top | item 37679666

(no title)

scscsc | 2 years ago

Having some experience in this field, I can say that all of the tools presented on the webpage are very lightweight static analyzers. They are all based on processing the syntax tree and they which will detect things like uninitialized variables, or do style checks.

"Real" static analyzers, which are more useful, are based on symbolic execution and abstract interpretation and they will uncover more interesting classes of errors, like double frees, out of bounds array access, etc.

Note that all analyzers will have FPs and FNs, because the underlying problem is uncomputable.

The best open source "real" static analyzer overall for C++ is the Clang static analyzer. There are many commercial analyzers available, and most C++ shops will use one or more of these.

discuss

chc4|2 years ago

clang-tidy is mentioned in the blog post, and what I personally use - it does do control flow and dataflow analysis to find double frees or missing frees from any possible program trace (though doesn't do any interprocedural analysis, for hopefully obvious reasons).

flohofwoe|2 years ago

AFAIK clang-tidy is a superset of clang static analyzer nowadays.

E.g. quote from the documentation page (https://clang.llvm.org/extra/clang-tidy/):

    clang-tidy has its own checks and can also run Clang Static Analyzer checks.