Help: static code anaylis
David Brown
david.brown@hesbynett.no
Thu May 14 09:55:01 GMT 2020
Let's split this in two.
First, gcc supports /lots/ of warning options:
<https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>
(The links I'm giving are to the current gcc version - you can find the
right page for your particular gcc version on the same site.)
Some of these will be relevant to you, some not. For example, if the
code is for running on a small embedded system, you might want
"-Wdouble-promotion" enabled (I use that one in most of my projects).
If you are targetting a PC, it will be irrelevant.
If you are writing portable code, -Wpedantic could be useful (in
combination with an appropriate -std option). If the code will always
compile with gcc, it's less helpful.
-Wall and -Wextra give a reasonable starting point for many people, and
then you fine-tune other options on or off to get the best you can for
your own code.
Secondly, the compiler can do more extensive static analysis if it has
formed a better view of the code. With no optimisation, -O0, the
compiler runs quickly and has little tracking of ranges,
inter-procedural data, constant propagation, etc. With -O2, it does a
good deal of this work - and the same information gathered for
optimisation can be used for more comprehensive warnings.
Once you get code that builds into a running program, you should also
look at run-time analysis - especially the "sanitize" options:
<https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html>
mvh.,
David
On 14/05/2020 10:36, Kunal Chauhan wrote:
> what exactly you mean by below lines
> "
> should pick more based on the code in question - read through the list
> in the gcc manual), make sure you enable optimisation of at least -O1,
> preferably -O2. The compiler will then do more analysis, and can give
> more useful warnings. "
>
> On Thu, May 14, 2020 at 2:37 AM David Brown <david.brown@hesbynett.no
> <mailto:david.brown@hesbynett.no>> wrote:
>
> On 13/05/2020 19:51, Kunal Chauhan via Gcc-help wrote:
> > I have am not able to compile my binary,
> > Will still can i do some static ayalysis ?
>
> You can certainly get /some/ useful results even without generating a
> finished binary. You need to be able to compile the files you want to
> check, however.
>
> As well as using warnings (-Wall -Wextra is a reasonable start, but you
> should pick more based on the code in question - read through the list
> in the gcc manual), make sure you enable optimisation of at least -O1,
> preferably -O2. The compiler will then do more analysis, and can give
> more useful warnings.
>
> If you can't get enough from gcc, you can also try clang's tools - they
> can be better in some ways. (I hope that is not considered
> blasphemy on
> this list!) Beyond that, there are a variety of tools available - but
> they are mostly very niche, very expensive, or very outdated.
>
>
> >
> > On 13 May 2020 11:18 p.m., "Jonathan Wakely"
> <jwakely.gcc@gmail.com <mailto:jwakely.gcc@gmail.com>> wrote:
> >
> > On Wed, 13 May 2020 at 17:57, Kunal Chauhan via Gcc-help
> > <gcc-help@gcc.gnu.org <mailto:gcc-help@gcc.gnu.org>> wrote:
> >>
> >> Hi team
> >>
> >> I want my source file of c to be checked for code violations and
> null
> > check
> >> etc.
> >
> > Make sure you're compiling with warnings turned on.
> >
> >> As from logs crash is coming.
> >
> > As Dan K. said, you'll probably get more reliable results from
> dynamic
> > instrumentation. Try using -fsanitize=undefined and/or
> > -fsanitize=address. Try using valgrind (not at the same time as
> > -fsantiize=address).
> >
>
>
>
> --
> /*Thanks with Regards!*/
> /*
> /*
> */
> Kunal Chauhan*/
> /*Mob:09813614826*/
> /*Mob:08860397903*/
> /*E-mail:atkunalchauhan@gmail.com
> <mailto:E-mail%3Aatkunalchauhan@gmail.com>*
> /
>
More information about the Gcc-help
mailing list