#4620 new project

Codeql Static Analyzer and RTEMS

Reported by: Joel Sherrill Owned by:
Priority: normal Milestone: Indefinite
Component: tool Version:
Severity: normal Keywords: SoC, ecosystem, tools, small, large
Cc: Blocked By:

Description (last modified by Joel Sherrill)

Codeql https://codeql.github.com/ is a open source static analysis tool Broadly speaking, the goal of this project is to use Codeql to analyze RTEMS source code.

  • Build and install Codeql
  • Configure Codeqlto analyze RTEMS source code and get reports
  • Document procedure
  • Evaluate Codeql output and usefulness for RTEMS Project

If Codeql proves useful, then Codeqlwill need some work to be more integrated into the project. The following are bare minimum:

  • A recipe will need to be added to the RTEMS Source Builder.
  • Scripting to generate reports

To be more effectively used, issues like the following need to be considered:

  • Can files or directories be ignored?
  • Flagging issues to ignore.
  • Can certain issue be turned off?
  • Are MISRA rules supported? Can RTEMS use a subset of MISRA rules that are supported by this tool?
  • Comparison of one run to the next. History.
  • Think creatively, can we run Codeql periodically and email everyone who committed if the number of issues go up?
  • etc.

Possible Mentors: Gedare Bloom, Joel Sherrill
Skills: C
Difficulty: Medium

Change History (2)

comment:1 Changed on 02/25/22 at 21:21:57 by Joel Sherrill

Description: modified (diff)

comment:2 Changed on 02/09/23 at 16:17:46 by Joel Sherrill

Description: modified (diff)
Note: See TracTickets for help on using tickets.