zontreck/wine
1
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine.git synced 2024-11-19 17:06:04 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

gitlab: Add support for static analysis using Clang.

Browse source
This commit is contained in:
Alexandre Julliard 2024-10-07 12:44:05 +02:00
parent 6265f77003
commit 7aef4bc6db
5 changed files with 163 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
configure vendored
View file

@ -850,6 +850,7 @@ CPPFLAGS
LDFLAGS
CFLAGS
CC
SARIF_CONVERTER
srcdir
host_os
host_vendor
@ -908,6 +909,7 @@ enable_win64
enable_tests
enable_build_id
enable_maintainer_mode
enable_sast
enable_silent_rules
enable_werror
with_alsa
@ -2487,6 +2489,8 @@ Optional Features:
--enable-build-id include .buildid section in output objects
--enable-maintainer-mode
enable maintainer-specific build rules
--enable-sast enable static application security testing using
Clang
--enable-silent-rules use silent build rules (override: "make V=1")
--enable-werror treat compilation warnings as errors
--disable-largefile omit support for large files
@ -4278,6 +4282,12 @@ then :
enableval=$enable_maintainer_mode;
fi
# Check whether --enable-sast was given.
if test ${enable_sast+y}
then :
enableval=$enable_sast;
fi
# Check whether --enable-silent-rules was given.
if test ${enable_silent_rules+y}
then :
@ -4710,6 +4720,60 @@ case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
if test "x$enable_sast" = xyes
then :
CC=${CC:-clang}
with_mingw=${with_mingw:-clang}
for ac_prog in sarif-converter
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
printf %s "checking for $ac_word... " >&6; }
if test ${ac_cv_prog_SARIF_CONVERTER+y}
then :
printf %s "(cached) " >&6
else case e in #(
e) if test -n "$SARIF_CONVERTER"; then
ac_cv_prog_SARIF_CONVERTER="$SARIF_CONVERTER" # Let the user override the test.
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
case $as_dir in #(((
'') as_dir=./ ;;
*/) ;;
*) as_dir=$as_dir/ ;;
esac
for ac_exec_ext in '' $ac_executable_extensions; do
if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_SARIF_CONVERTER="$ac_prog"
printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
IFS=$as_save_IFS
fi ;;
esac
fi
SARIF_CONVERTER=$ac_cv_prog_SARIF_CONVERTER
if test -n "$SARIF_CONVERTER"; then
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SARIF_CONVERTER" >&5
printf "%s\n" "$SARIF_CONVERTER" >&6; }
else
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
printf "%s\n" "no" >&6; }
fi
test -n "$SARIF_CONVERTER" && break
done
test -n "$SARIF_CONVERTER" || SARIF_CONVERTER="false"
fi
@ -23764,6 +23828,7 @@ host_cpu = $host_cpu
host_vendor = $host_vendor
host_os = $host_os
srcdir = $srcdir
SARIF_CONVERTER = $SARIF_CONVERTER
CC = $CC
CFLAGS = $CFLAGS
LDFLAGS = $LDFLAGS

6
configure.ac
View file

@ -21,6 +21,7 @@ AC_ARG_ENABLE(win64, AS_HELP_STRING([--enable-win64],[build a Win64 emulator on
AC_ARG_ENABLE(tests, AS_HELP_STRING([--disable-tests],[do not build the regression tests]))
AC_ARG_ENABLE(build-id, AS_HELP_STRING([--enable-build-id],[include .buildid section in output objects]))
AC_ARG_ENABLE(maintainer-mode, AS_HELP_STRING([--enable-maintainer-mode],[enable maintainer-specific build rules]))
AC_ARG_ENABLE(sast, AS_HELP_STRING([--enable-sast],[enable static application security testing using Clang]))
AC_ARG_ENABLE(silent-rules, AS_HELP_STRING([--enable-silent-rules],[use silent build rules (override: "make V=1")]))
AC_ARG_ENABLE(werror, AS_HELP_STRING([--enable-werror],[treat compilation warnings as errors]))
@ -90,9 +91,12 @@ AC_ARG_WITH(wine-tools,AS_HELP_STRING([--with-wine-tools=DIR],[use Wine tools fr
AC_ARG_WITH(wine64, AS_HELP_STRING([--with-wine64=DIR],[use the 64-bit Wine in DIR for a Wow64 build]))
AC_CANONICAL_HOST
AC_SUBST(srcdir)
AS_IF([test "x$enable_sast" = xyes],[CC=${CC:-clang}
with_mingw=${with_mingw:-clang}
AC_CHECK_PROGS(SARIF_CONVERTER,sarif-converter,false)])
dnl **** Check for some programs ****
AC_PROG_CC

