Re: Introducing the "Debian's Automated Code Analysis" (DACA) project
Stefano Zacchiroli wrote:
> On Mon, Dec 20, 2010 at 07:08:59PM -0600, Raphael Geissert wrote:
> Starting from Linux 2.6.36, there's a dir scripts/coccinelle/ in
> upstream Linux. It contains Coccinelle patterns to find bugs; some of
> them propose patches as well, but I'm not sure what is the exact amount
> of patches vs report-only. According to Julia, some of those patterns
> are kernel-specific and expect a specific contact which is created by
> kernel Makefiles; other patterns are OTOH fully generic. I guess the
> best way to figure out how many of them are generic is to actually give
> them a try.
>
> What I find very interesting for Coccinelle, is that we can imagine a
> growing set of patterns, contributed by users, package maintainers, QA
> team, etc. However, that will need some support in DACA to re-run the
> analysis of a given tool on the whole archive, which I'm not sure it's
> something you had in mind to support.
More or less, yes. I had considered running different versions of the tools
and they are actually supported by the scripts that run the tools. However,
the web interface isn't designed to support multiple versions.
If new checks are added and snapshots are released every once in a while,
they could easily be run.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Reply to: