This commit brings a convenient way to run clang static analyzer on a
project with 'analyze-build' llvm utility.
Signed-off-by: Alex Fabre <alex.fabre@rtone.fr>
Add coverity integration as a SCA variant. This is targetting the
service provided by blackduck to open-source projects available on
scan.coverity.com.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add the cmake files for running static code analysis with the Polyspace
tools in the west build. The analysis leverages the compilation database.
Options for the analysis are documented in doc/develop/sca/polyspace.rst.
Analysis results are printed as command line output and provided as CSV.
Manually tested on v4.0.0 with various sample applications.
Signed-off-by: Martin Becker <mbecker@mathworks.com>
Utilize a code spell-checking tool to scan for and correct spelling errors
in all files within the doc/develop directory.
Signed-off-by: Pisit Sawangvonganan <pisit@ndrsolution.com>
Enable GCC builtin static analysis in Zephyr's static code analysis
(SCA) infra.
When this option is enabled GCC performs a static analysis and
can point problems like:
sample.c
+ int *j;
+
+ if (j != NULL) {
+ printf("j != NULL\n");
output:
${ZEPHYR_BASE}/samples/userspace/hello_world_user/src/main.c:30:12:
warning: use of uninitialized value 'j' [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]
30 | if (j != NULL) {
| ^
'main': events 1-2
|
| 25 | int *j;
| | ^
| | |
| | (1) region created on stack here
|......
| 30 | if (j != NULL) {
| | ~
| | |
| | (2) use of uninitialized value 'j' here
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit documents the new SCA tool infrastructure.
The existing documentation for sparse are relocated into a dedicated
documentation folder for SCA tools.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
