Skip to content

46 ci integrate coretrace stack analyzer into GitHub actions sarif code scanning#47

Merged
SizzleUnrlsd merged 46 commits intomainfrom
46-ci-integrate-coretrace-stack-analyzer-into-github-actions-sarif-code-scanning
Feb 24, 2026
Merged

46 ci integrate coretrace stack analyzer into GitHub actions sarif code scanning#47
SizzleUnrlsd merged 46 commits intomainfrom
46-ci-integrate-coretrace-stack-analyzer-into-github-actions-sarif-code-scanning

Conversation

@SizzleUnrlsd
Copy link
Copy Markdown
Contributor

@SizzleUnrlsd SizzleUnrlsd commented Feb 13, 2026

No description provided.

@SizzleUnrlsd SizzleUnrlsd self-assigned this Feb 13, 2026
@SizzleUnrlsd SizzleUnrlsd linked an issue Feb 13, 2026 that may be closed by this pull request
CI: Integrate coretrace-stack-analyzer into GitHub Actions (SARIF + Code Scanning) #46
Closed
@SizzleUnrlsd
refactor(analysis): simplify mem intrinsic kind classification with s…
604ee15 
…ingle fallback path
@SizzleUnrlsd
test(cpy-buffer): add coverage for name-based mem intrinsics and non-…
5e1f567 
…mem call skip guard
@SizzleUnrlsd
test(escape-stack): add regression for lambda by-reference capture cl…
40be2a9 
…osure stores
@SizzleUnrlsd
fix(analysis): avoid false stack-pointer-escape diagnostics for lambd…
a48889d 
…a by-ref captures
@SizzleUnrlsd
fix(analysis): compare normalized short-circuit condition signatures …
6a68469 
…in DuplicateIfCondition
@SizzleUnrlsd
test(diagnostics): add regressions for short-circuit and threshold-vs…
170f405 
…-limit duplicate else-if cases
@SizzleUnrlsd
chore(main): remove duplicated code
be8fbcb
@SizzleUnrlsd
ci(workflows): trigger build workflow on all branches for push and pu…
bc3db5e 
…ll_request
@SizzleUnrlsd
ci(integration): pull runtime image from GHCR instead of building loc…
c4ba259 
…ally
@SizzleUnrlsd
ci(registry): add GHCR publish workflow for runtime and CI images
a88ef04
@SizzleUnrlsd
docs(ci): document reusable action module and docker consumer workflows
28e6455
@SizzleUnrlsd
feat(action): improve composite action defaults with compdb autodisco…
077caa5 
…very and fallback
@SizzleUnrlsd
refactor(docker): factorize CI image on top of runtime image
a018875
@SizzleUnrlsd
feat(docker): package analyzer runtime with CI tooling and models
4291736
@SizzleUnrlsd
fix(docker): harden entrypoint defaults and compatibility symlink gua…
cc984d1 
…rdrails
@SizzleUnrlsd
feat(resource-lifetime): add model-driven ownership analysis and cros…
ff6e7c4 
…s-tu summaries
@SizzleUnrlsd
feat(uninitialized): improve cross-tu and external out-param initiali…
eac8886 
…zation tracking
@SizzleUnrlsd
fix(compdb): preserve compile command identity and skip unsupported i…
2289afb 
…nputs in CI wrapper
@SizzleUnrlsd
feat(stack-escape): externalize noescape modeling and split resolver …
17cac61 
…internals
@SizzleUnrlsd
refactor(analysis): improve helper utilities and diagnostics plumbing
7174db8
@SizzleUnrlsd
test(harness): extend regression runner for docker and model-based ch…
1ae345d 
…ecks
@SizzleUnrlsd
test(diagnostics): add duplicate-else-if edge-case coverage
c0dab57
@SizzleUnrlsd
test(recursion): extend recursion detection and progression scenarios
0bebf0d
@SizzleUnrlsd
test(uninitialized): add out-param and cross-tu initialization regres…
40c070a 
…sions
@SizzleUnrlsd
test(vla): add read-side VLA regression coverage
ab9b9ca
@SizzleUnrlsd
test(stack-escape): add noescape and callback escape regression cases
c910e92
@SizzleUnrlsd
test(false-positives): add repro corpus for vulkan/stb/resource diagn…
b4220cf 
…ostics
@SizzleUnrlsd
test(resource-lifetime): add local and cross-tu ownership regression …
2b973cf 
…suite
@SizzleUnrlsd
test(multi-tu): add split translation-unit integration fixture
bc1b580
@SizzleUnrlsd
test(regression): add focused no-diagnostic coverage for edge cases
f113e44
@SizzleUnrlsd
chore(cleanup): remove obsolete generated artifacts and legacy docker…
76e037a 
… test image
@SizzleUnrlsd
fix(ci): normalize GHCR owner to lowercase for docker image references
51e780e
@SizzleUnrlsd
fix(action): replace unsupported hashFiles cache key with sha-based k…
112e6bf 
…ey in composite action
@SizzleUnrlsd
test(harness): tolerate +/-1 location column drift in expectation mat…
af19226 
…ching
@SizzleUnrlsd
ci(sarif): upload only when self-analysis sarif artifact exists
318c105
@SizzleUnrlsd
fix(action): avoid implicit compdb filtering when explicit sources ar…
7b00b72 
…e provided
@SizzleUnrlsd
fix(ci): use raw mode for single-file docker smoke tests without comp…
b6a4806 
…ile database
@SizzleUnrlsd
ci(tests): parallelize run_test with timeout and unbuffered logs
6bc19af
@SizzleUnrlsd
fix(sarif): clamp SARIF region line/column to 1-based values
e594d18
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security bot commented Feb 22, 2026

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 22, 2026
View reviewed changes
src/analysis/UninitializedVarAnalysis.cpp
}

return false;
}

Check warning

Code scanning / coretrace-stack-analyzer

ResourceLifetime.IncompleteInterproc Warning

[ !!Warn ] inter-procedural resource analysis incomplete: handle 'visited' may be acquired by an unmodeled/external callee before release ↳ no matching resource model rule or cross-TU summary was found for at least one related call ↳ include callee definitions in inputs or extend --resource-model to improve precision
src/analysis/StackPointerEscape.cpp
}
}
}
}

Check warning

Code scanning / coretrace-stack-analyzer

ResourceLifetime.IncompleteInterproc Warning

[ !!Warn ] inter-procedural resource analysis incomplete: handle 'localSlotsContainingTrackedAddr' may be acquired by an unmodeled/external callee before release ↳ no matching resource model rule or cross-TU summary was found for at least one related call ↳ include callee definitions in inputs or extend --resource-model to improve precision
src/analysis/DuplicateIfCondition.cpp
}

return sig;
}

Check warning

Code scanning / coretrace-stack-analyzer

ResourceLifetime.IncompleteInterproc Warning

[ !!Warn ] inter-procedural resource analysis incomplete: handle 'seen' may be acquired by an unmodeled/external callee before release ↳ no matching resource model rule or cross-TU summary was found for at least one related call ↳ include callee definitions in inputs or extend --resource-model to improve precision
src/analysis/MemIntrinsicOverflow.cpp
MemMove
};
MemKind kind = MemKind::None;
auto classifyByName = [&](StringRef calleeName) -> MemKind

Check warning

Code scanning / coretrace-stack-analyzer

UninitializedLocalVariable Warning

[ !!Warn ] local variable 'classifyByName' is never initialized ↳ declared without initializer and no definite write was found in this function
src/analysis/IRValueUtils.cpp

bool sawUserDebugVar = false;
bool sawArtificialDebugVar = false;
for (DbgDeclareInst* declareInst : findDbgDeclares(const_cast<AllocaInst*>(AI)))

Check warning

Code scanning / coretrace-stack-analyzer

ResourceLifetime.IncompleteInterproc Warning

[ !!Warn ] inter-procedural resource analysis incomplete: handle 'ref.tmp' may be acquired by an unmodeled/external callee before release ↳ no matching resource model rule or cross-TU summary was found for at least one related call ↳ include callee definitions in inputs or extend --resource-model to improve precision
src/analysis/StackPointerEscape.cpp
}

static void
collectParamEscapeFacts(llvm::Function& F, llvm::Argument& arg,

Check notice

Code scanning / coretrace-stack-analyzer

ConstParameterNotModified.Reference Note

[ !Info! ] ConstParameterNotModified.Reference: parameter 'arg' in function 'ctrace::stack::analysis::(anonymous namespace)::collectParamEscapeFacts(llvm::Function&, llvm::Argument&, std::function<bool (llvm::Function const&)> const&, ctrace::stack::analysis::IndirectTargetResolver&, std::unordered_map<llvm::Function const*, unsigned int, std::hash<llvm::Function const*>, std::equal_to<llvm::Function const*>, std::allocator<std::pair<llvm::Function const* const, unsigned int> > > const&, ctrace::stack::analysis::StackEscapeModel const&, ctrace::stack::analysis::StackEscapeRuleMatcher&, ctrace::stack::analysis::ParamEscapeFacts&)' is never used to modify the referred object ↳ current type: Argument &arg ↳ suggested type: const Argument &arg
src/analysis/StackPointerEscape.cpp
}

static void
collectParamEscapeFacts(llvm::Function& F, llvm::Argument& arg,

Check notice

Code scanning / coretrace-stack-analyzer

ConstParameterNotModified.Reference Note

[ !Info! ] ConstParameterNotModified.Reference: parameter 'F' in function 'ctrace::stack::analysis::(anonymous namespace)::collectParamEscapeFacts(llvm::Function&, llvm::Argument&, std::function<bool (llvm::Function const&)> const&, ctrace::stack::analysis::IndirectTargetResolver&, std::unordered_map<llvm::Function const*, unsigned int, std::hash<llvm::Function const*>, std::equal_to<llvm::Function const*>, std::allocator<std::pair<llvm::Function const* const, unsigned int> > > const&, ctrace::stack::analysis::StackEscapeModel const&, ctrace::stack::analysis::StackEscapeRuleMatcher&, ctrace::stack::analysis::ParamEscapeFacts&)' is never used to modify the referred object ↳ current type: Function &F ↳ suggested type: const Function &F
src/analysis/StackPointerEscape.cpp
const ReturnedPointerArgAliasMap& returnedArgAliases,
unsigned depth = 0)
{
if (!ptr)

Check notice

Code scanning / coretrace-stack-analyzer

None Note

[ !Info! ] recursive or mutually recursive function detected
src/analysis/StackComputation.cpp
}

template <typename IsRecursiveCallee>
static bool detectInfiniteRecursionByDominance(llvm::Function& F,

Check notice

Code scanning / coretrace-stack-analyzer

ConstParameterNotModified.ReferenceRvaluePreferValue Note

[ !Info! ] ConstParameterNotModified.ReferenceRvaluePreferValue: parameter 'isRecursiveCallee' in function 'bool ctrace::stack::analysis::(anonymous namespace)::detectInfiniteRecursionByDominance<ctrace::stack::analysis::detectInfiniteRecursionComponent(std::vector<llvm::Function const*, std::allocator<llvm::Function const*> > const&)::$_0>(llvm::Function&, ctrace::stack::analysis::detectInfiniteRecursionComponent(std::vector<llvm::Function const*, std::allocator<llvm::Function const*> > const&)::$_0&&)' is an rvalue reference and is never used to modify the referred object ↳ consider passing by value (<anonymous type> isRecursiveCallee) or const reference (const <anonymous type> &isRecursiveCallee) ↳ current type: <anonymous type> &&isRecursiveCallee
src/analysis/StackComputation.cpp
}

template <typename IsRecursiveCallee>
static bool detectInfiniteRecursionByDominance(llvm::Function& F,

Check notice

Code scanning / coretrace-stack-analyzer

ConstParameterNotModified.ReferenceRvaluePreferValue Note

[ !Info! ] ConstParameterNotModified.ReferenceRvaluePreferValue: parameter 'isRecursiveCallee' in function 'bool ctrace::stack::analysis::(anonymous namespace)::detectInfiniteRecursionByDominance<ctrace::stack::analysis::detectInfiniteSelfRecursion(llvm::Function&)::$_0>(llvm::Function&, ctrace::stack::analysis::detectInfiniteSelfRecursion(llvm::Function&)::$_0&&)' is an rvalue reference and is never used to modify the referred object ↳ consider passing by value (<anonymous type> isRecursiveCallee) or const reference (const <anonymous type> &isRecursiveCallee) ↳ current type: <anonymous type> &&isRecursiveCallee
@SizzleUnrlsd SizzleUnrlsd merged commit ccc2431 into main Feb 24, 2026
9 checks passed
@SizzleUnrlsd SizzleUnrlsd deleted the 46-ci-integrate-coretrace-stack-analyzer-into-github-actions-sarif-code-scanning branch February 24, 2026 10:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@SizzleUnrlsd SizzleUnrlsd

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CI: Integrate coretrace-stack-analyzer into GitHub Actions (SARIF + Code Scanning)

1 participant

@SizzleUnrlsd