Hello Drew,
I have used LGTM for one of my open source projects. If the sources are
deposited on GitHub (or Gitlab) for example, this is immediate to use:
create an account under lgtm.com, create a project and point it to the
git repo. It will fetch sources and start the analysis. The results
take
typically half a day to one day to pop up but then you get a list of
warnings,... that include integer typing issues such as those
identified
(we killed plenty of them thanks to this). Possibly, you may see what
it produces here (this is what remains after a big cleaning effort that
removed around 100 warnings I think).
https://lgtm.com/projects/g/toulbar2/toulbar2/?mode=list
LGTM also offers a query language that possibly allows to target a
specific custom form of issue but I have not used it.
I'm sorry to say my agenda is totally over-saturated. I can possibly
spend 20 to 30' interacting (zoom/meet/...) with the PETSC
team/maintainer to explain how to setup LGTM, but that's my maximum I'm
afraid.
Thomas
Le 27/05/2020 à 07:31, Drew Parsons a écrit :
Hi again Thomas,
upstream says they've looked at clang-static-analyzer, but it'll be
nontrivial to implement. Not entirely obvious how to proceed with lgtm
either, it only comes with simple examples.
If you (or anyone else) has time to work on this, they'd sure
appreciate a helping hand.
This is the PETSc project (http://www.mcs.anl.gov/petsc, cf.
Bug#953116 for 64 bit builds)