Hi everyone I am still regularly running Coverity scans on php-src. If you are interested do not hesitate to get access on https://scan.coverity.com/projects/php-src-tvlooy
On Sun, Dec 10, 2017 at 4:19 PM Tom Van Looy <t...@ctors.net> wrote: > Hi folks > > I have the idea to improve the PHP source by using static analyzers. The > first one that I would use for this is clang's scan-build and the second > one is Coverity. The idea is not new, because I can find people talking > about this on the internals mailing list, but that is all at least 4-6 > years ago. > > I found some interesting things with these tools already but there are > some false positives too. It just takes time to look into the reports and > figure it out, but for me it's a good way to learn more about C and > php-src. If you could share your experience with static analyzers that > would be great, maybe there are better analyzers out there that I don't > know about, let me know. Is there are reasons why PHP doesn't use these > tools in the build process, or maybe they are used but I just don't know, > also let me know. Maybe you think this is just a bad idea, please share > your opinion. > > I see that there is already a php-src project on Coverity but it was not > analyzed for years. I have my own project on Coverity > https://scan.coverity.com/projects/php-src-tvlooy just ask if you want > access. > > I don't have much C experience. So before I get more people on board with > this idea I would welcome some feedback from people that know better than > me. > > Thanks in advance! > > Kind regards, > > Tom Van Looy > >
