From 8836ee1694255b9aa0958f5738c7ed02d9b0bc7c Mon Sep 17 00:00:00 2001 From: Vivek Kumar Dutta <vivek.dutta@iopsys.eu> Date: Mon, 12 Aug 2024 15:49:26 +0530 Subject: [PATCH] Added infer and minor cleanup --- docker/code-analysis/Dockerfile | 54 +++++++++++------------ docker/code-analysis/more_test.sh | 72 +++++++++++++++++++++++++++++++ static-code-analysis.yml | 46 ++++++++++---------- 3 files changed, 119 insertions(+), 53 deletions(-) create mode 100755 docker/code-analysis/more_test.sh diff --git a/docker/code-analysis/Dockerfile b/docker/code-analysis/Dockerfile index a4fccaa..fcf0646 100644 --- a/docker/code-analysis/Dockerfile +++ b/docker/code-analysis/Dockerfile @@ -18,7 +18,6 @@ RUN \ autoconf \ automake \ build-essential \ - clang-format \ cmake \ curl \ gcovr \ @@ -51,7 +50,6 @@ RUN \ libnl-route-3-dev \ libpcre3-dev \ libssl-dev \ - libssl-dev \ libtool \ libtrace-dev \ libuv1-dev \ @@ -66,27 +64,19 @@ RUN \ # Dependencies for ieee1905 libpcap-dev \ clang \ - shellcheck + clang-format \ + clang-tidy \ + shellcheck \ + jq \ + python3-pip \ + cppcheck \ + bear RUN mkdir /opt/dev && \ mkdir /etc/config RUN git config --global advice.detachedHead false -# install cppcheck -ARG CPPCHECK_VERSION=2.7 -RUN \ - cd /opt/dev && \ - git clone -b ${CPPCHECK_VERSION} --depth=1 https://github.com/danmar/cppcheck.git && \ - cd cppcheck && \ - mkdir build && \ - cd build && \ - cmake -DHAVE_RULES=ON -DUSE_MATCHCOMPILER=ON .. && \ - cmake --build . && \ - cmake --install . && \ - cd ../.. && \ - rm -rf cppcheck - # install node ARG NODEJS_VERSION_MAJOR=16 RUN curl -fsSL "https://deb.nodesource.com/setup_${NODEJS_VERSION_MAJOR}.x" | bash - && \ @@ -124,7 +114,7 @@ RUN \ git clone https://git.openwrt.org/project/libubox.git && \ cd libubox && mkdir build && cd build && \ git checkout ${LIBUBOX_VERSION} && \ - cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE:String="Release" .. && \ + cmake -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_LUA=OFF -DCMAKE_BUILD_TYPE:String="Release" .. && \ make -j2 && \ make install @@ -161,17 +151,6 @@ RUN \ make -j2 && \ make install -# json-editor -ARG JSON_EDITOR_VERSION=44b32937a062ec4ffc9f7355841dc94ab6efa50f -RUN \ - cd /opt/dev && \ - git clone https://dev.iopsys.eu/iopsys/json-editor.git && \ - cd json-editor && \ - git checkout ${JSON_EDITOR_VERSION} && \ - cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE:String="Release" . && \ - make && \ - make install - # json-cpp ARG JSON_CPP_VERSION=v3.11.2 RUN \ @@ -256,17 +235,34 @@ RUN \ ln -sf /usr/lib/libmicroxml.so.1.0 /lib/libmicroxml.so && \ ln -sf /usr/lib/libmicroxml.so.1.0 /lib/libmicroxml.so.1 +# Download the Infer release +ARG INFER_VERSION=v1.2.0 +RUN cd /opt/dev && \ + curl -sL https://github.com/facebook/infer/releases/download/${INFER_VERSION}/infer-linux-x86_64-${INFER_VERSION}.tar.xz | tar xJ && \ + mv /opt/dev/infer-linux-x86_64-$INFER_VERSION /infer + +# Install infer +ENV PATH /infer/bin:${PATH} + +# Install python ubus module and valgrind-ci +RUN pip3 install ubus ValgrindCI + WORKDIR /builds/iopsys/ # Prepare supervisor RUN mkdir -p /var/log/supervisor && \ mkdir -p /etc/supervisor/conf.d/ + COPY supervisord.conf /etc/supervisor/ # Prepare JSON Schemas RUN mkdir -p /usr/share/rpcd/schemas && \ mkdir -p /usr/share/rpcd/definitions + +# Copy more_test script +COPY more_test.sh /usr/local/bin/more_test.sh + # Start entrypoint COPY entrypoint.sh /usr/local/bin/entrypoint.sh ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/docker/code-analysis/more_test.sh b/docker/code-analysis/more_test.sh new file mode 100755 index 0000000..c66692d --- /dev/null +++ b/docker/code-analysis/more_test.sh @@ -0,0 +1,72 @@ +#!