First allow me to introduce myself - I'm John Ferlan a new Red Hat employee (3 weeks). I came from the closed world at HP where for the last 7 years I worked in a group developing/supporting HP's Integrity Virtual Machine software prior to it being outsourced to India this past May. I primarily worked in the CLI/API and daemon space, although I also spent quite a bit of time in the lower virtualization layers which mimicked the Integrity instructions. I am very happy to be in the open world and look forward to contributing. Everyone has to start some where.
My first task here at Red Hat was to triage a Coverity scan executed against libvirt-1.0.0-1.fc19.src.rpm done in late November. There were 285 issues documented. I quickly found that some of the defects found there were already fixed in later submits upstream, so I ran a new Coverity scan last Friday and it came back with 297 issues broken down as follows:
1 ARRAY_VS_SINGLETON
33 BAD_SIZEOF
17 CHECKED_RETURN
1 CONSTANT_EXPRESSION_RESULT
5 COPY_PASTE_ERROR
13 DEADCODE
46 FORWARD_NULL
2 MISSING_RETURN
2 NEGATIVE_RETURNS
7 NULL_RETURNS
1 OVERRUN
137 RESOURCE_LEAK
18 REVERSE_INULL
1 SIGN_EXTENSION
3 UNINIT
8 UNUSED_VALUE
2 USE_AFTER_FREE
Of the defects found there are quite a few which can be considered as "false positives", some are trivial issues, a few complex issues, and the rest while resulting in a core usually occur in some error path. The bulk of the BAD_SIZEOF errors are the result of using a %p in the PROBE macro on structure pointers - it's a false positive, yet annoying. The bulk of FORWARD_NULL defects are from a false positive in vbox_templ.c. The bulk of RESOURCE_LEAK defects are from the use of macros to build code in esx_vi_types - which is where I'm triaging now. Of all the errors listed, "only" 62 files are affected.
Over the next few weeks, I'll start sending patch requests starting with some of the trivial problems just so I can get my feet wet with the process as it's certainly different than my closed world experiences. Since part of that process is to communicate early so people know what you're doing and what's coming - that's what I'm doing!
Also, now that I have a bit of experience with Coverity - I can run it again (more frequently) against the latest upstream bits.
John Ferlan
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list