42 lines
1.6 KiB
Docker
42 lines
1.6 KiB
Docker
|
FROM toxchat/infer:latest
|
||
|
|
||
|
COPY toxav/ /work/c-toxcore/toxav/
|
||
|
COPY toxcore/ /work/c-toxcore/toxcore/
|
||
|
COPY toxencryptsave/ /work/c-toxcore/toxencryptsave/
|
||
|
COPY third_party/ /work/c-toxcore/third_party/
|
||
|
RUN infer capture -- clang++ -fsyntax-only \
|
||
|
$(pkg-config --cflags libconfig libsodium opus vpx) \
|
||
|
/work/c-toxcore/toxav/*.c \
|
||
|
/work/c-toxcore/toxcore/*.c \
|
||
|
/work/c-toxcore/toxcore/*/*.c \
|
||
|
/work/c-toxcore/toxencryptsave/*.c
|
||
|
RUN ["infer", "analyze",\
|
||
|
"--report-console-limit", "100",\
|
||
|
"--jobs", "8",\
|
||
|
"--no-bufferoverrun",\
|
||
|
"--no-datalog",\
|
||
|
"--print-active-checkers",\
|
||
|
"--loop-hoisting",\
|
||
|
"--quandary",\
|
||
|
"--racerd",\
|
||
|
"--starvation",\
|
||
|
"--uninit",\
|
||
|
"--disable-issue-type", "BUFFER_OVERRUN_L2",\
|
||
|
"--disable-issue-type", "PULSE_UNNECESSARY_COPY",\
|
||
|
"--enable-issue-type", "EXPENSIVE_EXECUTION_TIME",\
|
||
|
"--enable-issue-type", "INVARIANT_CALL",\
|
||
|
"--enable-issue-type", "PULSE_UNINITIALIZED_CONST",\
|
||
|
"--enable-issue-type", "SENSITIVE_DATA_FLOW",\
|
||
|
"--enable-issue-type", "UNTRUSTED_BUFFER_ACCESS",\
|
||
|
"--enable-issue-type", "UNTRUSTED_HEAP_ALLOCATION",\
|
||
|
"--disable-issue-type", "USE_AFTER_FREE_LATENT",\
|
||
|
"--disable-issue-type", "STACK_VARIABLE_ADDRESS_ESCAPE",\
|
||
|
"--disable-issue-type", "INVARIANT_CALL",\
|
||
|
"--fail-on-issue"]
|
||
|
# In the above, the first 2 are disabled for extreme sensitivity and false
|
||
|
# positives, the ones at the end are probably decent, but have some false
|
||
|
# positives, so we can't fail-on-issue with them on.
|
||
|
# INVARIANT_CALL is pretty fun, but currently wrong, because it can't see
|
||
|
# through potential mutations via callbacks. Our code is bad and we should
|
||
|
# feel bad, but until that's fixed, the invariant checker doesn't work.
|