On 28/10/2020 09:58, Andrew C Aitchison via Exim-dev wrote:
> I don't know who instigated it, or how recently it ran, but
> https://lgtm.com/projects/g/Exim/exim/
> is an online static analysis of exim.
>
> I am willing to go through the alerts in a general way if it
> will be useful, though I'm not sure how to give useful feedback.
Looks like it runs continuously; it references the current tree head.
I don't like static analysers in general - they tend to not understand
enough context, they tend to display the biasses of the analyzer writer
rather than the actual sourcecode language definition, and they throw
up so much cruft as a result that wading through it is a major timesink.
For instance, with Coverity I had to dismiss just about every whine re.
memory leaks. Exim's process-handling releases memory by terminating
processes. The tool just didn't grok the possibility; fortunately it
let me tag each whine position as accepted.
This one looks pretty limited, from the alerts it is displaying.
--
Cheers,
Jeremy