[v1] Static analyser finding deviation

[PATCH 0/4] Static analyser finding deviation

Posted by Luca Fancellu 2 years ago

This serie introduces a way to suppress a static analyser finding providing a
proper justification for it.
The process is explained in the docs/misra/documenting-violations.rst document
that this serie will provide.
The tools currently supported are eclair, coverity and cppcheck, but the design
is open to support many other static analysis tool.

The changes are split between the first two patches to reduce the review effort,
the first patch is introducing the deviation process for the eclair and coverity
tools, this is because their analysis system is similar.

The second patch is introducing the same deviation process for cppcheck,
modifying the current way it is called from the makefile and improving its
analysis.

The third patch is a fix for a tool used for cppcheck and the fourth patch
is an example of how a deviation can be applied for some MISRA findings.

---
This serie was pushed as RFC and collected many feedbacks, thank you for the
review.
In this serie to analyse the codebase, a script is used instead of integrating
the process into the makefile.
---

Luca Fancellu (4):
  xen/scripts: add xen-analysis.py for coverity and eclair analysis
  xen/scripts: add cppcheck tool to the xen-analysis.py script
  tools/misra: fix skipped rule numbers
  xen: Justify linker script defined symbols in include/xen/kernel.h

 .gitignore                                    |   9 +-
 docs/misra/cppcheck.txt                       |  27 +-
 docs/misra/documenting-violations.rst         | 192 +++++++++++++
 docs/misra/false-positive-coverity.json       |  12 +
 docs/misra/false-positive-cppcheck.json       |  12 +
 docs/misra/false-positive-eclair.json         |  12 +
 docs/misra/safe.json                          |  20 ++
 docs/misra/xen-static-analysis.rst            |  90 ++++++
 xen/Makefile                                  | 116 +-------
 xen/include/hypercall-defs.c                  |   9 +
 xen/include/xen/kernel.h                      |   4 +
 xen/scripts/xen-analysis.py                   |  45 +++
 xen/scripts/xen_analysis/__init__.py          |   0
 xen/scripts/xen_analysis/cppcheck_analysis.py | 272 ++++++++++++++++++
 .../xen_analysis/cppcheck_report_utils.py     | 130 +++++++++
 xen/scripts/xen_analysis/generic_analysis.py  |  88 ++++++
 xen/scripts/xen_analysis/settings.py          | 152 ++++++++++
 xen/scripts/xen_analysis/tag_database.py      | 109 +++++++
 xen/scripts/xen_analysis/utils.py             |  56 ++++
 xen/tools/convert_misra_doc.py                |  32 ++-
 xen/tools/cppcheck-cc.sh                      | 223 ++++++++++++++
 xen/tools/cppcheck-plat/arm32-wchar_t4.xml    |  17 ++
 xen/tools/cppcheck-plat/arm64-wchar_t2.xml    |  17 ++
 xen/tools/cppcheck-plat/arm64-wchar_t4.xml    |  17 ++
 xen/tools/cppcheck-plat/x86_64-wchar_t2.xml   |  17 ++
 xen/tools/cppcheck-plat/x86_64-wchar_t4.xml   |  17 ++
 xen/tools/merge_cppcheck_reports.py           |  86 ------
 27 files changed, 1557 insertions(+), 224 deletions(-)
 create mode 100644 docs/misra/documenting-violations.rst
 create mode 100644 docs/misra/false-positive-coverity.json
 create mode 100644 docs/misra/false-positive-cppcheck.json
 create mode 100644 docs/misra/false-positive-eclair.json
 create mode 100644 docs/misra/safe.json
 create mode 100644 docs/misra/xen-static-analysis.rst
 create mode 100755 xen/scripts/xen-analysis.py
 create mode 100644 xen/scripts/xen_analysis/__init__.py
 create mode 100644 xen/scripts/xen_analysis/cppcheck_analysis.py
 create mode 100644 xen/scripts/xen_analysis/cppcheck_report_utils.py
 create mode 100644 xen/scripts/xen_analysis/generic_analysis.py
 create mode 100644 xen/scripts/xen_analysis/settings.py
 create mode 100644 xen/scripts/xen_analysis/tag_database.py
 create mode 100644 xen/scripts/xen_analysis/utils.py
 create mode 100755 xen/tools/cppcheck-cc.sh
 create mode 100644 xen/tools/cppcheck-plat/arm32-wchar_t4.xml
 create mode 100644 xen/tools/cppcheck-plat/arm64-wchar_t2.xml
 create mode 100644 xen/tools/cppcheck-plat/arm64-wchar_t4.xml
 create mode 100644 xen/tools/cppcheck-plat/x86_64-wchar_t2.xml
 create mode 100644 xen/tools/cppcheck-plat/x86_64-wchar_t4.xml
 delete mode 100755 xen/tools/merge_cppcheck_reports.py

