Coverity

Post by **AndreyB** » Sat Aug 23, 2014 7:00 pm

coverity static code analyzer has accepted us as an open source project, we are https://scan.coverity.com/projects/2803

tomiata · Post by **tomiata** » Mon Aug 25, 2014 2:07 am

Here is more info on Coverity and instructions.
Coverity is commerical static code analysis tool and offers a free service for open source projects.
Take a look at https://scan.coverity.com

Go there and sign up for an account, then go to this link to find the rusefi project:

https://scan.coverity.com/projects?utf8=%E2%9C%93&search=rusefi

Click "add me to project" to request access to the project. Once granted you can go to this link:
https://scan.coverity.com/projects/2803
And access the defects reports here:
https://scan.coverity.com/projects/2803/view_defects

Hopefully, we'll be able to automate process to submit builds for analysis, but for now do this to submit an updated build for analysis.
https://scan.coverity.com/projects/2803/builds/new

See the link "Download Coverity Scan Self-Build". You need to download the tool package that will be used to drive a "make" of the rusefi source tree. The "Download Coverity ..." link goes to here:
https://scan.coverity.com/download?tab=cxx

See the list of OS versions and find your development system OS type, Win64 or Win-32 or Linux-64, etc, download the Coverity tool package that applies to you.

(I have not tested this in Windows, but I think it will work about the same as what I did in linux.)

This is somewhat expert-friendly, but unzip/untar the download file, e.g. "cov-analysis-win"64-7.5.0.zip", which will probably by in your "Downloads" folder. Unzip with explorer or winzip, whatever you have.
This does not install as a normal window program. Extract it in your Downloads folder or where you prefer.

You can set up your PATH environment variable to include the location where you unzip'ed (untar'ed) the Coverity tools. Or just reference them from the command-line directly, as I'll show in examples below.

Get out your dos-like CMD window, and "cd" over to the top of the coverity-tools-folder.

Configure the coverity tool set with the cov-configure command to tell it the compiler type and options you are using. For my gcc linux build I ran this:

Code: Select all

<coverity-tools-folder>/bin/cov-configure -co arm-none-eabi-gcc -- -mcpu=cortex-m4 -mfloat-abi=hard -mfpu=fpv4-sp-d16 -mno-thumb-interwork -mthumb

Now, cd to "your-rusefi-code/firmware" folder.

From there run "make clean".

Next, tell coverity to do a "make":

Code: Select all

 <your-download-folder>/bin/cov-build --dir cov-int make

This will do a "make" of the firmware, and generate the Coverity output in the folder called "cov-int". If all goes well you will see the make output go by, and finish with a statement that looks like:

Compilation units (100%) are ready for analysis
The cov-build utility completed successfully

See full instructions here:
https://scan.coverity.com/download?tab=cxx

Next, make up a compressed archive of the cov_int folder with your favorite zip/tar tool. And upload the archive using the form here:
https://scan.coverity.com/projects/2803/builds/new
Include the SVN build number, and the date of update. If the SVN build tag is for a release inlude the release name and description.

Simple, huh?

One more thing, I had to create a dummy file to make Coverity happy. It wants you have a "modeling" file to include stubs for functions to refernece to avoid false positives for defects in the analysis. I made a file "kill_for_coverity.c" with the contents:

Code: Select all

void special_abort(const char msg) {
	__coverity_panic__();
}

This should really be code for a special abort routine if we have one, and include this file in the source tree.

See instruction here:
https://scan.coverity.com/tune#writing-model

tomiata · Post by **tomiata** » Sun Dec 07, 2014 2:50 am

Coverity scan updates are updated here:

https://scan.coverity.com/projects/2803

Post by **AndreyB** » Mon Dec 08, 2014 2:55 pm

tomiata wrote:Coverity scan updated

Thank you Tom! One day we will automate this somehow

Post by **AndreyB** » Wed Feb 25, 2015 9:44 pm

Just added kill_for_coverity.c into SVN

Post by **AndreyB** » Thu Feb 26, 2015 1:44 pm

Here's a good one:

tomiata · Post by **tomiata** » Sat Feb 28, 2015 2:13 am

Post by **AndreyB** » Thu Sep 01, 2016 3:42 am

Cleaned up some errors while chasing a defect. The defect is still with us but at least the code is better

Need to set coverity to ignore usb_msd.c and that "register struct intctx *r13 asm ("r13");" issue if anyone wants to figure how that's done.

tomiata · Post by **tomiata** » Sat Sep 03, 2016 8:15 pm

russian wrote:Need to set coverity to ignore usb_msd.c and that "register struct intctx *r13 asm ("r13");" issue if anyone wants to figure how that's done.

I have not tried this, but looks like you can ignore by file, type or specific issue, explained here: https://ondemand.coverity.com/help/suppressing-issues
For the usb_msd.c issue I think you want to do something like this, in a file called coverity.yml

Code: Select all

configurationVersion: 1

triage:

filters:
    # suppress occurrences of any issue at a specified path of any type (implicit)
    - filePath: /hw_layer/mass_storage/usb_msd.c

For the register asm code assignment, you can do this to ignore a single line of code:

Code: Select all

// coverity[EVENT_TAG_NAME]

where EVENT_TAG_NAME would be var_decl or uninit_use

Post by **AndreyB** » Sun Sep 04, 2016 2:47 am

Good news

// coverity[uninit_use]

has worked! Thank you for looking into this!

https://svn.code.sf.net/p/rusefi/code/trunk/firmware/coverity.yml not so much

I've tried both filePath: /hw_layer/mass_storage/usb_msd.c and filePath: hw_layer/mass_storage/usb_msd.c but the magic did not happen.

I've even tried cov_config.bat before cov_run.bat just to be sure, still nada.

rusefi.com

[info] Coverity

Coverity

Re: Coverity

Re: Coverity

Re: Coverity

Re: Coverity

Re: Coverity

Re: Coverity

Re: Coverity

Re: Coverity

Re: Coverity