Speed is really not very important for this. But I know there is a couple blocks of code where it basically does the same thing over and over again unnecessarily. I don't think spending very much time on this is warranted, but once the plugin becomes more feature complete, its probably worth it to do at least one round of profiling and checking for very low hanging fruit.
So I did some testing, running seccheck on AbuseFilter with mwext-fast. The runtime was 103 seconds. Then I removed seccheck from phan's config, and got a runtime of 72 seconds, which should be our lower bound. Given that 30 seconds aren't that much, I guess it's really not a priority.
Yeah, that seems fairly quick to me. Obviously there are efficiency concerns here since this needs to run in CI, but 30 seconds doesn't seem so terrible imo. Of course if we ever try to get this working on core, that might be a different story. Do we know where AbuseFilter falls in terms of size/complexity for deployed extensions? I'd guess it's at least moderately complex.
Well, core is definitely slower... We can try running it on different extensions, but looking at previous runs it seems like AF has more or less the same runtime as other extensions (or maybe slightly higher). I also tried running seccheck (on AF) with xdebug enabled to see if I could get something useful. I ended up with a runtime of 4000 seconds and no useful data :-/