[llvm] [workflows] Add post-commit job that periodically runs the clang static analyzer (PR #94106)
Tom Stellard via llvm-commits
llvm-commits at lists.llvm.org
Sat Jun 1 03:11:57 PDT 2024
tstellar wrote:
> Thanks for doing this.
>
> I guess we'll see from the PR run how long this takes and what the results are like. From what I've heard, the clang static analyzer produces false positives that can be hard to fix. I'm not sure how that anecdote generalizes to the LLVM code base though.
>
> Also, is there a reason for using clang static analyzer over something more basic like clang tidy? I think they both would fit the OpenSSF definition of static analysis (although haven't looked into it). I guess CSA does do more in depth analysis and will probably find more things.
>
> Even if it's noisy, just having it run once a day post commit so that people who are interested can look at the results seems like a decent idea.
This is really only for informational purposes at this point. I was going to watch it for a while to see which of the checks are helpful and which ones are prone to false positives. I'm open to changing the set of checks and also using clang-tidy if someone has a good recommendation for which checks to run.
https://github.com/llvm/llvm-project/pull/94106
More information about the llvm-commits
mailing list