在RT-Thread的scons基础上,使用clang-tidy做静态分析aozima [color=var(--weui-LINK)][url=]RTThread物联网操作系统[/url] 2023-04-24 19:32 发表于上海
[color=var(--weui-FG-HALF)][color=rgba(0, 0, 0, 0.9)]参考文档 [color=rgba(0, 0, 0, 0.9)]https://clang.llvm.org/extra/clang-tidy/ [color=rgba(0, 0, 0, 0.9)]测试代码 [color=rgba(0, 0, 0, 0.9)]先写个简单的代码 [color=rgba(0, 0, 0, 0.9)]main.c 1#include<stdio.h>
2#include<string.h>
3#include<stdlib.h>
4int main(int argc, char *argv[])
5{
6 char *tmp = (char *)malloc(argc);
7 if(tmp)
8 {
9 strncpy(tmp, argv[0], argc);
10 printf("%s", tmp);
11 if(argc > 2)
12 {
13 free(tmp);
14 }
15 }
16 printf("hello world!\n");
17 return 0;
18}
[color=rgba(0, 0, 0, 0.9)]使用clang-tidy分析一下 1# apt install -y clang-tidy
2# clang-tidy main.c
3Error while trying to load a compilation database:
4Could not auto-detect compilation database for file "main.c"
5No compilation database found in /work/analyzer or any parent directory
6fixed-compilation-database: Error while opening fixed database: No such file or directory
7json-compilation-database: Error while opening JSON database: No such file or directory
8Running without flags.
92 warnings generated.
10/work/analyzer/main.c:12:3: warning: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
11 strncpy(tmp, argv[0], argc);
12 ^~~~~~~
13/work/analyzer/main.c:12:3: note: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11
14 strncpy(tmp, argv[0], argc);
15 ^~~~~~~
16/work/analyzer/main.c:21:2: warning: Potential leak of memory pointed to by 'tmp' [clang-analyzer-unix.Malloc]
17 printf("hello world!\n");
18 ^
19/work/analyzer/main.c:8:22: note: Memory is allocated
20 char *tmp = (char *)malloc(argc);
21 ^~~~~~~~~~~~
22/work/analyzer/main.c:10:5: note: Assuming 'tmp' is non-null
23 if(tmp)
24 ^~~
25/work/analyzer/main.c:10:2: note: Taking true branch
26 if(tmp)
27 ^
28/work/analyzer/main.c:15:6: note: Assuming 'argc' is <= 2
29 if(argc > 2)
30 ^~~~~~~~
31/work/analyzer/main.c:15:3: note: Taking false branch
32 if(argc > 2)
33 ^
34/work/analyzer/main.c:21:2: note: Potential leak of memory pointed to by 'tmp'
35 printf("hello world!\n");
36 ^
[color=rgba(0, 0, 0, 0.9)]compile_commands.json [color=rgba(0, 0, 0, 0.9)]还是有点用的,但我们RT-Thread项目中代码那么多,一个一个输入太麻烦了。 [color=rgba(0, 0, 0, 0.9)]而且我们代码多是arm和gcc的,而开发机多是x86,clang默认参数也分析不了。 [color=rgba(0, 0, 0, 0.9)]刚才分析结果第1行就有提示,没有找到compilation database,其实scons就可以生成 [color=rgba(0, 0, 0, 0.9)]需要比较新的版本 1python3 -m pip install scons
2python3 -m SCons -v
3SCons by Steven Knight et al.:
4 SCons: v4.0.1.c289977f8b34786ab6c334311e232886da7e8df1, 2020-07-17 01:50:03, by bdbaddog on ProDog2020
5 SCons path: ['/usr/lib/python3/dist-packages/SCons']
6Copyright (c) 2001 - 2020 The SCons Foundation
[color=rgba(0, 0, 0, 0.9)]然后更新下Scons脚本,让生成compile_commands.json 1# git diff SConstruct
2+env.Tool('compilation_db')
3+env.CompilationDatabase()
4# make a building
5DoBuilding(TARGET, objs)
[color=rgba(0, 0, 0, 0.9)]run-clang-tidy [color=rgba(0, 0, 0, 0.9)]然后使用 run-clang-tidy 就可以自动分析所有的源代码了。 [color=rgba(0, 0, 0, 0.9)]输出html [color=rgba(0, 0, 0, 0.9)]生成的结果是文本,查看起来还是比较费力的,目前有个简单的转换为html格式, [color=rgba(0, 0, 0, 0.9)]虽然也比较简陋,但比文本还是方便多了。
| 
|Archiver|手机版|深圳市光明谷科技有限公司|光明谷商城|Sunshine Silicon Corpporation
( 粤ICP备14060730号 ) 
|Sitemap
发表于 2023-5-15 23:15:25
收藏
转播
分享
淘帖
支持
反对