Topics

First sonar static analysis results

Dave Barach
 

https://sonarcloud.io/organizations/fdio/issues?projects=fdio-vpp

As with Coverity, Sonar seems primed to bitch about a set of things which aren't real. For example:

vlib_buffer_advance (b0, -sizeof(ip_header_t));

or

#define DEBUG_FOO 0

if (DEBUG_FOO > 0)

The UI is nice, the workflow isn't awful, and the tool runs reasonably fast.

Thanks to Eric Ball for walking me through the process. I'll write it up in detail for our CI folks.

Dave

Luca Muscariello
 

Dave,

is the integration made from the github mirror or directly from gerrit?
We are using coverity for hicn but I agree that sonar cloud looks way better.

I'd love to test for hicn.

Thanks
Luca

On Thu, Mar 26, 2020 at 8:37 PM Dave Barach via Lists.Fd.Io <dbarach=cisco.com@...> wrote:
https://sonarcloud.io/organizations/fdio/issues?projects=fdio-vpp

As with Coverity, Sonar seems primed to bitch about a set of things which aren't real. For example:

   vlib_buffer_advance (b0, -sizeof(ip_header_t));

or

#define DEBUG_FOO 0

if (DEBUG_FOO > 0)

The UI is nice, the workflow isn't awful, and the tool runs reasonably fast.

Thanks to Eric Ball for walking me through the process. I'll write it up in detail for our CI folks.

Dave