[edk2-devel] [edk2-rfc] RFC v2: Static Analysis in edk2 CI
Felix Polyudov via groups.io
felixp=ami.com at groups.io
Mon Jun 27 17:07:52 UTC 2022
Yes, we can run other analyzer; however, in case of CodeChecker we also need a server to upload the result to.
> -----Original Message-----
> From: rfc at edk2.groups.io <rfc at edk2.groups.io> On Behalf Of Michael D
> Kinney via groups.io
> Sent: Thursday, June 23, 2022 9:30 PM
> To: rfc at edk2.groups.io; pedro.falcato at gmail.com; Felix Polyudov
> <Felixp at ami.com>; Kinney, Michael D <michael.d.kinney at intel.com>
> Cc: Rebecca Cran <rebecca at bsdio.com>; edk2-devel-groups-io
> <devel at edk2.groups.io>
> Subject: [EXTERNAL] Re: [edk2-rfc] RFC v2: Static Analysis in edk2 CI
>
>
> **CAUTION: The e-mail below is from an external source. Please exercise
> caution before opening attachments, clicking links, or following guidance.**
>
> I have Coverity scan builds running in a GitHub Action and then uploaded to
> Coverity.
>
> We should be able to configure a GitHub Action to run other analyzers.
>
> Mike
>
> > -----Original Message-----
> > From: rfc at edk2.groups.io <rfc at edk2.groups.io> On Behalf Of Pedro
> > Falcato
> > Sent: Tuesday, June 14, 2022 1:00 PM
> > To: rfc at edk2.groups.io; POLUDOV, FELIX <felixp at ami.com>
> > Cc: Rebecca Cran <rebecca at bsdio.com>; edk2-devel-groups-io
> > <devel at edk2.groups.io>
> > Subject: Re: [edk2-rfc] RFC v2: Static Analysis in edk2 CI
> >
> > (Re-adding devel@ since Felix dropped it)
> >
> > On Tue, Jun 14, 2022 at 8:59 PM Pedro Falcato
> > <pedro.falcato at gmail.com>
> > wrote:
> >
> > > Just want to note that if we want to go ahead with fuzzing (I
> > > detailed a possible plan to do so in the mailing list a month or so
> > > ago) we will definitely need somewhere to run fuzzing (even if it's Google's
> syzbot).
> > > Getting somewhere where we can run static analysis, fuzzing just
> > > makes sense IMO (hell, who knows, maybe even CI or something like
> > > Gerrit for mailing list-less code reviews).
> > >
> > > On Tue, Jun 14, 2022 at 7:43 PM Felix Polyudov via groups.io
> > > <felixp= ami.com at groups.io> wrote:
> > >
> > >> Yes, LLVM/CLANG Static Analyzer is another possibility. I've
> > >> mentioned it in the first version of the RFC.
> > >> CodeChecker
> > >>
> (https://codechecker.readthedocs.io/en/latest/) is an open source front-end
> for the scan-build and clang-tidy.
> > >> It simplifies analyzer configuration and provides web-based report
> > >> storage. However, it has to be hosted somewhere.
> > >> If somebody has an idea on how edk2 community can host the
> > >> CodeChecker, that's definitely an option to consider.
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >
> > > --
> > > Pedro Falcato
-The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90791): https://edk2.groups.io/g/devel/message/90791
Mute This Topic: https://groups.io/mt/91737265/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list