在RT-Thread的scons基础上使用clang-tidy做静态分析
测试代码
先写个简单的代码
main.c
#include
#include
#include
int main(int argc, char *argv[])
{
char *tmp = (char *)malloc(argc);
if(tmp)
{
strncpy(tmp, argv[0], argc);
printf(%s, tmp);
if(argc > 2)
{
free(tmp);
}
}
printf(hello world!n);
return 0;
}
使用clang-tidy分析一下
apt install -y clang-tidyclang-tidy main.cerror while trying to load a compilation database:
could not auto-detect compilation database for file main.c
no compilation database found in /work/analyzer or any parent directory
fixed-compilation-database: error while opening fixed database: no such file or directory
json-compilation-database: error while opening json database: no such file or directory
running without flags.
2 warnings generated.
/work/analyzer/main.c:12:3: warning: call to function 'strncpy' is insecure as it does not provide security checks introduced in the c11 standard. replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of c11 [clang-analyzer-security.insecureapi.deprecatedorunsafebufferhandling]
strncpy(tmp, argv[0], argc);
^~~~~~~
/work/analyzer/main.c:12:3: note: call to function 'strncpy' is insecure as it does not provide security checks introduced in the c11 standard. replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of c11
strncpy(tmp, argv[0], argc);
^~~~~~~
/work/analyzer/main.c:21:2: warning: potential leak of memory pointed to by 'tmp' [clang-analyzer-unix.malloc]
printf(hello world!n);
^
/work/analyzer/main.c:8:22: note: memory is allocated
char *tmp = (char *)malloc(argc);
^~~~~~~~~~~~
/work/analyzer/main.c:10:5: note: assuming 'tmp' is non-null
if(tmp)
^~~
/work/analyzer/main.c:10:2: note: taking true branch
if(tmp)
^
/work/analyzer/main.c:15:6: note: assuming 'argc' is 2)
^~~~~~~~
/work/analyzer/main.c:15:3: note: taking false branch
if(argc > 2)
^
/work/analyzer/main.c:21:2: note: potential leak of memory pointed to by 'tmp'
printf(hello world!n);
^
compile_commands.json
还是有点用的,但我们rt-thread项目中代码那么多,一个一个输入太麻烦了。
而且我们代码多是arm和gcc的,而开发机多是x86,clang默认参数也分析不了。
刚才分析结果第1行就有提示,没有找到compilation database,其实scons就可以生成
需要比较新的版本
python3 -m pip install scons
python3 -m scons -v
scons by steven knight et al.:
scons: v4.0.1.c289977f8b34786ab6c334311e232886da7e8df1, 2020-07-17 01:50:03, by bdbaddog on prodog2020
scons path: ['/usr/lib/python3/dist-packages/scons']
copyright (c) 2001 - 2020 the scons foundation
然后更新下scons脚本,让生成compile_commands.json
git diff sconstruct+env.tool('compilation_db')
+env.compilationdatabase()
make a buildingdobuilding(target, objs)
run-clang-tidy
然后使用 run-clang-tidy 就可以自动分析所有的源代码了。
输出html
生成的结果是文本,查看起来还是比较费力的,目前有个简单的转换为html格式,
虽然也比较简陋,但比文本还是方便多了。
run-clang-tidy > clang_tidy_analyzer.txt
pip3 install clang-html
clang-tidy-html clang_tidy_analyzer.txt
关于Wolfram语言与Mathematica13.1版本上线
离不开的中国制造 无可代替
全球智能手机市场已饱和 华为小米逆势激增
使用单片机实现音乐程序设计的详细资料说明
2023年全球智能手机市场寒冬已过,苹果出货量跃居首位
在RT-Thread的scons基础上使用clang-tidy做静态分析
激光市场增速放缓,超快激光有望成为激光产业下一增长点
广西移动试点MWDM半有源5G前传方案,完成5G基站的快速覆盖
韶音和南卡那个好,韶音AS800跟南卡runner pro3对比
分享关于汽车照明方案的相关解释
轻松教会如何用气密性测试仪检测LED户外广告屏后壳气密性_连拓精密
中芯国际2020年将成第二大晶圆厂?
HR-500位移传感器在自动化生产领域的五个重要作用
“人工智能”是块宝,仿佛是百度救命草
一文详解正弦交流电
超声波清洗机电源发生器
谷歌表示将为 Stadia 平台引入 400 款游戏
为提升游戏体验,那么SSD将必不可少
5G基站按既定节奏稳步建设中
全自动间隙涂布机
先写个简单的代码
main.c
#include
#include
#include
int main(int argc, char *argv[])
{
char *tmp = (char *)malloc(argc);
if(tmp)
{
strncpy(tmp, argv[0], argc);
printf(%s, tmp);
if(argc > 2)
{
free(tmp);
}
}
printf(hello world!n);
return 0;
}
使用clang-tidy分析一下
apt install -y clang-tidyclang-tidy main.cerror while trying to load a compilation database:
could not auto-detect compilation database for file main.c
no compilation database found in /work/analyzer or any parent directory
fixed-compilation-database: error while opening fixed database: no such file or directory
json-compilation-database: error while opening json database: no such file or directory
running without flags.
2 warnings generated.
/work/analyzer/main.c:12:3: warning: call to function 'strncpy' is insecure as it does not provide security checks introduced in the c11 standard. replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of c11 [clang-analyzer-security.insecureapi.deprecatedorunsafebufferhandling]
strncpy(tmp, argv[0], argc);
^~~~~~~
/work/analyzer/main.c:12:3: note: call to function 'strncpy' is insecure as it does not provide security checks introduced in the c11 standard. replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of c11
strncpy(tmp, argv[0], argc);
^~~~~~~
/work/analyzer/main.c:21:2: warning: potential leak of memory pointed to by 'tmp' [clang-analyzer-unix.malloc]
printf(hello world!n);
^
/work/analyzer/main.c:8:22: note: memory is allocated
char *tmp = (char *)malloc(argc);
^~~~~~~~~~~~
/work/analyzer/main.c:10:5: note: assuming 'tmp' is non-null
if(tmp)
^~~
/work/analyzer/main.c:10:2: note: taking true branch
if(tmp)
^
/work/analyzer/main.c:15:6: note: assuming 'argc' is 2)
^~~~~~~~
/work/analyzer/main.c:15:3: note: taking false branch
if(argc > 2)
^
/work/analyzer/main.c:21:2: note: potential leak of memory pointed to by 'tmp'
printf(hello world!n);
^
compile_commands.json
还是有点用的,但我们rt-thread项目中代码那么多,一个一个输入太麻烦了。
而且我们代码多是arm和gcc的,而开发机多是x86,clang默认参数也分析不了。
刚才分析结果第1行就有提示,没有找到compilation database,其实scons就可以生成
需要比较新的版本
python3 -m pip install scons
python3 -m scons -v
scons by steven knight et al.:
scons: v4.0.1.c289977f8b34786ab6c334311e232886da7e8df1, 2020-07-17 01:50:03, by bdbaddog on prodog2020
scons path: ['/usr/lib/python3/dist-packages/scons']
copyright (c) 2001 - 2020 the scons foundation
然后更新下scons脚本,让生成compile_commands.json
git diff sconstruct+env.tool('compilation_db')
+env.compilationdatabase()
make a buildingdobuilding(target, objs)
run-clang-tidy
然后使用 run-clang-tidy 就可以自动分析所有的源代码了。
输出html
生成的结果是文本,查看起来还是比较费力的,目前有个简单的转换为html格式,
虽然也比较简陋,但比文本还是方便多了。
run-clang-tidy > clang_tidy_analyzer.txt
pip3 install clang-html
clang-tidy-html clang_tidy_analyzer.txt
关于Wolfram语言与Mathematica13.1版本上线
离不开的中国制造 无可代替
全球智能手机市场已饱和 华为小米逆势激增
使用单片机实现音乐程序设计的详细资料说明
2023年全球智能手机市场寒冬已过,苹果出货量跃居首位
在RT-Thread的scons基础上使用clang-tidy做静态分析
激光市场增速放缓,超快激光有望成为激光产业下一增长点
广西移动试点MWDM半有源5G前传方案,完成5G基站的快速覆盖
韶音和南卡那个好,韶音AS800跟南卡runner pro3对比
分享关于汽车照明方案的相关解释
轻松教会如何用气密性测试仪检测LED户外广告屏后壳气密性_连拓精密
中芯国际2020年将成第二大晶圆厂?
HR-500位移传感器在自动化生产领域的五个重要作用
“人工智能”是块宝,仿佛是百度救命草
一文详解正弦交流电
超声波清洗机电源发生器
谷歌表示将为 Stadia 平台引入 400 款游戏
为提升游戏体验,那么SSD将必不可少
5G基站按既定节奏稳步建设中
全自动间隙涂布机