Static code analysis

The Clang static analyzer tool can analyze source code in C and C++ projects to find bugs at compile time:

Clang static analyzer

https://clang-analyzer.llvm.org

With this tool enabled, Genode users can check and ensure the quality of Genode components. It can be invoked during make invocations and during the creation of packages.

For the invocation of make within a Genode build directory, the STATIC_ANALYZE variable on the command line prompts the static analyzer to run next to the actual build step.

 STATIC_ANALYZE=1 make -C build/x86_64 KERNEL=... run/...

For analyzing packages, the wrapper tool tool/depot/static_analyze becomes handy. It can be combined with the tool/depot/* tools to take effect:

 tool/depot/static_analyze tool/depot/create <user>/pkg/...

The results of the static-analyzer tool are generated in the form of HTML pages and can be inspected afterwards. The following example output showcases a run of the static analyzer tool:

 make: Entering directory '../genode/build/x86_64'
 checking library dependencies...
 scan-build: Using '/usr/lib/llvm-6.0/bin/clang' for static analysis
 ...

 LINK     init
 scan-build: 0 bugs found.
 scan-build: The analyzer encountered problems on some source files.
 scan-build: Preprocessed versions of these sources were deposited in
             '/tmp/scan-build-2018-11-28-111203-20081-1/failures'.

This feature is known to work well with Clang 6.0 on Ubuntu 16.04. The steps to provide the required tools on Linux are like follows.

 sudo apt install clang-tools-6.0
 cd $HOME/bin
 ln -s $(which scan-build-6.0) scan-build