Hello All,
I am in the starting stages of research into static code analysis of
Xen (as well as correction/remediation). I noticed a lot of comments
towards code {sonar, surfer}, coverity, splint, etc in the forums, but
most of the activity was back from the 2006-2008 era. Is anyone active
in this area right now? I don''t want to duplicate work and even better
it would be nice to get a group together with a specific common
objective. From a licensing perspective I am not sure how it works yet
as I know some of the commercial tools have very strict contracts on
releasing analysis output. With that said though perhaps others are
using commercial tools already and we could be steered to utilize
similar tools in order to collaborate.
Thoughts?
Jeff
On Fri, Mar 09, 2012 at 10:10:52AM -0800, Jeffrey Karrels wrote:> Hello All, > > I am in the starting stages of research into static code analysis of > Xen (as well as correction/remediation). I noticed a lot of comments > towards code {sonar, surfer}, coverity, splint, etc in the forums, but > most of the activity was back from the 2006-2008 era. Is anyone active > in this area right now? I don''t want to duplicate work and even better > it would be nice to get a group together with a specific common > objective. From a licensing perspective I am not sure how it works yet > as I know some of the commercial tools have very strict contracts on > releasing analysis output. With that said though perhaps others are > using commercial tools already and we could be steered to utilize > similar tools in order to collaborate.Have you looked at smatch and sparse?> > Thoughts? > > Jeff > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel
On Tue, 2012-03-13 at 12:47 -0400, Konrad Rzeszutek Wilk wrote:> Have you looked at smatch and sparse? >And, perhaps, to Coccinelle (http://coccinelle.lip6.fr/)... I''ve heard it does great things (together with Smatch) in Linux. :-) Regards, Dario -- <<This happens because I choose it to happen!>> (Raistlin Majere) ------------------------------------------------------------------- Dario Faggioli, http://retis.sssup.it/people/faggioli Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK) PhD Candidate, ReTiS Lab, Scuola Superiore Sant''Anna, Pisa (Italy) _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
>> Have you looked at smatch and sparse? >> > And, perhaps, to Coccinelle (http://coccinelle.lip6.fr/)... I''ve heard > it does great things (together with Smatch) in Linux. :-)Thanks, I will take a look. Another question. There was mention of submitting Xen to Coverity a while back (Pratt 2006). Is there any reason not to submit the source into that as a project? I would be willing to be the point of contact, but am I stepping on anyone''s toes if I submit it for scanning? Thanks Jeff
On Wed, Mar 14, 2012 at 11:01:08AM -0700, Jeffrey Karrels wrote:> >> Have you looked at smatch and sparse? > >> > > And, perhaps, to Coccinelle (http://coccinelle.lip6.fr/)... I''ve heard > > it does great things (together with Smatch) in Linux. :-) > > Thanks, I will take a look. > > Another question. There was mention of submitting Xen to Coverity a > while back (Pratt 2006). Is there any reason not to submit the sourceI am not sure what is involved in it? Is it free? If you are up for doing it you are more than welcome to do it.> into that as a project? I would be willing to be the point of contact, > but am I stepping on anyone''s toes if I submit it for scanning? > > Thanks > Jeff > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel
> I am not sure what is involved in it? Is it free? If you are up for > doing it you are more than welcome to do it.I will check it out. It is free, but I am not sure how much functionality one gets. We will see. http://scan.coverity.com/developers-faq.html
> I will check it out. It is free, but I am not sure how much > functionality one gets. We will see. > http://scan.coverity.com/developers-faq.htmlTo keep track of this topic, the coverity scanner project will not accept the GPLv2 license for acceptance to the project because of Xen''s association with Citrix. I will continue to work on our licensed analyzers and post patches back into the community, it is just a little harder to collaborate... "As you may well have read in our Developer FAQ, license is only one of the criteria that determines eligibility, and the association between Xen and Citrix is close enough that I think Xen doesn''t qualify."
On Fri, Mar 16, 2012 at 08:44:16AM -0700, Jeffrey Karrels wrote:> > I will check it out. It is free, but I am not sure how much > > functionality one gets. We will see. > > http://scan.coverity.com/developers-faq.html > > To keep track of this topic, the coverity scanner project will not > accept the GPLv2 license for acceptance to the project because of > Xen''s association with Citrix. I will continue to work on our > licensed analyzers and post patches back into the community, it is > just a little harder to collaborate... > > "As you may well have read in our Developer FAQ, license is only one of the > criteria that determines eligibility, and the association between Xen and > Citrix is close enough that I think Xen doesn''t qualify."Huh? That really does not compute - as there are developers who are not Citrix employeed - and the sources/trees, etc are all on xenbits.org which is a non-prof organization I think? CC-ing Lars here as he might know better.> > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel
> Huh? That really does not computeAgreed.
> Huh? That really does not compute - as there are developers who are not > Citrix employeed - and the sources/trees, etc are all on xenbits.org which > is a non-prof organization I think? CC-ing Lars here as he might know better.Lars, sorry to revive an ancient thread. Do you have any idea why Coverity would not accept Xen into its opensource program?