diff --git a/bazel/coverity/coverity_toolchain.bzl b/bazel/coverity/coverity_toolchain.bzl index 4fd85c6fe91..8d1ef353471 100644 --- a/bazel/coverity/coverity_toolchain.bzl +++ b/bazel/coverity/coverity_toolchain.bzl @@ -1,12 +1,15 @@ def _coverity_toolchain(ctx): - result = ctx.execute([ - "ls", - "/data/cov-sa/bin/cov-build", - ]) + retCode = 1 + if "COVERITY_INSTALL_ROOT" in ctx.os.environ: + result = ctx.execute([ + "ls", + ctx.getenv("COVERITY_INSTALL_ROOT") + "/bin/cov-build", + ]) + retCode = result.return_code - if result.return_code == 0: + if retCode == 0: ctx.report_progress("extracting coverity rules...") - result = ctx.download_and_extract("file:///data/cov-sa/bazel/rules_coverity.tar.gz") + result = ctx.download_and_extract("file://" + ctx.getenv("COVERITY_INSTALL_ROOT") + "/bazel/rules_coverity.tar.gz") else: ctx.template( "coverity/BUILD.bazel", diff --git a/etc/coverity.yml b/etc/coverity.yml new file mode 100644 index 00000000000..fd21c6bd4a1 --- /dev/null +++ b/etc/coverity.yml @@ -0,0 +1,57 @@ +# Coverity analysis options that are passed to cov-analyze command line +analyze: + checkers: + all: true # Enables all checkers except a few which need to be explicitly enabled. See: https://documentation.blackduck.com/bundle/coverity-docs/page/commands/topics/cov-analyze.html#ariaid-title11 + rule: true # Enables "rule" checkers. See: https://documentation.blackduck.com/bundle/coverity-docs/page/commands/topics/cov-analyze.html#refsection_dgq_pf2_4qb__list-checkers + checker-config: + # Explicitly disabled checkers + # Add any checker that needs to be disabled below + STACK_USE: + enabled: false + COPY_INSTEAD_OF_MOVE: + enabled: false + RULE_OF_ZERO_THREE_FIVE: + enabled: false + MISSING_RETURN: + enabled: false + SLEEP: + enabled: false + PASS_BY_VALUE: + enabled: false + GLOBAL_INIT_ORDER: + enabled: false + # Explicitly enabled checkers + # Add any checker that needs to be explicitly enabled below + REVERSE_OVERRUN: + enabled: true + # Checkers with customized options + CHECKED_RETURN: + enabled: true + options: + stat_threshold: 80 + DEADCODE: + enabled: true + options: + no_dead_default: true + report_redundant_tests: true + NULL_RETURNS: + enabled: true + options: + stat_threshold: 50 + # Enables additional filtering of potential defects by using an additional false-path pruner (FPP). More details here https://documentation.blackduck.com/bundle/coverity-docs/page/commands/topics/cov-analyze.html#ariaid-title5 + constraint-fpp: true + # Enables function pointer models if the analysis fails to analyze certain function pointers calls. More details at https://documentation.blackduck.com/bundle/coverity-docs/page/commands/topics/cov-analyze.html#ariaid-title9 + c-cpp-fnptr: true + # Enables full, virtual-call resolution. More details at https://documentation.blackduck.com/bundle/coverity-docs/page/commands/topics/cov-analyze.html#ariaid-title9 + c-cpp-virtual: true + # Enables call graph matrics. The callgraph-metrics files store information about which functions are analyzed. More details at https://documentation.blackduck.com/bundle/coverity-docs/page/commands/topics/cov-analyze.html#ariaid-title20 + callgraph-metrics: true + cov-analyze-args: + # Specifies the name for the configuration file, which allows you to change the parse warnings that pass through a warning filter. More details at https://documentation.blackduck.com/bundle/coverity-docs/page/commands/topics/cov-analyze.html#ariaid-title9 + - --parse-warnings-config + - etc/coverity_parse_warnings.conf + +commit: + connect: + stream: mongo.master + project: "MongoDB master" diff --git a/etc/coverity_parse_warnings.conf b/etc/coverity_parse_warnings.conf new file mode 100644 index 00000000000..cb6d6aa7527 --- /dev/null +++ b/etc/coverity_parse_warnings.conf @@ -0,0 +1,1198 @@ +// parse_warnings.conf.sample +// Sample configuration for the compiler warning "PW.*","RW.*","SW,*" checkers. + +// All of the configurations in this file are initially commented-out. +// The commented-out configuration reflects the shipping default. To +// adjust the behavior, first copy this file to a new file name, then +// modify lines, and/or add new lines. Finally, specify +// --parse-warnings-config to cov-analyze so it will take +// effect. Settings so specified will override the defaults. + +// Lexically, this file's syntax is similar to C/C++ source code: all +// whitespace is treated uniformly, // or /**/ comments are equivalent +// to whitespace, and whitespace is needed only between tokens that +// would otherwise coalesce when adjacent. + +// Structurally, each configuration directive is of the following form: +// +// chk "": , , ..., ; +// +// checker_name begins with "PW." and is the full name of the checker +// (case sensitive) as it appears in the Coverity Prevent Defect Manager. +// +// The flags are: +// +// off: disable it entirely +// on: enable (this is the default) +// no_macros: do not report warnings inside macro expansions +// macros: report in macros (this is the default behavior) + +// Parse warnings whose name do not appear in the default +// configuration have been disabled. To enable them, add a directive: +// +// enable_undocumented_warnings; +// + +// It is also possible to suppress the RW.* and SW.* messages by +// adding appropriate directives to this file. + +// To disable all PW/RW/SW messages, add a directive: +// +// disable_all; +// +// Then, only subsequently enabled message types will be reported. + +// NOTE: Suppression of reports inside macro expansions does not work +// if cov-build/cov-translate is invoked with the --preprocess-first +// switch, since in that case the native preprocessor expands all +// macros before Coverity's front end has a chance to see them. This +// also applies to --preprocess-next for files that cov-emit is unable +// to parse when using its built-in preprocessor. + +// -------------------- disabled: uninteresting ---------------------- + +// The checkers in this section are disabled by default because the +// things they report are not very interesting. + +// Reports when an attribute is used after a parenthesized initializer +// but we're emulating a version of GCC that ignores it. +// +// This basically mimics a GCC warning. +//chk "PW.ATTRIBUTE_AFTER_PARENTHESIZED_INITIALIZER": off; + +// Reports cases where a GCC attribute will be ignored by our parser. +//chk "PW.ATTRIBUTE_DOES_NOT_APPLY_TO_TYPE": off; +//chk "PW.ATTR_REQUIRES_FUNC_TYPE": off; + +// Useless without more filtering, for example on whether the derived +// class dtor does anything, or (better) whether the base class is +// ever deleted polymorphically. +//chk "PW.BASE_CLASS_WITH_NONVIRTUAL_DTOR": off; + +// Reports when a class and its base class have different dllexport +// and/or dllimport characteristics. +// +// Disabled because the consequences have not yet been researched. +//chk "PW.BASE_CLASS_HAS_DIFFERENT_DLL_INTERFACE": off; + +// Reports when a source sequence fails to adhere to the form of a +// preprocessor token (C++ standard, 2.4). +// +// Basically, such a use constitutes use of a (perhaps only slightly) +// nonstandard preprocessor, but is otherwise harmless. +//chk "PW.BAD_TOKEN": off; + +// Reports when a function is called, then later declared inline. +// +// Not prohibited by the standard, but obviously the