Static analysis with Cppcheck in eclipse CDT and Jenkins

Static analysis tools look for a wide range of potential errors with code that compilers do not look for.    Cppcheck is a an open source static analysis tool, it is extensible and being actively developed. These are the sorts of errors that can be found

  • Out of bounds checking
  • Memory leaks checking
  • Detect possible null pointer dereferences
  • Check for uninitialized variables
  • Check for invalid usage of STL
  • Checking exception safety
  • Warn if obsolete or unsafe functions are used
  • Warn about unused or redundant code
  • Detect various suspicious code indicating bugs

This post walks through the process of installing Cppcheck and integrating it with eclipse CDT as well as on Jenkins.

Installing Cppcheck

Download and run the msi installer from http://cppcheck.sourceforge.net. I clicked on through accepting the defaults.
NOTE: I installed version 1.71, originally I tried the x64 version but had problems, the x86 version worked fine.
To understand how to run cppcheck refer to the manual.

Installing the eclipse plugin

In eclipse click Help->Eclipse Marketplace and search for Cppcheclipse.
Click Install then Confirm >
Accept the terms of the license and Finish. (I was prompted about installing unsigned software – I chose to continue). When prompted restart eclipse.
The next step is to configure the plugin. In Eclipse go to Window->Preferences->C/C++->cppcheclipse and set the path for the binary
Now review the Problems and Settings preferences, see below for the settings I use, I have all Problems enabled.
Now In the C/C++ perspective select the project that you want to check, right click and select cppcheck->Run cppcheck.
Any problems found are shown in the Problems tab
Double clicking on an issue takes you to the offending code (could this be a deliberate error?)

 

 

NOTE: I had repeated problems with errors: URI is not absolute
I worked around this by changing all include paths for the project to absolute paths. Not a real solution for me, for now I change the paths to analyse and then change back afterwards, or ignore the eclipse plugin and run on the command line.

Installing the Jenkins Plugin

Log in to Jenkins and go to Jenkins->Manage Jenkins->Mange Plugins, select the Available Plugins tab and Filter for cppcheck.
check the Install check box and select Install without restarting.
At this point you need to configure Jenkins to run the analysis and report on it, static analysis typically takes much longer than compilation for the same code. So in a real world application I would create a new Jenkins Job that checks out the code and runs the analysis. For my home project I’ll just extend the existing job.
Edit the node configuration for the build slave (Jenkins->Manage Jenkins->Manage Nodes) to add a label for cppcheck and also set an environment variable to say where cppcheck is installed.
Now in your Jenkins Job configuration – make it depend on the cppcheck label
Add a build step to run cppcheck, the example below is what I have, note the 2> which redirects stderr into a file, this is needed to capture the xml output.
Add a Post Build step to publish the cppcheck results (Once it is working play with the advanced options).
Now run a couple of builds and you should see graphing of the analysis results, be able to drill into the results down to the specific lines in files.

gcov code coverage in eclipse and Jenkins

Introduction

This post gives step by step instructions for adding code coverage with gcov to a google test eclipse project that is built as part of a CI process on Jenkins. This post starts from the point of already having a project compiled by a gnu compiler, in an eclipse CDT project that is being build on Jenkins. These posts give the information required to get to this stage.

Using google test with CDT in eclipse
Integrating SVN, Trac and Jenkins with eclipse
Automating eclipse CDT build on Jenkins

To enable code coverage with gcov the project needs to be instrumented (build with flags that cause the raw coverage information to be saved when an executable runs). Having built the code with these flags enabled, and run the executable, both eclipse and Jenkins can be configured to view the coverage.

Enabling code coverage in the build

To determine what code coverage the unit tests have in the unit test project in eclipse: Right click on the project and select Properties->C/C++ Build->Settings->Tool Settings->GCC C++ Compiler->Debugging and check Generate gov information (-ftest-coverage -profile-arcs).

Still in the Properties->C/C++ Build->Settings->Tool Settings select MinGW C++ Linker->Miscellaneous and then in the Linker flags box add -ftest-coverage -fprofile-arcs.
Click OK to close the properties dialog. clean the project and the build, then look in the Debug folder and there should be a .gcno file for every source file.

Coverage Reports in eclipse

CDT includes support for gov, however this support relies on external tools that must be in the path. I tried to add them to the path in the eclipse project, I couldn’t get it to work, so I had to extend the Windows environment variable path. The path needs to include a path to addr2line, c++filt and nm, with my install of minGW I added c:mingwbin. Shutdown and restart eclipse so that it has access to the new path.
Now run your unit test application in eclipse, this will generate a .gcda for each source file. Now if you open any .gcda or .gcno file you should see
Click OK and the gov tab should be opened with coverage shown
NOTE: If you get an error here the most likely reason is that the gcov data is not all from a single binary version of the test application. The quick way to resolve this is to delete the Debug directory, rebuild and rerun the tests.
NOTE: When you double click on a file in the gov tab it opens the associated source file and should show line by line the coverage. Except in my scenario it doesn’t for linked folders. To see line by line coverage open the file of interest from the linked folders, open the file from under the unit test project, the coverage will show. This is being tracked as bug 447554 in the eclipse bugzilla. (Update 9 January 2016 – This is now fixed in updates-nightly-mars, Thank you Jeff)

Coverage in Jenkins

To get a coverage report added to the Jenkins job we have to convert the gcov output into a a format that can be understood by Jenkins (using gcovr) and then configure Jenkins with the cobertura plugin.

gcovr

gcovr is a python application, so before it can be used you need python installed on the jenkins slave. Download and install active python from https://www.activestate.com/activepython/downloads. In my case I downloaded the ActivePython 2.7.10.12 (x64). I accepted all defaults on the installer.
Open a command prompt and install gcovr
pypm -g install gcovr

I found it very hard to get the correct options on gcovr for the files I wanted in the output. I installed activepython and gcovr in the same way on my desktop machine, and experimented in the eclipse workspace. For me with an eclipse workspace at C:UsersDavidworkspace. Running the command below from C:UsersDavidworkspacehex2numSource I got the desired output. i.e. coverage for each source and include file being tested in hex2num.

python c:Python27Scriptsgcovr -r . –object-directory= ….hex2numUnitTestDebug -f .*\hex2num\Include\ -f .*\hex2num\Source\ 

cobertura

Cobertura is a plugin for Jenkins that displays code coverage. To install the plugin login to Jenkins and go to Manage Jenkins->Mange Plugins->Available, select Cobertura Plugin, click Install without Restart.

For the Jenkins job you are configuring (in this example hex2num) go to the job configuration page, select Add Build Step->Execute Windows batch command. Add the following to go to the correct directory, I have added flags to generate xml output to a named file.

cd hex2numsource

python c:Python27Scriptsgcovr -r . –object-directory= ….hex2numUnitTestDebug -f .*\hex2num\Include\ -f .*\hex2num\Source\ -x -o ….gcovr.xml

Then select Add post-build action->Publish Cobertura Coverage Report, enter the path to the generated results file. Selecting Advanced allows a variety of options to be set.
Run a build and you should start to see code coverage reports, once a second build has been run you should start to see graphs. You can also drill in for more details.

Getting painted files to show in Cobertura

Although cobertura is displaying coverage there are two problems
  1. The package names don’t read well
  2. Painted source files don’t show as cobertura cannot find the source files

To resolve this I wrote a small python script to patch the paths in the gcovr.xml files. Save this source as C:Python27ScriptsCorrectGcovrPaths.py.

try:
import xml.etree.cElementTree as ET
except ImportError:
import xml.etree.ElementTree as ET
import sys
gcovrXmlFilename=sys.argv[1]
paths = sys.argv[2:]

tree = ET.ElementTree(file=gcovrXmlFilename)
for packageElement,path in zip(tree.iter(tag=’package’),paths):
packageElement.set(‘name’,path)
for classElement in packageElement.iterfind(‘classes/class’):
filename = classElement.get(‘filename’)
filename = filename.split(‘\’)[-1:][0]
filename = path+”/”+filename
classElement.set(‘filename’, filename)
tree.write(gcovrXmlFilename)

In the jenkins job, change the windows batch command that runs gcovr so that it looks like this.

The script reads the file in the first argument (gcovr.xml), renames the first package(directory) to the next argument and sets the path for all classes (files) in the package, the second argument is processed similarly. More arguments can be added for additional packages.
In Jenkins you can then see nicely painted sources like this

Automating eclipse CDT build on Jenkins

In my previous posts I have shown how to setup Jenkins to work with SVN and trac running on the Raspberry PI. I have also shown how to configure eclipse to work with google test and how to configure eclipse to work with SVN and trac. This post covers how to automate the build of the eclipse projects under Jenkins and how automate running the unit tests.

Jenkins Configuration

Jenkins Slave Setup

First of all install all of the tools that you need for your build on a Jenkins slave, in my case eclipse CDT with a selection of plugins, and Mingw. Eclipse is not on the path by default, so I created a system environment variable ECLIPSE_DIR on the slave, with the path to where eclipse is installed. I also restarted the Jenkins slave service so that it had access to the new environment variable.
Decide on a label for these tools, I will use two, eclipse mingw. Login to Jenkins to add the labels to the slave with the tools installed. Go to Manage Jenkins->Manage Nodes, select the node and add the labels

 

Jenkins Job Configuration

Add the job to Jenkins, from the Jenkins home page select New Item, name the job and select Freestyle project, click OK. My example project is called Hex2Num, a simple utility I’ve written, it consists of two eclipse projects (a unit test project and the application), the unit tests are written using googletest, documentation is handled with doxygen, gcov is used for code coverage.
There is quite a bit of configuration, on the job page, so section by section

Name and Description

Fill in a meaningful description

Trac

If you are using trac and have integrated trac and Jenkins (see Integrating Trac and Jenkins) then fill in the URL to access trac.

Restricting where the build runs

Only the build to run on slaves that have the labels mingW and eclipse
Source Code Management

The source is stored in a single module in subversion, fill in the URL and any required credentials.

Build

Click Add build step->Execute windows batch command, this command builds all of the projects in the workspace as DEBUG.

Warnings

Click Add Post-Build action->Scan for compiler warnings and select gnu 4

 

Google Tests

Go back and add another  build step, Click Add build step->Execute windows batch command, this command executes the unit test application and generates an xml results file that can be interpreted as Unit results.
Add another post-build action, Click Add Post-Build action->Publish Unit test result report and enter the name of the result file.

Results

After a few builds have been run two graphs will appear on the Jenkins page for the job.

Integrating SVN, trac and jenkins with eclipse CDT

I have previously posted on how to install trac, SVN and jenkins on the Raspberry Pi, and also on how to install (see the bottom of this post for related posts). When using Eclipse there are helpful plugins that tightly integrate all of these tools. This post covers the installation and configuration of these tools.
NOTE: I am installing in the Mars release of Eclipse CDT.

Subversion – Install Subclipse

There are two competing SVN integrations for Eclipse, subclipse and subversive. Both appear to be good, subclipse is supported by tigris (the organisation behind subversion), subversive is supported as an official Eclipse project. I have personally used subclipse for a long time and see no compelling reason to change.
If you use any other SVN client to work on the same checkout as Eclipse then they must use the same working copy format. See the subclipse download and install page for details. Because I also use tortoise SVN and am currently using version 1.8.x,  I need to use subclipse 1.10.x. The update site for this version is http://subclipse.tigris.org/update_1.10.x
In Eclipse go to Help->Install New Software…, in the Install dialog press the Add… button paste in the url for the update site that you require and enter a name.
Click OK and then select Subclipse and SVNKit as shown
click through accepting the license agreement and wait for the install to complete. I got a warning about unsigned content during the install and chose to accept the installation.
The built in help for subclipse is good, in Eclipse click Help->Help Contents and then find the topic Subclipse – Subversion Eclipse Plugin, the getting started section walks you through how to add a new project or how to access an existing one.

Trac and Jenkins install Mylyn Connectors

In Eclipse go to Help->Install New Software…, in the Install dialog in the Work with: drop down pick –All Available Sites– and then under Collaboration check Mylyn Builds Connector: Hudson/Jenkins and Mylyn Tasks Connector : Trac.
click through accepting the license agreement and wait for the install to complete.

Configuring the trac connector

Switch to the SVN Repository Exploring perspective in Eclipse, in the bottom left of the display you should see the Task Repositories view. In this view right click and Add Task Repository, or click on the  icon, select the Trac repository type and click Next.
NOTE: you may be prompted to setup a Secure Storage Password.
In the Add Task Repository… dialog, for the Server enter the URL that you use to browse to the trac repository, in the Label field put a short description, complete the User ID and Password that you use to log in to trac. Validate Settings and then Finish.
When you click Next you will be prompted to Add a new query, queries give you the ability to filter lists of trac tickets to those appropriate to you, a component, a release or whatever. The example below shows all of my open tickets.
To then see the results of the queries click Window->Show View->Other, then under Mylyn select Task List and click OK.
In the Task List it is possible to expand the queries to see lists of tickets, and the tickets can be opened and worked on. See below for an example.

Configuring the Jenkins Connector

Open the Mylyn Builds View (Click Window->Show View->Other…, and find Builds under Mylyn)
In the Builds view either click on Create a build server or on the icon. Select Hudson (supports Jenkins).
Fill in the Server:, Label:, User: and Password:, fields assuming you are using password authentication. For me the server URL is http://xxx.xxx.xxx.xxx:8080 where xxx.xxx.xxx.xxx is the IP address of my server. Check any build plans you are interested in , validate your settings and click finish.
From this builds view all build plans selected are visible, builds can be manually started, the build history is available and details for individual builds can be accessed (Such as warnings, test results and changes made).

Related Posts

Using Google Test with CDT in eclipse (Covers the installation of Eclipse CDT and MinGW)

A solution to Jenkins jobs conflicting over shared resources

I have been looking for a way to manage the execution of Jenkins jobs that require exclusive access to a resource other than the Jenkins slave it is being built on. Let’s consider two scenarios that can cause problems.

Shared Physical Resource

Working with embedded systems I often want to run tests on an embedded device as part of a continuous integration process. I may have multiple Jenkins slaves that are capable of running the jobs, with a single specific embedded device required. If I have multiple jobs how do I ensure that only one runs at a time?

Software License and Tool Versions

For years I have used vxWorks and the Windriver Workbench IDE. Lets suppose that I have three Jenkins Slave Nodes, each with a different version of the tools installed. The tools are licensed by FlexLM on a license server, only one of these slaves can run the tools at the same time. With no restrictions if two jobs are run concurrently that require different versions of the tool then one will fail to build with a license violation. How do I ensure that the jobs are sequenced rather than running concurrently?

The solution

Basic Usage

The Jenkins Lockable Resource Plugin elegantly solves these problems.
The plugin is installed in the normal way from Manage Jenkins->Manage Plugins->Available, tick the box next to the plugin and Install (I restarted as well). Once installed go to Manage Jenkins->Configure System, scroll down to the Lockable Resources Manager and Add Lockable Resource.
In this example I have created a resource to represent a Raspberry Pi running Codesys. I have chosen a unique name (I may have more than one in the future) and a label for the type of node.
Next configure the jobs that require the resource, in the Configuration page for the jobs check the This build requires lockable resources check box.
 
 
 
In this particular build I have selected a specific resource. When the job runs you can see the resource being locked around the job.
If the resource is already locked when the job becomes ready to run then it is held pending in the Build Queue, having NOT blocked the Slave node.
 

Manually Reserving a Resource

One other nice feature of the plugin is that it is possible to manually reserve the resource, so if in my example I wanted to do some maintenance on the raspberry pi I can go to Manage Jenkins->Configure System, and put some text in the Reserved by field to take the lock thus holding off builds until I have finished.
 

Advanced

Suppose that I have two embedded devices that I could run my tests on CODESYS_RPI_1 and CODESYS_RPI_2, both configured identically. However my build job needs to know which has been locked so that it can communicate appropriately. To achieve this I have changed the configuration for my job to depend on the resource Label rather than the resource name, and introduced a variable to hold the name of the resource that was locked, like this

Now looking at the Parameters for the build we can see which resource was locked.
 
This parameter can be used like any other in the build.
 
Some tests may require multiple resources, let’s say that we need two identical devices, setting the Number of resources to request to 2 and building shows the variable now has the names of both resources.
 
 

Conclusion

The lockable Resources Plugin provides a simple, elegant solution to locking/reserving resources for a job. As shown above it is easy to have a lock represent a physical resource, the plugin can equally be used in the licensing scenario, define a single resource to represent the license, each job requires the resource and is locked to running on the appropriate slave. Definitely one to add to my list of favourite Jenkins Plugins.
 
 
 

Configuring a Jenkins Slave to build VS2013 projects

Introduction

I have previously installed Jenkins, SVN and Trac on a single Raspberry Pi 2, with the intention of having a home Continuous Integration server (CI). I now want to get a visual studio 2013 solution built by Jenkins.

As a first project I have decided to get googletest (gtest) to build. As a precursor I have downloaded version 1.7.0 and added it to my local SVN repository, I then copied the msvc directory to msvc2013, open the solution in VS2013, allowed the onetime upgrade to happen, and then committed the new directory. If I build locally gtest builds with a couple of warnings (which is good because we can then check that jenkins sees the warnings).

I have a clean windows 8.1 PC (virtual machine actually) with Visual Studio 2013 Community Edition installed, and the latest version of Java installed (Version 8 update 51).

As a starting point I am following the Step by Step guide to setup master and slave in the Jenkins documentation.

Configuring the Jenkins Master

In a browser on the intended Jenkins slave, open up the Jenkins server main page (In my case http://xxx.xxx.xxx.xxx:8080, where xxx.xxx.xxx.xxx is the IP address of my RPi). Select Manage Jenkins->Manage Nodes and then select New Node.
Enter a name for Jenkins to reference the slave as and select Dumb Slave, click OK. You are then shown the Configure page for the slave, these are the initial settings I choose, the Label is important, I use it later when setting up the build to identify this as a suitable slave to build on.

Save and then click on the newly added node and then click the Launch button.

I had to edit the Java security settings in the control panel on the PC to make http://192.168.0.34:8080/ a trusted site, the Jenkins slave then launched successfully
For now I want to launch the slave manually, so the configuration of master and slave is done.

Adding the required plugins to Jenkins

I browsed to Jenkins->Manage Jenkins->Manage Plugins. Before adding new plugins I decided to update all installed plugins to their latest version.
I then selected the Available tab and added the following plugins MSBuild, Log Parser, Warnings, Static Analysis Collector.
I browsed to Jenkins->Manage Jenkins->Configure System, scrolled down to MSBuild and added the following configuration.

Note: the location of MSBuild is specific to each version of Visual Studio, This plugin only offers one global path setting for each MSBuild  installation, so every build slave that you create a particular Visual Studio Installation on must have the same install path for MSBuild. I don’t think this is any great restriction.

Configuring the Build

In a browser go to Jenkins and select New Item, enter an item name (The name of your build, I use GoogleTestVS2013). You are then faced with the project configuration page, the exact content of this page depends on which plugins you have installed. The key sections are
Restrict the build to only run on slaves with vs2013 installed.
Link to the source code to checkout
Click Add build Step and select Build a Visual Studio project or solution using MSBuild
Click Add post-build action and select Scan for compiler warnings
For me that was sufficient, Jenkins can now checkout and build my visual studio project, after the build warnings are shown.

 

Integrating trac and Jenkins

In this post I cover how I have integrated Trac and Jenkins using HudsonTracPlugin and Jenkins Trac Plugin. I am running both Trac and Jenkins on a Raspberry Pi 2.

Trac Plugin

The Trac Plugin is a plugin for Jenkins that creates links from Jenkins projects to Trac instances. 
As an example, if you committed a change with the following log message: 

The Trac plugin decorates Jenkins “Changes” HTML to create links to your Trac wiki, tickets, changesets, and source browser.
Reverted changeset:123 to close ticket #456.
your Jenkins job changes page would make changeset:123 and #456 hyperlinks to the appropriate Trac changeset and ticket pages, respectively.
In the Jenkins change details, there would be a link to the Trac pages for the:

 

  • changeset committed,
  • files changed, and
  • diff of the changes for each changed file.

Installation involved browsing to Jenkins->Manage Jenkins->Manage Plugins->Available, selecting Available Plugins and then checking the Edgewall Trac Plugin.
The plugin is then configured as part of a build configuration


As simple as that, references to changesets and ticket numbers are now shown as hyperlinks and there is a link from the build page back to trac.

HudsonTracPlugin

The HudsonTracPlugin is a Trac plugin that includes Jenkins build results into the Trac timeline and (optionally) provides a navbar menu to link to the Jenkins instance.

As a newbie I found the documentation for installing this plugin to be somewhat limited. It was actually remarkably easy.

The first step is to install the plugin which is written in python using easy_install, so in a terminal session to the RPi

sudo easy_install https://trac-hacks.org/svn/hudsontracplugin/0.10/

This gave the following output
Downloading https://trac-hacks.org/svn/hudsontracplugin/0.10/
Doing subversion checkout from https://trac-hacks.org/svn/hudsontracplugin/0.10/ to /tmp/easy_install-xAXEIt/0.10
Processing 0.10
Running setup.py -q bdist_egg –dist-dir /tmp/easy_install-xAXEIt/0.10/egg-dist-tmp-vkGSex
unrecognized .svn/entries format; skipping .
unrecognized .svn/entries format in 
zip_safe flag not set; analyzing archive contents…
Adding HudsonTrac 0.5-r0 to easy-install.pth file

 

Installed /usr/local/lib/python2.7/dist-packages/HudsonTrac-0.5_r0-py2.7.egg
Processing dependencies for HudsonTrac==0.5-r0

Finished processing dependencies for HudsonTrac==0.5-r0

I then chose to reboot my RPi, I suspect I could have just restarted apache.

Using a browser I then went to the Trac Admin->Plugins page, HudsonTrac 0.5-r0 was now listed, I enabled it and Applied Changes as shown.




Finally I logged back in to the RPi and edited trac.ini

sudo vi /var/trac/projects/prod/conf/trac.ini

I added the following to the end of the file

[hudson]
alternate_success_icon = true
api_token =
display_build_descriptions = false
display_building = true
display_culprit = false
display_in_new_tab = false
display_modules = false
job_url = http://192.168.0.34:8080/
list_changesets = true
main_page = http://192.168.0.34:8080/
password =
timeline_opt_label = Builds
username  =

 
I restarted Apache and it worked 🙂 Builds are shown in the timeline, they act as links to the builds on Jenkins. There is also a builds tab added to the trac navbar.

Installing Jenkins on Raspberry Pi

I want to get a CI system setup at home and decided to try getting Jenkins up and running on a Raspberry Pi 2. My starting point is the latest Rasbian distribution, I have fixed the IP address of this Raspberry PI at 192.168.0.34.

NOTE: I initially tried just installing jenkins from Rasbian, with sudo apt-get update and sudo apt-gt install jenkins, however this installed a very old version of Jenkins and I couldn’t easily update it. This post covers installation of the latest stable version of Jenkins on a clean Rasbian system.

I found instructions to install the latest stable version of Jenkins on Ubuntu and Debian, I chose to install the LTS version.

First I added the key for the LTS version to my repository

wget -q -O - http://pkg.jenkins-ci.org/debian-stable/jenkins-ci.org.key | sudo apt-key add -

Then I updated /etc/apt/sources.list: adding this line to the top of the file

deb http://pkg.jenkins-ci.org/debian-stable binary/

Updated the local package index, then finally install Jenkins:

sudo apt-get update
sudo apt-get install jenkins

the install happened without problems

I then browsed to http://192.168.0.34:8080/, the default port for Jenkins, and voila!