Re: Coverity Scan for GNUstep?

[David Chisnall]

Hi Fred,

It’s easier to drive the Coverity scan via a CI system.  I don’t know if 
anyone’s done this for the rest of GNUstep, but libobjc2 uses Travis-CI to do 
builds and tests on each push (and on pull request submissions) to GitHub, with 
the tests running on Linux and macOS.  Coverity has instructions for 
integrating the coverity scan with this and pushing the results automatically, 
which removes the need for the manual step.

Note that Travis is a bit primitive and gives only a one-bit state (tests 
passed vs tests failed), so it doesn’t work well in projects where the tests 
are not expected to all pass.

David

> On 21 Jan 2018, at 10:30, Fred Kiefer <address@hidden> wrote:
> 
> Over this weekend I tried to set up Coverity for GNUstep base. I chose base 
> because it is the most widely used part of GNUstep.
> 
> The first thing I had to learn was that Coverity supports Objective-C but 
> only in connection with clang. This isn’t documented anywhere but becomes 
> obvious when you read through a few dozens of configuration files. So I had 
> to set up a clang only system for which I selected Ubuntu 17/10 on a 
> VirtualBox machine. For this setup I tried to follow the instructions on 
> http://wiki.gnustep.org/index.php/GNUstep_under_Ubuntu_Linux and they are 
> clearly outdated and incorrect. The configuration of GNUstep make needs to 
> include „—with-library-combo=ng-gnu-gnu“ and during the compilation of 
> libobjc2 I had to use make instead of cmake. As I am no expert in this setup 
> I would prefer if somebody with a bit more experiences would correct this 
> wiki page. This really would help to save others the frustration I did get 
> from not even being able to set up the first few steps of GNUstep. 
> Compilation with gcc has been straight forward for more then 15 years now. We 
> should get clang/libobjc2 support onto the same level.
> 
> With that finally in place I was able to run the first Coverity analysis. 
> Sadly this could only process one third of your source files. For the rest I 
> did get error messages like this:
> 
> cov-internal-emit-clang-main.cpp:5: assertion failure: 
> xlate-ast-types.cpp:1807: assertion failed: ObjCTypeParamType translation not 
> implemented.
> 
> (I had to type this as copy/paste somehow won’t work from my VirtualBox)
> 
> I have no idea whether this is an issue in clang or Coverity or maybe I did 
> forget some required setup step. Just from the file names I would say it is 
> something Coverity left out when implementing Objective-C support. Maybe 
> switching to an older version of clang could help?
> 
> The actual scan result ends up in an Sqlite DB you have to upload it to 
> Coverity to get some readable information from it. The project is now at 
> https://scan.coverity.com/projects/gnustep-base and awaits validation. 
> Somebody at Coverity needs to check whether I am actually connected to the 
> project I would like to scan. But with most files being left out from the 
> analysis the results will be mostly meaningless anyway. I hope to be able to 
> see the results in a few days and report whether they look promising or not. 
> In the later case I will drop the whole project. Otherwise I would try to 
> reach Coverity and discuss the issue with somebody there.
> 
> Cheers,
> Fred
> 
> 
> _______________________________________________
> Gnustep-dev mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/gnustep-dev
>