Initial commit for TF-A CI scripts
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
diff --git a/coverity/MISRA_c2012_1_ARM_TF.config b/coverity/MISRA_c2012_1_ARM_TF.config
new file mode 100644
index 0000000..b5e802c
--- /dev/null
+++ b/coverity/MISRA_c2012_1_ARM_TF.config
@@ -0,0 +1,47 @@
+//
+// Copyright (c) 2019, Arm Limited. All rights reserved.
+//
+// SPDX-License-Identifier: BSD-3-Clause
+//
+
+// Default enabled rules are:
+
+// Parse warnings and recoverable warnings related:
+// Rule 2.1, Rule 2.2, Rule 3.1, Rule 3.2, Rule 4.2, Rule 5.3, Rule 5.7, Rule 8.2, Rule 17.3, Rule 20.9, Rule 20.14,
+
+// Other default enabled rules:
+// Directive 4.4, Directive 4.7, Directive 4.12, Rule 1.2, Rule 5.1, Rule 5.2, Rule 5.4, Rule 5.5, Rule 8.1, Rule 9.1,
+// Rule 8.14, Rule 13.6, Rule 15.6, Rule 16.2, Rule 16.3, Rule 16.4, Rule 16.5, Rule 16.6, Rule 16.7, Rule 17.1,
+// Rule 17.4, Rule 17.6, Rule 19.1, Rule 19.2, Rule 21.4, Rule 21.5, Rule 21.6, Rule 21.7, Rule 21.8, Rule 21.9,
+// Rule 21.10, Rule 21.11, Rule 21.12, Rule 22.1, Rule 22.2, Rule 22.4, Rule 22.5, Rule 22.6.
+
+// You can disable the above rules (except mandatory rules) by adding "deviation"s and "reason"s in "deviations" field.
+// Mandatory rules: 9.1, 13.6, 17.3, 17.4, 17.6, 19.1, 22.2, 22.4, 22.5, 22.6.
+
+{
+ version : "2.0",
+ standard : "c2012",
+ title: "Coverity Compliance",
+ deviations : [
+ // Remove these deviations once you’re ready to go to level 2
+ { deviation: "Rule 2.4", reason: "This rule is currently disabled in the analysis configuration." },
+ { deviation: "Rule 2.5", reason: "This rule is currently disabled in the analysis configuration." },
+ { deviation: "Rule 2.7", reason: "This rule is currently disabled in the analysis configuration." },
+ { deviation: "Directive 4.6", reason: "This rule is currently disabled in the analysis configuration." },
+ { deviation: "Directive 4.8", reason: "We can't comply with this (advisory) rule without invasive changes to the codebase." },
+ { deviation: "Directive 4.9", reason: "This (advisory) rule flags assert(), CASSERT(), INFO()..." },
+ { deviation: "Rule 5.1", reason: "This rule is currently disabled in the analysis configuration." },
+ { deviation: "Rule 5.8", reason: "This rule is currently disabled in the analysis configuration." },
+ { deviation: "Rule 8.6", reason: "This rule is currently disabled in the analysis configuration." },
+ { deviation: "Rule 8.7", reason: "This rule is currently disabled in the analysis configuration." },
+ { deviation: "Rule 11.4", reason: "This rule is currently disabled in the analysis configuration." },
+ { deviation: "Rule 11.5", reason: "This rule is currently disabled in the analysis configuration." },
+ { deviation: "Rule 15.1", reason: "This rule is currently disabled in the analysis configuration." },
+ { deviation: "Rule 15.5", reason: "This rule is currently disabled in the analysis configuration." },
+ { deviation: "Rule 15.6", reason: "This rule is currently disabled in the analysis configuration." },
+ { deviation: "Rule 16.1", reason: "This rule is a superset of rule 16.3 which we cannot comply with." },
+ { deviation: "Rule 16.3", reason: "We make extensive use of unconditional return within switch clauses." },
+ { deviation: "Rule 17.1", reason: "This rule is currently disabled in the analysis configuration." },
+ { deviation: "Rule 21.6", reason: "This rule is currently disabled in the analysis configuration." }
+ ]
+}
diff --git a/coverity/run_coverity.sh b/coverity/run_coverity.sh
new file mode 100755
index 0000000..374b1fe
--- /dev/null
+++ b/coverity/run_coverity.sh
@@ -0,0 +1,201 @@
+#!/bin/bash
+#
+# Copyright (c) 2019, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+#
+# Run Coverity on a source tree.
+# Then:
+# - either produce a tarball ready to be submitted to Coverity Scan Online
+# [online mode]
+# - or locally analyze and create a text report and HTML pages of the analysis
+# [offline mode]
+#
+# The following arguments must be passed to this script:
+# 1. The command to use to build the software (this can be a script).
+# 2. The mode: "online" or "offline".
+# 3. The name of the output file to produce.
+# In the online mode, this should be a tarball name.
+# In the offline mode, this should be a text file name.
+# 4. In the offline mode, the path to the source tree to analyze.
+#
+# Assumptions:
+# The following tools are loaded in the PATH:
+# - the Coverity tools (cov-configure, cov-build, and so on);
+# - the AArch64 cross-toolchain;
+# - the AArch32 cross-toolchain.
+
+# Bail out as soon as an error is encountered
+set -e
+
+
+function do_check_tools()
+{
+ local mode="$1"
+
+ echo
+ echo "Checking all required tools are available..."
+ echo
+
+ # Print version of the Coverity tools.
+ # This also serves as a check that the tools are available.
+ cov-configure --ident
+ cov-build --ident
+ if [[ "$mode" == "offline" ]]; then
+ cov-analyze --ident
+ fi
+
+ # Check that the AArch64 cross-toolchain is available.
+ aarch64-linux-gnu-gcc --version
+
+ # Check that the AArch32 cross-toolchain is available.
+ arm-linux-gnueabihf-gcc --version
+
+ echo
+ echo "Checks complete."
+ echo
+}
+
+
+function do_configure()
+{
+ # Create Coverity's configuration directory and its intermediate directory.
+ rm -rf cov-config cov-int
+ mkdir cov-config cov-int
+
+ # Generate Coverity's configuration files.
+ #
+ # This needs to be done for each compiler.
+ # Each invocation of the cov-configure command adds a compiler configuration in
+ # its own subdirectory, and the top XML configuration file contains an include
+ # directive for that compiler-specific configuration.
+ # 1) AArch64 compiler
+ cov-configure \
+ --comptype gcc \
+ --template \
+ --compiler aarch64-linux-gnu-gcc \
+ --config cov-config/config.xml
+ # 2) AArch32 compiler
+ cov-configure \
+ --comptype gcc \
+ --template \
+ --compiler arm-linux-gnueabihf-gcc \
+ --config cov-config/config.xml
+}
+
+
+function do_build()
+{
+ local build_cmd=("$*")
+
+ echo
+ echo "* The software will be built using the following command line:"
+ echo "$build_cmd"
+ echo
+
+ # Build the instrumented binaries.
+ cov-build \
+ --config cov-config/config.xml \
+ --dir cov-int \
+ $build_cmd
+
+ echo
+ echo "Build complete."
+ echo
+}
+
+
+function do_analyze()
+{
+ local out="$1"
+ local src_tree="$2"
+ local profile="$3"
+ out="${profile}_${out}"
+
+ echo
+ echo "Starting the local analysis..."
+ echo " (Profile: $profile)"
+ echo
+ echo "The results will be saved into '$out'."
+ echo
+
+ results_dir=$(pwd)
+ cd "$src_tree"
+
+ # Analyze the instrumented binaries.
+ # Get the analysis settings from the right profile file.
+ cov-analyze \
+ $(cat $(dirname "$0")/coverity_profile_${profile}) \
+ ${analysis_settings[@]} \
+ --dir "$results_dir/cov-int" \
+ --verbose 0 \
+ --redirect stdout,"$results_dir/$out"
+
+ # Generate HTML pages
+ cov-format-errors \
+ --html-output "$results_dir/results/html/${profile}" \
+ --filesort \
+ --dir "$results_dir/cov-int"
+
+ # Generate text report
+ mkdir -p "$results_dir/results/text"
+ cov-format-errors \
+ --emacs-style \
+ --filesort \
+ --dir "$results_dir/cov-int" \
+ > "$results_dir/results/text/${profile}"
+ cd -
+ echo "Analysis complete."
+}
+
+
+function create_results_tarball()
+{
+ local tarball_name="$1"
+
+ echo
+ echo "Creating the tarball containing the results of the analysis..."
+ echo
+ tar -czvf "$tarball_name" cov-int/
+ echo
+ echo "Complete."
+ echo
+}
+
+
+###############################################################################
+PHASE="$1"
+echo "Coverity: phase '$PHASE'"
+shift
+
+case $PHASE in
+ check_tools)
+ ANALYSIS_MODE="$1"
+ do_check_tools "$ANALYSIS_MODE"
+ ;;
+
+ configure)
+ do_configure
+ ;;
+
+ build)
+ do_build "$1"
+ ;;
+
+ analyze)
+ OUTPUT_FILE="$1"
+ SOURCE_TREE="$2"
+ ANALYSIS_PROFILE="$3"
+ do_analyze "$OUTPUT_FILE" "$SOURCE_TREE" "$ANALYSIS_PROFILE"
+ ;;
+
+ package)
+ OUTPUT_FILE="$1"
+ create_results_tarball "$OUTPUT_FILE"
+ ;;
+
+ *)
+ echo "Invalid phase '$PHASE'"
+esac