Open
Description
Very generally, there are things people do in 2019 to get earlier and more automated help finding bugs in C code. I certainly don’t know all of them, or which ones are worth the costs for the risks they mitigate.
One idea I’m suggesting specifically here: starting to run some sort of static analysis tool, and some sort of memory-misuse checker, in our own working trees. Perhaps we can require certain kinds of results from these tools before merging a PR. Later, when we routinely get clean results for the whole tree, we can include these checkers in CI.