Hi folks I have the idea to improve the PHP source by using static analyzers. The first one that I would use for this is clang's scan-build and the second one is Coverity. The idea is not new, because I can find people talking about this on the internals mailing list, but that is all at least 4-6 years ago.
I found some interesting things with these tools already but there are some false positives too. It just takes time to look into the reports and figure it out, but for me it's a good way to learn more about C and php-src. If you could share your experience with static analyzers that would be great, maybe there are better analyzers out there that I don't know about, let me know. Is there are reasons why PHP doesn't use these tools in the build process, or maybe they are used but I just don't know, also let me know. Maybe you think this is just a bad idea, please share your opinion. I see that there is already a php-src project on Coverity but it was not analyzed for years. I have my own project on Coverity https://scan.coverity.com/projects/php-src-tvlooy just ask if you want access. I don't have much C experience. So before I get more people on board with this idea I would welcome some feedback from people that know better than me. Thanks in advance! Kind regards, Tom Van Looy
