Static code analysis with Clang
The Clang Static Analyzer is a program that uses the llvm compiler to perform static code analysis in C and objective-C programs.
A very nice feature of this analyzer is that it is not intrusive with the development procedures of our packages. It does not require the maintainer to implement any extra logic in the build system. A provided 'scan-build' script is able to "intercept" the calls to the GNU compiler on source files, and internally invokes the analyzer.
For example:
$ scan-build -o DIR gcc -o foo foo.c
executes the compilation command to build 'foo' and then runs the static analyzer in the foo.c source file. An html report containing the results of the analysis is created in the directory 'DIR'. The report is generated only if some bug is detected. The generated html report is quite readable, clearly marking the execution paths leading to errors.
The parameter to 'scan-build' can be any command, so in order to analyze the code of a typical GNU package we could launch:
$ scan-build -o DIR ./autogen.sh $ scan-build -o DIR ./configure $ scan-build -o DIR make
Regarding the supported static analysis checks, they include the detection of dereference of null pointers, identification of dead code, detection of useless assignments, unused return values, etc.
As an example you can take a look to the report generated from the analysis of the GNU PDF library here. The report is automatically generated in a daily period as part of our effort in continuous integration (there are pointers to more generated reports in the "Quality" section of the library development page if you are interested).
You can find another example of a generated report, this time for libxml2, here.
Many thanks to Jim Meyering for pointing out the existence of this analyzer. He said: ''If you're not using its "scan-build" tool, then start. Right now. Really. It's that good.''
I absolutely agree with him :)