|
|
|
|
|
|
by jsteemann
1560 days ago
|
|
|
I stumbled across fbinfer and gave it a try for a larger C++ project on Linux a few days ago. It worked out of the box, because fbinfer can tap into the compile commands database that can easily be generated by CMake and other build tools. The tool has nice output about its current progress, but even when running with many threads, its long translation and analysis durations made it somewhat impractical to use on a large project. I understand that later it can run with incremental changes, and can reuse some data from previous runs. In this case it probably may be better suited. But the first-time analysis of a large project is very time-consuming.
I am not saying this is unique to fbinfer. Other static analyzers tend to have the same problem.
To be fair, I haven't yet inspected the tool's various options, which can potentially speed up the analysis. The initial report the tool created contained several findings. Mainly "potential" nullptr dereferences and a few "potential" data races. After manual inspection these all turned out to be false positives.
However, the tool also found several dead stores, which turned out to be actual dead stores. So it is at least helpful w.r.t. From my perspective, the tool has potential. Probably some of the false positives can be turned off via configuration, and using it for incremental analysis may also reduce its runtime so that it becomes tolerable for larger projects. |
|
|