This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

GCC static analysis branch now available on Compiler Explorer

From: David Malcolm <dmalcolm at redhat dot com>

To: gcc at gcc dot gnu dot org

Date: Tue, 10 Dec 2019 10:46:59 -0500

Subject: GCC static analysis branch now available on Compiler Explorer

For the adventurous/curious, my static analyzer branch of GCC [1] is now available on Compiler Explorer (aka godbolt.org) so you can try it out without building it yourself. [Thanks to Matt Godbolt, Patrick Quist and others at the Compiler Explorer project] On https://godbolt.org/ within the C and C++ languages, select "x86-64 gcc (static analysis)" as the compiler (though strictly speaking only C is in-scope right now). It's configured to automatically inject -fanalyzer (just on this site; it isn't the default in the branch). Some precanned examples: * various malloc issues: https://godbolt.org/z/tnx65n * stdio issues: https://godbolt.org/z/4BP-Tj * fprintf in signal handler: https://godbolt.org/z/ew7mW6 * tainted data affecting control flow: https://godbolt.org/z/3v8vSj * password-leakage: https://godbolt.org/z/pRPYiv (the non-malloc examples are much more in "proof-of-concept" territory) Would it make sense to add an "analyzer" component to our bugzilla, even though this is still on a branch? (with me as default assignee) Dave [1] https://gcc.gnu.org/wiki/DavidMalcolm/StaticAnalyzer