谷动谷力

 找回密码
 立即注册
查看: 733|回复: 0
打印 上一主题 下一主题
收起左侧

在RT-Thread的scons基础上,使用clang-tidy做静态分析

[复制链接]
跳转到指定楼层
楼主
发表于 2023-5-15 23:15:25 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
在RT-Thread的scons基础上,使用clang-tidy做静态分析aozima [color=var(--weui-LINK)][url=]RTThread物联网操作系统[/url] 2023-04-24 19:32 发表于上海
[color=var(--weui-FG-HALF)]
[color=rgba(0, 0, 0, 0.9)]参考文档
[color=rgba(0, 0, 0, 0.9)]https://clang.llvm.org/extra/clang-tidy/
[color=rgba(0, 0, 0, 0.9)]测试代码
[color=rgba(0, 0, 0, 0.9)]先写个简单的代码
[color=rgba(0, 0, 0, 0.9)]main.c
1#include<stdio.h>
2#include<string.h>
3#include<stdlib.h>
4int main(int argc, char *argv[])
5{
6        char *tmp = (char *)malloc(argc);
7        if(tmp)
8        {
9                strncpy(tmp, argv[0], argc);
10                printf("%s", tmp);
11                if(argc > 2)
12                {
13                        free(tmp);
14                }
15        }
16        printf("hello world!\n");
17        return 0;
18}
[color=rgba(0, 0, 0, 0.9)]使用clang-tidy分析一下
1# apt install -y clang-tidy
2# clang-tidy main.c
3Error while trying to load a compilation database:
4Could not auto-detect compilation database for file "main.c"
5No compilation database found in /work/analyzer or any parent directory
6fixed-compilation-database: Error while opening fixed database: No such file or directory
7json-compilation-database: Error while opening JSON database: No such file or directory
8Running without flags.
92 warnings generated.
10/work/analyzer/main.c:12:3: warning: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
11                strncpy(tmp, argv[0], argc);
12                ^~~~~~~
13/work/analyzer/main.c:12:3: note: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11
14                strncpy(tmp, argv[0], argc);
15                ^~~~~~~
16/work/analyzer/main.c:21:2: warning: Potential leak of memory pointed to by 'tmp' [clang-analyzer-unix.Malloc]
17        printf("hello world!\n");
18        ^
19/work/analyzer/main.c:8:22: note: Memory is allocated
20        char *tmp = (char *)malloc(argc);
21                            ^~~~~~~~~~~~
22/work/analyzer/main.c:10:5: note: Assuming 'tmp' is non-null
23        if(tmp)
24           ^~~
25/work/analyzer/main.c:10:2: note: Taking true branch
26        if(tmp)
27        ^
28/work/analyzer/main.c:15:6: note: Assuming 'argc' is <= 2
29                if(argc > 2)
30                   ^~~~~~~~
31/work/analyzer/main.c:15:3: note: Taking false branch
32                if(argc > 2)
33                ^
34/work/analyzer/main.c:21:2: note: Potential leak of memory pointed to by 'tmp'
35        printf("hello world!\n");
36        ^
[color=rgba(0, 0, 0, 0.9)]compile_commands.json
[color=rgba(0, 0, 0, 0.9)]还是有点用的,但我们RT-Thread项目中代码那么多,一个一个输入太麻烦了。
[color=rgba(0, 0, 0, 0.9)]而且我们代码多是arm和gcc的,而开发机多是x86,clang默认参数也分析不了。
[color=rgba(0, 0, 0, 0.9)]刚才分析结果第1行就有提示,没有找到compilation database,其实scons就可以生成
[color=rgba(0, 0, 0, 0.9)]需要比较新的版本
1python3 -m pip install scons
2python3 -m SCons -v
3SCons by Steven Knight et al.:
4        SCons: v4.0.1.c289977f8b34786ab6c334311e232886da7e8df1, 2020-07-17 01:50:03, by bdbaddog on ProDog2020
5        SCons path: ['/usr/lib/python3/dist-packages/SCons']
6Copyright (c) 2001 - 2020 The SCons Foundation
[color=rgba(0, 0, 0, 0.9)]然后更新下Scons脚本,让生成compile_commands.json
1# git diff SConstruct
2+env.Tool('compilation_db')
3+env.CompilationDatabase()
4# make a building
5DoBuilding(TARGET, objs)
[color=rgba(0, 0, 0, 0.9)]run-clang-tidy
[color=rgba(0, 0, 0, 0.9)]然后使用 run-clang-tidy 就可以自动分析所有的源代码了。
[color=rgba(0, 0, 0, 0.9)]输出html
[color=rgba(0, 0, 0, 0.9)]生成的结果是文本,查看起来还是比较费力的,目前有个简单的转换为html格式,
[color=rgba(0, 0, 0, 0.9)]虽然也比较简陋,但比文本还是方便多了。
[color=rgba(0, 0, 0, 0.9)]欢迎各位朋友移步原帖,交流讨论:https://club.rt-thread.org/ask/article/1b1df03e18ffc73d.html


+10
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|Archiver|手机版|深圳市光明谷科技有限公司|光明谷商城|Sunshine Silicon Corpporation ( 粤ICP备14060730号|Sitemap

GMT+8, 2024-11-24 12:53 , Processed in 0.229488 second(s), 39 queries .

Powered by Discuz! X3.2 Licensed

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表