DACA Could Mean Fewer Bugs in Debian
Every piece of software written has bugs. From the insignificant to the showstopper, bugs are there despite the herculean efforts of developers. But thanks to a new Debian project, many previously undetected bugs may finally get squashed.
Raphael Geissert, multi-talented Debian developer, recently introduced Debian's new Automated Code Analysis project. Geissert describes DACA as,
Automated Code Analysis helps detect and fix bugs and other issues in source code. The project aims to give users easy access to a wide variety of tools to improve quality of software distributed by Debian, while giving the tool's developers a test bed, more visibility, and more feedback. This is achieved by running those tools on the complete Debian archive.
It seems to many outsiders waiting for the often delayed releases that Debian's main goal is stability and eradication of bugs, and that impression is not inaccurate. Debian has worked hard to earn its reputation as of one of the most stable Linux distributions. Still though, many bugs get through; many more than some developers can accept. DACA will consist of a stack of tools for running tests on the source code of Debian packages then provide bug reports to the developers.
The project is just getting started, so there are only two tools in the box, but many more are planned. One of the tools is cppcheck. cppcheck audits C/C++ code for real functionality bugs instead of syntax errors. These are the kind of bugs that usually pass through the compiling process with no error, leading developers to believe everything is fine. Though this tool is far from complete and new and more extensive operations are planned in the coming months and years, it does quite a few checks. Some include out of bounds checking, auto variables, and memory leaks.
The other tool available is checkbashisms. As the name implies, it checks for Bashisms, which are bash extensions that are not strictly POSIX compliant. The first round of these reports is available online.
Although the list is short right now, the number of tools is anticipated to grow to over twenty. Geissert says the major limitation is, "most of the tools are CPU-bound, limiting considerably the number of tools and time it takes to check the whole Debian archive." He has called for bug checking, reporting of false positives, tool evaluation, and hardware donations. See his full post for more information.
Susan Linton is a Linux writer and the owner of tuxmachines.org.
Win an iPhone 6
Enter to Win
|Non-Linux FOSS: Install Windows? Yeah, Open Source Can Do That.||Nov 24, 2015|
|Cipher Security: How to harden TLS and SSH||Nov 23, 2015|
|Web Stores Held Hostage||Nov 19, 2015|
|diff -u: What's New in Kernel Development||Nov 17, 2015|
|Recipy for Science||Nov 16, 2015|
|Firefox's New Feature for Tighter Security||Nov 13, 2015|
- Non-Linux FOSS: Install Windows? Yeah, Open Source Can Do That.
- Cipher Security: How to harden TLS and SSH
- Simple Photo Editing, Linux Edition!
- Web Stores Held Hostage
- Firefox's New Feature for Tighter Security
- Libreboot on an x60, Part II: the Installation
- It's a Bird. It's Another Bird!
- diff -u: What's New in Kernel Development
- How Will the Big Data Craze Play Out?
- November 2015 Issue of Linux Journal: System Administration