On 11/27/23 18:36, Eelco Chaudron wrote:
> This patch detects new static analyze issues, and report them.
> It does this by reporting on the delta for this branch, compared
> to the previous branch.
>
> For example the error might look like this:
>
> error level: +0 -0 no changes
> warning level: +2 +0
> New issue "deadcode.DeadStores Value stored to 'remote' is never read" (1
> occurrence)
> file:///home/runner/work/ovs/ovs/vswitchd/ovs-vswitchd.c:86
> New issue "unix.Malloc Potential leak of memory pointed to by 'remote'"
> (1 occurrence)
> file:///home/runner/work/ovs/ovs/vswitchd/ovs-vswitchd.c:95
> note level: +0 -0 no changes
> all levels: +2 +0
>
> Signed-off-by: Eelco Chaudron <echau...@redhat.com>
> ---
>
> changes in v2:
> - When it's a new branch, it compares it to the HEAD of the default branch.
>
> .ci/linux-build.sh | 29 ++++++++++
> .github/workflows/build-and-test.yml | 96
> ++++++++++++++++++++++++++++++++++
> 2 files changed, 125 insertions(+)
>
> diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh
> index aa2ecc505..fedf1398a 100755
> --- a/.ci/linux-build.sh
> +++ b/.ci/linux-build.sh
> @@ -49,6 +49,30 @@ function build_ovs()
> make -j4
> }
>
> +function clang_analyze()
> +{
> + [ -d "./base-clang-analyzer-results" ] && cache_build=false \
> + || cache_build=true
> + if [ "$cache_build" = true ]; then
> + # If this is a cache build, proceed to the base branch's directory.
> + cd base_ovs_main
> + fi;
> +
> + configure_ovs $OPTS
> + make clean
> + scan-build -o ./clang-analyzer-results -sarif --use-cc=clang make -j4
> +
> + if [ "$cache_build" = true ]; then
> + # Move results, so it will be picked up by the cache.
> + mv ./clang-analyzer-results ../base-clang-analyzer-results
> + cd ..
> + else
> + # Only do the compare on the none cache builds.
> + sarif --check note diff ./base-clang-analyzer-results \
> + ./clang-analyzer-results
> + fi;
> +}
> +
> if [ "$DEB_PACKAGE" ]; then
> ./boot.sh && ./configure --with-dpdk=$DPDK && make debian
> mk-build-deps --install --root-cmd sudo --remove debian/control
> @@ -116,6 +140,11 @@ fi
>
> OPTS="${EXTRA_OPTS} ${OPTS} $*"
>
> +if [ "$CLANG_ANALYZE" ]; then
> + clang_analyze
> + exit 0
> +fi
> +
> if [ "$TESTSUITE" = 'test' ]; then
> # 'distcheck' will reconfigure with required options.
> # Now we only need to prepare the Makefile without sparse-wrapped CC.
> diff --git a/.github/workflows/build-and-test.yml
> b/.github/workflows/build-and-test.yml
> index 09654205e..d15105e7d 100644
> --- a/.github/workflows/build-and-test.yml
> +++ b/.github/workflows/build-and-test.yml
> @@ -223,6 +223,102 @@ jobs:
> name: logs-linux-${{ join(matrix.*, '-') }}
> path: logs.tgz
>
> + build-clang-analyze:
> + needs: build-dpdk
> + env:
> + dependencies: |
> + automake bc clang-tools libbpf-dev libnuma-dev libpcap-dev \
> + libunbound-dev libunwind-dev libssl-dev libtool llvm-dev \
> + python3-unbound
> + CC: clang
> + DPDK: dpdk
> + CLANG_ANALYZE: true
> + name: clang-analyze
> + runs-on: ubuntu-22.04
> + timeout-minutes: 30
> +
> + steps:
> + - name: checkout
> + uses: actions/checkout@v3
> +
> + - name: get base branch sha
> + id: base_branch
> + run: |
> + if [ "$GITHUB_EVENT_NAME" = "pull_request" ]; then
> + echo "sha=$BASE_SHA" >> $GITHUB_OUTPUT
> + else
> + if [ "$EVENT_BEFORE" = "0000000000000000000000000000000000000000"
> ]; then
> + echo "sha=$DEFAULT_BRANCH" >> $GITHUB_OUTPUT
How this is going ot work on patches for older branches?
> + else
> + echo "sha=$EVENT_BEFORE" >> $GITHUB_OUTPUT
> + fi
> + fi
> + env:
> + BASE_SHA: ${{ github.event.pull_request.base.sha }}
> + EVENT_BEFORE: ${{ github.event.before }}
> + DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
Can we swap env and run sections, so everything that is used
is already defined?
> +
> + - name: checkout base branch
> + uses: actions/checkout@v3
> + with:
> + ref: ${{ steps.base_branch.outputs.sha }}
> + path: base_ovs_main
> +
> + - name: update PATH
> + run: |
> + echo "$HOME/bin" >> $GITHUB_PATH
> + echo "$HOME/.local/bin" >> $GITHUB_PATH
> +
> + - name: generate cache key
> + id: cache_key
> + run: |
> + echo "key=clang-analyze-$(git -C base_ovs_main rev-parse HEAD)" \
> + >> $GITHUB_OUTPUT
> +
> + - name: check for analyzer result cache
> + id: clang_cache
> + uses: actions/cache@v3
> + with:
> + path: base-clang-analyzer-results
> + key: ${{ steps.cache_key.outputs.key }}
> +
> + - name: set up python
> + uses: actions/setup-python@v4
> + with:
> + python-version: '3.9'
> +
> + - name: get cached dpdk-dir
> + uses: actions/cache/restore@v3
> + with:
> + path: dpdk-dir
> + key: ${{ needs.build-dpdk.outputs.dpdk_key }}
> +
> + - name: update APT cache
> + run: sudo apt update || true
> +
> + - name: install common dependencies
> + run: sudo apt install -y ${{ env.dependencies }}
> +
> + - name: install sarif tools
> + run: sudo pip3 install --disable-pip-version-check sarif-tools
> +
> + - name: prepare
> + run: ./.ci/linux-prepare.sh
> +
> + - name: build base reference
> + if: steps.clang_cache.outputs.cache-hit != 'true'
> + run: ./.ci/linux-build.sh
> +
> + - name: build
> + run: ./.ci/linux-build.sh
> +
> + - name: save cache
> + uses: actions/cache/save@v3
> + if: always() && steps.clang_cache.outputs.cache-hit != 'true'
> + with:
> + path: base-clang-analyzer-results
> + key: ${{ steps.cache_key.outputs.key }}
> +
> build-osx:
> env:
> CC: clang
>
> _______________________________________________
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
