
Static Analysis in GCC 10 - Tomte
https://developers.redhat.com/blog/2020/03/26/static-analysis-in-gcc-10/
======
thingsgoup
Author.. if you’re here... this is awesome, great job. Putting this on my list
of stuff to dig into today. I’ve been doing a lot of thinking about this exact
concept and it’s impressive to read about the legwork you’ve put into this. I
think there’s so much room to grow in terms of implementing effective static
analysis in the toolchains and this seems like a great way to expand an
already powerful tool instead of just reinventing the wheel

------
choeger
Hmm, I wonder what the theoretical foundation is. Looks like you are searching
for counter examples to a set of assertions. How general/expressive is the
language you describe these assertions in? How do you implement the search?

------
glouwbug
Wouldn't it make more sense for -fanalyze to work like a rust borrow checker?

~~~
AlotOfReading
No, because C's memory model is freer than Rust's. E.g. it's perfectly legal
for memory to have multiple owners, as long as you respect the rules around
accessing and freeing it.

~~~
glouwbug
Yes but a static analyzer could enforce _new_ projects to maintain single
ownership model, which could push C and its existing tools closer to Rust.

A borrow checker for C is totally feasible as it is just compile time analysis
of object lifetime. Something like gcc -fborrow-check would prop up C to safe
new heights.

~~~
Gaelan
If you're writing new C, why wouldn't you write C++ or Rust? I think part of
why Rust's borrow checker works so well is because its support for higher-
level abstraction is so good; my impression is that manual iteration and
general array munging is pretty hard to do in Rust (especially without runtime
checks), but that doesn't matter because the iterator abstraction is so good.
It'd be pretty hard to build something like Rust's iterators in C.

~~~
glouwbug
C is still prevalent in embedded systems. Something like a clean slate strong
type checker to remove C's weak type checking would be greatly appreciated for
those who mainly work in IOT where C++ is already treated like C with classes.

