[Discourse.ros.org] [Next Generation ROS] Static analysis of open source ROS2 C++ packages

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[Discourse.ros.org] [Next Generation ROS] Static analysis of open source ROS2 C++ packages

Ahmed Ali via ros-users


Is it planned to statically analyze the ROS2 C++ core code base like done for ROS1 [ros_comm](https://scan.coverity.com/projects/ros-ros_comm) and [roscpp_core](https://scan.coverity.com/projects/ros-roscpp_core)? Is [Coverity Scan](https://scan.coverity.com/) suggested for static analysis of open source ROS2 C++ packages? Or do you suggest to use other (alternative or complementary) tools out there?





---
[Visit Topic](https://discourse.ros.org/t/static-analysis-of-open-source-ros2-c-packages/3577/1) or reply to this email to respond.


If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates.
______________________________________________________________________________
ros-users mailing list
[hidden email]
http://lists.ros.org/mailman/listinfo/ros-users
Unsubscribe: <http://lists.ros.org/mailman//options/ros-users>
Reply | Threaded
Open this post in threaded view
|

[Discourse.ros.org] [Next Generation ROS] Static analysis of open source ROS2 C++ packages

Ahmed Ali via ros-users


ROS 2 supports various linters, e.g. also `cppcheck`. Those can be run on every build an therefore provide a timely and continuous feedback.

Coverity on the other can currently not be triggered automatically. A one time analysis is only of limited value. But if someone would automate the process that would be very helpful.





---
[Visit Topic](https://discourse.ros.org/t/static-analysis-of-open-source-ros2-c-packages/3577/2) or reply to this email to respond.


If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates.
______________________________________________________________________________
ros-users mailing list
[hidden email]
http://lists.ros.org/mailman/listinfo/ros-users
Unsubscribe: <http://lists.ros.org/mailman//options/ros-users>
Reply | Threaded
Open this post in threaded view
|

[Discourse.ros.org] [Next Generation ROS] Static analysis of open source ROS2 C++ packages

Ahmed Ali via ros-users
In reply to this post by Ahmed Ali via ros-users


I've also been playing around with using clang static analysis locally.  It should be possible to automate the scanning and integrate reporting into CI, but it will take some effort.





---
[Visit Topic](https://discourse.ros.org/t/static-analysis-of-open-source-ros2-c-packages/3577/3) or reply to this email to respond.


If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates.
______________________________________________________________________________
ros-users mailing list
[hidden email]
http://lists.ros.org/mailman/listinfo/ros-users
Unsubscribe: <http://lists.ros.org/mailman//options/ros-users>
Reply | Threaded
Open this post in threaded view
|

[Discourse.ros.org] [Next Generation ROS] Static analysis of open source ROS2 C++ packages

Ahmed Ali via ros-users
In reply to this post by Ahmed Ali via ros-users


[quote="dirk-thomas, post:2, topic:3577"]
ROS 2 supports various linters, e.g. also cppcheck. Those can be run on every build an therefore provide a timely and continuous feedback.
[/quote]

You mean the [ament_lint integrations](https://github.com/ament/ament_lint), right?

[quote="dirk-thomas, post:2, topic:3577"]
Coverity on the other can currently not be triggered automatically. A one time analysis is only of limited value. But if someone would automate the process that would be very helpful.
[/quote]

Absolutely, the faster the feedback loop the better. (The only thing you are missing in comparison to an IDE integration of tools is immediate feedback for effective learning how to code without introducing defects.)





---
[Visit Topic](https://discourse.ros.org/t/static-analysis-of-open-source-ros2-c-packages/3577/4) or reply to this email to respond.


If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates.
______________________________________________________________________________
ros-users mailing list
[hidden email]
http://lists.ros.org/mailman/listinfo/ros-users
Unsubscribe: <http://lists.ros.org/mailman//options/ros-users>
Reply | Threaded
Open this post in threaded view
|

[Discourse.ros.org] [Next Generation ROS] Static analysis of open source ROS2 C++ packages

Ahmed Ali via ros-users
In reply to this post by Ahmed Ali via ros-users


[quote="fkromer, post:4, topic:3577"]
You mean the ament_lint integrations, right?
[/quote]

Yes.

[quote="fkromer, post:4, topic:3577"]
The only thing you are missing in comparison to an IDE integration of tools is immediate feedback for effective learning how to code without introducing defects.
[/quote]

Since the linters used in ROS 2 are commonly existing tools (potentially only with a custom configuration file) you should be able to configure them in your IDE of choice. I am using e.g. the majority of the linters in Atom to get immediate feedback which is as you mentioned immensely useful.





---
[Visit Topic](https://discourse.ros.org/t/static-analysis-of-open-source-ros2-c-packages/3577/5) or reply to this email to respond.


If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates.
______________________________________________________________________________
ros-users mailing list
[hidden email]
http://lists.ros.org/mailman/listinfo/ros-users
Unsubscribe: <http://lists.ros.org/mailman//options/ros-users>
Reply | Threaded
Open this post in threaded view
|

[Discourse.ros.org] [Next Generation ROS] Static analysis of open source ROS2 C++ packages

Ahmed Ali via ros-users
In reply to this post by Ahmed Ali via ros-users


[quote="dirk-thomas, post:5, topic:3577"]
Since the linters used in ROS 2 are commonly existing tools (potentially only with a custom configuration file) you should be able to configure them in your IDE of choice. I am using e.g. the majority of the linters in Atom to get immediate feedback which is as you mentioned immensely useful.
[/quote]

At the moment Atom is my choice as well. I integrate it and try to find some time to write a few lines about integration into the [ROS2 wiki](https://github.com/ros2/ros2/wiki).





---
[Visit Topic](https://discourse.ros.org/t/static-analysis-of-open-source-ros2-c-packages/3577/6) or reply to this email to respond.


If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates.
______________________________________________________________________________
ros-users mailing list
[hidden email]
http://lists.ros.org/mailman/listinfo/ros-users
Unsubscribe: <http://lists.ros.org/mailman//options/ros-users>