Esinye sezimo zamanje zokusebenzisa i-PVS-Studio analyzer ukuhlanganiswa kwayo nezinhlelo ze-CI. Futhi nakuba ukuhlaziya iphrojekthi ye-PVS-Studio kusuka cishe kunoma iyiphi isistimu yokuhlanganisa eqhubekayo ingakhiwa ibe yimiyalelo embalwa nje, siyaqhubeka nokwenza le nqubo ibe lula nakakhulu. I-PVS-Studio manje isinokwesekwa kokuguqula okuphumayo kokuhlaziya kube yifomethi ye-TeamCity - Uhlobo Lokuhlola Lwe-TeamCity. Ake sibone ukuthi kusebenza kanjani.
Ulwazi mayelana nesofthiwe esetshenzisiwe
β umhlaziyi omile wekhodi ye-C, C++, C# ne-Java, eklanyelwe ukwenza lula umsebenzi wokuthola nokulungisa izinhlobo ezahlukene zamaphutha. I-analyzer ingasetshenziswa ku-Windows, Linux kanye ne-macOS. Kulesi sihloko sizosebenzisa ngokugcwele i-analyzer ngokwayo, kodwa futhi nezinye izinsiza ezivela ekusatshalalisweni kwayo.
- iyiseva yokuqapha eqapha ukuqaliswa komhlanganisi. Kufanele iqhutshwe ngokushesha ngaphambi kokuqala ukwakha iphrojekthi yakho. Kumodi yokuhlola, iseva izovimba ukugijima kwabo bonke abahlanganisi abasekelwayo. Kuyaqapheleka ukuthi lolu hlelo lokusebenza lungasetshenziswa kuphela ukuhlaziya amaphrojekthi we-C/C++.
- insiza yokuguqula imibiko yokuhlaziya ibe ngamafomethi ahlukene.
Ulwazi mayelana nephrojekthi esacwaningwayo
Ake sizame lokhu kusebenza esibonelweni esisebenzayo - ake sihlaziye iphrojekthi ye-OpenRCT2.
- ukuqaliswa okuvulekile komdlalo we-RollerCoaster Tycoon 2 (RCT2), ukunweba ngemisebenzi emisha nokulungisa iziphazamisi. Umdlalo uzungeza ekwakheni nasekunakekeleni ipaki lokuzijabulisa eliqukethe okokugibela, izitolo, nezinsiza. Umdlali kufanele azame ukwenza inzuzo futhi agcine isithunzi esihle sepaki kuyilapho egcina izivakashi zijabule. I-OpenRCT2 ikuvumela ukuthi udlale kuzo zombili izimo kanye nebhokisi lesihlabathi. Izimo zidinga ukuthi umdlali aqedele umsebenzi othile ngesikhathi esimisiwe, kuyilapho i-Sandbox ivumela umdlali ukuthi akhe ipaki evumelana nezimo ngaphandle kwemikhawulo noma izimali.
Yenza ngokwezifiso
Ukuze konge isikhathi, cishe ngizokweqa inqubo yokufaka futhi ngiqale kusukela lapho ngineseva ye-TeamCity esebenza kukhompyutha yami. Sidinga ukuya ku-: localhost:{port eshiwo phakathi nenqubo yokufaka} (endabeni yami, localhost:9090) bese sifaka idatha yokugunyazwa. Ngemva kokungena sizobingelelwa ngu:
Chofoza inkinobho ethi Dala Iphrojekthi. Okulandelayo, khetha Mathupha bese ugcwalisa izinkambu.
Ngemva kokucindezela inkinobho Dala, sibingelelwa iwindi elinezilungiselelo.
Masichofoze Dala ukucushwa kokwakha.
Gcwalisa izinkambu bese uchofoza Dala. Sibona iwindi likucela ukuthi ukhethe isistimu yokulawula inguqulo. Njengoba imithombo isivele itholakala endaweni, chofoza Yeqa.
Ekugcineni, sidlulela kuzilungiselelo zephrojekthi.
Ake sengeze izinyathelo zokuhlanganisa, ukwenza lokhu chofoza: Yakha izinyathelo -> Engeza isinyathelo sokwakha.
Lapha sikhetha:
- Uhlobo lomgijimi -> Umugqa womyalo
- Qalisa -> Isikripthi Esingokwezifiso
Njengoba sizokwenza ukuhlaziya ngesikhathi sokuhlanganiswa kwephrojekthi, ukuhlanganisa nokuhlaziya kufanele kube isinyathelo esisodwa, ngakho gcwalisa insimu Isikripthi Ngokwezifiso:
Sizobheka izinyathelo zomuntu ngamunye kamuva. Kubalulekile ukuthi ukulayisha i-analyzer, ukuhlanganisa iphrojekthi, ukuyihlaziya, ukukhipha umbiko nokufometha kuthatha imigqa eyishumi nanye kuphela yekhodi.
Into yokugcina okudingeka siyenze ukusetha okuguquguqukayo kwemvelo, engikuveze ezinye izindlela zokuthuthukisa ukufundeka kwazo. Ukuze senze lokhu, ake siqhubeke: Amapharamitha -> Engeza ipharamitha entsha bese wengeza okuguquguqukayo okuthathu:
Okufanele ukwenze nje ucindezela inkinobho Qalisa ekhoneni eliphezulu kwesokudla. Ngenkathi iphrojekthi ihlanganiswa futhi ihlaziywa, ngizokutshela ngeskripthi.
Isikripthi esiqondile
Okokuqala, sidinga ukulanda ukusatshalaliswa kwe-PVS-Studio kwakamuva. Kulokhu sisebenzisa umphathi wephakheji we-Chocolatey. Kulabo abafuna ukwazi okwengeziwe ngalokhu, kukhona okuhambisanayo :
choco install pvs-studio -yOkulandelayo, ake sethule insiza yokulandela yokwakha iphrojekthi ye-CLMonitor.
%CLmon% monitor β-attachNgemuva kwalokho sizokwakha iphrojekthi njengokuguquguquka kwemvelo MSB iyindlela eya enguqulweni ye-MSBuild engidinga ukuyakha
%MSB% %ProjPath% /t:clean
%MSB% %ProjPath% /t:rebuild /p:configuration=release
%MSB% %ProjPath% /t:g2
%MSB% %ProjPath% /t:PublishPortableMasifake ukhiye wokungena nelayisense we-PVS-Studio:
%PVS-Studio_cmd% credentials --username %PVS_Name% --serialNumber %PVS_Key%Ngemuva kokuthi ukwakhiwa sekuqediwe, sebenzisa i-CLMonitor futhi ukuze ukhiqize amafayela asecutshungulwe ngaphambili nokuhlaziya okumile:
%CLmon% analyze -l "c:ptest.plog"Bese sizosebenzisa enye insiza ekusabalaliseni kwethu. I-PlogConverter iguqula umbiko usuke kufomethi evamile ukuya kufomethi eqondene ne-TeamCity. Ngenxa yalokhu, sizokwazi ukukubuka ngqo efasiteleni lokwakha.
%PlogConverter% "c:ptest.plog" --renderTypes=TeamCity -o "C:temp"Isinyathelo sokugcina siwukubonisa umbiko ofomethiwe stdout, lapho izothathwa khona umhlaziyi weTeamCity.
type "C:tempptest.plog_TeamCity.txt"Ikhodi egcwele yombhalo:
choco install pvs-studio -y
%CLmon% monitor --attach
set platform=x64
%MSB% %ProjPath% /t:clean
%MSB% %ProjPath% /t:rebuild /p:configuration=release
%MSB% %ProjPath% /t:g2
%MSB% %ProjPath% /t:PublishPortable
%PVS-Studio_cmd% credentials --username %PVS_Name% --serialNumber %PVS_Key%
%CLmon% analyze -l "c:ptest.plog"
%PlogConverter% "c:ptest.plog" --renderTypes=TeamCity -o "C:temp"
type "C:tempptest.plog_TeamCity.txt"Okwamanje, umhlangano nokuhlaziywa kwephrojekthi sekuqediwe ngempumelelo, singaya kuthebhu Projects futhi ΡΠ±Π΅Π΄ΠΈΡΡΡΡ Π² ΡΡΠΎΠΌ.
Manje ake sichofoze Ukuhlolwa Okupheleleukuya ekubukeni umbiko womhlaziyi:
Izexwayiso ziqoqwe ngezinombolo zemithetho yokuxilonga. Ukuze uzulazule kukhodi, udinga ukuchofoza inombolo yomugqa enesexwayiso. Ukuchofoza uphawu lombuzo ekhoneni eliphezulu kwesokudla kuzokuvulela ithebhu entsha enamadokhumenti. Ungakwazi futhi ukuzulazula kukhodi ngokuchofoza inombolo yomugqa enesexwayiso sokuhlaziya. Ukuzulazula kusuka kukhompuyutha eyihlane kuyenzeka uma usebenzisa I-SourceTreeRoot umaka. Noma ubani onentshisekelo kule ndlela yokusebenza ye-analyzer angakwazi ukuzijwayeza nesigaba esihambisanayo .
Ukubuka imiphumela yokuhlaziya
Manje njengoba sesiqedile ukuthumela nokumisa ukwakha, ake sibheke izexwayiso ezithakazelisayo ezitholakala kuphrojekthi esiyibhekile.
Isexwayiso N1
[CWE-401] Okuhlukile kuphonswe ngaphandle kokukhulula isikhombi 'somphumela'. Ukuvuza kwenkumbulo kungenzeka. libopenrct2 ObjectFactory.cpp 443
Object* CreateObjectFromJson(....)
{
Object* result = nullptr;
....
result = CreateObject(entry);
....
if (readContext.WasError())
{
throw std::runtime_error("Object has errors");
}
....
}
Object* CreateObject(const rct_object_entry& entry)
{
Object* result;
switch (entry.GetType())
{
case OBJECT_TYPE_RIDE:
result = new RideObject(entry);
break;
case OBJECT_TYPE_SMALL_SCENERY:
result = new SmallSceneryObject(entry);
break;
case OBJECT_TYPE_LARGE_SCENERY:
result = new LargeSceneryObject(entry);
break;
....
default:
throw std::runtime_error("Invalid object type");
}
return result;
}I-analyzer ibone iphutha ngemuva kokwaba inkumbulo ngokuguquguqukayo YakhaObject, uma okuhlukile kwenzeka, inkumbulo ayisulwa, bese kuba nokuvuza kwenkumbulo.
Isexwayiso N2
Kukhona izisho ezincane ezifanayo '(1ULL << WIDX_MONTH_BOX)' kwesokunxele nakwesokudla se-'|' opharetha. libopenrct2ui Cheats.cpp 487
static uint64_t window_cheats_page_enabled_widgets[] =
{
MAIN_CHEAT_ENABLED_WIDGETS |
(1ULL << WIDX_NO_MONEY) |
(1ULL << WIDX_ADD_SET_MONEY_GROUP) |
(1ULL << WIDX_MONEY_SPINNER) |
(1ULL << WIDX_MONEY_SPINNER_INCREMENT) |
(1ULL << WIDX_MONEY_SPINNER_DECREMENT) |
(1ULL << WIDX_ADD_MONEY) |
(1ULL << WIDX_SET_MONEY) |
(1ULL << WIDX_CLEAR_LOAN) |
(1ULL << WIDX_DATE_SET) |
(1ULL << WIDX_MONTH_BOX) | // <=
(1ULL << WIDX_MONTH_UP) |
(1ULL << WIDX_MONTH_DOWN) |
(1ULL << WIDX_YEAR_BOX) |
(1ULL << WIDX_YEAR_UP) |
(1ULL << WIDX_YEAR_DOWN) |
(1ULL << WIDX_DAY_BOX) |
(1ULL << WIDX_DAY_UP) |
(1ULL << WIDX_DAY_DOWN) |
(1ULL << WIDX_MONTH_BOX) | // <=
(1ULL << WIDX_DATE_GROUP) |
(1ULL << WIDX_DATE_RESET),
....
};Bambalwa abantu ngaphandle komhlaziyi omile abangaphumelela lolu hlolo lokunaka. Lesi sibonelo sokukopisha-namathisela sihle ngenxa yalesi sizathu.
Izexwayiso N3
Kuyaxaka ukuthi inkambu ethi 'amafulegi' esigabeni sokutholwa 'RCT12BannerElement' ibhala phezu kwenkambu yekilasi lesisekelo 'RCT12TileElementBase'. Hlola imigqa: RCT12.h:570, RCT12.h:259. libopenrct2 RCT12.h 570
struct RCT12SpriteBase
{
....
uint8_t flags;
....
};
struct rct1_peep : RCT12SpriteBase
{
....
uint8_t flags;
....
};Kunjalo, ukusebenzisa okuguquguqukayo okunegama elifanayo ekilasini lesisekelo nakunzalo akulona iphutha njalo. Kodwa-ke, ubuchwepheshe befa uqobo buthatha ukuthi zonke izinkambu zekilasi labazali zikhona ekilasini lengane. Ngokumemezela amasimu anegama elifanayo kundlalifa, sidala ukudideka.
Isexwayiso N4
Kuyaxaka ukuthi umphumela wesitatimende esithi 'imageDirection / 8' uyingxenye yesimo. Mhlawumbe, lesi sitatimende bekufanele siqhathaniswe nenye into. libopenrct2 ObservationTower.cpp 38
void vehicle_visual_observation_tower(...., int32_t imageDirection, ....)
{
if ((imageDirection / 8) && (imageDirection / 8) != 3)
{
....
}
....
}Ake sibhekisise. Inkulumo isithombeIndlela/8 kuzoba amanga uma imageDirection iphakathi kuka -7 kuya ku-7. Ingxenye yesibili: (ImageDirection / 8) != 3 amasheke imageDirection ngokuba ngaphandle kwebanga: ukusuka ku -31 kuye ku -24 futhi ukusuka ku-24 kuye ku-31, ngokulandelana. Kubonakala kuxakile kimina ukuhlola izinombolo ukuze zifakwe ebangeni elithile ngale ndlela futhi, ngisho noma lingekho iphutha kule ngxenye yekhodi, ngingancoma ukuthi ngibhale kabusha le mibandela ukuze icace kakhudlwana. Lokhu kuzokwenza impilo ibe lula kakhulu kubantu abazofunda futhi bagcine le khodi.
Isexwayiso N5
Ukulandelana okuyinqaba kwezabelo zalolu hlobo: A = B; B = A;. Hlola imigqa: 1115, 1118. libopenrct2ui MouseInput.cpp 1118
void process_mouse_over(....)
{
....
switch (window->widgets[widgetId].type)
{
case WWT_VIEWPORT:
ebx = 0;
edi = cursorId; // <=
// Window event WE_UNKNOWN_0E was called here,
// but no windows actually implemented a handler and
// it's not known what it was for
cursorId = edi; // <=
if ((ebx & 0xFF) != 0)
{
set_cursor(cursorId);
return;
}
break;
....
}
....
}Lesi siqeshana sekhodi cishe sitholwe ngokuhlukaniswa. Bese, ukwahlulela ngamazwana asele, ingxenye yekhodi engasebenzi yasuswa. Kodwa-ke, kusenemisebenzi embalwa esele i-cursorId, nakho okungenzi mqondo omkhulu.
Isexwayiso N6
[CWE-476] Isikhombi 'somdlali' sisetshenziswe ngokungaphephile ngemuva kokuthi siqinisekiswe ngokumelene ne-nullptr. Hlola imigqa: 2085, 2094. libopenrct2 Network.cpp 2094
void Network::ProcessPlayerList()
{
....
auto* player = GetPlayerByID(pendingPlayer.Id);
if (player == nullptr)
{
// Add new player.
player = AddPlayer("", "");
if (player) // <=
{
*player = pendingPlayer;
if (player->Flags & NETWORK_PLAYER_FLAG_ISSERVER)
{
_serverConnection->Player = player;
}
}
newPlayers.push_back(player->Id); // <=
}
....
}Le khodi kulula ukuyilungisa; udinga nje ukuyihlola okwesithathu isidlali kusikhombisi esingenalutho, noma singeze emzimbeni wesitatimende esinemibandela. Ngingaphakamisa inketho yesibili:
void Network::ProcessPlayerList()
{
....
auto* player = GetPlayerByID(pendingPlayer.Id);
if (player == nullptr)
{
// Add new player.
player = AddPlayer("", "");
if (player)
{
*player = pendingPlayer;
if (player->Flags & NETWORK_PLAYER_FLAG_ISSERVER)
{
_serverConnection->Player = player;
}
newPlayers.push_back(player->Id);
}
}
....
}Isexwayiso N7
[CWE-570] Inkulumo ethi 'igama == nullptr' ingamanga njalo. libopenrct2 ServerList.cpp 102
std::optional<ServerListEntry> ServerListEntry::FromJson(...)
{
auto name = json_object_get(server, "name");
.....
if (name == nullptr || version == nullptr)
{
....
}
else
{
....
entry.name = (name == nullptr ? "" : json_string_value(name));
....
}
....
}Ungasusa umugqa wekhodi ofundeka kanzima ngesikhathi esisodwa futhi uxazulule inkinga ngokubheka nullptr. Ngiphakamisa ukuthi uguqule ikhodi ngale ndlela elandelayo:
std::optional<ServerListEntry> ServerListEntry::FromJson(...)
{
auto name = json_object_get(server, "name");
.....
if (name == nullptr || version == nullptr)
{
name = ""
....
}
else
{
....
entry.name = json_string_value(name);
....
}
....
}Isexwayiso N8
[CWE-1164] Okuguquguqukayo kwe-'ColumnHeaderPressedCurrentState' kwabelwa inani elifanayo. libopenrct2ui CustomListView.cpp 510
void CustomListView::MouseUp(....)
{
....
if (!ColumnHeaderPressedCurrentState)
{
ColumnHeaderPressed = std::nullopt;
ColumnHeaderPressedCurrentState = false;
Invalidate();
}
}Ikhodi ibonakala iyinqaba ngempela. Kimina kubonakala sengathi kube khona iphutha lokuthayipha kusimo noma lapho kwabiwa kabusha okuguquguqukayo IkholomuHeaderPressedCurrentState izincazelo bamanga.
isiphetho
Njengoba singabona, ukuhlanganisa i-PVS-Studio analyzer kuphrojekthi yakho ye-TeamCity kulula kakhulu. Ukwenza lokhu, kwanele ukubhala ifayela elilodwa nje elincane lokucushwa. Ukuhlola ikhodi kuzokuvumela ukuthi ubone izinkinga ngokushesha ngemva komhlangano, okuzosiza ukuziqeda lapho ubunzima nezindleko zezinguquko zisephansi.
Uma ufuna ukwabelana ngalesi sihloko nezithameli ezikhuluma isiNgisi, sicela usebenzise isixhumanisi sokuhumusha: Vladislav Stolyarov. .
Source: www.habr.com