CI: add coverity aggressiveness-level medium#1207
CI: add coverity aggressiveness-level medium#1207Sergei-Lebedev merged 1 commit intoopenucx:masterfrom
Conversation
dpressle
force-pushed
the
coverity_aggressivness
branch
from
fa17ca6 to
0e80aa9
Compare
|
bot:retest |
1 similar comment
|
bot:retest |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Overview
Greptile Summary
This PR adds the --aggressiveness-level medium flag to the Coverity static analysis configuration in the CI/CD pipeline. The change modifies the coverity.sh script by appending a single option to the COV_ANALYSE_OPTIONS variable, which accumulates all analysis parameters before being passed to the cov-analyze command. This increases the depth of interprocedural analysis performed by Coverity, enabling it to detect more subtle defects beyond the default analysis level. The modification follows the existing pattern in the script where analysis options are built up incrementally, and integrates seamlessly with the current Coverity workflow that includes building, analyzing, and uploading defect reports to the central server.
Important Files Changed
| Filename | Score | Overview |
|---|---|---|
| .ci/scripts/coverity.sh | 5/5 | Added aggressiveness-level medium flag to Coverity analysis options to enable more thorough static analysis |
Confidence score: 5/5
- This PR is safe to merge with minimal risk
- The change is a single configuration parameter addition that follows the existing pattern and has no impact on production code, only on CI analysis depth
- No files require special attention
Sequence Diagram
sequenceDiagram
participant User
participant Script as coverity.sh
participant Git
participant Module as Module System
participant Build as Build System
participant Coverity as Coverity Tools
participant Server as Coverity Server
User->>Script: Execute coverity.sh
Script->>Git: git rev-parse --show-toplevel
Git-->>Script: Repository root path
Script->>Module: Load hpcx-gcc, cuda, nccl, coverity modules
Module-->>Script: Modules loaded
Script->>Build: ./autogen.sh
Build-->>Script: Build system generated
Script->>Build: ./configure with options
Build-->>Script: Configuration complete
Script->>Script: Parse command-line arguments
alt Not skipping cov-build
Script->>Build: make clean
Build-->>Script: Clean complete
Script->>Coverity: cov-build --dir COV_BUILD_DIR make all
Coverity-->>Script: Build with instrumentation complete
end
alt Not skipping coverity
Script->>Coverity: cov-analyze with options
Coverity-->>Script: Analysis complete
end
Script->>Coverity: cov-commit-defects
Coverity->>Server: Upload defects via SSL
Server-->>Coverity: Upload successful
Coverity-->>Script: Commit complete
Script-->>User: Exit with status code
1 file reviewed, no comments
dpressle
force-pushed
the
coverity_aggressivness
branch
from
fc810f5 to
093b780
Compare
There was a problem hiding this comment.
Greptile Overview
Greptile Summary
This PR modifies the Coverity static analysis configuration in the CI pipeline by adding a single command-line flag that increases the analysis aggressiveness level from the default (low) to medium. The change is made to .ci/scripts/coverity.sh, which orchestrates the Coverity scan workflow - building the project under Coverity instrumentation, running analysis with configurable options, and uploading results to a central server. By appending --aggressiveness-level medium to the COV_ANALYSE_OPTIONS variable, the script will now instruct cov-analyze to perform more thorough checks that may catch additional defects at the cost of potentially more false positives. This aligns with the project's goal of improving code quality through more comprehensive static analysis during pull request validation.
