summaryrefslogtreecommitdiff
path: root/docs/CODE_QUALITY.md
blob: 0933a0e4953eda0e661709cd40aa272a210fda98 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
---
title: Code Quality Tools
category: Contributing
layout: default
---

# Code Quality Tools

The systemd project has a number of code quality tools set up in the source
tree and on the github infrastructure. Here's an incomprehensive list of the
available functionality:

1. Use `meson test -C build` to run the unit tests. Some tests are skipped if
   no privileges are available, hence consider also running them with `sudo
   meson test -C build`. A couple of unit tests are considered "unsafe" (as
   they change system state); to run those too, build with `meson setup
   -Dtests=unsafe`. Finally, some unit tests are considered to be very slow,
   build them too with `meson setup -Dslow-tests=true`. (Note that there are a
   couple of manual tests in addition to these unit tests.) (Also note: you can
   change these flags for an already set up build tree, too, with "meson
   configure -C build -D…".)

2. Use `./test/run-integration-tests.sh` to run the full integration test
   suite. This will build OS images with a number of integration tests and run
   them in nspawn and qemu. Requires root.

3. Use `./coccinelle/run-coccinelle.sh` to run all
   [Coccinelle](http://coccinelle.lip6.fr/) semantic patch scripts we ship. The
   output will show false positives, hence take it with a pinch of salt.

4. Use `./tools/find-double-newline.sh recdiff` to find double newlines. Use
   `./tools/find-double-newline.sh recpatch` to fix them. Take this with a grain
   of salt, in particular as we generally leave foreign header files we include in
   our tree unmodified, if possible.

5. Similar use `./tools/find-tabs.sh recdiff` to find TABs, and
   `./tools/find-tabs.sh recpatch` to fix them. (Again, grain of salt, foreign
   headers should usually be left unmodified.)

6. Use `meson compile -C build check-api-docs` to compare the list of exported
   symbols of `libsystemd.so` and `libudev.so` with the list of man pages. Symbols
   lacking documentation are highlighted.

7. Use `meson compile -C build update-hwdb` to automatically download and import the
   PCI, USB and OUI databases into hwdb.

8. Use `meson compile -C build update-man-rules` to update the meson rules for
   building man pages automatically from the docbook XML files included in
   `man/`.

9. There are multiple CI systems in use that run on every github PR submission.

10. [Coverity](https://scan.coverity.com/) is analyzing systemd master in
    regular intervals. The reports are available
    [online](https://scan.coverity.com/projects/systemd).

11. [oss-fuzz](https://oss-fuzz.com/) is continuously fuzzing the
    codebase. Reports are available
    [online](https://oss-fuzz.com/v2/testcases?project=systemd).

12. Our tree includes `.editorconfig`, `.dir-locals.el` and `.vimrc` files, to
    ensure that editors follow the right indentiation styles automatically.

13. When building systemd from a git checkout the build scripts will
    automatically enable a git commit hook that ensures whitespace cleanliness.

14. [LGTM](https://lgtm.com/) analyzes every commit pushed to master. The list
    of active alerts can be found
    [here](https://lgtm.com/projects/g/systemd/systemd/alerts/?mode=list).

15. Each PR is automatically tested with [Address Sanitizer](https://clang.llvm.org/docs/AddressSanitizer.html)
    and [Undefined Behavior Sanitizer](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html).
    See [Testing systemd using sanitizers](https://systemd.io/TESTING_WITH_SANITIZERS)
    for more information.

16. Fossies provides [source code misspelling reports](https://fossies.org/features.html#codespell).
    The systemd report can be found [here](https://fossies.org/linux/test/systemd-master.tar.gz/codespell.html).

Access to Coverity and oss-fuzz reports is limited. Please reach out to the
maintainers if you need access.