Fwd: GCC static analysis branch now available on Compiler Explorer
Joel Sherrill
joel at rtems.org
Tue Dec 10 17:19:33 UTC 2019
This looks like something we should consider using as well as clang's
checks.
---------- Forwarded message ---------
From: David Malcolm <dmalcolm at redhat.com>
Date: Tue, Dec 10, 2019, 9:47 AM
Subject: GCC static analysis branch now available on Compiler Explorer
To: <gcc at gcc.gnu.org>
For the adventurous/curious, my static analyzer branch of GCC [1] is
now available on Compiler Explorer (aka godbolt.org) so you can try it
out without building it yourself. [Thanks to Matt Godbolt, Patrick
Quist and others at the Compiler Explorer project]
On https://godbolt.org/ within the C and C++ languages, select
"x86-64 gcc (static analysis)"
as the compiler (though strictly speaking only C is in-scope right
now). It's configured to automatically inject -fanalyzer (just on this
site; it isn't the default in the branch).
Some precanned examples:
* various malloc issues: https://godbolt.org/z/tnx65n
* stdio issues: https://godbolt.org/z/4BP-Tj
* fprintf in signal handler: https://godbolt.org/z/ew7mW6
* tainted data affecting control flow: https://godbolt.org/z/3v8vSj
* password-leakage: https://godbolt.org/z/pRPYiv
(the non-malloc examples are much more in "proof-of-concept" territory)
Would it make sense to add an "analyzer" component to our bugzilla,
even though this is still on a branch? (with me as default assignee)
Dave
[1] https://gcc.gnu.org/wiki/DavidMalcolm/StaticAnalyzer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20191210/6005b021/attachment.html>
More information about the devel
mailing list