diff mbox series

docs/misra: Add instructions for cppcheck

Message ID 20220624105311.21057-1-luca.fancellu@arm.com (mailing list archive)
State Superseded
Headers show
Series docs/misra: Add instructions for cppcheck | expand

Commit Message

Luca Fancellu June 24, 2022, 10:53 a.m. UTC
Add instructions on how to build cppcheck, the version currently used
and an example to use the cppcheck integration to run the analysis on
the Xen codebase

Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
---
 docs/misra/cppcheck.txt | 66 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 docs/misra/cppcheck.txt

Comments

Julien Grall June 24, 2022, 11:20 a.m. UTC | #1
Hi Luca,

On 24/06/2022 11:53, Luca Fancellu wrote:
> Add instructions on how to build cppcheck, the version currently used
> and an example to use the cppcheck integration to run the analysis on
> the Xen codebase
> 
> Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
> ---
>   docs/misra/cppcheck.txt | 66 +++++++++++++++++++++++++++++++++++++++++
>   1 file changed, 66 insertions(+)
>   create mode 100644 docs/misra/cppcheck.txt
> 
> diff --git a/docs/misra/cppcheck.txt b/docs/misra/cppcheck.txt
> new file mode 100644
> index 000000000000..4df0488794aa
> --- /dev/null
> +++ b/docs/misra/cppcheck.txt
> @@ -0,0 +1,66 @@
> +Cppcheck for Xen static and MISRA analysis
> +==========================================
> +
> +Xen can be analysed for both static analysis problems and MISRA violation using
> +cppcheck, the open source tool allows the creation of a report with all the
> +findings. Xen has introduced the support in the Makefile so it's very easy to
> +use and in this document we can see how.
> +
> +First recommendation is to use exactly the same version in this page and provide
> +the same option to the build system, so that every Xen developer can reproduce
> +the same findings.

I am not sure I agree. I think it is good that each developper use their 
own version (so long it is supported), so they may be able to find 
issues that may not appear with 2.7.

> +
> +Install cppcheck in the system

NIT: s/in/on/ I think.

> +==============================
> +
> +Cppcheck can be retrieved from the github repository or by downloading the
> +tarball, the version tested so far is the 2.7:
> +
> + - https://github.com/danmar/cppcheck/tree/2.7
> + - https://github.com/danmar/cppcheck/archive/2.7.tar.gz
> +
> +To compile and install it, here the complete command line:
> +
> +make MATCHCOMPILER=yes \
> +    FILESDIR=/usr/share/cppcheck \
> +    CFGDIR=/usr/share/cppcheck/cfg \
> +    HAVE_RULES=yes \
> +    CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function" \
> +    install

Let me start that I am not convinced that our documentation should 
explain how to build cppcheck.

But if that's desire, then I think you ought to explain why we need to 
update CXXFLAGS (I would expect cppcheck to build everywhere without 
specifying additional flags).

Cheers,
Bertrand Marquis June 24, 2022, 11:40 a.m. UTC | #2
Hi Julien,

> On 24 Jun 2022, at 12:20, Julien Grall <julien@xen.org> wrote:
> 
> Hi Luca,
> 
> On 24/06/2022 11:53, Luca Fancellu wrote:
>> Add instructions on how to build cppcheck, the version currently used
>> and an example to use the cppcheck integration to run the analysis on
>> the Xen codebase
>> Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
>> ---
>> docs/misra/cppcheck.txt | 66 +++++++++++++++++++++++++++++++++++++++++
>> 1 file changed, 66 insertions(+)
>> create mode 100644 docs/misra/cppcheck.txt
>> diff --git a/docs/misra/cppcheck.txt b/docs/misra/cppcheck.txt
>> new file mode 100644
>> index 000000000000..4df0488794aa
>> --- /dev/null
>> +++ b/docs/misra/cppcheck.txt
>> @@ -0,0 +1,66 @@
>> +Cppcheck for Xen static and MISRA analysis
>> +==========================================
>> +
>> +Xen can be analysed for both static analysis problems and MISRA violation using
>> +cppcheck, the open source tool allows the creation of a report with all the
>> +findings. Xen has introduced the support in the Makefile so it's very easy to
>> +use and in this document we can see how.
>> +
>> +First recommendation is to use exactly the same version in this page and provide
>> +the same option to the build system, so that every Xen developer can reproduce
>> +the same findings.
> 
> I am not sure I agree. I think it is good that each developper use their own version (so long it is supported), so they may be able to find issues that may not appear with 2.7.

Right now the reality is not that great:
- 2.8 version of cppcheck has bugs and Misra checking is not working
- older versions of cppcheck are generating wrong html or xml files

So in practice anybody can try an other version but at the moment only 2.7 is useable.

Cheers
Bertrand
Luca Fancellu June 24, 2022, 12:01 p.m. UTC | #3
Hi Julien,

>> +First recommendation is to use exactly the same version in this page and provide
>> +the same option to the build system, so that every Xen developer can reproduce
>> +the same findings.
> 
> I am not sure I agree. I think it is good that each developper use their own version (so long it is supported), so they may be able to find issues that may not appear with 2.7.

Yes I understand, but as Bertrand says, other version of this tool doesn’t work quite well. I agree that everyone should use their own version, but for the sake of reproducibility
of the findings, I think we should have a common ground. The community can however propose from time to time to bump the version as long as we can say it works (maybe
crossing the reports between cppcheck, eclair, other proprietary tools).

> 
>> +
>> +Install cppcheck in the system
> 
> NIT: s/in/on/ I think.

Sure will fix
> 
>> +==============================
>> +
>> +Cppcheck can be retrieved from the github repository or by downloading the
>> +tarball, the version tested so far is the 2.7:
>> +
>> + - https://github.com/danmar/cppcheck/tree/2.7
>> + - https://github.com/danmar/cppcheck/archive/2.7.tar.gz
>> +
>> +To compile and install it, here the complete command line:
>> +
>> +make MATCHCOMPILER=yes \
>> + FILESDIR=/usr/share/cppcheck \
>> + CFGDIR=/usr/share/cppcheck/cfg \
>> + HAVE_RULES=yes \
>> + CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function" \
>> + install
> 
> Let me start that I am not convinced that our documentation should explain how to build cppcheck.
> 
> But if that's desire, then I think you ought to explain why we need to update CXXFLAGS (I would expect cppcheck to build everywhere without specifying additional flags).

Yes you are right, this is the recommended command line for building as in https://github.com/danmar/cppcheck/blob/main/readme.md section GNU make, I can add the source.

My intention when writing this page was to have a common ground between Xen developers, so that if one day someone came up with a fix for something, we are able to reproduce
the finding all together.

Cheers,
Luca

> 
> Cheers,
> 
> -- 
> Julien Grall
Julien Grall June 24, 2022, 12:08 p.m. UTC | #4
On 24/06/2022 12:40, Bertrand Marquis wrote:
> Hi Julien,

Hi Bertrand,

> 
>> On 24 Jun 2022, at 12:20, Julien Grall <julien@xen.org> wrote:
>>
>> Hi Luca,
>>
>> On 24/06/2022 11:53, Luca Fancellu wrote:
>>> Add instructions on how to build cppcheck, the version currently used
>>> and an example to use the cppcheck integration to run the analysis on
>>> the Xen codebase
>>> Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
>>> ---
>>> docs/misra/cppcheck.txt | 66 +++++++++++++++++++++++++++++++++++++++++
>>> 1 file changed, 66 insertions(+)
>>> create mode 100644 docs/misra/cppcheck.txt
>>> diff --git a/docs/misra/cppcheck.txt b/docs/misra/cppcheck.txt
>>> new file mode 100644
>>> index 000000000000..4df0488794aa
>>> --- /dev/null
>>> +++ b/docs/misra/cppcheck.txt
>>> @@ -0,0 +1,66 @@
>>> +Cppcheck for Xen static and MISRA analysis
>>> +==========================================
>>> +
>>> +Xen can be analysed for both static analysis problems and MISRA violation using
>>> +cppcheck, the open source tool allows the creation of a report with all the
>>> +findings. Xen has introduced the support in the Makefile so it's very easy to
>>> +use and in this document we can see how.
>>> +
>>> +First recommendation is to use exactly the same version in this page and provide
>>> +the same option to the build system, so that every Xen developer can reproduce
>>> +the same findings.
>>
>> I am not sure I agree. I think it is good that each developper use their own version (so long it is supported), so they may be able to find issues that may not appear with 2.7.
> 
> Right now the reality is not that great:
> - 2.8 version of cppcheck has bugs and Misra checking is not working

