On 2020-05-23 14:49, Drew Parsons wrote:
On 2020-05-23 14:18, Jed Brown wrote:I wonder if you are aware of any static analysis tools that can flag implicit conversions of this sort: int64_t n = ...; for (int32_t i=0; i<n; i++) { ... } There is -fsanitize=signed-integer-overflow (which generates a runtime error message), but that requires data to cause overflow at every possible location.I'll ask the Debian gcc team and the Science team if they have ideas about this.
Hi Jed, Thomas Schiex from Debian Science has replied to this question, suggesting clang-static-analyzer or lgtm:
For open source projects, a few online static analyzers are available and usable for free. This kind of integer type mismach will be caught by most of them. Possibly clang-static-analyzer will do the job. Otherwise, an easy one is lgtm for example. See https://lgtm.com/
(I have no link with them except as an open source software developer using their services for free).
There are other tools (mostly geared towards security) available for free for open source software but I just forgot their name. Any web search tool should help you here.
Thomas
