server-skynet-source-3rd-je.../scripts/run_static_analysis.sh

#!/usr/bin/env bash
set -euo pipefail

git clean -Xfd

export CC='clang'
export CXX='clang++'
compile_time_malloc_conf='background_thread:true,'\
'metadata_thp:auto,'\
'abort_conf:true,'\
'muzzy_decay_ms:0,'\
'zero_realloc:free,'\
'prof_unbias:false,'\
'prof_time_resolution:high'

EXTRA_CFLAGS='-Wstrict-prototypes' EXTRA_CXXFLAGS='-Wstrict-prototypes' ./autogen.sh \
	--with-private-namespace=jemalloc_ \
	--disable-cache-oblivious \
	--enable-prof \
	--enable-prof-libunwind \
	--with-malloc-conf="$compile_time_malloc_conf" \
	--enable-readlinkat \
	--enable-opt-safety-checks \
	--enable-uaf-detection \
	--enable-force-getenv \
	--enable-debug # Enabling debug for static analysis is important,
	               # otherwise you'll get tons of warnings for things
	               # that are already covered by `assert`s.

bear -- make -s -j "$(nproc)"
# We end up with lots of duplicate entries in the compilation database, one for
# each output file type (e.g. .o, .d, .sym, etc.). There must be exactly one
# entry for each file in the compilation database in order for
# cross-translation-unit analysis to work, so we deduplicate the database here.
jq '[.[] | select(.output | test("/[^./]*\\.o$"))]' compile_commands.json > compile_commands.json.tmp
mv compile_commands.json.tmp compile_commands.json

# CodeChecker has a bug where it freaks out if you supply the skipfile via process substitution,
# so we resort to manually creating a temporary file
skipfile=$(mktemp)
# The single-quotes are deliberate here, you want `$skipfile` to be evaluated upon exit
trap 'rm -f $skipfile' EXIT
echo '-**/stdlib.h' > "$skipfile"
CC_ANALYZERS_FROM_PATH=1 CodeChecker analyze compile_commands.json --jobs "$(nproc)" \
	--ctu --compile-uniqueing strict --output static_analysis_raw_results \
	--analyzers clangsa clang-tidy --skip "$skipfile" \
	--enable readability-inconsistent-declaration-parameter-name
	# `--enable` is additive, the vast majority of the checks we want are
	# enabled by default.

html_output_dir="${1:-static_analysis_results}"
result=${2:-/dev/null}
# We're echoing a value because we want to indicate whether or not any errors
# were found, but we always want the script to have a successful exit code so
# that we actually reach the step in the GitHub action where we upload the results.
if CodeChecker parse --export html --output "$html_output_dir" static_analysis_raw_results
then
	echo "HAS_STATIC_ANALYSIS_RESULTS=0" >> "$result"
else
	echo "HAS_STATIC_ANALYSIS_RESULTS=1" >> "$result"
fi
Add GitHub action which runs static analysis Now that all of the various issues that static analysis uncovered have been fixed (#2431, #2432, #2433, #2436, #2437, #2446), I've added a GitHub action which will run static analysis for every PR going forward. When static analysis detects issues with your code, the GitHub action provides a link to download its findings in a form tailored for human consumption. Take a look at [this demonstration of what it looks like when static analysis issues are found](https://github.com/Svetlitski/jemalloc/actions/runs/5010245602) on my fork for an example (make sure to follow the instructions in the error message to download and inspect the results). 2023-05-18 08:00:10 +08:00			`#!/usr/bin/env bash`
			`set -euo pipefail`

			`git clean -Xfd`

			`export CC='clang'`
			`export CXX='clang++'`
			`compile_time_malloc_conf='background_thread:true,'\`
			`'metadata_thp:auto,'\`
			`'abort_conf:true,'\`
			`'muzzy_decay_ms:0,'\`
			`'zero_realloc:free,'\`
			`'prof_unbias:false,'\`
			`'prof_time_resolution:high'`

Only enable `-Wstrict-prototypes` in CI to unbreak feature detection Adding `-Wstrict-prototypes` to the default `CFLAGS` in PR #2473 had the non-obvious side-effect of breaking configure-time feature detection, because the [test-program `autoconf` generates for feature detection](https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/Generating-Sources.html#:~:text=main%20()) defines `main` as: ```c int main() ``` Which causes all feature checks to fail, since this triggers `-Wstrict-prototypes` and the feature checks use `-Werror`. Resolved by only adding `-Wstrict-prototypes` to `EXTRA_{CFLAGS,CXXFLAGS}` in CI, since these flags are not used during feature detection and we control which compiler is used. 2023-07-07 07:51:51 +08:00			`EXTRA_CFLAGS='-Wstrict-prototypes' EXTRA_CXXFLAGS='-Wstrict-prototypes' ./autogen.sh \`
Add GitHub action which runs static analysis Now that all of the various issues that static analysis uncovered have been fixed (#2431, #2432, #2433, #2436, #2437, #2446), I've added a GitHub action which will run static analysis for every PR going forward. When static analysis detects issues with your code, the GitHub action provides a link to download its findings in a form tailored for human consumption. Take a look at [this demonstration of what it looks like when static analysis issues are found](https://github.com/Svetlitski/jemalloc/actions/runs/5010245602) on my fork for an example (make sure to follow the instructions in the error message to download and inspect the results). 2023-05-18 08:00:10 +08:00			`--with-private-namespace=jemalloc_ \`
			`--disable-cache-oblivious \`
			`--enable-prof \`
			`--enable-prof-libunwind \`
			`--with-malloc-conf="$compile_time_malloc_conf" \`
			`--enable-readlinkat \`
			`--enable-opt-safety-checks \`
			`--enable-uaf-detection \`
			`--enable-force-getenv \`
			`--enable-debug # Enabling debug for static analysis is important,`
			`# otherwise you'll get tons of warnings for things`
			# that are already covered by `assert`s.

