测试代码

先写个简单的代码

main.c

#include
#include
#include
int main(int argc, char *argv[])
{
char *tmp = (char *)malloc(argc);
if(tmp)
{
strncpy(tmp, argv[0], argc);
printf("%s", tmp);
if(argc > 2)
{
free(tmp);
}
}
printf("hello world!n");
return 0;
}
使用clang-tidy分析一下

apt install -y clang-tidy

clang-tidy main.c

Error while trying to load a compilation database:
Could not auto-detect compilation database for file "main.c"
No compilation database found in /work/analyzer or any parent directory
fixed-compilation-database: Error while opening fixed database: No such file or directory
json-compilation-database: Error while opening JSON database: No such file or directory
Running without flags.
2 warnings generated.
/work/analyzer/main.c:12:3: warning: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
strncpy(tmp, argv[0], argc);
^~~~~~~
/work/analyzer/main.c:12:3: note: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11
strncpy(tmp, argv[0], argc);
^~~~~~~
/work/analyzer/main.c:21:2: warning: Potential leak of memory pointed to by 'tmp' [clang-analyzer-unix.Malloc]
printf("hello world!n");
^
/work/analyzer/main.c:8:22: note: Memory is allocated
char *tmp = (char *)malloc(argc);
^~~~~~~~~~~~
/work/analyzer/main.c:10:5: note: Assuming 'tmp' is non-null
if(tmp)
^~~
/work/analyzer/main.c:10:2: note: Taking true branch
if(tmp)
^
/work/analyzer/main.c:15:6: note: Assuming 'argc' is <= 2
if(argc > 2)
^~~~~~~~
/work/analyzer/main.c:15:3: note: Taking false branch
if(argc > 2)
^
/work/analyzer/main.c:21:2: note: Potential leak of memory pointed to by 'tmp'
printf("hello world!n");
^
compile_commands.json

还是有点用的，但我们RT-Thread项目中代码那么多，一个一个输入太麻烦了。

而且我们代码多是arm和gcc的，而开发机多是x86，clang默认参数也分析不了。

刚才分析结果第1行就有提示，没有找到compilation database，其实scons就可以生成

需要比较新的版本

python3 -m pip install scons
python3 -m SCons -v
SCons by Steven Knight et al.:
SCons: v4.0.1.c289977f8b34786ab6c334311e232886da7e8df1, 2020-07-17 01:50:03, by bdbaddog on ProDog2020
SCons path: ['/usr/lib/python3/dist-packages/SCons']
Copyright (c) 2001 - 2020 The SCons Foundation
然后更新下Scons脚本，让生成compile_commands.json

git diff SConstruct

+env.Tool('compilation_db')
+env.CompilationDatabase()

make a building

DoBuilding(TARGET, objs)
run-clang-tidy
然后使用 run-clang-tidy 就可以自动分析所有的源代码了。

输出html

生成的结果是文本，查看起来还是比较费力的，目前有个简单的转换为html格式，

虽然也比较简陋，但比文本还是方便多了。

run-clang-tidy > clang_tidy_analyzer.txt
pip3 install clang-html
clang-tidy-html clang_tidy_analyzer.txt