On 28/10/2020 09:58, Andrew C Aitchison via Exim-dev wrote:
I don't know who instigated it, or how recently it ran, but https://lgtm.com/projects/g/Exim/exim/ is an online static analysis of exim.I am willing to go through the alerts in a general way if it will be useful, though I'm not sure how to give useful feedback.
Looks like it runs continuously; it references the current tree head. I don't like static analysers in general - they tend to not understand enough context, they tend to display the biasses of the analyzer writer rather than the actual sourcecode language definition, and they throw up so much cruft as a result that wading through it is a major timesink. For instance, with Coverity I had to dismiss just about every whine re. memory leaks. Exim's process-handling releases memory by terminating processes. The tool just didn't grok the possibility; fortunately it let me tag each whine position as accepted. This one looks pretty limited, from the alerts it is displaying. -- Cheers, Jeremy
OpenPGP_0xBCE58C8CE41F32DF.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
