本文告訴大家如何使用 Infer# 開源庫(kù)配合 GitHub 的 Action 實(shí)現(xiàn)自動(dòng)分析代碼缺陷，如找到可空引用或線程安全等問(wèn)題

這是一個(gè)在 GitHub 上完全開源的倉(cāng)庫(kù)，請(qǐng)看?https://github.com/microsoft/infersharp

剛好今天收到了 Infer# 發(fā)布 1.2 版本博客，請(qǐng)看?Infer# v1.2: Interprocedural Memory Safety Analysis For C# - .NET Blog

關(guān)于 GitHub 的 Action 的基礎(chǔ)入門請(qǐng)看?dotnet 部署 github 的 Action 進(jìn)行持續(xù)集成

使用的方法非常簡(jiǎn)單，只需要在 GitHub 的 Action 的配置文件里面添加如下代碼

- name: Run Infer# uses: microsoft/infersharpaction@v1.2with:binary-path: 輸出二進(jìn)制文件夾路徑

如我在?https://github.com/dotnet-campus/AsyncWorkerCollection?開源倉(cāng)庫(kù)上的配置代碼如下

- name: Run Infer# uses: microsoft/infersharpaction@v1.2with:binary-path: AsyncWorkerCollection/bin/Release/netcoreapp3.1

此輸出的二進(jìn)制文件夾路徑里面要求是包含 dll 和 pdb 文件，通過(guò) dll 進(jìn)行分析，通過(guò) pdb 從而告訴你是哪個(gè)文件

效果如下

可以看到輸出了資源沒有釋放和線程安全問(wèn)題

Found 3 issuesIssue Type(ISSUED_TYPE_ID): #Thread Safety Violation(THREAD_SAFETY_VIOLATION): 2Dotnet Resource Leak(DOTNET_RESOURCE_LEAK): 1Analysis Result ================================================== #0 /home/runner/work/AsyncWorkerCollection/AsyncWorkerCollection/AsyncWorkerCollection/AsyncTaskQueue_/AsyncTaskQueue.cs:72: error: Dotnet Resource LeakLeaked { n$1 -> 1 } resource(s) in method "AwaitableTask AsyncTaskQueue.GetExecutableTask(Action)" at type(s) System.Threading.Tasks.Task.#1 /home/runner/work/AsyncWorkerCollection/AsyncWorkerCollection/AsyncWorkerCollection/DoubleBuffer_/DoubleBufferLazyInitializeTask.cs:47: warning: Thread Safety ViolationUnprotected write. Non-private method `DoubleBufferLazyInitializeTask`1<T>.OnInitialized()` writes to field `this.dotnetCampus.Threading.DoubleBufferLazyInitializeTask`1<T>._isInitialized` outside of synchronization.Reporting because this access may occur on a background thread.#2 /home/runner/work/AsyncWorkerCollection/AsyncWorkerCollection/AsyncWorkerCollection/DoubleBuffer_/DoubleBufferLazyInitializeTask.cs:41: warning: Thread Safety ViolationRead/Write race. Non-private method `DoubleBufferLazyInitializeTask`1<T>.OnInitialized()` reads without synchronization from `this.dotnetCampus.Threading.DoubleBufferLazyInitializeTask`1<T>._isInitialized`. Potentially races with write in method `DoubleBufferLazyInitializeTask`1<T>.OnInitialized()`.Reporting because this access may occur on a background thread.Found 3 issuesIssue Type(ISSUED_TYPE_ID): #Thread Safety Violation(THREAD_SAFETY_VIOLATION): 2Dotnet Resource Leak(DOTNET_RESOURCE_LEAK): 1

此工具只能在 Linux 下運(yùn)行，官方有制作好一個(gè) docker 文件，可以從?https://github.com/microsoft/infersharpaction?拉到。但是問(wèn)題不大，因?yàn)榇斯ぞ呤菍?duì)輸出文件進(jìn)行分析的，所以可以在 Windows 平臺(tái)上進(jìn)行構(gòu)建，只是將輸出的二進(jìn)制文件使用此工具

在現(xiàn)有的倉(cāng)庫(kù)加添加此工具的例子請(qǐng)看?https://github.com/dotnet-campus/AsyncWorkerCollection/pull/66

總結(jié)

以上是生活随笔為你收集整理的dotnet 使用 Infer# 自动分析代码缺陷的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。