blob: 8387db0a53e7d52ed1b2afbd5e8f77a2d8e1f8fa [file] [log] [blame] [view]
# Shac Design
Why do we need another system for static code analysis? Shac does a few things that no known existing system does.
At a high level, shac's goals are simple:
* Run checks safely
* _really fast_.
By "fast" we mean "maximize utilization of available resources to minimize wall-clock delay for the user to get useful information."
These goals inform the chosen design, which in turn produces various constraints. First, the design:
* Use a multi-pass system to determine which checks to run
* Run checks in parallel
* Use nsjail to sandbox checks
The multi-pass system allows shac to determine which checks to run quickly. Then shac spawns threads to actually do the work of the checks.
For each check shac provides a "passthrough" object that gives the check the ability to cache data. This helps well-written checks to continue to be fast by caching results of repetitive work. This passthrough also controls access to any external I/O like network calls.