IIRC fanalyzer is a fairly recent addition to gcc. Has it become reasonably usable yet?
I recall getting a bit excited when I first read about it, but the results I got where a bit bizarre (e.g. every single function that allocated memory and returned a pointer to it was labeled as leaking memory; not really any useful info).
I did the fun exercise myself once to riffle through the gcc manpage, cobble together warning flags and massage them into autoconf[1][2].
There is a very handy m4 script in the util-linux source for testing supported warning flags[3].
There's also 'AX_APPEND_COMPILE_FLAGS' [1] (and its dependency 'AX_CHECK_COMPILE_FLAG' [2]), next to many other (related or unrelated) macros in the autoconf archive.
clang has a static analyzer feature that IMO gives pretty good results. There's also a mode that's handy for long functions/funcs w/heavily nested blocks where it can show you the execution path necessary to hit a case (like used-uninitialized, e.g.).
I recall getting a bit excited when I first read about it, but the results I got where a bit bizarre (e.g. every single function that allocated memory and returned a pointer to it was labeled as leaking memory; not really any useful info).
I did the fun exercise myself once to riffle through the gcc manpage, cobble together warning flags and massage them into autoconf[1][2].
There is a very handy m4 script in the util-linux source for testing supported warning flags[3].
[1] https://git.infradead.org/mtd-utils.git/blob/HEAD:/configure...
[2] https://github.com/AgentD/squashfs-tools-ng/blob/master/conf...
[3] https://github.com/karelzak/util-linux/blob/master/m4/compil...