wiki:Coverity

    1. What is Coverity?
    2. Prerequisites for Use
    3. Workflow
    4. Query hints
    5. Source to avoid
    6. Source that needs special treatment
    7. Common defects and their resolutions
    8. Runs submitted
    9. Known issues to be resolved by Coverity

What is Coverity?

"Coverity Prevent is a static code analysis tool for C, C++, C# and Java source code. It is a commercial product which originated as the Stanford Checker, which used abstract interpretation to identify defects in source code." Wikipedia page

The Coverity Scan Initiative

FAQ

Haiku is currently a listed project.

Prerequisites for Use

  1. Commit rights to Haiku's source repository
  2. Coverity account (go to http://scan.coverity.com/ and sign up - request Contributor access to haiku project)
  3. Supported web browser (modern version of IE, Firefox, Chrome or other WebKit based. Newer versions of WebPositive do also work.)

Workflow

  • Sign in to Coverity Scan Site.
  • Select Haiku project, choose "View Defects"
  • Locate a defect
  • Assess and assign the defect. (to yourself, most likely.)
  • Commit fixes to defects assigned to you. Mention the CID number in the commit message. ("Bug so and so. CID XXXXX.")
  • Mark the defect as resolved. Mentioning the commit revision number. ("fixed in hrevXXXXX")

Query hints

Once on the Defects tab, use the filters down the left side of the page to filter the list:

  • Helpful to use file path to filter query - Example: *servers/app* - lists all defects in the app_server

Source to avoid

  • 3rd party code (send patches upstream?)

Source that needs special treatment

  • Kernel/app_server/input_server/registrar?

Common defects and their resolutions

  • PARSE_ERROR - Not necessarily a code issue - this happens when Coverity's tools could not parse the code that was compiled for one reason or another. We don't intend to spend time investigating these as long as we have a significant number of other issues outstanding.
  • SECURE_CODING - Usually a warning about potential buffer/string overflow. In most cases, replacing a strcpy() with strlcpy() (DO NOT use strncpy!), sprintf() with snprintf(), or strcat() with strlcat() will satisfy this checker.
  • STACK_USE - Not really a bug. It turns out that the new version of the Coverity software automatically enabled this checker with default values, when it had been disabled before. This checker is usually used to analyze for defects in kernel or embedded system code which have tight stack limits. For Haiku, "Ignore" is probably the best resolution for now.

Runs submitted

  • 2014-05-07: haiku-32bit hrev47208 nightly-raw with GPL gcc4 (first attempt using script automation)
  • 2014-04-30: haiku-32bit hrev47185 nightly-raw with GPL gcc4
  • 2014-01-21: haiku-32bit hrev46729 nightly-raw with GPL gcc4 (first scan after scheduler merge)
  • 2013-11-20: haiku-32bit hrev46369 nightly-raw with GPL gcc4 (most recent rev that currently compiles)
  • 2013-10-19: haiku-32bit hrev46253 nightly-raw with GPL gcc4 (first scan after PM merge, and with Scan 6.6)
  • 2013-06-12: haiku-32bit hrev45755 nightly-raw with GPL gcc4
  • 2013-03-20: haiku-64bit hrev45379 haiku-image with GPL gcc4
  • 2013-03-18: haiku-32bit hrev45379 nightly-raw with GPL gcc4 (first run with Scan 6.5)
  • 2012-11-21: haiku-64bit hrev44867 haiku-image with GPL gcc4
  • 2012-11-21: haiku-32bit hrev44867 nightly-raw with GPL gcc4
  • 2012-08-13: haiku-64bit hrev44503 + github's xyzzy51/haiku/x86_64 branch changes as of 2012-08-11 13:26:59, x86_64 haiku-image with GPL gcc4
  • 2012-08-05: haiku-64bit hrev44470 + github's xyzzy51/haiku/x86_64 branch changes as of 2012-08-05 14:20:37, x86_64 haiku-image with GPL gcc4
  • 2012-08-05: haiku-32bit hrev44470 nightly-raw with GPL gcc4
  • 2012-08-04: haiku-64bit hrev44468 + github's xyzzy51/haiku/x86_64 branch changes as of 2012-08-04 11:02:54, x86_64 haiku-image with GPL gcc4
  • 2012-07-29: haiku-64bit hrev44420 + github's xyzzy51/haiku/x86_64 branch changes as of 2012-07-29 14:31:11, x86_64 haiku-image with GPL gcc4
  • 2012-07-14: haiku-32bit hrev44338 nightly-raw with GPL gcc4
  • 2012-05-13: haiku-32bit hrev44149 nightly-raw with GPL gcc4 (first run with Scan 5.5)
  • 2012-04-10: haiku-32bit hrev43983 nightly-raw with GPL gcc4
  • 2012-01-29: haiku-32bit hrev43696 nightly-raw gcc4
  • 2011-11-29: haiku-32bit hrev43316 nightly-raw with GPL gcc4
  • 2011-07-26: haiku-32bit hrev42464 nightly-raw with GPL gcc4
  • 2011-05-12: haiku-32bit hrev41462 nightly-raw gcc4
  • 2011-03-08: haiku-32bit hrev40855 nightly-raw with GPL gcc4
  • 2010-12-19: haiku-32bit hrev39894 nightly-raw gcc4
  • 2010-07-20: haiku-32bit hrev37534 nightly-raw gcc2hybrid
  • 2008-11-18: haiku-32bit hrev28644 haiku-image gcc2
  • 2008-09-03: haiku-32bit hrev27211 haiku-image gcc2
  • 2008-05-21: haiku-32bit hrev25116 haiku-image gcc2

Known issues to be resolved by Coverity

  • We cannot yet administer extra features such as "Product" and "Component" (Update: Components can be created, but require defining directories where they exist)
Last modified 10 years ago Last modified on May 21, 2014, 10:35:54 PM
Note: See TracWiki for help on using the wiki.