Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce Infer static analyzer to the CI pipeline #379

Closed
wants to merge 3 commits into from
Closed

Introduce Infer static analyzer to the CI pipeline #379

wants to merge 3 commits into from

Conversation

henrybear327
Copy link
Collaborator

@henrybear327 henrybear327 commented Mar 11, 2024
edited

The Infer Docker Image in use is hosted on Docker Hub, which was built and pushed to sysprog21 by us since Infer's latest upstream release is very outdated at the time of writing.

The docker image size is around 470 MB, after numerous attempts to reduce its size from 3GB.

This PR also fixes issues reported by Infer. (The value written to &target_reg is never used.)

@henrybear327
Introduce infer as a static analyzer
49807c9 
The infer image in use is hosted on DockerHub, which is built and pushed
to sysprog21 by us since Infer's upstream image is very outdated at the 
time of writing.

The infer image size is around 470 MB.
@henrybear327
Fix dead store reported by Infer
0b3c480 
Fix the issue "Dead Store. The value written to `&target_reg` is never
used."
@henrybear327 henrybear327 requested a review from jserv March 11, 2024 07:40
@henrybear327 henrybear327 self-assigned this Mar 11, 2024
jserv
jserv requested changes Mar 11, 2024
View reviewed changes
Copy link
Contributor

@jserv jserv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Skip Arm64 based host during static analysis.

@henrybear327
Copy link
Collaborator Author

Skip Arm64 based host during static analysis.

I am unaware that the Arm64-based host will be run during the static analysis phase, as I didn't specify arch: aarch64. Or maybe I am mistaken?

@jserv
Copy link
Contributor

jserv commented Mar 11, 2024

The docker image size is around 470 MB, after numerous attempts to reduce its size from 3GB.

Can you rebuild Infer static analysis tool with -Os set? And then, strip the ELF files accordingly.

@henrybear327 henrybear327 changed the title Introduce Infer static analyzer to the CI pipeline draft: Introduce Infer static analyzer to the CI pipeline Mar 11, 2024
@henrybear327 henrybear327 marked this pull request as draft March 11, 2024 08:10
@henrybear327 henrybear327 changed the title draft: Introduce Infer static analyzer to the CI pipeline Introduce Infer static analyzer to the CI pipeline Mar 11, 2024
@henrybear327
Copy link
Collaborator Author

The docker image size is around 470 MB, after numerous attempts to reduce its size from 3GB.

Can you rebuild Infer static analysis tool with -Os set? And then, strip the ELF files accordingly.

I can give this a try, but I have no guarantee on this.

@jserv
Copy link
Contributor

jserv commented Mar 11, 2024

If Clang scan-build already makes sense to CI, do we need Infer? Can you show the considerations?

@jserv
Copy link
Contributor

jserv commented Mar 11, 2024

The build-infer.sh invokes autogen.sh, which generates GNU Automake style scripts. At the moment, only C and Python are required for static analysis.

Reference: The Growth of the OCaml Distribution

@henrybear327
Copy link
Collaborator Author

The build-infer.sh invokes autogen.sh, which generates GNU Automake style scripts. At the moment, only C and Python are required for static analysis.

Reference: The Growth of the OCaml Distribution

The previous Docker Image contained only C and Python analysis capability, but now with the release build, Java is also included.

Based on prior experience, Java can be excluded by passing in parameters, but some changes to create_binary_release.sh will be required as I am now using create_binary_release.sh to build a standalone binary instead of invoking build-infer.sh directly like before.

jserv
jserv reviewed Mar 12, 2024
View reviewed changes
.github/workflows/main.yml
shell: bash
- name: run scan-build without JIT
run: make clean && make distclean && scan-build -v -o ~/scan-build --status-bugs --use-cc=clang --force-analyze-debug-code --show-description -analyzer-config stable-report-filename=true -enable-checker valist,nullability make ENABLE_EXT_F=0 ENABLE_SDL=0 ENABLE_JIT=0
- name: run scan-build with JIT
run: make clean && make distclean && scan-build -v -o ~/scan-build --status-bugs --use-cc=clang --force-analyze-debug-code --show-description -analyzer-config stable-report-filename=true -enable-checker valist,nullability make ENABLE_EXT_F=0 ENABLE_SDL=0 ENABLE_JIT=1

static-analysis-infer:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't create a new entry. Use the existing one instead.

@henrybear327
Copy link
Collaborator Author

The infer image pipeline broke recently (node11 now has strict internet bandwidth restrictions), and the effort to maintain an image is a bit cumbersome. Thus, closing this PR for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jserv jserv jserv requested changes

Assignees

@henrybear327 henrybear327

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@henrybear327 @jserv