Isetshenziswa kanjani isihlaziyi sekhodi esimile kuphrojekthi yefa ngaphandle kokudicilela phansi iqembu

Kulula ukuzama isihlaziyi sekhodi esimile. Kodwa ukukusebenzisa, ikakhulukazi ekuthuthukisweni kwephrojekthi enkulu endala, kudinga ikhono. Uma kwenziwe ngokungalungile, umhlaziyi angakwazi ukwengeza umsebenzi, anciphise intuthuko, futhi adicilele phansi iqembu. Ake sikhulume kafushane mayelana nendlela yokubhekana kahle nokuhlanganiswa kokuhlaziywa okumile enqubweni yokuthuthukiswa futhi siqale ukuyisebenzisa njengengxenye ye-CI/CD.

Isingeniso

Muva nje ukunaka kwami ​​​​kudonswe ekushicilelweni "Ukuqala Ngokuhlaziya Okumile Ngaphandle Kokweqa Ithimba". Ngakolunye uhlangothi, lesi sihloko esihle okufanele sijwayelane naso. Ngakolunye uhlangothi, kubonakala kimi ukuthi ayikanikezi impendulo ephelele yokuthi ungayisebenzisa kanjani ngokungenabuhlungu ukuhlaziya okumile kuphrojekthi enokuningi. yekhodi yefa.Isihloko sithi Ungamukela isikweletu sobuchwepheshe futhi usebenze ngekhodi entsha kuphela, kodwa ayikho impendulo yokuthi yini okufanele uyenze ngalesi sikweletu sobuchwepheshe ngokuhamba kwesikhathi.

Ithimba lethu le-PVS-Studio linikeza umbono walo ngalesi sihloko. Ake sibheke ukuthi inkinga yokusebenzisa i-static code analyzer iqala kanjani, indlela yokunqoba le nkinga, nokuthi ungayiqeda kanjani kancane kancane isikweletu sobuchwepheshe.

Izinkinga

Ngokuvamile akunzima ukwethula nokubona ukuthi isihlaziyi esimile sisebenza kanjani [1]. Ungase ubone amaphutha athakazelisayo noma ngisho nokuba sengozini okungaba khona okwesabisayo kukhodi. Ungakwazi ngisho nokulungisa okuthile, kodwa-ke abahleli abaningi bayayeka.

Bonke abahlaziyi be-static bakhiqiza ama-positives angamanga. Lesi isici sendlela yokuhlaziya ikhodi emile, futhi akukho okungenziwa ngakho. Ngokuvamile, lokhu kuyinkinga engaxazululeki, njengoba kuqinisekiswa inkolelo-mbono kaRice [2]. Ama-algorithms wokufunda ngomshini nawo ngeke asize [3]. Ngisho noma umuntu engakwazi ukusho njalo ukuthi lokhu noma leyo khodi ayilungile, akufanele ulindele lokhu kuhlelo :).

Okuhle okungamanga akuyona inkinga uma isihlaziyi esimile sesivele silungisiwe:

• Kukhutshazwe amasethi wemithetho engabalulekile;
• Okunye ukuxilonga okungabalulekile kukhutshaziwe;
• Uma sikhuluma nge-C noma i-C ++, khona-ke ama-macros amakwe aqukethe izinto ezithile zokwakha ezibangela ukuthi izixwayiso ezingenamsebenzi zivele kuzo zonke izindawo lapho kusetshenziswa khona ama-macros;
• Imisebenzi eyakho imakwe eyenza izenzo ezifanayo nemisebenzi yesistimu (i-analogue yayo memcpy noma printf) [4];
• Okuhle okungamanga kukhutshaziwe kusetshenziswa ukuphawula;
• Futhi njalo.

Kulokhu, singalindela izinga eliphansi elingelona iqiniso elingaba ngu-10-15% [5]. Ngamanye amazwi, izexwayiso ezingu-9 kwezingu-10 zokuhlaziya zizobonisa inkinga yangempela kukhodi, noma okungenani "ikhodi enephunga elinamandla." Vumelana, lesi simo simnandi kakhulu, futhi umhlaziyi ungumngane wangempela womhleli.

