On 08 Jan 2017, at 4:45 AM, Leif Hedstrom <zw...@apache.org> wrote: > I ran clang-analyzer against the HTTPD master branch, and it found 126 > issues. Many of these are benign, but I was curious if the community has any > thoughts on this? With another project, I’ve found that keep static code > analysis to zero issues can really help finding new, serious issues > (basically, we put the tree in failed state if there’s a new static code > analysis issue). > > The issues are all over the source code, in core and mod_’s alike. It’d be > pretty tedious to file individual tickets for each of them, so curious if > there’s any interest in cleaning this up to start with a clean state? It’d > then be easy to add clang-analyzer to the release process for example.
Adding clang-analyzer to a make target (not a default part of the build) would be a good step, it would make it easy for anyone to run it if they had it available. The most effective contributions would be patches to fix each one. From experience it is difficult to fix these sort of things without the ability to rerun the analyser to ensure the issue is gone, and every now and again issues uncover things that may take some time to fix. Agreed that getting these things to zero would be a good thing to have. Regards, Graham —
smime.p7s
Description: S/MIME cryptographic signature
