top | item 38024630

(no title)

NLips | 2 years ago

Has anyone found a static analysis tool which understands C11 annex K (aka “safe C”) functions? I’ve found some tools like CLANG static analysis will raise errors for potentially incorrect calls to stdlib C functions, but doesn’t understand the replacements, which means some errors previously caught by analysis can only be caught at runtime.

discuss

bierjunge|2 years ago

Annex K is optional and the only compiler I'm aware of implementing it is MSVC (and only Microsoft wanted that in the standard), so the support for it will be nonexistent in "normal" tooling. If you need it, check if MS has something.

lelanthran|2 years ago

> Annex K is optional and the only compiler I'm aware of implementing it is MSVC (and only Microsoft wanted that in the standard),

And to rub salt into the wound, the Annex K functions supplied with MSVC are non-conforming to the standards Annex K functions, which were also pushed hard by Microsoft, which make them kinda doubly pointless: you use them and make code that is neither portable to another compiler nor conforming to the standard :-/

rurban|2 years ago

I've implemented _FORTIFY_SOURCE=3 like checks with safeclib, the Annex K library. Compile-time and run-time