Fix inconsistent parameter names between definition/declaration pairs For the sake of consistency, function definitions and their corresponding declarations should use the same names for parameters. I've enabled this check in static analysis to prevent this issue from occurring again in the future. 2023-07-07 07:27:56 +08:00			`bear -- make -s -j "$(nproc)"`
Add GitHub action which runs static analysis Now that all of the various issues that static analysis uncovered have been fixed (#2431, #2432, #2433, #2436, #2437, #2446), I've added a GitHub action which will run static analysis for every PR going forward. When static analysis detects issues with your code, the GitHub action provides a link to download its findings in a form tailored for human consumption. Take a look at [this demonstration of what it looks like when static analysis issues are found](https://github.com/Svetlitski/jemalloc/actions/runs/5010245602) on my fork for an example (make sure to follow the instructions in the error message to download and inspect the results). 2023-05-18 08:00:10 +08:00			`# We end up with lots of duplicate entries in the compilation database, one for`
			`# each output file type (e.g. .o, .d, .sym, etc.). There must be exactly one`
			`# entry for each file in the compilation database in order for`
			`# cross-translation-unit analysis to work, so we deduplicate the database here.`
			`jq '[.[] \| select(.output \| test("/[^./]*\\.o$"))]' compile_commands.json > compile_commands.json.tmp`
			`mv compile_commands.json.tmp compile_commands.json`

Fix inconsistent parameter names between definition/declaration pairs For the sake of consistency, function definitions and their corresponding declarations should use the same names for parameters. I've enabled this check in static analysis to prevent this issue from occurring again in the future. 2023-07-07 07:27:56 +08:00			`# CodeChecker has a bug where it freaks out if you supply the skipfile via process substitution,`
			`# so we resort to manually creating a temporary file`
			`skipfile=$(mktemp)`
			# The single-quotes are deliberate here, you want `$skipfile` to be evaluated upon exit
			`trap 'rm -f $skipfile' EXIT`
			`echo '-**/stdlib.h' > "$skipfile"`
			`CC_ANALYZERS_FROM_PATH=1 CodeChecker analyze compile_commands.json --jobs "$(nproc)" \`
Add GitHub action which runs static analysis Now that all of the various issues that static analysis uncovered have been fixed (#2431, #2432, #2433, #2436, #2437, #2446), I've added a GitHub action which will run static analysis for every PR going forward. When static analysis detects issues with your code, the GitHub action provides a link to download its findings in a form tailored for human consumption. Take a look at [this demonstration of what it looks like when static analysis issues are found](https://github.com/Svetlitski/jemalloc/actions/runs/5010245602) on my fork for an example (make sure to follow the instructions in the error message to download and inspect the results). 2023-05-18 08:00:10 +08:00			`--ctu --compile-uniqueing strict --output static_analysis_raw_results \`
Fix inconsistent parameter names between definition/declaration pairs For the sake of consistency, function definitions and their corresponding declarations should use the same names for parameters. I've enabled this check in static analysis to prevent this issue from occurring again in the future. 2023-07-07 07:27:56 +08:00			`--analyzers clangsa clang-tidy --skip "$skipfile" \`
			`--enable readability-inconsistent-declaration-parameter-name`
			# `--enable` is additive, the vast majority of the checks we want are
			`# enabled by default.`
Add GitHub action which runs static analysis Now that all of the various issues that static analysis uncovered have been fixed (#2431, #2432, #2433, #2436, #2437, #2446), I've added a GitHub action which will run static analysis for every PR going forward. When static analysis detects issues with your code, the GitHub action provides a link to download its findings in a form tailored for human consumption. Take a look at [this demonstration of what it looks like when static analysis issues are found](https://github.com/Svetlitski/jemalloc/actions/runs/5010245602) on my fork for an example (make sure to follow the instructions in the error message to download and inspect the results). 2023-05-18 08:00:10 +08:00
			`html_output_dir="${1:-static_analysis_results}"`
			`result=${2:-/dev/null}`
			`# We're echoing a value because we want to indicate whether or not any errors`
			`# were found, but we always want the script to have a successful exit code so`
			`# that we actually reach the step in the GitHub action where we upload the results.`
			`if CodeChecker parse --export html --output "$html_output_dir" static_analysis_raw_results`
			`then`
			`echo "HAS_STATIC_ANALYSIS_RESULTS=0" >> "$result"`
			`else`
			`echo "HAS_STATIC_ANALYSIS_RESULTS=1" >> "$result"`
			`fi`