[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] QEMU versus Facebook's Infer static analysis tool
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] QEMU versus Facebook's Infer static analysis tool |
Date: |
Mon, 16 Nov 2015 10:41:50 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
On 14/11/2015 22:53, Peter Maydell wrote:
> That's a shame, because it would have been nice to include another
> kind of static analysis in what we run on QEMU (especially since
> the coverity tests are "only runs every so often when we do a build"),
> and the ability to do incremental analysis would have meant you could
> include it in day to day workflow much more easily.
>
> In summary: worth keeping an eye on to see if it improves, but for
> now I figured I'd just post this email to the list to save anybody
> else running through the same process to come to the same conclusion.
Great, thanks!
Blue Swirl ran clang static analyzer back in the day. Now that we've
fixed a lot of Coverity issues it's probably time to rerun it again and
see whether free static analyzers can help us as much as Coverity does.
However, we still have a few hundred flagged false positives in
Coverity, so we can expect that any static analyzer will have a hard
time finding real issues in the code.
Paolo