CI: tweak scan-build configuration

Clang right now does not support cleanup attribute which is causing
false positives, so the check is now disabled.
https://bugs.llvm.org/show_bug.cgi?id=3888

At the same time I've enabled all other checkers to see what happens. We
need to go though them and disable them one-by-one if necessary.

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2509054f25f758da95ca892ea938a95ea1de5114..77894191d13353e10d2c07c322e91f0155530c33 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -58,7 +58,7 @@ lint:clang-scan-build:
   image: $CI_REGISTRY/knot/knot-resolver/ci:debian-unstable  # newer Debian for newer Clang
   dependencies: []  # do not download build artifacts
   script:
-    - MAKEFLAGS="-k -j$(nproc)" /usr/lib/llvm-5.0/bin/scan-build -o scan-results --status-bugs make
+    - MAKEFLAGS="-k -j$(nproc)" SCAN_BUILD="/usr/lib/llvm-5.0/bin/scan-build -o scan-results --status-bugs -no-failure-reports" ./tests/clang_scan_build.sh make
   artifacts:
     when: on_failure
     expire_in: '1 day'

diff --git a/tests/clang_scan_build.sh b/tests/clang_scan_build.sh
new file mode 100755 (executable)
index 0000000..1283131
--- /dev/null
+++ b/tests/clang_scan_build.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+set -o errexit -o nounset
+
+# following checkers are disabled on purpose:
+# Clann does not suppor attribute cleanup and this is causing false positives in following checkers:
+# unix.Malloc
+# alpha.unix.SimpleStream
+# alpha.unix.Stream
+# https://bugs.llvm.org/show_bug.cgi?id=3888
+
+# These are disabled for other reasons:
+# alpha.deadcode.UnreachableCode # false positives/flags sanity checks depending on implementation details
+# alpha.security.MallocOverflow # not smart enough to infer max values from data types
+# alpha.clone.CloneChecker # way too many false positives
+
+${SCAN_BUILD:-scan-build} \
+-disable-checker  unix.Malloc \
+-enable-checker   alpha.core.BoolAssignment \
+-enable-checker   alpha.core.CallAndMessageUnInitRefArg \
+-enable-checker   alpha.core.CastToStruct \
+-enable-checker   alpha.core.CastSize \
+-enable-checker   alpha.core.Conversion \
+-enable-checker   alpha.core.DynamicTypeChecker \
+-enable-checker   alpha.core.FixedAddr \
+-enable-checker   alpha.core.IdenticalExpr \
+-enable-checker   alpha.core.PointerArithm \
+-enable-checker   alpha.core.PointerSub \
+-enable-checker   alpha.core.SizeofPtr \
+-enable-checker   alpha.core.TestAfterDivZero \
+-enable-checker   alpha.cplusplus.IteratorRange \
+-enable-checker   alpha.cplusplus.MisusedMovedObject \
+-enable-checker   alpha.security.ArrayBound \
+-enable-checker   alpha.security.ArrayBoundV2 \
+-enable-checker   alpha.security.ReturnPtrRange \
+-enable-checker   alpha.security.taint.TaintPropagation \
+-enable-checker   alpha.unix.BlockInCriticalSection \
+-enable-checker   alpha.unix.Chroot \
+-enable-checker   alpha.unix.PthreadLock \
+-enable-checker   alpha.unix.cstring.BufferOverlap \
+-enable-checker   alpha.unix.cstring.NotNullTerminated \
+-enable-checker   alpha.unix.cstring.OutOfBounds \
+-enable-checker   nullability.NullableDereferenced \
+-enable-checker   nullability.NullablePassedToNonnull \
+-enable-checker   nullability.NullableReturnedFromNonnull \
+-enable-checker   optin.performance.Padding \
+-enable-checker   optin.portability.UnixAPI \
+-enable-checker   security.FloatLoopCounter \
+-enable-checker   valist.CopyToSelf \
+-enable-checker   valist.Uninitialized \
+-enable-checker   valist.Unterminated \
+make