Indlela yokuphumeza i-static code analyzer kwiprojekthi yelifa ngaphandle kokudemothiza iqela

Kulula ukuzama i-static code analyzer. Kodwa ukuyiphumeza, ngakumbi ekuphuhliseni iprojekthi enkulu endala, kufuna ubuchule. Ukuba kwenziwe ngokungalunganga, umhlalutyi unokongeza umsebenzi, acothe uphuhliso, kwaye athobe iqela. Makhe sithethe ngokufutshane malunga nendlela yokufikelela ngokufanelekileyo ukuhlanganiswa kohlalutyo lwe-static kwinkqubo yophuhliso kwaye uqale ukuyisebenzisa njengenxalenye yeCI / CD.

Intshayelelo

Kutshanje ingqalelo yam iye yatsalelwa kupapasho "Ukuqalisa ngoHlahlelo lweStatic Ngaphandle kokugqithisa iqela". Kwelinye icala, eli linqaku elilungileyo elifanele ukuqhelana nalo. Kwelinye icala, kubonakala kum ukuba ayikanikezi mpendulo epheleleyo malunga nendlela yokuphumeza ngokungenabuhlungu uhlalutyo lwe-static kwiprojekthi eninzi. Inqaku lithi Unokwamkela ityala lobugcisa kwaye usebenze kuphela kwikhowudi entsha, kodwa akukho mpendulo yokuba wenzeni ngeli tyala lobugcisa kamva.

Iqela lethu lePVS-Studio linikezela ngombono walo ngalo mba. Makhe sijonge indlela ingxaki yokuphumeza i-static code analyzer ivela kwindawo yokuqala, indlela yokoyisa le ngxaki, kunye nendlela yokuphelisa ngokuthe ngcembe ityala lobugcisa.

Imiba

Ngokuqhelekileyo akukho nzima ukusungula kwaye ubone indlela umhlalutyi omileyo osebenza ngayo [1]. Unokubona iimpazamo ezinomdla okanye nokuba sesichengeni esoyikisayo kwikhowudi. Ungalungisa into, kodwa ke abaninzi abadwelisi benkqubo banikezela.

Bonke abahlalutyi be-static bavelisa iimpawu zobuxoki. Olu luphawu lwendlela yokuhlalutya ikhowudi emileyo, kwaye akukho nto inokwenziwa ngayo. Kwimeko eqhelekileyo, le yingxaki engenakusonjululwa, njengoko ingqinwa yithiyori kaRice [2]. Ialgorithms yokufunda koomatshini ayizukunceda nokuba [3]. Nokuba umntu akanakuhlala exela ukuba le okanye le khowudi ayilunganga, akufanele ulindele oku kwinkqubo :).

Iipositi zobuxoki aziyongxaki ukuba umhlalutyi omileyo sele eqwalaselwe:

• Iiseti zemigaqo engasebenziyo zikhubaziwe;
• Olunye uxilongo olungenamsebenzi luvaliwe;
• Ukuba sithetha ngeC okanye i-C ++, ke ii-macros ziphawulwe eziqulethe ulwakhiwo oluthile olubangela ukuba izilumkiso ezingenamsebenzi zivele kuyo yonke indawo apho kusetyenziswa khona i-macros;
• Imisebenzi eyeyayo iphawulwe eyenza iintshukumo ezifanayo nemisebenzi yenkqubo (i-analogue yayo memcpy okanye ukuprinta) [4];
• Iimpawu zobuxoki zikhubaziwe ngokukodwa kusetyenziswa izimvo;
• Kwaye njalo.

Kule meko, sinokulindela izinga eliphantsi lobuxoki elilungileyo malunga ne-10-15% [5]. Ngamanye amazwi, izilumkiso ze-9 kwi-10 zokuhlaziya ziya kubonisa ingxaki yokwenyani kwikhowudi, okanye ubuncinane "ikhowudi enevumba elinamandla." Vuma, le meko imnandi kakhulu, kwaye umhlalutyi ngumhlobo wokwenyani womdwelisi wenkqubo.

Enyanisweni, kwiprojekthi enkulu, umfanekiso wokuqala uya kwahluka ngokupheleleyo. Umhlalutyi ukhupha amakhulu okanye amawaka ezilumkiso zekhowudi yelifa. Akunakwenzeka ukuqonda ngokukhawuleza ukuba yeyiphi kwezi zilumkiso ezifanelekileyo kwaye ziziphi ezingekhoyo. Akukho ngqiqweni ukuhlala phantsi kwaye uqale ukujongana nazo zonke ezi zilumkiso, ekubeni umsebenzi oyintloko kule meko uya kumisa iintsuku okanye iiveki. Ngokuqhelekileyo, iqela alikwazi ukufikelela kwimeko enjalo. Kuya kubakho nenani elikhulu leediffs eziyonakalisa imbali yotshintsho. Kwaye ukuhlelwa kobunzima okukhawulezayo kwamaqhekeza amaninzi kwikhowudi kuya kubangela ukuchwetheza okutsha kunye neempazamo.

Kwaye okona kubaluleke kakhulu, i-feat enjalo ekulweni nezilumkiso ayinangqiqo. Vumelana ukuba ekubeni iprojekthi iqhuba ngempumelelo iminyaka emininzi, uninzi lweempazamo ezibalulekileyo kuyo sele zilungisiwe. Ewe, olu lungiso lwalubiza kakhulu, kwafuneka lulungiswe, lufumane ingxelo engalunganga yomsebenzisi malunga neempazamo, njalo njalo. Umhlalutyi omileyo uya kunceda ukulungisa ezininzi zezi mpazamo kwinqanaba lekhowudi, ngokukhawuleza nangexabiso eliphantsi. Kodwa okwangoku, enye indlela okanye enye, ezi mpazamo zilungisiwe, kwaye umhlalutyi ufumanisa ngokukodwa iimpazamo ezingabalulekanga kwikhowudi endala. Le khowudi ayinakusetyenziswa, ingasetyenziswa ngokunqabileyo kakhulu, kwaye impazamo kuyo ayinakukhokelela kwiziphumo ezibonakalayo. Mhlawumbi kwindawo ethile isithunzi esivela kwiqhosha ngumbala ongalunganga, kodwa oku akuphazamisi ukusetyenziswa komntu kwemveliso.

Kakade ke, kwaneempazamo ezincinane ziseziimpazamo. Kwaye ngamanye amaxesha impazamo inokufihla ubuthathaka bokwenyani. Nangona kunjalo, ukuyeka yonke into kunye nokuchitha iintsuku / iiveki ezijongene neziphene ezingabonakali kakuhle kubonakala ngathi ngumbono othandabuzekayo.

Abaprogram bajonga, bajonge, bajonge zonke ezi zilumkiso malunga nekhowudi endala yokusebenza ... Kwaye bacinga: sinokwenza ngaphandle kohlalutyo lwe-static. Masiyobhala umsebenzi omtsha oluncedo.

Ngendlela yabo, banyanisile. Bacinga ukuba kuqala kufuneka balahle zonke ezi zilumkiso. Kuphela ke baya kuba nako ukuxhamla ekusebenziseni rhoqo i-code analyzer. Kungenjalo, izilumkiso ezitsha ziya kuphelela nje kwezo zindala, yaye akukho mntu uya kuzihoya.

Lo ngumzekeliso ofanayo kunye nezilumkiso zomqokeleli. Akunjalo ngaphandle kwesizathu sokuba bacebise ukugcina inani lezilumkiso zomqokeleli kwi-0. Ukuba kukho izilumkiso ze-1000, ngoko xa kukho i-1001, akukho mntu uya kuyiqwalasela, kwaye akucaci ukuba ukhangele phi esi silumkiso esitsha.

Eyona nto imbi kweli bali kukuba umntu ovela phezulu ngeli xesha uyakunyanzela ukuba usebenzise uhlalutyo lwekhowudi emileyo. Oku kuya kuthoba iqela kuphela, kuba ngokwembono yabo kuya kubakho ubunzima obongezelelweyo be-bureaucratic okungena kuphela endleleni. Akukho mntu uya kujonga iingxelo ze-analyzer, kwaye konke ukusetyenziswa kuya kuba "ephepheni". Ezo. Ngokusemthethweni, uhlalutyo lwakhiwe kwinkqubo ye-DevOps, kodwa ekusebenzeni oku akuzuzi nabani na. Sive amabali aneenkcukacha kwiidokodo ezivela kwabazimase inkomfa. Amava anjalo anokudimaza abadwelisi beprogram ekusebenziseni izixhobo zokuhlalutya i-static ixesha elide, ukuba kungekhona ngonaphakade.

Ukuphumeza kunye nokuphelisa ityala lobugcisa

Enyanisweni, akukho nto inzima okanye eyoyikisayo malunga nokwazisa uhlalutyo lwe-static nakwiprojekthi enkulu endala.

CI / CD

Ngaphezu koko, i-analyzer inokwenziwa ngokukhawuleza ukuba ibe yinxalenye yenkqubo yophuhliso eqhubekayo. Umzekelo, ukuhanjiswa kwe-PVS-Studio kuqulethe izinto eziluncedo zokujonga ingxelo ngokulula kwifomathi oyifunayo, kunye nezaziso kubaphuhlisi ababhale amacandelo anengxaki yekhowudi. Kwabo banomdla wokusungula i-PVS-Studio kwiinkqubo ze-CI/CD, ndincoma ukuba uziqhelanise nenkqubo ehambelanayo. icandelo amaxwebhu kunye nothotho lwamanqaku:

• I-PVS-Studio iya emafini: Azure Devops
• I-PVS-Studio iya emafini: Travis CI
• I-PVS-Studio iya emafini: GitLab CI/CD
• I-PVS-Studio iya emafini: CircleCI

Kodwa makhe sibuyele kumbandela wenani elikhulu lezinto zobuxoki kwiinqanaba zokuqala zokuphumeza izixhobo zokuhlalutya ikhowudi.

Ukulungisa amatyala obugcisa akhoyo kunye nokujongana nezilumkiso ezitsha

Abahlalutyi bangoku bezorhwebo bakuvumela ukuba ufunde kuphela izilumkiso ezitsha ezivela kwikhowudi entsha okanye etshintshileyo. Ukuphunyezwa kwesi sixhobo kuyahluka, kodwa i-essence iyafana. Kwi-PVS-Studio analyzer static, lo msebenzi uphunyezwa ngolu hlobo lulandelayo.

Ukuqala ngokukhawuleza ukusebenzisa uhlalutyo lwe-static, sicebisa abasebenzisi be-PVS-Studio ukuba basebenzise indlela yokunciphisa izilumkiso [6]. Ingcamango jikelele yile ilandelayo. Umsebenzisi uqalise i-analyzer kwaye wafumana izilumkiso ezininzi. Ekubeni iprojekthi esele iphuhliswa iminyaka emininzi iphila, iphuhlisa kwaye yenza imali, ngoko kunokwenzeka ukuba akuyi kubakho izilumkiso ezininzi kwingxelo ebonisa iziphene ezibalulekileyo. Ngamanye amazwi, iibugs ezibalulekileyo sele zilungisiwe ngendlela enye okanye enye usebenzisa iindlela ezibiza kakhulu okanye ngenxa yempendulo evela kubathengi. Ngokufanelekileyo, yonke into efunyanwa ngumhlalutyi ngoku inokuqwalaselwa njengetyala lobugcisa, elingenakwenzeka ukuzama ukuphelisa kwangoko.

Ungayixelela i-PVS-Studio ukuba izithathele ingqalelo ezi zilumkiso zingenamsebenzi okwangoku (gcina ityala lobugcisa ukwenzela kamva), kwaye ayisayi kuphinda izibonise. I-analyzer yenza ifayile ekhethekileyo apho igcina ulwazi malunga neephene ezingekabikho umdla. Kwaye ngoku i-PVS-Studio iya kukhupha izilumkiso kuphela kwikhowudi entsha okanye etshintshileyo. Ngaphezu koko, konke oku kuphunyezwa ngobuchule. Ukuba, umzekelo, umgca ongenanto wongezwa ekuqaleni kwefayile yekhowudi yomthombo, ngoko umhlalutyi uyaqonda ukuba, ngokwenene, akukho nto ishintshile, kwaye iya kuqhubeka ithule. Le fayile yophawulo inokufakwa kwinkqubo yolawulo loguqulelo. Ifayile inkulu, kodwa oku akuyongxaki, kuba akukho sizathu sokuyigcina rhoqo.

Ngoku bonke abadwelisi benkqubo baya kubona izilumkiso ezinxulumene kuphela nekhowudi entsha okanye etshintshileyo. Ngaloo ndlela, ungaqala ukusebenzisa i-analyzer, njengoko bethetha, ukususela ngosuku olulandelayo. Kwaye unokubuyela kwityala lobugcisa kamva, kwaye ngokuthe ngcembe ulungise iimpazamo kwaye ulungiselele i-analyzer.

Ngoko ke, ingxaki yokuqala yokuphunyezwa kwe-analyzer kwiprojekthi enkulu endala ixazululiwe. Ngoku makhe sijonge into emasiyenze ngetyala lobugcisa.

