diff options
| author | Luca Fancellu <luca.fancellu@arm.com> | 2022-12-07 13:07:01 +0000 |
|---|---|---|
| committer | Stefano Stabellini <stefano.stabellini@amd.com> | 2022-12-12 14:19:11 -0800 |
| commit | 02b26c02c7c497f78e2468204b9223f13ed6a69d (patch) | |
| tree | 192d12cefe38ce6428081feda4ae4de9ab7781dd /docs | |
| parent | b4465e73b1875dea0aaefc98cc27a08666325eef (diff) | |
| download | xen-02b26c02c7c497f78e2468204b9223f13ed6a69d.tar.gz | |
xen/scripts: add cppcheck tool to the xen-analysis.py script
Add Cppcheck analysis to the xen-analysis.py script using the
arguments --run-cppcheck.
Now cppcheck analysis will build Xen while the analysis is performed
on the source files, it will produce a text report and an additional
html output when the script is called with --cppcheck-html.
With this patch cppcheck will benefit of platform configuration files
that will help it to understand the target of the compilation and
improve the analysis. These are XML files placed in
xen/tools/cppcheck-plat/, describing to cppcheck the length of basic
types to help it in the analysis.
To do so:
- Update xen-analysis.py with the code to integrate cppcheck.
- add platform configuration files for cppcheck..
- add cppcheck-cc.sh script that is a wrapper for cppcheck and it's
used as Xen compiler, it will intercept all flags given from the
make build system and it will execute cppcheck on the compiled
file together with the file compilation.
- guarded hypercall-defs.c with CPPCHECK define because cppcheck
gets confused as the file does not contain c code.
- add false-positive-cppcheck.json file
- update documentation.
- update .gitignore
Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/misra/cppcheck.txt | 27 | ||||
| -rw-r--r-- | docs/misra/documenting-violations.rst | 27 | ||||
| -rw-r--r-- | docs/misra/false-positive-cppcheck.json | 12 | ||||
| -rw-r--r-- | docs/misra/xen-static-analysis.rst | 42 |
4 files changed, 78 insertions, 30 deletions
diff --git a/docs/misra/cppcheck.txt b/docs/misra/cppcheck.txt index 25d8c3050b..f7b9f678b4 100644 --- a/docs/misra/cppcheck.txt +++ b/docs/misra/cppcheck.txt @@ -3,8 +3,7 @@ Cppcheck for Xen static and MISRA analysis Xen can be analysed for both static analysis problems and MISRA violation using cppcheck, the open source tool allows the creation of a report with all the -findings. Xen has introduced the support in the Makefile so it's very easy to -use and in this document we can see how. +findings. The minimum version required for cppcheck is 2.7. Note that at the time of writing (June 2022), the version 2.8 is known to be broken [1]. @@ -38,27 +37,7 @@ Dependencies are listed in the readme.md of the project repository. Use cppcheck to analyse Xen =========================== -Using cppcheck integration is very simple, it requires few steps: - - 1) Compile Xen - 2) call the cppcheck make target to generate a report in xml format: - make CPPCHECK_MISRA=y cppcheck - 3) call the cppcheck-html make target to generate a report in xml and html - format: - make CPPCHECK_MISRA=y cppcheck-html - - In case the cppcheck binaries are not in the PATH, CPPCHECK and - CPPCHECK_HTMLREPORT variables can be overridden with the full path to the - binaries: - - make -C xen \ - CPPCHECK=/path/to/cppcheck \ - CPPCHECK_HTMLREPORT=/path/to/cppcheck-htmlreport \ - CPPCHECK_MISRA=y \ - cppcheck-html - -The output is by default in a folder named cppcheck-htmlreport, but the name -can be changed by passing it in the CPPCHECK_HTMLREPORT_OUTDIR variable. - +To analyse Xen using cppcheck, please refer to the document +xen-static-analysis.rst, section "Analyse Xen with Cppcheck". [1] https://sourceforge.net/p/cppcheck/discussion/general/thread/bfc3ab6c41/?limit=25 diff --git a/docs/misra/documenting-violations.rst b/docs/misra/documenting-violations.rst index 1d23447556..0d02a8e6f9 100644 --- a/docs/misra/documenting-violations.rst +++ b/docs/misra/documenting-violations.rst @@ -51,6 +51,7 @@ Here is an example to add a new justification in safe.json:: | { | "id": "SAF-0-safe", | "analyser": { +| "cppcheck": "misra-c2012-20.7", | "coverity": "misra_c_2012_rule_20_7_violation", | "eclair": "MC3R1.R20.7" | }, @@ -77,9 +78,9 @@ Here is an explanation of the fields inside an object of the "content" array: It tells the tool to substitute a Xen in-code comment having this structure: /* SAF-0-safe [...] \*/ - analyser: it is an object containing pair of key-value strings, the key is - the analyser, so it can be coverity or eclair, the value is the proprietary - id corresponding on the finding, for example when coverity is used as - analyser, the tool will translate the Xen in-code coment in this way: + the analyser, so it can be cppcheck, coverity or eclair, the value is the + proprietary id corresponding on the finding, for example when