zephyr/cmake/sca/gcc/sca.cmake at aa3e9c1d1e6d2495299b1c1286ae7365d773ffb3 - patrick/zephyr - Patricks tolles git

patrick/zephyr

Flavio Ceolin 3fc5d971fe security: Add compiler static analysis support

Enable GCC builtin static analysis in Zephyr's static code analysis
(SCA) infra.

When this option is enabled GCC performs a static analysis and
can point problems like:

sample.c

+	int *j;
+
+	if (j != NULL) {
+		printf("j != NULL\n");

output:

${ZEPHYR_BASE}/samples/userspace/hello_world_user/src/main.c:30:12:
warning: use of uninitialized value 'j' [CWE-457]
[-Wanalyzer-use-of-uninitialized-value]

   30 |         if (j != NULL) {
      |            ^
  'main': events 1-2
    |
    |   25 |         int *j;
    |      |              ^
    |      |              |
    |      |              (1) region created on stack here
    |......
    |   30 |         if (j != NULL) {
    |      |            ~
    |      |            |
    |      |            (2) use of uninitialized value 'j' here

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>

2024-01-25 12:07:27 +01:00

6 lines

122 B

CMake

Raw Blame History

 # SPDX-License-Identifier: Apache-2.0
 #
 # Copyright (c) 2024 Intel Corporation
 list(APPEND TOOLCHAIN_C_FLAGS -fanalyzer)