Skip to content
Snippets Groups Projects
Select Git revision
  • merge_pipeline
  • devel default protected
  • mmenshikov-experimental-sa3
  • backward_compatibility
  • more_test
  • mmenshikov-experimental-sa
  • master protected
  • source_folder
  • 1.2 protected
  • 1.1 protected
  • 1.0 protected
  • 0.33.1 protected
  • 0.33 protected
  • 0.32 protected
  • 0.31 protected
  • 0.30 protected
  • 0.29 protected
  • 0.28 protected
  • 0.27 protected
  • 0.26 protected
  • 0.25 protected
21 results
Compare
Name Last commit Last update
docker
.gitignore
README.md
static-code-analysis.yml
README.md

gitlab-ci-pipeline

Shared pipelines for CI

CI interface for make/cmake

  • make format note not used by CI
  • make format-check
  • make / make all
  • make check
  • make run-code-coverage-metrics

Each make command must have the return code 0 to indicate pass or other value for a failer.

GNU Make naming conventions

iopsys CI workflow

graph LR;
  ID1(Static Code Analysis)-->ID2(Format Check);
  ID2(Format Check)-->ID3(Building);
  ID3(Building)-->ID4(Module Testing);
  ID4(Module Testing)-->ID5(Dynamic Code Analysis);

Prerequisite Static Code Analysis (SCA)

Basically none, the SCA can be done even if the code does not compile.

Prerequisite Format Check

TBD

Prerequisite Building

TBD

Prerequisite Module Testing

TBD

Prerequisite Dynamic Code Analysis

TBD

Static code analysis

  • cppcheck (for static analysis)
  • flawfinder (reports possible security weaknesses)
  • cpd (for DRY checking)

TBD to use scan-build — Clang static analyzer.

cppcheck

Cppcheck will perform static checks that may not be covered by the compiler itself.

More

These checks are static analysis checks that can be performed at a source code level, this means that the code does not need to compile.

Some of the checks that are supported include:

  • Automatic variable checking
  • Bounds checking for array overruns
  • Classes checking (e.g. unused functions, variable initialization and memory duplication)
  • Usage of deprecated or superseded functions according to Open Group[3]
  • Exception safety checking, for example usage of memory allocation and destructor checks
  • Memory leaks, e.g. due to lost scope without deallocation
  • Resource leaks, e.g. due to forgetting to close a file handle
  • Invalid usage of Standard Template Library functions and idioms
  • Miscellaneous stylistic and performance errors

Source

flawfinder

FlawFinder is a tool that scans your C/C++ source code for calls to typical vulnerable library functions.

More

Typical error types found:

  • Calls to library functions creating buffer overflow vulnerabilities (gets, strcpy, sprintf, ...)
  • Calls to library functions potentially vulnerable to string formatting attacks (sprintf, printf, ...)
  • Potential race conditions in file handling.

Source

cpd

The Copy/Paste Detector (CPD) tool will find duplicate blocks of code.

More

If duplicates are found, analyse the code block and consider refactoring the code. Advice on refactoring can be found [here] (https://refactoring.guru/smells/duplicate-code), the link describesin-depth strategies, use cases and explanations.

Source

Format checking

Module testing

Dynamic code analysis

  • Code coverage
  • Detect memory leaks
  • Uninitialized accesses
  • Concurrency issues
  • Undefined behavior situations
  • Etc.