On 14/11/2015 22:53, Peter Maydell wrote: > That's a shame, because it would have been nice to include another > kind of static analysis in what we run on QEMU (especially since > the coverity tests are "only runs every so often when we do a build"), > and the ability to do incremental analysis would have meant you could > include it in day to day workflow much more easily. > > In summary: worth keeping an eye on to see if it improves, but for > now I figured I'd just post this email to the list to save anybody > else running through the same process to come to the same conclusion.
Great, thanks! Blue Swirl ran clang static analyzer back in the day. Now that we've fixed a lot of Coverity issues it's probably time to rerun it again and see whether free static analyzers can help us as much as Coverity does. However, we still have a few hundred flagged false positives in Coverity, so we can expect that any static analyzer will have a hard time finding real issues in the code. Paolo
