summaryrefslogtreecommitdiffstats
path: root/scripts/clang-tools (follow)
Commit message (Collapse)AuthorAgeFilesLines
* scripts/clang-tools: remove unused moduleyangxingwu2022-09-231-1/+0
| | | | | | | | Remove unused imported 'os' module. Signed-off-by: yangxingwu <xingwu.yang@gmail.com> Reviewed-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
* scripts/clang-tools: Remove DeprecatedOrUnsafeBufferHandling checkGuru Das Srinagesh2022-08-201-0/+1
| | | | | | | | | | | | | | | | This `clang-analyzer` check flags the use of memset(), suggesting a more secure version of the API, such as memset_s(), which does not exist in the kernel: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] Signed-off-by: Guru Das Srinagesh <quic_gurus@quicinc.com> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
* gen_compile_commands: handle multiple lines per .mod fileJohn Hubbard2022-06-291-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | scripts/clang-tools/gen_compile_commands.py incorrectly assumes that each .mod file only contains one line. That assumption was correct when the script was originally created, but commit 9413e7640564 ("kbuild: split the second line of *.mod into *.usyms") changed the .mod file format so that there is one entry per line, and potentially many lines. The problem can be reproduced by using Kbuild to generate compile_commands.json, like this: make CC=clang compile_commands.json In many cases, the problem might be overlooked because many subsystems only have one line anyway. However, in some subsystems (Nouveau, with 762 entries, is a notable example) it results in skipping most of the subsystem. Fix this by fully processing each .mod file. Fixes: 9413e7640564 ("kbuild: split the second line of *.mod into *.usyms") Signed-off-by: John Hubbard <jhubbard@nvidia.com> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
* gen_compile_commands: fix missing 'sys' packageKortan2021-09-191-0/+1
| | | | | | | | | | We need to import the 'sys' package since the script has called sys.exit() method. Fixes: 6ad7cbc01527 ("Makefile: Add clang-tidy and static analyzer support to makefile") Signed-off-by: Kortan <kortanzh@gmail.com> Reviewed-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
* gen_compile_commands: extract compiler command from a series of commandsMasahiro Yamada2021-09-031-1/+1
| | | | | | | | | | | | | | | | | | | | | The current gen_compile_commands.py assumes that objects are always built by a single command. It makes sense to support cases where objects are built by a series of commands: cmd_<object> := <command1> ; <command2> One use-case is that <command1> is a compiler command, and <command2> an objtool command. It allows *.cmd files to contain an objtool command so that any change in it triggers object rebuilds. If ; appears after the C source file, take the first command. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org>
* gen_compile_commands: prune some directoriesMasahiro Yamada2021-02-161-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If directories are passed to gen_compile_commands.py, os.walk() traverses all the subdirectories to search for .cmd files, but we know some of them are not worth traversing. Use the 'topdown' parameter of os.walk to prune them. Documentation about the 'topdown' option of os.walk: When topdown is True, the caller can modify the dirnames list in-place (perhaps using del or slice assignment), and walk() will only recurse into the subdirectories whose names remain in dirnames; this can be used to prune the search, impose a specific order of visiting, or even to inform walk() about directories the caller creates or renames before it resumes walk() again. Modifying dirnames when topdown is False has no effect on the behavior of the walk, because in bottom-up mode the directories in dirnames are generated before dirpath itself is generated. This commit prunes four directories, .git, Documentation, include, and tools. The first three do not contain any C files, so skipping them makes this script work slightly faster. My main motivation is the last one, tools/ directory. Commit 6ca4c6d25949 ("gen_compile_commands: do not support .cmd files under tools/ directory") stopped supporting the tools/ directory. The current code no longer picks up .cmd files from the tools/ directory. If you run: ./scripts/clang-tools/gen_compile_commands.py --log_level=INFO then, you will see several "File ... not found" log messages. This is expected, and I do not want to support the tools/ directory. However, without an explicit comment "do not support tools/", somebody might try to get it back. Clarify this. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Acked-by: Nathan Chancellor <nathan@kernel.org>
* scripts/clang-tools: switch explicitly to Python 3Masahiro Yamada2021-02-032-2/+2
| | | | | | | | | For the same reason as commit 51839e29cb59 ("scripts: switch explicitly to Python 3"), switch some more scripts, which I tested and confirmed working on Python 3. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Acked-by: Nathan Chancellor <nathan@kernel.org>
* Makefile: Add clang-tidy and static analyzer support to makefileNathan Huckleberry2020-08-262-0/+310
This patch adds clang-tidy and the clang static-analyzer as make targets. The goal of this patch is to make static analysis tools usable and extendable by any developer or researcher who is familiar with basic c++. The current static analysis tools require intimate knowledge of the internal workings of the static analysis. Clang-tidy and the clang static analyzers expose an easy to use api and allow users unfamiliar with clang to write new checks with relative ease. ===Clang-tidy=== Clang-tidy is an easily extendable 'linter' that runs on the AST. Clang-tidy checks are easy to write and understand. A check consists of two parts, a matcher and a checker. The matcher is created using a domain specific language that acts on the AST (https://clang.llvm.org/docs/LibASTMatchersReference.html). When AST nodes are found by the matcher a callback is made to the checker. The checker can then execute additional checks and issue warnings. Here is an example clang-tidy check to report functions that have calls to local_irq_disable without calls to local_irq_enable and vice-versa. Functions flagged with __attribute((annotation("ignore_irq_balancing"))) are ignored for analysis. (https://reviews.llvm.org/D65828) ===Clang static analyzer=== The clang static analyzer is a more powerful static analysis tool that uses symbolic execution to find bugs. Currently there is a check that looks for potential security bugs from invalid uses of kmalloc and kfree. There are several more general purpose checks that are useful for the kernel. The clang static analyzer is well documented and designed to be extensible. (https://clang-analyzer.llvm.org/checker_dev_manual.html) (https://github.com/haoNoQ/clang-analyzer-guide/releases/download/v0.1/clang-analyzer-guide-v0.1.pdf) The main draw of the clang tools is how accessible they are. The clang documentation is very nice and these tools are built specifically to be easily extendable by any developer. They provide an accessible method of bug-finding and research to people who are not overly familiar with the kernel codebase. Signed-off-by: Nathan Huckleberry <nhuck@google.com> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Tested-by: Nick Desaulniers <ndesaulniers@google.com> Tested-by: Lukas Bulwahn <lukas.bulwahn@gmail.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>