This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Suspicion of regression in uninitialized value detection
On Tue, 2011-12-06 at 16:40 +0100, David Brown wrote:
> On 06/12/2011 16:27, Robert Dewar wrote:
> > On 12/6/2011 10:18 AM, David Brown wrote:
> >
> >> Unfortunately, there are no such tools available that compare with gcc
> >> and its warnings.
> >
...
> And there are large, expensive commercial tools that can do better (in
> some ways at least) than gcc - but nothing open source.
...
> The other recent new feature to gcc that opens potential for better
> static analysis is plugins.
Shameless plug: my Python plugin for GCC [1] has an example static
analysis library "libcpychecker", which does attempt to track every path
through a function, and does some primitive tracking of usage of
uninitialized values (see [2]).
However, that code is very immature, given that I'm essentially doing a
bad reimplementation of value-range-propagation in Python (see the long
list of caveats on that page), plus a lot of rules and hints about the
behaviors of the API that I care about (which allows analysis of
callsites to be smarter, somewhat similar to what LTO might allow).
Though that code is really more about detection of reference-counting
errors (which has shaped my implementation decisions), and it's been
good enough to find quite a few real bugs [3]... hidden in the noise of
the slowly-decreasing false-positives...
FWIW, that library may be extensible, so that we could teach it about
other APIs, but that's probably off-topic for this list; see [4]
Dave
[1] https://fedorahosted.org/gcc-python-plugin/
[2]
http://gcc-python-plugin.readthedocs.org/en/latest/cpychecker.html#error-handling-checking
[3] http://gcc-python-plugin.readthedocs.org/en/latest/success.html
[4] https://fedorahosted.org/mailman/listinfo/gcc-python-plugin/