> But it's not analyzing patches that are not using MozReview. Will those patches be analyzed after landing?
Indeed, our bot doesn't run on patches that are attached to Bugzilla (Splinter reviews) or directly landed. However, I believe that the Mozilla checkers we use are also run on Try, and should cause any offending patches to be backed out. The purpose of our bot is to catch defects at review time, in order to reduce the number of new defects getting into the tree, but we're also working on fixing all defects that are currently present in our code base, which is a much larger project. > Sounds awesome! I tried this locally to see what it would say about a random(ish) file in the tree, but it ended with the message: > > 0:42.99 Could not find artifacts for a toolchain build named `macosx64-clang-tidy` > > which sounds like something's missing. It would be nice if it could automatically obtain the required tools, or at least offer a hint as to what I should do to set up a suitable environment. Thank you for trying! Nothing is missing, this is actually a regression: https://bugzilla.mozilla.org/show_bug.cgi?id=1405570 We were able to work around the bug (we've triggered a manual build, so the command should work again by now) and we're looking into fixing it as soon as possible. On Wed, Oct 4, 2017 at 10:11 AM, Nicholas Nethercote <n.netherc...@gmail.com > wrote: > This sounds interesting! > > But it's not analyzing patches that are not using MozReview. Will those > patches be analyzed after landing? > > Nick > > On Wed, Oct 4, 2017 at 6:17 PM, Jan Keromnes <j...@mozilla.com> wrote: > >> TL;DR -- We wrote a static analysis bot for MozReview ("clangbot") and >> it's >> about to complain about any patches that would introduce new C/C++ code >> defects to Firefox. >> >> Please report any bugs with the bot here: https://bit.ly/2y9N9Vx >> >> In an effort to improve the quality of Firefox, we want to catch >> programming errors *before* they even make it into Nightly. To do this, we >> created a TaskCluster bot that runs clang static analysis on every patch >> submitted to MozReview. It then quickly reports any code defects directly >> on MozReview, thus preventing bad patches from landing until all their >> defects are fixed. Currently, its feedback is posted in about 10 minutes >> after a patch series is published on MozReview. >> >> Here is an example of an automated clangbot review: >> https://reviewboard.mozilla.org/r/171868/#review190602 >> >> Our bot relies on three types of clang checkers: >> >> - Mozilla specific checkers >> <https://hg.mozilla.org/mozilla-central/file/tip/build/clang-plugin/>. >> They >> detect incorrect Gecko programming patterns which could lead to bugs or >> security issues. >> >> - Clang-tidy checkers >> <https://clang.llvm.org/extra/clang-tidy/checks/list.html>. They aim to >> suggest better programming practices and to improve memory efficiency and >> performance. >> >> - Clang-analyzer checkers >> <https://clang-analyzer.llvm.org/available_checks.html>. These checks are >> more advanced, for example some of them can detect dead code or memory >> leaks, but as a typical side effect they have false positives. Because of >> that, we have disabled them for now, but will enable some of them in the >> near future. >> >> The checkers that are currently enabled rarely generate false positives, >> and you can find the complete list of enabled checkers >> <https://hg.mozilla.org/mozilla-central/file/tip/tools/ >> clang-tidy/config.yaml> >> in the tree. You can also run them on your own code with: >> >> > ./mach static-analysis check path/to/file.cpp >> >> This is only the first step. Next, we would like to catch more classes of >> programming errors. >> >> - If you know incorrect Gecko programming patterns which could be detected >> by static analysis, please send an email to release-m...@mozilla.com or >> report a bug in the Rewriting and Analysis >> <https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&com >> ponent=Rewriting%20and%20Analysis> >> component. >> >> - In parallel, if you see any additional clang-tidy checkers >> <https://clang.llvm.org/extra/clang-tidy/checks/list.html> which could be >> valuable for our code base if enabled, please let us know so that we can >> evaluate them. >> >> - Finally, we are looking into posting reviews to Phabricator in the near >> future as well. >> >> Feedback, questions or suggestions welcome. >> >> Thanks! >> >> Andi, Bastien, Jan and Sylvestre >> _______________________________________________ >> dev-platform mailing list >> dev-platform@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-platform >> > > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
