GCC gets a static analyzer
Static source code analysis tool for C and C++ code
Brought to you by:
danielmarjamaki
Menu
▾
▴
It looks like GCC gets a static analyzer this year.
As far as I understand it is only available for C code at the beginning.
Some interesting links with more info:
News from Phoronix:
https://phoronix.com/scan.php?page=news_item&px=GCC-Static-Analysis-RH-Patches
Post in the GCC mailing list about the static analysis patches:
https://gcc.gnu.org/ml/gcc-patches/2019-11/msg01543.html
GCC analyzer options:
https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html
German article where I first read it:
https://www.pro-linux.de/news/1/27721/gcc-erh%C3%A4lt-statische-code-analyse.html
That is great news! I have somehow heard about it before. Hope it will be useful. I think there is definitely room for one more tool and they can probably detect bugs that cppcheck+clang+etc does not detect.
AFAIK it is not yet released (still beta) but already helped to find a critical issue in OpenSSL: https://www.openssl.org/news/secadv/20200421.txt
OpenSSL 1.1.1f still contains the issue, at least daca@home seems to not find it: http://cppcheck1.osuosl.org:8000/openssl
Commit with fix: https://github.com/openssl/openssl/commit/a87f3fe01a5a894aa27ccd6a239155fd129988e4
Last edit: versat 2020-04-22
Good stuff! 👍
Pretty cool. Do you know, are there already prebuilt binaries of GCC available?
I do not know. At least I did not stumble about any binaries yet.
There is a snapshot package available here: https://launchpad.net/ubuntu/+source/gcc-snapshot/1:20200418-1ubuntu1 . The upcomming Ubuntu 20.04 ships it, therefore we can give it a try :-)