24
tools/gitlab/build.yml
View file

@ -73,6 +73,30 @@ build-mac:
- mkdir -p build32 build64
- git rebase $CI_MERGE_REQUEST_DIFF_BASE_SHA --exec ./tools/gitlab/build-mac
build-sast:
extends: .wine-build
rules:
- if: $CI_PIPELINE_SOURCE == 'push' && $CI_PROJECT_PATH == "wine/wine" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
tags:
- build
artifacts:
reports:
codequality: gl-code-quality-report.json
variables:
SASTFLAGS: >-
-Xclang -analyzer-disable-checker=core.CallAndMessage
-Xclang -analyzer-disable-checker=core.DivideZero
-Xclang -analyzer-disable-checker=core.NullDereference
-Xclang -analyzer-disable-checker=core.UndefinedBinaryOperatorResult
-Xclang -analyzer-disable-checker=core.uninitialized.Assign
-Xclang -analyzer-disable-checker=deadcode.DeadStores
-Xclang -analyzer-disable-checker=unix.Malloc
script:
- cd build64
- ../configure -q -C --enable-sast --enable-win64
- make -s gl-code-quality-report.json SASTFLAGS="${SASTFLAGS}"
build-winetest:
stage: build
image: $CI_REGISTRY/wine/wine:debian-bookworm

2
tools/gitlab/image.docker
View file

@ -71,6 +71,8 @@ RUN export DEBIAN_FRONTEND=noninteractive; \
gstreamer1.0-plugins-base:amd64 gstreamer1.0-plugins-good:amd64 gstreamer1.0-plugins-bad:amd64 gstreamer1.0-plugins-ugly:amd64 \
gstreamer1.0-plugins-base:i386 gstreamer1.0-plugins-good:i386 gstreamer1.0-plugins-bad:i386 gstreamer1.0-plugins-ugly:i386 && \
apt-get clean && \
curl -L -o /usr/local/bin/sarif-converter https://gitlab.com/ignis-build/sarif-converter/-/releases/permalink/latest/downloads/bin/sarif-converter-linux && \
chmod +x /usr/local/bin/sarif-converter && \
useradd -m gitlab
USER gitlab

