Static Analysis: results of FUDcon Lawrence hackfest
Alec Leamas
leamas.alec at gmail.com
Thu Jan 24 17:11:14 UTC 2013
On 2013-01-24 17:44, David Malcolm wrote:
> Michael Hrivnak and I spent some time at FUDcon Lawrence looking at
> static code analysis.
>
> We hacked on the proposed common format for analysis tools (aka
> "firehose").
>
[cut]
> The plan is that the interchange format can be uploaded into a web
> UI/database, so that we can:
> * scan the entire distro
> * compare warnings: e.g. what new warnings appear in a package rebuild?
> * have a consistent interface for marking warnings as false positives
> * come up with some subset of the warnings that we care about
> * etc
>
[cut]
Probably off-topic, but just my 5c... There are similar checks done by
fedora.-review, basically running spec conformance tests that doesn't
require a complete build (performance reasons), boiling down to a list
of warnings. These are not directly tied to specific code, only the spec
file and never a specific line. Still, the thought of of getting this
in the overall status for a package comes into my mind when I read this.
To let fedora-review output some XML instead of current text-based
report. would be simple. But is there any value in it? See the package
guideline violations that can be detected automatically in the same
database and web GUI?! Enclose not just source files but also overall
package analyze output (rpmlint comes to my mind)?
Perhaps...
--alec
More information about the devel
mailing list