[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: static analyzers
From: |
Bruno Haible |
Subject: |
Re: static analyzers |
Date: |
Mon, 05 Apr 2021 17:02:38 +0200 |
User-agent: |
KMail/5.1.3 (Linux/4.4.0-206-generic; KDE/5.18.0; x86_64; ; ) |
Marc Nieper-Wißkirchen wrote:
> Coverity seems to be a good tool.
Yes, it has found a number of mistakes in Gnulib code (handle leaks,
memory leaks, use-after-free bugs, invalid free()), partially in really
complex code that a human cannot easily review.
> I haven't yet tested GCC's new static analyzer.
In GCC 10, the static analyzer has so many false positives that, on a
codebase as mature a gnulib, it was a waste of time to use it. Let's
see how it evolves in future GCC versions. It may be reasonable on
first-year students' code, though — I haven't tried that.
Bruno
Re: [PATCH] hamt: New module., Bruno Haible, 2021/04/05