User Tools

Site Tools


static_dynamic_analysis

Static Analysis Setup Instruction :

1-Installation

Prerequisites:

•Install SonarQube http://www.sonarqube.org/downloads

•Install Sonar Scanner http://docs.sonarqube.org/display/SCAN/

•Install Build-essential

Login as root $ sudo su [follow this process in every terminal you open]

$apt-get install cppcheck 1.69
$apt-get install vera++ 1.3.0
$apt-get install rats 2.4
$apt-get install gcovr
$apt-get install perl 5
$apt-get install python 2.7.10
$apt-get install lua-5.3.3
$apt-get install tcl8.6.6
$apt-get install tk8.6.6
$apt-get install valgrind 3.12.0

Note: Preferred version of SonarQube for Java scan is 5.6 and for C++ is 5.5.

Note: Add sonar-cxx Plugins into the SONARQUBE_HOME/extensions/plugins directory and restart the SonarQube server(Prefered 0.95.jar package). Plugins needed only for C++ scan.https://github.com/SonarOpenCommunity/sonar-cxx/releases

Note: Install Build-essential required only for C++ Scan.

2-Configure Properties:

Create src folder.

  $ mkdir src  

Go to src directory.

  $ cd src

Download IoTivity Source Code:

  $ git clone https://github.com/iotivity/iotivity.git

Following properties have to be configured on the SonarQube and Project based on the scan type

Java

•By using your favorite test editor add these lines and save it in name of Sonar-project properties in src directory.

  sonar.projectKey=iotivity-x.x.x
  sonar.projectName=iotivity-x.x.x
  sonar.projectVersion=x.x.x
  sonar.language=java
  sonar.sources=src

•By using test editor add these lines and save it in name of Sonar-scanner properties in <sonar-scanner>/conf directory.

   sonar.projectKey=iotivity-x.x.x
   sonar.projectName=iotivity-x.x.x
   sonar.projectVersion=x.x.x
   sonar.language=java
   sonar.sources=src 

C++

•By using test editor add these lines and save it in name of Sonar-scanner properties in <sonar-scanner>/conf directory.

    sonar.projectKey=iotivity-x.x.x
    sonar.projectName=iotivity-x.x.x
    sonar.projectVersion=x.x.x
    sonar.language=c++
    sonar.sources=src

•By using test editor add these lines and save it in name of Sonar-project properties in src directory.

        
   # required metadata
   sonar.projectKey=CxxPlugin:iotivity-1.2.1-x.x.x
   sonar.projectName=iotivity-1.2.1-x.x.x
   sonar.projectVersion=1.2.1-x.x.x
   sonar.language=c++
   # path to source directories (required)
   sonar.sources=src
   #sonar.tests=src/resource/unittests
   # path to the build artifact
   # paths to the reports
   sonar.cxx.cppcheck.reportPath=build/cppcheck-report.xml
   sonar.cxx.pclint.reportPath=build/pclint-report.xml
   sonar.cxx.coverage.reportPath=build/gcovr-report*.xml
   sonar.cxx.coverage.itReportPath=build/gcovr-report*.xml
   sonar.cxx.coverage.overallReportPath=build/gcovr-report*.xml
   sonar.cxx.valgrind.reportPath=build/valgrind-report.xml
   sonar.cxx.vera.reportPath=build/vera++-report.xml
   sonar.cxx.rats.reportPath=build/rats-report.xml
   sonar.cxx.xunit.reportPath=build/xunit-report.xml
   sonar.cxx.includeDirectories=/usr/include/c++/4.8,/usr/include/i386-linux-
   gnu/c++/4.8,/usr/include,/usr/include/c++/4.8/tr1,/usr/include/linux,src

•By using your favorite test editor add these lines and save it in name of Makefile in src directory.

  
 export BUILD_DIR = $(shell "pwd")/build
 # Flags passed to the C++ compiler.
 export CXXFLAGS = -g -pthread --coverage
 # Flags passed to the linker.
 export LDFLAGS = -pthread --coverage 
 export CC = g++
 export LD = g++
 export AR = ar
 all:
      @mkdir -p build
@$(MAKE) -C src
@$(MAKE) -C tests
 clean:
rm -rf build
@$(MAKE) clean -C src
@$(MAKE) clean -C tests
  ############################ Sonar-related rules ###############################
 sonar: sonar_cppcheck sonar_vera sonar_rats sonar_runtests sonar_coverage sonar_sonar
 CPPCHECK_INCLUDES = -Isrc
 SOURCES_TO_ANALYSE = src
 # Run cppcheck, a general purpose static code checker
 sonar_cppcheck:
cppcheck -v --enable=all --xml $(CPPCHECK_INCLUDES) $(SOURCES_TO_ANALYSE) 2> $(BUILD_DIR)/cppcheck-
 report.xml
 # Run vera: static code checker focusing on code style issues
 sonar_vera:
echo `pwd`
bash -c 'find src -regex ".*\.cc\|.*\.hh" | vera++ - -showrules -nodup |& 
 vera++Report2checkstyleReport.perl > $(BUILD_DIR)/vera++-report.xml'
 # Run rats: static code checker focusing on (potential) security problems
 sonar_rats:
rats -w 3 --xml $(SOURCES_TO_ANALYSE) > $(BUILD_DIR)/rats-report.xml
 # Run some tests. This run provides:
 # 1) test execution report
 # 2) valgrind/memcheck report
 # 3) raw coverage data (.gcda-files)
 sonar_runtests:
-valgrind --xml=yes --xml-file=$(BUILD_DIR)/valgrind-report.xml $/out/linux/x86/release/scene_test --
gtest_output=xml:$(BUILD_DIR)/xunit-report.xml                                        
# Collect the coverage data and convert it to cobertura-format
sonar_coverage:
gcovr -x -r . > $(BUILD_DIR)/gcovr-report.xml
 # Parse collected data and feed it into sonar
 sonar_sonar:
sonar-scanner -X

3-RUN

Java

Go to the src directory and run Sonar-Scanner Command:

<src> sonar-scanner-2.8/bin/sonar-scanner 

If exceution is success, terminal will display “ EXECUTE SUCCESS”.

C++

1)Run “make”: Open terminal in src directory and run “make” command:

   <src>$ make

2)Run “make sonar” make sonar command will be generate xml file in src directory. Note: make sonar will follow Makefile to create xml files. Open terminal in src directory and run “make sonar” using command:

  <src>$ make sonar
  

3) Run “sonar-scanner” Go to the src directory and run Sonar-Scanner Command

 <src>sonar-scanner-2.8/bin/sonar-scanner 

If exceution is success, terminal will display EXECUTE SUCCESS.

4-Results:

Open browser specify port number localhost:9000 to check Result.

static_dynamic_analysis.txt · Last modified: 2017/07/07 06:55 by Sankar Selvam