Can you be more specifics for "bugs". Is it Xen specific?

Also, what do you mean by MISRA checking is not working? Is this a 
regression or intentional?

> - older versions of cppcheck are generating wrong html or xml files

That's fine to say we don't support cppcheck < 2.7 (we do that also for 
the compiler).

Cheers,
Julien Grall June 24, 2022, 12:17 p.m. UTC | #5
On 24/06/2022 13:01, Luca Fancellu wrote:
> Hi Julien,

Hi Luca,

> 
>>> +First recommendation is to use exactly the same version in this page and provide
>>> +the same option to the build system, so that every Xen developer can reproduce
>>> +the same findings.
>>
>> I am not sure I agree. I think it is good that each developper use their own version (so long it is supported), so they may be able to find issues that may not appear with 2.7.
> 
> Yes I understand, but as Bertrand says, other version of this tool doesn’t work quite well. 

I have replied to this on Bertrand e-mail.


> I agree that everyone should use their own version, but for the sake of reproducibility
> of the findings, I think we should have a common ground.

I will reply to this below.

> The community can however propose from time to time to bump the version as long as we can say it works (maybe
> crossing the reports between cppcheck, eclair, other proprietary tools).

This would mean we should de-support 2.7 which sounds wrong if it worked 
before.

> 
>>
>>> +
>>> +Install cppcheck in the system
>>
>> NIT: s/in/on/ I think.
> 
> Sure will fix
>>
>>> +==============================
>>> +
>>> +Cppcheck can be retrieved from the github repository or by downloading the
>>> +tarball, the version tested so far is the 2.7:
>>> +
>>> + - https://github.com/danmar/cppcheck/tree/2.7
>>> + - https://github.com/danmar/cppcheck/archive/2.7.tar.gz
>>> +
>>> +To compile and install it, here the complete command line:
>>> +
>>> +make MATCHCOMPILER=yes \
>>> + FILESDIR=/usr/share/cppcheck \
>>> + CFGDIR=/usr/share/cppcheck/cfg \
>>> + HAVE_RULES=yes \
>>> + CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function" \
>>> + install
>>
>> Let me start that I am not convinced that our documentation should explain how to build cppcheck.
>>
>> But if that's desire, then I think you ought to explain why we need to update CXXFLAGS (I would expect cppcheck to build everywhere without specifying additional flags).
> 
> Yes you are right, this is the recommended command line for building as in https://github.com/danmar/cppcheck/blob/main/readme.md section GNU make, I can add the source.

I think we should remove the command line and tell the user to read the 
cppcheck README.md.

> 
> My intention when writing this page was to have a common ground between Xen developers, so that if one day someone came up with a fix for something, we are able to reproduce
> the finding all together.
Well, if someone find a fix you want to check against all versions not 
the one that warns. Otherwise, you can end up in a situation where you 
silence cppcheck 2.10 (just making up a version) but then introduce a 
warning in cppcheck 2.7.

To me this is no different than other software used to build Xen. We 
don't tell the user that they should always build with GCC x.y.z. 
Instead, we provide a minimum version. This has multiple benefits:
  1) The user doesn't need to rebuild the software and can use the one 
provided by the distributions
  2) Different versions find different (most of the time) valid bugs. So 
we are getting towards a better codebase.

