-2

Suppose in my Code i use something like this 

int iLen = 0;
    char *sTmpStr;

strcpy(sTmpStr, "abc");

now i have not alloted any address to pointer. so is there any option in gcc that will show this fault.

i Tried optimisation but it does not gave this error.

i tried -fsanitize=address but it gave error at the run-time something like this

==1982== ERROR: AddressSanitizer: SEGV on unknown address 0x000000c38299 (pc 0x7f78d7b685b0 sp 0x7ffd8918a0b0 bp 0x7f78d7d7a668 T0)

or is there any way i can write this o/p to a file

Grv
  • 273
  • 3
  • 14
  • Errors: Not directly, Warning: Yes. turn warnings into errors. Hopefully that'll do. – Sourav Ghosh Aug 21 '15 at 07:55
  • what option should i use in gcc that it will show this as warning? – Grv Aug 21 '15 at 07:59
  • you can use `clang` with `--analyze` to get `Function call argument is an uninitialized value`: http://stackoverflow.com/q/27063678/390913 – perreal Aug 21 '15 at 08:02
  • All your compiler can do is issuing a warning because you are using the uninitialized variable `sTmpStr`. Compiler flag -Wall should do the job. – Jabberwocky Aug 21 '15 at 08:03
  • suppose if i write free(sTmpStr); -Wall is not showing this as warning – Grv Aug 21 '15 at 08:34
  • Related question: http://stackoverflow.com/questions/399850/best-compiler-warning-level-for-c-c-compilers – Klas Lindbäck Aug 21 '15 at 10:53

2 Answers2

3

Turning on compiler warnings helps a lot. A good warning level (IMHO) is -Wall.

I put your example code in a program, k.c:

#include<stdio.h>
int main()
{
    int iLen = 0;
    char *sTmpStr;

    strcpy(sTmpStr, "abc");
    return 0;
}

Compiling gave the following warnings:

$ gcc -Wall k.c -o k
k.c: In function 'main':
k.c:11: warning: unused variable 'iLen'
k.c:14: warning: 'sTmpStr' is used uninitialized in this function
$

You can turn the warnings into errors by adding the flag -Werror

Klas Lindbäck
  • 33,105
  • 5
  • 57
  • 82
  • 1
    I don't find `-Wall` adequate (see for example [getopt isn't working for one argument](http://stackoverflow.com/questions/29088549/getopt-isnt-working-for-one-argument)). – Thomas Dickey Aug 21 '15 at 08:24
  • 1
    suppose if i write free(sTmpStr); -Wall is not showing this as warning – Grv Aug 21 '15 at 08:32
  • Also, `char *sTmpStr = NULL` will remove that warning, even though the bug remains. – Lundin Aug 21 '15 at 08:39
  • suppose if i write free(sTmpStr); -Wall is not showing this as warning as memory is not initialised so how can we free this? – Grv Aug 21 '15 at 10:14
0

Just using a compiler is generally insufficient for finding runtime bugs and poorly specified behavior. gcc -std=c11 -pedantic-errors -Wall is a good start, but gcc is still just a compiler, and the purpose of a compiler is to check if the code is written as required by the standard. Anything beyond that is just a bonus.

The professional option would be to use a static code analyser tool. These will check for common bugs and problems in your code. Unfortunately, no such tool exists as open source: they tend to be quite expensive.

Lundin
  • 195,001
  • 40
  • 254
  • 396
  • The option `-std=c11` doesn't matter in this regard and is misleading. – fuz Aug 25 '15 at 10:19
  • @FUZxxl No, since lots of things that are poorly specified behavior in the C standard are implemented as language extensions in GNU C. Unless you are using GNU C extensions, there is never a reason not to use `-std` – Lundin Aug 25 '15 at 10:44
  • What I'm trying to say is that you don't need to literally specify `-std=c11`; many projects are written against C89 or C99 for compatibility and it's usually a bad idea to change the language revision without evaluating the consequences. Always assume that people are going to copy (and preach) your answer without understanding what its parts mean. – fuz Aug 25 '15 at 11:09
  • @FUZxxl According to the C tag policy, all questions are assumed to be about the current C standard, unless otherwise specified by the OP. – Lundin Aug 25 '15 at 11:20
  • But your answer does not require to set the standard revision to C11. If someone reads your answer and doesn't know better, he might think that it's mandatory to set `-std=c11` to get decent error reporting. This is absolutely false. – fuz Aug 25 '15 at 11:30
  • For an open source static code analysis tool, look at Frama C. – fuz Aug 25 '15 at 11:30