Add Clang static analyzer (scan-build) to CI
Hello!
From fast few days I have been using scan-build
to uncover bugs in xfce projects and it's quite effective. Found multiple memory leaks, use-after-free etc. issues.
It would be nice if we could add scan-build to CI itself thus any new code introducing the bug can be caught before merging.
scan-build usage: https://clang-analyzer.llvm.org/scan-build.html
Here's how we do it in wget2: https://gitlab.com/gnuwget/wget2/-/blob/master/.gitlab-ci.yml#L259
I suggest we do:
$ scan-build --force-analyze-debug-code --show-description --status-bugs -analyzer-config stable-report-filename=true -enable-checker valist,nullability,optin -o scan-build ./autogen.sh $AUTOGEN_OPTIONS
$ scan-build --force-analyze-debug-code --show-description --status-bugs -analyzer-config stable-report-filename=true -enable-checker valist,nullability,optin -o scan-build make -j4
On failure, artifacts will be in scan-build directory (See the above linked CI file)
Thanks!
Edited by Avinash Sonawane