Would be nice to have Coverity Scan integration with the travis ci build as described

Performance warnings: <a href="https://msdn.microsoft.com/en-us/library/b6801kcy.a

Coverity Scan Integration about botan HOT 14 CLOSED

randombit commented on May 13, 2024

Coverity Scan Integration

from botan.

Comments (14)

randombit commented on May 13, 2024

I'll set it up, though I'm not sure if the scanner supports C++11 yet (it didn't last I tried it, but that was some time ago)

from botan.

cdesjardins commented on May 13, 2024

It seems like it would be worth while to just enable all warnings (/W4 with msvs, or -Wall on gnu/clang) Coverity is great, but it typically produces so many issues that it is impossible to wade through them all. So you may be able to knock out some easy ones by fixing all the warnings first.

from botan.

randombit commented on May 13, 2024

The maintainer mode already uses "-Wall -Wextra -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wzero-as-null-pointer-constant -Wold-style-cast" plus -Werror and a few -Wno-errors to turn off things I can't always fix. I'm not aware of any additional (useful) warnings to enable for gcc 4.9

The last coverity run I saw had a huge number of false positives but was worth wading through (check the 1.10.6 changelog for things it found) so I do think this is worth integrating if possible.

from botan.

cdesjardins commented on May 13, 2024

I see, that is a new one to me, unfortunately it doesn't seem to enable /W4 on windows, but even with /W3 there are 20 or so warnings with the following configure line:

configure.py --disable-shared --disable-modules=selftest,tls --prefix=C:\Users\chrisd\software_devel\repo\install --enable-debug --cpu=i386 --via-amalgamation --maintainer-mode

I see things like:

C:\Users\chrisd\software_devel\repo\botan>nmake install

Microsoft (R) Program Maintenance Utility Version 12.00.21005.1
Copyright (C) Microsoft Corporation.  All rights reserved.

        cl /MDd  /EHs /GR /Od /Zi /DDEBUG /W3 /wd4275 /wd4267 /Ibuild\include /nologo /c botan_all.cpp /Fobuild\obj\lib\botan_all.obj
botan_all.cpp
botan_all.cpp(2006) : warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for deta
ils.
        C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\stdio.h(356) : see declaration of 'sprintf'
botan_all.cpp(8098) : warning C4800: 'int' : forcing value to bool 'true' or 'false' (performance warning)
botan_all.cpp(10068) : warning C4146: unary minus operator applied to unsigned type, result still unsigned
botan_all.cpp(16933) : warning C4800: 'botan_pk_op_encrypt_t *' : forcing value to bool 'true' or 'false' (performance warning)
botan_all.cpp(16976) : warning C4800: 'botan_pk_op_decrypt_t *' : forcing value to bool 'true' or 'false' (performance warning)
botan_all.cpp(17018) : warning C4800: 'botan_pk_op_sign_t *' : forcing value to bool 'true' or 'false' (performance warning)
botan_all.cpp(17060) : warning C4800: 'botan_pk_op_verify_t *' : forcing value to bool 'true' or 'false' (performance warning)
botan_all.cpp(17107) : warning C4800: 'botan_pk_op_ka_t *' : forcing value to bool 'true' or 'false' (performance warning)
botan_all.cpp(17627) : warning C4244: 'initializing' : conversion from 'std::streamsize' to 'size_t', possible loss of data
botan_all.cpp(17648) : warning C4244: '=' : conversion from 'std::streamsize' to 'size_t', possible loss of data
botan_all.cpp(17656) : warning C4244: '=' : conversion from 'std::streamsize' to 'size_t', possible loss of data
botan_all.cpp(18350) : warning C4244: 'argument' : conversion from 'std::streamsize' to 'size_t', possible loss of data
botan_all.cpp(21031) : warning C4244: 'argument' : conversion from 'double' to 'const size_t', possible loss of data
botan_all.cpp(21362) : warning C4244: 'argument' : conversion from 'std::streamsize' to 'unsigned int', possible loss of data
botan_all.cpp(24145) : warning C4244: 'argument' : conversion from 'const unsigned short' to 'const unsigned char', possible loss of data
botan_all.cpp(25084) : warning C4244: 'argument' : conversion from 'const unsigned short' to 'const unsigned char', possible loss of data
botan_all.cpp(25159) : warning C4146: unary minus operator applied to unsigned type, result still unsigned
botan_all.cpp(25210) : warning C4244: 'return' : conversion from 'double' to 'size_t', possible loss of data
No filesystem access enabled
botan_all.cpp(44024) : warning C4101: 'e' : unreferenced local variable
botan_all.cpp(44287) : warning C4800: 'int' : forcing value to bool 'true' or 'false' (performance warning)
botan_all.cpp(44904) : warning C4101: 'e' : unreferenced local variable
botan_all.cpp(45787) : warning C4800: 'Botan::u64bit' : forcing value to bool 'true' or 'false' (performance warning)
botan_all.cpp(45801) : warning C4800: 'Botan::u64bit' : forcing value to bool 'true' or 'false' (performance warning)

Without looking into it, I don't really see anything that is a real problem, but I do have an affinity for clean builds especially clean builds with all warnings enabled. But keep in mind that I haven't pulled from your repo in a week or two, so some of these things may already be gone or different...

from botan.

randombit commented on May 13, 2024

I also prefer warning free builds, though the meaning of those "performance warnings" is beyond me.

from botan.

cdesjardins commented on May 13, 2024

Performance warnings:
https://msdn.microsoft.com/en-us/library/b6801kcy.aspx

Pretty simple to resolve.

from botan.