Welcome! Log In Create A New Profile

Advanced

[PHP-DEV] Improving php-src with static analyzers

Posted by Tom Van Looy 
Tom Van Looy
[PHP-DEV] Improving php-src with static analyzers
December 10, 2017 04:30PM
Hi folks

I have the idea to improve the PHP source by using static analyzers. The
first one that I would use for this is clang's scan-build and the second
one is Coverity. The idea is not new, because I can find people talking
about this on the internals mailing list, but that is all at least 4-6
years ago.

I found some interesting things with these tools already but there are some
false positives too. It just takes time to look into the reports and figure
it out, but for me it's a good way to learn more about C and php-src. If
you could share your experience with static analyzers that would be great,
maybe there are better analyzers out there that I don't know about, let me
know. Is there are reasons why PHP doesn't use these tools in the build
process, or maybe they are used but I just don't know, also let me know.
Maybe you think this is just a bad idea, please share your opinion.

I see that there is already a php-src project on Coverity but it was not
analyzed for years. I have my own project on Coverity
https://scan.coverity.com/projects/php-src-tvlooy just ask if you want
access.

I don't have much C experience. So before I get more people on board with
this idea I would welcome some feedback from people that know better than
me.

Thanks in advance!

Kind regards,

Tom Van Looy
Sorry, only registered users may post in this forum.

Click here to login