In the topic of code analysis or program analysis (Wikipedia article), there is static code analysis (Wikipedia article) and dynamic program analysis (Wikipedia article). This topic overlaps with performance analysis, formal verification, as well as general debugging.
There is a FOSS Factory bounty (p276) on some of these tasks.
GCC's warnings. Yes, really.
Engineering zero-defect software, Eric S. Raymond, 2012-05-13
For example, Debian's hurd_20110319-2 package (Samuel Thibault, 2011-08-05: I had a look at those, some are spurious; the realloc issues are for real).
Has already been used for finding and fixing double mutex unlocking issues.
IRC, freenode, #hurd, 2011-12-04
<mcsim> has anyone used splint on hurd? <mcsim> this is tool for statically checking C programs <mcsim> seems I made it work
IRC, freenode, #glibc, 2011-09-28
<vsrinivas> two things you can do -- there is an environment variable (DEBUG_MALLOC_ iirc?) that can be set to 2 to make ptmalloc (glibc's allocator) more forceful and verbose wrt error checking <vsrinivas> another is to grab a copy of Tor's source tree and copy out OpenBSD's allocator (its a clearly-identifyable file in the tree); LD_PRELOAD it or link it into your app, it is even more aggressive about detecting memory misuse. <vsrinivas> third, Red hat has a gdb python plugin that can instrument glibc's heap structure. its kinda handy, might help? <vsrinivas> MALLOC_CHECK_ was the envvar you want, sorry.
In context of
allocaissue mentioned in gnumach page cache policy:
IRC, freenode, #hurd, 2012-07-08:
<youpi> braunr: there's actually already an ifdef REDZONE in libthreads
<youpi> except it seems clumsy :) <youpi> ah, no, the libthreads code properly sets the guard, just for grow-up stacks
CTraps is a gcc plugin and runtime library that inserts calls to runtime library functions just before shared memory accesses in parallel/concurrent code.
The purpose of this plugin is to expose information about when and how threads communicate with one another to programmers for the purpose of debugging and performance tuning. The overhead of the instrumentation and runtime code is very low -- often low enough for always-on use in production code. In a series of initial experiments the overhead was 0-10% in many important cases.
Jones: system call abuse, Dave Jones, 2010.
- Trinity: A Linux kernel fuzz tester (and then some), Dave Jones, The Eleventh Annual Southern California Linux Expo, 2013.
Mayhem, an automatic bug finding system
IRC, freenode, #hurd, 2013-06-29:
<teythoon> started reading the mayhem paper referenced here http://lists.debian.org/debian-devel/2013/06/msg00720.html <teythoon> that's nice work, they are doing symbolic execution of x86 binary code, that's effectively model checking with some specialized formulas <teythoon> (too bad the mayhem code isn't available, damn those academic people keeping the good stuff to themselvs...) <teythoon> (and I really think that's bad practice, how should anyone reproduce their results? that's not how science works imho...)