-- 
2.17.1

Re: [PATCH 0/4] Static analyser finding deviation

Posted by Stefano Stabellini 2 years ago

On Mon, 28 Nov 2022, Luca Fancellu wrote:
> This serie introduces a way to suppress a static analyser finding providing a
> proper justification for it.
> The process is explained in the docs/misra/documenting-violations.rst document
> that this serie will provide.
> The tools currently supported are eclair, coverity and cppcheck, but the design
> is open to support many other static analysis tool.
> 
> The changes are split between the first two patches to reduce the review effort,
> the first patch is introducing the deviation process for the eclair and coverity
> tools, this is because their analysis system is similar.
> 
> The second patch is introducing the same deviation process for cppcheck,
> modifying the current way it is called from the makefile and improving its
> analysis.
> 
> The third patch is a fix for a tool used for cppcheck and the fourth patch
> is an example of how a deviation can be applied for some MISRA findings.

I tried testing this series with:

# scripts/xen-analysis.py --build-only --cppcheck-html --run-cppcheck --cppcheck-bin=/local/repos/cppcheck/cppcheck --cppcheck-html-bin=/local/repos/cppcheck/htmlreport/cppcheck-htmlreport

But I get this error:

ERROR: Can't find cppcheck version or version is not 2.7


Note that my cppcheck is 2.7.4:

# ./cppcheck --version
Cppcheck 2.7.4


After removing the version check in cppcheck_analysis.py, the process
starts correctly.

Also, where is the output html report created by cppcheck-html by
default?

Re: [PATCH 0/4] Static analyser finding deviation

Posted by Luca Fancellu 2 years ago


> On 29 Nov 2022, at 01:55, Stefano Stabellini <sstabellini@kernel.org> wrote:
> 
> On Mon, 28 Nov 2022, Luca Fancellu wrote:
>> This serie introduces a way to suppress a static analyser finding providing a
>> proper justification for it.
>> The process is explained in the docs/misra/documenting-violations.rst document
>> that this serie will provide.
>> The tools currently supported are eclair, coverity and cppcheck, but the design
>> is open to support many other static analysis tool.
>> 
>> The changes are split between the first two patches to reduce the review effort,
>> the first patch is introducing the deviation process for the eclair and coverity
>> tools, this is because their analysis system is similar.
>> 
>> The second patch is introducing the same deviation process for cppcheck,
>> modifying the current way it is called from the makefile and improving its
>> analysis.
>> 
>> The third patch is a fix for a tool used for cppcheck and the fourth patch
>> is an example of how a deviation can be applied for some MISRA findings.

Hi Stefano,

> 
> I tried testing this series with:
> 
> # scripts/xen-analysis.py --build-only --cppcheck-html --run-cppcheck --cppcheck-bin=/local/repos/cppcheck/cppcheck --cppcheck-html-bin=/local/repos/cppcheck/htmlreport/cppcheck-htmlreport
> 
> But I get this error:
> 
> ERROR: Can't find cppcheck version or version is not 2.7
> 
> 
> Note that my cppcheck is 2.7.4:
> 
> # ./cppcheck --version
> Cppcheck 2.7.4

Yes this is a bug, I’m strictly checking for 2.7, I will modify it to 2.7.x if you agree

> 
> 
> After removing the version check in cppcheck_analysis.py, the process
> starts correctly.
> 
> Also, where is the output html report created by cppcheck-html by
> default?


The html output should be in the xen folder [xen_repo]/xen/cppcheck-htmlreport/html but when you specify --build-only the reports are not generated, only the build phase is executed.

Have you tried without --build-only to test the report generations?