Cheers,
Bertrand Marquis June 24, 2022, 12:18 p.m. UTC | #6
Hi Julien,

> On 24 Jun 2022, at 13:08, Julien Grall <julien@xen.org> wrote:
> 
> 
> 
> On 24/06/2022 12:40, Bertrand Marquis wrote:
>> Hi Julien,
> 
> Hi Bertrand,
> 
>>> On 24 Jun 2022, at 12:20, Julien Grall <julien@xen.org> wrote:
>>> 
>>> Hi Luca,
>>> 
>>> On 24/06/2022 11:53, Luca Fancellu wrote:
>>>> Add instructions on how to build cppcheck, the version currently used
>>>> and an example to use the cppcheck integration to run the analysis on
>>>> the Xen codebase
>>>> Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
>>>> ---
>>>> docs/misra/cppcheck.txt | 66 +++++++++++++++++++++++++++++++++++++++++
>>>> 1 file changed, 66 insertions(+)
>>>> create mode 100644 docs/misra/cppcheck.txt
>>>> diff --git a/docs/misra/cppcheck.txt b/docs/misra/cppcheck.txt
>>>> new file mode 100644
>>>> index 000000000000..4df0488794aa
>>>> --- /dev/null
>>>> +++ b/docs/misra/cppcheck.txt
>>>> @@ -0,0 +1,66 @@
>>>> +Cppcheck for Xen static and MISRA analysis
>>>> +==========================================
>>>> +
>>>> +Xen can be analysed for both static analysis problems and MISRA violation using
>>>> +cppcheck, the open source tool allows the creation of a report with all the
>>>> +findings. Xen has introduced the support in the Makefile so it's very easy to
>>>> +use and in this document we can see how.
>>>> +
>>>> +First recommendation is to use exactly the same version in this page and provide
>>>> +the same option to the build system, so that every Xen developer can reproduce
>>>> +the same findings.
>>> 
>>> I am not sure I agree. I think it is good that each developper use their own version (so long it is supported), so they may be able to find issues that may not appear with 2.7.
>> Right now the reality is not that great:
>> - 2.8 version of cppcheck has bugs and Misra checking is not working
> 
> Can you be more specifics for "bugs". Is it Xen specific?

No it is not Xen specific (see [1] for more info)

> 
> Also, what do you mean by MISRA checking is not working? Is this a regression or intentional?

It is a regression.

> 
>> - older versions of cppcheck are generating wrong html or xml files
> 
> That's fine to say we don't support cppcheck < 2.7 (we do that also for the compiler).

Ok

[1] https://sourceforge.net/p/cppcheck/discussion/general/thread/bfc3ab6c41/?limit=25

Cheers
Bertrand
Julien Grall June 24, 2022, 12:22 p.m. UTC | #7
On 24/06/2022 13:18, Bertrand Marquis wrote:
> Hi Julien,

Hi Bertrand,

> 
>> On 24 Jun 2022, at 13:08, Julien Grall <julien@xen.org> wrote:
>>
>>
>>
>> On 24/06/2022 12:40, Bertrand Marquis wrote:
>>> Hi Julien,
>>
>> Hi Bertrand,
>>
>>>> On 24 Jun 2022, at 12:20, Julien Grall <julien@xen.org> wrote:
>>>>
>>>> Hi Luca,
>>>>
>>>> On 24/06/2022 11:53, Luca Fancellu wrote:
>>>>> Add instructions on how to build cppcheck, the version currently used
>>>>> and an example to use the cppcheck integration to run the analysis on
>>>>> the Xen codebase
>>>>> Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
>>>>> ---
>>>>> docs/misra/cppcheck.txt | 66 +++++++++++++++++++++++++++++++++++++++++
>>>>> 1 file changed, 66 insertions(+)
>>>>> create mode 100644 docs/misra/cppcheck.txt
>>>>> diff --git a/docs/misra/cppcheck.txt b/docs/misra/cppcheck.txt
>>>>> new file mode 100644
>>>>> index 000000000000..4df0488794aa
>>>>> --- /dev/null
>>>>> +++ b/docs/misra/cppcheck.txt
>>>>> @@ -0,0 +1,66 @@
>>>>> +Cppcheck for Xen static and MISRA analysis
>>>>> +==========================================
>>>>> +
>>>>> +Xen can be analysed for both static analysis problems and MISRA violation using
>>>>> +cppcheck, the open source tool allows the creation of a report with all the
>>>>> +findings. Xen has introduced the support in the Makefile so it's very easy to
>>>>> +use and in this document we can see how.
>>>>> +
>>>>> +First recommendation is to use exactly the same version in this page and provide
>>>>> +the same option to the build system, so that every Xen developer can reproduce
>>>>> +the same findings.
>>>>
>>>> I am not sure I agree. I think it is good that each developper use their own version (so long it is supported), so they may be able to find issues that may not appear with 2.7.
>>> Right now the reality is not that great:
>>> - 2.8 version of cppcheck has bugs and Misra checking is not working
>>
>> Can you be more specifics for "bugs". Is it Xen specific?
> 
> No it is not Xen specific (see [1] for more info)

Thanks for the information. How about writing something like:

"
The minimum version required for cppcheck is 2.7. Note that at the time 
of writing (June 2022), the version 2.8 is known to be broken [1].
"

[1] 
https://sourceforge.net/p/cppcheck/discussion/general/thread/bfc3ab6c41/?limit=25

Cheers,
Bertrand Marquis June 24, 2022, 12:26 p.m. UTC | #8
Hi,

> On 24 Jun 2022, at 13:22, Julien Grall <julien@xen.org> wrote:
> 
> On 24/06/2022 13:18, Bertrand Marquis wrote:
>> Hi Julien,
> 
> Hi Bertrand,
> 
>>> On 24 Jun 2022, at 13:08, Julien Grall <julien@xen.org> wrote:
>>> 
>>> 
>>> 
>>> On 24/06/2022 12:40, Bertrand Marquis wrote:
>>>> Hi Julien,
>>> 
>>> Hi Bertrand,
>>> 
>>>>> On 24 Jun 2022, at 12:20, Julien Grall <julien@xen.org> wrote:
>>>>> 
>>>>> Hi Luca,
>>>>> 
>>>>> On 24/06/2022 11:53, Luca Fancellu wrote:
>>>>>> Add instructions on how to build cppcheck, the version currently used
>>>>>> and an example to use the cppcheck integration to run the analysis on
>>>>>> the Xen codebase
>>>>>> Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
>>>>>> ---
>>>>>> docs/misra/cppcheck.txt | 66 +++++++++++++++++++++++++++++++++++++++++
>>>>>> 1 file changed, 66 insertions(+)
>>>>>> create mode 100644 docs/misra/cppcheck.txt
>>>>>> diff --git a/docs/misra/cppcheck.txt b/docs/misra/cppcheck.txt
>>>>>> new file mode 100644
>>>>>> index 000000000000..4df0488794aa
>>>>>> --- /dev/null
>>>>>> +++ b/docs/misra/cppcheck.txt
>>>>>> @@ -0,0 +1,66 @@
>>>>>> +Cppcheck for Xen static and MISRA analysis
>>>>>> +==========================================
>>>>>> +
>>>>>> +Xen can be analysed for both static analysis problems and MISRA violation using
>>>>>> +cppcheck, the open source tool allows the creation of a report with all the
>>>>>> +findings. Xen has introduced the support in the Makefile so it's very easy to
>>>>>> +use and in this document we can see how.
>>>>>> +
>>>>>> +First recommendation is to use exactly the same version in this page and provide
>>>>>> +the same option to the build system, so that every Xen developer can reproduce
>>>>>> +the same findings.
>>>>> 
>>>>> I am not sure I agree. I think it is good that each developper use their own version (so long it is supported), so they may be able to find issues that may not appear with 2.7.
>>>> Right now the reality is not that great:
>>>> - 2.8 version of cppcheck has bugs and Misra checking is not working
>>> 
>>> Can you be more specifics for "bugs". Is it Xen specific?
>> No it is not Xen specific (see [1] for more info)
> 
> Thanks for the information. How about writing something like:
> 
> "
> The minimum version required for cppcheck is 2.7. Note that at the time of writing (June 2022), the version 2.8 is known to be broken [1].
> "
> 
> [1] https://sourceforge.net/p/cppcheck/discussion/general/thread/bfc3ab6c41/?limit=25
> 

This up to Luca (as it is his patch) but I am ok with that.

Cheers
Bertrand
Luca Fancellu June 24, 2022, 1:34 p.m. UTC | #9
> On 24 Jun 2022, at 13:17, Julien Grall <julien@xen.org> wrote:
> 
> 
> 
> On 24/06/2022 13:01, Luca Fancellu wrote:
>> Hi Julien,
> 
> Hi Luca,
> 
>>>> +First recommendation is to use exactly the same version in this page and provide
>>>> +the same option to the build system, so that every Xen developer can reproduce
>>>> +the same findings.
>>> 
>>> I am not sure I agree. I think it is good that each developper use their own version (so long it is supported), so they may be able to find issues that may not appear with 2.7.
>> Yes I understand, but as Bertrand says, other version of this tool doesn’t work quite well. 
> 
> I have replied to this on Bertrand e-mail.
> 
> 
>> I agree that everyone should use their own version, but for the sake of reproducibility
>> of the findings, I think we should have a common ground.
> 
> I will reply to this below.
> 
>> The community can however propose from time to time to bump the version as long as we can say it works (maybe
>> crossing the reports between cppcheck, eclair, other proprietary tools).
> 
> This would mean we should de-support 2.7 which sounds wrong if it worked before.

Sure, I guess that as long as we don’t see regressions from version X to X+1 we are fine with versions >= X.

>>> 
>>>> +
>>>> +Install cppcheck in the system
>>> 
>>> NIT: s/in/on/ I think.
>> Sure will fix
>>> 
>>>> +==============================
>>>> +
>>>> +Cppcheck can be retrieved from the github repository or by downloading the
>>>> +tarball, the version tested so far is the 2.7:
>>>> +
>>>> + - https://github.com/danmar/cppcheck/tree/2.7
>>>> + - https://github.com/danmar/cppcheck/archive/2.7.tar.gz
>>>> +
>>>> +To compile and install it, here the complete command line:
>>>> +
>>>> +make MATCHCOMPILER=yes \
>>>> + FILESDIR=/usr/share/cppcheck \
>>>> + CFGDIR=/usr/share/cppcheck/cfg \
>>>> + HAVE_RULES=yes \
>>>> + CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function" \
>>>> + install
>>> 
>>> Let me start that I am not convinced that our documentation should explain how to build cppcheck.
>>> 
>>> But if that's desire, then I think you ought to explain why we need to update CXXFLAGS (I would expect cppcheck to build everywhere without specifying additional flags).
>> Yes you are right, this is the recommended command line for building as in https://github.com/danmar/cppcheck/blob/main/readme.md section GNU make, I can add the source.
> 
> I think we should remove the command line and tell the user to read the cppcheck README.md.

Ok sounds good to me

> 
>> My intention when writing this page was to have a common ground between Xen developers, so that if one day someone came up with a fix for something, we are able to reproduce
>> the finding all together.
> Well, if someone find a fix you want to check against all versions not the one that warns. Otherwise, you can end up in a situation where you silence cppcheck 2.10 (just making up a version) but then introduce a warning in cppcheck 2.7.
> 
> To me this is no different than other software used to build Xen. We don't tell the user that they should always build with GCC x.y.z. Instead, we provide a minimum version. This has multiple benefits:
> 1) The user doesn't need to rebuild the software and can use the one provided by the distributions
> 2) Different versions find different (most of the time) valid bugs. So we are getting towards a better codebase.
> 

Ok I see your point, instead of saying “we use version X.Y, I will say >=X.Y”, your comment on Bertrand’s reply is on this line.

