tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE

scan-build.sh (2531B)

      1 #!/bin/sh
      2 # Copyright 2014 The Tor Project, Inc
      3 # See LICENSE for licensing information
      4 #
      5 # This script is used for running a bunch of clang scan-build checkers
      6 # on Tor.
      7 
      8 # These don't seem to cause false positives in our code, so let's turn
      9 # them on.
     10 CHECKERS="\
     11    -enable-checker alpha.core.CallAndMessageUnInitRefArg \
     12    -enable-checker alpha.core.CastToStruct \
     13    -enable-checker alpha.core.Conversion \
     14    -enable-checker alpha.core.FixedAddr \
     15    -enable-checker alpha.core.IdenticalExpr \
     16    -enable-checker alpha.core.PointerArithm \
     17    -enable-checker alpha.core.SizeofPtr \
     18    -enable-checker alpha.core.TestAfterDivZero \
     19    -enable-checker alpha.security.MallocOverflow \
     20    -enable-checker alpha.security.ReturnPtrRange \
     21    -enable-checker alpha.unix.BlockInCriticalSection \
     22    -enable-checker alpha.unix.Chroot \
     23    -enable-checker alpha.unix.PthreadLock \
     24    -enable-checker alpha.unix.PthreadLock \
     25    -enable-checker alpha.unix.SimpleStream \
     26    -enable-checker alpha.unix.Stream \
     27    -enable-checker alpha.unix.cstring.BufferOverlap \
     28    -enable-checker alpha.unix.cstring.NotNullTerminated \
     29    -enable-checker valist.CopyToSelf \
     30    -enable-checker valist.Uninitialized \
     31    -enable-checker valist.Unterminated \
     32    -enable-checker security.FloatLoopCounter \
     33    -enable-checker security.insecureAPI.strcpy \
     34 "
     35 
     36 # shellcheck disable=SC2034
     37 # These have high false-positive rates.
     38 EXTRA_CHECKERS="\
     39    -enable-checker alpha.security.ArrayBoundV2 \
     40    -enable-checker alpha.unix.cstring.OutOfBounds \
     41    -enable-checker alpha.core.CastSize \
     42 "
     43 
     44 # shellcheck disable=SC2034
     45 # These don't seem to generate anything useful
     46 NOISY_CHECKERS="\
     47    -enable-checker alpha.clone.CloneChecker \
     48    -enable-checker alpha.deadcode.UnreachableCode \
     49 "
     50 
     51 if test "$SCAN_BUILD_OUTPUT" != ""; then
     52   OUTPUTARG="-o $SCAN_BUILD_OUTPUT"
     53 else
     54   OUTPUTARG=""
     55 fi
     56 
     57 # shellcheck disable=SC2086
     58 scan-build \
     59    $CHECKERS \
     60    ./configure
     61 
     62 scan-build \
     63    make clean
     64 
     65 # Make this not get scanned for dead assignments, since it has lots of
     66 # dead assignments we don't care about.
     67 # shellcheck disable=SC2086
     68 scan-build \
     69    $CHECKERS \
     70    -disable-checker deadcode.DeadStores \
     71    make -j5 -k ./src/ext/ed25519/ref10/libed25519_ref10.a
     72 
     73 # shellcheck disable=SC2086
     74 scan-build \
     75    $CHECKERS $OUTPUTARG \
     76    make -j5 -k
     77 
     78 CHECKERS="\
     79 "
     80 
     81 # This one gives a false positive on every strcmp.
     82 #    -enable-checker alpha.core.PointerSub
     83 
     84 # Needs work
     85 #    -enable-checker alpha.unix.MallocWithAnnotations