diff --git a/.github/workflows/CI-unixish.yml b/.github/workflows/CI-unixish.yml index 55a569b39..a35cfbb14 100644 --- a/.github/workflows/CI-unixish.yml +++ b/.github/workflows/CI-unixish.yml @@ -36,8 +36,23 @@ jobs: with: modules: 'qtcharts' + - name: Test CMake build + run: | + mkdir cmake.output + cd cmake.output + cmake -G "Unix Makefiles" -DBUILD_TESTS=On .. + make -j$(nproc) check + cd .. + + - name: Unsigned char + run: | + make clean + make -j$(nproc) CXXFLAGS=-funsigned-char testrunner + ./testrunner TestSymbolDatabase + - name: Build cppcheck run: | + make clean cp externals/z3_version_old.h externals/z3_version.h make -j$(nproc) USE_Z3=yes HAVE_RULES=yes @@ -52,7 +67,7 @@ jobs: - name: Validate run: | make -j$(nproc) validateCFG validatePlatforms - + - name: Build GUI on ubuntu if: matrix.os == 'ubuntu-latest' run: | @@ -60,6 +75,41 @@ jobs: qmake HAVE_QCHART=yes make -j$(nproc) + - name: Run GUI tests on ubuntu + if: matrix.os == 'ubuntu-latest' + run: | + pushd gui/test/projectfile + qmake + make -j$(nproc) + ./test-projectfile + + # Run self check after "Build GUI" to include generated headers in analysis + - name: Self check + if: matrix.os == 'ubuntu-latest' + run: | + # compile with verification and ast matchers + make clean + make -j$(nproc) -s CPPFLAGS="-DCHECK_INTERNAL" CXXFLAGS="-g -O2" MATCHCOMPILER=yes VERIFY=1 + # self check lib/cli + mkdir b1 + ./cppcheck -q -j$(nproc) --template=gcc --cppcheck-build-dir=b1 -D__CPPCHECK__ --error-exitcode=1 --inline-suppr --suppressions-list=.travis_suppressions --library=cppcheck-lib --addon=naming.json -Ilib -Iexternals/simplecpp/ -Iexternals/tinyxml/ -Icli --inconclusive --enable=style,performance,portability,warning,internal --exception-handling cli lib + # check gui with qt settings + mkdir b2 + ./cppcheck -q -j$(nproc) --template=gcc --cppcheck-build-dir=b2 -D__CPPCHECK__ -DQT_VERSION=0x050000 --error-exitcode=1 --inline-suppr --suppressions-list=.travis_suppressions --library=qt --addon=naming.json -Ilib -Iexternals/simplecpp/ -Iexternals/tinyxml/ --enable=style,performance,portability,warning,internal --exception-handling gui/*.cpp + # self check test and tools + ./cppcheck -q -j$(nproc) --template=gcc -D__CPPCHECK__ --error-exitcode=1 --inline-suppr --suppressions-list=.travis_suppressions --library=cppcheck-lib -Ilib -Iexternals/simplecpp/ -Iexternals/tinyxml/ -Icli -Igui --inconclusive --enable=style,performance,portability,warning,internal --exception-handling test/*.cpp tools + + - name: Build triage on ubuntu + if: matrix.os == 'ubuntu-latest' + run: | + pushd tools/triage + qmake + make -j$(nproc) + + - name: Fuzzer + run: | + g++ -fsyntax-only -Ilib oss-fuzz/*.cpp + - uses: actions/upload-artifact@v2 with: name: cppcheck_cli diff --git a/.github/workflows/asan.yml b/.github/workflows/asan.yml new file mode 100644 index 000000000..874bdb49a --- /dev/null +++ b/.github/workflows/asan.yml @@ -0,0 +1,39 @@ +# Syntax reference https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions +# Environment reference https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners +name: address sanitizer + +on: [push, pull_request] + +jobs: + build: + + strategy: + matrix: + os: [ubuntu-latest] + fail-fast: false # not worthwhile... + + runs-on: ${{ matrix.os }} + + steps: + - uses: actions/checkout@v2 + + - name: Install missing software on ubuntu + run: | + sudo apt-get update + sudo apt-get install libxml2-utils + sudo apt-get install z3 libz3-dev + cp externals/z3_version_old.h externals/z3_version.h + + - name: Build + run: | + cp externals/z3_version_old.h externals/z3_version.h + CXXFLAGS="-fsanitize=address -Og -g3" make cppcheck testrunner -j$(nproc) USE_Z3=yes + + - name: Run tests + run: | + ./testrunner + + - name: checkcfg + run: | + make checkcfg + diff --git a/.github/workflows/irc.yml b/.github/workflows/irc.yml index 6a2d5eb50..ab55bc46e 100644 --- a/.github/workflows/irc.yml +++ b/.github/workflows/irc.yml @@ -1,20 +1,11 @@ name: "IRC Push Notification" -on: [push, pull_request, create] +on: [pull_request, create] jobs: test: if: github.repository == 'danmar/cppcheck' runs-on: ubuntu-latest steps: - - name: irc push - uses: rectalogic/notify-irc@v1 - if: github.event_name == 'push' - with: - channel: "#cppcheck" - nickname: cppcheck-github-notifier - message: | - ${{ github.actor }} pushed ${{ github.event.ref }} ${{ github.event.compare }} - ${{ join(github.event.commits.*.message) }} - name: irc pull request uses: rectalogic/notify-irc@v1 if: github.event_name == 'pull_request' diff --git a/.github/workflows/scriptcheck.yml b/.github/workflows/scriptcheck.yml index ab206a71f..47f17faaa 100644 --- a/.github/workflows/scriptcheck.yml +++ b/.github/workflows/scriptcheck.yml @@ -38,3 +38,11 @@ jobs: pylint --rcfile=pylintrc_travis htmlreport/*.py pylint --rcfile=pylintrc_travis tools/*.py + - name: compile addons + run: | + python -m compileall ./addons + python3 -m compileall ./addons + + - name: check .json files + run: | + find . -name '*.json' | xargs -n 1 python3 -m json.tool > /dev/null diff --git a/.github/workflows/ubsan.yml b/.github/workflows/ubsan.yml new file mode 100644 index 000000000..527eb98ea --- /dev/null +++ b/.github/workflows/ubsan.yml @@ -0,0 +1,39 @@ +# Syntax reference https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions +# Environment reference https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners +name: undefined behaviour sanitizers + +on: [push, pull_request] + +jobs: + build: + + strategy: + matrix: + os: [ubuntu-latest] + fail-fast: false # not worthwhile... + + runs-on: ${{ matrix.os }} + + steps: + - uses: actions/checkout@v2 + + - name: Install missing software on ubuntu + run: | + sudo apt-get update + sudo apt-get install libxml2-utils + sudo apt-get install z3 libz3-dev + cp externals/z3_version_old.h externals/z3_version.h + + - name: Build + run: | + cp externals/z3_version_old.h externals/z3_version.h + CXXFLAGS="-fsanitize=undefined -Og -g3" make cppcheck testrunner -j$(nproc) USE_Z3=yes + + - name: Run tests + run: | + ./testrunner + + - name: checkcfg + run: | + make checkcfg + diff --git a/.travis.yml b/.travis.yml index d8eef4755..4ed69dc9a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,7 +20,7 @@ env: before_install: # install needed deps - travis_retry sudo apt-get update -qq - - travis_retry sudo apt-get install -qq python3-pip qt5-default qt5-qmake qtbase5-dev qtcreator qttools5-dev qttools5-dev-tools libxml2-utils libpcre3 gdb unzip wx-common xmlstarlet python3-dev liblua5.3-dev libcurl3 libcairo2-dev libsigc++-2.0-dev tidy libopencv-dev libz3-dev + - travis_retry sudo apt-get install -qq python3-pip libxml2-utils libpcre3 gdb unzip wx-common xmlstarlet python3-dev liblua5.3-dev libcurl3 libcairo2-dev libsigc++-2.0-dev tidy libopencv-dev libz3-dev # Python 2 modules - travis_retry python2 -m pip install --user pytest==4.6.4 - travis_retry python2 -m pip install --user pylint @@ -44,36 +44,8 @@ matrix: allow_failures: - name: "rerun dmake?" compiler: clang - - name: "make ubuntu 14.04 trusty" # defined extra jobs that run besides what is configured in the build matrix include: -# -fsanitize=undefined - - name: "undefined behaviour sanitizers" - compiler: gcc - script: - - CXXFLAGS="-fsanitize=undefined -fno-sanitize-recover=all -Og -g3" make cppcheck check checkcfg -j 2 -s -# -fsanitize=address - - name: "address sanitizers" - compiler: gcc - script: - - CXXFLAGS="-fsanitize=address -Og -g3" make cppcheck check checkcfg -j 2 -s - -# bug hunting - - name: "bug hunting" - compiler: gcc - script: - - make clean - - make USE_Z3=yes -j2 all - - ./testrunner TestExprEngine - - python3 test/bug-hunting/cve.py - - git clone https://github.com/regehr/itc-benchmarks.git ~/itc - - python3 test/bug-hunting/itc.py - - mkdir ~/juliet - - curl https://samate.nist.gov/SARD/testsuites/juliet/Juliet_Test_Suite_v1.3_for_C_Cpp.zip -o ~/juliet/juliet.zip - - cd ~/juliet - - unzip -qq ~/juliet/juliet.zip - - cd - - - python3 test/bug-hunting/juliet.py # check a lot of stuff that only needs to be checked in a single configuration - name: "misc" @@ -117,9 +89,6 @@ matrix: # check --dump - ${CPPCHECK} test/testpreprocessor.cpp --dump - xmllint --noout test/testpreprocessor.cpp.dump -# check python syntax by compiling all addon scripts - - python -m compileall ./addons - - python3 -m compileall ./addons # run pylint -- FIXME these are temporarily commented out because there is a syntax error in pylint # - pylint --rcfile=pylintrc_travis addons/*.py # - pylint --rcfile=pylintrc_travis htmlreport/cppcheck-htmlreport @@ -171,20 +140,23 @@ matrix: - ${CPPCHECK} --dump namingng_test.c - python3 ../namingng.py --configfile ../naming.json --verify namingng_test.c.dump - cd ../.. -# try CMake - - mkdir cmake.output - - cd cmake.output - - cmake -G "Unix Makefiles" -DBUILD_TESTS=On .. - - make -s -j2 check - - cd .. -# -funsigned-char + +# bug hunting + - name: "bug hunting" + compiler: gcc + script: - make clean - - make -s -j2 CXXFLAGS=-funsigned-char testrunner - - ./testrunner TestSymbolDatabase -# check .json files - - find . -name '*.json' | xargs -n 1 python3 -m json.tool > /dev/null -# build fuzz client - - make -s -j2 CXXFLAGS="-fsanitize=address" -C oss-fuzz fuzz-client + - make USE_Z3=yes -j2 all + - ./testrunner TestExprEngine + - python3 test/bug-hunting/cve.py + - git clone https://github.com/regehr/itc-benchmarks.git ~/itc + - python3 test/bug-hunting/itc.py + - mkdir ~/juliet + - curl https://samate.nist.gov/SARD/testsuites/juliet/Juliet_Test_Suite_v1.3_for_C_Cpp.zip -o ~/juliet/juliet.zip + - cd ~/juliet + - unzip -qq ~/juliet/juliet.zip + - cd - + - python3 test/bug-hunting/juliet.py # check if dmake needs to be rerun (this job may fail) - name: "rerun dmake?" @@ -208,15 +180,6 @@ matrix: - CXX=g++ CXXFLAGS="${ORIGINAL_CXXFLAGS}" make cppcheck check -j 2 -s - make clean - CXX=clang++ CXXFLAGS="${ORIGINAL_CXXFLAGS}" make cppcheck check -j 2 -s -# check if cppcheck builds on osx - - name: "make osx" - os: osx - before_install: - - true - script: - - CXX=g++ CXXFLAGS="${ORIGINAL_CXXFLAGS}" make cppcheck check -j 2 -s - - make clean - - CXX=clang++ CXXFLAGS="${ORIGINAL_CXXFLAGS}" make cppcheck check -j 2 -s script: # fail the entire job as soon as one of the subcommands exits non-zero to save time and resources @@ -233,40 +196,6 @@ script: # compile cppcheck, default build - echo $CXXFLAGS - make -s check -j2 -# compile gui - - cd gui - - qmake - - echo $CXXFLAGS - - make -s -j2 -# building gui generates some more files that cppcheck can check, so check the repo *after* building gui - - cd ../ -# self check lib/cli - - mkdir b1 - - ${CPPCHECK} -q -j2 --template=gcc --cppcheck-build-dir=b1 -D__CPPCHECK__ --error-exitcode=1 --inline-suppr --suppressions-list=.travis_suppressions --library=cppcheck-lib --addon=naming.json -Ilib -Iexternals/simplecpp/ -Iexternals/tinyxml/ -Icli --inconclusive --enable=style,performance,portability,warning,internal --exception-handling cli lib -# check gui with qt settings - - mkdir b2 - - ${CPPCHECK} -q -j2 --template=gcc --cppcheck-build-dir=b2 -D__CPPCHECK__ -DQT_VERSION=0x050000 --error-exitcode=1 --inline-suppr --suppressions-list=.travis_suppressions --library=qt --addon=naming.json -Ilib -Iexternals/simplecpp/ -Iexternals/tinyxml/ --enable=style,performance,portability,warning,internal --exception-handling gui/*.cpp -# self check test and tools - - ${CPPCHECK} -q -j2 --template=gcc -D__CPPCHECK__ --error-exitcode=1 --inline-suppr --suppressions-list=.travis_suppressions --library=cppcheck-lib -Ilib -Iexternals/simplecpp/ -Iexternals/tinyxml/ -Icli --inconclusive --enable=style,performance,portability,warning,internal --exception-handling test/*.cpp tools -# Build gui - - cd ./gui -# clean rebuild - - git clean -dfx . -# can't set this as env flags, so try again with HAVE_RULES=yes - - qmake HAVE_RULES=yes - - echo $CXXFLAGS - - make -s -j2 - - cd ../ -# Build gui/test - - cd gui/test/projectfile - - qmake && make -s -j2 && ./test-projectfile - - cd - -# Build triage - - cd ./tools/triage - - git clean -dfx . - - qmake - - make -s -j2 - - cd ../../ # Testing cli - cp -R . ../cppcheck\ 2 - cd ../cppcheck\ 2/test/cli # path with space