Join GitHub today
Static code analyzers
scan-build is a command line utility that enables a user to run the static analyzer over their codebase as part of performing a regular build (from the command line).
During a project build, as source files are compiled they are also analyzed in tandem by the static analyzer.
cd ext mkdir report phpize scan-build -o report ./configure scan-build -o report make
Cppcheck is a static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to detect only real errors in the code (i.e. have zero false positives).
cd ext phpize ./configure php-config --includes | sed -r 's/^-I//; s/ -I/\n/g' > includes.txt cppcheck --includes-file=includes.txt --enable=all .
Sparse provides a set of annotations designed to convey semantic information about types, such as what address space pointers point to, or what locks a function acquires or releases.
cd ext phpize ./configure CC=cgcc CFLAGS="-Wsparse-all"