GCC Static Analyzer
caution
Static analyzer are not magic, they will not catch all errors and can report false positives.
info
Since its version 10, GCC has a static analyzer that can be enabled with the -fanalyzer
flag.
It can find issues such as:
- Double free
- Use after free
- Source leaks
- Uninitialized value
More features can be toggled o or off to reduce the compilation time increase or hide false positive, like a taint mode to track untrusted variables. For a list of all options, refer to the GCC manual.
On average, your compilation time will increase by 2x.