Hi Anton & Ioannis,

Karl's presentation goes in detail but I just want to highlight  that TF-M (and also TF-A) are two type of static checks:

[1] Project related static checks & cppcheck executed per-patch
[2] Coverity scan, executed daily

For 1,  other project-related static checks can be included. For 2, coverity scan coverage is about 42 % so one community effort would be to increase it and cover mode  code. In order to increase the latter, 'coverity needs to compile more code', which means that more platforms/parameters should be taken into account. Check this file [3] in case you want to participate in this effort.

[1] https://ci.trustedfirmware.org/job/tf-m-static/
[2] https://ci.trustedfirmware.org/job/tf-m-coverity/
[3] https://git.trustedfirmware.org/ci/tf-m-ci-scripts.git/tree/script/tf-coverity/cov-makefile

On Wed, 17 Mar 2021 at 05:31, Anton Komlev via TF-M <tf-m@lists.trustedfirmware.org> wrote:

Hi Ioannis,

 

Thanks for bringing up the important topic up. Believe Karl will comment the details of it in TF-M but you could be interested watch his presentation on Tech Forum from Feb 4th.

https://www.trustedfirmware.org/docs/tech_forum_20210204_TF-M_openCI_static_check.pdf

Forum records are here:

https://www.trustedfirmware.org/meetings/tf-m-technical-forum/

 

And yes, the check we have now is not enough so any improvements are welcome.

 

Hope it helps,

Anton

 

 

From: TF-M <tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Glaropoulos, Ioannis via TF-M
Sent: Wednesday, March 17, 2021 11:15 AM
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] Static analysic checking & reporting - inquiry about interest

 

Hi everyone,

 

I would like to ask whether there is an interest in the Project for integrating static code analysis tools with the rest of CI, on the TF-M code base. To the best of my knowledge, this is not available today. In short, a simple process would involve maintaining and running static analysis checking (e.g. using Coverity or any other licensed tool) in nightly/weekly/etc. CI runs, reporting the found issues in the Project, triaging them, and tracking the progress of fixing the issues that are identified as real bugs. Has this topic been raised already in the Project? If not, is this something the project members would consider adding as part of the TF-M Project QA/release process?

 

Thanks!

Ioannis Glaropoulos

Nordic Semiconductor

 

 

--
TF-M mailing list
TF-M@lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m