Skip to content

Dev: Static code analysis with infer

Alex Owens edited this page Aug 8, 2024 · 3 revisions

Steps:

  1. Browse to the releases page of the project, click on the latest, and download the Linux tarball from the assets section at the bottom
  2. Extract the contents, and ensure the bin directory inside is on the $PATH
  3. From the ArcticDB project root directory, run:
    • cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=1 --preset linux-release -S cpp -B cpp/out/infer-build
    • cd cpp/out/infer-build
    • make -j8 arcticdb_proto (needed to generate the header files at least)
    • infer capture -j 8 --compilation-database compile_commands.json OOMs without any -j argument. Takes around 14 minutes, have not optimised -j parameter, more cores could be used.
    • infer analyze -j 16 This stage is less memory intensive so more parallelism can be used. --skip-analysis-in-path argument did not work for me, so output will include vcpkg_install/*, /usr/include/*, and third_party/* files. Takes around 7 minutes.
    • infer explore --html generates a directory infer-out/report.html/ with an index.html, plus one page per issue found that can be explored in a browser.

Other notes:

  • Incremental builds/analyses mentioned in the docs do not seem to work with the compile_commands.json workflow described above. I tried infer run --reactive -j 8 --compilation-database compile_commands.json.
  • Should work with make workflow, but this does not work out of the box for us as our generated makefile uses absolute paths to refer to compiler binaries, which is incompatible with infer.
  • If this could be made to work, a CI workflow similar to our ASV benchmarks could be useful. Analyse master, then perform an incremental analysis on the branch and check the diff.
  • Docs are not reliable, both between the readme recommendations and the full man pages, and in the man pages being incomplete (e.g. -j option is not documented)