Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:114557
Return-Path: <calvin@cmpct.info>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 75788 invoked from network); 21 May 2021 18:51:12 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 21 May 2021 18:51:12 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 1B5E01804B1
	for <internals@lists.php.net>; Fri, 21 May 2021 12:01:32 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <calvin@cmpct.info>
Received: from mail.cmpct.info (supercat.cmpct.info [71.19.146.230])
	by php-smtp4.php.net (Postfix) with ESMTP
	for <internals@lists.php.net>; Fri, 21 May 2021 12:01:31 -0700 (PDT)
Received: from smtpclient.apple (fctnnbsc38w-142-167-240-56.dhcp-dynamic.fibreop.nb.bellaliant.net [142.167.240.56])
	by mail.cmpct.info (Postfix) with ESMTPSA id 7B91B3FC50
	for <internals@lists.php.net>; Fri, 21 May 2021 19:01:29 +0000 (UTC)
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.43\))
Message-ID: <194DA850-19F7-41C4-97CF-944F13B57AFD@cmpct.info>
Date: Fri, 21 May 2021 16:01:28 -0300
To: internals@lists.php.net
X-Mailer: Apple Mail (2.3654.80.0.2.43)
Subject: Using clang-analyzer with PHP: experiences?
From: calvin@cmpct.info (Calvin Buckley)

Hi internals@,

I maintain an extension and I suspect there are some issues in the code. =
As such, I=E2=80=99ve been trying various tools to try to make it easier =
to catch the issues. (For the curious: I=E2=80=99ve tried *San, which I =
feel doesn=E2=80=99t work very well unless you /totally control/ the =
entire stack, which I didn=E2=80=99t have the luxury of. I also tried =
Valgrind, but I need ro revisit this to deal with possible false =
positives in the library.) This time, I decided to try static analysis =
through LLVM.

Luckily, clang-analyzer is pretty simple. Just prepending =
=E2=80=9Cscan-build=E2=80=9D to my make invocation. Easy, right? =
Unfortunately, I noticed that due to an inconsistency in the codebase (a =
use of realloc instead of erealloc), that it doesn=E2=80=99t seem to =
account for i.e emalloc vs. malloc. Possible leaks =E2=80=9Cwent away=E2=80=
=9D from the output when I converted them to the PHP memory management =
functions.

Has anyone ever used clang-analyzer with PHP before? I noticed there was =
some tooling for a previous PHP transition [1], but I don=E2=80=99t know =
if anyone=E2=80=99s tackled the low-hanging fruit of memory functions. I =
suppose I could just redefine emalloc and friends, but I feel that would =
probably be inaccurate with things like zend_string.

Regards,
Calvin

[1]: https://github.com/johannes/clang-php-checker=