[cfe-dev] GSOC Static Analyzer Proposal

Jeffrey Walton noloader at gmail.com
Wed Apr 10 14:40:56 PDT 2013

On Wed, Apr 10, 2013 at 5:07 PM, Adam Schnitzer <adamschn at umich.edu> wrote:
> John and Sean,
> Thank you very much for the feedback. I have a better idea of scope and
> where to focus.
> John, I think you're absolutely right, with -fsanitize=undefined and others,
> more behavior is being caught at runtime/compile time. I will start working
> on a list of behaviors for which no diagnostics currently exist, and select
> a subset to focus on.
My apologies for stepping in and bike shedding: I would really enjoy
something for 'implementation defined' behaviors also. Its not always
portable, and I find it to be a key indicator of code quality.

Perhaps another switch would be in order(-fsanitzie=implementation)?


> On Wed, Apr 10, 2013 at 1:54 PM, John Regehr <regehr at cs.utah.edu> wrote:
>>> I would like to work on improving support for C++ in the static analyzer.
>>> Specifically, I think it
>>> would be valuable to improve the checkers for undefined behavior
>>> including those already suggested.
>> I'd be happy to provide feedback on a more specific version of this part
>> of the proposal.
>> In particular, a useful starting point (maybe this already exists?) would
>> be a list of all C/C++ undefined behaviors broken down by whether
>> Clang/LLVM...
>> - can reliably provide a compile-time diagnostic
>> - can reliably provide a runtime diagnostic
>> - cannot provide any diagnostic, but implements a predictable behavior
>> - cannot provide any diagnostic and also implements unpredictable behavior
>> Obviously the last category is the interesting place for future work.

More information about the cfe-dev mailing list