widelands

Setup Coverity to run over our codebase

Bug #1363799 reported by SirVer
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
widelands
Won't Fix
Low
Tino

Bug Description

This was a suggestion in chat. Coverity is a non open-source, commercial solution for static code analysis. It is somehow web based and lives at https://scan.coverity.com/. It seems very powerful and there are free tests available. I think we should give it a shot.

SirVer (sirver)
tags: added: cleanups lowhangingfruit
Changed in widelands:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for widelands because there has been no activity for 60 days.]

Changed in widelands:
status: Incomplete → Expired
SirVer (sirver)
Changed in widelands:
status: Expired → Confirmed
importance: Undecided → Low
Revision history for this message
Tino (tino79) wrote :

I've successfully build widelands with the coverity scanner and uploaded the result tarball (zipped size 690MB).

It seems there is a manual project acceptance step on coverity, so i am still waiting for the clearance.

Also the projectname "widelands" was already taken.

Result should be available at https://scan.coverity.com/projects/4215 sometimes in the near future...

Changed in widelands:
assignee: nobody → Tino (tino79)
Revision history for this message
Tino (tino79) wrote :

Ok, the project is approved, it is now possible to view the defects. The UI is pretty complex, but very powerful. Where is my 4k display... ;)

Anyone who wants to have a look, just go to the project and click "Add me to the project", i will approve her or him as quick as possible.

I am going to close this bug, i am going to do new scans every few weeks...

Changed in widelands:
status: Confirmed → Fix Released
Revision history for this message
SirVer (sirver) wrote :

Cool. It finds a ton of issues, but a lot of them are the same false positives that clang already found. We could get rid of a ton of them if parents would no longer own their children in the UI and we'd use unique_ptrs everywhere for widgets.

Revision history for this message
Tino (tino79) wrote :

New scan: https://scan.coverity.com/projects/4215

trunk rev 7452

Revision history for this message
Tino (tino79) wrote :

Some Updates:
There is now a github branch which triggers automatically a Travis-CI build and a Coverity code scan:

https://github.com/widelands/widelands/tree/coverity_scan

I have not figured out why, but for now building succeeds, but there are no results for coverity to scan emitted.
So for now the new project https://scan.coverity.com/projects/5976?tab=overview is empty.

Manual scans still done with https://scan.coverity.com/projects/4215?tab=overview

summary: - Setup Coveriry to run over our codebase
+ Setup Coverity to run over our codebase
Changed in widelands:
status: Fix Released → In Progress
Revision history for this message
Tino (tino79) wrote :

I do not think this is (currently) possible at all.

Both CIs (Travis and Appveyor) do have limits for compile time for OS projects which are way to short to do a coverity scan.

Changed in widelands:
status: In Progress → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.