1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
other: 0.855
semantic: 0.829
graphic: 0.823
debug: 0.821
permissions: 0.814
socket: 0.806
files: 0.802
device: 0.801
performance: 0.791
PID: 0.771
network: 0.767
boot: 0.728
vnc: 0.715
KVM: 0.688
Coverity scan revealed defects
Coverity scan detected some issues such as RESOURCE_LEAK and REVERSE_INULL etc on qemu-1.0rc1:
Analysis summary report:
------------------------
Files analyzed : 830
Total LoC input to cov-analyze : 576549
Functions analyzed : 20721
Paths analyzed : 858376
New defects found : 428 Total
2 ARRAY_VS_SINGLETON
9 CHECKED_RETURN
19 CONSTANT_EXPRESSION_RESULT
60 DEADCODE
43 FORWARD_NULL
14 INFINITE_LOOP
36 MISSING_BREAK
3 MISSING_LOCK
47 NEGATIVE_RETURNS
1 NO_EFFECT
11 NULL_RETURNS
51 OVERRUN_STATIC
1 RESOURCE_LEAK
79 REVERSE_INULL
20 SIGN_EXTENSION
7 SIZEOF_MISMATCH
15 UNINIT
5 UNREACHABLE
2 UNUSED_VALUE
3 USE_AFTER_FREE
For details, please see attachment.
This is latest result on qemu-1.0-rc3, and I notice that 'RESOURCE_LEAK' is 10 now:
Analysis summary report:
------------------------
Files analyzed : 825
Total LoC input to cov-analyze : 576887
Functions analyzed : 20639
Paths analyzed : 896645
Defect occurrences found : 432 Total
2 ARRAY_VS_SINGLETON
4 ATOMICITY
10 CHECKED_RETURN
17 CONSTANT_EXPRESSION_RESULT
62 DEADCODE
42 FORWARD_NULL
10 INFINITE_LOOP
34 MISSING_BREAK
1 MISSING_LOCK
44 NEGATIVE_RETURNS
10 NULL_RETURNS
46 OVERRUN_STATIC
10 RESOURCE_LEAK
78 REVERSE_INULL
1 REVERSE_NEGATIVE
18 SIGN_EXTENSION
7 SIZEOF_MISMATCH
26 UNINIT
5 UNREACHABLE
2 UNUSED_VALUE
3 USE_AFTER_FREE
For details, please see attachment.
I believe the ARM ones are bogus (although some could be clearer and simulataneously clear some of the warnings):
Error: DEADCODE: *** IFDEF dependent
hw/arm_gic.c:409:
dead_error_condition: On this path, the condition "irq < 16" cannot be true.
*** ifdef'd - only true if NVIC defined
hw/arm_gic.c:407:
between: After this line, the value of "irq" is between 32 and 95.
hw/arm_gic.c:406:
assignment: Assigning: "irq" = "(offset - 256U) * 8U + 32U".
hw/arm_gic.c:407:
new_values: Noticing condition "irq >= 96".
hw/arm_gic.c:391:
new_values: Noticing condition "offset < 256U".
hw/arm_gic.c:410:
dead_error_line: Execution cannot reach this statement "value = 255U;".
Error: DEADCODE: *** IFDEF dependent on NVIC
hw/arm_gic.c:434:
dead_error_condition: On this path, the condition "irq < 16" cannot be true.
hw/arm_gic.c:432:
between: After this line, the value of "irq" is between 32 and 95.
hw/arm_gic.c:431:
assignment: Assigning: "irq" = "(offset - 384U) * 8U + 32U".
hw/arm_gic.c:432:
new_values: Noticing condition "irq >= 96".
hw/arm_gic.c:391:
new_values: Noticing condition "offset < 256U".
hw/arm_gic.c:435:
dead_error_line: Execution cannot reach this statement "value = 0U;".
Error: DEADCODE: *** IFDEF dependent on NVIC
hw/arm_gic.c:451:
dead_error_condition: On this path, the condition "irq < 16" cannot be true.
hw/arm_gic.c:449:
between: After this line, the value of "irq" is between 32 and 95.
hw/arm_gic.c:448:
assignment: Assigning: "irq" = "(offset - 512U) * 8U + 32U".
hw/arm_gic.c:449:
new_values: Noticing condition "irq >= 96".
hw/arm_gic.c:391:
new_values: Noticing condition "offset < 256U".
hw/arm_gic.c:452:
dead_error_line: Execution cannot reach this statement "irq = 0;".
Error: DEADCODE: *** IFDEF depedent on NVIC
hw/arm_gic.c:480:
dead_error_condition: On this path, the condition "irq < 32" cannot be true.
hw/arm_gic.c:478:
between: After this line, the value of "irq" is between 32 and 95.
hw/arm_gic.c:477:
assignment: Assigning: "irq" = "offset - 1024U + 32U".
hw/arm_gic.c:478:
new_values: Noticing condition "irq >= 96".
hw/arm_gic.c:472:
new_values: Noticing condition "offset < 1024U".
hw/arm_gic.c:481:
dead_error_line: Execution cannot reach this statement "s->priority1[irq][cpu] = va...".
Error: DEADCODE: *** Set in ifdef 0'd path
arm-dis.c:4012:
dead_error_condition: On this path, the condition "is_data" cannot be true.
arm-dis.c:3874:
const: After this line, the value of "is_data" is equal to 0.
arm-dis.c:3874:
assignment: Assigning: "is_data" = "0".
arm-dis.c:4014:
dead_error_begin: Execution cannot reach this statement "int i;".
Error: NEGATIVE_RETURNS: *** I think the -1 value triggers the increment on line 9957 so it isn't -ve as an index
target-arm/translate.c:9873:
var_tested_neg: Assigning: "lj" = a negative value.
target-arm/translate.c:9961:
negative_returns: Using variable "lj" as an index to array "gen_opc_pc".
Error: OVERRUN_STATIC: *** Safe because irq%8 always =0 and GIC_NIRQ divisible by 8 (but would be better to do irq+8 > GIC_NIRQ
hw/arm_gic.c:274:
assignment: Assigning: "irq" = "(offset - 256U) * 8U".
hw/arm_gic.c:277:
assignment: Assigning: "irq" = "irq += 0".
hw/arm_gic.c:282:
overrun-local: Overrunning static array "s->irq_state", with 96 elements, at position 96 with index variable "irq + i".
Error: OVERRUN_STATIC:
hw/arm_gic.c:235: *** Don't think so, at that point we know array value !=1023 and array value == irq, so irq can't be 1023
overrun-local: Overrunning static array "s->last_active", with 96 elements, at position 1023 with index variable "irq".
Error: OVERRUN_STATIC:
hw/arm_gic.c:235:*** Don't think so, at that point we know array value !=1023 and array value == irq, so irq can't be 1023
overrun-local: Overrunning static array "s->last_active", with 96 elements, at position 1023 with index variable "irq".
Error: OVERRUN_STATIC:
hw/arm_gic.c:461: *** Safe because irq%8=0, and GIC_NIRQ divisibly by 8 (again safer to do irq+8 > GIC_NIRQ)
assignment: Assigning: "irq" = "(offset - 640U) * 8U + 0U".
hw/arm_gic.c:469:
overrun-local: Overrunning static array "s->irq_state", with 96 elements, at position 96 with index variable "irq + i".
Error: OVERRUN_STATIC:
hw/arm_gic.c:235: *** Same as case above???
overrun-local: Overrunning static array "s->last_active", with 96 elements, at position 1023 with index variable "irq".
AFAIK a lot of issues reported by coverity have been addressed in the recent versions of QEMU ... is there still anything left here that needs special attention?
[Expired for QEMU because there has been no activity for 60 days.]
|