Note: Before starting on one of these tasks, it would be wise to double-check the list archives to ensure no one else has recently submitted similar cleanups for the same task. And before submitting a patch to the mailing list, please make sure that you've read and understood the Contribute/SubmitAPatch page.
- Remove leading underscores from #defines: Identifiers with leading underscores followed by another underscore or a capital letter are reserved by the C standard. Use something like
grep 'define[ \t]* _[A-Z]' $(find -name \*.h | grep -v roms | grep -v linux)to find files that might violate this rule, double-check whether the file should be cleaned up or not (some files that are derived from other sources like the Linux headers should not be changed), and then send patches to remove the leading underscores if it is OK there. (contact: THH)
- Look for uses of malloc, and convert them to either g_malloc, g_new (more rarely g_try_malloc or g_try_new if a lot of memory is being allocated). Likewise, convert calloc to either g_new0 or g_try_new0. Drop return value checks unless using g_try_new/g_try_new0. (This needs to be done for one data structure at a time, because an allocation with malloc must be freed with free but an allocation with g_malloc must be freed with g_free. So you need to do a bit of analysis of the code to see where an allocation may be later freed.) Please ignore the mallocs in libdecnumber and tests/tcg/.
- Associate external libraries with the object files that actually use them
- Replace calls to functions named cpu_physical_memory_* with address_space_*.
- Change net_socket_listen_init and net_socket_connect_init to use the functions in include/qemu/sockets.h instead of parse_host_port/bind/connect/listen.
- Replace calls to object_child_foreach() with object_child_foreach_recursive() when applicable: nvdimm_device_list, nmi_monitor_handle, find_sysbus_device, pc_existing_dimms_capacity_internal, qmp_pc_dimm_device_list, pc_dimm_slot2bitmap, pc_dimm_built_list, build_dimm_list.
- Devices which create MemoryRegions with the old_mmio accessors should be converted to new style mmio accessors.
- The ToDo/CodeTransitions page tracks ongoing internal QEMU API transitions. Most are not trivial but it's a good source of ideas.
- avoid including files from include/exec/cpu-common.h.
- move declarations out of qemu-common.h for functions declared in utils/ files: e.g. include/qemu/path.h for utils/path.c, include/qemu/id.h for utils/id.c, etc.
- Clean up includes to reduce compile time. There are many "touch it, recompile the world" headers in the QEMU project. See http://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg07189.html for a list of headers (not all of them can be cleaned up, though) and http://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg06941.html for examples how to get rid of them. (contact: THH)
- Include SDState by value instead of allocating it in sd_init (hw/sd/).
- Look for invocations of qemu_system_reset_request() in hw/. Whenever they correspond to some kind of watchdog that has triggered, change to watchdog_perform_action().
- "QOMify" devices: Some devices are still not adapted to the recent QEMU Object Model (QOM) yet. Try to identify such devices and convert them to the recent QOM device model. Details can be found in Andreas Färber's talk during KVM Forum 2013: https://www.youtube.com/watch?v=9LXvZOrHwjw . Note that this is a rather advanced task already. (contact: THH)
- Convert qdev pointer properties (defined with DEFINE_PROP_PTR) to QOM links. Example: commit 873b4d3.
- Add support for attribute((bitwise)), tag structure fields and use that for static checking of structure endian-ness accesses
- Add checks for NULL return value to uses of qemu_find_file.
- Add checks for negative return value to uses of load_image_targphys, get_image_size, event_notifier_init, msix_init.
- Use qemu_strtol/qemu_strtoul/qemu_strtoll/qemu_strtoull more. (contact: eblake)
- Make qemu_thread_create return a flag to indicate if it succeeded rather than failing with an error; make all callers check it.
- error_report() and friends already add a "qemu-system-xxx" prefix to the string, so a "qemu: " prefix is redundant in the strings there. Run '
grep -r "error_.*qemu: " *' in the source tree to locate these bad strings and send a patch to remove the "qemu:" prefixes. (contact: THH)
- The following functions have very large stack frames (as obtained with -Wstack-usage=16383), mostly due to huge arrays. Make the stack array smaller and allocate on the heap in the rare case that the data does not fit in the small array:
hw/dma/xilinx_axidma.c stream_process_mem2s 16480 bytes hw/net/virtio-net.c virtio_net_receive 16544 bytes net/tap.c net_init_tap 16752 bytes hw/display/vmware_vga.c vmsvga_fifo_run 20688 bytes hw/virtio/virtio.c virtqueue_pop 24768 bytes hw/net/virtio-net.c virtio_net_flush_tx 32928 bytes hw/virtio/virtio.c qemu_get_virtqueue_element 49216 bytes hw/virtio/virtio.c qemu_put_virtqueue_element 49216 bytes hw/net/opencores_eth.c open_eth_start_xmit 65664 bytes hw/net/spapr_llan.c h_send_logical_lan ~64Kbytes (uses alloca) hw/arm/nseries.c n8x0_init 65728 bytes net/net.c nc_sendv_compat 69680 bytes net/socket.c net_socket_send 69712 bytes
- For a larger list of functions with stack sizes of 1K or bigger, see http://article.gmane.org/gmane.comp.emulators.qemu/314061 (dead link)
Dead code removal
- hw/display contains files named *_template.h. These are included many times with different values of the DEPTH macro. However, only the DEPTH == 32 case is used. Remove support for DEPTH != 32 in the template headers and in the file that include them. See also https://lists.gnu.org/archive/html/qemu-devel/2018-03/msg03247.html
- Look for functions that are named *_exit or *_exitfn in hw/ and that return int. They should all return zero. Make them return void, and remove the checks for the callers.
