Paolo Bonzini <[email protected]> writes:
> On 21/01/2015 17:05, Markus Armbruster wrote:
>>>> >> What do you mean by "a GLib model"? scripts/coverity-model.c?
>>> >
>>> > Yes. It models g_malloc0 in a way that avoids a lot of false positives,
>>> > but still is able to flag leaks.
>> Understood. It's hugely better than nothing,
>
> Yes, I think between false positives and false negatives it affected
> over 100 defects.
Yes. RESOURCE_LEAK was pretty useless without it.
>> but it still can't make
>> Coverity see many relevant facts like GLib functions returning newly
>> allocated storage. For that, you have to throw in a derived model, like
>> I do. Unfortunately, the Scan service seems unable to do that.
>
> Right. You can also model the functions manually, like we do for
> g_io_channel_unix_new:
>
> typedef struct _GIOChannel GIOChannel;
> GIOChannel *g_io_channel_unix_new(int fd)
> {
> GIOChannel *c = g_malloc0(sizeof(GIOChannel));
> __coverity_escape__(fd);
> return c;
> }
>
> (This was done because of false positives when Coverity thought that fd
> would leak at end of scope).
>
> If you know some offenders which did cause us to leak memory in the
> past, please do submit a patch to scripts/coverity-model.c.
Comparing two local scans, one with and one without my derived model, I
think I can spot some gaps we could fill in coverity-model.c. Stay
tuned...
> BTW, thanks for starting this thread. We already have like 6 new users
> who will be able to see the defects and fix them! That alone is very
> much worthy!
:)
I hope regular scanning reports to qemu-devel will get us even more.
