Help: static code anaylis
David Brown
david.brown@hesbynett.no
Wed May 13 21:07:16 GMT 2020
On 13/05/2020 19:51, Kunal Chauhan via Gcc-help wrote:
> I have am not able to compile my binary,
> Will still can i do some static ayalysis ?
You can certainly get /some/ useful results even without generating a
finished binary. You need to be able to compile the files you want to
check, however.
As well as using warnings (-Wall -Wextra is a reasonable start, but you
should pick more based on the code in question - read through the list
in the gcc manual), make sure you enable optimisation of at least -O1,
preferably -O2. The compiler will then do more analysis, and can give
more useful warnings.
If you can't get enough from gcc, you can also try clang's tools - they
can be better in some ways. (I hope that is not considered blasphemy on
this list!) Beyond that, there are a variety of tools available - but
they are mostly very niche, very expensive, or very outdated.
>
> On 13 May 2020 11:18 p.m., "Jonathan Wakely" <jwakely.gcc@gmail.com> wrote:
>
> On Wed, 13 May 2020 at 17:57, Kunal Chauhan via Gcc-help
> <gcc-help@gcc.gnu.org> wrote:
>>
>> Hi team
>>
>> I want my source file of c to be checked for code violations and null
> check
>> etc.
>
> Make sure you're compiling with warnings turned on.
>
>> As from logs crash is coming.
>
> As Dan K. said, you'll probably get more reliable results from dynamic
> instrumentation. Try using -fsanitize=undefined and/or
> -fsanitize=address. Try using valgrind (not at the same time as
> -fsantiize=address).
>
More information about the Gcc-help
mailing list