Re: RFC v2: Static Analysis in edk2 CI


Pedro Falcato
 

Just want to note that if we want to go ahead with fuzzing (I detailed a
possible plan to do so in the mailing list a month or so ago) we will
definitely need somewhere to run fuzzing (even if it's Google's syzbot).
Getting somewhere where we can run static analysis, fuzzing just makes
sense IMO (hell, who knows, maybe even CI or something like Gerrit for
mailing list-less code reviews).

On Tue, Jun 14, 2022 at 7:43 PM Felix Polyudov via groups.io <felixp=
ami.com@groups.io> wrote:

Yes, LLVM/CLANG Static Analyzer is another possibility. I've mentioned it
in the first version of the RFC.
CodeChecker (https://codechecker.readthedocs.io/en/latest/) is an open
source front-end for the scan-build and clang-tidy.
It simplifies analyzer configuration and provides web-based report
storage. However, it has to be hosted somewhere.
If somebody has an idea on how edk2 community can host the CodeChecker,
that's definitely an option to consider.





--
Pedro Falcato

Join rfc@edk2.groups.io to automatically receive all group messages.