Hey all, just a few questions about the fantastic GCC Static Analyzer:
- It's stated that support for C++ vs C is very limited. Does this apply if
you're writing C++ that is very similar-looking to C and uses few of C++'s
advanced features?
- I noticed that in C++, the "gnu::malloc" attributes don't seem to report
"warning: leak of 'xxx_alloc()' [CWE-401] [-Wanalyzer-malloc-leak]", is
this
normal?
- Is it worthwhile to spend time annotating your method signatures with
attributes like "malloc" and "access"? Do these aid the -fanalyzer passes?
For instance:
[[gnu::malloc]] [[gnu::malloc(HeapPage_free, 1)]] [[gnu::returns_nonnull]]
struct HeapPage* HeapPage_alloc();
[[gnu::access(read_write, 1, 3)]]
struct RecordID
HeapPage_insert_record(struct HeapPage* page, const char* record,
uint32_t record_length);
That's quite a significant bit of annotation-noise tacked on to the
function, so
I wanted to be sure it's worth the investment!
Thank you =)
Gavin Ray