/bin/bash + +log() +{ + echo "# $* ..." +} + +exec_cmd() +{ + log "Running [$@]" + $@ + if [ "$?" -ne 0 ]; then + log "Failed to run [$@]..." + exit 1 + fi +} + +generate_compilation_db() +{ + if [ -n "${COMPILATION_FIXUP}" ]; then + COMPILATION_FIXUP="${COMPILATION_FIXUP/cmake /cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON }" + exec_cmd ${COMPILATION_FIXUP} + fi + + exec_cmd bear -- make -C ${SOURCE_FOLDER} + + if [ ! -f "compile_commands.json" ]; then + log "Failed to generate compilation db" + exit 2 + fi +} + +run_cppcheck_validation() +{ + if [ -f "compile_commands.json" ]; then + exec_cmd cppcheck --error-exitcode=1 --addon=threadsafety --addon=cert --inline-suppr ${CPPCHECK_OPTIONS} --project=compile_commands.json + else + exec_cmd cppcheck --error-exitcode=1 --addon=threadsafety --addon=cert --inline-suppr ${CPPCHECK_OPTIONS} ${SOURCE_FOLDER} + fi +} + +run_infer_analysis() +{ + exec_cmd infer --fail-on-issue --compilation-database compile_commands.json +} + +main() +{ + log "SOURCE_FOLDER: ${SOURCE_FOLDER}" + log "COMPILATION_FIXUP: ${COMPILATION_FIXUP}" + log "CPPCHECK_OPTIONS: ${CPPCHECK_OPTIONS}" + log "" + + # Install pre-req if present/defined + if [ -f "./gitlab-ci/install-dependencies.sh" ]; then + exec_cmd ./gitlab-ci/install-dependencies.sh + fi + + # Generate compilation db + generate_compilation_db + + # TODO: Run gcc fanalyzer analysis + # TODO: Run clag analysis + + # Run cppcheck with compilation-db + run_cppcheck_validation + + # Run infer analysis + run_infer_analysis +} + +main "$@" diff --git a/static-code-analysis.yml b/static-code-analysis.yml index fd97178..0d21c62 100644 --- a/static-code-analysis.yml +++ b/static-code-analysis.yml @@ -1,10 +1,10 @@ variables: - COMMON_IMAGE: "dev.iopsys.eu:5050/iopsys/gitlab-ci-pipeline/code-analysis:0.32" - SOURCE_FOLDER: "src" + COMMON_IMAGE: "dev.iopsys.eu:5050/iopsys/gitlab-ci-pipeline/code-analysis:0.33" + FLAWFINDER_OPTIONS: "" + CPD_OPTIONS: "--minimum-tokens 200 --language c --exclude ./test/ --files" + CPPCHECK_OPTIONS: "" + COMPILATION_FIXUP: "" SHELL_SRC: "" - FLAWFINDER_OPTIONS: "-m 4 --error-level=4" - CPPCHECK_OPTIONS: " --enable=all --inline-suppr --suppress=unusedFunction --suppress=unreadVariable --suppress=unmatchedSuppression" - CPD_OPTIONS: "--minimum-tokens 200 --language c --exclude ./test/cmocka --files" SHELLCHECK_OPTIONS: "-e SC2039,SC2034,SC1091 -S info" DEBUG: "FALSE" @@ -13,31 +13,29 @@ run_static_code_analysis: stage: static_code_analysis allow_failure: false script: - - echo "flawfinder ${FLAWFINDER_OPTIONS} ${SOURCE_FOLDER}" - - "flawfinder ${FLAWFINDER_OPTIONS} ${SOURCE_FOLDER}" - - echo "cppcheck --error-exitcode=1 ${CPPCHECK_OPTIONS} ${SOURCE_FOLDER}" - - "cppcheck --error-exitcode=1 --inline-suppr ${CPPCHECK_OPTIONS} ${SOURCE_FOLDER}" - - echo "/usr/local/pmd/bin/run.sh cpd ${CPD_OPTIONS}" + - echo "flawfinder --minlevel 4 --error-level=4 ${FLAWFINDER_OPTIONS} ${SOURCE_FOLDER}" + - "flawfinder --minlevel 4 --error-level=4 ${FLAWFINDER_OPTIONS} ${SOURCE_FOLDER}" + - echo "/usr/local/pmd/bin/run.sh cpd ${CPD_OPTIONS} ${SOURCE_FOLDER}" - "/usr/local/pmd/bin/run.sh cpd ${CPD_OPTIONS} ${SOURCE_FOLDER}" + - echo "Run cppcheck/infer/clag/gcc to scan for more issues" + - "more_test.sh" + only: + variables: + - $SOURCE_FOLDER + artifacts: + when: always + paths: + - infer-out/report.txt -run_compilation_test: - image: ${COMMON_IMAGE} - stage: static_code_analysis - allow_failure: false - script: - - if [ -n "${COMPILE}" ]; then ${COMPILE}; fi -run_optional_checks: +run_shell_checks: image: ${COMMON_IMAGE} stage: static_code_analysis allow_failure: true script: - echo "Running optional tests" - echo "Running shellcheck ${SHELLCHECK_OPTIONS} ${SHELL_SRC}" - - if [ -n "${SHELL_SRC}" ]; then shellcheck ${SHELLCHECK_OPTIONS} ${SHELL_SRC}; fi - - echo "Running CPPCHECK with threadsafety addon" - - "cppcheck --error-exitcode=0 --addon=threadsafety ${SOURCE_FOLDER}" - - echo "Running CPPCHECK with cert addon" - - "cppcheck --error-exitcode=0 --addon=cert ${SOURCE_FOLDER}" - - echo "Running FlawFinder with depth 3" - - "flawfinder -m 3 --error-level=5 ${SOURCE_FOLDER}" + - "shellcheck ${SHELLCHECK_OPTIONS} ${SHELL_SRC}" + only: + variables: + - $SHELL_SRC -- GitLab