Gaji da sake duba lambar ko lalata, wani lokacin kuna tunanin yadda zaku sauƙaƙa rayuwar ku. Kuma bayan bincike kadan, ko kuma ta hanyar tuntuɓe akansa da gangan, zaku iya ganin kalmar sihirin: “Static analysis.” Bari mu ga abin da yake da kuma yadda zai iya yin hulɗa tare da aikinku.
A gaskiya ma, idan ka rubuta da kowane harshe na zamani, to, ba tare da saninsa ba, ka yi amfani da shi ta hanyar nazari mai mahimmanci. Gaskiyar ita ce, kowane mai tarawa na zamani yana ba da, ko da yake ƙanƙanta, saitin gargaɗi game da yuwuwar matsalolin da ke cikin lambar. Misali, lokacin da ake hada lambar C++ a cikin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin C++ zaka iya ganin masu zuwa:
A cikin wannan fitarwa za mu ga cewa m ya ba a taɓa amfani da shi a ko'ina cikin aikin ba. Don haka a zahiri, kusan koyaushe kuna amfani da na'urar tantance lambar a tsaye. Koyaya, ba kamar masu nazarin ƙwararru kamar Coverity, Klocwork ko PVS-Studio ba, gargaɗin da mai tarawa ya bayar na iya nuna ƙananan matsaloli.
Idan ba ku san tabbas menene static analysis da yadda ake aiwatar da shi ba, don ƙarin koyo game da wannan hanya.
Me yasa kuke buƙatar bincike a tsaye?
A takaice: hanzari da sauƙi.
Binciken a tsaye yana ba ku damar nemo matsaloli daban-daban da yawa a cikin lambar: daga yin amfani da ginin harshe ba daidai ba zuwa buga rubutu. Misali, maimakon
auto x = obj.x;
auto y = obj.y;
auto z = obj.z;Kun rubuta code mai zuwa:
auto x = obj.x;
auto y = obj.y;
auto z = obj.x;Kamar yadda kake gani, akwai typo a layi na ƙarshe. Misali, PVS-Studio yana ba da gargaɗi mai zuwa:
Yi la'akari da yin bitar daidaitaccen amfanin abun 'y'.
Idan kuna son shigar da hannunku cikin wannan kuskuren, gwada misali da aka yi a cikin Compiler Explorer: **.
Kuma kamar yadda kuka fahimta, ba koyaushe yana yiwuwa a kula da irin waɗannan sassan code nan da nan ba, kuma saboda wannan, zaku iya zama kuna yin lalata don sa'a mai kyau, kuna mamakin dalilin da yasa duk abin ke aiki da ban mamaki.
Duk da haka, wannan kuskure ne a fili. Me zai faru idan mai haɓakawa ya rubuta lambar ƙima saboda ya manta da ɗan dabara na yaren? Ko ma yarda da shi a cikin code ? Abin baƙin ciki shine, irin waɗannan lokuta sun zama ruwan dare gama gari kuma rabon zaki yana kashe lokaci don yin gyara musamman lambar aiki wanda ya ƙunshi kurakurai na yau da kullun ko halayen da ba a bayyana ba.
Don waɗannan yanayi ne aka bayyana a tsaye bincike. Wannan mataimaki ne ga mai haɓakawa wanda zai nuna matsaloli daban-daban a cikin lambar kuma ya bayyana a cikin takardun dalilin da yasa ba lallai ba ne a rubuta wannan hanya, abin da zai iya haifar da kuma yadda za a gyara shi. Ga misalin yadda zai yi kama: **.
Kuna iya samun ƙarin kurakurai masu ban sha'awa waɗanda mai nazari zai iya ganowa a cikin labaran:
Yanzu da kun karanta wannan abu kuma kun gamsu da fa'idodin bincike na tsaye, kuna iya gwada shi. Amma ta ina zan fara? Yadda ake haɗa sabon kayan aiki cikin aikin ku na yanzu? Da kuma yadda za a gabatar da tawagar zuwa gare shi? Za ku sami amsoshin waɗannan tambayoyin a ƙasa.
Ka lura. Binciken a tsaye baya maye ko soke irin wannan abu mai amfani kamar duban lamba. Ya cika wannan tsari, yana taimakawa wajen lura da gyara rubutun rubutu, kuskure, da ƙira masu haɗari a gaba. Yana da fa'ida sosai don mai da hankali kan bitar lambar akan algorithms da tsayuwar lamba, maimakon neman ɓangarorin da ba daidai ba ko .
0. Sanin kayan aiki
Duk yana farawa da sigar gwaji. Lalle ne, yana da wuya a yanke shawarar gabatar da wani abu a cikin tsarin ci gaba idan ba ku taɓa ganin kayan aiki ba a baya. Saboda haka, abu na farko da ya kamata ku yi shi ne zazzagewa .
Abin da za ku koya a wannan mataki:
- Menene hanyoyin yin hulɗa tare da mai nazari;
- Shin mai tantancewa ya dace da yanayin ci gaban ku?
- Wadanne matsaloli ne a halin yanzu a cikin ayyukanku?
Bayan kun shigar da duk abin da kuke buƙata, abu na farko da ya kamata ku yi shi ne gudanar da nazarin dukkan aikin (, , ). A cikin yanayin PVS-Studio a cikin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Kayayyakin Sirri) za ka ga hoto irin wannan (wanda ake iya dannawa):
Gaskiyar ita ce, masu bincike na tsaye yawanci suna ba da adadi mai yawa na gargadi don ayyukan tare da babban tushe na lamba. Babu buƙatar gyara su duka, tun da aikin ku ya riga ya yi aiki, wanda ke nufin waɗannan matsalolin ba su da mahimmanci. Duk da haka, ku kuma a gyara su idan ya cancanta. Don yin wannan, kuna buƙatar tace fitarwa kuma ku bar kawai mafi amintattun saƙonni. A cikin kayan aikin PVS-Studio don Kayayyakin Kayayyakin Kayayyakin Hulɗa, ana yin wannan ta hanyar tacewa ta matakan kuskure da nau'ikan. Don ingantaccen fitarwa, bar kawai high и Janar (kuma ana iya dannawa):
Lallai, gargaɗin 178 sun fi sauƙin dubawa fiye da dubu da yawa ...
A cikin tabs Medium и low Sau da yawa akwai gargaɗi mai kyau, amma waɗannan nau'ikan sun haɗa da waɗanda ke da ƙarancin daidaito (abin dogaro). Ana iya samun ƙarin bayani game da matakan gargaɗi da zaɓuɓɓuka don aiki a ƙarƙashin Windows anan: **.
Samun nasarar nazarin kurakurai masu ban sha'awa (kuma an yi nasarar gyara su) yana da daraja . Wannan ya zama dole don kada sabbin gargadi su ɓace a cikin tsoffin. Bugu da kari, mai nazari a tsaye mataimaki ne ga mai tsara shirye-shirye, ba jerin kurakurai ba. 🙂
1. Automation
Bayan saninsa, lokaci yayi da za a saita plugins da haɗawa cikin CI. Dole ne a yi wannan kafin masu shirye-shirye su fara amfani da na'urar tantancewa. Gaskiyar ita ce, mai shirye-shiryen na iya mantawa don ba da damar yin nazari ko kuma ba ya son yin shi kwata-kwata. Don yin wannan, kuna buƙatar yin wasu bincike na ƙarshe na komai don kada lambar da ba ta gwadawa ba ta iya shiga reshen ci gaba gabaɗaya.
Abin da za ku koya a wannan mataki:
- Waɗanne zaɓuɓɓukan sarrafa kansa kayan aikin ke bayarwa;
- Shin mai nazari ya dace da tsarin taron ku?
Tun da cikakkun bayanai ba su wanzu, wani lokacin dole ne ka rubuta a ciki . Wannan al'ada ce kuma muna farin cikin taimaka muku. 🙂
Yanzu bari mu matsa zuwa ci gaba da ayyukan haɗin kai (CI). Ana iya aiwatar da kowane mai nazari a cikin su ba tare da wata matsala mai tsanani ba. Don yin wannan, kuna buƙatar ƙirƙirar wani mataki daban a cikin bututun, wanda yawanci ke samuwa bayan gwajin ginin da naúrar. Ana yin wannan ta amfani da kayan aikin console daban-daban. Misali, PVS-Studio yana ba da abubuwan amfani masu zuwa:
- (binciken mafita, C #, C++ ayyukan akan Windows)
- (sabili da tari)
- (binciken ayyukan C ++ akan Linux / macOS)
- (binciken mafita, ayyukan C # akan Linux / macOS)
- (nazarin ayyukan Java)
- (mai canza fayil rahoton)
Don haɗa bincike cikin CI, kuna buƙatar yin abubuwa uku:
- Shigar da mai nazari;
- Gudanar da bincike;
- Isar da sakamako.
Misali, don shigar da PVS-Studio akan Linux (Debian-base), kuna buƙatar gudanar da umarni masu zuwa:
wget -q -O - https://files.viva64.com/etc/pubkey.txt
| sudo apt-key add -
sudo wget -O /etc/apt/sources.list.d/viva64.list
https://files.viva64.com/etc/viva64.list
sudo apt-get update -qq
sudo apt-get install -qq pvs-studioA kan tsarin da ke gudana Windows, babu wata hanyar shigar da mai nazari daga mai sarrafa kunshin, amma yana yiwuwa a tura mai nazari daga layin umarni:
PVS-Studio_setup.exe /verysilent /suppressmsgboxes
/norestart /nocloseapplicationsKuna iya karanta ƙarin game da tura PVS-Studio akan tsarin da ke gudana Windows **.
