在RT-Thread的scons基础上，使用clang-tidy做静态分析 5.00

发布于 2022-09-20 00:16:09 浏览：2008 订阅该版

[tocm]

## 参考文档

- https://clang.llvm.org/extra/clang-tidy/

### 测试代码

先写个简单的代码
main.c
```c
#include<stdio.h>
#include<string.h>
#include<stdlib.h>

int main(int argc, char *argv[])
{
        char *tmp = (char *)malloc(argc);

if(tmp)
        {
                strncpy(tmp, argv[0], argc);
                printf("%s", tmp);

if(argc > 2)
                {
                        free(tmp);
                }
        }

printf("hello world!\n");

return 0;
}
```

使用clang-tidy分析一下

```
# apt install -y clang-tidy

# clang-tidy main.c 
Error while trying to load a compilation database:
Could not auto-detect compilation database for file "main.c"
No compilation database found in /work/analyzer or any parent directory
fixed-compilation-database: Error while opening fixed database: No such file or directory
json-compilation-database: Error while opening JSON database: No such file or directory
Running without flags.
2 warnings generated.
/work/analyzer/main.c:12:3: warning: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
                strncpy(tmp, argv[0], argc);
                ^~~~~~~
/work/analyzer/main.c:12:3: note: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11
                strncpy(tmp, argv[0], argc);
                ^~~~~~~
/work/analyzer/main.c:21:2: warning: Potential leak of memory pointed to by 'tmp' [clang-analyzer-unix.Malloc]
        printf("hello world!\n");
        ^
/work/analyzer/main.c:8:22: note: Memory is allocated
        char *tmp = (char *)malloc(argc);
                            ^~~~~~~~~~~~
/work/analyzer/main.c:10:5: note: Assuming 'tmp' is non-null
        if(tmp)
           ^~~
/work/analyzer/main.c:10:2: note: Taking true branch
        if(tmp)
        ^
/work/analyzer/main.c:15:6: note: Assuming 'argc' is <= 2
                if(argc > 2)
                   ^~~~~~~~
/work/analyzer/main.c:15:3: note: Taking false branch
                if(argc > 2)
                ^
/work/analyzer/main.c:21:2: note: Potential leak of memory pointed to by 'tmp'
        printf("hello world!\n");
        ^
```

## compile_commands.json
还是有点用的，但我们RT-Thread项目中代码那么多，一个一个输入太麻烦了。
而且我们代码多是arm和gcc的，而开发机多是x86，clang默认参数也分析不了。

刚才分析结果第1行就有提示，没有找到`compilation database`，其实scons就可以生成

需要比较新的版本
```
python3 -m pip install scons
python3 -m SCons -v
SCons by Steven Knight et al.:
        SCons: v4.0.1.c289977f8b34786ab6c334311e232886da7e8df1, 2020-07-17 01:50:03, by bdbaddog on ProDog2020
        SCons path: ['/usr/lib/python3/dist-packages/SCons']
Copyright (c) 2001 - 2020 The SCons Foundation
```

然后更新下Scons脚本，让生成compile_commands.json
```
# git diff SConstruct 
 
+env.Tool('compilation_db')
+env.CompilationDatabase()
# make a building
DoBuilding(TARGET, objs)
```

## run-clang-tidy
然后使用 run-clang-tidy 就可以自动分析所有的源代码了。

## 输出html
生成的结果是文本，查看起来还是比较费力的，目前有个简单的转换为html格式，
虽然也比较简陋，但比文本还是方便多了。
```
run-clang-tidy > clang_tidy_analyzer.txt
pip3 install clang-html
clang-tidy-html clang_tidy_analyzer.txt
```