Ukulungiswa kwebug kunye nohlengahlengiso

Eyona nto ilula neyendalo kukubekela bucala ixesha lokuhlalutya izilumkiso ze-analyser ezicinezelekileyo kwaye ngokuthe ngcembe ujongane nazo. Endaweni ethile kufuneka ulungise iimpazamo kwikhowudi, kwindawo ethile kufuneka uphinde uxelele umhlalutyi ukuba ikhowudi ayinayo ingxaki. Umzekelo olula:

if (a = b)

Uninzi lwabahlanganisi kunye nabahlalutyi be-C ++ bakhalaza malunga nekhowudi enjalo, kuba kukho amathuba aphezulu okuba bebefuna ukubhala. (a == b). Kodwa kukho isivumelwano esingabonakaliyo, kwaye oku ngokuqhelekileyo kuphawulwe kumaxwebhu, ukuba kukho i-parentheses ezongezelelweyo, ngoko kuthathwa ukuba umdwelisi weprogram wabhala ngamabomu ikhowudi enjalo, kwaye akukho mfuneko yokufunga. Ngokomzekelo, kwi-PVS-Studio amaxwebhu okuxilongwa I-V559 (CWE-481) kubhalwe ngokucacileyo ukuba lo mgca ulandelayo uya kuthathwa njengochanekileyo kwaye ukhuselekile:

if ((a = b))

Omnye umzekelo. Ngaba ilityalwe kule khowudi ye-C++? aphule okanye hayi?

case A:
  foo();
case B:
  bar();
  break;

Umhlalutyi we-PVS-Studio uya kukhupha isilumkiso apha I-V796 (CWE-484). Oku kusenokungabi yimpazamo, kwimeko apho kufuneka unike isicazululi ingcebiso ngokongeza uphawu loyelelwano [[ukwehla]] okanye umzekelo __attribute__((fallthrough)):

case A:
  foo();
  [[fallthrough]];
case B:
  bar();
  break;

Kunokuthiwa ukuba utshintsho lwekhowudi olunjalo alulungisi i-bug. Ewe, oku kuyinyaniso, kodwa yenza izinto ezimbini eziluncedo. Okokuqala, ingxelo yomhlalutyi isusa izinto zobuxoki. Okwesibini, ikhowudi iyaqondakala ngakumbi kubantu ababandakanyekayo ekugcinweni kwayo. Kwaye oku kubaluleke kakhulu! Kule nto yodwa, kuyafaneleka ukwenza uhlengahlengiso oluncinci ukwenza ikhowudi icace kwaye kulula ukuyigcina. Kuba umhlalutyi akaqondi ukuba "ikhefu" liyafuneka okanye hayi, kuya kucaca nakwabanye abaprogram.

Ukongeza kulungiso lwe-bug kunye nee-refactorings, unokucinezela ngokuthe ngqo izilumkiso zomhlalutyi wobuxoki. Olunye uxilongo olungabalulekanga lunokuvalwa. Umzekelo, umntu ucinga ukuba izilumkiso azinamsebenzi V550 malunga nokuthelekisa amaxabiso okudada/okuphindwe kabini. Kwaye abanye bazihlela njengezibalulekileyo nezifanele ukufundelwa [7]. Zeziphi izilumkiso ezithathwa njengezifanelekileyo kwaye ezingekhoyo kwiqela lophuhliso ukuba lithathe isigqibo.

Kukho ezinye iindlela zokucinezela izilumkiso zobuxoki. Ngokomzekelo, i-macro markup ikhankanywe ngaphambili. Konke oku kuchazwe ngokubanzi kumaxwebhu. Into ebaluleke kakhulu kukuqonda ukuba ukuba ngokuthe ngcembe kwaye ngokucwangcisiweyo usondela ekusebenzeni kunye neengcamango zobuxoki, akukho nto iphosakeleyo kubo. Uninzi lwezilumkiso ezingathandekiyo ziyanyamalala emva kokucwangciswa, kwaye iindawo kuphela ezifuna ngokwenene ukufundisisa ngononophelo kunye nolunye utshintsho kwikhowudi.

Kwakhona, sihlala sincedisa abathengi bethu ukuseta i-PVS-Studio ukuba kukho nabuphi na ubunzima obuvelayo. Ngaphezu koko, kwakukho iimeko xa thina ngokwethu sazisusa izilumkiso zobuxoki size silungise iimpazamo [8]. Nje ukuba kunokwenzeka, ndagqiba ekubeni ndikhankanye ukuba olu khetho lwentsebenziswano eyandisiweyo lunokwenzeka :).

