Drew Parsons <dpars...@debian.org> writes:
> On 2020-05-23 14:49, Drew Parsons wrote:
>> On 2020-05-23 14:18, Jed Brown wrote:
>>
>>> I wonder if you are aware of any static analysis tools that can
>>> flag implicit conversions of this sort:
>>>
>>> int64_t n = ...;
>>> for (int32_t i=0; i<n; i++) {
>>> ...
>>> }
>>>
>>> There is -fsanitize=signed-integer-overflow (which generates a runtime
>>> error message), but that requires data to cause overflow at every
>>> possible location.
>>
>> I'll ask the Debian gcc team and the Science team if they have ideas
>> about this.
>>
>
>
> Hi Jed, Thomas Schiex from Debian Science has replied to this question,
> suggesting clang-static-analyzer or lgtm:
>
> For open source projects, a few online static analyzers are available
> and usable for free. This kind of integer type mismach will be caught by
> most of them. Possibly clang-static-analyzer will do the job.
I had tried this first, but I think it requires significant work to implement.
> Otherwise, an easy one is lgtm for example. See https://lgtm.com/
This looks interesting, but it isn't obvious how to implement this sort
of check in their language. They have a bunch of examples, but they
seem simpler.
