What does Coverity/clang static analysis actually do?

Leandro Lucarella llucax at gmail.com
Thu Oct 1 12:24:00 PDT 2009 

Walter Bright, el  1 de octubre a las 11:21 me escribiste:
> I've been interested in having the D compiler take advantage of the
> flow analysis in the optimizer to do some more checking. Coverity
> and clang get a lot of positive press about doing this, but any
> details of exactly *what* they do have been either carefully hidden
> (in Coverity's case) or undocumented (clang's page on this is
> blank). All I can find is marketing hype and a lot of vague
> handwaving.

Clang is still in development. It will be released with LLVM in the
upcoming 2.6 version for the first time. The C and objective C support is
supposed to be fairly mature though, but I guess documenting the static
analyzer is not very high in their priority list (maybe this will change
after the release).

You can ask in the Clang ML, Clang developers (and LLVM in general) are
very receptive.

> 1. Optimizer discovers it, but ignores the information. Due to the
> recent thread on it, I added a report for it for D (still ignored
> for C). The downside is I can no longer use *cast(char*)0=0 to drop
> me into the debugger, but I can live with that as assert(0) will do
> the same thing.

There are breakpoints too, you know? =P

> There's a lot of hoopla about these static checkers, but I'm not
> impressed by them based on what I can find out about them. What do
> you know about what these checkers do that is not on this list? Any
> other kinds of checking that would be great to implement?
> 
> D's dead code checking has been an encouraging success, and I think
> people will like the null dereference checks. More along these lines
> will be interesting.

You can take a look at sparse too. AFAIK is used by the Linux kernel:
http://www.kernel.org/pub/software/devel/sparse/

And Cppcheck:
http://sourceforge.net/apps/mediawiki/cppcheck/index.php?title=Main_Page

There is a list of tools at Wikipedia too:
http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis


-- 
Leandro Lucarella (AKA luca)                      http://llucax.com.ar/
----------------------------------------------------------------------
GPG Key: 5F5A8D05 (F8CD F9A7 BF00 5431 4145  104C 949E BFB6 5F5A 8D05)
----------------------------------------------------------------------
They love me like I was a brother
They protect me, listen to me
They dug me my very own garden
Gave me sunshine, made me happy

Nice dream, nice dream
Nice dream

More information about the Digitalmars-d mailing list