The Shortest Article about a Check of nginx
Our readers asked us many times to check the nginx project. We already did it about a year ago and found nothing of interest. We have rechecked this project recently and again haven't found anything. Since people keep asking about this project, I decided to write a small post about that check.
nginx [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VKontakte, and Rambler. According to Netcraft nginx served or proxied 17.82% busiest sites in April 2014.
The project website: nginx.
We were using the PVS-Studio static analyzer to check the nginx project, and it hasn't found any suspicious fragments. That's not the kind of thing that usually happens. But it really was the case with nginx that we didn't find any bugs at all.
There are a few reasons for that though:
- What's most important, the project code is very high-quality and well tested. It is widely used, so bugs are quickly revealed, should they ever occur.
- The project is really tiny. The size of the source code is less than 4 Mbytes.
- I guess you won't find a programmer who hasn't already checked this project. Among analyzers that were tried on it are Coverity Scan, Klocwork Insight and perhaps many others.
Does it mean that simply writing a high-quality code will let you do without a static analyzer? No. Firstly, the errors found by Coverity, for example, prove that testing projects does make sense. Secondly, static analysis is most profitable when being used regularly. A one-time check won't do much. I know for sure that PVS-Studio could help developers save huge amounts of time and effort by revealing typos and other defects at early development stages.
The conclusion is, nginx is a very high-quality project. Our congratulations and best wishes to the authors!