Hey,
The thing I like a lot about clang is that it can be used as a drop-in
substitute for GCC so you can actual call clang or clang++ instead of
executing gcc/g++, see here:
http://clang.llvm.org/get_started.html
The results you published certainly look interesting :)
May the source be with you,
Best regards,
Jess Portnoy
Michael Maclean wrote:
Hi,
Jess Portnoy wrote:
clang is indeed a great tool but since it does a lot more than just
static analysis.
Yeah, it looked like an interesting thing and so I decided to play
with it. Incidentally, I discovered later that clang appears to
compile PHP 5.3 pretty much flawlessly just now (at least for my
particular set of configure options). The scan-build analyser thing I
used ran the code through clang before forwarding it on to gcc for the
actual compilation.
For those cases where one wants source code analysis, especially
security oriented, I'd recommend flawfinder
[http://www.dwheeler.com/flawfinder].
I'll have a look. Thanks for the tip.
I ran it against the PHP 5.2.11 sources and am now sorting through
results, patching suggestions may follow :)
Heh. If anyone wants to see the output from scan-build that I got,
it's at http://mgdm.net/~michael/php-5.3-clang/ along with the
notes.txt that I'm filling in as I go along.
Michael
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
