Malcolm: Static analysis updates in GCC 11

David Malcolm describesthe progress in the GCC static analyzer for the upcoming GCC 11release. "In GCC 10, I added the new -fanalyzer option, a staticanalysis pass for identifying various problems at compile-time, rather thanat runtime. The initial implementation was aimed at early adopters, whofound a few bugs, including a security vulnerability: CVE-2020-1967. BerndEdlinger, who discovered the issue, had to wade through many falsepositives accompanying the real issue. Other users also managed to get theanalyzer to crash on their code.I've been rewriting the analyzer to address these issues in the next major release, GCC 11. In this article, I describe the steps I'm taking to reduce the number of false positives and make this static analysis tool more robust."