Hi Varun,
To provide some more context. As you know the membership fees to trustedfirmware.org [1] provide funding to help support services to the various projects hosted by trustedfirmware.org.
The licensing of Bugseng ECLAIR is one such service approved by the trustedfirmware.org board that is itself made up membership representatives being made available to projects.
For the TF-A project deployment answers to your questions are below.
Yes.
The objective is to run this as part of patch submission testing for all patches submitted for review.
Yes.
So access to Bugseng ECLAIR will be via the OpenCI and in the case of TF-A will be on all patches submitted for review in Gerrit with the Bugseng ECLAIR testing invoked via the Allow-CI
Gerrit label setting to kick off appropriate Jenkins jobs. The goal is to identify new MISRA failures introduced by the patch against a baseline run(s) against the mainline branch. There will be other OpenCI Jenkin jobs and scripts to help establish and evolve
the baseline run(s). Detailed run logs will be made available via the existing OpenCI Jenkins jobs artifact mechanism and reporting pages. The exact details are still being worked out but hopefully that gives you the basic idea.
We can indeed have a future Tech Forum session on TF-A usage of Bugseng ÉCLAIR.
Thanks
Joanna
[1] https://www.trustedfirmware.org/join/
From:
Varun Wadekar <vwadekar@nvidia.com>
Date: Monday, 9 May 2022 at 21:36
To: Joanna Farley <Joanna.Farley@arm.com>
Cc: tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.org>
Subject: ECLAIR for static analysis
Hi
@Joanna,
I am glad that tf.org has taken this step to improve code quality with the latest announcement [1]. Some questions to understand the model a bit better.
I suggest we discuss this in a tech forum to reach the entire community.
-Varun
[1]
https://www.trustedfirmware.org/news/BugSeng_press_release/
https://www.bugseng.com/eclair
https://www.bugseng.com/sites/default/files/resources/ECLAIR_TUV-SUD_Certificate.pdf