I would keep the section about compiling cppcheck since many recent distro doesn’t provide cppcheck >=2.7 yet (and 2.8 is broken),
If you agree with it.

For this one:
> 
> Thanks for the information. How about writing something like:
> 
> "
> The minimum version required for cppcheck is 2.7. Note that at the time of writing (June 2022), the version 2.8 is known to be broken [1].
> "
> 
> [1] https://sourceforge.net/p/cppcheck/discussion/general/thread/bfc3ab6c41/?limit=25
> 
> 

Sure, I can add it and rephrase that section.

Cheers,
Luca
Julien Grall June 24, 2022, 5:25 p.m. UTC | #10
Hi Luca,

On 24/06/2022 14:34, Luca Fancellu wrote:
>> On 24 Jun 2022, at 13:17, Julien Grall <julien@xen.org> wrote:
> I would keep the section about compiling cppcheck since many recent distro doesn’t provide cppcheck >=2.7 yet (and 2.8 is broken),
> If you agree with it.

It depends on the content of the section. If the content duplicates the 
cppcheck README then no. If this is just to point to the cppcheck 
README, then I am OK with that.

Cheers,
Luca Fancellu June 28, 2022, 3:23 p.m. UTC | #11
> On 24 Jun 2022, at 18:25, Julien Grall <julien@xen.org> wrote:
> 
> Hi Luca,
> 
> On 24/06/2022 14:34, Luca Fancellu wrote:
>>> On 24 Jun 2022, at 13:17, Julien Grall <julien@xen.org> wrote:
>> I would keep the section about compiling cppcheck since many recent distro doesn’t provide cppcheck >=2.7 yet (and 2.8 is broken),
>> If you agree with it.
> 
> It depends on the content of the section. If the content duplicates the cppcheck README then no. If this is just to point to the cppcheck README, then I am OK with that.
> 

Hi Julien,

Sorry for the late reply, this would be my changes, would you agree on them?

Cppcheck for Xen static and MISRA analysis
==========================================

Xen can be analysed for both static analysis problems and MISRA violation using
cppcheck, the open source tool allows the creation of a report with all the
findings. Xen has introduced the support in the Makefile so it's very easy to
use and in this document we can see how.

The minimum version required for cppcheck is 2.7. Note that at the time of
writing (June 2022), the version 2.8 is known to be broken [1].

Install cppcheck on the system
==============================

Cppcheck can be retrieved from the github repository or by downloading the
tarball, the version tested so far is the 2.7:

 - https://github.com/danmar/cppcheck/tree/2.7
 - https://github.com/danmar/cppcheck/archive/2.7.tar.gz

To compile and install it, the complete command line can be found in readme.md,
section "GNU make", please add the "install" target to that line and use every
argument as it is in the documentation of the tool, so that every Xen developer
following this page can reproduce the same findings.

This will compile and install cppcheck in /usr/bin and all the cppcheck config
files and addons will be installed in /usr/share/cppcheck folder, please modify
that path in FILESDIR and CFGDIR if it's not convinient for your system.

If you don't want to overwrite a possible cppcheck binary installed in your
system, you can omit the "install" target, FILESDIR, CFGDIR and cppcheck will be
just compiled and the binaries will be available in the same folder.
If you choose to do that, later in this page it's explained how to use a local
installation of cppcheck for the Xen analysis.

Dependencies are listed in the readme.md of the project repository.

[ leaving Use cppcheck to analyse Xen as it is ]
[…]

[1] https://sourceforge.net/p/cppcheck/discussion/general/thread/bfc3ab6c41/?limit=25


Cheers,
Luca
Julien Grall June 29, 2022, 10:16 a.m. UTC | #12
Hi Luca,

On 28/06/2022 16:23, Luca Fancellu wrote:
>> On 24 Jun 2022, at 18:25, Julien Grall <julien@xen.org> wrote:
>> On 24/06/2022 14:34, Luca Fancellu wrote:
>>>> On 24 Jun 2022, at 13:17, Julien Grall <julien@xen.org> wrote:
> Sorry for the late reply, this would be my changes, would you agree on them?