coverity is + used as analyser, the tool will translate the Xen in-code coment in this way: /* SAF-0-safe [...] \*/ -> /* coverity[misra_c_2012_rule_20_7_violation] \*/ if the object doesn't have a key-value, then the corresponding in-code comment won't be translated. @@ -189,3 +190,23 @@ the same line and the same "violation ID". Also, the same tag can be used on other symbols from the linker that are declared in the codebase, because the justification holds for them too. + +A possible violation found by Cppcheck can be handled in the same way, from the +cppcheck text report it is possible to identify the violation id: + +| include/public/arch-arm.h(226,0):misra-c2012-20.7:style:Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses (Misra rule 20.7) + +The violation id can be located also in the HTML report, opening index.html from +the browser, the violations can be filtered by id in the left side panel, under +the column "Defect ID". On the right there will be a list of files with the type +of violation and the violation line number, for the same violation above, there +will be an entry like the following and the violation id will be in the column +"Id": + +| include/public/arch-arm.h +| [...] +| 226 misra-c2012-20.7 style Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses (Misra rule 20.7) +| [...] + +Given the violation id "misra-c2012-20.7", the procedure above can be followed +to justify this finding. diff --git a/docs/misra/false-positive-cppcheck.json b/docs/misra/false-positive-cppcheck.json new file mode 100644 index 0000000000..5d4da2ce61 --- /dev/null +++ b/docs/misra/false-positive-cppcheck.json @@ -0,0 +1,12 @@ +{ + "version": "1.0", + "content": [ + { + "id": "SAF-0-false-positive-cppcheck", + "violation-id": "", + "tool-version": "", + "name": "Sentinel", + "text": "Next ID to be used" + } + ] +} diff --git a/docs/misra/xen-static-analysis.rst b/docs/misra/xen-static-analysis.rst index 5b886474d4..2712255db1 100644 --- a/docs/misra/xen-static-analysis.rst +++ b/docs/misra/xen-static-analysis.rst @@ -7,9 +7,8 @@ The Xen codebase integrates some scripts and tools that helps the developer to perform static analysis of the code, currently Xen supports three analysis tool that are eclair, coverity and cppcheck. The Xen tree has a script (xen-analysis.py) available to ease the analysis -process and it integrates a way to suppress findings on these tools (only Eclair -and Coverity are currently supported by the script), please check the -documenting-violation.rst document to know more about it. +process and it integrates a way to suppress findings on these tools, please +check the documenting-violation.rst document to know more about it. Analyse Xen with Coverity or Eclair ----------------------------------- @@ -52,3 +51,40 @@ When invoking the script, the procedure below will be followed: this step, call the script adding the --no-clean argument, but before running again the script, call it with the --clean-only argument, that will execute only this cleaning step. + + +Analyse Xen with Cppcheck +------------------------- + +Cppcheck tool is integrated in xen-analysis.py script, when using the script, +the tool will be called on every source file compiled by the make build system. +Here how to start the analysis with Cppcheck: + + - xen-analysis.py --run-cppcheck [--cppcheck-misra] [--cppcheck-html] -- + [optional make arguments] + +The command above tells the script to prepare the codebase and use Cppcheck tool +for the analysis. +The optional argument --cppcheck-misra activates the analysis also for MISRA +compliance. +The optional argument --cppcheck-html instruct cppcheck to produce an additional +HTML report. + +When invoking the script for Cppcheck analysis, the followed procedure is +similar to the one above for Coverity or Eclair, but it has some additional +steps: + + 1. This step is the same as step 1 for Coverity/Eclair. + 2. The cppcheck dependency are created, build directory for cppcheck analysis + and an header file containing internal compiler macro + (include/generated/compiler-def.h) are generated + 3. Xen compilation starts using every <additional make parameters> supplied + at the script invocation, but because cppcheck is not able to intercept the + compiled files and flags on compiler invocation, a script (cppcheck-cc.sh) + is passed as CC to the make system, it is a wrapper for the compiler that + will also execute cppcheck on every compiled file. + 4. After the compilation and analysis, the cppcheck report will be created + putting together all the cppcheck report fragments for every analysed file. + Cppcheck will produce a text fragment and an additional XML report fragment + if the script is configured to produce the HTML output. + 5. This step is the same as step 3 for Coverity/Eclair. |