httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <>
Subject Re: clang-analyzer?
Date Sun, 08 Jan 2017 06:29:54 GMT
Several times a year, we get offers or full dumps of programmatic static
code analysis.

We have, for decades, rejected it all, and invited reporters to bring
specific analysis of actually problematic cases back to the list (or
security@, as applicable.)

If anyone is interested, we consistently invite reports of actual defects
or security issues to be resolved.



On Jan 7, 2017 8:45 PM, "Leif Hedstrom" <> wrote:

> Howdy,
> I ran clang-analyzer against the HTTPD master branch, and it found 126
> issues. Many of these are benign, but I was curious if the community has
> any thoughts on this? With another project, I’ve found that keep static
> code analysis to zero issues can really help finding new, serious issues
> (basically, we put the tree in failed state if there’s a new static code
> analysis issue).
> The issues are all over the source code, in core and mod_’s alike. It’d be
> pretty tedious to file individual tickets for each of them, so curious if
> there’s any interest in cleaning this up to start with a clean state? It’d
> then be easy to add clang-analyzer to the release process for example.
> Thoughts?
> — leif

View raw message