security: Add compiler static analysis support
Enable GCC builtin static analysis in Zephyr's static code analysis (SCA) infra. When this option is enabled GCC performs a static analysis and can point problems like: sample.c + int *j; + + if (j != NULL) { + printf("j != NULL\n"); output: ${ZEPHYR_BASE}/samples/userspace/hello_world_user/src/main.c:30:12: warning: use of uninitialized value 'j' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 30 | if (j != NULL) { | ^ 'main': events 1-2 | | 25 | int *j; | | ^ | | | | | (1) region created on stack here |...... | 30 | if (j != NULL) { | | ~ | | | | | (2) use of uninitialized value 'j' here Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit is contained in:
parent
b27494b7ed
commit
3fc5d971fe
3 changed files with 24 additions and 0 deletions
5
cmake/sca/gcc/sca.cmake
Normal file
5
cmake/sca/gcc/sca.cmake
Normal file
|
@ -0,0 +1,5 @@
|
|||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
# Copyright (c) 2024 Intel Corporation
|
||||
|
||||
list(APPEND TOOLCHAIN_C_FLAGS -fanalyzer)
|
18
doc/develop/sca/gcc.rst
Normal file
18
doc/develop/sca/gcc.rst
Normal file
|
@ -0,0 +1,18 @@
|
|||
.. _gcc:
|
||||
|
||||
GCC static analysis support
|
||||
###########################
|
||||
|
||||
Static analysis was introduced in `GCC <https://gcc.gnu.org/>`__ 10 and it is enabled
|
||||
with the option ``-fanalyzer``. This option performs a much more expensive and thorough
|
||||
analysis of the code than traditional warnings.
|
||||
|
||||
Run GCC static analysis
|
||||
***********************
|
||||
|
||||
To run GCC static analysis, :ref:`west build <west-building>` should be
|
||||
called with a ``-DZEPHYR_SCA_VARIANT=gcc`` parameter, e.g.
|
||||
|
||||
.. code-block:: shell
|
||||
|
||||
west build -b qemu_x86 samples/userspace/hello_world_user -- -DZEPHYR_SCA_VARIANT=gcc
|
|
@ -63,3 +63,4 @@ The following is a list of SCA tools natively supported by Zephyr build system.
|
|||
|
||||
codechecker
|
||||
sparse
|
||||
gcc
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue