From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-vs1-f42.google.com (mail-vs1-f42.google.com [209.85.217.42])
 by mx.groups.io with SMTP id smtpd.web10.1548.1655236813846035037
 for <devel@edk2.groups.io>;
 Tue, 14 Jun 2022 13:00:14 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=nMsoshlo;
 spf=pass (domain: gmail.com, ip: 209.85.217.42, mailfrom: pedro.falcato@gmail.com)
Received: by mail-vs1-f42.google.com with SMTP id j16so649322vso.3;
        Tue, 14 Jun 2022 13:00:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=pR7XntDFg/Mswbo6c4m3AxBQwDKsudDFe7T+ZKaDR14=;
        b=nMsoshlofp0EqcyWeBR1Vp9441CFzIHsxvndyqAt9m7hxIgnjOk+YANnpKS/lSkma7
         k2TFRGPjNCLC0X41mR6NrAymA/6s6chj8HuWnx8o9pi38fp3K2732rW+ZT/lrEaJwLSF
         L/0tgy8bSHOIha0ROa/KOPvt2f1CQ+WO+SouaHJPO0AG68tPAPFucFtkFK8zYEDMzHF7
         1bXADY+aad+L4BCoZSRElD2YdSH3yIuYjSNcJxLDCayjtbmRSrVzEavCryMywdFkluWZ
         QxXDShO/+j2Z+DonD/97QTamzXu90lRlTnV0Yfw/6du7tIKlrEMfWdsBf+LMC182wDCR
         ur4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=pR7XntDFg/Mswbo6c4m3AxBQwDKsudDFe7T+ZKaDR14=;
        b=uXBlUN/w7F9cBuvOdF9+XRYxU6/8Dz/THkN5fgTa1JP8Z4uUQHvQg0XGnss1Tft+Va
         br+OCFhvXISfBmvLdSMWqPY3jvmzG5oIynhhWWVltpoNSrzn0ydViPAfLJVLSiAihy5h
         EA0SYCaT2QyO/oMnZUOe2N6eKkTQ6S9WU80V66GcCKdUquxVwk2o9wqVObysSz4jCK7y
         V7/mucBnA+8bcwq2tsFKn4IHbr4RvDl5GruwuS/AS8ZIOlRQ6JGe2CFud9x+HM2RV9b4
         MUUvPPPZlA/Z684+xn8KUTo6LDo4klx9k8acZ59GT1XKexIPkWaQq57Xw+M6NMXK63Hk
         yDmg==
X-Gm-Message-State: AJIora/xmseFcLXHFnwSS6VolfCQzQF/lWk9yxCRa7LZrPGfk9WFzklq
	p3H2fFbZCqN74+ocO55QUd7uXxhx38azECDqySXFsXFb
X-Google-Smtp-Source: AGRyM1u0IkZzrQ3wIBwwE6iOmLVqULdW4PeDFWZnCk11dl89plSf+qtxh2ukqyY3MTuVsMnQ3RkTrIInMw1HaBNP7RU=
X-Received: by 2002:a67:6d42:0:b0:34b:94e4:55f6 with SMTP id
 i63-20020a676d42000000b0034b94e455f6mr3177911vsc.6.1655236812899; Tue, 14 Jun
 2022 13:00:12 -0700 (PDT)
MIME-Version: 1.0
References: <9afb0946-a585-18b9-0e8f-6faaaf1516bf@bsdio.com>
 <30179.1655232215857794558@groups.io> <CAKbZUD3Pc+AEcOFjNjjjsV5KwBVVGochh9k4ufd1VpbF_xasjQ@mail.gmail.com>
In-Reply-To: <CAKbZUD3Pc+AEcOFjNjjjsV5KwBVVGochh9k4ufd1VpbF_xasjQ@mail.gmail.com>
From: "Pedro Falcato" <pedro.falcato@gmail.com>
Date: Tue, 14 Jun 2022 21:00:01 +0100
Message-ID: <CAKbZUD1iTdToiQWvUeLnuZ8_L1S4chrQkvB0cYAKKFTgG4b1QQ@mail.gmail.com>
Subject: Re: [edk2-rfc] RFC v2: Static Analysis in edk2 CI
To: rfc@edk2.groups.io, "POLUDOV, FELIX" <felixp@ami.com>
Cc: Rebecca Cran <rebecca@bsdio.com>, edk2-devel-groups-io <devel@edk2.groups.io>
Content-Type: multipart/alternative; boundary="000000000000408d2e05e16ddad5"

--000000000000408d2e05e16ddad5
Content-Type: text/plain; charset="UTF-8"

(Re-adding devel@ since Felix dropped it)

On Tue, Jun 14, 2022 at 8:59 PM Pedro Falcato <pedro.falcato@gmail.com>
wrote:

> Just want to note that if we want to go ahead with fuzzing (I detailed a
> possible plan to do so in the mailing list a month or so ago) we will
> definitely need somewhere to run fuzzing (even if it's Google's syzbot).
> Getting somewhere where we can run static analysis, fuzzing just makes
> sense IMO (hell, who knows, maybe even CI or something like Gerrit for
> mailing list-less code reviews).
>
> On Tue, Jun 14, 2022 at 7:43 PM Felix Polyudov via groups.io <felixp=
> ami.com@groups.io> wrote:
>
>> Yes, LLVM/CLANG Static Analyzer is another possibility. I've mentioned it
>> in the first version of the RFC.
>> CodeChecker (https://codechecker.readthedocs.io/en/latest/) is an open
>> source front-end for the scan-build and clang-tidy.
>> It simplifies analyzer configuration and provides web-based report
>> storage. However, it has to be hosted somewhere.
>> If somebody has an idea on how edk2 community can host the CodeChecker,
>> that's definitely an option to consider.
>>
>>
>> 
>>
>>
>>
>
> --
> Pedro Falcato
>


-- 
Pedro Falcato

--000000000000408d2e05e16ddad5
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">(Re-adding devel@ since Felix dropped it)<br></div><br><di=
v class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Tue, Jun 1=
4, 2022 at 8:59 PM Pedro Falcato &lt;<a href=3D"mailto:pedro.falcato@gmail.=
com">pedro.falcato@gmail.com</a>&gt; wrote:<br></div><blockquote class=3D"g=
mail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204=
,204,204);padding-left:1ex"><div dir=3D"ltr"><div>Just want to note that if=
 we want to go ahead with fuzzing (I detailed a possible plan to do so in t=
he mailing list a month or so ago) we will definitely need somewhere to run=
 fuzzing (even if it&#39;s Google&#39;s syzbot).</div><div>Getting somewher=
e where we can run static analysis, fuzzing just makes sense IMO (hell, who=
 knows, maybe even CI or something like Gerrit for mailing list-less code r=
eviews).<br></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" cla=
ss=3D"gmail_attr">On Tue, Jun 14, 2022 at 7:43 PM Felix Polyudov via <a hre=
f=3D"http://groups.io" target=3D"_blank">groups.io</a> &lt;felixp=3D<a href=
=3D"mailto:ami.com@groups.io" target=3D"_blank">ami.com@groups.io</a>&gt; w=
rote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0p=
x 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Yes, LLVM/=
CLANG Static Analyzer is another possibility. I&#39;ve mentioned it in the =
first version of the RFC.<br>
CodeChecker (<a href=3D"https://codechecker.readthedocs.io/en/latest/" rel=
=3D"noreferrer" target=3D"_blank">https://codechecker.readthedocs.io/en/lat=
est/</a>) is an open source front-end for the scan-build and clang-tidy.<br=
>
It simplifies analyzer configuration and provides web-based report storage.=
 However, it has to be hosted somewhere.<br>
If somebody has an idea on how edk2 community can host the CodeChecker, tha=
t&#39;s definitely an option to consider.<br>
<br>
<br>
<br>
<br>
<br>
</blockquote></div><br clear=3D"all"><br>-- <br><div dir=3D"ltr"><div dir=
=3D"ltr">Pedro Falcato</div></div>
</blockquote></div><br clear=3D"all"><br>-- <br><div dir=3D"ltr" class=3D"g=
mail_signature"><div dir=3D"ltr">Pedro Falcato</div></div>

--000000000000408d2e05e16ddad5--