Goanna Static Analysis by Red Lizard Software

Goanna version 1.2 has been released. Download it now.

The major change is More Checks, in fact 40% more than were previously available in v1.1. Over the next few months we will continue to add new checks with each release. You can expect to see up to 100 additional high quality checks within the coming 6 months, which as usual will be free for all existing customers. Additionally, should you require a 30 day Trial Extension for your version 1.2 update please complete this trial extension request form.

We are also very pleased to announce the Beta release of Goanna for Command Line. This new command line version enables more flexibility and freedom for those wishing to integrate our powerful C/C++ static analyzer into their own development process. The Beta is currently available for Linux users and a version for Windows users is scheduled to be available in May. Linux users can now access a fully gcc-compatible solution integrated with over 60 classes of flow-sensitive quality checks to detect critical bugs as early as possible in the development cycle.

Inter-procedural analysis is also well under way, so stay tuned for a public Beta release soon!

We’re proud to have been selected for simultaneous shipment of our Goanna static analysis extension with Microsoft Visual Studio 2010. Here is a short introductory video demonstrating our Visual Studio 2010 integration, and we’re on schedule for April release:

We have some further news regarding recent developments (more high quality checks being one) and we’ll be posting more information next week.

Goanna for Visual Studio 1.1 has been released. Download  it now. Changes include:

Fixed a constructor initialization false positive.

Fixed several unused variable false positives related to complex types in C++.

Include paths can now end in a backslash.

Accelerator keys: Alt+F1 (run Goanna on the Solution) and Alt+F2 (Run Goanna on the active project).

Several new checks, including:

Comparison never holds

Comparison always holds

Switch case is unreachable

Expanded the interval analysis.

Checks are now organized by category in the settings dialog.

Underlining (”Squiggles”) of warning-relevant code in the Visual Studio text editor.

Statistics page for monitoring Goanna’s progress.

Analysis of assert() statements for variable bounds.

Improved traces.

Much more internal work has been done, laying the groundwork for inter-procedural analysis and user-defined checks. Visual Studio 2010 support is well underway.

Goanna for Visual Studio is out of beta. Version 1.0 is available for download now, for both Visual Studio 2008 and 2005. You can also watch a short introductory video on using Goanna here.

To make Goanna fast enough for the desktop, we have to keep our control flow models simple. In the past we combined short-circuit operators in our models into single events, which means we missed some bugs. But some new tricks mean we can have finer-grained control flow models.
(more…)

Pascal Cuoq made an interesting comment on my last post about C developers accidentally writing “==” in OCaml when they meant to use “=”. It reminds me of a similar issue I run into, when I am writing in OCaml but thinking in Haskell, and I am confronted with a value of type:

   'a option list

(more…)

We have a set of end-to-end tests that run on Goanna every night. This ensures that our commits during the day don’t break our development tree too badly.

Here is one of those tests. It was producing a strange result.

void example(void) {
  int *x;
  x = malloc(sizeof(int));
  free(x);
  if (rand()) {
    x = malloc(sizeof(int));
  }

  *x++;
}

(more…)

The gcc compiler supports several “attributes” that you can tag a function with. The semantics of those attributes is described informally and, indeed, gcc doesn’t check that they attributes are observed. In other words, the attributes are just decorative, and really have no semantics at all.

(more…)