C/C++ check tools

c-cpp-check-tools.md

• cppcheck --enable all ./*

• valgrind --tool=memcheck --leak-check=full --show-reachable=yes --track-origins=yes ./a.out

• clang

  • sudo apt-get install clang
  • cd <c4_dir>
  • make clean
  • scan-build -V make

• splint ./*.c

• rats ./*.c

• canary detection

  • gcc ... -fstack-protector -fstack-protector-all
  • gcc ... -fmudflap -fmudflapth -fmudflapir
    • For front-ends that support it (C and C++), instrument all risky pointer/array dereferencing operations, some standard library string/heap functions, and some other associated constructs with range/validity tests. Modules so instrumented should be immune to buffer overflows, invalid heap use, and some other classes of C/C++ programming errors. The instrumentation relies on a separate runtime library (libmudflap), which will be linked into a program if -fmudflap is given at link time. Run-time behavior of the instrumented program is controlled by the MUDFLAP_OPTIONS environment variable. See "env MUDFLAP_OPTIONS=-help a.out" for its options. Use -fmudflapth instead of -fmudflap to compile and to link if your program is multi-threaded. Use -fmudflapir, in addition to -fmudflap or -fmudflapth, if instrumentation should ignore pointer reads. This produces less instrumentation (and therefore faster execution) and still provides some protection against outright memory corrupting writes, but allows erroneously read data to propagate within a program.