Cheers,
Luca

Re: [PATCH 0/4] Static analyser finding deviation

Posted by Luca Fancellu 1 year, 12 months ago


> On 29 Nov 2022, at 09:46, Luca Fancellu <Luca.Fancellu@arm.com> wrote:
> 
> 
> 
>> On 29 Nov 2022, at 01:55, Stefano Stabellini <sstabellini@kernel.org> wrote:
>> 
>> On Mon, 28 Nov 2022, Luca Fancellu wrote:
>>> This serie introduces a way to suppress a static analyser finding providing a
>>> proper justification for it.
>>> The process is explained in the docs/misra/documenting-violations.rst document
>>> that this serie will provide.
>>> The tools currently supported are eclair, coverity and cppcheck, but the design
>>> is open to support many other static analysis tool.
>>> 
>>> The changes are split between the first two patches to reduce the review effort,
>>> the first patch is introducing the deviation process for the eclair and coverity
>>> tools, this is because their analysis system is similar.
>>> 
>>> The second patch is introducing the same deviation process for cppcheck,
>>> modifying the current way it is called from the makefile and improving its
>>> analysis.
>>> 
>>> The third patch is a fix for a tool used for cppcheck and the fourth patch
>>> is an example of how a deviation can be applied for some MISRA findings.
> 
> Hi Stefano,
> 
>> 
>> I tried testing this series with:
>> 
>> # scripts/xen-analysis.py --build-only --cppcheck-html --run-cppcheck --cppcheck-bin=/local/repos/cppcheck/cppcheck --cppcheck-html-bin=/local/repos/cppcheck/htmlreport/cppcheck-htmlreport
>> 
>> But I get this error:
>> 
>> ERROR: Can't find cppcheck version or version is not 2.7
>> 
>> 
>> Note that my cppcheck is 2.7.4:
>> 
>> # ./cppcheck --version
>> Cppcheck 2.7.4
> 
> Yes this is a bug, I’m strictly checking for 2.7, I will modify it to 2.7.x if you agree
> 
>> 
>> 
>> After removing the version check in cppcheck_analysis.py, the process
>> starts correctly.
>> 
>> Also, where is the output html report created by cppcheck-html by
>> default?
> 
> 
> The html output should be in the xen folder [xen_repo]/xen/cppcheck-htmlreport/html but when you specify --build-only the reports are not generated, only the build phase is executed.
> 
> Have you tried without --build-only to test the report generations?

However I’ve found another bug, when building using your command line (at least on my x86 machine)

I have that xen is not building and it’s ending with this:

ld    -melf_x86_64  -T arch/x86/xen.lds -N prelink.o --build-id=sha1 \
    ./common/symbols-dummy.o -o ./.xen-syms.0
nm -pa --format=sysv ./.xen-syms.0 \
	| ./tools/symbols --all-symbols --sort-by-name --sysv --sort \
	>./.xen-syms.0.S
make -f ./Rules.mk obj=. ./.xen-syms.0.o
  CC      .xen-syms.0.o
ld    -melf_x86_64  -T arch/x86/xen.lds -N prelink.o --build-id=sha1 \
    ./.xen-syms.0.o -o ./.xen-syms.1
nm -pa --format=sysv ./.xen-syms.1 \
	| ./tools/symbols --all-symbols --sort-by-name --sysv --sort --error-dup \
	>./.xen-syms.1.S
make -f ./Rules.mk obj=. ./.xen-syms.1.o
  CC      .xen-syms.1.o
ld    -melf_x86_64  -T arch/x86/xen.lds -N prelink.o --build-id=sha1 \
    --orphan-handling=warn ./.xen-syms.1.o -o xen-syms
nm -pa --format=sysv ./xen-syms \
	| ./tools/symbols --all-symbols --xensyms --sysv --sort \
	>./xen-syms.map
rm -f ./.xen-syms.[0-9]* ./..xen-syms.[0-9]*
  HOSTCC  arch/x86/efi/mkreloc
Checking arch/x86/efi/mkreloc.c ...
Checking arch/x86/efi/mkreloc.c: CPPCHECK=1;...
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
nm: 'arch/x86/efi/relocs-dummy.o': No such file
echo "Will strip debug info from xen.efi"
Will strip debug info from xen.efi
ld -mi386pep --subsystem=10 --strip-debug --image-base=0x --stack=0,0 --heap=0,0 --section-alignment=0x200000 --file-alignment=0x20 --major-image-version=4 --minor-image-version=17 --major-os-version=2 --minor-os-version=0 --major-subsystem-version=2 --minor-subsystem-version=0 --build-id=sha1 -T arch/x86/efi.lds -N prelink.o arch/x86/efi/relocs-dummy.o ./common/symbols-dummy.o -b pe-x86-64 arch/x86/efi/buildid.o -o ./.xen.efi.0x.0 &&  ld -mi386pep --subsystem=10 --strip-debug --image-base=0x --stack=0,0 --heap=0,0 --section-alignment=0x200000 --file-alignment=0x20 --major-image-version=4 --minor-image-version=17 --major-os-version=2 --minor-os-version=0 --major-subsystem-version=2 --minor-subsystem-version=0 --build-id=sha1 -T arch/x86/efi.lds -N prelink.o arch/x86/efi/relocs-dummy.o ./common/symbols-dummy.o -b pe-x86-64 arch/x86/efi/buildid.o -o ./.xen.efi.0x.0 && :
ld: cannot find arch/x86/efi/relocs-dummy.o: No such file or directory
ld: cannot find arch/x86/efi/buildid.o: No such file or directory
arch/x86/Makefile:207: recipe for target 'xen.efi' failed
make[2]: *** [xen.efi] Error 1
build.mk:90: recipe for target 'xen' failed
make[1]: *** [xen] Error 2
Makefile:585: recipe for target 'xen' failed
make: *** [xen] Error 2
make: Leaving directory '/data_sdc1/lucfan01/kirkstone_xen/xen/xen'
ERROR: Build error occured when running:
make -C /data_sdc1/lucfan01/kirkstone_xen/xen/xen  CC="/data_sdc1/lucfan01/kirkstone_xen/xen/xen/tools/cppcheck-cc.sh --compiler=gcc --cppcheck-cmd=cppcheck --cppcheck-build-dir=/data_sdc1/lucfan01/kirkstone_xen/xen/xen/build-dir-cppcheck --max-ctu-depth=10 --enable=style,information,missingInclude --template='{file}({line},{column}):{id}:{severity}:{message}' --relative-paths=/data_sdc1/lucfan01/kirkstone_xen/xen/xen --inline-suppr --suppressions-list=/data_sdc1/lucfan01/kirkstone_xen/xen/xen/suppression-list.txt --suppress='unmatchedSuppression:*generated/compiler-def.h' --include=/data_sdc1/lucfan01/kirkstone_xen/xen/xen/include/xen/config.h -DCPPCHECK --cppcheck-plat=/data_sdc1/lucfan01/kirkstone_xen/xen/xen/tools/cppcheck-plat --ignore-path=tools/ --cppcheck-html --“ build


I’ve investigated why and it turns out that this line 94 in xen/xen/arch/x86/arch.mk:

XEN_BUILD_EFI := $(call if-success,$(CC) $(CFLAGS) -c $(srctree)/$(efi-check).c -o $(efi-check).o,y)

is calling the compiler on a c file, so the wrapper is using cppcheck on it, but seems that $(ARCH) variable is not set at this point so the call fails and you don’t see why because the output is silenced.

The fix is simple:

diff --git a/xen/scripts/xen_analysis/cppcheck_analysis.py b/xen/scripts/xen_analysis/cppcheck_analysis.py
index e5c2f3be3e85..646826851f0b 100644
--- a/xen/scripts/xen_analysis/cppcheck_analysis.py
+++ b/xen/scripts/xen_analysis/cppcheck_analysis.py
@@ -181,6 +181,7 @@ def generate_cppcheck_deps():
 
     cppcheck_cc_flags = """--compiler={} --cppcheck-cmd={} {}
  --cppcheck-plat={}/cppcheck-plat --ignore-path=tools/
+ --ignore-path=arch/x86/efi/check.c
 """.format(xen_cc, settings.cppcheck_binpath, cppcheck_flags,
            settings.tools_dir)
 
This will instruct the cppcheck-cc.sh wrapper to don’t call the cppcheck code on the *arch/x86/efi/check.c file.

I will add it in the next serie version as well as all the comments in the serie

Cheers,
Luca

> 
> Cheers,
> Luca