Important Files Changed
| Filename | Score | Overview |
|---|---|---|
.ci/scripts/coverity.sh |
5/5 | Added --aggressiveness-level medium flag to Coverity analysis options to enable more thorough static analysis |
Confidence score: 5/5
- This PR is safe to merge with minimal risk
- Score reflects a trivial configuration change to a CI script that only affects static analysis behavior without touching production code, runtime logic, or build artifacts
- No files require special attention
Sequence Diagram
sequenceDiagram
participant User
participant Script as coverity.sh
participant Git
participant ModuleSystem as Module System
participant BuildSystem as Build System
participant Coverity as Coverity Tools
participant Server as Coverity Server
User->>Script: Execute coverity.sh [options]
Script->>Script: Parse command-line options
Script->>Git: git rev-parse --show-toplevel
Git-->>Script: Return repository root
Script->>Script: cd to topdir
Script->>ModuleSystem: Load modules (hpcx-gcc, cuda, nccl, cov)
ModuleSystem-->>Script: Modules loaded
Script->>BuildSystem: ./autogen.sh
BuildSystem-->>Script: Build system generated
Script->>BuildSystem: ./configure with options
BuildSystem-->>Script: Configuration complete
Script->>Script: Create COV_BUILD_DIR
alt Skip Build is Not Set
Script->>BuildSystem: make clean
BuildSystem-->>Script: Clean complete
Script->>Coverity: cov-build --dir COV_BUILD_DIR make all
Coverity-->>Script: Build with instrumentation complete
end
alt Skip Coverity is Not Set
Script->>Coverity: cov-analyze with options
Note over Script,Coverity: Includes --aggressiveness-level medium
Coverity-->>Script: Analysis complete
Script->>Server: cov-commit-defects to coverity.mellanox.com
Server-->>Script: Upload successful
end
Script-->>User: Exit with status code
1 file reviewed, no comments
|
bot:retest |
|
bot:retest |
7 similar comments
|
bot:retest |
|
bot:retest |
|
bot:retest |
|
bot:retest |
|
bot:retest |
|
bot:retest |
|
bot:retest |
Signed-off-by: Daniel Pressler <danielpr@nvidia.com>
dpressle
force-pushed
the
coverity_aggressivness
branch
from
093b780 to
2bff97f
Compare
There was a problem hiding this comment.
Greptile Overview
Greptile Summary
This PR enhances the static analysis capabilities of the CI pipeline by configuring Coverity to use medium aggressiveness level during code scans. The change modifies the .ci/scripts/coverity.sh script to add --aggressiveness-level medium to the Coverity analysis options. This setting sits between Coverity's default (low) and maximum (high) aggressiveness levels, enabling the tool to apply additional checkers and heuristics to detect more potential defects in the codebase. The modification integrates naturally with the existing CI infrastructure alongside other Coverity checker configurations like INFINITE_LOOP and RESOURCE_LEAK settings, maintaining consistency with the repository's approach to configurable static analysis parameters.
Important Files Changed
| Filename | Score | Overview |
|---|---|---|
| .ci/scripts/coverity.sh | 4/5 | Added medium aggressiveness level flag to Coverity analysis options to enable more thorough static code scanning |
Confidence score: 4/5
- This PR is safe to merge with minimal risk, as it only modifies CI configuration without touching production code
- Score reflects that while the change is straightforward and beneficial, medium aggressiveness may introduce additional falsepositives that will need triage, and there's no evidence in the PR of testing the impact of this change on analysis time or defect count
- Pay close attention to initial Coverity runs after merge to assess the volume and quality of newly reported issues
Sequence Diagram
sequenceDiagram
participant User
participant Script as coverity.sh
participant Git
participant Modules as Environment Modules
participant Build as Build System
participant Coverity as Coverity Tools
participant Server as Coverity Server
User->>Script: Execute ./coverity.sh [options]
Script->>Script: Set error handling (trap ERR)
Script->>Git: git rev-parse --show-toplevel
Git-->>Script: Repository root path
Script->>Modules: Load hpcx-gcc, cuda12.9.0, nccl, cov-2021.12
Modules-->>Script: Modules loaded
Script->>Build: ./autogen.sh
Build-->>Script: Build system generated
Script->>Build: ./configure with options
Build-->>Script: Configuration complete
Script->>Script: Parse command-line arguments
alt Not skipping build
Script->>Build: make clean
Build-->>Script: Clean complete
Script->>Coverity: cov-build --dir COV_BUILD_DIR make all
Coverity-->>Script: Build with instrumentation complete
end
alt Not skipping Coverity
Script->>Coverity: cov-analyze with options (including --aggressiveness-level medium)
Coverity-->>Script: Analysis complete
end
Script->>Server: cov-commit-defects (SSL, credentials, stream=ucc_master)
Server-->>Script: Upload successful
Script-->>User: Exit with status code
1 file reviewed, no comments
2 participants
What
Define Coverity aggressiveness level to medium
Why ?
Catch more code issues
How ?
Update cov script