
Red Hat's David Malcolm has proposed a set of 49 patches that appear to be fairly robust and the most we have seen out of GCC static analysis capabilities to date.
This GCC static analysis framework can easily report use after free errors, double frees, and other common C coding issues that are detectable via static analysis. The implementation is quite interesting and opens the doors for GCC a lot but in using this --analyzer pass roughly doubles the compile times.
This GCC static analysis framework comes in at around forty-two thousand lines of code. The work in more detail can be found on the GCC mailing list.
Given the timing, however, it's becoming tight to see this reviewed and merged in time for GCC 10 so more than likely it would be delayed a year for GCC 11.
19 Comments