89
tools/makedep.c
View file

@ -157,6 +157,7 @@ static const char *msgfmt;
static const char *ln_s;
static const char *sed_cmd;
static const char *wayland_scanner;
static const char *sarif_converter;
static int so_dll_supported;
static int unix_lib_supported;
/* per-architecture global variables */
@ -211,6 +212,7 @@ struct makefile
struct strarray in_files;
struct strarray pot_files;
struct strarray test_files;
struct strarray sast_files;
struct strarray clean_files;
struct strarray distclean_files;
struct strarray maintainerclean_files;
@ -3197,6 +3199,7 @@ static void output_source_one_arch( struct makefile *make, struct incl_file *sou
unsigned int arch )
{
const char *obj_name, *var_cc, *var_cflags;
struct compile_command *cmd;
struct strarray cflags = empty_strarray;
if (make->disabled[arch] && !(source->file->flags & FLAG_C_IMPLIB)) return;
@ -3285,30 +3288,48 @@ static void output_source_one_arch( struct makefile *make, struct incl_file *sou
obj_dir_path( make, arch_module_name( test_exe, arch )), obj );
}
if (!(source->file->flags & FLAG_GENERATED))
if (source->file->flags & FLAG_GENERATED) return;
/* static analysis rules */
if (sarif_converter && make->module && !make->extlib)
{
struct compile_command *cmd = malloc( sizeof(*cmd) );
cmd->source = source->filename;
cmd->obj = obj_dir_path( make, obj_name );
cmd->args = empty_strarray;
strarray_addall( &cmd->args, defines );
strarray_addall( &cmd->args, cflags );
if ((source->file->flags & FLAG_ARM64EC_X64) && !strcmp( archs.str[arch], "arm64ec" ))
{
char *cflags = get_expanded_make_variable( make, "x86_64_CFLAGS" );
cmd->cmd = get_expanded_make_variable( make, "x86_64_CC" );
if (cflags) strarray_add( &cmd->args, cflags );
}
else
{
char *cflags = get_expanded_arch_var( make, "CFLAGS", arch );
cmd->cmd = get_expanded_arch_var( make, "CC", arch );
if (cflags) strarray_add( &cmd->args, cflags );
}
list_add_tail( &compile_commands, &cmd->entry );
const char *sast_name = strmake( "%s%s.sarif", source->arch ? "" : arch_dirs[arch], obj );
output( "%s: %s\n", obj_dir_path( make, sast_name ), source->filename );
output( "\t%s%s -o $@ %s", cmd_prefix( "SAST" ), var_cc, source->filename );
output_filenames( defines );
output_filenames( cflags );
output_filename( "--analyze" );
output_filename( "-Xclang" );
output_filename( "-analyzer-output=sarif" );
output_filename( "$(SASTFLAGS)" );
output( "\n" );
strarray_add( &make->sast_files, sast_name );
strarray_add( targets, sast_name );
}
/* compile commands */
cmd = xmalloc( sizeof(*cmd) );
cmd->source = source->filename;
cmd->obj = obj_dir_path( make, obj_name );
cmd->args = empty_strarray;
strarray_addall( &cmd->args, defines );
strarray_addall( &cmd->args, cflags );
if ((source->file->flags & FLAG_ARM64EC_X64) && !strcmp( archs.str[arch], "arm64ec" ))
{
char *cflags = get_expanded_make_variable( make, "x86_64_CFLAGS" );
cmd->cmd = get_expanded_make_variable( make, "x86_64_CC" );
if (cflags) strarray_add( &cmd->args, cflags );
}
else
{
char *cflags = get_expanded_arch_var( make, "CFLAGS", arch );
cmd->cmd = get_expanded_arch_var( make, "CC", arch );
if (cflags) strarray_add( &cmd->args, cflags );
}
list_add_tail( &compile_commands, &cmd->entry );
}
@ -3739,6 +3760,7 @@ static void output_subdirs( struct makefile *make )
struct strarray all_targets = empty_strarray;
struct strarray makefile_deps = empty_strarray;
struct strarray clean_files = empty_strarray;
struct strarray sast_files = empty_strarray;
struct strarray testclean_files = empty_strarray;
struct strarray distclean_files = empty_strarray;
struct strarray distclean_dirs = empty_strarray;
@ -3761,6 +3783,7 @@ static void output_subdirs( struct makefile *make )
strarray_addall_uniq( &make->uninstall_files, submakes[i]->uninstall_files );
strarray_addall_uniq( &dependencies, submakes[i]->dependencies );
strarray_addall_path( &clean_files, submakes[i]->obj_dir, submakes[i]->clean_files );
strarray_addall_path( &sast_files, submakes[i]->obj_dir, submakes[i]->sast_files );
strarray_addall_path( &distclean_files, submakes[i]->obj_dir, submakes[i]->distclean_files );
strarray_addall_path( &distclean_dirs, submakes[i]->obj_dir, subclean );
strarray_addall_path( &make->maintainerclean_files, submakes[i]->obj_dir, submakes[i]->maintainerclean_files );
@ -3819,6 +3842,25 @@ static void output_subdirs( struct makefile *make )
strarray_add_uniq( &make->phony_targets, "check" );
strarray_add_uniq( &make->phony_targets, "test" );
if (sarif_converter)
{
if (strcmp( sarif_converter, "false" ))
{
output( "gl-code-quality-report.json:\n" );
output( "\t%s%s -t codequality -r", cmd_prefix( "SAST" ), sarif_converter );
output_filename( root_src_dir_path("") );
output_filenames( sast_files );
output_filename( "$@" );
output( "\n" );
strarray_add( &clean_files, "gl-code-quality-report.json" );
output( "gl-code-quality-report.json " );
}
output( "sast:" );
output_filenames( sast_files );
output( "\n" );
strarray_add_uniq( &make->phony_targets, "sast" );
}
if (get_expanded_make_variable( make, "GETTEXTPO_LIBS" )) output_po_files( make );
output( "clean::\n");
@ -3961,6 +4003,7 @@ static void output_sources( struct makefile *make )
strarray_addall( &make->clean_files, make->unixobj_files );
strarray_addall( &make->clean_files, make->pot_files );
strarray_addall( &make->clean_files, make->debug_files );
strarray_addall( &make->clean_files, make->sast_files );
if (make == top_makefile)
{
@ -4252,6 +4295,7 @@ static void output_silent_rules(void)
"GEN",
"LN",
"MSG",
"SAST",
"SED",
"TEST",
"WIDL",
@ -4574,6 +4618,7 @@ int main( int argc, char *argv[] )
sed_cmd = get_expanded_make_variable( top_makefile, "SED_CMD" );
ln_s = get_expanded_make_variable( top_makefile, "LN_S" );
wayland_scanner = get_expanded_make_variable( top_makefile, "WAYLAND_SCANNER" );
sarif_converter = get_expanded_make_variable( top_makefile, "SARIF_CONVERTER" );
if (root_src_dir && !strcmp( root_src_dir, "." )) root_src_dir = NULL;
if (tools_dir && !strcmp( tools_dir, "." )) tools_dir = NULL;