On 11.12.2012 23:52, David Malcolm wrote:
We'd be able to run all of the code in Fedora through static analysis
tools, and slurp the results into the database
Dave, I really do not know what to say first :-). The subject is so
important and there are so many aspects and application fields - IMHO,
the topic is the most important one in the devel list lately (and is in
_direct_ relation with the all other _hot_ topics - ABI stability,
upgradeability, collections, reliable/automated migrations, packagers
productivity, rawhide, etc.)
I hope this thread will be long and fruitful discussion with the final
effect to change Fedora to something that all motivated devs in the list
expect it to become. Just few preliminary questions about your insights
in the future:
1) What about dumping the GCC structs to the DB during the OS/Repos
processing from the same beginning (means something more powerful than
dxr.mozilla.org, and possibility to engage various static analysis
people to the project, like Masaryk University team as Michal reported,
without the locking to concrete compiler technology/encoding)
2) Clang world enrolled the (suspicious) term "Compilation database" as
the safe sequence and arguments of the compiler invocations for a
package build. What is your opinion for abstracting build systems to the
DB in the same way in Fedora (based on the GCC plugin)?
3) As I said already, IMHO, this thread is the most practically
important topic in Fedora. What about SIG/Team? I think base of 8-10
high experienced part-time contributors will be enough for your spec and
1)-like enhancements.
Kind Regards,
Alek
P.S. Fedora infrastructure resources are mandatory for the final Fedora
repos cooking, but I think that the community is able to provide less
secure, but much more in volume resources for the analysis workers
(Fedora can just supply small enslaving script for the dedicated VM)
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
