A static analyzer can find bugs in c++ code, but it cannot analyze arbitrary c++ code. For code which cannot be proven right, the analyzer can either:
- ignore it to avoid false positives
- reject it to avoid true negatives
According to BS's opinion, the second way is preferred to make c++ really safe.
We need to define a formal memory safe cpp subset.
See the WIP Draft. Contributions are welcomed.
A static analyzer can find bugs in c++ code, but it cannot analyze arbitrary c++ code. For code which cannot be proven right, the analyzer can either:
According to BS's opinion, the second way is preferred to make c++ really safe.
We need to define a formal memory safe cpp subset.
See the WIP Draft. Contributions are welcomed.