earlier call(s) +// will not be inlined by most compilers. +//chk "PW.CALLED_FUNCTION_REDECLARED_INLINE": off; + +// Reports when a declared calling convention is ignored, for example +// specifying __stdcall on a variable-argument function (which is +// always __cdecl). +// +// The only observed occurrences of this warning are in Microsoft +// headers, and even if found elsewhere this isn't very interesting. +//chk "PW.CALLING_CONVENTION_IGNORED": off; + +// Reports when the ## concatenation operator yields something +// that is not a single valid token. The result is undefined in +// the language definition. +//chk "PW.CONCAT_YIELDS_INVALID_TOKEN": off; + +// Reports when a redeclaration (e.g., of a typedef) specifies a +// different access control (e.g., public) level than the previous +// declaration. +// +// It's a confusing thing to do, and most likely unintentional, but a +// bit below the noise margin to be enabled by default. +//chk "PW.CANNOT_CHANGE_ACCESS": off; + +// Something with inline assembly; report is not very clear. +//chk "PW.CC_CLOBBER_IGNORED": off; +//chk "PW.CONST_IGNORED": off; + +// Reports when a certain declaration modifier is incompatible with +// another modifier or the underlying type. For example, "uuid" is +// only allowed to be associated with classes. +// +// The only place this fires is in Microsoft headers, which users +// generally want to ignore anyway. +//chk "PW.DECL_MODIFIERS_INVALID_FOR_THIS_DECL": off; + +// Reports uses of entities that are marked as 'deprecated' in some +// compiler-specific way. +// +// Normally, the compiler itself gives warnings about these things, +// and if someone has chosen to ignore or suppress those warnings then +// they probably don't want Prevent reporting them too. +// Disabled in cov-emit. +//chk "PW.DEPRECATED_ENTITY": off; +//chk "PW.DEPRECATED_ENTITY_WITH_CUSTOM_MESSAGE": off; + +// Reports when two declarations conflict over the dllexport / +// dllimport status of the entity. +// +// Disabled because the consequences have not yet been researched. +//chk "PW.DLL_INTERFACE_CONFLICT_DLLEXPORT_ASSUMED": off; +//chk "PW.DLL_INTERFACE_CONFLICT_NONE_ASSUMED": off; + +// Reports when the same calling convention is specified more than +// once. (If two different conventions are specified, that is +// reported as an error, not a warning.) +// +// Benign. +//chk "PW.DUPL_CALLING_CONVENTION": off; + +// Reports when something is befriended that has already been +// befriended. +// +// Benign, and in general we don't care about access control. +//chk "PW.DUPLICATE_FRIEND_DECL": off; + +// Reports when a typedef is redeclared. +// +// Outside a class, it's a common extension. Inside a class, it +// is invalid (C++03, 7.1.3p2), but allowed for compatibility and +// benign anyway. +//chk "PW.DUPLICATE_TYPEDEF": off; +//chk "PW.DUPLICATE_TYPEDEF_IN_CLASS": off; +//chk "PW.SIMILAR_TYPEDEF": off; // like PW.DUPLICATE_TYPEDEF + +// Reports when an exception specification is seen, but we're +// emulating MSVC 6 or earlier, which ignored them. +// +// Totally uninteresting. +//chk "PW.EXCEPTION_SPECIFICATION_IGNORED": off; + +// Technically nonstandard, but almost all compilers accept it. +//chk "PW.EXTRA_SEMICOLON": off; + +// Reports when a preprocessing directive is followed by something +// other than comments/whitespace before the newline. +// +// Like PW.BAD_TOKEN, it means the native preprocessor is a bit +// permissive, but there is no execution-time bug in the program. +//chk "PW.EXTRA_TEXT_IN_PP_DIRECTIVE": off; + +// Reports when a dllexport/dllimport class has a field whose DLL +// disposition is not stated. +// +// Disabled because the consequences have not yet been researched. +//chk "PW.FIELD_WITHOUT_DLL_INTERFACE": off; + +// Reports when a GCC linker alias causes a previous inline definition +// to be ignored. +// +// Probably not a useful report. +//chk "PW.IGNORING_INLINE_DEFINITION_BECAUSE_OF_ALIAS": off; + +// Reports when a base class special function (destructor, +// constructor, conversion operator or assignment operator) is +// inaccessible. +// +// Allowed for bug compatibility with other compilers, but disabled +// because we don't care about access control issues. +//chk "PW.INACCESSIBLE_SPECIAL_FUNCTION": off; + +// Reports when the last line of the file ends without a newline. +// No one cares. +//chk "PW.LAST_LINE_INCOMPLETE": off; + +// Local hiding a local (as opposed to parameter) is often part of +// certain idioms. Another reasonable option is to suppress this +// warning only when a macro is involved. +//chk "PW.LOCAL_VARIABLE_HIDDEN": off; + +// Reports when 'main()' does not accept either zero or two +// parameters. According to the standard, other forms are +// implementation-defined. Accepting a third 'env' argument is very +// common, but this PW does not know about it, so most of its reports +// are noise. +//chk "PW.MAIN_WRONG_NUM_PARAMS": off; + +// Reports when a class is inherited w/o specifying public etc. +//chk "PW.MISSING_ACCESS_SPECIFIER": off; + +// Reports the use of a character literal with more than one +// character, e.g., 'abcd'. +// +// This is nonportable. Occasionally this results from a typo (i.e., +// a bug), but on some code bases multicharacter literals are used +// extensively and then this explodes, so it is disabled by default. +//chk "PW.MULTI_CHAR_LITERAL": off; + +// Reports when a manifestly nonzero integer is converted to a +// pointer. +// +// This is uninteresting because (a) almost always, the programmer +// knows what they are doing, and (b) we routinely and casually accept +// that this is going on all the time, just with values that are not +// manifestly constants, so it's inconsistent to complain about this +// one case. +//chk "PW.NON_ZERO_INT_CONV_TO_POINTER": off; + +// Arithmetic on void* is routine and benign. +//chk "PW.NONOBJECT_POINTER_ARITHMETIC": off; + +// Reports a comma used at the end of an enumerator list. +//chk "PW.NONSTD_EXTRA_COMMA": off; + +// Reports when a member function has its address taken implicitly, +// i.e., without the use of '&'. This is not legal C++, but allowed +// for compatibility. +//chk "PW.NONSTD_MEMBER_FUNCTION_ADDRESS": off; + +// Reports members or base classes being initialized in other than declaration +// order. When doing so has a real consequence that consequence is usually +// an UNINIT defect, so the many reports of this that are not redundant with +// UNINIT are mostly noise. +//chk "PW.OUT_OF_ORDER_CTOR_INIT": off; + +// Reports when a friend declaration declares a new, non-template +// function, rather than befriending an explicit specialization. +// +// Most likely, the native compiler misinterprets the syntax too; +// and anyway, it's an access control issue. +//chk "PW.PROBABLE_GUIDING_FRIEND": off; + +// Extremely noisy due to reporting every signed loop counter compared to an +// unsigned loop bound, etc. +//chk "PW.SIGNED_UNSIGNED_COMPARISON": off; + +// Reports when the storage class (extern, static, register, auto, +// mutable) is not first in a sequence of declaration specifiers. +// +// This might be of interest in some coding standards, but that's it. +//chk "PW.STORAGE_CLASS_NOT_FIRST": off; + +// Reports when the address of a temporary object is taken. +// +// It's somewhat unusual style, but no more dangerous than binding a +// reference to a temporary, which happens all the time. +//chk "PW.TAKING_ADDRESS_OF_TEMPORARY": off; + +// Reports when a transparent union (GCC extension) attribute will be +// ignored because it is applied to something inappropriate (like a +// typedef referring to an undefined struct). +// +// Uninteresting b/c we don't care about transparent union issues. +//chk "PW.TRANSPARENT_ATTRIBUTE_IGNORED": off; + +// Reports any use of a trigraph. It's pretty common (and benign) +// to accidentally use them in comments. +//chk "PW.TRIGRAPH_IGNORED": off; + +// Reports any time an undefined preprocessor identifier is used. +// This is quite common (the id expands to 0) and pretty benign. +//chk "PW.UNDEFINED_PREPROC_ID": off; + +// Reports when size_t is not unsigned long or unsigned int. +// +// Seems to get confused by typedefs, and irrelevant anyway. +//chk "PW.UNEXPECTED_TYPE_FOR_SIZE_T": off; + +// Reports when a transparent union (GCC extension) contains elements +// of differing sizes. +// +// Irrelevant for Prevent. If GCC accepted it, then we don't add much +// value by issuing a warning. +//chk "PW.UNION_CANNOT_BE_TRANSPARENT_SYM": off; +//chk "PW.UNION_CANNOT_BE_TRANSPARENT": off; + +// Reports when something in a compiler attribute is not recognized. +// +// Not a bug, just something our compiler does not know about. +// The first two are disabled in cov-emit and cannot be enabled. +//chk "PW.UNRECOGNIZED_ATTRIBUTE": off; +//chk "PW.UNRECOGNIZED_MS_ATTR": off; +//chk "PW.UNRECOGNIZED_FORMAT_FUNCTION_TYPE": off; + +// This is turned off in cov-emit, so it cannot be enabled here. +// A shadowing analysis would be better. +////chk "PW.UNREFERENCED_FUNCTION_PARAM": off; + +// Explicit #warning. Presumably the native build will print these +// already. +//chk "PW.WARNING_DIRECTIVE": off; + +// Reports when there is white space between a backslash and newline. +// +// Typically this is reported inside comments, and hence irrelevent. +//chk "PW.WHITE_SPACE_INSIDE_SPLICE": off; + + +// enabled: buggy +// +// The following "warning" is actually not supposed to be a warning at +// all, but rather among a set of supporting messages for some other +// (real) warning. I'd like to get a sample of code that provokes it +// stand-alone, so I'm leaving it enabled. +//chk "PW.IMPLICIT_STATIC_DATA_MEMBER_DEFINITION": on; + + +// ---------------------- disabled: obviated ---------------------- + +// These checkers are disabled because what they report is also +// reported, with a lower FP/N rate, by a full Prevent checker. + +// The warning produces many useless reports, for example a break +// statement after a return in a switch case. The UNREACHABLE checker +// typically does a better job. +//chk "PW.CODE_IS_UNREACHABLE": off; +//chk "PW.LOOP_NOT_REACHABLE": off; +//chk "PW.INITIALIZATION_NOT_REACHABLE": off; + +// The MISSING_RETURN (no "PW." prefix) checker obviates this, and +// does a better job. +//chk "PW.MISSING_RETURN": off; +//chk "PW.NO_VALUE_RETURNED": off; + +// BAD_OVERRIDE usually does a better job than either of these. +//chk "PW.PARTIAL_OVERRIDE": off; +//chk "PW.VIRTUAL_FUNCTION_DECL_HIDDEN": off; + +// OVERRUN_STATIC does a better job. +//chk "PW.SUBSCRIPT_OUT_OF_RANGE": off; + +// NO_EFFECT handles this. +//chk "PW.UNSIGNED_COMPARE_WITH_ZERO": off; + +// UNINIT handles this. +//chk "PW.USED_BEFORE_SET": off; + +// RETURN_LOCAL does this. +//chk "PW.RETURNING_PTR_TO_LOCAL_VARIABLE": off; +//chk "PW.RETURNING_REF_TO_LOCAL_VARIABLE": off; + + +// ---------------------- disabled: noisy ------------------------- + +// These checkers produce some legitimate results, but also tend to +// generate a lot of false positives. They are good candidates for +// users to experiment with enabling, as the FP rate is dependent on +// code style. + + +// This warning has at least two causes: +// +// 1. In GCC C mode, a function can be defined as "extern inline" +// and then later redefined. The redefinition replaces the original +// definition. +// +// 2. In Microsoft C++ mode, an explicit specialization of a template +// can be defined multiple times. The Microsoft compiler silently +// ignores the definitions subsequent to the first. +// +// Both cases can potentially explode, so this warning is disabled. +//chk "PW.ALREADY_DEFINED": off; + +// The const/volatile qualifier in a cast such as "(const int)x" or +// "(volatile int)x" has no meaning according to the C standard, so +// this checker reports such cases. +// +// However, some versions of GCC have unusual rules regarding when a +// cast yields an lvalue, in which case the qualifier (particularly +// volatile) might have an effect. However, as soon as the code is +// ported to another compiler or another version of GCC, the cast will +// again become a no-op. +// +// Therefore, code that wants to apply 'volatile' to an access should +// be rewritten to use a pointer: "*((volatile int*)&x)". +// +// However, this is off by default because the "bad" usage is too +// prevalent. +//chk "PW.CAST_TO_QUALIFIED_TYPE": off; + +// Reports when a function is used without a prototype. +// +// The effect of this can be subtle, as the compiler has to guess how +// to convert arguments, and cannot check that their types match. +// +// But there are too many code bases that heavily rely on it, so it +// is off by default. +//chk "PW.IMPLICIT_FUNC_DECL": off; + +// This reports cases where an overloaded operator 'new' is invoked, +// but there is no corresponding 'delete'. +// +// This is a problem because the memory cannot be freed if there is an +// exception thrown while constructing the object. However, if this +// warning ever fires, it fires hundreds of times, once for each use +// of the 'new'. Therefore we have it off by default to avoid +// inflating bug counts. +//chk "PW.NO_CORRESPONDING_DELETE": off; +//chk "PW.NO_CORRESPONDING_MEMBER_DELETE": off; +//chk "PW.CLASS_WITH_OP_DELETE_BUT_NO_OP_NEW": off; +//chk "PW.CLASS_WITH_OP_NEW_BUT_NO_OP_DELETE": off; + +// This warns about const or reference members that cannot be +// initialized via ctor, but they still can be init'd via a compound +// initializer, and in fact that is what's usually going on. +//chk "PW.NO_CTOR_BUT_CONST_OR_REF_MEMBER": off; + +// These warn about implicit conversions between things like char* and +// unsigned char*. Such conversions are be errors in C++, so this +// warning can only be seen in C code, where such conversions are (for +// better or worse) quite common. +// +// The different checker names are due to the conversions arising in +// different syntactic contexts. +//chk "PW.BAD_INITIALIZER_TYPE": off; +//chk "PW.BAD_RETURN_VALUE_TYPE": off; +//chk "PW.INCOMPATIBLE_ASSIGNMENT_OPERANDS": off; +//chk "PW.INCOMPATIBLE_OPERANDS": off; +//chk "PW.INCOMPATIBLE_PARAM": off; + +// Reports when a default argument value is repeated. +// +// According to the C++ standard, default argument values can be +// defined at most once, but some compilers are lax about enforcing +// that (including ours, for compatibility). +//chk "PW.DEFAULT_ARG_ALREADY_DEFINED": off; + +// Reports when an integer is implicitly converted to an enum. +// +// This is an error in C++, so this only shows up in C code. +// +// Depending on programming style, these reports might be interesting, +// but there is a lot of