[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Coverity Scan for GNUstep?

From: Fred Kiefer
Subject: Re: Coverity Scan for GNUstep?
Date: Mon, 22 Jan 2018 23:23:31 +0100

> Am 21.01.2018 um 11:30 schrieb Fred Kiefer <address@hidden>:
> Over this weekend I tried to set up Coverity for GNUstep base. I chose base 
> because it is the most widely used part of GNUstep.
> The first thing I had to learn was that Coverity supports Objective-C but 
> only in connection with clang. This isn’t documented anywhere but becomes 
> obvious when you read through a few dozens of configuration files. So I had 
> to set up a clang only system for which I selected Ubuntu 17/10 on a 
> VirtualBox machine. For this setup I tried to follow the instructions on 
> and they are 
> clearly outdated and incorrect. The configuration of GNUstep make needs to 
> include „—with-library-combo=ng-gnu-gnu“ and during the compilation of 
> libobjc2 I had to use make instead of cmake. As I am no expert in this setup 
> I would prefer if somebody with a bit more experiences would correct this 
> wiki page. This really would help to save others the frustration I did get 
> from not even being able to set up the first few steps of GNUstep. 
> Compilation with gcc has been straight forward for more then 15 years now. We 
> should get clang/libobjc2 support onto the same level.
> With that finally in place I was able to run the first Coverity analysis. 
> Sadly this could only process one third of your source files. For the rest I 
> did get error messages like this:
> cov-internal-emit-clang-main.cpp:5: assertion failure: 
> xlate-ast-types.cpp:1807: assertion failed: ObjCTypeParamType translation not 
> implemented.
> (I had to type this as copy/paste somehow won’t work from my VirtualBox)
> I have no idea whether this is an issue in clang or Coverity or maybe I did 
> forget some required setup step. Just from the file names I would say it is 
> something Coverity left out when implementing Objective-C support. Maybe 
> switching to an older version of clang could help?
> The actual scan result ends up in an Sqlite DB you have to upload it to 
> Coverity to get some readable information from it. The project is now at 
> and awaits validation. 
> Somebody at Coverity needs to check whether I am actually connected to the 
> project I would like to scan. But with most files being left out from the 
> analysis the results will be mostly meaningless anyway. I hope to be able to 
> see the results in a few days and report whether they look promising or not. 
> In the later case I will drop the whole project. Otherwise I would try to 
> reach Coverity and discuss the issue with somebody there.

 In the meantime my connection with GNUstep has been confirmed and I was able 
to look at the found issues. Many of them are false positives mostly caused by 
Coverity expecting normal program continuation after NSException raise. Even so 
it did detect a few potential issues in base. I flagged some of the false 
positives so the more interesting bits are left over for somebody to look at. 
Especially the „time of check, time of use“ issues should be looked at. 


reply via email to

[Prev in Thread] Current Thread [Next in Thread]