First allow me to introduce myself - I'm John Ferlan a new Red Hat employee (3
weeks). I came from the closed world at HP where for the last 7 years I worked
in a group developing/supporting HP's Integrity Virtual Machine software prior
to it being outsourced to India this past May. I primarily worked in the
CLI/API and daemon space, although I also spent quite a bit of time in the
lower virtualization layers which mimicked the Integrity instructions. I am
very happy to be in the open world and look forward to contributing. Everyone
has to start some where.
My first task here at Red Hat was to triage a Coverity scan executed against
libvirt-1.0.0-1.fc19.src.rpm done in late November. There were 285 issues
documented. I quickly found that some of the defects found there were already
fixed in later submits upstream, so I ran a new Coverity scan last Friday and
it came back with 297 issues broken down as follows:
1 ARRAY_VS_SINGLETON
33 BAD_SIZEOF
17 CHECKED_RETURN
1 CONSTANT_EXPRESSION_RESULT
5 COPY_PASTE_ERROR
13 DEADCODE
46 FORWARD_NULL
2 MISSING_RETURN
2 NEGATIVE_RETURNS
7 NULL_RETURNS
1 OVERRUN
137 RESOURCE_LEAK
18 REVERSE_INULL
1 SIGN_EXTENSION
3 UNINIT
8 UNUSED_VALUE
2 USE_AFTER_FREE
Of the defects found there are quite a few which can be considered as "false
positives", some are trivial issues, a few complex issues, and the rest while
resulting in a core usually occur in some error path. The bulk of the
BAD_SIZEOF errors are the result of using a %p in the PROBE macro on structure
pointers - it's a false positive, yet annoying. The bulk of FORWARD_NULL
defects are from a false positive in vbox_templ.c. The bulk of RESOURCE_LEAK
defects are from the use of macros to build code in esx_vi_types - which is
where I'm triaging now. Of all the errors listed, "only" 62 files are affected.
Over the next few weeks, I'll start sending patch requests starting with some
of the trivial problems just so I can get my feet wet with the process as it's
certainly different than my closed world experiences. Since part of that
process is to communicate early so people know what you're doing and what's
coming - that's what I'm doing!
Also, now that I have a bit of experience with Coverity - I can run it again
(more frequently) against the latest upstream bits.
John Ferlan
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
