diff --git a/make-srpm.sh b/make-srpm.sh index 75fe596..14a84fa 100755 --- a/make-srpm.sh +++ b/make-srpm.sh @@ -125,7 +125,7 @@ Tool for plugging static analyzers into the build process, free of mock. %package common Summary: Core of csmock (a mock wrapper for Static Analysis tools) -Requires: csdiff > 3.1.0 +Requires: csdiff > 3.5.1 Requires: csgcca Requires: cswrap Requires: mock >= 5.7 diff --git a/py/plugins/gcc.py b/py/plugins/gcc.py index 8d71810..41bfed7 100644 --- a/py/plugins/gcc.py +++ b/py/plugins/gcc.py @@ -16,6 +16,7 @@ # along with csmock. If not, see . # standard imports +import os import subprocess # local imports @@ -25,10 +26,20 @@ CSGCCA_BIN = "/usr/bin/csgcca" +# directory for GCC results (currently used only with `--gcc-analyzer-bin`) +GCC_RESULTS_DIR = "/builddir/gcc-results" + CSMOCK_GCC_WRAPPER_NAME = 'csmock-gcc-wrapper' CSMOCK_GCC_WRAPPER_PATH = '/usr/bin/%s' % CSMOCK_GCC_WRAPPER_NAME -CSMOCK_GCC_WRAPPER_TEMPLATE = '#!/bin/bash\n' \ - 'exec %s "$@"' + +# script to run gcc analyzer and dump its output to a seaprate SARIF file in GCC_RESULTS_DIR +CSMOCK_GCC_WRAPPER_TEMPLATE = f"""#!/bin/bash +fn=$(flock {GCC_RESULTS_DIR} mktemp "{GCC_RESULTS_DIR}/$$-XXXX.sarif") +exec %s "$@" -fdiagnostics-set-output="sarif:file=$fn" +""" + +# command to read and join all captured SARIF files +FILTER_CMD = "csgrep --mode=json --remove-duplicates" SANITIZER_CAPTURE_DIR = "/builddir/gcc-sanitizer-capture" @@ -289,6 +300,23 @@ def csgcca_hook(results, mock): # tell csgcca to use the wrapped script rather than system gcc analyzer props.env["CSGCCA_ANALYZER_BIN"] = CSMOCK_GCC_WRAPPER_NAME + # create directory for gcc results + def create_gcc_results_dir_hook(_, mock): + cmd = f"mkdir -pv '{GCC_RESULTS_DIR}' && touch '{GCC_RESULTS_DIR}/empty.sarif'" + return mock.exec_mockbuild_cmd(cmd) + props.post_depinst_hooks += [create_gcc_results_dir_hook] + + # copy gcc results out of the chroot + props.copy_out_files += [GCC_RESULTS_DIR] + + # process all captured SARIF files + def filter_hook(results): + src = os.path.join(results.dbgdir_raw, GCC_RESULTS_DIR[1:]) + dst = os.path.join(results.dbgdir_uni, "gcc-results.json") + cmd = f'{FILTER_CMD} --file-glob "{src}/*.sarif" > "{dst}"' + return results.exec_cmd(cmd, shell=True) + props.post_process_hooks += [filter_hook] + # XXX: changing props this way is extremely fragile # insert csgcca right before cswrap to avoid chaining # csclng/cscppc while invoking `gcc -fanalyzer`