See whether Facebook's Infer static analyzer is useful within Git's context #346
Description
Git has a subscription with Coverity, and it helped find a few bugs, but the list of issues is not public (Coverity limitation) and it is littered with false positives (Coverity really does not like what we do with the empty string in STRBUF_INIT, for example, assuming that we will write into it upon strbuf_add()).
Facebook came up with a static analyzer based on Clang (but it also requires OCaml for parts of the build, it seems). This would be a better alternative than Coverity because it could in theory be taught to know about Git's idiosyncrasies (e.g. certain singletons, strbuf being backed by a "0-sized" buffer, etc).
If this turns out to be useful, it would make a lot of sense to integrate it into our Azure Pipeline.