mchack-work
commented
8 months ago I agree more analysis tools would be good.
splint is already added to check at least firmware code. See the "check"
target in hw/application_fpga/Makefile which also calls clang-tidy
with at least the cert-* checks.
splint currently gives us a lot of warnings, mostly because we haven't added all the formal comments that splint wants us to insert in our code, but there may be nuggets here. We pass clang-tidy's check.
However, splint, as you know, seems dead as a project and clang-tidy gives us much more.
The make check isn't in CI, so yes, very good idea to add it, but
perhaps either delete splint or carefully go through its output.
SonarQube's cloud offering seems to be available free for FLOSS projects. We probably qualify and should definitely look into it.
scan-build is new to me. I have to look into it.
dehanj
There are a few interesting linters, STAs that we could add to the CI flow to improve checks:
Flawfinder https://dwheeler.com/flawfinder/
splint https://splint.org/
scan-build - exists as action in github https://clang-analyzer.llvm.org/scan-build.html
Some more advanced analysis tools are semgrep: https://github.com/0xdea/semgrep-rules
Libfuzzer: https://github.com/google/fuzzing/blob/master/tutorial/libFuzzerTutorial.md
We should also use gcc as secondary compiler, parser with flags such as: -g -Og -fasynchronous-unwind-tables -fexceptions -fno-omit-frame-pointer -Wall -Wextra -pedantic -Werror -Wformat=2 -Wconversion -Wdouble-promotion -Wshadow -Wundef -fanalyzer -Wcast-qual -Wcast-align -Wredundant-decls -Winline -Wdisabled-optimization -Wnested-externs -fstrict-aliasing -fsanitize=address,undefined