Coverity Quality source code analysis
Recently jvoisin contacted me on IRC (#x64dbg on Freenode) about Coverity:
Find defects in your Java, C# or C/C++ open source project for free.
Test every line of code and potential execution path.
The root cause of each quality or security defect is clearly explained, making it easy to fix bugs
Integrated with Github and Travis Ci
The best thing about all of this: It’s free for open source software. Simple register an account and then your open source project and you’re good to go. Before you can see the scan results they have to approve your project though.
For me the tricky part was building x64dbg with the command line. I never did this before and the documentation wasn’t very clear to me. Basically you run the following commands:
>Configure cov-build for MSVC
cov-configure --msvc
>Build into the required databases
cov-build --dir cov-int --instrument [command that builds here]
What was recommended on the internet was creating a script that fully builds your project. This is coverity_build.bat
:
@echo off
echo Building DBG...
devenv /Rebuild "Release|x64" x64dbg.sln
echo Building GUI...
rmdir /S /Q build
mkdir build
cd build
qmake ..\src\gui\x64dbg.pro CONFIG+=release
jom
Notice that you have to be in the Visual Studio Command Prompt (+ Qt paths configured) for this to work. Just run coverity_setenv
:
@echo off
echo Setting Qt in PATH
set PATH=%PATH%;c:\Qt\4.8.6-x64\bin
set PATH=%PATH%;c:\Qt\qtcreator-3.1.1\bin
call %comspec% /k ""C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\vcvarsall.bat"" amd64
This will launch a new console, from there run coverity.bat
:
@echo off
cov-configure --msvc
cov-build --dir cov-int --instrument coverity_build.bat
exit
After a long time (I have 6 cores, it still took me 5-10 minutes to build with cov-build
), the building is finished and you have to ZIP the cov-int
directory (not the files inside, the whole directory has to be in the ZIP).
When zipped, simply submit the build to your Coverity project and start analyzing errors.
Here is a screenshot of what the Coverity interface looks like:
See you all later,
mrexodia
blog comments powered by Disqus