scripts/test/scan-build.sh

   1 #!/bin/sh
   2 # Copyright 2014 The Tor Project, Inc
   3 # See LICENSE for licensing information
   4 #
   5 # This script is used for running a bunch of clang scan-build checkers
   6 # on Tor.
   7
   8 # These don't seem to cause false positives in our code, so let's turn
   9 # them on.
  10 CHECKERS="\
  11     -enable-checker alpha.core.CallAndMessageUnInitRefArg \
  12     -enable-checker alpha.core.CastToStruct \
  13     -enable-checker alpha.core.Conversion \
  14     -enable-checker alpha.core.FixedAddr \
  15     -enable-checker alpha.core.IdenticalExpr \
  16     -enable-checker alpha.core.PointerArithm \
  17     -enable-checker alpha.core.SizeofPtr \
  18     -enable-checker alpha.core.TestAfterDivZero \
  19     -enable-checker alpha.security.MallocOverflow \
  20     -enable-checker alpha.security.ReturnPtrRange \
  21     -enable-checker alpha.unix.BlockInCriticalSection \
  22     -enable-checker alpha.unix.Chroot \
  23     -enable-checker alpha.unix.PthreadLock \
  24     -enable-checker alpha.unix.PthreadLock \
  25     -enable-checker alpha.unix.SimpleStream \
  26     -enable-checker alpha.unix.Stream \
  27     -enable-checker alpha.unix.cstring.BufferOverlap \
  28     -enable-checker alpha.unix.cstring.NotNullTerminated \
  29     -enable-checker valist.CopyToSelf \
  30     -enable-checker valist.Uninitialized \
  31     -enable-checker valist.Unterminated \
  32     -enable-checker security.FloatLoopCounter \
  33     -enable-checker security.insecureAPI.strcpy \
  34 "
  35
  36 # shellcheck disable=SC2034
  37 # These have high false-positive rates.
  38 EXTRA_CHECKERS="\
  39     -enable-checker alpha.security.ArrayBoundV2 \
  40     -enable-checker alpha.unix.cstring.OutOfBounds \
  41     -enable-checker alpha.core.CastSize \
  42 "
  43
  44 # shellcheck disable=SC2034
  45 # These don't seem to generate anything useful
  46 NOISY_CHECKERS="\
  47     -enable-checker alpha.clone.CloneChecker \
  48     -enable-checker alpha.deadcode.UnreachableCode \
  49 "
  50
  51 if test "x$SCAN_BUILD_OUTPUT" != "x"; then
  52    OUTPUTARG="-o $SCAN_BUILD_OUTPUT"
  53 else
  54    OUTPUTARG=""
  55 fi
  56
  57 # shellcheck disable=SC2086
  58 scan-build \
  59     $CHECKERS \
  60     ./configure
  61
  62 scan-build \
  63     make clean
  64
  65 # Make this not get scanned for dead assignments, since it has lots of
  66 # dead assignments we don't care about.
  67 # shellcheck disable=SC2086
  68 scan-build \
  69     $CHECKERS \
  70     -disable-checker deadcode.DeadStores \
  71     make -j5 -k ./src/ext/ed25519/ref10/libed25519_ref10.a
  72
  73 # shellcheck disable=SC2086
  74 scan-build \
  75     $CHECKERS $OUTPUTARG \
  76     make -j5 -k
  77
  78 CHECKERS="\
  79 "
  80
  81 # This one gives a false positive on every strcmp.
  82 #    -enable-checker alpha.core.PointerSub
  83
  84 # Needs work
  85 #    -enable-checker alpha.unix.MallocWithAnnotations