We do have tooling which analyze changes after landing (coverity is
probably the most visible but we have tooling based on Clang tidy too), we
do report some of the issues but it takes time (and we only report defects
which seem critical or easy to fix like dead code).
Now, because of the future end of splinter and the move to phabricator, our
hope is that the vast majority of the commits will use this platform and
benefit from this work. As you can imagine, the hard work is not to push to
a review platform ;)
Cheers
Sylvestre
Le mer. 4 oct. 2017 à 10:11, Nicholas Nethercote <n.netherc...@gmail.com> a
écrit :
> This sounds interesting!
>
> But it's not analyzing patches that are not using MozReview. Will those
> patches be analyzed after landing?
>
> Nick
>
> On Wed, Oct 4, 2017 at 6:17 PM, Jan Keromnes <j...@mozilla.com> wrote:
>
>> TL;DR -- We wrote a static analysis bot for MozReview ("clangbot") and
>> it's
>> about to complain about any patches that would introduce new C/C++ code
>> defects to Firefox.
>>
>> Please report any bugs with the bot here: https://bit.ly/2y9N9Vx
>>
>> In an effort to improve the quality of Firefox, we want to catch
>> programming errors *before* they even make it into Nightly. To do this, we
>> created a TaskCluster bot that runs clang static analysis on every patch
>> submitted to MozReview. It then quickly reports any code defects directly
>> on MozReview, thus preventing bad patches from landing until all their
>> defects are fixed. Currently, its feedback is posted in about 10 minutes
>> after a patch series is published on MozReview.
>>
>> Here is an example of an automated clangbot review:
>> https://reviewboard.mozilla.org/r/171868/#review190602
>>
>> Our bot relies on three types of clang checkers:
>>
>> - Mozilla specific checkers
>>
> <https://hg.mozilla.org/mozilla-central/file/tip/build/clang-plugin/>.
>> They
>
>
>> detect incorrect Gecko programming patterns which could lead to bugs or
>> security issues.
>>
>> - Clang-tidy checkers
>>
> <https://clang.llvm.org/extra/clang-tidy/checks/list.html>. They aim to
>
>
>> suggest better programming practices and to improve memory efficiency and
>> performance.
>>
>> - Clang-analyzer checkers
>>
> <https://clang-analyzer.llvm.org/available_checks.html>. These checks are
>
>
>> more advanced, for example some of them can detect dead code or memory
>> leaks, but as a typical side effect they have false positives. Because of
>> that, we have disabled them for now, but will enable some of them in the
>> near future.
>>
>> The checkers that are currently enabled rarely generate false positives,
>> and you can find the complete list of enabled checkers
>>
> <
>> https://hg.mozilla.org/mozilla-central/file/tip/tools/clang-tidy/config.yaml
>> >
>
>
>> in the tree. You can also run them on your own code with:
>>
>> > ./mach static-analysis check path/to/file.cpp
>>
>> This is only the first step. Next, we would like to catch more classes of
>> programming errors.
>>
>> - If you know incorrect Gecko programming patterns which could be detected
>> by static analysis, please send an email to release-m...@mozilla.com or
>> report a bug in the Rewriting and Analysis
>>
> <
>> https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=Rewriting%20and%20Analysis
>> >
>
>
>> component.
>>
>> - In parallel, if you see any additional clang-tidy checkers
>>
> <https://clang.llvm.org/extra/clang-tidy/checks/list.html> which could be
>
>
>> valuable for our code base if enabled, please let us know so that we can
>> evaluate them.
>>
>> - Finally, we are looking into posting reviews to Phabricator in the near
>> future as well.
>>
>> Feedback, questions or suggestions welcome.
>>
>> Thanks!
>>
>> Andi, Bastien, Jan and Sylvestre
>>
> _______________________________________________
>> dev-platform mailing list
>> dev-platform@lists.mozilla.org
>> https://lists.mozilla.org/listinfo/dev-platform
>>
>
>
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
