Coverity Quality source code analysis
Find defects in your Java, C# or C/C++ open source project for free.
Test every line of code and potential execution path.
The root cause of each quality or security defect is clearly explained, making it easy to fix bugs
Integrated with Github and Travis Ci
The best thing about all of this: It’s free for open source software. Simple register an account and then your open source project and you’re good to go. Before you can see the scan results they have to approve your project though.
For me the tricky part was building x64dbg with the command line. I never did this before and the documentation wasn’t very clear to me. Basically you run the following commands:
>Configure cov-build for MSVC cov-configure --msvc >Build into the required databases cov-build --dir cov-int --instrument [command that builds here]
What was recommended on the internet was creating a script that fully builds your project. This is
@echo off echo Building DBG... devenv /Rebuild "Release|x64" x64dbg.sln echo Building GUI... rmdir /S /Q build mkdir build cd build qmake ..\src\gui\x64dbg.pro CONFIG+=release jom
Notice that you have to be in the Visual Studio Command Prompt (+ Qt paths configured) for this to work. Just run
@echo off echo Setting Qt in PATH set PATH=%PATH%;c:\Qt\4.8.6-x64\bin set PATH=%PATH%;c:\Qt\qtcreator-3.1.1\bin call %comspec% /k ""C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\vcvarsall.bat"" amd64
This will launch a new console, from there run
@echo off cov-configure --msvc cov-build --dir cov-int --instrument coverity_build.bat exit
After a long time (I have 6 cores, it still took me 5-10 minutes to build with
cov-build), the building is finished and you have to ZIP the
cov-int directory (not the files inside, the whole directory has to be in the ZIP).
When zipped, simply submit the build to your Coverity project and start analyzing errors.
Here is a screenshot of what the Coverity interface looks like:
See you all later,
blog comments powered by Disqus