Static Analysis using Jenkins job

Deepshikha Khandelwal
3 min readAug 17, 2017

Being involved in software engineering domain, I came to know the significance of software testing, thanks to my mentor and this is how static analysis popped up in my mind.

The implementation of static analysis job within Jenkins, the most popular open source tool for Continuous Integration and Continuous Deployment made it more interesting.

In order to configure the Jenkins for building the project(eg. Gluster), Jenkins Job Builder is used.Two of the major tools used for examining the C/C++ code of Gluster are cppcheck and clang.

Why static analysis? Sometimes there may be a situation when compiler often fail to reveal all the bugs.Static code analysis helps in improving the situation a little.In this post we will take a look at clang job for analysis of Gluster on the CI system.

Clang scan-build job

Clang is a free open-source cross-platform static analyzer, which comes as a part of so called “LLVM-stack”. Unlike Cppcheck, Clang Static Analyzer is much slower, but it can catch much more critical bugs.

Steps to build a clang-scan job:

  1. Install a Clang Scan-Build onto the Jenkins master or slave which will be executing your XCode builds.
  2. Install a Clang Scan-Build plugin which will simply archive and make available the analyzer results on the Jenkins server. Go to Manage Jenkins ->Manage Plugins ->install Clang Scan-Build Plugin
  3. Configure the jenkins using JJB(Jenkins Job Builder).It takes simple descriptions of Jenkins jobs in YAML format, and use them to configure Jenkins jobs.

NOTE: JJB should be setup and properly configured on your machine.

To illustrate how to configure jenkins job for clang scan,here is a clang.yml file as an example:

- job:
name: clang-scan
description: Run the clang scan-build on gluster code
project-type: freestyle
- git:
choosing-strategy: gerrit
- build-discarder:
days-to-keep: 1
num-to-keep: 1
artifact-days-to-keep: 2
artifact-num-to-keep: 2
- timed: “H 0 * * *”
- shell: !include-raw: ../scripts/
- scan-build:
mark-unstable: true
threshold: 899

This job runs nightly so as to discover the bug reports on daily basis. In this YAML file I have added the post build actions to publish the scan-build results(see publishers list above).

To invoke scan-build from the command-line using make,you need to create a job with Build Step -execute shell script that takes care of generating clang reports (eg. such as:

./configure CC=clang
scan-build -o ${WORKSPACE}/clangScanBuildReports -v -v — use-cc clang — use-analyzer=/usr/bin/clang make

CC is C compiler command.‘-o’ option is used to specify the directory (${WORKSPACE}/clangScanBuildReports) for reports.There are dozens of other options you can use to customize scan-build.There will be a lot of HTML reports generated in this directory for the publisher to find it.

HTML reports generated after successful build

Open it in a browser, the HTML report will define each bug of the code in more detail-

Following command is used to test out build of the JJb-

~/jenkins-job-builder$ jenkins-jobs test jobs/clang.yml

Now to update the jenkins server-

~/jenkins-jobs-builder$ jenkins-jobs --conf etc/jenkins_jobs.ini update jobs/clang.yml

Once you are done with updating, you need to do a test build of the project.And once the project has been successfully built you will be able to access the scan-build reports of the project as shown in the screenshot below-

The graph here shows the clang scan-build trend and ultimately leading us to the status of improvement in the number of bugs.

All in all, clang static analyzer is a great tool to have at your disposal, especially if you are working on CI tasks.