aboutsummaryrefslogtreecommitdiff
path: root/scripts/coverity-scan
AgeCommit message (Collapse)Author
2023-05-18coverity: the definitive COMPONENTS.md updatePaolo Bonzini
The ordering here tries to be logical and matches the one in the website. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-04-20coverity: unify Fedora dockerfilesPaolo Bonzini
The Fedora CI and coverity runs are using a slightly different set of packages. Copy most of the content over from tests/docker while keeping the commands at the end that unpack the tools. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20230331174844.376300-1-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-04-20coverity: update COMPONENTS.mdPaolo Bonzini
Hexagon is split into two components because it has hundreds of false positives in the generated files. capstone and slirp have been removed. hw/nvme is added to block. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-02-16virtiofsd: Remove build and docs glueDr. David Alan Gilbert
Remove all the virtiofsd build and docs infrastructure. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-18coverity: put NUBus under m68k componentPaolo Bonzini
It is only used by the Q800 emulation, so put it under that architecture. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-18coverity: add new RISC-V componentPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-07-26scripts/coverity-scan/COMPONENTS.md: Update slirp component infoPeter Maydell
Update the regex for the slirp component now that it lives solely inside /slirp/, and note that it should be ignored in Coverity analysis (because it's a separate upstream project now, and they run Coverity on it themselves). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 20220718142310.16013-3-peter.maydell@linaro.org
2022-07-26scripts/coverity-scan/COMPONENTS.md: Add loongarch componentPeter Maydell
Add the component regex for the new loongarch target. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 20220718142310.16013-2-peter.maydell@linaro.org
2022-07-05disas: Remove libvixl disassemblerThomas Huth
The disassembly via capstone should be superiour to our old vixl sources nowadays, so let's finally cut this old disassembler out of the QEMU source tree. Message-Id: <20220603164249.112459-1-thuth@redhat.com> Tested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-04-27Replacing CONFIG_VNC_PNG with CONFIG_PNGKshitij Suri
Libpng is only detected if VNC is enabled currently. This patch adds a generalised png option in the meson build which is aimed to replace use of CONFIG_VNC_PNG with CONFIG_PNG. Signed-off-by: Kshitij Suri <kshitij.suri@nutanix.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220408071336.99839-2-kshitij.suri@nutanix.com> [ kraxel: add meson-buildoptions.sh updates ] [ kraxel: fix centos8 testcase ] [ kraxel: update --enable-vnc-png too ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --enable-vnc-png fixup Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-04-05coverity: update model for latest toolsPaolo Bonzini
Coverity is now rejecting incomplete types in the modeling file. Just use a random number (in the neighborhood of the actual one) for the size of a GIOChannel. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-02-09drop libxml2 checks since libxml is not actually used (for parallels)Michael Tokarev
For a long time, we assumed that libxml2 is necessary for parallels block format support (block/parallels*). However, this format actually does not use libxml [*]. Since this is the only user of libxml2 in whole QEMU tree, we can drop all libxml2 checks and dependencies too. It is even more: --enable-parallels configure option was the only option which was silently ignored when it's (fake) dependency (libxml2) isn't installed. Drop all mentions of libxml2. [*] Actually the basis for libxml use were introduced in commit ed279a06c53 ("configure: add dependency") but the implementation was never merged: https://lore.kernel.org/qemu-devel/70227bbd-a517-70e9-714f-e6e0ec431be9@openvz.org/ Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20220119090423.149315-1-mjt@msgid.tls.msk.ru> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> [PMD: Updated description and adapted to use lcitool] Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220121154134.315047-5-f4bug@amsat.org> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20220204204335.1689602-9-alex.bennee@linaro.org>
2022-01-12block/file-posix: Simplify the XFS_IOC_DIOINFO handlingThomas Huth
The handling for the XFS_IOC_DIOINFO ioctl is currently quite excessive: This is not a "real" feature like the other features that we provide with the "--enable-xxx" and "--disable-xxx" switches for the configure script, since this does not influence lots of code (it's only about one call to xfsctl() in file-posix.c), so people don't gain much with the ability to disable this with "--disable-xfsctl". It's also unfortunate that the ioctl will be disabled on Linux in case the user did not install the right xfsprogs-devel package before running configure. Thus let's simplify this by providing the ioctl definition on our own, so we can completely get rid of the header dependency and thus the related code in the configure script. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20211215125824.250091-1-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-30coverity-model: write models fully for non-array allocation functionsPaolo Bonzini
