Ɗaya daga cikin mafi yawan yanayin halin yanzu don amfani da PVS-Studio analyzer shine haɗin kai tare da tsarin CI. Kuma kodayake nazarin aikin PVS-Studio daga kusan kowane tsarin haɗin kai mai ci gaba ana iya gina shi a cikin ƴan umarni kaɗan, muna ci gaba da yin wannan tsari ya fi dacewa. PVS-Studio yanzu yana da goyan baya don jujjuya fitarwar na'ura zuwa tsari don TeamCity - TeamCity Inspections Type. Bari mu ga yadda yake aiki.
Bayani game da software da aka yi amfani da su
- mai nazari a tsaye na C, C++, C # da lambar Java, wanda aka tsara don sauƙaƙe aikin ganowa da gyara nau'ikan kurakurai daban-daban. Ana iya amfani da mai nazari akan Windows, Linux da macOS. A cikin wannan labarin, za mu yi amfani da rayayye ba kawai analyzer kanta, amma kuma wasu utilities daga rarraba.
- uwar garken sa ido ce da ke sa ido kan ƙaddamar da tarawa. Dole ne a gudanar da shi nan da nan kafin fara gina aikin ku. A cikin yanayin snooping, uwar garken zai katse ayyukan duk masu tarawa da aka goyan baya. Yana da mahimmanci a lura cewa ana iya amfani da wannan kayan aiki kawai don nazarin ayyukan C / C ++.
– mai amfani don juyar da rahotannin nazari zuwa tsari daban-daban.
Bayani game da aikin da ake nazari
Bari mu gwada wannan aikin akan misali mai amfani - bari mu bincika aikin OpenRCT2.
- bude aiwatar da wasan RollerCoaster Tycoon 2 (RCT2), fadada shi tare da sabbin ayyuka da gyara kwari. Wasan wasa ya ta'allaka ne akan ginawa da kula da wurin shakatawa mai ɗauke da hawan keke, shaguna, da kayan aiki. Dole ne mai kunnawa yayi ƙoƙarin samun riba kuma ya kula da kyakkyawan wurin shakatawa yayin da yake sa baƙi farin ciki. OpenRCT2 yana ba ku damar yin wasa a cikin yanayi biyu da akwatunan yashi. Yanayi yana buƙatar mai kunnawa ya kammala takamaiman aiki a cikin ƙayyadaddun lokaci, yayin da Sandbox yana ba mai kunnawa damar gina wurin shakatawa mai sassauƙa ba tare da wani hani ko kuɗi ba.
gyara
Domin adana lokaci, tabbas zan tsallake tsarin shigarwa kuma in fara daga lokacin da nake da uwar garken TeamCity yana aiki akan kwamfuta ta. Muna buƙatar zuwa: localhost: {tashar da aka ƙayyade yayin aikin shigarwa} (a cikin akwati na, localhost: 9090) kuma shigar da bayanan izini. Bayan mun shiga za a gaishe mu da:
Danna maɓallin Ƙirƙiri Project. Na gaba, zaɓi Da hannu kuma cika filayen.
Bayan danna maballin Create, taga mun gaisa da saitin.
Mu danna Ƙirƙiri tsarin ginin gini.
Cika filayen kuma danna Create. Mun ga taga yana tambayar ku don zaɓar tsarin sarrafa sigar. Tun da an riga an samo tushen a cikin gida, danna Tsallake.
A ƙarshe, mun matsa zuwa saitunan aikin.
Bari mu ƙara matakan taro, don yin wannan danna: Gina matakai -> Ƙara matakin ginawa.
A nan mun zabi:
- Nau'in Runner -> Layin Umurni
- Run -> Rubutun al'ada
Tun da za mu yi nazari a lokacin tattara ayyukan, taro da bincike ya kamata su zama mataki ɗaya, don haka cika filin Rubutun Layi:
Za mu kalli matakai ɗaya daga baya. Yana da mahimmanci cewa loda na'urar nazari, haɗa aikin, nazarin shi, fitar da rahoton da tsara shi yana ɗaukar layukan lamba goma sha ɗaya kawai.
Abu na karshe da ya kamata mu yi shi ne saita masu canjin yanayi, wanda na zayyana wasu hanyoyin da za a inganta karatunsu. Don yin wannan, bari mu ci gaba: Siga -> Ƙara sabon siga kuma ƙara masu canji guda uku:
Duk abin da za ku yi shi ne danna maɓallin Run a kusurwar dama ta sama. Yayin da ake tattarawa da kuma nazarin aikin, zan gaya muku game da rubutun.
Rubutun kai tsaye
Da farko, muna buƙatar saukar da sabon rarraba PVS-Studio. Don wannan muna amfani da manajan fakitin Chocolatey. Ga masu son ƙarin sani game da wannan, akwai daidai :
choco install pvs-studio -yNa gaba, bari mu ƙaddamar da aikin gina kayan aikin CLMonitor.
%CLmon% monitor –-attachSannan za mu gina aikin a matsayin canjin yanayi MSB shine hanyar zuwa sigar MSBuild Ina buƙatar ginawa
%MSB% %ProjPath% /t:clean
%MSB% %ProjPath% /t:rebuild /p:configuration=release
%MSB% %ProjPath% /t:g2
%MSB% %ProjPath% /t:PublishPortableBari mu shigar da maɓallin shiga da maɓallin lasisi don PVS-Studio:
%PVS-Studio_cmd% credentials --username %PVS_Name% --serialNumber %PVS_Key%Bayan an gama ginawa, sake gudanar da CLMonitor don samar da fayilolin da aka riga aka sarrafa da bincike na tsaye:
%CLmon% analyze -l "c:ptest.plog"Sa'an nan kuma za mu yi amfani da wani mai amfani daga rarraba mu. PlogConverter yana canza rahoto daga daidaitaccen tsari zuwa takamaiman tsari na TeamCity. Godiya ga wannan, za mu iya duba shi kai tsaye a cikin ginin ginin.
%PlogConverter% "c:ptest.plog" --renderTypes=TeamCity -o "C:temp"Mataki na ƙarshe shine a nuna rahoton da aka tsara a ciki stdout, inda za a dauka ta TeamCity parser.
type "C:tempptest.plog_TeamCity.txt"Cikakken lambar rubutun:
choco install pvs-studio -y
%CLmon% monitor --attach
set platform=x64
%MSB% %ProjPath% /t:clean
%MSB% %ProjPath% /t:rebuild /p:configuration=release
%MSB% %ProjPath% /t:g2
%MSB% %ProjPath% /t:PublishPortable
%PVS-Studio_cmd% credentials --username %PVS_Name% --serialNumber %PVS_Key%
%CLmon% analyze -l "c:ptest.plog"
%PlogConverter% "c:ptest.plog" --renderTypes=TeamCity -o "C:temp"
type "C:tempptest.plog_TeamCity.txt"A halin yanzu, an kammala taro da nazarin aikin cikin nasara, za mu iya zuwa shafin Projects kuma ka tabbata.
Yanzu bari mu danna kan Jimlar dubawadon zuwa duba rahoton nazari:
Gargaɗi yana tattare da lambobi na ƙa'idar bincike. Don kewaya cikin lambar, kuna buƙatar danna lambar layi tare da gargaɗin. Danna alamar tambaya a kusurwar dama ta sama zai buɗe maka sabon shafin tare da takardu. Hakanan zaka iya kewaya ta hanyar lambar ta danna lambar layi tare da gargaɗin tantancewa. Kewayawa daga kwamfuta mai nisa yana yiwuwa lokacin amfani SourceTreeRoot alama. Duk wanda ke da sha'awar wannan yanayin aiki na mai nazari zai iya sanin kansa da sashin da ya dace .
Duban sakamakon mai nazari
Yanzu da mun gama turawa da daidaita ginin, bari mu kalli wasu gargaɗi masu ban sha'awa da aka samu a cikin aikin da muke kallo.
Gargadi N1
[CWE-401] Banda an jefa ba tare da sakin ma'anar 'sakamako' ba. Ƙwaƙwalwar ƙwaƙwalwa yana yiwuwa. libopenrct2 ObjectFactory.cpp 443
Object* CreateObjectFromJson(....)
{
Object* result = nullptr;
....
result = CreateObject(entry);
....
if (readContext.WasError())
{
throw std::runtime_error("Object has errors");
}
....
}
Object* CreateObject(const rct_object_entry& entry)
{
Object* result;
switch (entry.GetType())
{
case OBJECT_TYPE_RIDE:
result = new RideObject(entry);
break;
case OBJECT_TYPE_SMALL_SCENERY:
result = new SmallSceneryObject(entry);
break;
case OBJECT_TYPE_LARGE_SCENERY:
result = new LargeSceneryObject(entry);
break;
....
default:
throw std::runtime_error("Invalid object type");
}
return result;
}Mai nazari ya lura da wani kuskure wanda bayan keɓance ƙwaƙwalwar ajiya mai ƙarfi a ciki Ƙirƙirar Abu, lokacin da keɓanta ya faru, ba a share ƙwaƙwalwar ajiya ba, kuma ƙwaƙwalwar ajiyar tana faruwa.
Gargadi N2
Akwai ƙananan maganganu iri ɗaya '(1ULL << WIDX_MONTH_BOX)' zuwa hagu da dama na '|' ma'aikaci. libopenrct2ui Cheats.cpp 487
static uint64_t window_cheats_page_enabled_widgets[] =
{
MAIN_CHEAT_ENABLED_WIDGETS |
(1ULL << WIDX_NO_MONEY) |
(1ULL << WIDX_ADD_SET_MONEY_GROUP) |
(1ULL << WIDX_MONEY_SPINNER) |
(1ULL << WIDX_MONEY_SPINNER_INCREMENT) |
(1ULL << WIDX_MONEY_SPINNER_DECREMENT) |
(1ULL << WIDX_ADD_MONEY) |
(1ULL << WIDX_SET_MONEY) |
(1ULL << WIDX_CLEAR_LOAN) |
(1ULL << WIDX_DATE_SET) |
(1ULL << WIDX_MONTH_BOX) | // <=
(1ULL << WIDX_MONTH_UP) |
(1ULL << WIDX_MONTH_DOWN) |
(1ULL << WIDX_YEAR_BOX) |
(1ULL << WIDX_YEAR_UP) |
(1ULL << WIDX_YEAR_DOWN) |
(1ULL << WIDX_DAY_BOX) |
(1ULL << WIDX_DAY_UP) |
(1ULL << WIDX_DAY_DOWN) |
(1ULL << WIDX_MONTH_BOX) | // <=
(1ULL << WIDX_DATE_GROUP) |
(1ULL << WIDX_DATE_RESET),
....
};Mutane kaɗan banda na'urar tantancewa na tsaye za su iya wucewa wannan gwajin lura. Wannan misalin kwafin-manna yana da kyau don daidai wannan dalili.
Gargadi N3
Yana da ban sha'awa cewa filin 'tuta' a cikin aji da aka samo 'RCT12BannerElement' ya sake rubuta filin a cikin rukunin tushe 'RCT12TileElementBase'. Duba layi: RCT12.h:570, RCT12.h:259. libopenrct2 RCT12.h 570
struct RCT12SpriteBase
{
....
uint8_t flags;
....
};
struct rct1_peep : RCT12SpriteBase
{
....
uint8_t flags;
....
};Tabbas, yin amfani da ma'auni mai suna iri ɗaya a cikin ajin tushe da cikin zuriyar ba koyaushe kuskure ba ne. Koyaya, fasahar gado da kanta tana ɗauka cewa duk fagagen ajin iyaye suna cikin aji na yara. Ta hanyar bayyana filayen da suna iri ɗaya a cikin magaji, muna haifar da rudani.
Gargadi N4
Yana da ban mamaki cewa sakamakon bayanin 'imageDirection / 8' wani bangare ne na yanayin. Wataƙila, ya kamata a kwatanta wannan magana da wani abu dabam. libopenrct2 ObservationTower.cpp 38
void vehicle_visual_observation_tower(...., int32_t imageDirection, ....)
{
if ((imageDirection / 8) && (imageDirection / 8) != 3)
{
....
}
....
}Mu duba a tsanake. Magana Hoton Hanyar/8 zai zama karya idan imageDirection yana cikin kewayon -7 zuwa 7. Kashi na biyu: (Hanyar Hoto / 8)! = 3 cak imageDirection don kasancewa a waje da kewayon: daga -31 zuwa -24 kuma daga 24 zuwa 31, bi da bi. Da alama baƙon abu ne a gare ni in bincika lambobi don haɗawa a cikin takamaiman kewayon ta wannan hanyar kuma, ko da babu kuskure a cikin wannan lambar, zan ba da shawarar sake rubuta waɗannan sharuɗɗan don zama bayyane. Wannan zai sauƙaƙa rayuwa ga mutanen da za su karanta da kiyaye wannan lambar.
Gargadi N5
Babban jerin ayyuka na irin wannan: A = B; B = A;. Duba layi: 1115, 1118. libopenrct2ui MouseInput.cpp 1118
void process_mouse_over(....)
{
....
switch (window->widgets[widgetId].type)
{
case WWT_VIEWPORT:
ebx = 0;
edi = cursorId; // <=
// Window event WE_UNKNOWN_0E was called here,
// but no windows actually implemented a handler and
// it's not known what it was for
cursorId = edi; // <=
if ((ebx & 0xFF) != 0)
{
set_cursor(cursorId);
return;
}
break;
....
}
....
}An fi samun wannan guntun lambar ta hanyar lalatawa. Sa'an nan, yin la'akari da sharhin hagu, an cire wani ɓangare na lambar da ba ta aiki ba. Koyaya, har yanzu akwai sauran ayyuka biyu cursorId, wanda kuma ba shi da ma'ana sosai.
Gargadi N6
[CWE-476] An yi amfani da alamar 'player' ba tare da tsaro ba bayan an tabbatar da ita a kan nullptr. Duba layi: 2085, 2094. libopenrct2 Network.cpp 2094
void Network::ProcessPlayerList()
{
....
auto* player = GetPlayerByID(pendingPlayer.Id);
if (player == nullptr)
{
// Add new player.
player = AddPlayer("", "");
if (player) // <=
{
*player = pendingPlayer;
if (player->Flags & NETWORK_PLAYER_FLAG_ISSERVER)
{
_serverConnection->Player = player;
}
}
newPlayers.push_back(player->Id); // <=
}
....
}Wannan lambar tana da sauƙin gyarawa; kawai kuna buƙatar duba ta a karo na uku player zuwa maƙasudin banza, ko ƙara shi a jikin bayanin sharadi. Zan ba da shawarar zaɓi na biyu:
void Network::ProcessPlayerList()
{
....
auto* player = GetPlayerByID(pendingPlayer.Id);
if (player == nullptr)
{
// Add new player.
player = AddPlayer("", "");
if (player)
{
*player = pendingPlayer;
if (player->Flags & NETWORK_PLAYER_FLAG_ISSERVER)
{
_serverConnection->Player = player;
}
newPlayers.push_back(player->Id);
}
}
....
}Gargadi N7
[CWE-570] Maganar 'suna == nullptr' koyaushe karya ce. libopenrct2 ServerList.cpp 102
std::optional<ServerListEntry> ServerListEntry::FromJson(...)
{
auto name = json_object_get(server, "name");
.....
if (name == nullptr || version == nullptr)
{
....
}
else
{
....
entry.name = (name == nullptr ? "" : json_string_value(name));
....
}
....
}Kuna iya kawar da layin code mai wuyar karantawa a cikin faɗuwa ɗaya kuma ku magance matsalar tare da bincikawa nulptr. Ina ba da shawarar canza lambar kamar haka:
std::optional<ServerListEntry> ServerListEntry::FromJson(...)
{
auto name = json_object_get(server, "name");
.....
if (name == nullptr || version == nullptr)
{
name = ""
....
}
else
{
....
entry.name = json_string_value(name);
....
}
....
}Gargadi N8
[CWE-1164] An sanya madaidaicin 'ColumnHeaderPressedCurrentState' ƙima iri ɗaya. libopenrct2ui CustomListView.cpp 510
void CustomListView::MouseUp(....)
{
....
if (!ColumnHeaderPressedCurrentState)
{
ColumnHeaderPressed = std::nullopt;
ColumnHeaderPressedCurrentState = false;
Invalidate();
}
}Lambar yayi kama da ban mamaki. Ga alama a gare ni akwai typo ko dai a cikin yanayin ko lokacin da aka sake sanya mabanbanta ColumnHeaderPressedCurrentState dabi'u arya.
ƙarshe
Kamar yadda muke iya gani, haɗa PVS-Studio static analyzer cikin aikin TeamCity ɗinku abu ne mai sauƙi. Don yin wannan, ya isa rubuta ƙaramin fayil ɗin daidaitawa ɗaya kawai. Duba lambar zai ba ka damar gano matsalolin nan da nan bayan taro, wanda zai taimaka kawar da su lokacin da rikitarwa da farashin canje-canje suna da ƙasa.
Idan kuna son raba wannan labarin tare da masu sauraron Ingilishi, da fatan za a yi amfani da hanyar haɗin fassarar: Vladislav Stolyarov. .
source: www.habr.com