> On 29 Nov 2022, at 09:46, Luca Fancellu <luca.fance...@arm.com> wrote:
>
>
>
>> On 29 Nov 2022, at 01:55, Stefano Stabellini <sstabell...@kernel.org> wrote:
>>
>> On Mon, 28 Nov 2022, Luca Fancellu wrote:
>>> This serie introduces a way to suppress a static analyser finding providing
>>> a
>>> proper justification for it.
>>> The process is explained in the docs/misra/documenting-violations.rst
>>> document
>>> that this serie will provide.
>>> The tools currently supported are eclair, coverity and cppcheck, but the
>>> design
>>> is open to support many other static analysis tool.
>>>
>>> The changes are split between the first two patches to reduce the review
>>> effort,
>>> the first patch is introducing the deviation process for the eclair and
>>> coverity
>>> tools, this is because their analysis system is similar.
>>>
>>> The second patch is introducing the same deviation process for cppcheck,
>>> modifying the current way it is called from the makefile and improving its
>>> analysis.
>>>
>>> The third patch is a fix for a tool used for cppcheck and the fourth patch
>>> is an example of how a deviation can be applied for some MISRA findings.
>
> Hi Stefano,
>
>>
>> I tried testing this series with:
>>
>> # scripts/xen-analysis.py --build-only --cppcheck-html --run-cppcheck
>> --cppcheck-bin=/local/repos/cppcheck/cppcheck
>> --cppcheck-html-bin=/local/repos/cppcheck/htmlreport/cppcheck-htmlreport
>>
>> But I get this error:
>>
>> ERROR: Can't find cppcheck version or version is not 2.7
>>
>>
>> Note that my cppcheck is 2.7.4:
>>
>> # ./cppcheck --version
>> Cppcheck 2.7.4
>
> Yes this is a bug, I’m strictly checking for 2.7, I will modify it to 2.7.x
> if you agree
>
>>
>>
>> After removing the version check in cppcheck_analysis.py, the process
>> starts correctly.
>>
>> Also, where is the output html report created by cppcheck-html by
>> default?
>
>
> The html output should be in the xen folder
> [xen_repo]/xen/cppcheck-htmlreport/html but when you specify --build-only the
> reports are not generated, only the build phase is executed.
>
> Have you tried without --build-only to test the report generations?
However I’ve found another bug, when building using your command line (at least
on my x86 machine)
I have that xen is not building and it’s ending with this:
ld -melf_x86_64 -T arch/x86/xen.lds -N prelink.o --build-id=sha1 \
./common/symbols-dummy.o -o ./.xen-syms.0
nm -pa --format=sysv ./.xen-syms.0 \
| ./tools/symbols --all-symbols --sort-by-name --sysv --sort \
>./.xen-syms.0.S
make -f ./Rules.mk obj=. ./.xen-syms.0.o
CC .xen-syms.0.o
ld -melf_x86_64 -T arch/x86/xen.lds -N prelink.o --build-id=sha1 \
./.xen-syms.0.o -o ./.xen-syms.1
nm -pa --format=sysv ./.xen-syms.1 \
| ./tools/symbols --all-symbols --sort-by-name --sysv --sort
--error-dup \
>./.xen-syms.1.S
make -f ./Rules.mk obj=. ./.xen-syms.1.o
CC .xen-syms.1.o
ld -melf_x86_64 -T arch/x86/xen.lds -N prelink.o --build-id=sha1 \
--orphan-handling=warn ./.xen-syms.1.o -o xen-syms
nm -pa --format=sysv ./xen-syms \
| ./tools/symbols --all-symbols --xensyms --sysv --sort \
>./xen-syms.map
rm -f ./.xen-syms.[0-9]* ./..xen-syms.[0-9]*
HOSTCC arch/x86/efi/mkreloc
Checking arch/x86/efi/mkreloc.c ...
Checking arch/x86/efi/mkreloc.c: CPPCHECK=1;...
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
echo "Will strip debug info from xen.efi"
Will strip debug info from xen.efi
ld -mi386pep --subsystem=10 --strip-debug --image-base=0x --stack=0,0
--heap=0,0 --section-alignment=0x200000 --file-alignment=0x20
--major-image-version=4 --minor-image-version=17 --major-os-version=2
--minor-os-version=0 --major-subsystem-version=2 --minor-subsystem-version=0
--build-id=sha1 -T arch/x86/efi.lds -N prelink.o arch/x86/efi/relocs-dummy.o
./common/symbols-dummy.o -b pe-x86-64 arch/x86/efi/buildid.o -o ./.xen.efi.0x.0
&& ld -mi386pep --subsystem=10 --strip-debug --image-base=0x --stack=0,0
--heap=0,0 --section-alignment=0x200000 --file-alignment=0x20
--major-image-version=4 --minor-image-version=17 --major-os-version=2
--minor-os-version=0 --major-subsystem-version=2 --minor-subsystem-version=0
--build-id=sha1 -T arch/x86/efi.lds -N prelink.o arch/x86/efi/relocs-dummy.o
./common/symbols-dummy.o -b pe-x86-64 arch/x86/efi/buildid.o -o ./.xen.efi.0x.0
&& :
ld: cannot find arch/x86/efi/relocs-dummy.o: No such file or directory
ld: cannot find arch/x86/efi/buildid.o: No such file or directory
arch/x86/Makefile:207: recipe for target 'xen.efi' failed
make[2]: *** [xen.efi] Error 1
build.mk:90: recipe for target 'xen' failed
make[1]: *** [xen] Error 2
Makefile:585: recipe for target 'xen' failed
make: *** [xen] Error 2
make: Leaving directory '/data_sdc1/lucfan01/kirkstone_xen/xen/xen'
ERROR: Build error occured when running:
make -C /data_sdc1/lucfan01/kirkstone_xen/xen/xen
CC="/data_sdc1/lucfan01/kirkstone_xen/xen/xen/tools/cppcheck-cc.sh
--compiler=gcc --cppcheck-cmd=cppcheck
--cppcheck-build-dir=/data_sdc1/lucfan01/kirkstone_xen/xen/xen/build-dir-cppcheck
--max-ctu-depth=10 --enable=style,information,missingInclude
--template='{file}({line},{column}):{id}:{severity}:{message}'
--relative-paths=/data_sdc1/lucfan01/kirkstone_xen/xen/xen --inline-suppr
--suppressions-list=/data_sdc1/lucfan01/kirkstone_xen/xen/xen/suppression-list.txt
--suppress='unmatchedSuppression:*generated/compiler-def.h'
--include=/data_sdc1/lucfan01/kirkstone_xen/xen/xen/include/xen/config.h
-DCPPCHECK
--cppcheck-plat=/data_sdc1/lucfan01/kirkstone_xen/xen/xen/tools/cppcheck-plat
--ignore-path=tools/ --cppcheck-html --“ build
I’ve investigated why and it turns out that this line 94 in
xen/xen/arch/x86/arch.mk:
XEN_BUILD_EFI := $(call if-success,$(CC) $(CFLAGS) -c $(srctree)/$(efi-check).c
-o $(efi-check).o,y)
is calling the compiler on a c file, so the wrapper is using cppcheck on it,
but seems that $(ARCH) variable is not set at this point so the call fails and
you don’t see why because the output is silenced.
The fix is simple:
diff --git a/xen/scripts/xen_analysis/cppcheck_analysis.py
b/xen/scripts/xen_analysis/cppcheck_analysis.py
index e5c2f3be3e85..646826851f0b 100644
--- a/xen/scripts/xen_analysis/cppcheck_analysis.py
+++ b/xen/scripts/xen_analysis/cppcheck_analysis.py
@@ -181,6 +181,7 @@ def generate_cppcheck_deps():
cppcheck_cc_flags = """--compiler={} --cppcheck-cmd={} {}
--cppcheck-plat={}/cppcheck-plat --ignore-path=tools/
+ --ignore-path=arch/x86/efi/check.c
""".format(xen_cc, settings.cppcheck_binpath, cppcheck_flags,
settings.tools_dir)
This will instruct the cppcheck-cc.sh wrapper to don’t call the cppcheck code
on the *arch/x86/efi/check.c file.
I will add it in the next serie version as well as all the comments in the serie
Cheers,
Luca
>
> Cheers,
> Luca