- Once the above change is done, remove the "Error **" argument from functions named *_unrealize in hw/
- Use the technique described at https://blog.flameeyes.eu/2008/01/today-how-to-identify-unused-exported-functions-and-variables to identify unused global functions and variables, try to decide whether it's a good idea to remove the detected code fragments and send (single) patches to remove them if applicable. (contact: THH)
- Add tracepoints. All functions that are named something_helper, and all functions mentioned in MemoryRegionOps are good candidates.
- Files with conditional debug statements should ensure that the printf is always compiled, and merely hidden behind
if (0)when not debugging, rather than
#ifdef'd out. This prevents bitrot of the format string of the debug statement. See this (commit) for an example. Or, go one step further and convert the debug statements to tracepoints. (contact: eblake)
- Coding style cleanup: Some files in the util/ and slirp/ folder use TABs for indentation instead of spaces, so sending patches that affect these files usually trigger a warning by the checkpatch.pl script. Identify the files with the wrong indentations and send a patch to adapt the files to the QEMU coding style conventions (i.e. indent with 4 spaces instead of TABs). (contact: THH)
Functions that should be static
- For example: vga_sync_dirty_bitmap, WC_CONFIG_STRING, WC_FULL_CONFIG_STRING, WC_MODEL_STRING, timer_put, vfio_region_ops, vfio_reset_handler, cpu_gen_init, monitor_read_bdrv_key_start, pdu_marshal, pdu_unmarshal, qcrypto_hmac_alg_map (crypto/hmap-nettle.c), spapr_tce_set_need_vfio, virtqueue_map, vnc_disconnect_finish, vnc_display_init, gicv3_full_update_noirqset, cpu_disable_ticks, cpu_enable_ticks, qemu_thread_exit (actually unused in thread-posix.c), qemu_egl_init_dpy_mesa, monitor_defs (3 occurrences), ppc405cr_init (unused?), apic_deliver_irq, pcie_host_mmcfg_map, pcie_host_mmcfg_unmap
- tracetool-generated arrays (e.g. hw_mem_trace_events in the generated file hw/mem/trace.c) should be static.
- The property types defined in hw/core/qdev-properties-system.c should be moved to other directories (e.g. hw/net for network-related property types). After doing this, some functions probably could become static, too.
Consistent option usage in documentation
qemu uses getopt_long_only(), which means that '-help' and '--help' are parsed identically; however, the short form is considered a crutch. Meanwhile, other binaries in the qemu package use getopt_long(), which requires the double-dash form. For consistency, all documentation examples should mention the long spelling with two dashes, especially since some options (like --object) have the same syntax between multiple binaries. (contact: eblake)
Potentially easy bugs
These are bugs that are really easy to reproduce, don't require any complicated setup and are probably some simple missing check - but there again we've not looked at them yet!
- Crash (assertion) with:
ppc64-softmmu/qemu-system-ppc64 -S --machine 40p,accel=tcg --device i82374(note: a patch has already been suggested, but it's not merged yet: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg04604.html ) (contact: THH)
- Crash (assertion) with:
ppc64-softmmu/qemu-system-ppc64 -S --machine powernv,accel=tcg --device isa-fdc(note: a patch has been suggested already, but the discussion has currently stalled: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg01563.html ) (contact: THH)
- A collection of command-lines that can crash QEMU can be generated with the scripts/device-crash-test tool from the QEMU sources
- Potentially easy bugs from the bugtracker:
- https://bugs.launchpad.net/qemu/+bug/304636 ("-hda FAT:. limited to 504MBytes")
- https://bugs.launchpad.net/qemu/+bug/603872 ("qemu-img image does not show percentage")
- https://bugs.launchpad.net/qemu/+bug/628082 ("nl-be keymap is wrong")
- https://bugs.launchpad.net/qemu/+bug/676029 ("Silently fail with wrong vde socket dir")
- https://bugs.launchpad.net/qemu/+bug/1592351 ("mouse pointer offset with gtk,gl=on")
- https://bugs.launchpad.net/qemu/+bug/1660599 ("won't compile w/o -fstack-protector-strong")
- https://bugs.launchpad.net/qemu/+bug/1661815 ("Stack address is returned from function")
- https://bugs.launchpad.net/qemu/+bug/1720969 ("qemu/memory.c:206: pointless copies of large structs")
Some of these tasks are described very briefly and somewhat cryptically. If you're not sure what a task involves, then feel free to ask for clarification on the qemu-devel mailing list, or the contact person for the task (if the task has been marked with a contact):
- THH: Thomas Huth (mail: thuth AT redhat.com -- IRC: th_huth)
- eblake: Eric Blake (mail: eblake AT redhat.com -- IRC: eblake)