-
Notifications
You must be signed in to change notification settings - Fork 544
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Coverity Scan Integration #64
Comments
I'll set it up, though I'm not sure if the scanner supports C++11 yet (it didn't last I tried it, but that was some time ago) |
It seems like it would be worth while to just enable all warnings (/W4 with msvs, or -Wall on gnu/clang) Coverity is great, but it typically produces so many issues that it is impossible to wade through them all. So you may be able to knock out some easy ones by fixing all the warnings first. |
The maintainer mode already uses "-Wall -Wextra -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wzero-as-null-pointer-constant -Wold-style-cast" plus -Werror and a few -Wno-errors to turn off things I can't always fix. I'm not aware of any additional (useful) warnings to enable for gcc 4.9 The last coverity run I saw had a huge number of false positives but was worth wading through (check the 1.10.6 changelog for things it found) so I do think this is worth integrating if possible. |
I see, that is a new one to me, unfortunately it doesn't seem to enable /W4 on windows, but even with /W3 there are 20 or so warnings with the following configure line:
I see things like:
Without looking into it, I don't really see anything that is a real problem, but I do have an affinity for clean builds especially clean builds with all warnings enabled. But keep in mind that I haven't pulled from your repo in a week or two, so some of these things may already be gone or different... |
I also prefer warning free builds, though the meaning of those "performance warnings" is beyond me. |
Performance warnings: Pretty simple to resolve. |
Is this one done? |
Coverity can scan C++11 now and did a decent job with several real bugs found and not too many false positives. Only thing missing on this ticket is creating a coverity_scan branch in order to do recurring scans (waiting on github cutover for this). |
Cool. I don't understand why you need a separate branch to do the coverty scan. Is this to reduce load? |
Yes, they ratelimits scanning to a few builds a day |
Created the branch. Let the show begin! |
Configuration must be broken because Botan is built twice now. Has someone experience with setting up coverity scan? See https://travis-ci.org/randombit/botan/branches |
I think I made it. Just waiting for Jack to grant me access to the scan results. It turns out we need different travis configuration files on both branches because the build matrix must be less or equal 5 jobs for coverity scan quota. |
Done, thanks all. |
Would be nice to have Coverity Scan integration with the travis ci build as described here:
https://scan.coverity.com/travis_ci
The text was updated successfully, but these errors were encountered: