Вы находитесь на странице: 1из 36

SUMMER TRAINING REPORT

On

CPPCHECK and JENKINS


Submitted to Guru Gobind Singh Indraprastha University, Delhi
(India)
in partial fulfillment of the requirement for the award of the degree of

B.TECH
in

INFORMATION TECHNOLOGY
Submitted By

KUNAL GUPTA
Roll. No. 07296303112

DEPTT. OF INFORMATION TECHNOLOGY

MAHARAJA SURAJMAL INSTITUTE OF TECHNOLOGY ,


NEW DELHI-110058
AUGUST 2015

ACKNOWLEDGEMENT
A research work owes its success from commencement to completion, to
the people in love with researchers at various stages. Let me in this page
express my gratitude to all those who helped us in various stage of this study.
First, I would like to express my sincere gratitude indebtedness to Mr. Manoj
Malik (HOD, Department of Information Technology, Maharaja Surajmal Institute
of Technology,New delhi) for allowing me to undergo the summer training of 6
weeks at ARICENT TECH. (HOLDINGS),Tower 4 and 5, Unitech Info Space
Tikri, Sector 48, Sohna Road, Gurgaon, Delhi 122002
I am grateful to our guide Mr. NITIN MEHTA, for the help provided in
completion of the project, which was assigned to me. Without his friendly help
and guidance it was difficult to develop this project.
I am also thankful to Mr. HARBANSH SINGH YADAV for his true help,
inspiration and for helping me to preparation of the final report and presentation.
Last but not least, I pay my sincere thanks and gratitude to all the Staff
Members of ARICENT TECH. for their support and for making our training
valuable and fruitful.

Submitted
By:
Kunal Gupta

CERTIFICATE
This is to certify that Mr. KUNAL GUPTA of Bachelor of Information Technology
,has completed Summer Training on the topic CPPCHECK and JENKINS From
ARICENT TECH. as partial fulfillment of Bachelor of Engineering IT. The summer
Training report and presentation by him is genuine work done by him and the
same is being submitted for evaluation.

Signature

CANDIDATES DECLARATION

I, KUNAL GUPTA, Roll No.07296303112, B.Tech (Semester- 7th ) of the


MaharajaSurajmal Institute of Technology, New Delhi hereby declare that the
Internship Report entitled CPPCHECK and JENKINS is an original work and
data provided in the study is authentic to the best of my knowledge. This report
has not been submitted to any other Institute for the award of any other degree.

Name of Student: KUNAL GUPTA


(Roll No. 07296303112)
Place: New-DELHI
Date: 7/10/15

ARICENT TECHNOLOGIES
Aricent is a pure-play product engineering service and software firm. It develops
software, provides technology services, and works with networking, telecom,
software, semiconductor, Internet, and industrial companies. Aricent is
headquartered in Redwood City, California, with operations in 9 countries
worldwide investors are KKR & Co. L.P. and Sequoia Capital. The company
claims to employ 7,800 consultants, designers, and engineers at over 10
locations worldwide.
Aricent is the successor to Hughes Software Systems, which was established in
1991, a subsidiary to Hughes Electronics. (KKR),and Sequoia Capital.
Timeline:1) 1991: Established as Hughes Software Systems (HSS) in New Delhi developing
software solutions in the areas of VSAT-based networks for voice and data, cellular
wireless telephony, packet switching, and multi-protocol routing.
It acquired frog design for approximately $25 million
2)

2005:

Expanded

development

operations

in Kiev, Kherson and Vinnytsia in

the Ukraine; Randburg, South Africa; and Beijing,China. Was delisted from India's stock
market in preparation for sale.
3) 2006: Was acquired by Kohlberg Kravis Roberts and Sequoia Capital as part
of a $900 million sales of software companies.The transaction represented the
largest private equity buy-out in Indian history.
4) 2007: Acquired Datalinx; launched service provider offerings.
5) 2008: The Family Office, a multi-family office company with headquarters in
Bahrain also joined in funding Aricent.
6)2011: Rebranded to Aricent Group.

7) 2011: Opened engineering and development center for testing and wireless
technologies in Vietnam
8) 2013: Rebranded to Aricent.
9) 2015: Acquired SmartPlay Technologies, a semiconductor service based firm
for $180 million. As part of the deal, SmartPlays 1,200-plus staff will join
Aricents staff.

CONTENTS
1. Introduction
1.1. Cppcheck
1.2. Jenkins
1.3. Areas of application
1.4. Hardware and Software requirements
2. Working with Cppcheck
2.1. Installation
2.2. Getting Started
2.3. Severities
2.4. Options Available
2.5. Types of Checks
3. Saving Cppcheck Results
4. Jenkins Installation
5. Cppcheck and Jenkins Integration
6. Creating new project
7. Other Snapshots
8. Bibliography

1. INTRODUCTION
1.1

Cppcheck

Cppcheck is

a static

code

analysis tool

for

the C and C++ programming

languages. It is a versatile tool that can check non-standard code. The creator
and lead developer is Daniel Marjamki.
Cppcheck is free software under the GNU General Public License.
Unlike C/C++ compilers and many other analysis tools, it
doesnt detect syntax errors. Cppcheck only detects the types of bugs that the
compilers normally fail to detect. You can check non-standard code that includes
various compiler extensions, inline assembly code, etc.
Cppcheck should be compilable by any C++ compiler that handles the latest C++
standard.

Cppcheck should work on any platform that has sufficient CPU and memory.
Some of the checks that are supported include:
1) Automatic variable checking
2) Bounds checking for array overruns
3) Classes checking (e.g. unused functions, variable initialization and
memory duplication)
4) Usage of deprecated or superseded functions according to Open Group
5) Exception safety checking, for example usage of memory allocation and
destructor checks
6) Memory leaks, e.g. due to lost scope without deallocation
7) Resource leaks, e.g. due to forgetting to close a file handler
8) Invalid usage of Standard Template Library functions and idioms
9) Miscellaneous stylistic and performance errors

1.2

Jenkins

Jenkins is an open source continuous integration tool written in Java. The


project was forked from Hudson after a dispute with Oracle.
Jenkins provides continuous integration services for software development. It is a
server-based system running in a servlet container such as Apache Tomcat. It
supports SCM tools
like AccuRev, CVS, Subversion, Git, Mercurial, Perforce, Clearcase and RTC,
and can execute Apache Ant and Apache Maven based projects as well as
arbitrary shell scripts and Windows batch commands. The primary developer of
Jenkins is Kohsuke Kawaguchi. Released under the MIT License, Jenkins
is free software.

Builds can be started by various means, including being triggered by commit in a


version control system, by scheduling via a cron-like mechanism, by building
when other builds have completed, and by requesting a specific build URL.

Plugins have been released for Jenkins that extend its use to projects written in
languages other than Java. Plugins are available for integrating Jenkins with
most version control systems and big databases. Many build tools are supported
via their respective plugins. Plugins can also change the way Jenkins looks or
add new functionality.
Builds can generate test reports in various formats supported by plugins
(JUnit support is currently bundled) and Jenkins can display the reports and
generate trends and render them in the GUI.

1.3

Areas of Application

Cppcheck1) The

commercial

third-party Add-In Visual

Lint by British

company

Riverblade can be used to integrate CppCheck in Visual Studio. There is


also an open source plugin cppcheck-vs-addin available. It is also possible
to add Cppcheck as an external tool.
2) Plugins for the following IDEs exist
a) Code Blocks - integrated.
b) CodeLite - integrated.
c) Eclipse
d) Emacs
e) gedit
f) Hudson
g) Jenkins
h) Sublime Text
i) Yasca
JenkinsBased on the original Jenkins for Java, there are now similar tools for other
programming frameworks such as:
Buildbot a Python system to automate the compile/test cycle to validate
code changes.
b) Tox an automation tool providing packaging, testing and deployment of
Python software.
c) Travis-CI a distributed CI server which builds tests for open source
projects for free.
d) Django-Jenkins Django (Python) Web Framework integration with
Jenkins.
a)

1.4

Hardware and Software requirements

Software Requirements
Operating System

: LINUX

Front End

: JAVA Jdk 1.7

Web Browser

: Chrome/Mozila Firefox

Hardware Requirements
Machine

: Core duo or above

Speed

: 1.7 GHz or above

Hard Disk

: 50 GB or above

RAM

: 1 GB or above

2. Working with Cppcheck


2.1

Installation

1) Open terminal and type:a) sudo apt-get install cppcheck (for ubuntu)
b) yum install cppcheck (for fedora and red hat)
or

2) Cppcheck's main sourceforge page is here:


http://www.sourceforge.net/projects/cppcheck
The current direct download link is:
http://sourceforge.net/projects/cppcheck/files/latest/download

2.2

Getting Started

Here is a sample code-

#include<stdio.h>
int main()
{

int a,b,c;
if(a==0)
printf("yes");
return 0;}

Now save the file asRam.c


and execute:
cppcheck Ram.c
The output from cppcheck will then be:
Checking file1.c...

Checking Ram.c...
[ram.c:6]: (error) Uninitialized variable: a

Checking all files in a folder

Normally a program has many source files. And you want to check them all.
Cppcheck can check all source files in a directory:
cppcheck path
If "path" is a folder then cppcheck will check all source files in this folder.
Checking path/file1.cpp...
1/2 files checked 50% done
Checking path/file2.cpp...
2/2 files checked 100% done

Excluding a file or folder from checking

1)The first option is to only provide the paths and files you want to check.
cppcheck src/a src/b All files under src/a and src/b are then checked.
2) Second option is to use i, with it you specify files/paths to ignore. With this
command no files in src/c are checked:
cppcheck I src/c src
(here the file in directory kunalinner is not checked)

2.3

Severities

The possible severities for messages are:


1) Error-used when bugs are found.
2) Warning-suggestions about defensive programming to prevent bugs.
3) Style-stylistic issues related to code cleanup (unused functions, redundant
code and such).
4) Performance-Suggestions for making the code faster. These suggestions
are only based on common knowledge. It is not certain youll get any
measurable difference in speed by fixing these messages.
5) Portability-portability warnings. 64-bit portability. code might work different
on different compilers. etc.
6) Information-Informational messages about checking problems.

2.4

Options Available
The format for command line Cppcheck is available with following
options:-

cppcheck [--append=<file>] [-D<id>] [--enable=<id>] [--error-exitcode=<n>] [-errorlist] [--exitcode-suppressions=<file>] [--file-list=<file>] [--force] [--help] [I<dir>]

[-i<dir>]

[--inline-suppr]

[-j<jobs>]

[--quiet]

[--report-progress]

[--

rule=<rule>] [--rule-file=<file>] [--style] [--suppress=<spec>] [--suppressionslist=<file>]

[--template '<text>']

[--verbose]

[--version]

[--xml]

[--xml-

version=<version>]] [file or path] ...


1) By default only error messages are shown. Through the enable command
more checks can be enabled.( --enable=<id>)
Example:# enable warning messages
cppcheck --enable=warning file.c
# enable performance messages
cppcheck --enable=performance file.c
# enable information messages
cppcheck --enable=information file.c
2) --append=<file> This allows you to provide information about functions by
providing an implementation for other options.
3). -D<id>

By default Cppcheck checks all configurations. Use -D to limit the

checking. When -D is used the checking is limited to the given configuration.


Example: -DDEBUG=1 -D__cplusplus
4). --error-exitcode=<n> If errors are found, integer <n> is returned instead of
default 0. EXIT_FAILURE is returned if arguments are not valid or if no input files
are provided. Note that your operating system can modify this value, e.g. 256 can
become 0.
5). errorlist

Print a list of all possible error messages in XML format

6) --exitcode-suppressions=<file>

Used when certain messages should be

displayed but should not cause a non-zero exitcode.


7). --file-list=<file> Specify the files to check in a text file. One filename per line.
8) -f, --force Force checking of files that have a lot of configurations. Error is
printed if such a file is found so there is no reason to use this by default.
9). -h, --help Print help text.
10). -I <dir>

Give include path. Give several -I parameters to give several

paths. First given path is checked first. If paths are relative to source files, this is
not needed.
11). -q, --quiet Only print something when there is an error.
12). --report-progress Report progress when checking a file.
13). --rule=<rule> Match regular expression to create your own checks. E.g.
rule "/ 0" can be used to check division by zero.
14).--rule-file=<file>. Use to rule given Xml file.
15). -s, --style Deprecated, use --enable=style.
16. -v, --verbose More detailed error reports.
17). --xml-version=<version> Select the XML file version. Currently versions 1
and 2 are available. The default version is 1.
18) --inconclusive

By default Cppcheck only writes error messages if it is

certain. With -inconclusive error messages will also be written when the
analysis is inconclusive.
19) -j

The option -j is used to specify the number of threads you want to use.

For example, to use 4 threads to check the files in a folder:


cppcheck -j 4 path

2.5

Type of Checks
Following are the various checks available with cppcheck:-

1) 64- BIT Portability


Check if there is 64-bit portability issues:
- assign address to/from int/long.
- casting address from/to integer when returning from function
2) Auto Variables
A pointer to a variable is only valid as long as the variable is in scope.
Check:
- returning a pointer to auto or temporary variable
- assigning address of an variable to an effective parameter of a function
- returning reference to local/temporary variable
- returning address of function parameter
- suspicious assignment of pointer argument
- useless assignment of function argument
3) Boolean
Boolean type checks
- using increment on boolean
- comparison of a boolean with a non-zero integer
- comparison of a boolean expression with an integer other than 0 or 1
- comparison of a function returning boolean value using relational operator
- comparison of a boolean value with boolean value using relational operator
- using bool in bitwise expression
- pointer addition in condition (either dereference is forgot or pointer overflow is
required to make the condition false)
- Assigning bool value to pointer or float.
4) Bounds Checking
Out of bounds checking:
- Array index out of bounds detection by value flow analysis
- Dangerous usage of strncat()
- char constant passed as size to function like memset()

- strncpy() leaving string unterminated


- Accessing array with negative index
- Unsafe usage of main(argv, argc) arguments
- Accessing array with index variable before checking its value
- Check for large enough arrays being passed to functions
- Allocating memory with a negative size
5) Class
Check the code for each class.
- Missing constructors and copy constructors
- Constructors which should be explicit are explicit
- Are all variables initialized by the constructors?
- Are all variables assigned by 'operator='?
- Warn if memory for classes is allocated with malloc()
- If it's a base class, check that the destructor is virtual
- Are there unused private functions?
- 'operator=' should return reference to self
- 'operator=' should check for assignment to self
- Constness for member functions
- Order of initializations
- Suggest usage of initialization list
- Call of pure virtual function in constructor/destructor
- Duplicated inherited data members
6) Condition
Match conditions with assignments and other conditions:
- Mismatching assignment and comparison => comparison is always true/false
- Mismatching lhs and rhs in comparison => comparison is always true/false
- Detect usage of | where & should be used
- Detect matching 'if' and 'else if' conditions
- Mismatching bitand (a &= 0xf0; a &= 1; => a = 0)
- condition that is always true/false
- mutual exclusion over || always evaluating to true

- Comparisons of modulo results that are always true/false.


- Known variable values => condition is always true/false.
7) Exception Safety
Checking exception safety
- Throwing exceptions in destructors
- Throwing exception during invalid state
- Throwing a copy of a caught exception instead of rethrowing the original
exception
- Exception caught by value instead of by reference
- Throwing exception in noexcept, nothrow(), attribute((nothrow)) or
__declspec(nothrow) function
- Unhandled exception specification when calling function foo()
8) Strings
Check format string input/output operations.
- Bad usage of the function 'sprintf' (overlapping data)
- Missing or wrong width specifiers in 'scanf' format string
- Use a file that has been closed
- File input/output without positioning results in undefined behaviour
- Read to a file that has only been opened for writing (or vice versa)
- Repositioning operation on a file opened in append mode
- Using fflush() on an input stream
- Invalid usage of output stream. For example: 'std::cout << std::cout;'
- Wrong number of arguments given to 'printf' or 'scanf;'
9) Leak (Auto Variables)
Detect when a auto variable is allocated but not deallocated or deallocated twice.
10) Memory Leaks (Address not taken)
Not taking the address to allocated memory)
11) Memory Leaks (Class variables)
If the constructor allocate memory then the destructor must deallocate it.
12) Memory Leaks (Function variables)
Is there any allocated memory when a function goes out of scope.

13) Memory Leaks (Struct members)


Don't forget to deallocate struct members
14) Null Pointers
- null pointer dereferencing.
15) Others
Other checks:- division with zero
- scoped object destroyed immediately after construction
- assignment in an assert statement
- free() or delete of an invalid memory location
- bitwise operation with negative right operand
- provide wrong dimensioned array to pipe() system command (--std=posix)
- invalid input values for functions
- race condition with non-interlocked access after InterlockedDecrement() call
- either division by zero or useless condition
- memset() with a value out of range as the 2nd parameter
- return value of certain functions not used
- redundant data copying for const variable
- subsequent assignment or copying to a variable or buffer
- memset() with a float as the 2nd parameter
- C-style pointer cast in C++ code
- casting between incompatible pointer types
- passing parameter by value
- variable scope can be limited
- unusual pointer arithmetic. For example: "abc" + 'd'
- redundant assignment, increment, or bitwise operation in a switch statement
- redundant strcpy in a switch statement
- Suspicious case labels in switch()
- assignment of a variable to itself
- Comparison of values leading always to true or false
- Clarify calculation with parentheses

- suspicious comparison of '\0' with a char variable


- duplicate break statement
- unreachable code
- testing if unsigned variable is negative/positive
- Suspicious use of ; at the end of 'if/for/while' statement.
- Array filled incompletely using memset/memcpy/memmove.
- NaN (not a number) value used in arithmetic expression.

3. Saving Cppcheck Results


XML OUTPUT
Cppcheck can generate the output in XML format.
There is an old xml format (version 1) and a new xml format (version 2) Please
use the new version if you can.
The old version is kept for backwards compatibility only. It will not be changed.
But it will likely be
removed someday. Use xml to enable this format.
The new version fixes a few problems with the old format. The new format will
probably be updated in future versions of cppcheck with new attributes and
elements. A sample command to check a file and
output errors in the new XML format:
cppcheck --xml-version=2 file1.cpp
Here is a sample report
<?xml version=1.0 encoding=UTF-8?>
<results version="2">
<cppcheck version="1.66">
<errors>
<error id="someError" severity="error" msg="short error text"
verbose="long error text" inconclusive="true">
<location file="file.c" line="1"/>
</error>
</errors>
</results>

The <error> element


Each error is reported in a <error> element.
Attributes are:a) Id-id of error. These are always valid symbolnames.

b) Severity-error,warning.style.performance,portability or information.
c) Msg-the error message in short format.
d) Verbose-the error message in long format.
e) Inconclusive-This attribute is only used when the message is inconclusive.

The <location> element


<location> elements. The primary location is listed first.
Attributes are :a) File (filename). Both relative and absolute paths are possible.
b) Line-a number.
c) Msg-this attribute doesnt exist yet. But in the future we may add a short
message for each location.

4. Jenkins Installation

1) Visit the official website of Jenkins i.e. http://jenkins-ci.org/


2) Click use Jenkins.

3) Install rpm package

4) Download the latest package

5) Installation is complete.

5. Cppcheck and Jenkins Integration

We can integrate both by installing Cppcheck plug-in on Jenkins.


Installing Cppcheck plug-in on Jenkins:1) Click on Manage Jenkins .

2) Click on Manage Plugins.

3) Select option Advanced.

4)

Upload the Cppcheck plugin which is a .hpi file. ( You can download
the file from Download Site).

5) Plug-in is now intalled.

6. Creating New Project


Following are the steps to create a new project in Jenkins:1) Click on new item.
2) Type the project name.
3) Select the project type according to your requirements. (Freestyle project
is chosen according to this document.)
4) Add a build step and select Execute Shell in the pop-upmenu.

5) Add a post build action and select publish cppcheck results in the popup- menu.
6) Save the configuration and click on build now.

7) Click on configure.

8) Place your test files(with .c or .cpp extension) in your workspace


(job/projectfolder/workspace/)
Or you can give the path of your source files in the portion mentioned below.(All
the other parts of the code are already explained)

9) Redirect the output to a xml file.

Save the file with cppcheck*-result.xml.


(Example cppcheck_3-result.xml, cppcheck3-result.xml)
10) Type the same file name in the box below in Cppcheck xml report.

11) Save the above configuration and click build now.


The following screen shall appear.
*Note :- the cppcheck trend will appear only after a few builds.

12) click on cppcheck results.

13) The following screen shall appear.

DESCRIPTION
The above screen gives the source files with errors or warnings along with the
lines in which the problem lies and the type of errors associated with each line.
There is a small description given along with the errors and can be made more
elaborate by using verbose option.
On clicking the lines or the files the following sceens appear.

The erroneous lines are highlighted by the Jenkins .

7. Other Snapshots

Console output

Workspace

8. Bibliography

LINKS:1) cppcheck.sourceforge.net/
2) https://en.wikipedia.org/wiki/Cppcheck
3) https://jenkins-ci.org/
4) https://en.wikipedia.org/wiki/Jenkins_(software)
5) www.google.com

Вам также может понравиться