC: Keir Fraser <keir@xen.org>
> >> CC: Jan Beulich <JBeulich@suse.com>
> >> CC: Tim Deegan <tim@xen.org>
> >> CC: Ian Campbell <Ian.Campbell@citrix.com>
> >> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
> >> CC: George Dunlap <george.dunlap@eu.citrix.com>
> >>
> >> ---
> >>
> >> George:
> >>   This is just documentation, and it would be nice to include it as part of
> >>   the 4.4 release.
> >> ---
> >>  misc/coverity_model.c |   98 +++++++++++++++++++++++++++++++++++++++++++++++++
> >>  1 file changed, 98 insertions(+)
> >>  create mode 100644 misc/coverity_model.c
> >>
> >> diff --git a/misc/coverity_model.c b/misc/coverity_model.c
> >> new file mode 100644
> >> index 0000000..418d25e
> >> --- /dev/null
> >> +++ b/misc/coverity_model.c
> >> @@ -0,0 +1,98 @@
> >> +/* Coverity Scan model
> >> + *
> >> + * This is a modelling file for Coverity Scan. Modelling helps to avoid false
> >> + * positives.
> >> + *
> >> + * - A model file can't import any header files.
> >> + * - Therefore only some built-in primitives like int, char and void are
> >> + *   available but not NULL etc.
> >> + * - Mode-ling doesn't need full structs and typedefs. Rudimentary structs
> >> + *   and similar types are sufficient.

Is "Mode-ling" a word?

> >> + * - An uninitialized local pointer is not an error. It signifies that the
> >> + *   variable could be either NULL or have some data.
> >> + *
> >> + * Coverity Scan doesn't pick up modifications automatically. The model file
> >> + * must be uploaded by an admin in the analysis.
> >> + *
> >> + * Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
> >> + * 2011, 2012, 2013 Python Software Foundation; All Rights Reserved
> >> + *
> >> + * The Xen Coverity Scan modelling file used the cpython modelling file as a
> >> + * reference to get started (suggested by Coverty Scan themselves as a good
> >> + * example), but all content is Xen specific.
> > Given that you (I pressume?) wrote at least some of the C like stuff I
> > think you can include your copyright too as well as the Python one. Is
> > there actually any cpython stuff left?
> >
> > If there were a link to the docs in this comment that would be good too.
> >
> >
> 
> See "Useful links" in the comment below this one in the file.

Oops, stopped after the first comment ;-)

> Most of this comment is from the cpython file, and I suppose technically
> the "#define NULL (void)0" and "#define assert() /*empty*/" were.
> 
> But mainly, the cpython was just an example of an existing modelling
> file, which was a substantially more useful when working out how to
> write the Xen one than the Coverity documentation of which each of the
> __coverity_$FOO() functions mean and do.

Might be worth including a link to the python one?
I'd normally do the copyright as:
        Write Copyright (c) 2013-2014 Andrew Cooper (or Citrix etc as you wish/are required)

        Based on <http://linky> which is:
          Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
          2011, 2012, 2013 Python Software Foundation; All Rights
        Reserved

Ian.