Indlela yeRatchet

Kukho enye indlela enomdla yokuphucula ngokuthe ngcembe umgangatho wekhowudi ngokususa isilumkiso se-static analyzer. Eyona nto iphambili kukuba inani lezilumkiso lingancipha kuphela.

Inani lezilumkiso ezikhutshwe yi-static analyzer irekhodwa. Isango lomgangatho liqwalaselwe ngendlela yokuba ngoku ungafaka kuphela ikhowudi enganyusi inani lemisebenzi. Ngenxa yoko, inkqubo yokunciphisa ngokuthe ngcembe inani le-alamu iqala ngokulungelelanisa i-analyzer kunye nokulungisa iimpazamo.

Nangona umntu efuna ukukopela encinci kwaye anqume ukudlula isango lomgangatho kungekhona ngokususa izilumkiso kwikhowudi yakhe entsha, kodwa ngokuphucula ikhowudi endala yenkampani yesithathu, oku akwesabi. Konke okufanayo, i-ratchet ijikeleza kwicala elinye, kwaye ngokuthe ngcembe inani leziphene liya kuncipha. Nokuba umntu akafuni ukulungisa ezakhe iziphene, kusafuneka aphucule into ethile kwikhowudi engummelwane. Ngexesha elithile, iindlela ezilula zokunciphisa inani lezilumkiso ziphela, kwaye kufika indawo apho iibhugi zangempela ziya kulungiswa.

Le ndlela yokusebenza ichazwe ngokubanzi kwinqaku elinomdla kakhulu lika-Ivan Ponomarev "Sebenzisa uhlalutyo olungatshintshiyo kwinkqubo, kunokuba uyisebenzise ukufumana iibhugi", endicebisa ukuba ndiyifunde kuye nabani na onomdla ekuphuculeni umgangatho wekhowudi.

Umbhali wenqaku naye unengxelo malunga nesi sihloko: "Uhlalutyo oluqhubekayo lwe-static".

isiphelo

Ndiyathemba ukuba emva kweli nqaku, abafundi baya kwamkela ngakumbi izixhobo zokuhlalutya i-static kwaye baya kufuna ukuzisebenzisa kwinkqubo yophuhliso. Ukuba unayo nayiphi na imibuzo, sihlala silungile cebisa abasebenzisi bethu be-static analyzer PVS-Studio kunye nokunceda ngokuphunyezwa kwayo.

Kukho amanye amathandabuzo aqhelekileyo malunga nokuba uhlalutyo olungatshintshiyo lunokuba lula kwaye lube luncedo. Ndazama ukukhupha uninzi lwala mathandabuzo kupapasho "Izizathu zokwazisa i-PVS-Studio i-static analyzer yekhowudi kwinkqubo yophuhliso" [9].

Enkosi ngengqalelo yakho uze скачать kwaye uzame i-PVS-Studio analyzer.

Iikhonkco ezongezelelweyo

1. UAndrey Karpov. Ndingazibona njani ngokukhawuleza izilumkiso ezinomdla eziveliswa ngumhlalutyi we-PVS-Studio kwi-C kunye ne-C ++ ikhowudi?
2. Wikipedia. Ithiyori yeRice.
3. UAndrey Karpov, uVictoria Khanieva. Ukusebenzisa umatshini wokufunda kuhlalutyo olungatshintshiyo lwekhowudi yomthombo weprogram.
4. I-PVS-Studio. Amaxwebhu. Izicwangciso ezongezelelweyo zokuxilonga.
5. UAndrey Karpov. Iimpawu ze-PVS-Studio analyzer usebenzisa umzekelo we-EFL Core Libraries, i-10-15% yobuxoki.
6. I-PVS-Studio. Amaxwebhu. Ukucinezelwa kwemiyalezo ye-analyzer.
7. Ivan Andryashin. Malunga nendlela esiluvavanye ngayo uhlalutyo olungagungqiyo kwiprojekthi yethu yesilingisi semfundo sotyando lwe-X-ray endovascular.
8. Pavel Eremeev, Svyatoslav Razmyslov. Indlela iqela le-PVS-Studio liphucule ngayo ikhowudi ye-Injini ye-Unreal.
9. UAndrey Karpov. Izizathu zokwazisa i-static code analyzer PVS-Studio kwinkqubo yophuhliso.

Ukuba ufuna ukwabelana ngeli nqaku kunye nabaphulaphuli abathetha isiNgesi, nceda usebenzise ikhonkco lokuguqulela: Andrey Karpov. Indlela yokwazisa i-static code analyzer kwiprojekthi yelifa kwaye ungadikibali iqela.

umthombo: www.habr.com