[PROJ] Coverity Scan
Even Rouault
even.rouault at spatialys.com
Wed Mar 27 05:03:45 PDT 2019
Hi,
I've setup Coverity Scan to do static code analysis of the PROJ codebase:
https://scan.coverity.com/projects/osgeo-proj-4
(proprietary service/tool, gratis for open source projects)
For now only me and Kristian have full access to the detailed issues. If other
people (PSC members and main code contributors) are also interested, tell me.
There's the possibility of integrating the tool with Travis-CI to launch
analysis on a regular basis, but I've not setup this, and have just done
manual builds.
For those with admin rights on the Coverity PROJ account, the procedure
(documented on Coverity Scan) to follow to do such a build:
First time: download the tool to do the local part of the analysis
from https://scan.coverity.com/download and untar it.
For every build: do something along:
[./configure]
make clean
rm -rf proj.tgz
~/cov-analysis-linux64-2017.07/bin/cov-build --dir cov-int make -j 8
tar cvzf proj.tgz cov-int
Go to
https://scan.coverity.com/projects/osgeo-proj-4/builds/new?tab=upload
and upload the above proj.tgz file. Wait for some time for it to be uploaded
and analyzed on their server.
~~~~
The tool is not perfect, but can find some issues that other ones we use
(cppcheck, clang static analyzer) don't, and vice-versa. In the initial pass,
it found few real issues, probably since we use also other tools that have
helped us chasing them.
Even
--
Spatialys - Geospatial professional services
http://www.spatialys.com
More information about the PROJ
mailing list