1. Patchew
  2. QEMU
  3. View series

[PATCH v2 0/6] Automation of Coverity Scan uploads (via Docker)

Peter Maydell posted 6 patches 4 years, 1 month ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20200319193323.2038-1-peter.maydell@linaro.org
Test docker-mingw@fedora passed
Test docker-quick@centos7 passed
Test checkpatch passed
Test FreeBSD passed
Test asan passed
Maintainers: Peter Maydell <peter.maydell@linaro.org>, Riku Voipio <riku.voipio@iki.fi>, Laurent Vivier <laurent@vivier.eu>
include/qemu/osdep.h                       |  14 -
include/qemu/thread.h                      |  12 +-
linux-user/flatload.c                      |   2 +-
MAINTAINERS                                |   5 +
scripts/coverity-scan/coverity-scan.docker | 131 +++++++
scripts/coverity-scan/run-coverity-scan    | 401 +++++++++++++++++++++
6 files changed, 544 insertions(+), 21 deletions(-)
create mode 100644 scripts/coverity-scan/coverity-scan.docker
create mode 100755 scripts/coverity-scan/run-coverity-scan
[PATCH v2 0/6] Automation of Coverity Scan uploads (via Docker)
Posted by Peter Maydell 4 years, 1 month ago 
v1 of this series was over a year ago:
https://patchew.org/QEMU/20181113184641.4492-1-peter.maydell@linaro.org/

I dusted it off and fixed some stuff because Paolo reports that the
machine he was previously using for uploads can't run the Coverity
tools any more.

The first four patches are fixes for problems that cause the Coverity
tool not to be able to scan everything.  The first one in particular
meant that every compilation unit failed, which would block uploads. 
The other 3 would reduce the scan coverage but weren't fatal.  (The
only remaining warnings in the log are where Coverity complains about
asm intrinsics system headers.)

With these scripts you can do an upload with
COVERITY_TOKEN=nnnnnnnnn ./scripts/coverity-scan/run-coverity-scan --docker
(where nnnnnnnn is the project's secret token which admins can
get from the Coverity web UI).

I did in fact do an upload to test it, so the currently visible
results on the website are the result of a scan on ce73691e258 plus
this series.

The new upload has +112 defects, which is quite a lot, but I don't
think it's so many that it is "defects we rejected as false positives
coming back again"; my guess is a combination of the fixes in the
first 4 patches increasing coverage plus we haven't run a test in a
while plus maybe the script has some more config options enabled that
Paolo's box did not.  (In the web UI defects that were dismissed as
FPs seem still to be considered present-but-dismissed, so I think
that's OK.)

Not much has changed since v1; I didn't get very much feedback
the first time around[*]. Docker still seems to do the "download
the Coverity tools" part more often than I expect. On the other
hand "actually automated with a script in the tree" beats "not
automated and currently broken" so maybe this patchset as it
stands is good enough, given that basically 1 or 2 people ever
will be running the script ?

[*] Eric will note that yes, the script still uses set -e.

(Like v1 this doesn't try to tie it into Travis, but we could
in theory do that some day, or have some other automated once
a week run of the script.)

thanks
-- PMM

Peter Maydell (6):
  osdep.h: Drop no-longer-needed Coverity workarounds
  thread.h: Fix Coverity version of qemu_cond_timedwait()
  thread.h: Remove trailing semicolons from Coverity qemu_mutex_lock()
    etc
  linux-user/flatload.c: Use "" for include of QEMU header target_flat.h
  scripts/run-coverity-scan: Script to run Coverity Scan build
  scripts/coverity-scan: Add Docker support

 include/qemu/osdep.h                       |  14 -
 include/qemu/thread.h                      |  12 +-
 linux-user/flatload.c                      |   2 +-
 MAINTAINERS                                |   5 +
 scripts/coverity-scan/coverity-scan.docker | 131 +++++++
 scripts/coverity-scan/run-coverity-scan    | 401 +++++++++++++++++++++
 6 files changed, 544 insertions(+), 21 deletions(-)
 create mode 100644 scripts/coverity-scan/coverity-scan.docker
 create mode 100755 scripts/coverity-scan/run-coverity-scan

-- 
2.20.1
Re: [PATCH v2 0/6] Automation of Coverity Scan uploads (via Docker)
Posted by Peter Maydell 4 years ago 
What's your view on this series, Paolo? Personally I'd like
to put it into master, because at least then we have something
that we can do Coverity runs on, whereas AIUI at the moment
we don't. But I'd rather not put it in after rc3, which is
tomorrow...

thanks
-- PMM

On Thu, 19 Mar 2020 at 19:33, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> v1 of this series was over a year ago:
> https://patchew.org/QEMU/20181113184641.4492-1-peter.maydell@linaro.org/
>
> I dusted it off and fixed some stuff because Paolo reports that the
> machine he was previously using for uploads can't run the Coverity
> tools any more.
>
> The first four patches are fixes for problems that cause the Coverity
> tool not to be able to scan everything.  The first one in particular
> meant that every compilation unit failed, which would block uploads.
> The other 3 would reduce the scan coverage but weren't fatal.  (The
> only remaining warnings in the log are where Coverity complains about
> asm intrinsics system headers.)
>
> With these scripts you can do an upload with
> COVERITY_TOKEN=nnnnnnnnn ./scripts/coverity-scan/run-coverity-scan --docker
> (where nnnnnnnn is the project's secret token which admins can
> get from the Coverity web UI).
>
> I did in fact do an upload to test it, so the currently visible
> results on the website are the result of a scan on ce73691e258 plus
> this series.
>
> The new upload has +112 defects, which is quite a lot, but I don't
> think it's so many that it is "defects we rejected as false positives
> coming back again"; my guess is a combination of the fixes in the
> first 4 patches increasing coverage plus we haven't run a test in a
> while plus maybe the script has some more config options enabled that
> Paolo's box did not.  (In the web UI defects that were dismissed as
> FPs seem still to be considered present-but-dismissed, so I think
> that's OK.)
>
> Not much has changed since v1; I didn't get very much feedback
> the first time around[*]. Docker still seems to do the "download
> the Coverity tools" part more often than I expect. On the other
> hand "actually automated with a script in the tree" beats "not
> automated and currently broken" so maybe this patchset as it
> stands is good enough, given that basically 1 or 2 people ever
> will be running the script ?
>
> [*] Eric will note that yes, the script still uses set -e.
>
> (Like v1 this doesn't try to tie it into Travis, but we could
> in theory do that some day, or have some other automated once
> a week run of the script.)
>
> thanks
> -- PMM
>
> Peter Maydell (6):
>   osdep.h: Drop no-longer-needed Coverity workarounds
>   thread.h: Fix Coverity version of qemu_cond_timedwait()
>   thread.h: Remove trailing semicolons from Coverity qemu_mutex_lock()
>     etc
>   linux-user/flatload.c: Use "" for include of QEMU header target_flat.h
>   scripts/run-coverity-scan: Script to run Coverity Scan build
>   scripts/coverity-scan: Add Docker support
>
>  include/qemu/osdep.h                       |  14 -
>  include/qemu/thread.h                      |  12 +-
>  linux-user/flatload.c                      |   2 +-
>  MAINTAINERS                                |   5 +
>  scripts/coverity-scan/coverity-scan.docker | 131 +++++++
>  scripts/coverity-scan/run-coverity-scan    | 401 +++++++++++++++++++++
>  6 files changed, 544 insertions(+), 21 deletions(-)
>  create mode 100644 scripts/coverity-scan/coverity-scan.docker
>  create mode 100755 scripts/coverity-scan/run-coverity-scan
>
> --
> 2.20.1
Re: [PATCH v2 0/6] Automation of Coverity Scan uploads (via Docker)
Posted by Paolo Bonzini 4 years ago 
Yes, go ahead. I would like to add a docker-coverity Makefile target but I
can do that later.

Il lun 13 apr 2020, 14:13 Peter Maydell <peter.maydell@linaro.org> ha
scritto:

> What's your view on this series, Paolo? Personally I'd like
> to put it into master, because at least then we have something
> that we can do Coverity runs on, whereas AIUI at the moment
> we don't. But I'd rather not put it in after rc3, which is
> tomorrow...
>
> thanks
> -- PMM
>
> On Thu, 19 Mar 2020 at 19:33, Peter Maydell <peter.maydell@linaro.org>
> wrote:
> >
> > v1 of this series was over a year ago:
> > https://patchew.org/QEMU/20181113184641.4492-1-peter.maydell@linaro.org/
> >
> > I dusted it off and fixed some stuff because Paolo reports that the
> > machine he was previously using for uploads can't run the Coverity
> > tools any more.
> >
> > The first four patches are fixes for problems that cause the Coverity
> > tool not to be able to scan everything.  The first one in particular
> > meant that every compilation unit failed, which would block uploads.
> > The other 3 would reduce the scan coverage but weren't fatal.  (The
> > only remaining warnings in the log are where Coverity complains about
> > asm intrinsics system headers.)
> >
> > With these scripts you can do an upload with
> > COVERITY_TOKEN=nnnnnnnnn ./scripts/coverity-scan/run-coverity-scan
> --docker
> > (where nnnnnnnn is the project's secret token which admins can
> > get from the Coverity web UI).
> >
> > I did in fact do an upload to test it, so the currently visible
> > results on the website are the result of a scan on ce73691e258 plus
> > this series.
> >
> > The new upload has +112 defects, which is quite a lot, but I don't
> > think it's so many that it is "defects we rejected as false positives
> > coming back again"; my guess is a combination of the fixes in the
> > first 4 patches increasing coverage plus we haven't run a test in a
> > while plus maybe the script has some more config options enabled that
> > Paolo's box did not.  (In the web UI defects that were dismissed as
> > FPs seem still to be considered present-but-dismissed, so I think
> > that's OK.)
> >
> > Not much has changed since v1; I didn't get very much feedback
> > the first time around[*]. Docker still seems to do the "download
> > the Coverity tools" part more often than I expect. On the other
> > hand "actually automated with a script in the tree" beats "not
> > automated and currently broken" so maybe this patchset as it
> > stands is good enough, given that basically 1 or 2 people ever
> > will be running the script ?
> >
> > [*] Eric will note that yes, the script still uses set -e.
> >
> > (Like v1 this doesn't try to tie it into Travis, but we could
> > in theory do that some day, or have some other automated once
> > a week run of the script.)
> >
> > thanks
> > -- PMM
> >
> > Peter Maydell (6):
> >   osdep.h: Drop no-longer-needed Coverity workarounds
> >   thread.h: Fix Coverity version of qemu_cond_timedwait()
> >   thread.h: Remove trailing semicolons from Coverity qemu_mutex_lock()
> >     etc
> >   linux-user/flatload.c: Use "" for include of QEMU header target_flat.h
> >   scripts/run-coverity-scan: Script to run Coverity Scan build
> >   scripts/coverity-scan: Add Docker support
> >
> >  include/qemu/osdep.h                       |  14 -
> >  include/qemu/thread.h                      |  12 +-
> >  linux-user/flatload.c                      |   2 +-
> >  MAINTAINERS                                |   5 +
> >  scripts/coverity-scan/coverity-scan.docker | 131 +++++++
> >  scripts/coverity-scan/run-coverity-scan    | 401 +++++++++++++++++++++
> >  6 files changed, 544 insertions(+), 21 deletions(-)
> >  create mode 100644 scripts/coverity-scan/coverity-scan.docker
> >  create mode 100755 scripts/coverity-scan/run-coverity-scan
> >
> > --
> > 2.20.1
>
>

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.