Hello,
I agree that it [potentially] many false positives and the is even
addressed in the homepage.
While this is common to most static analyzers to some extent and
requires going through each "find" with care while mumbling "again with
this crap..", I still think it has some value. One pers
Jess Portnoy wrote:
> Hello,
>
> clang is indeed a great tool but since it does a lot more than just
> static analysis.
> For those cases where one wants source code analysis, especially
> security oriented, I'd recommend flawfinder
> [http://www.dwheeler.com/flawfinder].
I find that flawfinder i
Jess Portnoy wrote:
> The thing I like a lot about clang is that it can be used as a drop-in
> substitute for GCC so you can actual call clang or clang++ instead of
> executing gcc/g++, see here:
Sure, that's how I compiled PHP with it.
CC=clang ./configure --enable-all --my-usual=stuff
make
make
Hey,
The thing I like a lot about clang is that it can be used as a drop-in
substitute for GCC so you can actual call clang or clang++ instead of
executing gcc/g++, see here:
http://clang.llvm.org/get_started.html
The results you published certainly look interesting :)
May the source be with
Hi,
Jess Portnoy wrote:
clang is indeed a great tool but since it does a lot more than just
static analysis.
Yeah, it looked like an interesting thing and so I decided to play with
it. Incidentally, I discovered later that clang appears to compile PHP
5.3 pretty much flawlessly just now (at
Hello,
clang is indeed a great tool but since it does a lot more than just
static analysis.
For those cases where one wants source code analysis, especially
security oriented, I'd recommend flawfinder
[http://www.dwheeler.com/flawfinder].
This is a very good tool and it exists in the official
Michael Maclean wrote:
> Hi,
> Gwynne pointed me at the clang static analyser earlier on today, and so
> I've run it against current PHP_5_3. In the course of messing with it,
> it noticed a potential null dereference in ext/ftp - I've attached a
> one-liner to fix it.
Thanks, committed.
--
PHP
