From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (NAM04-MW2-obe.outbound.protection.outlook.com [40.107.101.71]) by mx.groups.io with SMTP id smtpd.web08.45212.1656349689829110377 for ; Mon, 27 Jun 2022 10:08:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ami.com header.s=selector1 header.b=dD1Z/zXX; spf=pass (domain: ami.com, ip: 40.107.101.71, mailfrom: felixp@ami.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Up4pVFOg5LMVRHobClx9z4CZ3sIjWnZ5lDA1zbllweRFazs/Le5mUvVoPnvQWHE+Jw+/jYdgtTWSzEg7AGfnzhJHLy4GgnrLj5NT7tczyoXl46DW9JBMaMW+DSqEloKplkiis838nd7oaCyJnExCF+qx8+JViy63wu+xwjdLIVkxN5xgaVcF6Kk5+ehrWolZ/h3ujyklowHEGSDuqiYWCj52havm5sCuXXiIPZqkx72AvNQS9EQCL8tJviyPrOyZQuydKa/rv1nt2iX04CKx2J2EgkXjFzOHoTLkU6cfachkw4vmukvsKmB4WVV2YKqVvXjNpEsAYyQRZxJBcP80qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=StEMDGEryToTOctqhzt+8MCgIiw0rrfBW+jp8kTqI9o=; b=crjY8KzQturUnHdpTh0WZwaIuf7jhRM1iqOvP8mprS9QTB1uZmjCC/N+S5X1WFfLVTw/yt03PRdPRtHk/OWr56Wq8HtMQFDYcdPA4w1f+0eyhmfyMPIqWXtn8+lZ11F3UnZ7eXUX9aQg2Kv5NEdTcn1CNRnvibDM8/sqWJgqSdEKxHSMhcxH4Qhuv/UgoO8Jd8KQE/pjr6fXu3LrCtq/x1MR5HNY7pdozHWDgDe5CUdiwSdkqIaWrE5D6f55n2F9k8VYTMVeL1e+HFcI0sgaofoIdXYwoPhCN4ZjoHQrSpXEUnyq/o7C3+T0lGOK8lFh6VX9SxCO+//uquTscnkJ3Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ami.com; dmarc=pass action=none header.from=ami.com; dkim=pass header.d=ami.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ami.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=StEMDGEryToTOctqhzt+8MCgIiw0rrfBW+jp8kTqI9o=; b=dD1Z/zXXsxPMiTklrJ07nRe3tIjv9fro+jmwsWkOJFiZOtu4zzPXBJlJ86M12CveLtQ3AHB0eqUpkD9UbHbj4E4TThPkhApRR0kHzMgIl+7ios+yvb5qwpMGr91LNHXzVCjJad8mluKImvFPg9qZAoFwQX2gAGvD+ToZ8eDTH78= Received: from BN0PR10MB4981.namprd10.prod.outlook.com (2603:10b6:408:12d::16) by SN6PR10MB2957.namprd10.prod.outlook.com (2603:10b6:805:cb::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5373.17; Mon, 27 Jun 2022 17:07:52 +0000 Received: from BN0PR10MB4981.namprd10.prod.outlook.com ([fe80::1575:d5a4:adec:4145]) by BN0PR10MB4981.namprd10.prod.outlook.com ([fe80::1575:d5a4:adec:4145%7]) with mapi id 15.20.5373.018; Mon, 27 Jun 2022 17:07:52 +0000 From: "Felix Polyudov" To: "rfc@edk2.groups.io" , "michael.d.kinney@intel.com" , "pedro.falcato@gmail.com" CC: Rebecca Cran , edk2-devel-groups-io Subject: Re: [edk2-rfc] RFC v2: Static Analysis in edk2 CI Thread-Topic: [EXTERNAL] Re: [edk2-rfc] RFC v2: Static Analysis in edk2 CI Thread-Index: Adh/TL6hYGhkyDZ/QK6ZFs9iTFOxegAChRlwAAZWtoAAAkRAgAApWhWAAAKkqgAAAAa0gAHQI1QAALdurZA= Date: Mon, 27 Jun 2022 17:07:52 +0000 Message-ID: References: <9afb0946-a585-18b9-0e8f-6faaaf1516bf@bsdio.com> <30179.1655232215857794558@groups.io> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ami.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a2735948-cd39-4b14-4f0f-08da585f9253 x-ms-traffictypediagnostic: SN6PR10MB2957:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: CBU5KmSl/5a7w5ughGYmIHV+1V5etn8Y+mofguRG6jyJohL1C0eNeB9M5ua0oNK+HMSGyg5WTIiw7Q2dZgSzrtO0Z8Smb4SOOxHfzXM+ZkvGgg9nnzKLaIlm5ZohOlUB8H5wvDcl/ICAYs6oggvHtkJw6ld2uuvhwq9ctrKutvONgJ6ZX6PSh7EXZq+zV5PBdTPJcw+aQN/UaWcrBoEtANuO7mxyuvk0DztP37CYuB1EjNS9a9NkmU9uRGn3XnhuFtgiQGWfp/32PH9+dyQRcGEoSxjfchmu8/gcoV14a9iydAWxmpO0OZPVW0fcXWjwPKQZv7iWN7mI0iSWpU2oBX7sInhgXz455UKMN2KrLT3JpBlJ3Z6EgGW4Oa7EIBEMDIH2ps1jBmNjyra4Cf5rVxaNZmfNk209MTmqm56Z68F7rOZSoIxpwquMRD/HikVT/PlL7bHlI4sIFuNVSfgmH/Dgm8Yyx9lEkCeXZuKGRptNYHawOy/5p4Ifdm4FIwzyiUXGiP7s5CfOLpIupVKpOWs3tIUcMI1RLhO2lLE90rsbiEj3sq3ltXiNXH2/hK4I7WiGjrkC+PJwLImnhqjDbjJERCvzOu4SsIDwOf50XwcZ/1Uc3SWAF3K2162sYFKk4pjPlqDqDmIvogdOVr3mGfO/Tq90IJhlVSzkbInvv59HUOGtbpupguJc7XO85UnkYcCuB0RXG7yB/PvR/iXHQ5/654ZKaNPVJh3ktdi0MrcTurOAEqmM+Y26Q5JfWdIl x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN0PR10MB4981.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(4636009)(136003)(346002)(39850400004)(376002)(396003)(366004)(38100700002)(122000001)(5660300002)(2906002)(38070700005)(53546011)(52536014)(6506007)(66556008)(66946007)(55016003)(66446008)(76116006)(40140700001)(4326008)(478600001)(110136005)(54906003)(316002)(71200400001)(7696005)(33656002)(8676002)(186003)(83380400001)(66476007)(26005)(41300700001)(8936002)(9686003)(64756008)(86362001);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?zDP+7zgBcgfIbdHiYGxW55TVGHU+9aqd1rMjU2mOTtNrYOU6XCtDVVETwObn?= =?us-ascii?Q?qZBgI6Ii9GcIdgBGgkPvwZb5N9PYnnlj280UIAJ7IywP8Te+EjPSLIdf/+wp?= =?us-ascii?Q?0cCUDkbDIlsna3x+9B/QRmcBiOqIl0nmkZLQ07h+7uZDvig6I8jnlpsCbpaH?= =?us-ascii?Q?y9VmYhT+FKwzpRLakEqtZ/KmcGTa6i+HlLxVyocakQT2noXZZ/kwX7P1TnLQ?= =?us-ascii?Q?Hgit6xsMoJA1H7SE6bHUgfRdlhw0ggjhtndjy7f34F5fLgkJIvYn1MgGRBiP?= =?us-ascii?Q?6bkk7+pAxpWddi/Ahyf0Yj4x3ndOUWLYrSOy/gj7gKk2bhEM02AKBAf7mPF/?= =?us-ascii?Q?0eouE1OT+cK2JgLhQhL0b/gn1LdI4eAjtNnNurm5kGoNtmYz56+aknb6DCmh?= =?us-ascii?Q?kpKVML+C6DkI7shn6yQQPwDUVcHp4tl/3gJCJLviezP1xgGCom7zP9AGQJtq?= =?us-ascii?Q?CdJFRq7imBTTbEG22thEwoFPHIjkaPo5t676xeo9uPKNZ+czjfNewP4W9DLy?= =?us-ascii?Q?vrYtp8sIdlPFo+WCv1wv109/5z4oKJ2jxUDYHcFaWGMPy6wJfQd1Wcqc2hX5?= =?us-ascii?Q?g6xv81prMmU0N4cgw2MgNOkbUvVUNi4CYPwqxvVyRmpZx1md1nrSdvU0Gx7x?= =?us-ascii?Q?BCpfNy8g89TkL6GnA0aOefXbitbHtWnFfC3W72shzxwPcjm6Iu2gV2iHpQq/?= =?us-ascii?Q?uCXZPmCA0UK/W9dcZkB8H5Cx3urRFPC2eT90798zKAKf9CtIo0GWZ129B5Jv?= =?us-ascii?Q?miIj0uPQGCZ6wyU0Z4xbRWC/tkZk4bBKEIOs9qTG0yG3Kp1pSbDf2GfnmytA?= =?us-ascii?Q?/vZuPIp7MkTGGEaGsixEBG2Z2AL9QpOaJwq8yzOxDCwKdYtLosbU1RN/gh9L?= =?us-ascii?Q?RGmTL8lTg3LS1ROYFCS9DQrGzF8LSzW0mqkJ17ai+gqGsZrnBZrZR0/RVu+3?= =?us-ascii?Q?LdDA1fxcr03iPUdygCJ+W2XDCVDbLRyK8vjDAEyod+7h2EacllpjHUmShPkK?= =?us-ascii?Q?gxH4TgSBPPZt389dTyWmeTcNueuTWWUpSM/QwBk6JZX1p2Mr+AkVaBjg20Hb?= =?us-ascii?Q?Mh76qN30fBhXR6auSwiW2R1pjEi+n+SejeVmc1+yOwzC1ujWlSlVnpLQD2QO?= =?us-ascii?Q?c9JnTA5LkBno538HGzMLcFjcTnpMmvilIWH5X1t0FvZqlMT3jNgMeUnq2z1M?= =?us-ascii?Q?5Fz6d0qxulPxesGIb0GU89kg+ZQn/QGumJkHjB9MJwEOLpA8NNHPwfZiSo9q?= =?us-ascii?Q?kzlK90zlKk82Cpwh8iyIaTx318rfCxO5uRWf/Tce3coSuGz9vb+7HIcXEIAG?= =?us-ascii?Q?iSMPIXzrTOz4UabtzeZfVVA8McU1i2Y8H8DXHcBbilGAgGi1x9JcFecLXuT6?= =?us-ascii?Q?xHMFRPMel52n9gHdvX3bxE5YlKft/Yk5RZjeiO2IsxK3x3LHF4HB7aw9rc63?= =?us-ascii?Q?qaak9IWovlg0EfLaVyo+hfETal5ipJiWmcCmbh/u4tlc+ZQKegjJKxNndf71?= =?us-ascii?Q?bmh0oLHIp8fy1+m56ooVKkmU1PhoAcI8Q+to7DXLas5p+k+U3xKtogqnFq3b?= =?us-ascii?Q?nkJaV5d7UMMvD76cBJg=3D?= MIME-Version: 1.0 X-OriginatorOrg: ami.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN0PR10MB4981.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a2735948-cd39-4b14-4f0f-08da585f9253 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jun 2022 17:07:52.5792 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 27e97857-e15f-486c-b58e-86c2b3040f93 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: xLT2mnAHpPnwM/5KAU3BhW6kdwDQSUlDylzh3wn/sVWYlX8cVv0PCdq8K9gy3tMt X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR10MB2957 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Yes, we can run other analyzer; however, in case of CodeChecker we also nee= d a server to upload the result to. > -----Original Message----- > From: rfc@edk2.groups.io On Behalf Of Michael D > Kinney via groups.io > Sent: Thursday, June 23, 2022 9:30 PM > To: rfc@edk2.groups.io; pedro.falcato@gmail.com; Felix Polyudov > ; Kinney, Michael D > Cc: Rebecca Cran ; edk2-devel-groups-io > > Subject: [EXTERNAL] Re: [edk2-rfc] RFC v2: Static Analysis in edk2 CI > > > **CAUTION: The e-mail below is from an external source. Please exercise > caution before opening attachments, clicking links, or following guidance= .** > > I have Coverity scan builds running in a GitHub Action and then uploaded = to > Coverity. > > We should be able to configure a GitHub Action to run other analyzers. > > Mike > > > -----Original Message----- > > From: rfc@edk2.groups.io On Behalf Of Pedro > > Falcato > > Sent: Tuesday, June 14, 2022 1:00 PM > > To: rfc@edk2.groups.io; POLUDOV, FELIX > > Cc: Rebecca Cran ; edk2-devel-groups-io > > > > Subject: Re: [edk2-rfc] RFC v2: Static Analysis in edk2 CI > > > > (Re-adding devel@ since Felix dropped it) > > > > On Tue, Jun 14, 2022 at 8:59 PM Pedro Falcato > > > > wrote: > > > > > Just want to note that if we want to go ahead with fuzzing (I > > > detailed a possible plan to do so in the mailing list a month or so > > > ago) we will definitely need somewhere to run fuzzing (even if it's G= oogle's > syzbot). > > > Getting somewhere where we can run static analysis, fuzzing just > > > makes sense IMO (hell, who knows, maybe even CI or something like > > > Gerrit for mailing list-less code reviews). > > > > > > On Tue, Jun 14, 2022 at 7:43 PM Felix Polyudov via groups.io > > > wrote: > > > > > >> Yes, LLVM/CLANG Static Analyzer is another possibility. I've > > >> mentioned it in the first version of the RFC. > > >> CodeChecker > > >> > (https://codechecker.readthedocs.io/en/latest/) is an open source front-e= nd > for the scan-build and clang-tidy. > > >> It simplifies analyzer configuration and provides web-based report > > >> storage. However, it has to be hosted somewhere. > > >> If somebody has an idea on how edk2 community can host the > > >> CodeChecker, that's definitely an option to consider. > > >> > > >> > > >> > > >> > > >> > > >> > > > > > > -- > > > Pedro Falcato -The information contained in this message may be confidential and propriet= ary to American Megatrends (AMI). This communication is intended to be read= only by the individual or entity to whom it is addressed or by their desig= nee. If the reader of this message is not the intended recipient, you are o= n notice that any distribution of this message, in any form, is strictly pr= ohibited. Please promptly notify the sender by reply e-mail or by telephone= at 770-246-8600, and then delete or destroy all copies of the transmission= .