mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-09 15:45:08 +00:00
120681c1a3
Several static analyzers (clang's one, Facebook Infer, etc.) warn about NULL pointer dereferences after a call to CU_ASSERT_PTR_NOT_NULL_FATAL() in the test code written using CUnit framework. This is because this CUnit macro is too complex for them to understand that the pointer cannot be NULL: it is translated to a call to CU_assertImplementation() with an argument as TRUE in order to mean that the call is fatal if the asserted condition failed (cf. http://cunit.sourceforge.net/doxdocs/group__Framework.html). A possible solution could consist in replacing the CU_ASSERT_..._FATAL() calls by assert() ones, as most static analyzers know about assert(). Nevertheless this seems to go against CUnit's API. An alternative solution consists in overriding CU_ASSERT_..._FATAL() macros in order to expand to assert() after a call to the matching CU_ASSERT_...() non-fatal macro. This appears to work fine and to remove many false-positive warnings from various static analyzers. As this substitution should only occur when using static analyzer, put it under #ifdef __CHECKER__, which is the macro used by sparse when analyzing the Linux kernel. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
38 lines
1.5 KiB
Bash
Executable File
38 lines
1.5 KiB
Bash
Executable File
#!/bin/sh
|
|
# Run clang's static analyzer (scan-build) and record its output in output-scan-build/
|
|
|
|
# Ensure the current directory is where this script is
|
|
cd "$(dirname -- "$0")" || exit $?
|
|
|
|
OUTPUTDIR="$(pwd)/output-scan-build"
|
|
|
|
# Display the commands which are run, and make sure they succeed
|
|
set -x -e
|
|
|
|
# Use a temporary directory as an installation directory, if $DESTDIR is not set
|
|
if [ -z "$DESTDIR" ] ; then
|
|
DESTDIR="$(mktemp --tmpdir -d scan-build-destdir-XXXXXXXXXX)"
|
|
fi
|
|
|
|
# Make sure to use the newly-installed libraries when running tests
|
|
export LD_LIBRARY_PATH="$DESTDIR/usr/lib:$DESTDIR/lib"
|
|
export PATH="$DESTDIR/usr/sbin:$DESTDIR/usr/bin:$DESTDIR/sbin:$DESTDIR/bin:$PATH"
|
|
export PYTHONPATH="$DESTDIR$(${PYTHON:-python3} -c "from distutils.sysconfig import *;print(get_python_lib(prefix='/usr'))")"
|
|
export RUBYLIB="$DESTDIR/$(${RUBY:-ruby} -e 'puts RbConfig::CONFIG["vendorlibdir"]'):$DESTDIR/$(${RUBY:-ruby} -e 'puts RbConfig::CONFIG["vendorarchdir"]')"
|
|
|
|
# Build and analyze
|
|
make -C .. CC=clang clean distclean -j"$(nproc)"
|
|
scan-build -analyze-headers -o "$OUTPUTDIR" make -C .. \
|
|
CC=clang \
|
|
DESTDIR="$DESTDIR" \
|
|
CFLAGS="-O2 -Wall -D__CHECKER__ -I$DESTDIR/usr/include" \
|
|
install install-pywrap install-rubywrap all test
|
|
|
|
# Reduce the verbosity in order to keep the message from scan-build saying
|
|
# "scan-build: Run 'scan-view /.../output-scan-build/2018-...' to examine bug reports.
|
|
set +x
|
|
|
|
# Remove the destination directory without using "rm -rf"
|
|
chmod u+w "$DESTDIR/usr/bin/newrole"
|
|
rm -r "$DESTDIR"
|