Xen project Mailing List

Re: [PATCH] automation: Add container and build jobs to run cppcheck analysis

To: Stefano Stabellini <sstabellini@xxxxxxxxxx>

From: Michal Orzel <michal.orzel@xxxxxxx>

Date: Tue, 14 Feb 2023 08:52:17 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2Rp3QHIazdVXBLCezcWIPqOQhG3XUpEGbOhHqnhMpfg=; b=mkVJQ+QiVF32dsMRap1BVv5V8yykbSpGdF9eWPoq+UVE2ZuVxLboNPTzuXvSNcaxPjr1hKuIBxRooOY1H2UJctXq8xPz5vn5GFx90t7NJTvcCQOG939GmIwy8gdP2YeOx4p6gzRtolzOHtId/oLRZZtFKJaRteMhNITsd1aENZ0NGws2geNLSMXkNdgRvUecaaFrvpLkBMlcIZfbi2sM7BnKjqAtrJARnWAeQTXz/Z0LDXpNtRCSLojaI3fszZMB7Jnwz6Hxg8wLXToAdIn2eH0CYo+N4qfshLssKUBhnLkga9aV3QZxjuyPQAba1YBc6rAOh7Y34EE5+4FLVj1/cQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V/4+4cB6x6bQeClFZHgbX3ZF+ki7IhSv1VZ5hpJ6Eafmw5fgG1OM/TmJzEGpJ4NkPEOjktAYBBuEFYeMAharc0qwBe21hWEU8PSykTl9eqHVJ9NVXVZ3DstNzR28USie+VeayOjYSy7dtjeEotwpZlL8e3DzuL4SJir/vIiH/YraWNVeky6pJE446HN885LMwtXCLUwsMY6Lg1dgI34UQU1XeKcqMutc4hXK+raHxKRN6w1C6KUOH5t0DU32m4s++4Qt3O/VMoKORm2Hapjpygh8YEMyLUE8oZetb51+vlDoR2EhB67/hNAxjLnK5i3SHyB8n+0TFmYhAPO2M3gHKw==

Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>

Delivery-date: Tue, 14 Feb 2023 07:52:32 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Stefano, On 14/02/2023 00:56, Stefano Stabellini wrote: > > > On Mon, 13 Feb 2023, Michal Orzel wrote: >> Add a debian container with cppcheck installation routine inside, >> capable of performing cppcheck analysis on Xen-only build including >> cross-builds for arm32 and arm64. >> >> Populate build jobs making use of that container to run cppcheck >> analysis to produce a text report (xen-cppcheck.txt) containing the list >> of all the findings. >> >> This patch does not aim at performing any sort of bisection. Cppcheck is >> imperfect and for now, our goal is to at least be aware of its reports, >> so that we can compare them with the ones produced by better tools and >> to be able to see how these reports change as a result of further >> infrastructure improvements (e.g. exception list, rules exclusion). >> >> Signed-off-by: Michal Orzel <michal.orzel@xxxxxxx> > > Thanks for the patch, very nice! > > >> --- >> For those interested in, here is a sample pipeline: >> https://gitlab.com/xen-project/people/morzel/xen-orzelmichal/-/pipelines/775769167 >> --- >> .../build/debian/unstable-cppcheck.dockerfile | 37 +++++++++++++++++ >> automation/gitlab-ci/build.yaml | 40 +++++++++++++++++++ >> automation/scripts/build | 11 ++++- >> 3 files changed, 87 insertions(+), 1 deletion(-) >> create mode 100644 automation/build/debian/unstable-cppcheck.dockerfile >> >> diff --git a/automation/build/debian/unstable-cppcheck.dockerfile >> b/automation/build/debian/unstable-cppcheck.dockerfile >> new file mode 100644 >> index 000000000000..39bcc50673c8 >> --- /dev/null >> +++ b/automation/build/debian/unstable-cppcheck.dockerfile >> @@ -0,0 +1,37 @@ >> +FROM debian:unstable >> +LABEL maintainer.name="The Xen Project" \ >> + maintainer.email="xen-devel@xxxxxxxxxxxxxxxxxxxx" >> + >> +ENV DEBIAN_FRONTEND=noninteractive >> +ENV CPPCHECK_VERSION=2.7 >> +ENV USER root >> + >> +RUN mkdir /build >> +WORKDIR /build >> + >> +# dependencies for cppcheck and Xen-only build/cross-build >> +RUN apt-get update && \ >> + apt-get --quiet --yes install \ >> + build-essential \ >> + curl \ >> + python-is-python3 \ >> + libpcre3-dev \ >> + flex \ >> + bison \ >> + gcc-arm-linux-gnueabihf \ >> + gcc-aarch64-linux-gnu >> + >> +# cppcheck release build (see cppcheck readme.md) >> +RUN curl -fsSLO >> https://github.com/danmar/cppcheck/archive/"$CPPCHECK_VERSION".tar.gz && \ >> + tar xvzf "$CPPCHECK_VERSION".tar.gz && \ >> + cd cppcheck-"$CPPCHECK_VERSION" && \ >> + make install -j$(nproc) \ >> + MATCHCOMPILER=yes \ >> + FILESDIR=/usr/share/cppcheck \ >> + HAVE_RULES=yes CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare >> -Wno-unused-function" >> + >> +# clean >> +RUN apt-get autoremove -y && \ >> + apt-get clean && \ >> + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* && \ >> + rm -rf cppcheck-"$CPPCHECK_VERSION"* "$CPPCHECK_VERSION".tar.gz >> diff --git a/automation/gitlab-ci/build.yaml >> b/automation/gitlab-ci/build.yaml >> index a053c5c7325d..c8831ccbec7a 100644 >> --- a/automation/gitlab-ci/build.yaml >> +++ b/automation/gitlab-ci/build.yaml >> @@ -7,6 +7,7 @@ >> paths: >> - binaries/ >> - xen-config >> + - xen-cppcheck.txt >> - '*.log' >> - '*/*.log' >> when: always >> @@ -145,6 +146,23 @@ >> variables: >> <<: *gcc >> >> +.arm64-cross-build-tmpl: >> + <<: *build >> + variables: >> + XEN_TARGET_ARCH: arm64 >> + tags: >> + - x86_64 >> + >> +.arm64-cross-build: >> + extends: .arm64-cross-build-tmpl >> + variables: >> + debug: n >> + >> +.gcc-arm64-cross-build: >> + extends: .arm64-cross-build >> + variables: >> + <<: *gcc >> + >> .arm64-build-tmpl: >> <<: *build >> variables: >> @@ -679,6 +697,28 @@ archlinux-current-gcc-riscv64-debug-randconfig: >> EXTRA_FIXED_RANDCONFIG: >> CONFIG_COVERAGE=n >> >> +# Cppcheck analysis jobs >> + >> +debian-unstable-gcc-cppcheck: >> + extends: .gcc-x86-64-build >> + variables: >> + CONTAINER: debian:unstable-cppcheck >> + CPPCHECK: y >> + >> +debian-unstable-gcc-arm32-cppcheck: >> + extends: .gcc-arm32-cross-build >> + variables: >> + CONTAINER: debian:unstable-cppcheck >> + CROSS_COMPILE: /usr/bin/arm-linux-gnueabihf- >> + CPPCHECK: y >> + >> +debian-unstable-gcc-arm64-cppcheck: >> + extends: .gcc-arm64-cross-build >> + variables: >> + CONTAINER: debian:unstable-cppcheck >> + CROSS_COMPILE: /usr/bin/aarch64-linux-gnu- >> + CPPCHECK: y >> + >> ## Test artifacts common >> >> .test-jobs-artifact-common: >> diff --git a/automation/scripts/build b/automation/scripts/build >> index f2f5e55bc04f..c219752d553e 100755 >> --- a/automation/scripts/build >> +++ b/automation/scripts/build >> @@ -38,7 +38,16 @@ cp xen/.config xen-config >> # Directory for the artefacts to be dumped into >> mkdir binaries >> >> -if [[ "${HYPERVISOR_ONLY}" == "y" ]]; then >> +if [[ "${CPPCHECK}" == "y" ]]; then >> + # Cppcheck analysis invokes Xen-only build. > > Given that when $CPPCHECK == y we are doing a hypervisor-only build, > what do you think of also specifying $HYPERVISOR_ONLY == y in these > cases? > > We could set both CPPCHECK=y and HYPERVISOR_ONLY=y in build.yaml and > then here also check for both. Well, these are just cosmetic changes not impacting anything important, so if you want, I am ok to explicitly set HYPERVISOR_ONLY=y for cppcheck jobs. > > >> + # Known limitation: cppcheck generates inconsistent reports when running >> + # in parallel mode, therefore do not specify -j<n>. > > I take you tried -j$(nproc) on gitlab-ci and didn't work well? I tested > -j$(nproc) in my native arm64 environment and seemed to work well. Both me and Luca agreed on the fact that the reports are inconsistent when running cppcheck analysis with -j$(nproc). It is not that it would fail to create a report. Instead, there will be some internal cppcheck errors present in a report. Therefore, to minimize the risk of producing incorrect list of findings it is best not to specify -j<n>. > > >> + xen/scripts/xen-analysis.py --run-cppcheck --cppcheck-misra >> + >> + # Preserve artefacts >> + cp xen/xen binaries/xen >> + cp xen/cppcheck-report/xen-cppcheck.txt xen-cppcheck.txt >> +elif [[ "${HYPERVISOR_ONLY}" == "y" ]]; then >> # Xen-only build >> make -j$(nproc) xen >> >> -- >> 2.25.1 >> ~Michal

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.