This patch detects new static analyze issues, and report them.
It does this by reporting on the delta for this branch, compared
to the previous branch.
For example the error might look like this:
error level: +0 -0 no changes
warning level: +2 +0
New issue "deadcode.DeadStores Value stored to 'remote' is never read" (1
occurrence)
file:///home/runner/work/ovs/ovs/vswitchd/ovs-vswitchd.c:86
New issue "unix.Malloc Potential leak of memory pointed to by 'remote'" (1
occurrence)
file:///home/runner/work/ovs/ovs/vswitchd/ovs-vswitchd.c:95
note level: +0 -0 no changes
all levels: +2 +0
Signed-off-by: Eelco Chaudron <echau...@redhat.com>
---
.ci/linux-build.sh | 29 ++++++++++++
.github/workflows/build-and-test.yml | 80 ++++++++++++++++++++++++++++++++++
2 files changed, 109 insertions(+)
diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh
index aa2ecc505..6b251835d 100755
--- a/.ci/linux-build.sh
+++ b/.ci/linux-build.sh
@@ -49,6 +49,30 @@ function build_ovs()
make -j4
}
+function clang_analyze()
+{
+ [ -d "./upstream-clang-analyzer-results" ] && cache_build=false \
+ || cache_build=true
+ if [ "$cache_build" = true ]; then
+ # If this is a cache build, proceed to the upstream branch's directory.
+ cd upstream_ovs_main
+ fi;
+
+ configure_ovs $OPTS
+ make clean
+ scan-build -o ./clang-analyzer-results -sarif --use-cc=clang make -j4
+
+ if [ "$cache_build" = true ]; then
+ # Move results, so it will be picked up by the cache.
+ mv ./clang-analyzer-results ../upstream-clang-analyzer-results
+ cd ..
+ else
+ # Only do the compare on the none cache builds.
+ sarif --check note diff ./upstream-clang-analyzer-results \
+ ./clang-analyzer-results/
+ fi;
+}
+
if [ "$DEB_PACKAGE" ]; then
./boot.sh && ./configure --with-dpdk=$DPDK && make debian
mk-build-deps --install --root-cmd sudo --remove debian/control
@@ -116,6 +140,11 @@ fi
OPTS="${EXTRA_OPTS} ${OPTS} $*"
+if [ "$CLANG_ANALYZE" ]; then
+ clang_analyze
+ exit 0
+fi
+
if [ "$TESTSUITE" = 'test' ]; then
# 'distcheck' will reconfigure with required options.
# Now we only need to prepare the Makefile without sparse-wrapped CC.
diff --git a/.github/workflows/build-and-test.yml
b/.github/workflows/build-and-test.yml
index 09654205e..f1ed6f718 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -223,6 +223,86 @@ jobs:
name: logs-linux-${{ join(matrix.*, '-') }}
path: logs.tgz
+ build-clang-analyze:
+ needs: build-dpdk
+ env:
+ dependencies: |
+ automake bc clang-tools libbpf-dev libnuma-dev libpcap-dev \
+ libunbound-dev libunwind-dev libssl-dev libtool llvm-dev \
+ python3-unbound
+ CC: clang
+ DPDK: dpdk
+ CLANG_ANALYZE: true
+ name: clang-analyze
+ runs-on: ubuntu-22.04
+ timeout-minutes: 30
+
+ steps:
+ - name: checkout
+ uses: actions/checkout@v3
+
+ - name: checkout default branch
+ uses: actions/checkout@v3
+ with:
+ ref: ${{ github.event_name == 'pull_request' &&
github.event.pull_request.base.sha || github.event.before }}
+ fetch-depth: 0
+ path: upstream_ovs_main
+
+ - name: update PATH
+ run: |
+ echo "$HOME/bin" >> $GITHUB_PATH
+ echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+ - name: generate cache key
+ id: cache_key
+ run: |
+ echo "key=clang-analyze-$(git -C upstream_ovs_main rev-parse HEAD)" \
+ >> $GITHUB_OUTPUT
+
+ - name: check for analyzer result cache
+ id: clang_cache
+ uses: actions/cache@v3
+ with:
+ path: upstream-clang-analyzer-results
+ key: ${{ steps.cache_key.outputs.key }}
+
+ - name: set up python
+ uses: actions/setup-python@v4
+ with:
+ python-version: '3.9'
+
+ - name: get cached dpdk-dir
+ uses: actions/cache/restore@v3
+ with:
+ path: dpdk-dir
+ key: ${{ needs.build-dpdk.outputs.dpdk_key }}
+
+ - name: update APT cache
+ run: sudo apt update || true
+
+ - name: install common dependencies
+ run: sudo apt install -y ${{ env.dependencies }}
+
+ - name: install sarif tools
+ run: sudo pip3 install --disable-pip-version-check sarif-tools
+
+ - name: prepare
+ run: ./.ci/linux-prepare.sh
+
+ - name: build upstream reference
+ if: steps.clang_cache.outputs.cache-hit != 'true'
+ run: ./.ci/linux-build.sh
+
+ - name: build
+ run: ./.ci/linux-build.sh
+
+ - name: save cache
+ uses: actions/cache/save@v3
+ if: always() && steps.clang_cache.outputs.cache-hit != 'true'
+ with:
+ path: upstream-clang-analyzer-results
+ key: ${{ steps.cache_key.outputs.key }}
+
build-osx:
env:
CC: clang
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
