[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: static analyzers

From: Bruno Haible
Subject: Re: static analyzers
Date: Mon, 05 Apr 2021 17:02:38 +0200
User-agent: KMail/5.1.3 (Linux/4.4.0-206-generic; KDE/5.18.0; x86_64; ; )

Marc Nieper-Wißkirchen wrote:
> Coverity seems to be a good tool.

Yes, it has found a number of mistakes in Gnulib code (handle leaks,
memory leaks, use-after-free bugs, invalid free()), partially in really
complex code that a human cannot easily review.

> I haven't yet tested GCC's new static analyzer.

In GCC 10, the static analyzer has so many false positives that, on a
codebase as mature a gnulib, it was a waste of time to use it. Let's
see how it evolves in future GCC versions. It may be reasonable on
first-year students' code, though — I haven't tried that.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]