Hi folks
I have the idea to improve the PHP source by using static analyzers. The
first one that I would use for this is clang's scan-build and the second
one is Coverity. The idea is not new, because I can find people talking
about this on the internals mailing list, but that is all at least 4-6
years ago.
I found some interesting things with these tools already but there are some
false positives too. It just takes time to look into the reports and figure
it out, but for me it's a good way to learn more about C and php-src. If
you could share your experience with static analyzers that would be great,
maybe there are better analyzers out there that I don't know about, let me
know. Is there are reasons why PHP doesn't use these tools in the build
process, or maybe they are used but I just don't know, also let me know.
Maybe you think this is just a bad idea, please share your opinion.
I see that there is already a php-src project on Coverity but it was not
analyzed for years. I have my own project on Coverity
https://scan.coverity.com/projects/php-src-tvlooy just ask if you want
access.
I don't have much C experience. So before I get more people on board with
this idea I would welcome some feedback from people that know better than
me.
Thanks in advance!
Kind regards,
Tom Van Looy
Hi everyone
I am still regularly running Coverity scans on php-src. If you are
interested do not hesitate to get access on
https://scan.coverity.com/projects/php-src-tvlooy
Hi folks
I have the idea to improve the PHP source by using static analyzers. The
first one that I would use for this is clang's scan-build and the second
one is Coverity. The idea is not new, because I can find people talking
about this on the internals mailing list, but that is all at least 4-6
years ago.I found some interesting things with these tools already but there are
some false positives too. It just takes time to look into the reports and
figure it out, but for me it's a good way to learn more about C and
php-src. If you could share your experience with static analyzers that
would be great, maybe there are better analyzers out there that I don't
know about, let me know. Is there are reasons why PHP doesn't use these
tools in the build process, or maybe they are used but I just don't know,
also let me know. Maybe you think this is just a bad idea, please share
your opinion.I see that there is already a php-src project on Coverity but it was not
analyzed for years. I have my own project on Coverity
https://scan.coverity.com/projects/php-src-tvlooy just ask if you want
access.I don't have much C experience. So before I get more people on board with
this idea I would welcome some feedback from people that know better than
me.Thanks in advance!
Kind regards,
Tom Van Looy