Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:102925
Return-Path: <tom@ctors.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 34848 invoked from network); 20 Jul 2018 11:18:52 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 20 Jul 2018 11:18:52 -0000
Authentication-Results: pb1.pair.com smtp.mail=tom@ctors.net; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=tom@ctors.net; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ctors.net designates 209.85.213.43 as permitted sender)
X-PHP-List-Original-Sender: tom@ctors.net
X-Host-Fingerprint: 209.85.213.43 mail-vk0-f43.google.com  
Received: from [209.85.213.43] ([209.85.213.43:45980] helo=mail-vk0-f43.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 39/D8-06777-A15C15B5 for <internals@lists.php.net>; Fri, 20 Jul 2018 07:18:50 -0400
Received: by mail-vk0-f43.google.com with SMTP id b78-v6so5878970vka.12
        for <internals@lists.php.net>; Fri, 20 Jul 2018 04:18:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ctors-net.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=5HSGvWu4AnTN7724cbzEORLW/vUf6mCK8VCdrzyZ1dA=;
        b=fOnku6DOIW3vGrPC0wrMfJMbEyCQAjUb+L3YWDWrQG7EEvPzf7F6dEB8+n1JeeJygw
         tlqtQ4juUiC2AuIGPwsLpvBAJOVSgC44Rovhm5WMyaq0M1vPHgNrLU47iHoqsbzfloHl
         oHHddfZwTosrLToJvPvBPfZPUY1b2OGk0RPG7zWSEDsAUvpp95RjQZoemxCTJiShWvHi
         l7EAWSET+IystgGVZwcDCKxeTzxNsrDdE28Dl8Gj0kO861JHYBg/zS27DrvCn0eHp259
         CP+D8XlnlcvAa4U0gfrkch0pP6q4jXtzbZ/yL3BKYCqhGY4iJlqjZ4HC1d1yzcvNR16N
         8haQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=5HSGvWu4AnTN7724cbzEORLW/vUf6mCK8VCdrzyZ1dA=;
        b=ZJLEUEK91MMHgWhO+upS8yBhGVt5phkfqbriCXnu0ZYUoxQTdxkFYSTUOzblc9ennJ
         k8MAV9vXR1+ejLLzNJQZpyCFY2gNNfbFfOuTfvXUfA+X1J5koGrnV+WRM1Z2G5TvrHHy
         ezgp5xCFlIDCKwgytnkk6+vI5vOGmXwndGXCEi9l37g32O2EB+Vt+d1gTlUU2Eu1gm/4
         ASD3r24kNkVymw6Q9QouqSgVn+IxAmhDJSx9L8Dx2vtprHxbauTJ1EmG0a4QM+9KQcVe
         JpVSqF1aGkvF+MqpXyLcaP7r7Rtli8oH2gBAHEa7CW4x6DjRah+eca2iFfDmRcuFhUdC
         2Aaw==
X-Gm-Message-State: AOUpUlG6tbRXO0CL0mnQryVrFIc0YZLV4zuiLyQ/MP56LbLvMNSpEglC
	t8oJKbhZd35iG77n17FUH/RG4LauAQ1VyBCSu1OUeotIHfY=
X-Google-Smtp-Source: AAOMgpdocg2Ry8CBVHx71g5pSbGkT+OZ1X3jSqxOpcW0TYx1hMUs9ty9X7oHLTWLyy8Yx2ZAzzFrVYELOYRpFhHvtWU=
X-Received: by 2002:a1f:ce03:: with SMTP id e3-v6mr879946vkg.22.1532085527704;
 Fri, 20 Jul 2018 04:18:47 -0700 (PDT)
MIME-Version: 1.0
References: <CAN+C6bW7_zW7M5yWnNYch7eU94d4ZVY0BMK0+-_vq=6=5rqMfg@mail.gmail.com>
In-Reply-To: <CAN+C6bW7_zW7M5yWnNYch7eU94d4ZVY0BMK0+-_vq=6=5rqMfg@mail.gmail.com>
Date: Fri, 20 Jul 2018 13:18:36 +0200
Message-ID: <CAN+C6bXS-UkguBUd=kX0X6wH18YiziDypmsR0c41wtGSszRwRQ@mail.gmail.com>
To: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000a512bc05716c75bc"
Subject: Re: Improving php-src with static analyzers
From: tom@ctors.net (Tom Van Looy)

--000000000000a512bc05716c75bc
Content-Type: text/plain; charset="UTF-8"

Hi everyone

I am still regularly running Coverity scans on php-src. If you are
interested do not hesitate to get access on
https://scan.coverity.com/projects/php-src-tvlooy


On Sun, Dec 10, 2017 at 4:19 PM Tom Van Looy <tom@ctors.net> wrote:

> Hi folks
>
> I have the idea to improve the PHP source by using static analyzers. The
> first one that I would use for this is clang's scan-build and the second
> one is Coverity. The idea is not new, because I can find people talking
> about this on the internals mailing list, but that is all at least 4-6
> years ago.
>
> I found some interesting things with these tools already but there are
> some false positives too. It just takes time to look into the reports and
> figure it out, but for me it's a good way to learn more about C and
> php-src. If you could share your experience with static analyzers that
> would be great, maybe there are better analyzers out there that I don't
> know about, let me know. Is there are reasons why PHP doesn't use these
> tools in the build process, or maybe they are used but I just don't know,
> also let me know. Maybe you think this is just a bad idea, please share
> your opinion.
>
> I see that there is already a php-src project on Coverity but it was not
> analyzed for years. I have my own project on Coverity
> https://scan.coverity.com/projects/php-src-tvlooy just ask if you want
> access.
>
> I don't have much C experience. So before I get more people on board with
> this idea I would welcome some feedback from people that know better than
> me.
>
> Thanks in advance!
>
> Kind regards,
>
> Tom Van Looy
>
>

--000000000000a512bc05716c75bc--