Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8362516

Support of GCC static analyzer (-fanalyzer)

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Unresolved
    • Icon: P4 P4
    • None
    • 25, 26
    • infrastructure
    • None
    • generic
    • linux

      Recent versions of GCC have a static code analyzer option (-fanalyzer) that works quite well for C code (has still some issues with C++).
      This can be used to identify e.g. some leaks like memory leaks, double close, use of uninitialized data etc. .
      Some info about it :

      https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html
      https://developers.redhat.com/articles/2023/05/31/improvements-static-analysis-gcc-13-compiler

      We can set this flag (-fanalyzer) for C compilation units (--with-extra-cflags=-fanalyzer ).
      but this has still a few issues :

      - the -fanalyzer flag goes also into the test C coding, not sure if this makes much sense
      Example :
      /jdk/test/hotspot/jtreg/runtime/ErrorHandling/libTestDwarfHelper.h:46:6: error: dereference of NULL '0' [CWE-476] [-Werror=analyzer-null-dereference]

      - we fail rather early in the build because of the found analyzer issues, to see all findings we have to disable warnings as errors; should we maybe have ***one*** configure flag doing both ?

      - some analyzer warnings like analyzer-fd-leak or analyzer-null-dereference (see libTestDwarfHelper.h:46) might be intended coding or a bit misleading, so we might need to disable some warnings

            Unassigned Unassigned
            mbaesken Matthias Baesken
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: