Skip to content

Latest commit

 

History

History
20 lines (12 loc) · 981 Bytes

design.md

File metadata and controls

20 lines (12 loc) · 981 Bytes

Shac Design

Why do we need another system for static code analysis? Shac does a few things that no known existing system does.

At a high level, shac's goals are simple:

  • Run checks safely
  • really fast.

By "fast" we mean "maximize utilization of available resources to minimize wall-clock delay for the user to get useful information."

These goals inform the chosen design, which in turn produces various constraints. First, the design:

  • Use a multi-pass system to determine which checks to run
  • Run checks in parallel
  • Use nsjail to sandbox checks

The multi-pass system allows shac to determine which checks to run quickly. Then shac spawns threads to actually do the work of the checks.

For each check shac provides a "passthrough" object that gives the check the ability to cache data. This helps well-written checks to continue to be fast by caching results of repetitive work. This passthrough also controls access to any external I/O like network calls.