This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
GCC static analysis branch now available on Compiler Explorer
- From: David Malcolm <dmalcolm at redhat dot com>
- To: gcc at gcc dot gnu dot org
- Date: Tue, 10 Dec 2019 10:46:59 -0500
- Subject: GCC static analysis branch now available on Compiler Explorer
For the adventurous/curious, my static analyzer branch of GCC [1] is
now available on Compiler Explorer (aka godbolt.org) so you can try it
out without building it yourself. [Thanks to Matt Godbolt, Patrick
Quist and others at the Compiler Explorer project]
On https://godbolt.org/ within the C and C++ languages, select
"x86-64 gcc (static analysis)"
as the compiler (though strictly speaking only C is in-scope right
now). It's configured to automatically inject -fanalyzer (just on this
site; it isn't the default in the branch).
Some precanned examples:
* various malloc issues: https://godbolt.org/z/tnx65n
* stdio issues: https://godbolt.org/z/4BP-Tj
* fprintf in signal handler: https://godbolt.org/z/ew7mW6
* tainted data affecting control flow: https://godbolt.org/z/3v8vSj
* password-leakage: https://godbolt.org/z/pRPYiv
(the non-malloc examples are much more in "proof-of-concept" territory)
Would it make sense to add an "analyzer" component to our bugzilla,
even though this is still on a branch? (with me as default assignee)
Dave
[1] https://gcc.gnu.org/wiki/DavidMalcolm/StaticAnalyzer