code out there for which this is 99% noise. +//chk "PW.MIXED_ENUM_TYPE": off; + +// Reports when the start of a C-style comment appears in a C-style +// comment. +// +// On some code bases, this explodes due to pervasive deliberate use, +// and the check doesn't provide that much value, so this is disabled +// by default. +//chk "PW.NESTED_COMMENT": off; + +// Reports situations like the following: +// +// typedef void my_void; +// int f(my_void); // intended meaning: no params +// +// Though it is legal in C99 (6.7.5.3/10), it is not legal C++ +// (8.3.5/2). +// +// Not really an interesting "defect", and can explode. +//chk "PW.NONSTD_VOID_PARAM_LIST": off; + +// Reports when two declarations disagree. +// +// The only reports I've seen were clashes with +// coverity-compiler-compat.h. The native compiler should diagnose +// anything real. +//chk "PW.NOT_COMPATIBLE_WITH_PREVIOUS_DECL": off; + + +// Useful warnings for 32/64-bit porting issues. Reports wider pointers being +// converted to narrow integers and narrower integers being converted to wider +// pointers. Can be somewhat noisy in certain styles of code. +//chk "PW.POINTER_CONVERSION_LOSES_BITS": on; +//chk "PW.CONVERSION_TO_POINTER_ADDS_BITS": on; + +// Reports when an integer is converted to an integer that is smaller. +// +// Experimentally, this produces more noise than signal, but individual +// users may wish to do their own experimentation. +// +// Note that cov-emit must know the correct sizes of various types for +// these reports to be accurate; see the --size_types command line +// option to cov-emit. +//chk "PW.INTEGER_TRUNCATED": off; +//chk "PW.ILP64_WILL_NARROW": off; // extremely noisy! requires --microsoft_mode + +// Impact is unclear, can be a difficult message to explain because +// it is usually caused by the baroque promotion rules. +// +// 2007-08-20: This causes Windows emits to be much slower because +// there are many of these warnings in the Windows header files. So +// this warning is now unconditionally disabled; i.e., the config file +// cannot be used to re-enable it. +////chk "PW.INTEGER_SIGN_CHANGE": off; + +// These are warnings that can only happen in Microsoft mode, +// indicating that accessibility issues prevents generation of implicit +// functions such as copy assignment or destructors. +// DR 10204 +//chk "PW.ACCESS_PREVENTS_DTOR_GENERATION": off; +//chk "PW.CONST_MBR_SUPPRESSES_COPY_ASGN_DECL": off; +//chk "PW.REF_MBR_SUPPRESSES_COPY_ASGN_DECL": off; +//chk "PW.SUBOBJ_COPY_ASGN_DECL_SUPPRESSED": off; +//chk "PW.AMBIG_SUPPRESSES_COPY_ASGN_DECL": off; +//chk "PW.ACCESS_SUPPRESSES_COPY_ASGN_DECL": off; +//chk "PW.SUBOBJ_COPY_CTOR_DECL_SUPPRESSED": off; +//chk "PW.AMBIG_SUPPRESSES_COPY_CTOR_DECL": off; +//chk "PW.ACCESS_SUPPRESSES_COPY_CTOR_DECL": off; + +// This is related to PW.ACCESS_PREVENTS_DTOR_GENERATION. The warning +// is disabled because the Microsoft compiler would have produced its +// own error if this was a problem; and the warning can explode. +//chk "PW.SUPPRESSED_DTOR_NEEDED": off; + + +// ------------------ disabled: borderline noisy ------------------ + +// These PWs do sometimes find good bugs, but also report a lot of +// code that, while it probably should be fixed, does not cause a +// run-time problem. Previously, they had been marked "no_macros", +// but are now disabled as per bug 8803. + +// Reports when a variable is declared but not subsequently used. +// +// Sometimes gets FPs due to conditional compilation. +//chk "PW.DECLARED_BUT_NOT_REFERENCED": off; + +// Reports when a variable is assigned a value, but that value is +// not subsequently used. +// +// Partial overlap with UNUSED_VALUE. +//chk "PW.SET_BUT_NOT_USED": off; + + +// ---------------------- disabled in macros ---------------------- + +// These checkers' results are suppressed when they coincide with +// macro expansions, because they are suspicious, but macros often +// trigger them too. + +// Reports when a conditional is a compile-time constant. +// +// It can get FPs when the constant is due to conditional compilation. +// There is also some overlap with NO_EFFECT's reports. +//chk "PW.BOOLEAN_CONTROLLING_EXPR_IS_CONSTANT": no_macros; + +// Reports when an expression has no apparent effect and its value is +// not used or saved. +// +// This is precisely what the NO_EFFECT checker looks for, but it's +// not yet clear whether NO_EFFECT completely subsumes this one (not +// enough field experience). +// +// Disabled in macros because it tends to explode in Windows code +// bases. +//chk "PW.EXPR_HAS_NO_EFFECT": no_macros; + +// Reports when pointer arithmetic appears to compute a value outside +// the original object. Technically, the behavior is undefined. +// +// On linux this explodes in the ZERO_PAGE macro. +//chk "PW.POINTER_OUTSIDE_BASE_OBJECT": no_macros; + +// Reports when the guard of a 'switch' is a constant. +// +// Explodes on linux due to compile-time switching on type sizes, so +// suppressed in macros. +//chk "PW.SWITCH_SELECTOR_EXPR_IS_CONSTANT": no_macros; + + +// --------------------------- enabled ---------------------------- + +// These checkers are enabled by default. This is not an exhaustive +// list yet, however. + +// Reports when, in a C (as opposed to C++) source file, a variable +// declared with the 'register' keyword has its address taken. +// +// If the address-of is explicit, the code is invalid (C99 6.5.3.2p1), +// but allowed for compatibility reasons. +// +// If the address-of is implicit due to an array access, then the code +// is not invalid, although the behavior is undefined (C99 6.3.2.1p3). +//chk "PW.ADDRESS_OF_REGISTER_VARIABLE": on; + +// Reports when a GCC "linker alias" refers to an undeclared symbol. +// +// On some platforms GCC accepts such code, on others it is an error, +// so Prevent reports it on the grounds of being nonportable. +//chk "PW.ALIASED_NAME_UNDECLARED": on; + +// Reports where an explicit alignment (a GCC extension) directive +// will be ignored by GCC due to the absence of the "packed" +// attribute. +// +// The impact is the structure in question may not be laid out in +// memory as was intended. +//chk "PW.ALIGNMENT_REDUCTION_IGNORED": on; + +// Possible use of "=" where "==" was intended. +// +// This warning flags conditions where "=" appears and "==" is +// usually expected, but only if the right-hand side of the +// assignment is a constant. +//chk "PW.ASSIGN_WHERE_COMPARE_MEANT": on; + +// Reports when a GCC attribute will be ignored by GCC due to its +// attachment to a forward declaration. +// +// Possibly a serious bug, depending on how important the attribute +// is. +//chk "PW.ATTRIBUTE_IGNORED_ON_INCOMPLETE_CLASS_DECL": on; + +// Reports two kinds of casts: +// +// 1. Casting an integer to a pointer of narrower precision. This +// is legal (implementation-defined) but suspicious. Sometimes +// reported as PW.CONVERSION_TO_POINTER_LOSES_BITS instead. +// +// 2. Casting away 'const' in some circumstances (allowed for bug +// compatibility with other compilers). +//chk "PW.BAD_CAST": on; + +// Reports when a nonstandard (invalid) friend declaration. One +// example is the MS bug/feature where a template (rather than a +// template specialization) can be befriended. +// +// Invalid C++, but accepted (in some cases) for compatibility. +//chk "PW.BAD_FRIEND_DECL": on; + +// Reports when a macro is #defined to a different value than it had +// previously. +// +// This report is of questionable value, since presumably the native +// build warns about it too, but so far these have been rare, and it +// could conceivably indicate a failure to properly emulate the native +// preprocessor. +chk "PW.BAD_MACRO_REDEF": off; + +// Reports when the return type of 'main' is not 'int'. +// +// In C, this yields unspecified behavior but is legal (C99 +// 5.1.2.2.3p1). In C++, this is illegal (C++03 3.6.1p2) but may be +// allowed for compatibility with other compilers. +//chk "PW.BAD_RETURN_TYPE_ON_MAIN": on; + +// Reports when a 'goto' jumps over the initialization of a variable, +// but into that variable's scope. Any subsequent uses of the +// variable would read an uninitialized value. +// +// Unfortunately, the warning currently does not check to see if the +// variable is actually used after the 'goto' target, so this +// sometimes produces useless results, but the bugs it does find can +// be quite serious. +chk "PW.BRANCH_PAST_INITIALIZATION": off; + +// Reports when a virtual call target can be resolved statically, and +// the target is a pure virtual function. +// +// One common mistake is calling a virtual function from a constructor +// or destructor. During construction and destruction, the target of +// a virtual call is always one defined in the class being constructed +// (or its base classes). +// +// This might not be an error; it *is* possible to provide a +// definition of a pure virtual function. However, this warning does +// not consider that possibility. +// +// If no definition is provided, the program will abort when the pure +// virtual function is called. +//chk "PW.CALL_OF_PURE_VIRTUAL": on; + +// Reports when a conversion operator function cannot be used to do +// conversions because it yields something like a reference to its +// own class or a base class (C++03 12.3.2p1). +// +// Legal, but most likely unintentional. +//chk "PW.CONVERSION_FUNCTION_NOT_USABLE": on; + +// Reports when an integer is converted to a narrower pointer. +// +// In some cases, this is reported as PW.BAD_CAST instead. +// +// May indicate a portability bug. +//chk "PW.CONVERSION_TO_POINTER_LOSES_BITS": on; + +// Reports when a single name is declared (possibly due to K&R-style +// implicit declaration) and then re-declared in an incompatible way. +// +// Accepted only for bug compatibility with other compilers. +//chk "PW.DECL_INCOMPATIBLE_WITH_PREVIOUS_USE": on; + +// Reports when a declaration (typically of a structure) appears in +// the parameter list of a function. Example: +// +// int f(struct Foo { int x; } * p) { ... } +// +// The problem is that the scope of 'struct Foo' is limited to the +// body of the function 'f', and consequently it is not possible to +// call 'f', because there is no way for the caller to name the type +// that it accepts. (In C, it is still possible to call the function +// by passing a void*, but then the call is not type-safe.) +//chk "PW.DECL_IN_PROTOTYPE_SCOPE": on; + +// Reports a division by zero detected at compile time while doing +// constant folding. +// +// The run-time effect is undefined. +//chk "PW.DIVIDE_BY_ZERO": on; + +// A more naive version of our STRAY_SEMICOLON; reports lots of cases +// involving conditionally defined macros. +//chk "PW.EMPTY_ELSE_STATEMENT": off; + +// A more naive version of our STRAY_SEMICOLON; reports lots of cases +// involving conditionally defined macros. +//chk "PW.EMPTY_THEN_STATEMENT": off; + +// Reports when an expression is cast to enumeration type using +// const_cast. +// +// Invalid C++ (C++03, 5.2.11), as const_cast can only cast to +// pointers and references, but allowed for compiler compatibility. +//chk "PW.ENUM_CONST_CAST": on; + +// Reports when an overrider of a virtual function has a more +// permission exception specification than the overridee. +// +// This is invalid (C++03, 15.4p3). It can lead to subtle code +// generation problems when the native compiler accepts it, because +// the compiler may rely on the more permissive exception +// specification when generating the call site code, potentially +// resulting in a program crash when an exception is thrown. +//chk "PW.EXCEPTION_SPEC_OVERRIDE_INCOMPAT": on; + +// Reports when a right-parenthesis was expected. This is a warning +// for the preprocessor and an error for the compiler. +// +// Parse errors in preprocessor statements can be maintenance +// timebombs, since you can't predict how the compiler will interpret +// malformed input after making small changes. +//chk "PW.EXP_RPAREN": on; + +// Reports when a semicolon is omitted just before a right-brace. +// +// Accepted only for bug compatibility with other compilers. +//chk "PW.EXP_SEMICOLON": on; + +// Reports when a label statement (something that could be the target +// of a 'goto') is immediately followed by '}'. +// +// Accepted only for bug compatibility with other compilers. +//chk "PW.EXP_STATEMENT": on; + +// Reports when the LHS of an assignment operator is not an lvalue. +// +// Normally this is an error, but in certain compatibility modes, cast +// expressions are tolerated because some compilers allow casts to +// yield lvalues in C. +//chk "PW.EXPR_NOT_A_MODIFIABLE_LVALUE": on; + +// Reports when a header file transitively includes itself. +// +// This has a variety of bad effects, because it indicates a cycle in +// the dependency structure. For example, it might mean that +// something one file needs is not available when expected. In some +// cases, the problem can be avoided by creating appropriate forward +// declarations rather than pulling in an entire header file. +// +// See the PARSE_WARNING documentation for additional discussion +// about the impact of these defects. +chk "PW.INCLUDE_RECURSION": off; + +// Reports when a boolean is incremented. +// +// This usage is deprecated; see C++03 Standard, D.1p1. +//chk "PW.INCR_OF_BOOL_DEPRECATED": on; + +// Reports when an initialization priority (GCC extension) value is +// specified that is in the reserved range. +// +// The code is likely to be nonportable across GCC versions. +//chk "PW.INIT_PRIORITY_RESERVED": on; + +// Reports when the 'inline' keyword is applied to something that is +// not a function. +// +// Not valid C++, but some compilers fail to enforce. +//chk "PW.INLINE_AND_NONFUNCTION": on; + +// Reports when a compile-time calculation overflows. +// +// The behavior is undefined according to the C++ standard. May or +// may not be a problem depending on the compiler. +//chk "PW.INTEGER_OVERFLOW": on; +//chk "PW.INTEGER_TOO_LARGE": on; + +// Reports when a nested class is redeclared and the second +// declaration is not a definition. +// +// Not valid C++, but some compilers fail to enforce. +//chk "PW.INVALID_NESTED_CLASS_REDECL": on; + +// Reports when the 'typename' keyword is used in a syntactic context +// where it is not allowed. 'typename' may only be used in templates, +// and in front of qualified names (see C++03, 14.6/5). +// +// Invalid C++, but allowed for compiler compatibility. +//chk "PW.INVALID_TYPENAME_SPECIFIER": on; + +// Reports when two successive variable declarations conflict over +// whether the variable has external linkage. +// +// This is allowed by our parser only for bug compatibility with other +// compilers; many compilers properly reject it. If the +// internal-linkage declaration is in a header, then there may be +// multiple copies of the variable in the program, which can lead to +// execution bugs. +//chk "PW.LINKAGE_CONFLICT": on; + +// Reports when a local type (e.g., a class type defined inside the +// body of a function) is used in the declaration of an entity with +// linkage (such as a function). This typically happens as a result +// of instantiating a template with a local type, which is not legal +// (see C++03, 14.3.1/2). +// +// This is allowed by our parser for bug compatibility with other +// compilers. +//chk "PW.LOCAL_TYPE_IN_FUNCTION": on; +//chk "PW.LOCAL_TYPE_IN_NONLOCAL_VAR": on; +//chk "PW.LOCAL_TYPE_IN_TEMPLATE_ARG": on; +//chk "PW.LOCAL_TYPE_USED_IN_EXCEPTION": on; + +// Reports when, in a single try-catch, an earlier exception handler +// catches a superset of the types caught by a later exception +// handler, which implies the later handler is unreachable. +//chk "PW.MASKED_BY_HANDLER": on; + +// Reports when a variable declared 'const' has no initializer. +// +// Occasional FPs (macros, statics) but low volume anyway. +//chk "PW.MISSING_DEFAULT_CONSTRUCTOR_ON_CONST": on; +//chk "PW.MISSING_DEFAULT_CONSTRUCTOR_ON_UNNAMED_CONST": on; +//chk "PW.MISSING_INITIALIZER_ON_CONST": on; +//chk "PW.MISSING_INITIALIZER_ON_FIELDS": on; + +// Reports something like: +// +// typedef int ; +// +// where the declarator in a typedef is missing. +// +// This is allowed for bug compatibility with other compilers, but is +// not legal C or C++. +// +// This warning sometimes occurs when a type is defined both via a +// #define and a typedef, which indicates there is some problem in the +// type definition header files; sizes of variables might not be what +// was intended. +//chk "PW.MISSING_TYPEDEF_NAME": on; + +// Reports use of the anachronistic "implicit int" return type rule. +// +// Most often, a "void" return type was simply forgotten. +//chk "PW.MISSING_TYPE_SPECIFIER": on; +//chk "PW.MISSING_DECL_SPECIFIERS": on; +//chk "PW.IMPLICIT_INT_ON_MAIN": on; + +// Reports when the linkage language ("C" or "C++") for a name +// conflicts with a prior declaration. +// +// Accepted only for bug compatibility with other compilers. +//chk "PW.NAME_LINKAGE_MISMATCH_FOR_VARIABLE": on; + +// Reports when a function is *declared* to be inline, but no inline +// definition is found. +// +//chk "PW.NEVER_DEFINED": on; + +// Reports when a non-const reference is bound to a temporary value. +// +// This is not legal in the current C++ standards, in part because it +// can lead to bugs where an implicitly-created temporary is modified +// (and then discarded), but the programmer inteded to modify +// something more permanent. +//chk "PW.NONCONST_REF_INIT_ANACHRONISM": on; +//chk "PW.NONCONST_REF_INIT_FROM_RVALUE": on; + +// Reports the use of an additional layer of braces in an initializer. +// +// Accepted only for bug compatibility with other compilers. +//chk "PW.NONSTD_BRACES": on; + +// Reports when a non-static const member of a class is initialized +// inside the class definition. +// +// This is not legal C++ (9.4.2/4), but accepted for bug compatibility +// with other compilers. +//chk "PW.NONSTD_CONST_MEMBER": on; + +// Reports when a default argument of a function template is redeclared. +// +// Not valid C++, but some compilers fail to enforce. +//chk "PW.NONSTD_DEFAULT_ARG_ON_FUNCTION_TEMPLATE_REDECL": on; + +// Reports when a class is befriended without using the 'class' or +// 'struct' keyword. +// +// Invalid C++, allowed for compatibility. +//chk "PW.NONSTD_FRIEND_DECL": on; + +// Reports a use of the anachronistic "implicit int" rule. +// +// Invalid C++, allowed for compatibility. +//chk "PW.NONSTD_IMPLICIT_INT": on; + +// Reports when a non-POD (Plain Old Data) type is passed to a +// variable-argument function as one of the ellipsis ("...") +// parameters. +// +// Undefined behavior. C++ standard, 5.2.2/7. +//chk "PW.NON_POD_PASSED_TO_ELLIPSIS": on; + +// Reports when a function that has been declared to not return +// appears capable of returning. +// +// Sometimes this happens when a function that usually aborts, and +// hence is declared to not return, has a run-time switch to disable +// the abort behavior. However, this can be a serious bug, because +// some compilers will generate code that will crash or otherwise +// misbehave when a 'noreturn' function in fact returns; it is not +// necessarily a benign optimization. +//chk "PW.NORETURN_FUNCTION_DOES_RETURN": on; + +// Reports when a reference to NULL is created. +// +// Undefined behavior. C++ standard, 8.3.2/4. +//chk "PW.NULL_REFERENCE": on; + +// Reports when the promoted type of an argument is incompatible with +// the promoted type of the parameter. +// +// This usually indicates a bug at the call site, where the wrong +// argument expression is being passed. +// This can be very noisy in some (particularly, older) code bases. It is +// also very difficult to comprehend in CIM ca. 5.x since parse warnings are +// shown without the caret indicating where on the line they occur. +//chk "PW.OLD_STYLE_INCOMPATIBLE_PARAM": off; + +// Reports when more than one overloaded function is declared with +// extern "C" linkage. +// +// Invalid (C++03, 7.5p6), but allowed for bug compatibility. This +// can lead to the wrong function being executed at run time. +//chk "PW.OVERLOADED_FUNCTION_LINKAGE": on; + +// Reports when a parameter is assigned a value but the value is then +// not used. +// +// Typically, this is unintentional; the programmer may have meant +// to set a different variable, or meant to set *param instead of +// param. +//chk "PW.PARAM_SET_BUT_NOT_USED": on; + +// Reports when a parameter is hidden by a local. +// +// Often poor style, if not outright bug. +//chk "PW.PARAMETER_HIDDEN": on; + +// Reports when a function is declared with a prototype, then +// redeclared without a prototype. Can only happen in C code. +// Example: +// +// int foo(int a, int b); +// int foo(); // not a prototype (not even "(void)") +// +// foo(3,4,5); // allowed by GCC +// +// This is almost certainly a mistake, as the original prototype is +// being ignored, and consequently there might be undetected errors at +// call sites. +//chk "PW.PROTOTYPE_LOST": on; + +// Reports when a member declaration contains a qualifier. +// +// Not valid C++, but allowed by some compilers. +//chk "PW.QUALIFIER_IN_MEMBER_DECLARATION": on; + +// Reports when the address of a temporary is returned from a function. +// +// This results in undefined behavior (probable crash), because the +// temporary is destroyed on function exit, and then (presumably) used +// by the caller. +//chk "PW.RETURNING_PTR_TO_LOCAL_TEMP": on; + +// Reports when a shift count is a compile-time constant and greater +// than or equal to the representation width of the shift result. +// +// Undefined behavior according to the C++ standard. +//chk "PW.SHIFT_COUNT_TOO_LARGE": on; + +// Reports when a bitfield has one bit and is signed. +// +// The impact is subtle: the bitfield can store the values 0 and -1, +// rather than 0 and 1, as is probably intended; and if the machine +// happens to use sign-magnitude rather than two's complement, then +// the bitfield can store +0 and -0, which is even less likely to be +// what is intended. +// +// Normally, single-bit bitfields are unsigned. +//chk "PW.SIGNED_ONE_BIT_FIELD": on; + +// Reports when an explicit specialization is used before being +// declared. +// +// The most likely effect is that a different function will be called +// than the one that is intended. See C++03, 14.7.3p7. +//chk "PW.SPECIALIZATION_OF_REFERENCED_ENTITY_POS": on; + +// Reports when a store class specifier (e.g., "static") cannot be +// used in a given syntactic context. +// +// Invalid C++, but allowed for compiler compatibility. +//chk "PW.STORAGE_CLASS_NOT_ALLOWED": on; + +// Reports when a storage class is applied to something like a type +// specifier with no declarator, e.g., "static struct S {};". +// +// Invalid, but accepted for bug compatibility. +//chk "PW.STORAGE_CLASS_REQUIRES_FUNCTION_OR_VARIABLE": on; + +// Reports when a printf format string contains an unrecognized format +// specifier. +//chk "PW.BAD_PRINTF_FORMAT_STRING": on; + +// Reports when the type of an argument to a printf-style function is +// inconsistent with the format specifier. For noise reduction +// purposes, only serious mismatches (e.g., int vs. pointer) are +// reported. +//chk "PW.PRINTF_ARG_MISMATCH": on; + +// Reports when the number of arguments differs from the number of +// required arguments according to the format string. +// +// Too many arguments is strange, but legal. Too few arguments +// causes undefined behavior. +//chk "PW.TOO_FEW_PRINTF_ARGS": on; +//chk "PW.TOO_MANY_PRINTF_ARGS": on; + +// Reports when calls to printf and scanf functions where the format +// string is not a string literal. This may be a security hole if the +// format string came from untrusted input and contains %n. +// +// EAM July 18 2018: Note that this flags as defects things that pass other literals such as "NULL" for the format string. WT does this extensively. +chk "PW.NON_CONST_PRINTF_FORMAT_STRING": off; + +// Reports when extra arguments are passed to a function. +// +// Normally this is an error, but in some cases it is accepted for bug +// compatibility with other compilers. +//chk "PW.TOO_MANY_ARGUMENTS": on; + +// Reports when a type with no linkage (C++ Standard, 3.5/4) is used +// declare something that itself does have linkage. Example: +// +// typedef struct { int x; } *Ptr; // the struct has no linkage +// void func(Ptr p); // but 'func' does +// +// Not valid C++ (C++ Standard, 3.5/8), but allowed for bug +// compatibility with other compilers. In some cases, this can cause +// the linker to link a call site to the wrong function because names +// with no linkage cannot be reliably mangled. +//chk "PW.TYPE_WITH_NO_LINKAGE_IN_FUNCTION": on; +//chk "PW.TYPE_WITH_NO_LINKAGE_IN_VAR_WITH_LINKAGE": on; + +// Reports when an character escape sequence (backslash then +// something) that is not among the allowed escape sequences (C++ +// Standard, Clause 2, Table 5). +// +// Not valid C++, but allowed for bug and/or extension compatibility +// with some compilers. +//chk "PW.UNRECOGNIZED_CHAR_ESCAPE": on; + +// Reports when an unsigned value is compared against a negative +// value; the comparison can typically only yield one result. +// +// Probable bug. Some cases will also be found by NO_EFFECT. +//chk "PW.UNSIGNED_COMPARE_WITH_NEGATIVE": on; + +// Reports a declaration that does not declare anything, e.g.: +// +// int ; +// +// Not valid C++, but allowed by some compilers. +//chk "PW.USELESS_DECL": on; + +// Reports when a const/volatile qualifier is useless. +// +// Often indicates confusion about syntax, particularly when someone +// writes "char * const" but meant "char const *". +//chk "PW.USELESS_TYPE_QUALIFIERS": on; +//chk "PW.USELESS_TYPE_QUALIFIER_ON_RETURN_TYPE": on; + +// Reports when a 'using' declaration is redundant because it refers +// to the current namespace. +// +// Not invalid, but may be unintentional, and probably confusing. +//chk "PW.USELESS_USING_DECLARATION": on; + +// Reports when a field declared 'const' is not initialized. +// +// In C++, this is an error. In C it is a warning, but the run time +// effect is undefined. +//chk "PW.VAR_WITH_UNINITIALIZED_FIELD": on; + +// Reports when the type passed to 'va_arg' is a non-promoted type, +// meaning that if an argument of that type had been passed, it would +// have been promoted (typically to 'int' or 'unsigned int'). The +// 'va_arg' is interpreted as if the promoted type were named instead. +// +// This can arise from misuses of variable-argument functions when the +// promotion rules are not understood. The offending code should be +// checked for correctness, and/or the type replaced with the promoted +// type for clarity. +//chk "PW.VA_ARG_WOULD_HAVE_BEEN_PROMOTED": on; + +// Reports two different issues: +// +// * Character literal with no character: '' +// * #include of empty-string file name: #include "" +// +// Both are nonstandard. +//chk "PW.ZERO_LENGTH_STRING": on; + +// Reports when a DLL is imported multiple times in a single translation +// unit using #import with conflicting attributes. The Microsoft compiler +// ignores the second #import. If the order of the imports were to change +// this could break the compilation or change the semantics of the program. +// Microsoft considers this a bug and may make it a parse error in future +// versions of their compiler. +// +// This can also result in parse errors for the Coverity Compiler since it +// uses the attributes on the last #import encountered. +//chk "SW.BAD_IMPORT_ATTRIBUTES": on; + +// Reports when a deprecated compiler mode is being used. Most compiler +// modes have been replaced by a collection of options that will mimic +// that compiler behavior. By using the individual options we have more +// control to match the behavior of the native compiler. Regenerating +// configurations using the latest version of cov-configure should +// eliminate this warning. +//chk "SW.DEPRECATED_COMPILER_MODE": on; + +// Reports when an incomplete type is used in a location that the C++ +// standard does not permit. We allow this since many C++ compilers +// permit this, however, it is not always clear what the intention is. +// This can potentially cause false positives. +//chk "SW.INCOMPLETE_TYPE_NOT_ALLOWED": on; + +// Reports when the Coverity Compiler encounters an integer type that +// has a size it cannot support. This can mean there is some kind +// of configuration problem. The Coverity Compiler will substitute an +// integer of a known size. This has the potential to introduce false +// positives. +//chk "SW.NO_TYPE_OF_SPECIFIED_WIDTH": on; + +// Reports when a nontype symbol is followed by a template argument list +// in a nonexpression constext. Since we do not know what the meaning of +// this code is, we ignore it, but it could trigger pass errors later. +// +// template class C { +// void f(); +// friend void f<>(); +// }; +// C x; +//chk "SW.SYM_NOT_A_TEMPLATE": on; + +// EOF diff --git a/etc/evergreen_nightly.yml b/etc/evergreen_nightly.yml index 7928e938297..7944cc24347 100644 --- a/etc/evergreen_nightly.yml +++ b/etc/evergreen_nightly.yml @@ -51,6 +51,9 @@ include: ### Uncomment when using this file for a LTS release branch. ### # - filename: etc/evergreen_yml_components/variants/windows/test_dev_master_and_lts_branches_only.yml + - filename: etc/evergreen_yml_components/tasks/coverity_tasks.yml + - filename: etc/evergreen_yml_components/variants/coverity.yml + parameters: - key: evergreen_config_file_path value: "etc/evergreen_nightly.yml" diff --git a/etc/evergreen_yml_components/tasks/coverity_tasks.yml b/etc/evergreen_yml_components/tasks/coverity_tasks.yml new file mode 100644 index 00000000000..ca1e57b9556 --- /dev/null +++ b/etc/evergreen_yml_components/tasks/coverity_tasks.yml @@ -0,0 +1,94 @@ +functions: + f_clone_source: + - &clone_source + display_name: "Cloning source to analyze" + command: git.get_project + params: + directory: src + clone_depth: 1 + recurse_submodules: true + + - &check + display_name: "Checking if project has needed Coverity config" + command: subprocess.exec + params: + add_expansions_to_env: true + redirect_standard_error_to_output: true + binary: "${module_prefix}/${module_name}/evergreen/coverity.sh" + args: + - "check" + + f_download_and_extract_coverity: + - &assume_role + display_name: "Assuming IAM role" + command: ec2.assume_role + params: + role_arn: arn:aws:iam::557821124784:role/evergreen.evergreen.coverity + + - &download_coverity_license + display_name: "downloading Coverity license file" + command: s3.get + params: + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} + remote_file: license.dat + bucket: evergreen.coverity + local_file: license.dat + + - &download_coverity_binary + display_name: "downloading Coverity binary" + command: s3.get + params: + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} + remote_file: linux/x86_64/latest/coverity.tar.gz + bucket: evergreen.coverity + local_file: coverity.tar.gz + + - &extract_coverity_binary + display_name: "Extracting Coverity binary tarball" + command: subprocess.exec + params: + add_expansions_to_env: true + redirect_standard_error_to_output: true + binary: "${module_prefix}/${module_name}/evergreen/coverity.sh" + args: + - "extract" + + # Analyzes after build + f_analyze: + - command: subprocess.exec + params: + add_expansions_to_env: true + redirect_standard_error_to_output: true + binary: "${module_prefix}/${module_name}/evergreen/coverity.sh" + args: + - "analyze" + + # Pushes results to Coverity server after a successful analysis + f_commit: + - command: subprocess.exec + params: + add_expansions_to_env: true + redirect_standard_error_to_output: true + binary: "${module_prefix}/${module_name}/evergreen/coverity.sh" + args: + - "commit" + + # All in one function, from cloning to pushing results to Coverity server + f_run_coverity: + - *clone_source + - *check + - *assume_role + - *download_coverity_license + - *download_coverity_binary + - *extract_coverity_binary + - command: subprocess.exec + params: + add_expansions_to_env: true + redirect_standard_error_to_output: true + binary: "${module_prefix}/${module_name}/evergreen/coverity.sh" + args: + - "scan" diff --git a/etc/evergreen_yml_components/variants/coverity.yml b/etc/evergreen_yml_components/variants/coverity.yml new file mode 100644 index 00000000000..58cdf38a3e7 --- /dev/null +++ b/etc/evergreen_yml_components/variants/coverity.yml @@ -0,0 +1,90 @@ +buildvariants: + - name: bv_coverity_analysis + display_name: Coverity Analysis + # Don't run Coverity analysis as part of patch builds + patchable: false + allow_for_git_tag: false + # Run at 4 am UTC everyday + cron: "0 4 * * *" + run_on: ubuntu2404-xlarge + modules: + - devprod_coverity + tasks: + - name: run_coverity + +functions: + f_generate_evergreen_bazelrc: + command: subprocess.exec + display_name: "generate evergreen bazelrc" + params: + binary: bash + args: + - "src/evergreen/generate_evergreen_bazelrc.sh" + + f_setup_python: + command: subprocess.exec + display_name: "set up venv" + params: + binary: bash + args: + - "src/evergreen/functions/venv_setup.sh" + + f_coverity_build: + command: subprocess.exec + display_name: "Coverity build" + params: + binary: bash + args: + - "src/evergreen/coverity_build.sh" + env: + COVERITY_INSTALL_ROOT: ${workdir}/coverity + add_expansions_to_env: true + +tasks: + - name: run_coverity + tags: + [ + "assigned_to_jira_team_devprod_build", + "development_critical_single_variant", + "requires_large_host", + "coverity", + ] + exec_timeout_secs: 28800 # Max scan time of 8 hours + commands: + - func: f_clone_source + vars: + module_prefix: ${workdir}/devprodCoveritySrc + module_name: devprod_coverity + # Functions to prepare for Coverity build + - func: f_expansions_write + - func: f_setup_python + - func: f_expansions_write + - func: f_generate_evergreen_bazelrc + - func: f_download_and_extract_coverity + vars: + module_prefix: ${workdir}/devprodCoveritySrc + module_name: devprod_coverity + - func: f_coverity_build + timeout_secs: 10800 # Idle timeout of 3 hours + - func: f_analyze + vars: + module_prefix: ${workdir}/devprodCoveritySrc + module_name: devprod_coverity + timeout_secs: 10800 # Idle timeout of 3 hours + - func: f_commit + vars: + module_prefix: ${workdir}/devprodCoveritySrc + module_name: devprod_coverity + +####################################### +# Modules # +####################################### +# for some reason this has can't be included from the included configuration file above +# it may be because one of the includes needs this module, could be an evergreen bug +modules: + - name: devprod_coverity + owner: mongodb-devprod-infrastructure + repo: coverity + prefix: "${workdir}/devprodCoveritySrc" + branch: main + auto_update: true diff --git a/evergreen/coverity_build.sh b/evergreen/coverity_build.sh new file mode 100644 index 00000000000..2198bdc9843 --- /dev/null +++ b/evergreen/coverity_build.sh @@ -0,0 +1,34 @@ +#!/bin/env bash + +set -eo pipefail + +cd src + +. evergreen/prelude_venv.sh +activate_venv +python buildscripts/install_bazel.py +bazel_bin="$HOME/.local/bin/bazelisk" +# number of parallel jobs to use for build. +# Even with scale=0 (the default), bc command adds decimal digits in case of multiplication. Division by 1 gives us a whole number with scale=0 +bazel_jobs=$(bc <<< "$(grep -c '^processor' /proc/cpuinfo) * .85 / 1") +build_config="--config=local --jobs=$bazel_jobs --compiler_type=gcc --opt=off --dbg=False --allocator=system" +bazel_query='mnemonic("CppCompile|LinkCompile", filter(//src/mongo, deps(//:install-core)) except //src/mongo/db/modules/enterprise/src/streams/third_party/...)' +bazel_cache="--output_user_root=$workdir/bazel_cache" + +python bazel/coverity/generate_coverity_command.py --bazel_executable=$bazel_bin --bazel_cache=$bazel_cache --bazel_query="$bazel_query" $build_config --noinclude_artifacts +$bazel_bin $bazel_cache build $build_config --build_tag_filters=gen_source //src/... +bazelBuildCommand="$bazel_bin $bazel_cache build $build_config //src/mongo/db/modules/enterprise/coverity:enterprise_coverity_build" +echo "Bazel Build Command: $bazelBuildCommand" +covIdir="$workdir/covIdir" +if [ -d "$covIdir" ]; then + echo "covIdir already exists, meaning idir extracted after download from S3" +else + mkdir $workdir/covIdir +fi +$workdir/coverity/bin/cov-build --dir "$covIdir" --verbose 0 -j $bazel_jobs --return-emit-failures --parse-error-threshold=99 --bazel $bazelBuildCommand +ret=$? +if [ $ret -ne 0 ]; then + echo "cov-build faild with exit code $ret" +else + echo "cov-build was successful" +fi