Over this weekend I tried to set up Coverity for GNUstep base. I chose base because it is the most widely used part of GNUstep.
The first thing I had to learn was that Coverity supports Objective-C but only in connection with clang. This isn’t documented anywhere but becomes obvious when you read through a few dozens of configuration files. So I had to set up a clang only system for which I selected Ubuntu 17/10 on a VirtualBox machine. For this setup I tried to follow the instructions on http://wiki.gnustep.org/index.php/GNUstep_under_Ubuntu_Linux and they are clearly outdated and incorrect. The configuration of GNUstep make needs to include „—with-library-combo=ng-gnu-gnu“ and during the compilation of libobjc2 I had to use make instead of cmake. As I am no expert in this setup I would prefer if somebody with a bit more experiences would correct this wiki page. This really would help to save others the frustration I did get from not even being able to set up the first few steps of GNUstep. Compilation with gcc has been straight forward for more then 15 years now. We should get clang/libobjc2 support onto the same level. With that finally in place I was able to run the first Coverity analysis. Sadly this could only process one third of your source files. For the rest I did get error messages like this: cov-internal-emit-clang-main.cpp:5: assertion failure: xlate-ast-types.cpp:1807: assertion failed: ObjCTypeParamType translation not implemented. (I had to type this as copy/paste somehow won’t work from my VirtualBox) I have no idea whether this is an issue in clang or Coverity or maybe I did forget some required setup step. Just from the file names I would say it is something Coverity left out when implementing Objective-C support. Maybe switching to an older version of clang could help? The actual scan result ends up in an Sqlite DB you have to upload it to Coverity to get some readable information from it. The project is now at https://scan.coverity.com/projects/gnustep-base and awaits validation. Somebody at Coverity needs to check whether I am actually connected to the project I would like to scan. But with most files being left out from the analysis the results will be mostly meaningless anyway. I hope to be able to see the results in a few days and report whether they look promising or not. In the later case I will drop the whole project. Otherwise I would try to reach Coverity and discuss the issue with somebody there. Cheers, Fred _______________________________________________ Gnustep-dev mailing list Gnustep-dev@gnu.org https://lists.gnu.org/mailman/listinfo/gnustep-dev