Coverity seems to have issues figuring out the properties of g_malloc0 and other non *_n functions. While this was "fixed" by removing the custom second argument to __coverity_mark_as_afm_allocated__, inline the code from the array-based allocation functions to avoid future issues. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-30coverity-model: constrain g_malloc/g_malloc0/g_realloc as never returning NULLPaolo Bonzini
g_malloc/g_malloc0/g_realloc only return NULL if the size is 0; we do not need to cover that in the model, and so far have expected __coverity_alloc__ to model a non-NULL return value. But that apparently does not work anymore, so add some extra conditionals that invoke __coverity_panic__ for NULL pointers. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-30coverity-model: clean up the models for array allocation functionsPaolo Bonzini
sz is only used in one place, so replace it with nmemb * size in that one place. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-30coverity-model: remove model for more allocation functionsPaolo Bonzini
These models are not needed anymore now that Coverity does not check anymore that the result is used with "g_free". Coverity understands GCC attributes and uses them to detect leaks. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-30coverity-model: make g_free a synonym of freePaolo Bonzini
Recently, Coverity has started complaining about using g_free() to free memory areas allocated by GLib functions not included in model.c, such as g_strfreev. This unfortunately goes against the GLib documentation, which suggests that g_malloc() should be matched with g_free() and plain malloc() with free(); since GLib 2.46 however g_malloc() is hardcoded to always use the system malloc implementation, and g_free is just "free" plus a tracepoint. Therefore, this should not cause any problem in practice. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-30coverity-model: update address_space_read/write modelsPaolo Bonzini
Use void * for consistency with the actual function; provide a model for MemoryRegionCache functions and for address_space_rw. These let Coverity understand the bounds of the data that various functions read and write even at very high levels of inlining (e.g. pci_dma_read). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-14hw/usb/ccid: remove references to NSSDaniel P. Berrangé
The NSS package was previously pre-requisite for building CCID related features, however, this became obsolete when the libcacard library was spun off to a separate project: commit 7b02f5447c64d1854468f758398c9f6fe9e5721f Author: Marc-André Lureau <marcandre.lureau@redhat.com> Date: Sun Aug 30 11:48:40 2015 +0200 libcacard: use the standalone project Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Willian Rampazzo <willianr@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210623142245.307776-2-berrange@redhat.com> Message-Id: <20210709143005.1554-10-alex.bennee@linaro.org>
2021-07-06coverity-scan: switch to vpath buildPaolo Bonzini
This is the patch that has been running on the coverity cronjob for a few weeks now. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-06coverity-scan: Remove lm32 / unicore32 targetsPhilippe Mathieu-Daudé
lm32 has been removed in commit 9d49bcf6992 ("Drop the deprecated lm32 target"), and unicore32 in 4369223902a ("Drop the deprecated unicore32 target"). Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210619091342.3660495-2-f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-05-12coverity-scan: list components, move model to scripts/coverity-scanPaolo Bonzini
Place all files that can be useful to rebuild the Coverity configuration in scripts/coverity-scan: the existing model file, and the components setup. The Markdown syntax was tested with Pandoc (but in any case is meant more as a human-readable reference than as a part of documentation). Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-09-29Remove texinfo dependency from docker and CI configsPeter Maydell
We don't need texinfo to build the docs any more, so we can drop that dependency from our docker and other CI configs. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20200925162316.21205-22-peter.maydell@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2020-08-05Get rid of the libqemustub.a remaindersThomas Huth
libqemustub.a has been removed in commit ebedb37c8d ("Makefile: Remove libqemustub.a"). Some remainders have been missed. Remove them now. Message-Id: <20200804170055.2851-8-thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-06-12Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* Miscellaneous fixes and feature enablement (many) * SEV refactoring (David) * Hyper-V initial support (Jon) * i386 TCG fixes (x87 and SSE, Joseph) * vmport cleanup and improvements (Philippe, Liran) * Use-after-free with vCPU hot-unplug (Nengyuan) * run-coverity-scan improvements (myself) * Record/replay fixes (Pavel) * -machine kernel_irqchip=split improvements for INTx (Peter) * Code cleanups (Philippe) * Crash and security fixes (PJP) * HVF cleanups (Roman) # gpg: Signature made Fri 12 Jun 2020 16:57:04 BST # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (116 commits) target/i386: Remove obsolete TODO file stubs: move Xen stubs to accel/ replay: fix replay shutdown for console mode exec/cpu-common: Move MUSB specific typedefs to 'hw/usb/hcd-musb.h' hw/usb: Move device-specific declarations to new 'hcd-musb.h' header exec/memory: Remove unused MemoryRegionMmio type checkpatch: reversed logic with acpi test checks target/i386: sev: Unify SEVState and SevGuestState target/i386: sev: Remove redundant handle field target/i386: sev: Remove redundant policy field target/i386: sev: Remove redundant cbitpos and reduced_phys_bits fields target/i386: sev: Partial cleanup to sev_state global target/i386: sev: Embed SEVState in SevGuestState target/i386: sev: Rename QSevGuestInfo target/i386: sev: Move local structure definitions into .c file target/i386: sev: Remove unused QSevGuestInfoClass xen: fix build without pci passthrough i386: hvf: Drop HVFX86EmulatorState i386: hvf: Move mmio_buf into CPUX86State i386: hvf: Move lazy_flags into CPUX86State ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # hw/i386/acpi-build.c
2020-06-10run-coverity-scan: support --update-tools-only --dockerPaolo Bonzini
Just build the container when run-coverity-scan is invoked with --update-tools-only --docker. This requires moving the "docker build" logic into the update_coverity_tools function. The only snag is that --update-tools-only --docker requires access to the dockerfile. For now just report an error for --src-tarball, and "docker build" will fail if not in a source tree. Another possibility could be to host our container images on a public registry, and use "FROM qemu:fedora" to make the Dockerfile small enough that it can be included directly in the run-coverity-scan script. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10run-coverity-scan: download tools outside the containerPaolo Bonzini
This lets us look at coverity_tool.md5 across executions of run-coverity-scan and skip the download. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10run-coverity-scan: use --no-update-tools in docker runPaolo Bonzini
Tools are already updated via the docker build. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10run-coverity-scan: add --no-update-tools optionPaolo Bonzini
Provide a quick way to skip building the container while we figure out how to get caching right. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10run-coverity-scan: use docker.pyPaolo Bonzini
Our trusted docker wrapper allows run-coverity-scan to run with both docker and podman. For the "run" phase this is transparent; for the "build" phase however scripts are replaced with a bind mount (-v). This is not an issue because the secret option is meant for secrets stored globally in the system and bind mounts are a valid substitute for secrets that are known to whoever builds the container. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10run-coverity-scan: get Coverity token and email from special git config sectionPaolo Bonzini
Support a [coverity] section in .git/config. It can be used to retrieve the token and also, if it is different from user.email, the username of the submitter. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-08scripts/coverity-scan: Remove flex/bison packagesPhilippe Mathieu-Daudé
QEMU does not use flex/bison packages. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Claudio Fontana <cfontana@suse.de> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200515163029.12917-6-philmd@redhat.com>
2020-04-14scripts/coverity-scan: Add Docker supportPeter Maydell
Add support for running the Coverity Scan tools inside a Docker container rather than directly on the host system. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200319193323.2038-7-peter.maydell@linaro.org
2020-04-14scripts/run-coverity-scan: Script to run Coverity Scan buildPeter Maydell
Add a new script to automate the process of running the Coverity Scan build tools and uploading the resulting tarball to the website. This is intended eventually to be driven from Travis, but it can be run locally, if you are a maintainer of the QEMU project on the Coverity Scan website and have the secret upload token. The script must be run on a Fedora 30 system. Support for using a Docker container is added in a following commit. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200319193323.2038-6-peter.maydell@linaro.org