[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH 1/4] xen/Makefile: add analysis-coverity and analysis-eclair

  • To: Luca Fancellu <Luca.Fancellu@xxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 14 Nov 2022 17:05:37 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gQgseoSQVd1e05VTTeEWL0ZknjU3TTN/8sH+WnMVZHE=; b=F3ns03ZGBDtYF1x8r2Nc2wbvfCNDo9StUgWC4f2FpCiRQb8ShVailTmZGlS5f2TLr7Zjlua4Mzz946hHD2fxHFgaUrErNBTPr/gdq1qwSqMG8hrKhl6VrAzSVccrgmo0Kq3V5Qe0rmDRlSNz378Yq8jO4MoXbubtuYPcni2bbEiLCqmE88nM5lFni9OvFOBX0Yvfjf0VMAcx101FU7NLg2onOWCkWqRVTxJLxtevDUBIjQjXK+DucNn/kUsOkA5Yq/QfZtgP0e+SLEyZuNeZ1wZFLGyoOl6W3XGHzl0AGiEEQWI/ccoJMZV8SzXoBqQL05/OmkHRtOJGD+xJFO95+g==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kxqbWpoGNwn7PxE2cKKZ1J9Y7BXT9Pogb6VoeZ1fxSM4vUKHC18aPtGmzJGfJNvPogYYr4Lx9B2KQAoUtpvJ+T65940KXAw0jKKhV+LIR+JDsO23WGro/buda8VUe5gjbv5Zscv5ujlzIqTpPLC7J2ooCzFu+BEEM9Nhl+lI6paME5tNeR9sO2VodC37bUurAkCCkaIjeDi2DikSwzqXZOCMxtp+/XrGPQ/15S3GFAZ77tcpVIatb0A0k9LQTvPc+b08WVdgdYLJ457qgMdp68xiPp3nQ00pUJTSC5XBF0Ts/6yeBxq+QUxKUAJV/n8FzNgIkxsMncY61422gppAYQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Wei Chen <Wei.Chen@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>
  • Delivery-date: Mon, 14 Nov 2022 16:05:45 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 14.11.2022 13:30, Luca Fancellu wrote:
>> On 14 Nov 2022, at 07:30, Jan Beulich <jbeulich@xxxxxxxx> wrote:
>> On 11.11.2022 21:52, Stefano Stabellini wrote:
>>> On Fri, 11 Nov 2022, Jan Beulich wrote:
>>>> Did you consider the alternative approach of copying the tree, altering
>>>> it (while or after copying), running the build there, pulling out the
>>>> result files, and delete the entire copy? Such a model would likely get
>>>> away without introducing surprising make rules.
> 
> This approach does not work because the report will contain a path that is 
> different from the source path and
> some web based tools won’t be able to track back the origin of the finding.
> 
> e.g. /path/to/xen/arch/arm/<file> is the original file, we run the analysis 
> on /path/to2/xen/arch/arm/<file>,
> the finding is in /path/to2/xen/arch/arm/<file> but the source repository 
> contains only /path/to/xen/arch/arm/<file>

Simply run "sed" over the result?

>>> Another, maybe simpler idea: what if the build step is not a dependency
>>> of the analysis-* goals?
>>>
>>> Basically, the user is supposed to:
>>>
>>> 1) call analysis-parse-tags-*
>>> 2) build Xen (in any way they like)
>>> 3) call analysis-clean
>>
>> Well, that's exactly what I've been proposing, with the (optional)
>> addition of a small (shell) script doing all of the three for ...
>>
>>> Making steps 1-3 into a single step is slightly more convenient for the
>>> user but the downside is that dealing with build errors becomes
>>> problematic.
>>>
>>> On the other hand, if we let the user call steps 1-3 by hand
>>> individually, it is slightly less convenient for the user but they can
>>> more easily deal with any build error and sophisticated build
>>> configurations.
>>
>> ... convenience.
> 
> For coverity and eclair, it makes sense, these tools doesn’t require much 
> effort to be integrated,
> they are built to intercept files, compilers, environment variables during 
> the make run in a
> transparent way.
> 
> So the workflow is:
> 
> 1) call analysis-parse-tags-*
> 2) build Xen (in any way they like)
> 3) call analysis-clean
> 
> 
> If we think about cppcheck however, here the story changes, as it requires 
> all these information
> to be given as inputs, we have to do all the work the commercial tools do 
> under the hood.
> 
> The cppcheck workflow instead is:
> 
> 1) call analysis-parse-tags-cppcheck
> 2) generate cppcheck suppression list
> 3) build Xen (and run cppcheck on built source files)
> 4) collect and generate report
> 5) call analysis-clean

Which merely makes for a more involved (shell) script.

> So let’s think about detaching the build stage from the previous stages, I 
> think it is not very convenient
> for the user, as during cppcheck analysis we build 
> $(objtree)/include/generated/compiler-def.h, we build 
> $(objtree)/suppression-list.txt, so the user needs to build Xen where those 
> files are created
> (in-tree or out-of-tree) otherwise the analysis won’t work and that’s the 
> first user requirement (stage #3).
> 
> The most critical input to cppcheck is Xen’s $(CC), it comes from the build 
> system in this serie, the user would
> need to pass the correct one to cppcheck wrapper, together with cppcheck 
> flags, and pass to Xen build stage #3
> the wrapper as CC, second user requirement.
> 
> After the analysis, the user needs to run some scripts to put together the 
> cppcheck report fragments
> after its analysis, this step requires also the knowledge of were Xen is 
> built, in-tree or out-of-tree, so
> here the third user requirement (similar to the first one, but the stage is 
> #4).
> 
> In the end, we can see the user would not be able to call individually the 
> targets if it is not mastering
> the system, it’s too complex to have something working, we could create a 
> script to handle these requirements,
> but it would be complex as it would do the job of the make system, plus it 
> needs to forward additional make arguments
> to it as well (CROSS_COMPILE, XEN_TARGET_ARCH, in-tree or Out-of-tree build, 
> ... for example).
> 
> In this thread the message is that in case of errors, there will be some 
> artifacts (<file>.safparse, modified <file>)
> and this is unexpected or surprising, but we are going to add a lot of 
> complexity to handle something that needs
> just documentation (in my opinion).
> 
> If the community don’t agree that documentation is enough, a solution could 
> be to provide a script that in case of
> errors, calls automatically the analysis-clean target, analysis-<tool> will 
> call also the build step in this case,
> here some pseudocode:
> 
>       #!/bin/bash
>       set -e
> 
>       trap [call analysis-clean] EXIT
> 
>       [call analysis-<tool>]
> 
> 
> This script needs however all the make arguments that we would have passed to 
> make instead:
> 
> ./script.sh --tool=<tool> [--dont-clean-on-err] -- CROSS_COMPILE=“[...]“ 
> XEN_TARGET_ARCH=“[...]” [others...]

Well, of course the suggested script would need to be passed overrides you'd
otherwise pass with "make build" or alike.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.