Re: Question about static code analysis features in GCC

2011-04-12 Thread Jeff Law
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/12/11 13:33, Hargett, Matt wrote: > Hey Sarah, > > Many array bounds and format string problems can already be found, especially > with LTO, ClooG, loop-unrolling, and -O3 enabled. Seeing across object-file > boundaries, understanding loop bou

RE: Question about static code analysis features in GCC

2011-04-12 Thread Hargett, Matt
Hey Sarah, Many array bounds and format string problems can already be found, especially with LTO, ClooG, loop-unrolling, and -O3 enabled. Seeing across object-file boundaries, understanding loop boundaries, and aggressive inlining allows GCC to warn about a lot of real-world vulnerabilities. W

Re: Question about static code analysis features in GCC

2011-04-12 Thread Richard Guenther
On Tue, Apr 12, 2011 at 10:00 AM, sa...@hederstierna.com wrote: > Hi > > Richard, I've implemented a simple nop-pass as you described and are now > investigating a path forward for static code analysis. > I'm trying to modify eg. cp-pass to be able to call these workers from my > analysis pass.

RE: Question about static code analysis features in GCC

2011-04-12 Thread sa...@hederstierna.com
milar? Thanks and Best Regards /Fredrik From: Richard Guenther [richard.guent...@gmail.com] Sent: Wednesday, February 16, 2011 11:17 To: sa...@hederstierna.com Cc: gcc@gcc.gnu.org Subject: Re: Question about static code analysis features in GCC On Wed, Feb 16, 2011 at 8:54 AM, sa...@

Re: Question about static code analysis features in GCC

2011-02-16 Thread Richard Guenther
o be able to be called from the static analysis pass directly instead of trying to make them "passes without code-gen". Richard. > > Thanks and Best Regards > /Fredrik > > From: Richard Guenther [richard.guent...@gmail.com] > Sen

RE: Question about static code analysis features in GCC

2011-02-16 Thread sa...@hederstierna.com
r [richard.guent...@gmail.com] Sent: Sunday, February 13, 2011 10:54 To: sa...@hederstierna.com Cc: gcc@gcc.gnu.org Subject: Re: Question about static code analysis features in GCC On Sun, Feb 13, 2011 at 2:34 AM, sa...@hederstierna.com wrote: > Hi > > I would like to have some advice regardin

Re: Question about static code analysis features in GCC

2011-02-13 Thread Richard Guenther
On Sun, Feb 13, 2011 at 2:34 AM, sa...@hederstierna.com wrote: > Hi > > I would like to have some advice regarding static code analysis and GCC. > I've just reviewed several tools like Klocwork, Coverity, CodeSonar and > PolySpace. > These tools offer alot of features and all tools seems to find

Question about static code analysis features in GCC

2011-02-12 Thread sa...@hederstierna.com
Hi I would like to have some advice regarding static code analysis and GCC. I've just reviewed several tools like Klocwork, Coverity, CodeSonar and PolySpace. These tools offer alot of features and all tools seems to find different types of defects. The tool that found most bugs on our code was