Yes, go ahead. I would like to add a docker-coverity Makefile target but I can do that later.
Il lun 13 apr 2020, 14:13 Peter Maydell <peter.mayd...@linaro.org> ha scritto: > What's your view on this series, Paolo? Personally I'd like > to put it into master, because at least then we have something > that we can do Coverity runs on, whereas AIUI at the moment > we don't. But I'd rather not put it in after rc3, which is > tomorrow... > > thanks > -- PMM > > On Thu, 19 Mar 2020 at 19:33, Peter Maydell <peter.mayd...@linaro.org> > wrote: > > > > v1 of this series was over a year ago: > > https://patchew.org/QEMU/20181113184641.4492-1-peter.mayd...@linaro.org/ > > > > I dusted it off and fixed some stuff because Paolo reports that the > > machine he was previously using for uploads can't run the Coverity > > tools any more. > > > > The first four patches are fixes for problems that cause the Coverity > > tool not to be able to scan everything. The first one in particular > > meant that every compilation unit failed, which would block uploads. > > The other 3 would reduce the scan coverage but weren't fatal. (The > > only remaining warnings in the log are where Coverity complains about > > asm intrinsics system headers.) > > > > With these scripts you can do an upload with > > COVERITY_TOKEN=nnnnnnnnn ./scripts/coverity-scan/run-coverity-scan > --docker > > (where nnnnnnnn is the project's secret token which admins can > > get from the Coverity web UI). > > > > I did in fact do an upload to test it, so the currently visible > > results on the website are the result of a scan on ce73691e258 plus > > this series. > > > > The new upload has +112 defects, which is quite a lot, but I don't > > think it's so many that it is "defects we rejected as false positives > > coming back again"; my guess is a combination of the fixes in the > > first 4 patches increasing coverage plus we haven't run a test in a > > while plus maybe the script has some more config options enabled that > > Paolo's box did not. (In the web UI defects that were dismissed as > > FPs seem still to be considered present-but-dismissed, so I think > > that's OK.) > > > > Not much has changed since v1; I didn't get very much feedback > > the first time around[*]. Docker still seems to do the "download > > the Coverity tools" part more often than I expect. On the other > > hand "actually automated with a script in the tree" beats "not > > automated and currently broken" so maybe this patchset as it > > stands is good enough, given that basically 1 or 2 people ever > > will be running the script ? > > > > [*] Eric will note that yes, the script still uses set -e. > > > > (Like v1 this doesn't try to tie it into Travis, but we could > > in theory do that some day, or have some other automated once > > a week run of the script.) > > > > thanks > > -- PMM > > > > Peter Maydell (6): > > osdep.h: Drop no-longer-needed Coverity workarounds > > thread.h: Fix Coverity version of qemu_cond_timedwait() > > thread.h: Remove trailing semicolons from Coverity qemu_mutex_lock() > > etc > > linux-user/flatload.c: Use "" for include of QEMU header target_flat.h > > scripts/run-coverity-scan: Script to run Coverity Scan build > > scripts/coverity-scan: Add Docker support > > > > include/qemu/osdep.h | 14 - > > include/qemu/thread.h | 12 +- > > linux-user/flatload.c | 2 +- > > MAINTAINERS | 5 + > > scripts/coverity-scan/coverity-scan.docker | 131 +++++++ > > scripts/coverity-scan/run-coverity-scan | 401 +++++++++++++++++++++ > > 6 files changed, 544 insertions(+), 21 deletions(-) > > create mode 100644 scripts/coverity-scan/coverity-scan.docker > > create mode 100755 scripts/coverity-scan/run-coverity-scan > > > > -- > > 2.20.1 > >
