[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Introducing the "Debian's Automated Code Analysis" (DACA) project

Hi Stefan,

Stefan Fritsch wrote:
> I fully agree with you WRT flawfinder and splint.
> OTOH, I think that clang's scan-build has a reasonable signal-to-noise
> ratio. It only does C, though.

Yes, scan-build is pending some infrastructure work. I've now added a list 
of known tools to the website:

> For perl, perlcritic at a sufficiently high warning level may be worth
> a thought.

I read a bit about Perl::Critic the other day and it seems it might be worth 
running it and split the results by severity. The results will be very 
noisy, however.

> A question about hardware: How much memory/disk space is needed at the
> minimum to be useful?

It all depends on the tool that is to be run. cppcheck is CPU and memory-
bound, checkbashisms, ohcount, and pyflakes are usually I/O-bound. The 
minimum fs space requirement is the binary or source package unpacked 
(multiply that by the number of instances of the tools running on the host.)
clang and smatch need more space since they build the code.

Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Reply to: