Commit Graph

7 Commits

Author SHA1 Message Date
Yasushi SHOJI 6a069e14e7 cmake: sca: Add Parasoft C++test
This commit adds Parasoft C++test as a Static Analyser using Zephyr's SCA
framework.

By specifing -DZEPHYR_SCA_VARIANT=cpptest to west build, a cpptestscan.bdf
file will be generated under builddir/sca/cpptest/.

Signed-off-by: Yasushi SHOJI <yashi@spacecubics.com>
2024-02-02 13:49:08 +01:00
Yasushi SHOJI 0ac2a0fce9 cmake: sca: Add "SCA" to the Found messages
This commit enhances the clarity of the build log by adding the "SCA"
prefix to the "Found" messages generated by sca/*/sca.cmake. This change
improves the readability of the `west build` log for users who may not be
familiar with these tools, providing more informative and understandable
output.

Signed-off-by: Yasushi SHOJI <yashi@spacecubics.com>
2024-02-02 13:49:08 +01:00
Flavio Ceolin 3fc5d971fe security: Add compiler static analysis support
Enable GCC builtin static analysis in Zephyr's static code analysis
(SCA) infra.

When this option is enabled GCC performs a static analysis and
can point problems like:

sample.c

+	int *j;
+
+	if (j != NULL) {
+		printf("j != NULL\n");

output:

${ZEPHYR_BASE}/samples/userspace/hello_world_user/src/main.c:30:12:
warning: use of uninitialized value 'j' [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]

   30 |         if (j != NULL) {
      |            ^
  'main': events 1-2
    |
    |   25 |         int *j;
    |      |              ^
    |      |              |
    |      |              (1) region created on stack here
    |......
    |   30 |         if (j != NULL) {
    |      |            ~
    |      |            |
    |      |            (2) use of uninitialized value 'j' here

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
2024-01-25 12:07:27 +01:00
Marc Herbert d4b0273ab0 cmake: sparse.template: add COMMAND_ERROR_IS_FATAL
There are some situations like #67035 where sparse aborts and returns an
error code before the compiler has generated the .obj file; without any
clear indication that the .obj is missing (in normal situations sparse
prints warnings and _does_ creates the .obj file)

Also, builds are parallel by default and sparse runs tend to be massive
walls of text which all conspires to make it totally impossible to find
the relevant error message. Instead, we get an link-time error.

The only clear indication is the exit code. So catch it and abort the
build ASAP thanks to COMMAND_ERROR_IS_FATAL.

More generally speaking, the default behavior of execute_process() to
ignore errors is crazy. How frequently does a build system run commands
that do NOT matter?

Signed-off-by: Marc Herbert <marc.herbert@intel.com>
2024-01-15 11:32:44 +00:00
Pieter De Gendt 27f8c218cd cmake: sca: codechecker: Support storing results
Introduce CODECHECKER_STORE parameters to upload results to an active
CodeChecker server.

Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
2023-08-23 14:45:03 +02:00
Pieter De Gendt 517bdeb2bb cmake: sca: Add CodeChecker native support
Add CodeChecker as a static code analysis tool for zephyr.

Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
2023-08-15 21:35:25 -04:00
Torsten Rasmussen 91902c5fd4 cmake: add sparse support to the new SCA infrastructure
Sparse support was original introduced in #43776.

This commit introduces sparse support as part of Zephyr SCA tool
infrastructure.

The implementation in this commit has some benefits over existing
support:
- It does not required users to set `REAL_CC` in environment before
  invoking build command.
  This reduces risk of user mistakes, such as
  - REAL_CC being different from CMAKE_C_COMPILER.
  - User running CMake in one terminal / environment where REAL_CC is
    defined but invoking the build command in a different terminal /
    environment where REAL_CC is not defined or defined differently.
- It improve user experience as the user no longer has to define /
  re-define REAL_CC when building for different architecture, like
  switching from arm to xtensa, as this is now handled in CMake.
- CMAKE_C_COMPILER is not overwriting, this can be important for other
  tools which calls the C compiler for pre-processing purposes, such
  as devicetree and linker script generation.

Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
2023-01-27 20:28:58 +09:00