> No trouble at all, and I'll certainly have a look at the script, so
> please send it my way. Thanks!
Some notes first:: sparse and smatch are probably the most useful for
kernel builds. spatch (=coccinelle) is nice, too, but needs quite a bit
more time for checking. cppcheck occasionally finds something that the
others don't, flawfinder not really. There are some false positives,
too, so you need to get a bit used to read the output. So, here you go:
=== ninja-check
#!/bin/sh -u
# wrapper to call various static checkers for kernel builds.
# Use: make C=1 CHECK='ninja-check' ...
# done by Wolfram Sang in 2012-14, version 20140514 - WTFPLv2
check_for()
{
command -v $1 > /dev/null
ret=$?
[ $ret -eq 0 ] && echo " $1" | tr a-z A-Z
return $ret
}
# Get filename (last argument)
eval file_to_check=\${$#}
check_for sparse && sparse -Wsparse-all "$@"
check_for smatch && smatch --two-passes --project=kernel "$@" 1>&2
# Don't provide include-dirs since number of code paths increases drastically (#defines!) and '-f' checks all of them. Just suppress the warning.
check_for cppcheck && cppcheck -f -q --platform=unix64 --template=gcc --enable=all --language=c --suppress=missingInclude --suppress=clarifyCalculation --suppress=unmatchedSuppression --suppress=variableScope "$file_to_check"
check_for spatch && MODE=report scripts/coccicheck "$file_to_check" 1>&2
check_for flawfinder && flawfinder --minlevel=0 --quiet --dataonly --singleline "$file_to_check" 1>&2
# RATS mainly checks for dangerous functions. Not so useful for kernel analysis. flawfinder does string checking, too.
#check_for rats && rats --resultsonly -w 3 "$file_to_check" 1>&2
Attachment:
signature.asc
Description: PGP signature
