On 06/12/2011 16:27, Robert Dewar wrote:
On 12/6/2011 10:18 AM, David Brown wrote:
Unfortunately, there are no such tools available that compare with gcc
and its warnings.
It's surprising this is true of C, it's certainly not true of Ada,
where CodePeer can do a much better job than GNAT+gcc together on
this kind of issue.
I can't answer of Ada - while learning Ada is on my "things to do" list,
it has never made it to the top :-(
And there are large, expensive commercial tools that can do better (in
some ways at least) than gcc - but nothing open source.
Every time I have looked at this, I have always come back to gcc as the
best free general-purpose tool for static analysis. I also think it has
the best starting point for such tools - after all, gcc does a great
deal of analysis on the code already, much of which would need
duplicating in a lint program. I don't see any fundamental reason why a
linter could do any better than gcc for such warnings.
Well I am not sure what you mean by a linter or lint program, but
obviously it is possible for a static analysis program to do far
better than the compiler, since it can do inter-unit analysis
that is out of reach of the compiler.
The compiler can also do inter-unit analysis - that is part of LTO.
I can't say whether gcc does a lot of inter-unit analysis and warnings
at the moment - I haven't tried LTO much as yet. But I have little
doubt that this is something that gcc will be able to do more as LTO
matures.
The other recent new feature to gcc that opens potential for better
static analysis is plugins.
Of course, much of this depends on the directions the gcc developers
want to go, and what they want to spend time and effort on. When I say
I don't see why gcc can't do static analysis as well as any lint program
could, I mean I don't think there are any insurmountable technical
barriers - not that I think it is the best use of gcc development resources.
It's worth noting that perhaps the most active open-source general
purpose C static analysis project is the "Clang Static Analyzer" - part
of the LLVM compiler suite.
Don't get me wrong here - I understand that making accurate
uninitialised warnings is a hard problem, especially while producing
optimal code, and that it is not likely to be a high priority for the
gcc developers. But I don't think I am alone in saying it is a feature
that gcc users appreciate, that we prefer not to see regressions in such
features, and that we would be very happy to see even more accurate
warnings.
One feature in GNAT that is really valuable for addressing uninitialized
variables is the option to set all otherwise uninitialized variables to
a constant value that can be changed at bind time, or even at run time
with an environment variable. Then you run with different values, and if
you get a different behavior, you know you have an uninit variable.
Of course good compiler warnings, and warnings from a tool like codepeer
are very valuable in smoking out as many cases prior to testing as
possible.
mvh.,
David
