Revision as of 16:16, 17 January 2013

Fedora Static Analysis Special Interest Group (SIG)

(Note that this SIG is merely tentative for now)

TBD

dmalcolm is interested in making it easy to run static code analysis tools on all of Fedora, and having a sane system for getting useful information from the firehose of data that doing so is likely to generate. See http://lists.fedoraproject.org/pipermail/devel/2012-December/175232.html

See also the Formal Methods SIG with which there's clearly an overlap.

TBD

TBD; Fedora's main devel list for now

dmalcolm: for Fedora 17 I attempted to run all of the Python C extension code in Fedora through my cpychecker cpychecker tool. I want to repeat this analysis, but this time to capture the results in a database.

TODO

gcc - arguably we should pay more attention to the compiler warnings that gcc already generates: sometimes it's correctly pointing out a bug.
clang static analyzer (in Fedora as "clang-analyzer" subpackage of "llvm")
cpychecker (part of gcc-python-plugin)
flawfinder (that page has a great list of links to other static analysis tools)
cppcheck Cppcheck is a static analysis tool for C/C++ code.
sparse - a Semantic Parser for C, primarily used by kernel developers.

TODO

@@ Line 26: / Line 26: @@
 == Tasks ==
-TODO
+dmalcolm: for Fedora 17 I [http://fedoraproject.org/wiki/Features/StaticAnalysisOfPythonRefcounts attempted to run all of the Python C extension code in Fedora] through my [https://gcc-python-plugin.readthedocs.org/en/latest/cpychecker.html cpychecker] cpychecker tool.  I want to repeat this analysis, but this time to capture the results in a database.
 === Static Code Analysis tools already in Fedora ===