CodeQL metrics enabling on edk2 - shijunjing/edk2 GitHub Wiki

Setting up CodeQL in Visual Studio Code

https://help.semmle.com/codeql/codeql-for-vscode/procedures/setting-up.html

  • Installing the extension If you are behind the VPN, please set the network proxy for VS Code. I add the http_proxy and https_proxy environment variables as below for both VS Code and Chrome.
  • Using the starter workspace
C:\Project\CodeQL>git clone https://github.com/github/vscode-codeql-starter.git
C:\Project\CodeQL\vscode-codeql-starter>git submodule init
C:\Project\CodeQL\vscode-codeql-starter>git submodule sync
C:\Project\CodeQL\vscode-codeql-starter>git submodule update --recursive

In VS Code, use the File > Open Workspace option to open the vscode-codeql-starter.code-workspace file from your checkout of the workspace repository.

Download the CodeQL CLI tool package

https://help.semmle.com/codeql/codeql-cli/procedures/get-started.html

Generate the CodeQL database for edk2

  • CLANGPDB database:
C:\Project\edk2git\edk2-fork>C:\Project\CodeQL\codeql\codeql.exe database create _db_CLANGPDB --language=cpp --command="build -p OvmfPkg\OvmfPkgIa32X64.dsc -a IA32 -a X64 -t CLANGPDB -n 1"
  • MSVS database:
C:\Project\edk2git\edk2-fork>C:\Project\CodeQL\codeql\codeql.exe database create _db_VS2015x86 --language=cpp --command="build -p OvmfPkg\OvmfPkgIa32X64.dsc -a IA32 -a X64 -t VS2015x86 -n 1"

Choose the edk2 codeql database

https://help.semmle.com/codeql/codeql-for-vscode/procedures/using-extension.html

  • Follow above steps in above link to add edk2 codeQL database

Run the code metrics query

  • Select and run the Metrics query of FunCyclomaticComplexity.ql
  • FunCyclomaticComplexity metrics result

Evaluation notes

  • CodeQL is very good for edk2 code metrics, has high qulity code and strong community support from github.com company.
  • CodeQL is closely integrated in popular vscode IDE, very friendly to developer.
  • CodeQL database (CLI tools, e.g. codeql.exe) license is only free for open source project in github.com, e.g. edk2. "NOT" friendly to close source code, can "NOT" be freely used for firmware platform and IP code metrics. VERY PITY!
  • CodeQL windows extractor codeql.exe can parse the CLANGPDB tool-chain result better than the VS2015x86 tool-chain.
  • CodeQL database is built based on single file AST info, support function and file level info query, but no module level concepts and information (e.g. module APIs reference). CodeQL see whole edk2 database as a single module. CodeQL is more fit to Code metrics (e.g. code smell) rather than the Architecture metrics (e.g. modularity).