TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / ci / tf-a-ci-scripts / 422bf777a558a6b78f438f94d70ed9af5ea38362 / . / script / coverity_wrapper.sh
blob: fed41e4aa3b1507d92e82309a105a709d37183a3 [file] [log] [blame]
Fathi Boudra422bf772019-12-02 11:10:16 +0200[diff] [blame^]1#!/bin/bash
2#
3# Copyright (c) 2019, Arm Limited. All rights reserved.
4#
5# SPDX-License-Identifier: BSD-3-Clause
6#
7
8# This file is sourced from the build_package.sh script to use
9# coverity_wrapper() function as a build wrapper.
10#
11# This wrapper supports two work flows:
12#
13# - Compare the branch under test with that of master, and print defects. If
14# there are defects, we arrange the build to be marked as unstable. Set
15# $cov_run_type to 'branch-report-compare' to use this.
16#
17# - Commit and create snapshot for the entire branch. Set $cov_run_type to
18# 'branch-report-full' to use this.
19#
20# Coverity analysis involves contacting the server, which have shown to be very
21# slow. Depending on the type of analysis performed, we might have to do
22# analysis more than once, and doing that in series would only increase the turn
23# around time. To mitigate this, all Coverity commands are saved as small
24# snippets, and are then called from a Makefile. Make take care of running
25# commands in parallel (all this at the expense of readability).
26
27coverity_wrapper() {
28 local cov_dir="$workspace/coverity"
29 local cov_config="$cov_dir/config"
30 local cov_compiler="${cov_compiler:-${CROSS_COMPILE}gcc}"
31
32 local golden_repo="$cov_dir/golden-repo"
33 local golden_snapshot="$cov_dir/golden-snapshot"
34
35 local branch_repo="$cov_dir/branch-repo"
36 local branch_snapshot="$cov_dir/branch-snapshot"
37
38 local auth_file="${cov_auth_file:-$ci_root/coverity/tfcibot@$coverity_host}"
39 local makefile="$workspace/makefile.cov"
40 local snippets_dir="$cov_dir/snippets"
41 local stream_name="${BUILD_CONFIG:?}"
42
43 local ref_arg
44 local description
45 local need_compare
46
47 echo_w
48 mkdir -p "$cov_dir"
49
50 if echo "${cov_run_type:?}" | grep -iq "branch-report-compare"; then
51 need_compare=1
52 local golden_url="${cov_golden_url:-$tf_src_repo_url}"
53 local golden_ref="${cov_golden_ref:-master}"
54 fi
55
56 if upon "$local_ci"; then
57 description="$USER-local ${cov_checker:?}"
58 # Reference repository can't be shallow
59 if [ ! -f "$tf_root/.git/shallow" ]; then
60 ref_arg="--reference $tf_root"
61 fi
62 else
63 description="$JOB_NAME#$BUILD_NUMBER ${cov_checker:?}"
64 ref_arg="--reference $project_filer/ref-repos/trusted-firmware"
65 fi
66
67 # Create a stream and assign to Trusted Firmware project
68 chmod 400 "$auth_file"
69
70 mkdir -p "$snippets_dir"
71 cat <<EOF >"$makefile"
72SHELL := /bin/bash
73
74define run-snippet
75echo ":\$@" >&3
76echo ">\$@: \$\$(date)"
77if ! bash -ex $snippets_dir/\$@; then \\
78 echo " :\$@ failed! See build log" >&3; \\
79 exit 1; \\
80fi
81echo "<\$@: \$\$(date)"
82endef
83
84EOF
85
86 create_snippet() {
87 # Create a script snippet
88 cat >"$snippets_dir/${name?}"
89
90 # Add a rule to the makefile
91 cat <<EOF >>"$makefile"
92$name:${deps:+ $deps}
93 @\$(run-snippet)
94
95EOF
96 }
97
98 # golden-setup. Additionally query for a snapshot ID corresponding to
99 # this version in the stream. If a snapshot ID exists, the comparison
100 # file is generated containing the snapshot ID.
101 #
102 # We need to make a shallow clone of the repository first in order to
103 # get the reference, however. And, if later we find needing a fresh
104 # snapshot, we unshallow that.
105 cat <<EOF | name="golden-setup" create_snippet
106git clone --depth 1 -q $ref_arg "$golden_url" "$golden_repo"
107cd -P "$golden_repo"
108git fetch --depth 1 -q origin "$golden_ref"
109git checkout -q FETCH_HEAD
110
111if [ -z "$cov_force_commit" ]; then
112 "$ci_root/script/get_latest_snapshot.py" \\
113 --host "$coverity_host" \\
114 --file "$golden_snapshot" \\
115 --description "*$cov_checker*" \\
116 --version "\$(git show -q --format=%H)" \\
117 "$stream_name" 2>&3 || true
118fi
119
120{
121echo " golden: $golden_url $golden_ref"
122echo " golden: \$(git show -q --format=%H)"
123} >&3
124
125if [ -f "$golden_snapshot" ]; then
126 echo " golden: snapshot ID \$(cat $golden_snapshot) exists" >&3
127else
128 git fetch -q --unshallow origin
129fi
130EOF
131
132
133 # Setup branch
134 if upon "$local_ci"; then
135 if not_upon "$need_compare"; then
136 ln -s "$tf_root" "$branch_repo"
137
138 # Run scanning as-is since we don't need a comparison.
139 cat <<EOF | name="branch-setup" create_snippet
140if [ "$dont_clean" != 1 ]; then
141 cd -P "$branch_repo"
142 MAKEFLAGS= make distclean
143fi
144EOF
145 else
146 # Running comparison means that we need to make a merge
147 # commit. It's undesirable to do that on the user's
148 # working copy, so do it on a separate one.
149 cat <<EOF | name="branch-setup" create_snippet
150git clone -q $ref_arg "$tf_src_repo_url" "$branch_repo"
151cd -P "$branch_repo"
152git checkout -b cov-branch origin/master
153rsync -a --exclude=".git" --exclude "**.o" --exclude "**.d" "$tf_root/" .
154git add .
155git -c user.useconfigonly=false commit --allow-empty -q -m "Test branch"
156git checkout master
157git -c user.useconfigonly=false merge --no-ff -q cov-branch
158
159git remote add golden "$golden_url"
160git fetch -q golden "$golden_ref"
161git checkout -q -b cov-golden FETCH_HEAD
162git -c user.useconfigonly=false merge --no-edit --no-ff -q cov-branch
163EOF
164 fi
165 else
166 # Use the local checkout at $tf_root for analysing branch and
167 # golden together
168 ln -s "$tf_root" "$branch_repo"
169
170 cat <<EOF | name="branch-setup" create_snippet
171if [ "$need_compare" ]; then
172 cd -P "$branch_repo"
173 if [ -f ".git/shallow" ]; then
174 git fetch -q --unshallow origin
175 fi
176 git remote add golden "$golden_url"
177 git fetch -q golden $golden_ref
178 git branch cov-branch HEAD
179 git checkout -q -b cov-golden FETCH_HEAD
180 echo " branch: \$(git show -q --format=%H cov-branch)" >&3
181 git -c user.useconfigonly=false merge --no-edit --no-ff -q cov-branch
182fi
183EOF
184 fi
185
186
187 # Setup stream
188 cat <<EOF | name="stream-setup" create_snippet
189if cov-manage-im --mode streams --add --set "name:$stream_name" \\
190 --auth-key-file "$auth_file" \\
191 --host "$coverity_host"; then
192 cov-manage-im --mode projects --name "Arm Trusted Firmware" --update \\
193 --insert "stream:$stream_name" --auth-key-file "$auth_file" \\
194 --host "$coverity_host"
195fi
196EOF
197
198
199 # Coverity configuration
200 cat <<EOF | name="cov-config" create_snippet
201cov-configure --comptype gcc --template --compiler "$cov_compiler" \\
202 --config "$cov_config/config.xml"
203EOF
204
205
206 # cov-build on golden; only performed if a comparison file doesn't
207 # exist.
208 cat <<EOF | name="golden-cov-build" deps="cov-config golden-setup" \
209 create_snippet
210if [ ! -f "$golden_snapshot" -o -n "$cov_force_commit" ]; then
211 cd -P "$golden_repo"
212 MAKEFLAGS= cov-build --config "$cov_config/config.xml" \\
213 --dir "$cov_dir/golden" $@
214else
215 echo " golden: cov-build skipped" >&3
216fi
217EOF
218
219
220 # cov-analyze on golden; only performed if a comparison file doesn't
221 # exist.
222 cat <<EOF | name="golden-cov-analyze" deps="golden-cov-build" \
223 create_snippet
224if [ ! -f "$golden_snapshot" -o -n "$cov_force_commit" ]; then
225 cd -P "$golden_repo"
226 cov-analyze --dir "$cov_dir/golden" $cov_options --verbose 0 \\
227 --strip-path "\$(pwd -P)" \\
228 --redirect "stdout,$cov_dir/golden.txt"
229else
230 echo " golden: cov-analyze skipped" >&3
231fi
232EOF
233
234
235 # cov-commit-defects on golden. Since more than one job could have
236 # started analyzing golden after finding the snapshot misssing, we check
237 # for a snapshot again, and a commit only performed if a comparison file
238 # doesn't exist.
239 cat <<EOF | name="golden-cov-commit-defects" \
240 deps="stream-setup golden-cov-analyze" create_snippet
241if [ ! -f "$golden_snapshot" -a -z "$cov_force_commit" ]; then
242 "$ci_root/script/get_latest_snapshot.py" \\
243 --host "$coverity_host" \\
244 --file "$golden_snapshot" \\
245 --description "*$cov_checker*" \\
246 --version "\$(git show -q --format=%H)" \\
247 "$stream_name" 2>&3 || true
248 retried=1
249fi
250
251if [ ! -f "$golden_snapshot" -o -n "$cov_force_commit" ]; then
252 cd -P "$golden_repo"
253 cov-commit-defects --dir "$cov_dir/golden" --host "$coverity_host" \\
254 --stream "$stream_name" --auth-key-file "$auth_file" \\
255 --version "\$(git show -q --format=%H)" \\
256 --description "$description" \\
257 --snapshot-id-file "$golden_snapshot"
258 echo " golden: new snapshot ID: \$(cat $golden_snapshot)" >&3
259elif [ "\$retried" ]; then
260 {
261 echo " golden: snapshot ID \$(cat $golden_snapshot) now exists"
262 echo " golden: cov-commit-defects skipped"
263 } >&3
264else
265 echo " golden: cov-commit-defects skipped" >&3
266fi
267EOF
268
269
270 # cov-build on branch
271 cat <<EOF | name="branch-cov-build" deps="cov-config branch-setup" \
272 create_snippet
273cd -P "$branch_repo"
274MAKEFLAGS= cov-build --config "$cov_config/config.xml" --dir "$cov_dir/branch" $@
275EOF
276
277
278 # cov-analyze on branch
279 cat <<EOF | name="branch-cov-analyze" deps="branch-cov-build" \
280 create_snippet
281cd -P "$branch_repo"
282cov-analyze --dir "$cov_dir/branch" $cov_options --verbose 0 \\
283 --strip-path "\$(pwd -P)" \\
284 --redirect "stdout,$cov_dir/branch.txt"
285EOF
286
287
288 # cov-commit-defects on branch
289 cat <<EOF | name="branch-cov-commit-defects" \
290 deps="stream-setup branch-cov-analyze" create_snippet
291if [ "$cov_force_commit" ]; then
292 cd -P "$branch_repo"
293 cov-commit-defects --dir "$cov_dir/branch" --host "$coverity_host" \\
294 --stream "$stream_name" --description "$description" \\
295 --version "\$(git show -q --format=%H%)" \\
296 --auth-key-file "$auth_file" \\
297 --snapshot-id-file "$branch_snapshot"
298 echo " branch: new snapshot ID: \$(cat $branch_snapshot)" >&3
299else
300 echo " branch: cov-commit-defects skipped" >&3
301fi
302EOF
303
304
305 # cov-commit-defects on branch, but compare with golden
306 cat <<EOF | name="branch-report-compare" \
307 deps="golden-cov-commit-defects branch-cov-analyze" create_snippet
308cov-commit-defects --dir "$cov_dir/branch" --host "$coverity_host" \\
309 --stream "$stream_name" --auth-key-file "$auth_file" \\
310 --preview-report-v2 "$cov_dir/report.json" \\
311 --comparison-snapshot-id "\$(cat $golden_snapshot)"
312EOF
313
314
315 # cov-commit-defects on branch to report branch report
316 cat <<EOF | name="branch-report-full" \
317 deps="branch-cov-commit-defects stream-setup branch-cov-analyze" \
318 create_snippet
319cov-commit-defects --dir "$cov_dir/branch" --host "$coverity_host" \\
320 --stream "$stream_name" --auth-key-file "$auth_file" \\
321 --preview-report-v2 "$cov_dir/report.json"
322EOF
323
324 local minus_j="-j"
325 if upon "$cov_serial_build"; then
326 minus_j=
327 fi
328
329 # Call Coverity targets
330 echo "Coverity run type: ${cov_run_type:?}"
331 if ! eval MAKEFLAGS= make -r $minus_j -f "$makefile" $cov_run_type; then
332 return 1
333 fi
334
335 # Generate a text report
336 local defects_file="$workspace/coverity_report.txt"
337
338 if [ -f "$cov_dir/report.json" ]; then
339 python3 "$ci_root/script/coverity_parser.py" \
340 --output "$workspace/defects.json" \
341 $cov_report_options \
342 "$cov_dir/report.json" >"$defects_file" 2>&3 || true
343 fi
344
345 # If there were defects, print them out to the console. For local CI,
346 # print them in yellow--the same color we'd use for UNSTABLE builds.
347 if [ -s "$defects_file" ]; then
348 echo_w
349 echo_w "Coverity defects found:"
350 echo_w
351 if upon "$local_ci"; then
352 echo_w "$(tput setaf 3)"
353 fi
354 cat "$defects_file" >&3
355 if upon "$local_ci"; then
356 echo_w "$(tput sgr0)"
357 fi
358 echo_w
359 echo_w "$(wc -l < "$defects_file") defects reported."
360 echo_w
361 build_unstable >&3
362 echo_w
363 else
364 echo_w
365 echo_w "No coverity defects found."
366 echo_w
367 fi
368}