DACA Could Mean Fewer Bugs in Debian

Every piece of software written has bugs. From the insignificant to the showstopper, bugs are there despite the herculean efforts of developers. But thanks to a new Debian project, many previously undetected bugs may finally get squashed.

Raphael Geissert, multi-talented Debian developer, recently introduced Debian's new Automated Code Analysis project. Geissert describes DACA as,

Automated Code Analysis helps detect and fix bugs and other issues in source code. The project aims to give users easy access to a wide variety of tools to improve quality of software distributed by Debian, while giving the tool's developers a test bed, more visibility, and more feedback. This is achieved by running those tools on the complete Debian archive.

It seems to many outsiders waiting for the often delayed releases that Debian's main goal is stability and eradication of bugs, and that impression is not inaccurate. Debian has worked hard to earn its reputation as of one of the most stable Linux distributions. Still though, many bugs get through; many more than some developers can accept. DACA will consist of a stack of tools for running tests on the source code of Debian packages then provide bug reports to the developers.

The project is just getting started, so there are only two tools in the box, but many more are planned. One of the tools is cppcheck. cppcheck audits C/C++ code for real functionality bugs instead of syntax errors. These are the kind of bugs that usually pass through the compiling process with no error, leading developers to believe everything is fine. Though this tool is far from complete and new and more extensive operations are planned in the coming months and years, it does quite a few checks. Some include out of bounds checking, auto variables, and memory leaks.

The other tool available is checkbashisms. As the name implies, it checks for Bashisms, which are bash extensions that are not strictly POSIX compliant. The first round of these reports is available online.

Although the list is short right now, the number of tools is anticipated to grow to over twenty. Geissert says the major limitation is, "most of the tools are CPU-bound, limiting considerably the number of tools and time it takes to check the whole Debian archive." He has called for bug checking, reporting of false positives, tool evaluation, and hardware donations. See his full post for more information.


Susan Linton is a Linux writer and the owner of tuxmachines.org.


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

a DACA by any other name

Anonymous's picture

Isn't this type of program more commonly known as a static analyzer?

Indeed it is, but the 2 cool

Warbo's picture

Indeed it is, but the 2 cool parts of this are that 1) it is a suite of static analysis tools (at the moment a C/C++ tool and a Shell tool) and 2) is that it is run automatically on the whole Debian archive.

I don't think this will make a massive difference for users, since commonly encountered bugs will presumably already be filed. What it will help with is rarely encountered, edge-case bugs, potential security vulnerabilities and possibly performance (although there is a chance the performance of some apps will go down as they put in extra checks and balances to fix bugs found during the static analysis).

'DACA Could Mean Less Bugs in Debian'

Anonymous's picture

I think you mean 'fewer', unless they come by the bucketful.

'number of tools is anticipated to grow' Shouldn't that be 'expected'?