[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] automation: Add container and build jobs to run cppcheck analysis

  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Michal Orzel <michal.orzel@xxxxxxx>
  • Date: Mon, 13 Feb 2023 15:23:12 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c3LAAQJ+In6ShGDftioJeaSS5XhI1kLDe3N52dbgbNc=; b=OBoE0upmKS5nPpARERd30ZXQaqlfI8n10DkdEpTKZaKjvp9x6RcobvThAI+4G4Q+UuGbl4/CSZeCU1rEqrCL1JojZ1G1H1KsXRRWIIz7BwiwitNbArputdy+X54sDy6jc/jhaEyY15pDzmnIqqzQnPzXzeDwwQyDWy+PhxXi4qk8CoUWf9DK26DaWqh4qLsmKeIeZAKuO8hqaPAJ9B+fAMANKyuxaYFUprDD5F/TtoMBArUQaKu1anMYe6/KnJ/Xw2duEnKVd39FJ+TLOQNzMBr6w/4UrGTsembtCbDYmzHT8Im7SJ7a2OvHEUg3XMl6+sfb+kwh604lDYqZ2MA/Pw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YZCuMvUI0XSa8xJ0j673rW7KwYuLlbs8Fffs3gDgliW8Qy0tUF/YwD3M/9GI6ws/oTTKI+YrmwOH5KwZLkF+S/+QYl3kqCeyYePvXbvgcobLVVafxtEppwy1nzyIOlEKHpkfz0LCj5S4rdZds+RORqACulphIJiydVNrn+VBK2a2Do5jJ7VvvLLc2PNM0AmGvimNJrgtcFa2UjT4CTfh2aqVzKI98ZDphPIbo+75j4f5jTxMB9xYXq7PjzvOqSwwwcF1kZmK/mx6yiYArnDHcM9omu5ZOM3zPsm1Rc54OUjICZ7ocNvdz7O6f0nkygagiF1nAd+vpBF2TN+9P+6iAg==
  • Cc: Michal Orzel <michal.orzel@xxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • Delivery-date: Mon, 13 Feb 2023 14:23:28 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Add a debian container with cppcheck installation routine inside,
capable of performing cppcheck analysis on Xen-only build including
cross-builds for arm32 and arm64.

Populate build jobs making use of that container to run cppcheck
analysis to produce a text report (xen-cppcheck.txt) containing the list
of all the findings.

This patch does not aim at performing any sort of bisection. Cppcheck is
imperfect and for now, our goal is to at least be aware of its reports,
so that we can compare them with the ones produced by better tools and
to be able to see how these reports change as a result of further
infrastructure improvements (e.g. exception list, rules exclusion).

Signed-off-by: Michal Orzel <michal.orzel@xxxxxxx>
---
For those interested in, here is a sample pipeline:
https://gitlab.com/xen-project/people/morzel/xen-orzelmichal/-/pipelines/775769167
---
 .../build/debian/unstable-cppcheck.dockerfile | 37 +++++++++++++++++
 automation/gitlab-ci/build.yaml               | 40 +++++++++++++++++++
 automation/scripts/build                      | 11 ++++-
 3 files changed, 87 insertions(+), 1 deletion(-)
 create mode 100644 automation/build/debian/unstable-cppcheck.dockerfile

diff --git a/automation/build/debian/unstable-cppcheck.dockerfile 
b/automation/build/debian/unstable-cppcheck.dockerfile
new file mode 100644
index 000000000000..39bcc50673c8
--- /dev/null
+++ b/automation/build/debian/unstable-cppcheck.dockerfile
@@ -0,0 +1,37 @@
+FROM debian:unstable
+LABEL maintainer.name="The Xen Project" \
+      maintainer.email="xen-devel@xxxxxxxxxxxxxxxxxxxx"
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV CPPCHECK_VERSION=2.7
+ENV USER root
+
+RUN mkdir /build
+WORKDIR /build
+
+# dependencies for cppcheck and Xen-only build/cross-build
+RUN apt-get update && \
+    apt-get --quiet --yes install \
+        build-essential \
+        curl \
+        python-is-python3 \
+        libpcre3-dev \
+        flex \
+        bison \
+        gcc-arm-linux-gnueabihf \
+        gcc-aarch64-linux-gnu
+
+# cppcheck release build (see cppcheck readme.md)
+RUN curl -fsSLO 
https://github.com/danmar/cppcheck/archive/"$CPPCHECK_VERSION".tar.gz && \
+    tar xvzf "$CPPCHECK_VERSION".tar.gz && \
+    cd cppcheck-"$CPPCHECK_VERSION" && \
+    make install -j$(nproc) \
+        MATCHCOMPILER=yes \
+        FILESDIR=/usr/share/cppcheck \
+        HAVE_RULES=yes CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare 
-Wno-unused-function"
+
+# clean
+RUN apt-get autoremove -y && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* && \
+    rm -rf cppcheck-"$CPPCHECK_VERSION"* "$CPPCHECK_VERSION".tar.gz
diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml
index a053c5c7325d..c8831ccbec7a 100644
--- a/automation/gitlab-ci/build.yaml
+++ b/automation/gitlab-ci/build.yaml
@@ -7,6 +7,7 @@
     paths:
       - binaries/
       - xen-config
+      - xen-cppcheck.txt
       - '*.log'
       - '*/*.log'
     when: always
@@ -145,6 +146,23 @@
   variables:
     <<: *gcc
 
+.arm64-cross-build-tmpl:
+  <<: *build
+  variables:
+    XEN_TARGET_ARCH: arm64
+  tags:
+    - x86_64
+
+.arm64-cross-build:
+  extends: .arm64-cross-build-tmpl
+  variables:
+    debug: n
+
+.gcc-arm64-cross-build:
+  extends: .arm64-cross-build
+  variables:
+    <<: *gcc
+
 .arm64-build-tmpl:
   <<: *build
   variables:
@@ -679,6 +697,28 @@ archlinux-current-gcc-riscv64-debug-randconfig:
     EXTRA_FIXED_RANDCONFIG:
       CONFIG_COVERAGE=n
 
+# Cppcheck analysis jobs
+
+debian-unstable-gcc-cppcheck:
+  extends: .gcc-x86-64-build
+  variables:
+    CONTAINER: debian:unstable-cppcheck
+    CPPCHECK: y
+
+debian-unstable-gcc-arm32-cppcheck:
+  extends: .gcc-arm32-cross-build
+  variables:
+    CONTAINER: debian:unstable-cppcheck
+    CROSS_COMPILE: /usr/bin/arm-linux-gnueabihf-
+    CPPCHECK: y
+
+debian-unstable-gcc-arm64-cppcheck:
+  extends: .gcc-arm64-cross-build
+  variables:
+    CONTAINER: debian:unstable-cppcheck
+    CROSS_COMPILE: /usr/bin/aarch64-linux-gnu-
+    CPPCHECK: y
+
 ## Test artifacts common
 
 .test-jobs-artifact-common:
diff --git a/automation/scripts/build b/automation/scripts/build
index f2f5e55bc04f..c219752d553e 100755
--- a/automation/scripts/build
+++ b/automation/scripts/build
@@ -38,7 +38,16 @@ cp xen/.config xen-config
 # Directory for the artefacts to be dumped into
 mkdir binaries
 
-if [[ "${HYPERVISOR_ONLY}" == "y" ]]; then
+if [[ "${CPPCHECK}" == "y" ]]; then
+    # Cppcheck analysis invokes Xen-only build.
+    # Known limitation: cppcheck generates inconsistent reports when running
+    # in parallel mode, therefore do not specify -j<n>.
+    xen/scripts/xen-analysis.py --run-cppcheck --cppcheck-misra
+
+    # Preserve artefacts
+    cp xen/xen binaries/xen
+    cp xen/cppcheck-report/xen-cppcheck.txt xen-cppcheck.txt
+elif [[ "${HYPERVISOR_ONLY}" == "y" ]]; then
     # Xen-only build
     make -j$(nproc) xen
 
-- 
2.25.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.