They LGTM.

Cheers,
Luca Fancellu June 29, 2022, 10:17 a.m. UTC | #13
> On 29 Jun 2022, at 11:16, Julien Grall <julien@xen.org> wrote:
> 
> Hi Luca,
> 
> On 28/06/2022 16:23, Luca Fancellu wrote:
>>> On 24 Jun 2022, at 18:25, Julien Grall <julien@xen.org> wrote:
>>> On 24/06/2022 14:34, Luca Fancellu wrote:
>>>>> On 24 Jun 2022, at 13:17, Julien Grall <julien@xen.org> wrote:
>> Sorry for the late reply, this would be my changes, would you agree on them?
> 
> They LGTM.

Thanks, I will send V2 soon.

> 
> Cheers,
> 
> -- 
> Julien Grall
diff mbox series

Patch

diff --git a/docs/misra/cppcheck.txt b/docs/misra/cppcheck.txt
new file mode 100644
index 000000000000..4df0488794aa
--- /dev/null
+++ b/docs/misra/cppcheck.txt
@@ -0,0 +1,66 @@ 
+Cppcheck for Xen static and MISRA analysis
+==========================================
+
+Xen can be analysed for both static analysis problems and MISRA violation using
+cppcheck, the open source tool allows the creation of a report with all the
+findings. Xen has introduced the support in the Makefile so it's very easy to
+use and in this document we can see how.
+
+First recommendation is to use exactly the same version in this page and provide
+the same option to the build system, so that every Xen developer can reproduce
+the same findings.
+
+Install cppcheck in the system
+==============================
+
+Cppcheck can be retrieved from the github repository or by downloading the
+tarball, the version tested so far is the 2.7:
+
+ - https://github.com/danmar/cppcheck/tree/2.7
+ - https://github.com/danmar/cppcheck/archive/2.7.tar.gz
+
+To compile and install it, here the complete command line:
+
+make MATCHCOMPILER=yes \
+    FILESDIR=/usr/share/cppcheck \
+    CFGDIR=/usr/share/cppcheck/cfg \
+    HAVE_RULES=yes \
+    CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function" \
+    install
+
+This will compile and install cppcheck in /usr/bin and all the cppcheck config
+files and addons will be installed in /usr/share/cppcheck folder, please modify
+that path in FILESDIR and CFGDIR if it's not convinient for your system.
+
+If you don't want to overwrite a possible cppcheck binary installed in your
+system, you can omit the "install" target, FILESDIR, CFGDIR and cppcheck will be
+just compiled and the binaries will be available in the same folder.
+If you choose to do that, later in this page it's explained how to use a local
+installation of cppcheck for the Xen analysis.
+
+Dependencies are listed in the Readme.md of the project repository.
+
+Use cppcheck to analyse Xen
+===========================
+
+Using cppcheck integration is very simple, it requires few steps:
+
+ 1) Compile Xen
+ 2) call the cppcheck make target to generate a report in xml format:
+    make CPPCHECK_MISRA=y cppcheck
+ 3) call the cppcheck-html make target to generate a report in xml and html
+    format:
+    make CPPCHECK_MISRA=y cppcheck-html
+
+    In case the cppcheck binaries are not in the PATH, CPPCHECK and
+    CPPCHECK_HTMLREPORT variables can be overridden with the full path to the
+    binaries:
+
+    make -C xen \
+        CPPCHECK=/path/to/cppcheck \
+        CPPCHECK_HTMLREPORT=/path/to/cppcheck-htmlreport \
+        CPPCHECK_MISRA=y \
+        cppcheck-html
+
+The output is by default in a folder named cppcheck-htmlreport, but the name
+can be changed by passing it in the CPPCHECK_HTMLREPORT_OUTDIR variable.