New Code Checks for Beast

[Tim Janik <timj gnu org>]

Hey All.

Yesterday, I've landed the 'codechecks' branch in master.

It consists of a couple scripts that provide a bunch of new diagnostics beyond
compiler errors and warnings. The new scripts are as follows:

* misc/run-cppcheck.sh - configures and runs cppcheck on the current Beast
checkout, utilized parallel execution. -u can be used to detect unused functions
(single threaded).

* misc/keywords.sh - can be used (-g) to grep for FIXME, BUG, ALERT, HACK and a
number of other keywords, or to colorize these keywords in an input stream (-c).

* misc/blame-lines - matches FILE:LINE:MESSAGE patterns and adds information
about commit hash and author email related to FILE:LINE.

* misc/run-codechecks.sh - this sets up a bionic docker environemt and runs
scan-build, clang-tidy, run-cppcheck.sh, keywords.sh, blame-lines with the
proper defines and in the appropriate order on the latest git version. The
results are collected under codechecks/ in the beast checkout.

Executing the above scripts by simply calling misc/run-codechecks.sh will
generate a bunch of diagnostics files:

:; wc -l *
      0 html/
  11488 clang-tidy.blame
   8899 clang-tidy.log
   2388 cppcheck.blame
   1232 cppcheck.log
    413 fixmes.blame
    240 fixmes.log
    195 scan-build.blame
     98 scan-build.log
   5893 unused.blame
   3072 unused.log
  33918 total

* The .log files are the output of the respective tools (sometimes with a bit of
polishing to make the FILE:LINE: prefixes parsable). fixmes.log is generates by
keywords.sh, unused.log is generated by run-cppcheck.sh -u.

* The .blame files contain the same information as the .log files with commit
and author-email information added.

* scan-build generates a number of html reports, the docker script summarizes
these in scan-build.log, but the individual reports can still be browsed with e.g.:

        firefox html/20*/report-*.html

Here're my ideas what we should do with this input:

* fixmes.log: long term, we should get rid of all "FIXME"s in code. The
occasional TOD makes sense, but FIXME/BUG is usually an indication of outdated
code or something that severely needs fixing.

* cppcheck.log: it'd be great to have input here how to reduce false positives.
This needs detailed investigation of the errors reported. Note, cppcheck
generates a lot of false positive due to simplistic checks (e.g. demanding
"explicit" for all 1-argument ctors).

On a side note, I had recently enabled codacity reviews for the Beast
repository, including PRs. It turns out the site seems to simply use cppcheck
with all the false positives you get from it, so some PRs have uselessly been
flagged as "breaking". I've thus removed codacity reivews from Beast again,
codechecks/ gives us all of that info and a lot more from other tools.

For now, docker is required to run all tests in concert and generating all the
codecheck files takes quite some time. Next, I'll look into possibly automating
this and hosting the reuslts on bintray or similar, so developers and PR
contributors can simply download the reports.

Also, the clang-tidy checks could be extended to generate diffs for modernizing
our uses of C++, some of those seem to be of questionable benefit though, so
this also needs deeper investigation.


-- 
Yours sincerely,
Tim Janik

https://testbit.eu/timj
Free software author.