Re: Introducing the "Debian's Automated Code Analysis" (DACA) project
Stefan Fritsch wrote:
> I fully agree with you WRT flawfinder and splint.
> OTOH, I think that clang's scan-build has a reasonable signal-to-noise
> ratio. It only does C, though.
Yes, scan-build is pending some infrastructure work. I've now added a list
of known tools to the website:
> For perl, perlcritic at a sufficiently high warning level may be worth
> a thought.
I read a bit about Perl::Critic the other day and it seems it might be worth
running it and split the results by severity. The results will be very
> A question about hardware: How much memory/disk space is needed at the
> minimum to be useful?
It all depends on the tool that is to be run. cppcheck is CPU and memory-
bound, checkbashisms, ohcount, and pyflakes are usually I/O-bound. The
minimum fs space requirement is the binary or source package unpacked
(multiply that by the number of instances of the tools running on the host.)
clang and smatch need more space since they build the code.
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net