Linus Nordberg <li...@nordberg.se> writes: > Run static code analysis beyond what the compiler usually > performs. Useful tools include Coverity, the clang static analyzer and > runtime sanitizers.
cppcheck is also very useful, its emphasis is less on semantic analysis and more on design rules violations, which most other static analysers don't do. A notable exception is PVS Studio, but that's kinda pricey. >- Detecting memory leakage > > Running code under valgrind to find out if and where a program leaks > memory can help in spotting memory handling errors. Using the clang sanitisers also does a good job of finding issues like this, I'd use ASAN and UBSAN at a minimum. > Useful fuzzers include AFL [0], libFuzzer [1] and OSS-Fuzz. honggfuzz is also quite good, and uses the same API as libFuzzer. Peter. _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
