commit | 7fafae0f3d68b0a57a4532f7e2bd0fed7a2a1bf3 | [log] [tgz] |
---|---|---|
author | Oliver Newman <olivernewman@google.com> | Fri Aug 18 21:05:34 2023 +0000 |
committer | CQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com> | Fri Aug 18 21:05:34 2023 +0000 |
tree | 0b7391b8e2d7cd097f87a4adf63b76e74dcca7bf | |
parent | e1684102bf173f61cef146dbc5c1d8b88e0d99a5 [diff] |
[engine] Prohibit forking without locking Calling the `os/exec.Cmd` functions `Run()` or `Start()` without locking the R/W mutex used to write the nsjail executable causes test flakiness; see docstring of the command package for more details. So extract a library that forks safely, and add a check that no unsafe forks are done. Change-Id: I926654d38f66fb614e39db5a7d9c3e1e43ebeb4a Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/904660 Fuchsia-Auto-Submit: Oliver Newman <olivernewman@google.com> Commit-Queue: Oliver Newman <olivernewman@google.com> Reviewed-by: Marc-Antoine Ruel <maruel@google.com>
Shac (Scalable Hermetic Analysis and Checks) is a unified and ergonomic tool and framework for writing and running static analysis checks.
Shac checks are written in Starlark.
go install go.fuchsia.dev/shac-project/shac@latest shac check shac doc shac.star | less
Planned features/changes, in descending order by priority:
shac.textproto
shac.star
files.shac
cache directory that checks can write toctx.scm
glob
arguments to ctx.scm.{all,affected}_files()
functions for easier filtering⚠ The source of truth is at https://fuchsia.googlesource.com/shac-project/shac.git and uses Gerrit for code review.
See CONTRIBUTING.md to submit changes.