Re: Coverity Scan for GNUstep?

2018-01-22 Thread Fred Kiefer 


> Am 21.01.2018 um 11:30 schrieb Fred Kiefer :
> 
> Over this weekend I tried to set up Coverity for GNUstep base. I chose base 
> because it is the most widely used part of GNUstep.
> 
> The first thing I had to learn was that Coverity supports Objective-C but 
> only in connection with clang. This isn’t documented anywhere but becomes 
> obvious when you read through a few dozens of configuration files. So I had 
> to set up a clang only system for which I selected Ubuntu 17/10 on a 
> VirtualBox machine. For this setup I tried to follow the instructions on 
> http://wiki.gnustep.org/index.php/GNUstep_under_Ubuntu_Linux and they are 
> clearly outdated and incorrect. The configuration of GNUstep make needs to 
> include „—with-library-combo=ng-gnu-gnu“ and during the compilation of 
> libobjc2 I had to use make instead of cmake. As I am no expert in this setup 
> I would prefer if somebody with a bit more experiences would correct this 
> wiki page. This really would help to save others the frustration I did get 
> from not even being able to set up the first few steps of GNUstep. 
> Compilation with gcc has been straight forward for more then 15 years now. We 
> should get clang/libobjc2 support onto the same level.
> 
> With that finally in place I was able to run the first Coverity analysis. 
> Sadly this could only process one third of your source files. For the rest I 
> did get error messages like this:
> 
> cov-internal-emit-clang-main.cpp:5: assertion failure: 
> xlate-ast-types.cpp:1807: assertion failed: ObjCTypeParamType translation not 
> implemented.
> 
> (I had to type this as copy/paste somehow won’t work from my VirtualBox)
> 
> I have no idea whether this is an issue in clang or Coverity or maybe I did 
> forget some required setup step. Just from the file names I would say it is 
> something Coverity left out when implementing Objective-C support. Maybe 
> switching to an older version of clang could help?
> 
> The actual scan result ends up in an Sqlite DB you have to upload it to 
> Coverity to get some readable information from it. The project is now at 
> https://scan.coverity.com/projects/gnustep-base and awaits validation. 
> Somebody at Coverity needs to check whether I am actually connected to the 
> project I would like to scan. But with most files being left out from the 
> analysis the results will be mostly meaningless anyway. I hope to be able to 
> see the results in a few days and report whether they look promising or not. 
> In the later case I will drop the whole project. Otherwise I would try to 
> reach Coverity and discuss the issue with somebody there.

 In the meantime my connection with GNUstep has been confirmed and I was able 
to look at the found issues. Many of them are false positives mostly caused by 
Coverity expecting normal program continuation after NSException raise. Even so 
it did detect a few potential issues in base. I flagged some of the false 
positives so the more interesting bits are left over for somebody to look at. 
Especially the „time of check, time of use“ issues should be looked at. 

Fred
___
Gnustep-dev mailing list
Gnustep-dev@gnu.org
https://lists.gnu.org/mailman/listinfo/gnustep-dev

Re: [IMPORTANT] Ideas for Summer of Code 2018

2018-01-22 Thread Ivan Vučica 
Daniel,

did you come up with a blurb?

Any preferences for meeting day? Wed and Thu evenings UTC are taken for me.

On Thu, Jan 18, 2018 at 1:25 AM, Ivan Vučica  wrote:
> On Mon, Jan 15, 2018 at 7:05 AM, Daniel Ferreira (theiostream)
>  wrote:
>> On Sun, Jan 14, 2018 at 5:55 PM, Ivan Vučica  wrote:
>>> I don't think that's inappropriate as far as GNUstep is concerned.
>>
>> By inappropriate I mean that if the student wanted to work on anything
>> that's not GS+WebKit (or even that actually) my help would be very
>> limited – they would probably have to rely on Fred, you and others,
>> much like I had to in order to get work done.
>
> While I would prefer to mentor someone mainly if they do CA-related
> work, I am willing to consider helping out on a per-project basis.
>
> It is perfectly valid not to accept a proposal if we believe we can't
> mentor it well.
>
>>> Can you write a blurb that we can ask GNU representatives to put on
>>> the ideas page? See summer-of-code mailing list archive for examples.
>>
>> For GS+WebKit? Definitely. I should have something this week still.
>
> Thanks!
>
>>
>>> Let's sit one weekend to help me reproduce your build steps. (I don't
>>> recall at this point; maybe you left good enough documentation that I
>>> could do it myself, but maybe it's better if we sit down and make this
>>> easily reproducible.)
>>
>> Sure! Can we set this up sometime next week?
>
> As in, week of 22nd Jan? Sure.

___
Gnustep-dev mailing list
Gnustep-dev@gnu.org
https://lists.gnu.org/mailman/listinfo/gnustep-dev

Re: Coverity Scan for GNUstep?

2018-01-22 Thread David Chisnall 
On 21 Jan 2018, at 21:33, Fred Kiefer  wrote:
> 
> Oops, you are correct. I just rechecked my command history and it must have 
> been the second line „cmake —build .“ which caused me issues. I then checked 
> the INSTALL file of libobjc2 and followed the instructions from there, but 
> still needed the -DTESTS=OFF switch to finally get it working.

That’s a bit worrying, as it implies that the tests weren’t even building for 
you.  Travis is testing them on Linux and macOS and I’m running them manually 
on FreeBSD, and all of them exception the C++ exception interop (which is 
broken only on macOS) pass in all places.

David


___
Gnustep-dev mailing list
Gnustep-dev@gnu.org
https://lists.gnu.org/mailman/listinfo/gnustep-dev