Bayan shigarwa, kuna buƙatar gudanar da bincike kai tsaye. Duk da haka, ana ba da shawarar yin hakan bayan an gama tattarawa da gwaje-gwaje. Wannan saboda bincike a tsaye yakan ɗauki sau biyu in har an haɗa shi.
Tunda hanyar ƙaddamarwa ya dogara da dandamali da fasalin aikin, zan nuna zaɓi don C ++ (Linux) azaman misali:
pvs-studio-analyzer analyze -j8
-o PVS-Studio.log
plog-converter -t errorfile PVS-Studio.log --cerr -wUmarni na farko zai yi bincike, kuma na biyu yana canza rahoton zuwa tsarin rubutu, yana nuna shi akan allo kuma ya dawo da lambar dawowa banda 0 idan akwai gargadi. Ana iya amfani da tsarin kamar wannan cikin dacewa don toshe ginin lokacin da akwai saƙon kuskure. Koyaya, koyaushe kuna iya cire tuta -w kuma kar a toshe taron da ke dauke da gargadi.
Ka lura. Tsarin rubutu ba shi da daɗi. An bayar da shi kawai a matsayin misali. Kula da tsarin rahoto mai ban sha'awa - FullHtml. Yana ba ku damar kewaya ta hanyar lambar.
Kuna iya karanta ƙarin game da kafa bincike akan CI a cikin labarin ""(Windows) ko""(Linux).
Ok, kun saita mai nazari akan uwar garken ginin. Yanzu, idan wani ya ɗora lambar da ba a gwada ba, matakin tabbatarwa zai gaza, kuma za ku iya gano matsalar, duk da haka, wannan ba cikakke ba ne, tunda ya fi dacewa don bincika aikin ba bayan an haɗa rassan ba, amma gabaninsa, a matakin buqatar jan hankali. A.
Gabaɗaya, kafa ƙididdigar buƙatun ja baya da yawa da ƙaddamar da bincike na yau da kullun akan CI. Sai dai buƙatar samun jerin fayilolin da aka canza. Ana iya samun waɗannan yawanci ta hanyar tambayar bambance-bambance tsakanin rassan ta amfani da git:
git diff --name-only HEAD origin/$MERGE_BASE > .pvs-pr.listYanzu kuna buƙatar wuce wannan jerin fayiloli zuwa mai nazari azaman shigarwa. Misali, a cikin PVS-Studio ana aiwatar da wannan ta amfani da tuta -S:
pvs-studio-analyzer analyze -j8
-o PVS-Studio.log
-S .pvs-pr.listKuna iya samun ƙarin bayani game da nazarin buƙatun ja ** . Ko da CI ɗinku ba ya cikin jerin ayyukan da aka ambata a cikin labarin, za ku sami babban ɓangaren da aka keɓe ga ka'idar wannan nau'in bincike yana da amfani.
Ta hanyar kafa nazarin buƙatun ja, zaku iya toshe ayyukan da ke ɗauke da faɗakarwa, ta haka ƙirƙirar iyaka wanda lambar da ba ta gwadawa ba ba za ta iya hayewa ba.
Wannan duk tabbas yana da kyau, amma ina so in sami damar ganin duk gargaɗin a wuri guda. Ba wai kawai daga na'urar tantancewa ba, har ma daga gwaje-gwajen naúrar ko daga mai nazari mai ƙarfi. Akwai ayyuka daban-daban da plugins don wannan. PVS-Studio, alal misali, yana da .
2. Haɗin kai akan injunan haɓakawa
Yanzu lokaci ya yi da za a girka da daidaita mai nazari don amfanin ci gaban yau da kullun. Zuwa wannan lokacin kun riga kun saba da yawancin hanyoyin aiki, don haka ana iya kiran wannan sashi mafi sauƙi.
A matsayin zaɓi mafi sauƙi, masu haɓakawa za su iya shigar da masu nazarin da suka dace da kansu. Koyaya, wannan zai ɗauki lokaci mai yawa kuma ya ɗauke su daga haɓakawa, don haka zaku iya sarrafa wannan tsari ta amfani da mai sakawa da tutocin da suka dace. Don PVS-Studio akwai daban-daban . Koyaya, koyaushe akwai manajojin fakiti, misali, Chocolatey (Windows), Homebrew (macOS) ko zaɓin zaɓuɓɓuka don Linux.
