On 2015-09-25 12:19 AM, Robert O'Callahan wrote:
On Fri, Sep 25, 2015 at 5:41 AM, Sylvestre Ledru <sylves...@mozilla.com>
wrote:
Any questions, comments?
This whitepaper on Infer is an interesting read:
https://fbcdn-dragon-a.akamaihd.net/hphotos-ak-xap1/t39.2365-6/10935986_985284008163608_743666691_n/Moving_Fast_with_Software_Verification.pdf
(misleading title though).
(Apart from the comments about the tool, I like the observation that mobile
app development is a problem for Facebook compared to Web because they have
to support old versions of their app.)
One of the key things in that paper, which I've claimed for a while, is
that the real value of static analysis tools for developers like us is to
apply them at code review time. That's when developers are motivated to
clean up, explain, and fix their code, and when it's cheapest to do so. So
I'm looking forward to having support in Mozreview for automated drive-by
reviews, and then it would be really valuable to adapt these tools to do
such reviews --- at least as valuable as running them over the whole
codebase.
Our static analysis builds can be easily triggered from the try server
(although I have been unable to get anyone interested to fix bug 1116518
to make those builds happen on the try server by default, which makes it
all too easy for people to forget to turn on these builds from their
trychooser syntax) so as soon as the code is pushed to try (perhaps
through autoland) the check failures will be visible as build failures.
I'm not quite sure what it would take to get those build failures to
appear in MozReview but it should be possible.
The other tools that don't currently run on our infra will need custom
work to integrate with this model, although I think the right way to fix
that problem is to get those tools to run as part of our normal CI (at
least the tools that provide useful analyses.)
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