Eqinisweni, kuphrojekthi enkulu, isithombe sokuqala sizohluka ngokuphelele. Umhlaziyi ukhipha amakhulu noma izinkulungwane zezixwayiso zekhodi yefa. Akunakwenzeka ukuqonda ngokushesha ukuthi yiziphi zalezi zixwayiso ezifanele nokuthi yiziphi ezingekho. Akunangqondo ukuhlala phansi futhi uqale ukubhekana nazo zonke lezi zixwayiso, ngoba umsebenzi oyinhloko kuleli cala uzoyeka izinsuku noma amasonto. Ngokuvamile, iqembu alikwazi ukukhokhela isimo esinjalo. Kuzophinde kube nenani elikhulu lama-diffs alimaza umlando woshintsho. Futhi ukuhlelwa kwenqwaba okusheshayo kwezingcezu eziningi zekhodi nakanjani kuzoholela ekubhaleni okusha namaphutha.

Futhi okubaluleke kakhulu, i-feat enjalo ekulweni nezixwayiso ayinangqondo. Vumelana ukuthi njengoba iphrojekthi isebenze ngempumelelo iminyaka eminingi, amaphutha amaningi abalulekile kuyo aselungisiwe. Yebo, lokhu kulungisa bekubiza kakhulu, kwadingeka kulungiswe, kutholwe impendulo engalungile yomsebenzisi mayelana neziphazamisi, nokunye. I-analyzer emile ingasiza ekulungiseni amaningi alawa maphutha esigabeni sokubhala amakhodi, ngokushesha nangokushibhile. Kodwa okwamanje, ngendlela eyodwa noma enye, lawa maphutha alungisiwe, futhi i-analyzer ibona ngokuyinhloko amaphutha angabalulekile kukhodi endala. Le khodi ingase ingasetshenziswa, ingase isetshenziswe kuyaqabukela, futhi iphutha kuyo ingase ingaholeli emiphumeleni ebonakalayo. Mhlawumbe endaweni ethile isithunzi esivela enkinobho siwumbala ongalungile, kodwa lokhu akuphazamisi ukusetshenziswa kwanoma ubani komkhiqizo.

Yebo, ngisho namaphutha amancane asengamaphutha. Futhi ngezinye izikhathi iphutha lingafihla ukuba sengozini kwangempela. Kodwa-ke, ukuyeka yonke into nokuchitha izinsuku/amasonto ubhekana neziphambeko ezingabonakali kahle kubukeka kuwumbono ongabazisayo.

Abahleli bezinhlelo babheka, babheke, babheke zonke lezi zixwayiso mayelana nekhodi endala yokusebenza ... Futhi bacabanga: singenza ngaphandle kokuhlaziya okumile. Asihambe sibhale okuthile okusha okuwusizo.

Ngendlela yabo, baqinisile. Bacabanga ukuthi okokuqala kufanele basuse zonke lezi zixwayiso ngandlela thize. Kungaleso sikhathi kuphela lapho bezokwazi ukuzuza ngokusetshenziswa njalo kwe-code analyzer. Uma kungenjalo, izixwayiso ezintsha zizomane zicwile kwezindala, futhi akekho oyozinaka.

Lesi isifaniso esifanayo nezixwayiso zabahlanganisi. Akukhona ngaphandle kwesizathu ukuthi batusa ukugcina inombolo yezixwayiso ze-comiler ku-0. Uma kunezixwayiso ze-1000, khona-ke uma kukhona i-1001, akekho ozoyinaka, futhi akucaci ukuthi kufanele usibheke kuphi lesi sixwayiso esisha.

Okubi kakhulu kule ndaba ukuthi uma othile ovela phezulu okwamanje ekuphoqa ukuthi usebenzise ukuhlaziya ikhodi emile. Lokhu kuzokwehlisa kuphela iqembu, ngoba ngokombono wabo kuzoba yinkimbinkimbi eyengeziwe ye-bureaucratic efika endleleni kuphela. Akekho ozobheka imibiko ye-analyzer, futhi konke ukusetshenziswa kuzoba kuphela "ephepheni". Labo. Ngokusemthethweni, ukuhlaziya kwakhelwe kunqubo ye-DevOps, kodwa ekusebenzeni lokhu akuzuzi muntu. Sezwa izindaba ezinemininingwane emadokodweni ezivela kwabahambele ingqungquthela. Isipiliyoni esinjalo singadikibalisa abahleli bohlelo ekusebenziseni amathuluzi okuhlaziya amile isikhathi eside, uma kungenjalo unaphakade.

Ukuqalisa nokuqeda izikweletu zobuchwepheshe

Eqinisweni, akukho lutho olunzima noma olwesabekayo mayelana nokwethula ukuhlaziywa okumile ngisho nakuphrojekthi enkulu endala.

CI/CD

Ngaphezu kwalokho, i-analyzer ingenziwa ngokushesha ingxenye yenqubo yentuthuko eqhubekayo. Isibonelo, ukusabalalisa kwe-PVS-Studio kuqukethe izinsiza zokubuka kalula umbiko ngefomethi oyidingayo, nezaziso eziya konjiniyela ababhale izigaba eziyinkinga zekhodi. Kulabo abanentshisekelo enkulu yokwethula i-PVS-Studio kusuka ezinhlelweni ze-CI/CD, ngincoma ukuthi uzijwayeze ngokuhambisanayo. ingxenye imibhalo kanye nochungechunge lwezihloko:

• I-PVS-Studio iya emafwini: I-Azure Devops
• I-PVS-Studio iya emafini: Travis CI
• I-PVS-Studio iya emafini: GitLab CI/CD
• I-PVS-Studio iya emafini: CircleCI

Kodwa ake sibuyele endabeni yenani elikhulu lezinto ezingamanga ezigabeni zokuqala zokusebenzisa amathuluzi okuhlaziya ikhodi.

Ukulungisa isikweletu sobuchwepheshe esikhona kanye nokubhekana nezixwayiso ezintsha

Abahlaziyi besimanje bezentengiselwano bakuvumela ukuthi ufunde izexwayiso ezintsha kuphela ezivela kukhodi entsha noma eshintshiwe. Ukuqaliswa kwalolu hlelo kuyahlukahluka, kodwa ingqikithi iyafana. Ku-PVS-Studio analyzer static, lokhu kusebenza kwenziwa kanje.

Ukuze uqale ngokushesha ukusebenzisa ukuhlaziya okumile, siphakamisa ukuthi abasebenzisi be-PVS-Studio basebenzise indlela yokucindezela izixwayiso eziningi [6]. Umbono ojwayelekile yilokhu okulandelayo. Umsebenzisi uqalise isihlaziyi futhi wathola izexwayiso eziningi. Njengoba iphrojekthi ebilokhu ithuthukiswa iminyaka eminingi iphila, ithuthukisa futhi yenza imali, ngakho-ke cishe ngeke kube nezixwayiso eziningi embikweni okhombisa amaphutha abucayi. Ngamanye amazwi, iziphazamisi ezibucayi sezivele zilungisiwe ngendlela eyodwa noma enye kusetshenziswa izindlela ezibiza kakhulu noma ngenxa yempendulo evela kumakhasimende. Ngakho-ke, yonke into etholwa umhlaziyi okwamanje ingabhekwa njengesikweletu sobuchwepheshe, okungenakwenzeka ukuzama ukusiqeda ngokushesha.

Ungatshela i-PVS-Studio ukuthi inake lezi zixwayiso njengezingabalulekile okwamanje (yonga isikweletu sobuchwepheshe ukuze uthole kamuva), futhi ngeke isazibonisa. I-analyzer idala ifayela elikhethekile lapho igcina khona ulwazi mayelana namaphutha angakathakazelisi okwamanje. Futhi manje i-PVS-Studio izokhipha izexwayiso zekhodi entsha noma eshintshiwe kuphela. Ngaphezu kwalokho, konke lokhu kwenziwa ngobuhlakani. Uma, isibonelo, umugqa ongenalutho ungeziwe ekuqaleni kwefayela lekhodi yomthombo, khona-ke umhlaziyi uyaqonda ukuthi, empeleni, akukho lutho olushintshile, futhi uzoqhubeka ethule. Leli fayela lemakhaphu lingafakwa ohlelweni lokulawula inguqulo. Ifayela likhulu, kodwa lokhu akuyona inkinga, njengoba kungekho phuzu lokuligcina njalo.

Manje bonke abahleli bazobona izexwayiso ezihlobene kuphela nekhodi entsha noma eshintshiwe. Ngakho-ke, ungaqala ukusebenzisa i-analyzer, njengoba besho, kusukela ngosuku olulandelayo. Futhi ungabuyela esikweletini sobuchwepheshe kamuva, futhi kancane kancane ulungise amaphutha futhi ulungiselele i-analyzer.

Ngakho-ke, inkinga yokuqala ngokuqaliswa kwe-analyzer kuphrojekthi enkulu endala isixazululiwe. Manje ake sithole ukuthi yini okufanele uyenze ngesikweletu sobuchwepheshe.

Ukulungiswa kweziphazamisi kanye nokwenza kabusha

Into elula nengokwemvelo ukubeka eceleni isikhathi esithile sokuhlaziya izexwayiso zokuhlaziya ezicindezelwe kakhulu bese ubhekana nazo kancane kancane. Endaweni ethile kufanele ulungise amaphutha kukhodi, endaweni ethile kufanele wenze kabusha ukuze utshele umhlaziyi ukuthi ikhodi ayinayo inkinga. Isibonelo esilula:

if (a = b)

Iningi labahlanganisi nabahlaziyi be-C++ bakhononda ngekhodi enjalo, njengoba kunethuba elikhulu lokuthi empeleni bebefuna ukubhala. (a == b). Kodwa kunesivumelwano esingashiwongo, futhi lokhu kuvame ukuphawulwa emibhalweni, ukuthi uma kukhona abakaki abengeziwe, khona-ke kucatshangwa ukuthi umklami wabhala ngamabomu ikhodi enjalo, futhi asikho isidingo sokufunga. Isibonelo, kumadokhumenti e-PVS-Studio okuxilongwa I-V559 (CWE-481) kubhalwe ngokucacile ukuthi umugqa olandelayo uzothathwa njengolungile futhi uphephile:

if ((a = b))

Esinye isibonelo. Ingabe ikhohliwe kule khodi ye-C++? ukuphuka noma cha?

case A:
  foo();
case B:
  bar();
  break;

Umhlaziyi we-PVS-Studio uzokhipha isexwayiso lapha I-V796 (CWE-484). Lokhu kungase kungabi iphutha, lapho kufanele unikeze umhlahleli ukusikisela ngokungeza isibaluli [[fallthrough]] noma, isibonelo, __attribute__((fallthrough)):

case A:
  foo();
  [[fallthrough]];
case B:
  bar();
  break;

Kungashiwo ukuthi izinguquko zekhodi ezinjalo azilungisi iphutha. Yebo, lokhu kuyiqiniso, kodwa kwenza izinto ezimbili eziwusizo. Okokuqala, umbiko wokuhlaziya ususa izinto ezingamanga. Okwesibili, ikhodi iqondakala kangcono kubantu abahilelekile ekuyinakekeleni. Futhi lokhu kubaluleke kakhulu! Ngalokhu kukodwa, kufanelekile ukwenza ukulungisa kabusha amakhodi ukwenza ikhodi icace futhi kube lula ukuyigcina. Njengoba umhlaziyi engaqondi ukuthi "ikhefu" liyadingeka noma cha, futhi ngeke kucace kwabanye abahleli bohlelo.

Ngokungeziwe ekulungiseni iziphazamisi kanye nokwenza kabusha, ungakwazi ukucindezela ngokukhethekile izexwayiso zomhlaziyi ezingamanga. Okunye ukuxilonga okungabalulekile kungakhutshazwa. Ngokwesibonelo, othile ucabanga ukuthi izexwayiso azinangqondo V550 mayelana nokuqhathanisa amanani okuntanta/okukabili. Futhi abanye bazihlukanisa njengezibalulekile futhi ezifanele ukufundwa [7]. Iziphi izexwayiso ezithathwa njengezibalulekile futhi iziphi ezingekho kuseqenjini labathuthukisi ukuthi linqume.

Kukhona ezinye izindlela zokucindezela izexwayiso ezingamanga. Isibonelo, i-macro markup ishiwo ngaphambili. Konke lokhu kuchazwe kabanzi kumadokhumenti. Into ebaluleke kakhulu ukuqonda ukuthi uma kancane kancane futhi ngokuhlelekile usondela ekusebenzeni ngemibono engamanga, akukho lutho olungalungile ngabo. Izixwayiso eziningi ezingathakazelisi ziyanyamalala ngemva kokucushwa, futhi izindawo kuphela ezidinga ngempela ukutadisha ngokucophelela nezinye izinguquko kukhodi ezisele.

Futhi, sihlala sisiza amakhasimende ethu ukuthi amise i-PVS-Studio uma kuphakama izinkinga. Ngaphezu kwalokho, kube nezimo lapho thina ngokwethu sisusa khona izixwayiso ezingamanga futhi silungisa amaphutha [8]. Uma kwenzeka, nginqume ukusho ukuthi le nketho yokubambisana okunwetshiwe nayo ingenzeka :).

Indlela ye-Ratchet

Kukhona enye indlela ethokozisayo yokuthuthukisa kancane kancane ikhwalithi yekhodi ngokususa isexwayiso sokuhlaziya esimile. Okubalulekile ukuthi inani lezixwayiso lingancipha kuphela.

Inani lezexwayiso ezikhishwe umhlaziyi omile liyarekhodwa. Isango lekhwalithi lilungiselelwe ngendlela yokuthi manje ungafaka kuphela ikhodi engakhulisi inani lemisebenzi. Ngenxa yalokho, inqubo yokunciphisa kancane kancane inani lama-alamu iqala ngokulungisa i-analyzer nokulungisa amaphutha.

Ngisho noma umuntu efuna ukukopela kancane futhi enquma ukudlula isango lekhwalithi hhayi ngokususa izixwayiso kukhodi yakhe entsha, kodwa ngokuthuthukisa ikhodi endala yenkampani yangaphandle, lokhu akusabi. Noma kunjalo, i-ratchet ijikeleza ohlangothini olulodwa, futhi kancane kancane inani lamaphutha lizokwehla. Ngisho noma umuntu engafuni ukulungisa amaphutha akhe amasha, kusazodingeka athuthukise okuthile kukhodi engumakhelwane. Ngesinye isikhathi, izindlela ezilula zokunciphisa inani lezixwayiso ziyaphela, futhi kufika iphuzu lapho izimbungulu zangempela zizolungiswa.

Le ndlela yokusebenza ichazwa ngokuningiliziwe esihlokweni esithakazelisa kakhulu sika-Ivan Ponomarev ".Faka ukuhlaziya okumile kunqubo, kunokubheka iziphazamisi ngayo", engincoma ukuthi uyifunde kunoma ubani onentshisekelo yokuthuthukisa ikhwalithi yekhodi.

Umbhali wendatshana naye unombiko ngalesi sihloko: "Ukuhlaziya okuqhubekayo okumile".

isiphetho

Ngithemba ukuthi ngemva kwalesi sihloko, abafundi bazokwamukela kakhulu amathuluzi okuhlaziya amile futhi bazofuna ukuwasebenzisa ohlelweni lokuthuthukisa. Uma unemibuzo, sihlala silungile luleka abasebenzisi be-analyzer yethu ye-PVS-Studio futhi basize ngokusetshenziswa kwayo.

Kukhona okunye ukungabaza okujwayelekile mayelana nokuthi ukuhlaziya okumile kungaba lula futhi kube usizo ngempela. Ngizamile ukuqeda iningi lalokhu kungabaza ekushicilelweni "Izizathu zokwethula i-PVS-Studio static analyzer yekhodi kunqubo yokuthuthukiswa" [9].

Ngiyabonga ngokunaka kwakho futhi uze скачать bese uzama i-PVS-Studio analyzer.

Izixhumanisi ezengeziwe

1. U-Andrey Karpov. Ngingabona kanjani ngokushesha izixwayiso ezithakazelisayo ezikhiqizwe i-PVS-Studio analyzer yekhodi ye-C ne-C++?
2. I-Wikipedia. Ithiyori kaRice.
3. U-Andrey Karpov, uVictoria Khanieva. Ukusebenzisa ukufunda komshini ekuhlaziyeni okumile kwekhodi yomthombo wohlelo.
4. I-PVS-Studio. Amadokhumenti. Izilungiselelo ezengeziwe zokuxilonga.
5. U-Andrey Karpov. Izici zomhlaziyi we-PVS-Studio usebenzisa isibonelo se-EFL Core Libraries, 10-15% imibono engamanga.
6. I-PVS-Studio. Amadokhumenti. Ukucindezelwa okukhulu kwemiyalezo yokuhlaziya.
7. U-Ivan Andryashin. Mayelana nokuthi sikuhlole kanjani ukuhlaziya okumile kuphrojekthi yethu yesifanisi sezemfundo se-X-ray endovascular surgery.
8. Pavel Eremeev, Svyatoslav Razmyslov. Ithimba le-PVS-Studio liyithuthukise kanjani ikhodi ye-Unreal Engine.
9. U-Andrey Karpov. Izizathu zokwethula i-static code analyzer PVS-Studio enqubweni yokuthuthukisa.

Uma ufuna ukwabelana ngalesi sihloko nezithameli ezikhuluma isiNgisi, sicela usebenzise isixhumanisi sokuhumusha: Andrey Karpov. Ungethula kanjani i-static code analyzer kuphrojekthi yefa futhi ungalidikibali iqembu.

Source: www.habr.com