Sannan kuna buƙatar shigar da abubuwan da ake buƙata, misali don , , da dai sauransu.
3. Amfanin yau da kullun
A wannan mataki, lokaci ya yi da za a faɗi wasu kalmomi game da hanyoyin da za a hanzarta mai nazari yayin amfani da yau da kullum. Cikakken bincike na gabaɗayan aikin yana ɗaukar lokaci mai yawa, amma sau nawa muke canza lamba a cikin dukkan aikin gaba ɗaya? Da kyar babu wani refactoring wanda yake da girma wanda zai shafi gaba dayan tushen lambar. Adadin fayilolin da ake canza su a lokaci ɗaya ba kasafai ya wuce dozin ba, don haka yana da ma'ana don tantance su. Don irin wannan yanayin akwai . Kawai kada ku firgita, wannan ba wani kayan aiki bane. Wannan yanayi ne na musamman wanda ke ba ku damar bincika fayilolin da aka canza kawai da abin dogaro, kuma wannan yana faruwa ta atomatik bayan ginawa idan kuna aiki a cikin IDE tare da shigar da plugin ɗin.
Idan mai nazarin ya gano matsaloli a cikin lambar da aka canza kwanan nan, zai ba da rahoton wannan da kansa. Misali, PVS-Studio zai gaya muku game da wannan ta amfani da faɗakarwa:
Tabbas, gaya wa masu haɓaka amfani da kayan aikin bai isa ba. Muna bukatar ko ta yaya mu gaya musu abin da yake da kuma yadda yake. Anan, alal misali, labarai ne game da saurin farawa don PVS-Studio, amma kuna iya samun irin wannan koyawa don kowane kayan aikin da kuka fi so:
Irin waɗannan labaran suna ba da duk bayanan da ake buƙata don amfanin yau da kullun kuma ba sa ɗaukar lokaci mai yawa. 🙂
Ko da a matakin sanin kayan aiki, mun danne gargaɗi da yawa yayin ɗaya daga cikin ƙaddamarwa na farko. Abin baƙin ciki shine, masu bincike na tsaye ba cikakke ba ne, don haka daga lokaci zuwa lokaci suna ba da tabbataccen ƙarya. Yawancin lokaci yana da sauƙi don kashe su; misali, a cikin PVS-Studio plugin don Kayayyakin Kayayyakin Kayayyakin Kayayyakin kawai kuna buƙatar danna maɓalli ɗaya:
Koyaya, kuna iya yin fiye da kawai murkushe su. Misali, zaku iya ba da rahoton matsala don tallafawa. Idan za'a iya gyara ingancin karya, to a cikin sabuntawa na gaba za ku iya lura cewa duk lokacin da aka sami ƙarancin ƙima da ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun bayanan ku.
Bayan hadewa
Don haka mun wuce dukkan matakai na haɗa bincike na tsaye a cikin tsarin ci gaba. Duk da mahimmancin kafa irin waɗannan kayan aikin akan CI, wuri mafi mahimmanci don gudanar da su shine kwamfutar mai haɓakawa. Bayan haka, mai nazari a tsaye ba alkali ba ne wanda ya ce wani wuri mai nisa da ku cewa lambar ba ta da kyau. Akasin haka, mataimaki ne ya gaya muku idan kun gaji kuma yana tunatar da ku idan kun manta wani abu.
Gaskiya ne, ba tare da amfani na yau da kullun ba, bincike na tsaye ba shi yiwuwa ya sauƙaƙe ci gaba sosai. Bayan haka, babban fa'idarsa ga mai haɓakawa ba ta ta'allaka ne sosai a cikin neman ɓangarori masu rikitarwa da rikice-rikice na lambar, amma a farkon gano su. Yarda da cewa gano matsala bayan an aika gyare-gyaren don gwaji ba kawai mara daɗi ba ne, har ma yana ɗaukar lokaci sosai. Bincike a tsaye, idan aka yi amfani da shi akai-akai, yana duba kowane canji kai tsaye akan kwamfutarka kuma yana ba da rahoton wuraren da ake tuhuma yayin aiki akan lambar.
Kuma idan ku ko abokan aikinku har yanzu ba ku da tabbacin ko yana da kyau a aiwatar da mai nazarin, to ina ba ku shawarar yanzu ku fara karanta labarin "". Yana magance damuwa na yau da kullun na masu haɓakawa cewa bincike na tsaye zai ɗauki lokacin su da sauransu.
Idan kuna son raba wannan labarin tare da masu sauraron Ingilishi, da fatan za a yi amfani da hanyar haɗin fassarar: Maxim Zvyagintsev. .
source: www.habr.com