-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've been looking for static code analysis tools for a while, and the
only real free tools I've found are rats and flawfinder. The other
stuff is... not very useful. Either incomplete, reliant on non-free
parts, reliant on Java (not GNU classpath, but
pain-in-the-ass-to-get-working Java), or otherwise just not worth my time.
The kinds of things I'm looking for are code coverage and memory safety
(buffer overflows, double free()s, memory leaks), not sure on anything
else. There are a lot of "would be nice" things that aren't likely to
happen, like finding long loops and code paths (isn't this akin to the
halting problem) so as to pretend static profiling can be done.
The only thing I can think of at this point is somewhere in process
someone working on OpenBSD has got to have found a good set of tools.
Manual audits take time; static analysis tools get potential issues to
the front of your attention so you can check those areas first before
continuing with a deep analysis.
Anything out there that's really good that I should know about?
- --
We will enslave their women, eat their children and rape their
cattle!
-- Bosc, Evil alien overlord from the fifth dimension
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBRTEXQgs1xW0HCTEFAQK3IA/8Dj9EMWLX0d8/+hXEpruVb+iOJaTSpC34
8/6psFkko/wzrpL1J+Jtsl9VOaKfhnwSCVgYiYBAStyd9pMUNv7yEgjowqen/ZZ2
esTiWUJMfgwbLncVoARqhOiycQRntD9ktBPv2r3yh0xdqluB2X7Uz3zcwBtGeFV5
b2lPkmsj6swZ/3DJ7L258Q+dvu+AQ4iXkqRsB54TqGgJT1DkT56f1bX3sh3GNduf
FcijBYNAfwMchhGmOw820EctNMZ6KEVnk4vhvw9wWIvnJiw79vPEYgOAbm0RFW8m
6BuY5IzvJfi87Gq0e9uFeGCSAi9bvrpzAO/si0lyW7U5dXWQf/Tyy7hEkNSmjcgj
cHn4n6Ms+ByNOx7rNMjrfqvH5ZqNozEmGVGBAL1eiXmT87R8dkKPGflFoQ9JL4AK
CWZgffIKSJXvturDhm2Lh/OChEpJZL63jFo6gDbsb65rGKUuS0I68RmztttGmXFn
C16nBlwv0Sf4aiolrAA/yH8ga8mljtz7k4iOznwXRu0bjen+Qg3H7wgpH6B0B1DL
91St6ECOk0E6Bmqxyog91p9H5T+x1H45/yOM++25XkwKYx4m6Anm9PEj2cvEvz6G
M4b4R6ZhlpBiAa38ilZYwVyLKRuhMAl+xDmhOyzI3buL+6MXMwZwJHi7+4fNmru6
lGvvUuS2sK8=
=CHxa
-----END PGP SIGNATURE-----
