Integrate static code analysis into CI

Question

Integrate static code analysis into CI

marktwtn opened this issue 5 years ago · comments

Currently we have dynamic code analysis such as GCC Sanitizers.
To have a better code quality, we should use the static code analysis tool such as Cppcheck and Infer.

marktwtn · Answer 1 · Sun Oct 06 2019 00:49:44 GMT+0800 (China Standard Time)

As I was trying to eliminate the errors detected by Cppcheck, the error messages showed that the functions in compat-ccurl.c were not called by any other function.

Since dcurl had integrated with GCC Sanitizer, we removed the testing python code to avoid error when running with Sanitizer.
It also removed the code of testing compat-ccurl.c.
And the build option BUILD_COMPAT was marked as deprecated in the document.

Shall we be going to remove the whole compat-ccurl.c?
Is it designed to be compatible with the ccurl in IOTA wallet?
And is supporting IOTA wallet and ccurl necessary?

Jim Huang · Answer 2 · Sun Oct 06 2019 11:28:37 GMT+0800 (China Standard Time)

You can exclude compat-ccurl.c for cppcheck listing. It would be still practical to ensure CCurl compatibility though.

marktwtn · Answer 3 · Thu Oct 17 2019 14:53:16 GMT+0800 (China Standard Time)

I recommend to download the newest CppCheck release source code from the official website,
since $ apt install cppcheck command would install outdated version and it has some bugs.

The easiest steps to install CppCheck from the source code are:

$ make FILESDIR=/usr/bin
$ sudo make install FILESDIR=/usr/bin

marktwtn · Answer 4 · Fri Oct 18 2019 12:08:15 GMT+0800 (China Standard Time)

On Linux, Infer does not offer quick installation with the command $ apt install.
Please follow the reference to install it from the binary release.

marktwtn · Answer 5 · Tue Oct 22 2019 17:09:10 GMT+0800 (China Standard Time)

I pushed a branch for infer: https://github.com/DLTcollab/dcurl/tree/infer

It works fine on my desktop but fails on the CI environment.
The error message from Makefile says javah is not available. Please check JDK installation.
However, it only happens when we do the static code analysis.
If we just build dcurl with BUILD_JNI option enabled and do not do the static code analysis, everything goes well.

Jim Huang · Answer 6 · Tue Oct 22 2019 20:24:23 GMT+0800 (China Standard Time)

It works fine on my desktop but fails on the CI environment.
The error message from Makefile says javah is not available. Please check JDK installation.

Does it imply the Insufficient detections for JNI specific tools?

marktwtn · Answer 7 · Wed Oct 30 2019 11:43:59 GMT+0800 (China Standard Time)

Does it imply the Insufficient detections for JNI specific tools?

It implies Infer is an interesting tool.
Although it is a static code analyzer, it would build or compile when it is analyzing.

The normal build with Makefile and BUILD_JNI=1 option has no problem at all.
Even if we do not assign the value for the environment variable JAVA_HOME, the Makefile would detect it automatically during the building steps.
However, when it works with Infer, the unexpected thing happened and I can not explain why.

The solution is to assign the value to environment variable JAVA_HOME in the buildkite CI pipeline,
or assign the value to JAVA_HOME in Makefile.