From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41539)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1YDy3H-0001Yx-Fd
	for qemu-devel@nongnu.org; Wed, 21 Jan 2015 11:22:44 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1YDy3E-0005hz-NP
	for qemu-devel@nongnu.org; Wed, 21 Jan 2015 11:22:43 -0500
Received: from mail-wg0-x233.google.com ([2a00:1450:400c:c00::233]:37881)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1YDy3E-0005hs-8n
	for qemu-devel@nongnu.org; Wed, 21 Jan 2015 11:22:40 -0500
Received: by mail-wg0-f51.google.com with SMTP id l18so18645907wgh.10
	for <qemu-devel@nongnu.org>; Wed, 21 Jan 2015 08:22:39 -0800 (PST)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <54BFD24C.90400@redhat.com>
Date: Wed, 21 Jan 2015 17:22:36 +0100
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <87bnlsl2qt.fsf@blackfin.pond.sub.org>	<54BFB577.3080805@redhat.com>
	<87a91cchbt.fsf@blackfin.pond.sub.org>	<54BFC17D.2060501@redhat.com>
	<87r3uo9l1i.fsf@blackfin.pond.sub.org>
In-Reply-To: <87r3uo9l1i.fsf@blackfin.pond.sub.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Subject: Re: [Qemu-devel] Can we make better use of Coverity?
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Markus Armbruster <armbru@redhat.com>
Cc: peter.maydell@linaro.org, qemu-devel@nongnu.org



On 21/01/2015 17:05, Markus Armbruster wrote:
>>> >> What do you mean by "a GLib model"?  scripts/coverity-model.c?
>> >
>> > Yes.  It models g_malloc0 in a way that avoids a lot of false positives,
>> > but still is able to flag leaks.
> Understood.  It's hugely better than nothing,

Yes, I think between false positives and false negatives it affected
over 100 defects.

> but it still can't make
> Coverity see many relevant facts like GLib functions returning newly
> allocated storage.  For that, you have to throw in a derived model, like
> I do.  Unfortunately, the Scan service seems unable to do that.

Right.  You can also model the functions manually, like we do for
g_io_channel_unix_new:

typedef struct _GIOChannel GIOChannel;
GIOChannel *g_io_channel_unix_new(int fd)
{
    GIOChannel *c = g_malloc0(sizeof(GIOChannel));
    __coverity_escape__(fd);
    return c;
}

(This was done because of false positives when Coverity thought that fd
would leak at end of scope).

If you know some offenders which did cause us to leak memory in the
past, please do submit a patch to scripts/coverity-model.c.

BTW, thanks for starting this thread.  We already have like 6 new users
who will be able to see the defects and fix them!  That alone is very
much worthy!

Paolo