The ddsa runtime solves numerous performance issues, as well as enabling functionality that will allow more powerful and accurate rules to be written.
This was a complete re-write of our existing JavaScript runtime, and so for caution, we implemented it as a feature flag so that we could test it internally to ensure parity across a larger sample size of files and usage (https://github.com/DataDog/datadog-static-analyzer/pull/428).
Running for two weeks confirmed parity (and where not 100%, it is due to false positives/negatives that this PR fixes)
What is your solution?
Remove the existing stella runtime (but preserve the compatibility layer so existing rules that haven't been re-written don't break).
Preserve --ddsa-runtime as a CLI flag for both the analyzer and the server. Our binaries throw an error upon receiving an unexpected CLI flag, and so to give time for users to change existing usage, we "deprecate" the flag now via a printed warning. We will remove this flag in a future release. (we already clarified the flag was for "internal" use, so this method of deprecating is appropriate)
What problem are you trying to solve?
The ddsa runtime solves numerous performance issues, as well as enabling functionality that will allow more powerful and accurate rules to be written.
This was a complete re-write of our existing JavaScript runtime, and so for caution, we implemented it as a feature flag so that we could test it internally to ensure parity across a larger sample size of files and usage (https://github.com/DataDog/datadog-static-analyzer/pull/428).
Running for two weeks confirmed parity (and where not 100%, it is due to false positives/negatives that this PR fixes)
What is your solution?
--ddsa-runtime
as a CLI flag for both the analyzer and the server. Our binaries throw an error upon receiving an unexpected CLI flag, and so to give time for users to change existing usage, we "deprecate" the flag now via a printed warning. We will remove this flag in a future release. (we already clarified the flag was for "internal" use, so this method of deprecating is appropriate)Alternatives considered
What the reviewer should know