Added infer and minor cleanup

1143a77e · Vivek Dutta · 73750b51 · 1143a77e · 1143a77e · 1143a77e
Commit 1143a77e authored 7 months ago by Vivek Dutta
--- a/docker/code-analysis/Dockerfile
+++ b/docker/code-analysis/Dockerfile
@@ -18,7 +18,6 @@ RUN \
        autoconf \
        automake \
        build-essential \
-        clang-format \
        cmake \
        curl \
        gcovr \
@@ -51,7 +50,6 @@ RUN \
        libnl-route-3-dev \
        libpcre3-dev \
        libssl-dev \
-        libssl-dev \
        libtool \
        libtrace-dev \
        libuv1-dev \
@@ -66,27 +64,19 @@ RUN \
        # Dependencies for ieee1905
        libpcap-dev \
        clang \
-        shellcheck
+        clang-format \
+        clang-tidy \
+        shellcheck \
+        jq \
+        python3-pip \
+        cppcheck \
+        bear

 RUN mkdir /opt/dev && \
    mkdir /etc/config

 RUN git config --global advice.detachedHead false

-# install cppcheck
-ARG CPPCHECK_VERSION=2.7
-RUN \
-    cd /opt/dev && \
-    git clone -b ${CPPCHECK_VERSION} --depth=1 https://github.com/danmar/cppcheck.git && \
-    cd cppcheck && \
-    mkdir build && \
-    cd build && \
-    cmake -DHAVE_RULES=ON -DUSE_MATCHCOMPILER=ON .. && \
-    cmake --build . && \
-    cmake --install . && \
-    cd ../.. && \
-    rm -rf cppcheck
-
 # install node
 ARG NODEJS_VERSION_MAJOR=16
 RUN curl -fsSL "https://deb.nodesource.com/setup_${NODEJS_VERSION_MAJOR}.x" | bash - && \
@@ -124,7 +114,7 @@ RUN \
    git clone https://git.openwrt.org/project/libubox.git && \
    cd libubox && mkdir build && cd build && \
    git checkout ${LIBUBOX_VERSION} && \
-    cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE:String="Release" .. && \
+    cmake -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_LUA=OFF -DCMAKE_BUILD_TYPE:String="Release" .. && \
    make -j2 && \
    make install

@@ -161,17 +151,6 @@ RUN \
    make -j2 && \
    make install

-# json-editor
-ARG JSON_EDITOR_VERSION=44b32937a062ec4ffc9f7355841dc94ab6efa50f
-RUN \
-    cd /opt/dev && \
-    git clone https://dev.iopsys.eu/iopsys/json-editor.git && \
-    cd json-editor && \
-    git checkout ${JSON_EDITOR_VERSION} && \
-    cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE:String="Release" . && \
-    make && \
-    make install
-
 # json-cpp
 ARG JSON_CPP_VERSION=v3.11.2
 RUN \
@@ -256,17 +235,37 @@ RUN \
    ln -sf /usr/lib/libmicroxml.so.1.0 /lib/libmicroxml.so && \
    ln -sf /usr/lib/libmicroxml.so.1.0 /lib/libmicroxml.so.1

+# Download the Infer release
+RUN INFER_VERSION=v1.2.0; \
+    cd /opt && \
+    curl -sL \
+      https://github.com/facebook/infer/releases/download/${INFER_VERSION}/infer-linux-x86_64-${INFER_VERSION}.tar.xz | \
+    tar xJ && \
+    rm -f /infer && \
+    ln -s ${PWD}/infer-linux-x86_64-$INFER_VERSION /infer
+
+# Install infer
+ENV PATH /infer/bin:${PATH}
+
+# Install python ubus module and valgrind-ci
+RUN pip3 install ubus ValgrindCI
+
 WORKDIR /builds/iopsys/

 # Prepare supervisor
 RUN mkdir -p /var/log/supervisor && \
    mkdir -p /etc/supervisor/conf.d/
+
 COPY supervisord.conf /etc/supervisor/

 # Prepare JSON Schemas
 RUN mkdir -p /usr/share/rpcd/schemas && \
    mkdir -p /usr/share/rpcd/definitions

+
+# Copy more_test script
+COPY more_test.sh /usr/local/bin/more_test.sh
+
 # Start entrypoint
 COPY entrypoint.sh /usr/local/bin/entrypoint.sh
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
--- a/docker/code-analysis/more_test.sh
+++ b/docker/code-analysis/more_test.sh
+#!/bin/bash
+
+log()
+{
+	echo "# $* ..."
+}
+
+exec_cmd()
+{
+	log "Running [$@]"
+	$@
+	if [ "$?" -ne 0 ]; then
+		log "Failed to run [$@]..."
+		exit 1
+	fi
+}
+
+generate_compilation_db()
+{
+	if [ -n "${COMPILATION_FIXUP}" ]; then
+		COMPILATION_FIXUP="${COMPILATION_FIXUP/cmake /cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON }"
+		exec_cmd ${COMPILATION_FIXUP}
+	fi
+
+	exec_cmd bear -- make -C ${SOURCE_FOLDER}
+
+	if [ ! -f "compile_commands.json" ]; then
+		log "Failed to generate compilation db"
+		exit 2
+	fi
+}
+
+run_cppcheck_validation()
+{
+	if [ -f "compile_commands.json" ]; then
+		exec_cmd cppcheck --error-exitcode=1 --addon=threadsafety --addon=cert --inline-suppr ${CPPCHECK_OPTIONS} --project=compile_commands.json
+	else
+		exec_cmd cppcheck --error-exitcode=1 --addon=threadsafety --addon=cert --inline-suppr ${CPPCHECK_OPTIONS} ${SOURCE_FOLDER}
+	fi
+}
+
+run_infer_analysis()
+{
+	exec_cmd infer --fail-on-issue --compilation-database compile_commands.json
+}
+
+main()
+{
+	log "SOURCE_FOLDER: ${SOURCE_FOLDER}"
+	log "COMPILATION_FIXUP: ${COMPILATION_FIXUP}"
+	log "CPPCHECK_OPTIONS: ${CPPCHECK_OPTIONS}"
+	log ""
+
+	# Install pre-req if present/defined
+	if [ -f "./gitlab-ci/install-dependencies.sh" ]; then
+		exec_cmd ./gitlab-ci/install-dependencies.sh
+	fi
+
+	# Generate compilation db
+	generate_compilation_db
+
+	# TODO: Run gcc fanalyzer analysis 
+	# TODO: Run clag analysis
+
+	# Run cppcheck with compilation-db
+	run_cppcheck_validation
+
+	# Run infer analysis
+	run_infer_analysis
+}
+
+main "$@"
--- a/static-code-analysis.yml
+++ b/static-code-analysis.yml
 variables:
-  COMMON_IMAGE: "dev.iopsys.eu:5050/iopsys/gitlab-ci-pipeline/code-analysis:0.32"
-  SOURCE_FOLDER: "src"
+  COMMON_IMAGE: "dev.iopsys.eu:5050/iopsys/gitlab-ci-pipeline/code-analysis:0.33"
+  FLAWFINDER_OPTIONS: ""
+  CPD_OPTIONS: "--minimum-tokens 200 --language c --exclude ./test/ --files"
+  CPPCHECK_OPTIONS: ""
+  COMPILATION_FIXUP: ""
  SHELL_SRC: ""
-  FLAWFINDER_OPTIONS: "-m 4 --error-level=4"
-  CPPCHECK_OPTIONS: " --enable=all --inline-suppr --suppress=unusedFunction --suppress=unreadVariable --suppress=unmatchedSuppression"
-  CPD_OPTIONS: "--minimum-tokens 200 --language c --exclude ./test/cmocka --files"
  SHELLCHECK_OPTIONS: "-e SC2039,SC2034,SC1091 -S info"
  DEBUG: "FALSE"

@@ -13,31 +13,29 @@ run_static_code_analysis:
  stage: static_code_analysis
  allow_failure: false
  script:
-    - echo "flawfinder ${FLAWFINDER_OPTIONS} ${SOURCE_FOLDER}"
-    - "flawfinder ${FLAWFINDER_OPTIONS} ${SOURCE_FOLDER}"
-    - echo "cppcheck --error-exitcode=1 ${CPPCHECK_OPTIONS} ${SOURCE_FOLDER}"
-    - "cppcheck --error-exitcode=1 --inline-suppr ${CPPCHECK_OPTIONS} ${SOURCE_FOLDER}"
-    - echo "/usr/local/pmd/bin/run.sh cpd ${CPD_OPTIONS}"
+    - echo "flawfinder --minlevel 4 --error-level=4 ${FLAWFINDER_OPTIONS} ${SOURCE_FOLDER}"
+    - "flawfinder --minlevel 4 --error-level=4 ${FLAWFINDER_OPTIONS} ${SOURCE_FOLDER}"
+    - echo "/usr/local/pmd/bin/run.sh cpd ${CPD_OPTIONS} ${SOURCE_FOLDER}"
    - "/usr/local/pmd/bin/run.sh cpd ${CPD_OPTIONS} ${SOURCE_FOLDER}"
+    - echo "Run cppcheck/infer/clag/gcc to scan for more issues"
+    - "more_test.sh"
+  only:
+    variables:
+      - $SOURCE_FOLDER
+  artifacts:
+    when: always
+    paths:
+      - infer-out/report.txt

-run_compilation_test:
-  image: ${COMMON_IMAGE}
-  stage: static_code_analysis
-  allow_failure: false
-  script:
-    - if [ -n "${COMPILE}" ]; then ${COMPILE}; fi

-run_optional_checks:
+run_shell_checks:
  image: ${COMMON_IMAGE}
  stage: static_code_analysis
  allow_failure: true
  script:
    - echo "Running optional tests"
    - echo "Running shellcheck ${SHELLCHECK_OPTIONS} ${SHELL_SRC}"
-    - if [ -n "${SHELL_SRC}" ]; then shellcheck ${SHELLCHECK_OPTIONS} ${SHELL_SRC}; fi
-    - echo "Running CPPCHECK with threadsafety addon"
-    - "cppcheck --error-exitcode=0 --addon=threadsafety ${SOURCE_FOLDER}"
-    - echo "Running CPPCHECK with cert addon"
-    - "cppcheck --error-exitcode=0 --addon=cert ${SOURCE_FOLDER}"
-    - echo "Running FlawFinder with depth 3"
-    - "flawfinder -m 3 --error-level=5 ${SOURCE_FOLDER}"
+    - "shellcheck ${SHELLCHECK_OPTIONS} ${SHELL_SRC}"
+  only:
+    variables:
+      - $SHELL_SRC