The Shortest Article about a Check of nginx

Andrey Karpov
Articles: 371



Our readers asked us many times to check the nginx project. We already did it about a year ago and found nothing of interest. We have rechecked this project recently and again haven't found anything. Since people keep asking about this project, I decided to write a small post about that check.

Picture 1

nginx [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VKontakte, and Rambler. According to Netcraft nginx served or proxied 17.82% busiest sites in April 2014.

The project website: nginx.

Wikipedia: nginx.

We were using the PVS-Studio static analyzer to check the nginx project, and it hasn't found any suspicious fragments. That's not the kind of thing that usually happens. But it really was the case with nginx that we didn't find any bugs at all.

There are a few reasons for that though:

  • What's most important, the project code is very high-quality and well tested. It is widely used, so bugs are quickly revealed, should they ever occur.
  • The project is really tiny. The size of the source code is less than 4 Mbytes.
  • I guess you won't find a programmer who hasn't already checked this project. Among analyzers that were tried on it are Coverity Scan, Klocwork Insight and perhaps many others.

Does it mean that simply writing a high-quality code will let you do without a static analyzer? No. Firstly, the errors found by Coverity, for example, prove that testing projects does make sense. Secondly, static analysis is most profitable when being used regularly. A one-time check won't do much. I know for sure that PVS-Studio could help developers save huge amounts of time and effort by revealing typos and other defects at early development stages.

The conclusion is, nginx is a very high-quality project. Our congratulations and best wishes to the authors!



Use PVS-Studio to search for bugs in C, C++, C# and Java

We offer you to check your project code with PVS-Studio. Just one bug found in the project will show you the benefits of the static code analysis methodology better than a dozen of the articles.

goto PVS-Studio;

Andrey Karpov
Articles: 371


Bugs Found

Checked Projects
344
Collected Errors
12 970