DACA Could Mean Fewer Bugs in Debian
Every piece of software written has bugs. From the insignificant to the showstopper, bugs are there despite the herculean efforts of developers. But thanks to a new Debian project, many previously undetected bugs may finally get squashed.
Raphael Geissert, multi-talented Debian developer, recently introduced Debian's new Automated Code Analysis project. Geissert describes DACA as,
Automated Code Analysis helps detect and fix bugs and other issues in source code. The project aims to give users easy access to a wide variety of tools to improve quality of software distributed by Debian, while giving the tool's developers a test bed, more visibility, and more feedback. This is achieved by running those tools on the complete Debian archive.
It seems to many outsiders waiting for the often delayed releases that Debian's main goal is stability and eradication of bugs, and that impression is not inaccurate. Debian has worked hard to earn its reputation as of one of the most stable Linux distributions. Still though, many bugs get through; many more than some developers can accept. DACA will consist of a stack of tools for running tests on the source code of Debian packages then provide bug reports to the developers.
The project is just getting started, so there are only two tools in the box, but many more are planned. One of the tools is cppcheck. cppcheck audits C/C++ code for real functionality bugs instead of syntax errors. These are the kind of bugs that usually pass through the compiling process with no error, leading developers to believe everything is fine. Though this tool is far from complete and new and more extensive operations are planned in the coming months and years, it does quite a few checks. Some include out of bounds checking, auto variables, and memory leaks.
The other tool available is checkbashisms. As the name implies, it checks for Bashisms, which are bash extensions that are not strictly POSIX compliant. The first round of these reports is available online.
Although the list is short right now, the number of tools is anticipated to grow to over twenty. Geissert says the major limitation is, "most of the tools are CPU-bound, limiting considerably the number of tools and time it takes to check the whole Debian archive." He has called for bug checking, reporting of false positives, tool evaluation, and hardware donations. See his full post for more information.
Susan Linton is a Linux writer and the owner of tuxmachines.org.
- The Tiny Internet Project, Part I
- SUSECON 2016: Where Technology Reigns Supreme
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Bitcoin on Amazon! Sort of...
- Free Today: September Issue of Linux Journal (Retail value: $5.99)
- Android Browser Security--What You Haven't Been Told
- Securing the Programmer
- The Many Paths to a Solution
- Machine Learning with Python
Pick up any e-commerce web or mobile app today, and you’ll be holding a mashup of interconnected applications and services from a variety of different providers. For instance, when you connect to Amazon’s e-commerce app, cookies, tags and pixels that are monitored by solutions like Exact Target, BazaarVoice, Bing, Shopzilla, Liveramp and Google Tag Manager track every action you take. You’re presented with special offers and coupons based on your viewing and buying patterns. If you find something you want for your birthday, a third party manages your wish list, which you can share through multiple social- media outlets or email to a friend. When you select something to buy, you find yourself presented with similar items as kind suggestions. And when you finally check out, you’re offered the ability to pay with promo codes, gifts cards, PayPal or a variety of credit cards.Get the Guide