This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GCC static analysis branch now available on Compiler Explorer

From: David Malcolm <dmalcolm at redhat dot com>
To: gcc at gcc dot gnu dot org
Date: Tue, 10 Dec 2019 10:46:59 -0500
Subject: GCC static analysis branch now available on Compiler Explorer

For the adventurous/curious, my static analyzer branch of GCC [1] is
now available on Compiler Explorer (aka godbolt.org) so you can try it
out without building it yourself.  [Thanks to Matt Godbolt, Patrick
Quist and others at the Compiler Explorer project]

On https://godbolt.org/ within the C and C++ languages, select
  "x86-64 gcc (static analysis)"
as the compiler (though strictly speaking only C is in-scope right
now).  It's configured to automatically inject -fanalyzer (just on this
site; it isn't the default in the branch).

Some precanned examples:
  * various malloc issues: https://godbolt.org/z/tnx65n
  * stdio issues: https://godbolt.org/z/4BP-Tj
  * fprintf in signal handler: https://godbolt.org/z/ew7mW6
  * tainted data affecting control flow: https://godbolt.org/z/3v8vSj
  * password-leakage: https://godbolt.org/z/pRPYiv
(the non-malloc examples are much more in "proof-of-concept" territory)

Would it make sense to add an "analyzer" component to our bugzilla,
even though this is still on a branch? (with me as default assignee)

Dave

[1] https://gcc.gnu.org/wiki/DavidMalcolm/StaticAnalyzer

Follow-Ups:
- Re: GCC static analysis branch now available on Compiler Explorer
  - From: Marek Polacek
- Re: GCC static analysis branch now available on Compiler Explorer
  - From: Martin Sebor

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]