Help: static code anaylis

David Brown
Wed May 13 21:07:16 GMT 2020

On 13/05/2020 19:51, Kunal Chauhan via Gcc-help wrote:
> I have am not able to compile my binary,
> Will still can i do some static ayalysis ?

You can certainly get /some/ useful results even without generating a 
finished binary.  You need to be able to compile the files you want to 
check, however.

As well as using warnings (-Wall -Wextra is a reasonable start, but you 
should pick more based on the code in question - read through the list 
in the gcc manual), make sure you enable optimisation of at least -O1, 
preferably -O2.  The compiler will then do more analysis, and can give 
more useful warnings.

If you can't get enough from gcc, you can also try clang's tools - they 
can be better in some ways.  (I hope that is not considered blasphemy on 
this list!)  Beyond that, there are a variety of tools available - but 
they are mostly very niche, very expensive, or very outdated.

> On 13 May 2020 11:18 p.m., "Jonathan Wakely" <> wrote:
> On Wed, 13 May 2020 at 17:57, Kunal Chauhan via Gcc-help
> <> wrote:
>> Hi team
>> I want my source file of c to be checked for code violations and null
> check
>> etc.
> Make sure you're compiling with warnings turned on.
>> As from logs crash is coming.
> As Dan K. said, you'll probably get more reliable results from dynamic
> instrumentation. Try using -fsanitize=undefined and/or
> -fsanitize=address. Try using valgrind (not at the same time as
> -fsantiize=address).

More information about the Gcc-help mailing list