On Fri, 2013-01-25 at 08:01 -0700, Jerry James wrote: > On Fri, Jan 25, 2013 at 5:16 AM, Kamil Dudka <kdudka@xxxxxxxxxx> wrote: > > On Thursday, January 24, 2013 14:11:11 Jerry James wrote: > >> It is not, but see http://jjames.fedorapeople.org/blast/ for an > >> experimental RPM. If we could get the Vampyre developers to remove > >> "for research purposes only" from their license, we could get both > >> Vampyre and BLAST into Fedora. > >> > >> Note that we also have why and why3 in Fedora, by the way. > > > > The above tools are not bug finding tools. They will not give you a list > > of bugs detected in the input program. You need to specify a property to > > verify and the tools then return a yes/no answer, supported by a (usually > > hard to read) counter-example. Such tools are not intended for a fully > > automatic static analysis. > > > > Kamil > > David mentioned Frama-C, so I thought he would be interested in these > tools, too. I mentioned it mostly because it was listed on the big list of analysis tools on http://www.dwheeler.com/flawfinder/ and seems to be relatively sophisticated. I've not used it myself yet beyond installing it and trying (unsuccessfully) to get it to compile some of the .c files in python-ethtool (which is the test srpm I've been using). But yeah, what I'm looking for are code analyzers that can be run in automated fashion without needing extensive configuration, and that will emit a list of warnings about the code, that (hopefully) are worth looking at. I'm going for low-hanging fruit here: given the list of analyzers we already have working in mock-with-analysis, we may have enough to try building a nice UI to get sane information from the results. Thanks Dave -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
