On Tue, 2011-12-06 at 16:40 +0100, David Brown wrote: > On 06/12/2011 16:27, Robert Dewar wrote: > > On 12/6/2011 10:18 AM, David Brown wrote: > > > >> Unfortunately, there are no such tools available that compare with gcc > >> and its warnings. > > ...
> And there are large, expensive commercial tools that can do better (in > some ways at least) than gcc - but nothing open source. ... > The other recent new feature to gcc that opens potential for better > static analysis is plugins. Shameless plug: my Python plugin for GCC [1] has an example static analysis library "libcpychecker", which does attempt to track every path through a function, and does some primitive tracking of usage of uninitialized values (see [2]). However, that code is very immature, given that I'm essentially doing a bad reimplementation of value-range-propagation in Python (see the long list of caveats on that page), plus a lot of rules and hints about the behaviors of the API that I care about (which allows analysis of callsites to be smarter, somewhat similar to what LTO might allow). Though that code is really more about detection of reference-counting errors (which has shaped my implementation decisions), and it's been good enough to find quite a few real bugs [3]... hidden in the noise of the slowly-decreasing false-positives... FWIW, that library may be extensible, so that we could teach it about other APIs, but that's probably off-topic for this list; see [4] Dave [1] https://fedorahosted.org/gcc-python-plugin/ [2] http://gcc-python-plugin.readthedocs.org/en/latest/cpychecker.html#error-handling-checking [3] http://gcc-python-plugin.readthedocs.org/en/latest/success.html [4] https://fedorahosted.org/mailman/listinfo/gcc-python-plugin/