search

uxlfoundation / open-source-working-group

The UXL Foundation Open Source Working Group
8 stars 4 forks source link

oneMKL Test Coverity on open source repos (C/C++ code) #78

Open rozhukov opened 3 months ago

rozhukov commented 3 months ago

Need to test https://scan.coverity.com/ tool for (at least) C/C++ static code analysis.

Steps:

  1. Register your project as a new project. Make sure to restrict Aaccess to scan data in settings.
  2. Set up Coverity for Builds Download and configure the Coverity Build Tool
  3. Configure GitHub action. Good ideas good be found here: https://github.com/marketplace/actions/unofficial-coverity-scan
vmalia commented 1 month ago

@rozhukov do I sign-in with github or a coverity faceless account, to register a new project? image

rozhukov commented 1 month ago

@rozhukov do I sign-in with github or a coverity faceless account, to register a new project? image

This is a Public Coverity - so please don't use any Intel internal accounts. Rather than that - the're no limitations. I used my GitHub account to play around it. When it gets tested, I think you can switch to bot account as part of CI/runners

vmalia commented 1 month ago

I want to summarize some findings here.

  1. https://github.com/marketplace/actions/unofficial-coverity-scan does not work with icx and icpx. because the action uses default compiler template(gcc-style). It does not support cov-configure that allows configuring a custom compiler(more on this later).
  2. When defining a custom GH job step, and using icx and icpx, cov-build fails to detect any emitted C/C++ objects: 
    # oneMKL example
- name: Configure & build with Coverity
  run: |
    source /opt/intel/oneapi/setvars.sh
    cmake -DENABLE_MKLGPU_BACKEND=off -DTARGET_DOMAINS=${{ matrix.domain }} -DCMAKE_VERBOSE_MAKEFILE=on -DBUILD_FUNCTIONAL_TESTS=False -B build_cov
    cov-analysis-linux64-2023.6.2/bin/cov-build --dir cov-int cmake --build build_cov/ --target all --parallel

    image

  3. This brings us to the next solution: cov-configure. We can use this command to configure a custom compiler, that is installed in a non-standard location (like oneAPI installation). 
    - name: Configure & build with Coverity
  run: |
    source /opt/intel/oneapi/setvars.sh
    cmake -DENABLE_MKLGPU_BACKEND=off -DTARGET_DOMAINS=${{ matrix.domain }} -DCMAKE_VERBOSE_MAKEFILE=on -DBUILD_FUNCTIONAL_TESTS=False -B build_cov
    cov-analysis-linux64-2023.6.2/bin/cov-configure --template --comptype intel_icx --compiler icx
    cov-analysis-linux64-2023.6.2/bin/cov-configure --template --comptype intel_icpx --compiler icpx
    cov-analysis-linux64-2023.6.2/bin/cov-build --dir cov-int cmake --build build_cov/ --target all --parallel

    Now cov-build detects 50% of the generated objects. image

This is not enough because of https://scan.coverity.com/download image

Next: