DACA Could Mean Fewer Bugs in Debian

Debian GNU/Linux

Every piece of software written has bugs. From the insignificant to the showstopper, bugs are there despite the herculean efforts of developers. But thanks to a new Debian project, many previously undetected bugs may finally get squashed.

Raphael Geissert, multi-talented Debian developer, recently introduced Debian's new Automated Code Analysis project. Geissert describes DACA as,

Automated Code Analysis helps detect and fix bugs and other issues in source code. The project aims to give users easy access to a wide variety of tools to improve quality of software distributed by Debian, while giving the tool's developers a test bed, more visibility, and more feedback. This is achieved by running those tools on the complete Debian archive.

It seems to many outsiders waiting for the often delayed releases that Debian's main goal is stability and eradication of bugs, and that impression is not inaccurate. Debian has worked hard to earn its reputation as of one of the most stable Linux distributions. Still though, many bugs get through; many more than some developers can accept. DACA will consist of a stack of tools for running tests on the source code of Debian packages then provide bug reports to the developers.

The project is just getting started, so there are only two tools in the box, but many more are planned. One of the tools is cppcheck. cppcheck audits C/C++ code for real functionality bugs instead of syntax errors. These are the kind of bugs that usually pass through the compiling process with no error, leading developers to believe everything is fine. Though this tool is far from complete and new and more extensive operations are planned in the coming months and years, it does quite a few checks. Some include out of bounds checking, auto variables, and memory leaks.

The other tool available is checkbashisms. As the name implies, it checks for Bashisms, which are bash extensions that are not strictly POSIX compliant. The first round of these reports is available online.

Although the list is short right now, the number of tools is anticipated to grow to over twenty. Geissert says the major limitation is, "most of the tools are CPU-bound, limiting considerably the number of tools and time it takes to check the whole Debian archive." He has called for bug checking, reporting of false positives, tool evaluation, and hardware donations. See his full post for more information.

______________________

Susan Linton is a Linux writer and the owner of tuxmachines.org.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

a DACA by any other name

Anonymous's picture

Isn't this type of program more commonly known as a static analyzer?

Indeed it is, but the 2 cool

Warbo's picture

Indeed it is, but the 2 cool parts of this are that 1) it is a suite of static analysis tools (at the moment a C/C++ tool and a Shell tool) and 2) is that it is run automatically on the whole Debian archive.

I don't think this will make a massive difference for users, since commonly encountered bugs will presumably already be filed. What it will help with is rarely encountered, edge-case bugs, potential security vulnerabilities and possibly performance (although there is a chance the performance of some apps will go down as they put in extra checks and balances to fix bugs found during the static analysis).

'DACA Could Mean Less Bugs in Debian'

Anonymous's picture

I think you mean 'fewer', unless they come by the bucketful.

'number of tools is anticipated to grow' Shouldn't that be 'expected'?

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState