SCA: Add Eclair support #68324
SCA: Add Eclair support #68324
Conversation
zephyrbot
requested review from
57300,
carlescufi,
jeremybettis,
kartben,
nashif,
nordicjm and
tejlmand
simhein
force-pushed
the
eclair_env_integration
branch
2 times, most recently
from
77079e8 to
6b67643
Compare
There was a problem hiding this comment.
Thanks for this.
The ecl configuration files have not been reviewed as i'm not familiar with the tool itself, not its configuration file / its settings.
Thus only the integration to the build system has been reviewed.
From what I can understand here: https://www.bugseng.com/filebrowser/download/379
then Eclair also supports Windows, therefore I would like to see a more generic (cross-platform) integration.
cmake/sca/eclair/sca.cmake
Outdated
| -b ${BOARD} \ | ||
| --build-dir ${ECLAIR_BUILD_DIR} \ | ||
| ${APPLICATION_SOURCE_DIR} \ | ||
| | tee ${ECLAIR_OUTPUT_DIR}/analysis.log" |
There was a problem hiding this comment.
is this the only way to get output from Eclair ?
Doesn't it support writing the analysis to a file directly ?
There was a problem hiding this comment.
Are you referring to the tee?
The tee is not related to ECLAIR (or to the analysis results), it just saves the west invocation logs in
analysis.log. I'm fine with removing it. In case of problems, we still will have something reported in
$ECLAIR_DIAGNOSTICS_OUTPUT.
Doing that, if the build fails it will result in an ECLAIR error in $ECLAIR_DIAGNOSTICS_OUTPUT,
but the actual build error will not be present (maybe this is not even necessary, maybe west already
put these logs somewhere).
Since a broken build is not related to ECLAIR I'm completely fine in removing the tee.
cmake/sca/eclair/sca.cmake
Outdated
| message(STATUS "ECLAIR BUILD DIR is: ${ECLAIR_BUILD_DIR}") | ||
|
|
||
| add_custom_target(eclair ALL | ||
| COMMAND sh -c "ECLAIR_PROJECT_NAME=${ECLAIR_PROJECT_NAME} \ |
There was a problem hiding this comment.
we should avoid depending on a specific shell, especially this will not work on windows, and afaict Eclair also supports running on Windows.
If needing to set env settings and run a tool, one can use:
${CMAKE_COMMAND} -E env <options> -- <command> ...
See more: https://cmake.org/cmake/help/latest/manual/cmake.1.html#run-a-command-line-tool
cmake/sca/eclair/sca.cmake
Outdated
| endif() | ||
|
|
||
| # Create Output Directory | ||
| file(REMOVE_RECURSE ${ECLAIR_OUTPUT_DIR}) |
There was a problem hiding this comment.
This will only be cleared when CMake re-runs, not for normal incremental builds.
Is that intentionally ?
So far, looking at this PR, i'm not convinced the current behavior is what is really desired.
There was a problem hiding this comment.
No, you're right. The directory is supposed to be deleted at every run.
cmake/sca/eclair/sca.cmake
Outdated
| ) | ||
|
|
||
| add_custom_command( | ||
| TARGET eclair POST_BUILD |
There was a problem hiding this comment.
why is this a POST_BUILD command ?
The add_custom_target() support running multiple commands, like:
add_custom_target(<target> <command1> <args1> COMMAND <command2> <args2> COMMAND <command3>....)
Or alternative, switch purely to add_custom_command() with outputs an then have the target drive those commands.
cmake/sca/eclair/sca.cmake
Outdated
| COMMAND_EXPAND_LISTS | ||
| ) | ||
|
|
||
| unset(ECLAIR_RULES_SET CACHE) |
There was a problem hiding this comment.
I don't see ECLAIR_RULES_SET being set in the cache.
Can you explain ?
cmake/sca/eclair/sca.cmake
Outdated
| set(LD_ALIASES "${CMAKE_LINKER}") | ||
| set(AR_ALIASES "${CMAKE_ASM_COMPILER_AR} ${CMAKE_C_COMPILER_AR} ${CMAKE_CXX_COMPILER_AR}") | ||
| if(NOT ECLAIR_RULES_SET) | ||
| set(ECLAIR_RULES_SET first_analysis) |
There was a problem hiding this comment.
not sure what the intention with this setting is ?
This variable is only accessible during CMake configure time, which is not the same as build time.
The custom target and command below are only executed during build time, and thus eclair may be invoked multiple times before CMake re-runs.
cmake/sca/eclair/sca.cmake
Outdated
| unset(ECLAIR_metrics_tab CACHE) | ||
| unset(ECLAIR_reports_tab CACHE) | ||
| unset(ECLAIR_summary_txt CACHE) | ||
| unset(ECLAIR_summary_doc CACHE) | ||
| unset(ECLAIR_summary_odt CACHE) | ||
| unset(ECLAIR_full_txt_areas CACHE) | ||
| unset(ECLAIR_full_txt CACHE) | ||
| unset(ECLAIR_full_doc_areas CACHE) | ||
| unset(ECLAIR_full_doc CACHE) | ||
| unset(ECLAIR_full_odt CACHE) |
There was a problem hiding this comment.
Not understood, what's the intention ?
There was a problem hiding this comment.
Unset eventually externally provided variables that alter the behavior of the tool.
Just to avoid unexpected behaviors from the tool caused by previous runs settings.
cmake/sca/eclair/ECL/reports.ecl
Outdated
| #-metrics_tab=join_paths(output_dir,"metrics") | ||
| # Output reports for use with spreadsheet applications | ||
| #-reports_tab=join_paths(output_dir,"reports") | ||
| if(string_equal(or(getenv("ECLAIR_metrics_tab"),"false"),"true") |
There was a problem hiding this comment.
Using env variables here might be very convenient for someone who wrote the integration but it seems very hidden and undocumented for everyone else.
Also picking up environment variables during build can lead to hard to reproduce builds.
We should probably consider to allow SCA tools to provide a Kconfig file.
There was a problem hiding this comment.
They are not undocumented, you can find the documentation in sca/eclair.rst.
In any case, I've got the point. I'm not really familiar with Kconfig, I'll give a look
at it.
There was a problem hiding this comment.
They are not undocumented, you can find the documentation in sca/eclair.rst.
Try read my comment again.
I'm not talking about the settings themselves, but the fact they are being picked up from environment.
That behavior is hidden and undocumented.
zephyr/doc/develop/sca/eclair.rst
Lines 66 to 67 in 6b67643
zephyr/doc/develop/sca/eclair.rst
Line 93 in 6b67643
There was a problem hiding this comment.
That is true allowing SCA tools to provide a Kconfig would be good thing to make it clearer what can be configured for the tool itself and also would document the configuration and behavior of the sca tooling better.
But is there actual a better way to do something like this with SCA and cmake? Because I couldn't find a better way to do this right now.
|
@tejlmand Simone (@sballari ) and me worked on this PR and we are ready to push the recent updates, we also included the configuration of the SCA via Kconfig. |
simhein
force-pushed
the
eclair_env_integration
branch
from
6b67643 to
08be9f6
Compare
|
Last push address the changes requested from @tejlmand and introduce a solution to use Kconfig with a SCA tool. |
simhein
force-pushed
the
eclair_env_integration
branch
from
08be9f6 to
57dbf4d
Compare
There was a problem hiding this comment.
was looking at the updated PR.
Please cleanup the commit history, as it is hard to review commit-by-commit when coding issues identified in earlier review is still present in PR because new commits like those 99ccd51a5a9615227ee98b457d6935e26fb6dde1, 0322ed29e9e42c35d2fb1543f51b494c5b934f01, ...
are just appended to the PR.
cmake/sca/eclair/sca.cmake
Outdated
There was a problem hiding this comment.
with the new hw model in place, should this then be Zephyr-${BOARD}${BOARD_QUALIFIERS} ?
Non-blocking comment.
There was a problem hiding this comment.
Yes with the new model in place this will be switched to ${BOARD}${BOARD_QUALIFIERS}
There was a problem hiding this comment.
Time to switch this over now that HWMv2 is the norm
Ok I will look into it. So just to confirmation that I understood it correct, it is better to squash the new commits into the old ones get rid of the older changes? |
simhein
force-pushed
the
eclair_env_integration
branch
from
57dbf4d to
84cf55c
Compare
|
@tejlmand cleaned up the complete PR to get rid of the appended commits and make it easier to review. |
simhein
force-pushed
the
eclair_env_integration
branch
from
84cf55c to
1d4b4b8
Compare
|
@simhein can you address the compliance checks? |
simhein
force-pushed
the
eclair_env_integration
branch
from
c08d51b to
4dca8fd
Compare
simhein
force-pushed
the
eclair_env_integration
branch
from
4dca8fd to
93e5781
Compare
Thanks for the continued efforts! I think the last updates are very reasonable and align with current zephyr documentation. Will do a review soon. |
cmake/sca/eclair/ECL/extra.ecl
Outdated
There was a problem hiding this comment.
What about networking linker sections?
There was a problem hiding this comment.
Yes they might need to be extended here if they start showing up in violations when the tool can't find those entities.
But I would recommend to add them if the tool starts showing this kind of violations or warnings or infos
simhein
force-pushed
the
eclair_env_integration
branch
from
93e5781 to
75dc43c
Compare
|
@pdgendt I adapted the configuration in the last push. If people use the preset rulesets all configurations are used which are defined in the new config file zephyr_common_config.ecl. The next step after the integration would be to revisit the zephyr_common_config.ecl and review the whole configuration for the project. |
simhein
force-pushed
the
eclair_env_integration
branch
from
75dc43c to
3dc1181
Compare
Add the Eclair configuration files, which are needed to configure the static code analysis tool for the zephyr coding guidelines. Signed-off-by: Simon Hein <[email protected]>
simhein
force-pushed
the
eclair_env_integration
branch
from
3dc1181 to
a0897a8
Compare
Add the ECLAIR calls for the zephyr cmake environment to call ECLAIR while the firmware is build by replacing the actual compiler call and setup the eclair environment and call the compiler through the eclair. The Integration accepts a kconfig file for configuring the analysis and the generation of the reports. The path of the kconfig file should be provided via the variable ECLAIR_CONFIG. db_generation.ecl has be created and introduced instead of reports.ecl because the report generation is handled by the sca.cmake directly. Signed-off-by: Simon Hein <[email protected]>
Add the documentation for the eclair from Bugseng with the pre configuration for the zephyr project. Signed-off-by: Simon Hein <[email protected]>
Add a cmake file which uses the cmake options feature and include it inot the sca.cmake file to set up and describe the options for the ECLAIR tool. Signed-off-by: Simon Hein <[email protected]>
simhein
force-pushed
the
eclair_env_integration
branch
from
a0897a8 to
5c7c25d
Compare
|
Can't really comment on the ecl files, but otherwise LGTM |
|
ping @tejlmand |
There was a problem hiding this comment.
Thanks for the effort, and sorry for the KConfig vs. CMake back and forth.
But I do think that the latest CMake approach looks better than the initially proposed CMake variant which hid the supported options too much.
Also I think having the sca_options.cmake established as the user facing configuration allows us too extend functionality without having to change user's workflow.
Approved.
| find_program(ECLAIR_REPORT eclair_report REQUIRED) | ||
| message(STATUS "Found eclair_report: ${ECLAIR_REPORT}") | ||
|
|
||
| if(ECLAIR_OPTIONS_FILE) |
There was a problem hiding this comment.
Not blocking as we can continue work on Eclair integration, but should the initial value of ECLAIR_OPTIONS_FILE be fetched using zephyr_get(ECLAIR_OPTIONS_FILE) so that it also uses the intended file when invoked through sysbuild ?
12 participants
The PR add support for the SCA tool ECLAIR from Bugseng.
The rule set which is added with the commits was adapted to the zephyr projects coding guidelines.
Note: The integration was a collaboration with Bugseng itself therefor Simone Ballarin autohred some commits
Hint: All ecl files are files which are used by the eclair tool to set up rules and other options.