[RTEMS Project] #4620: Codeql Static Analyzer and RTEMS

RTEMS trac trac at rtems.org
Thu Feb 9 16:17:46 UTC 2023 

#4620: Codeql Static Analyzer and RTEMS
-------------------------------------------------+-------------------------
 Reporter:  Joel Sherrill                        |       Owner:  (none)
     Type:  project                              |      Status:  new
 Priority:  normal                               |   Milestone:  Indefinite
Component:  tool                                 |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  SoC, ecosystem, tools, small, large  |  Blocked By:
 Blocking:                                       |
-------------------------------------------------+-------------------------
Description changed by Joel Sherrill:

Old description:

> Codeql [https://codeql.github.com/] is a open source static analysis tool
> Broadly speaking, the goal of this project is to use Cobra to analyze
> RTEMS source code.
>
> * Build and install Codeql
> * Configure Codeqlto analyze RTEMS source code and get reports
> * Document procedure
> * Evaluate Codeql output and usefulness for RTEMS Project
>
> If Codeql proves useful, then Codeqlwill need some work to be more
> integrated into the project. The following are bare minimum:
>
> * A recipe will need to be added to the RTEMS Source Builder.
> * Scripting to generate reports
>
> To be more effectively used, issues like the following need to be
> considered:
>
> * Can files or directories be ignored?
> * Flagging issues to ignore.
> * Can certain issue be turned off?
> * Are MISRA rules supported? Can RTEMS use a subset of MISRA rules that
> are supported by this tool?
> * Comparison of one run to the next. History.
> * Think creatively, can we run Codeql periodically and email everyone who
> committed if the number of issues go up?
> * etc.
>

> Possible Mentors: Gedare Bloom, Joel Sherrill
> Skills: C
> Difficulty: Medium

New description:

 Codeql [https://codeql.github.com/] is a open source static analysis tool
 Broadly speaking, the goal of this project is to use Codeql to analyze
 RTEMS source code.

 * Build and install Codeql
 * Configure Codeqlto analyze RTEMS source code and get reports
 * Document procedure
 * Evaluate Codeql output and usefulness for RTEMS Project

 If Codeql proves useful, then Codeqlwill need some work to be more
 integrated into the project. The following are bare minimum:

 * A recipe will need to be added to the RTEMS Source Builder.
 * Scripting to generate reports

 To be more effectively used, issues like the following need to be
 considered:

 * Can files or directories be ignored?
 * Flagging issues to ignore.
 * Can certain issue be turned off?
 * Are MISRA rules supported? Can RTEMS use a subset of MISRA rules that
 are supported by this tool?
 * Comparison of one run to the next. History.
 * Think creatively, can we run Codeql periodically and email everyone who
 committed if the number of issues go up?
 * etc.


 Possible Mentors: Gedare Bloom, Joel Sherrill
 Skills: C
 Difficulty: Medium

--

--
Ticket URL: <http://devel.rtems.org/ticket/4620#comment:2>
RTEMS Project <http://www.rtems.org/>
RTEMS Project

More information about the bugs mailing list