David Malcolm

Email: dmalcolm@redhat.com

My Fedora People page: http://dmalcolm.fedorapeople.org/

I'm currently working on GCC upstream. Previously I worked on the Python runtimes within Fedora and Red Hat Enterprise Linux.

I'm interested in static code analysis

My old blog: http://dmalcolm.livejournal.com/

A very old, out-of-date Red Hat People Page: http://people.redhat.com/dmalcolm

GCC work

• GCC 15:
  • Presentation (Cauldron 2024): What's new with diagnostics in GCC 15
• GCC 14:
  • Blog post: Improvements to static analysis in the GCC 14 compiler
  • Presentation (Cauldron 2023): Updates to diagnostics in GCC 14
• GCC 13:
  • Blog post: Improvements to static analysis in the GCC 13 compiler
  • Presentation (Cauldron 2022): What’s new in GCC -fanalyzer ?
• GCC 12:
  • Blog post: The state of static analysis in the GCC 12 compiler
  • Blog post: Prevent Trojan Source attacks with GCC 12
  • Presentation (LPC 2021): Adding kernel-specific test coverage to GCC's -fanalyzer option
• GCC 11:
  • Blog post: Static analysis updates in GCC 11
  • Presentation (LPC 2020): GCC’s -fanalyzer option
• GCC 10:
  • Implemented experimental new static analysis pass
  • Blog post: Static analysis in GCC 10
• GCC 9:
  • Blog post: Usability improvements in GCC 9
  • Presentation (Cauldron 2018): Optimization records
• GCC 8:
  • Blog post: Usability improvements in GCC 8
  • Presentation (Cauldron 2017): Diagnostic and location-tracking improvements for GCC 8
• GCC 7:
  • Unit testing and RTL "frontend"
    • Blog post: Testing... Testing… GCC
    • Presentation (Cauldron 2016): Testing BoF
• GCC 6:
  • -Wmisleading-indentation vs “goto fail;”
  • implemented underlined ranges of source, rather than just points
• GCC 5 improvements:
  • RTL typesafety
    • Blog post: Improving GCC’s internals
    • Presentation (Cauldron 2014): A proposal for typesafe RTL
  • libgccjit
    • Blog post: JIT-compilation using GCC 5
    • Presentation (Cauldron 2014): Just-In-Time compilation using GCC

Some of the software I've written

• libgccjit: a branch of GCC allowing it to be built as a shared library for use in Just-In-Time compilation
• gcc-python-plugin: allowing you to write new GCC plugins in Python.
• cpychecker: a static analysis pass for GCC to find bugs in C extensions to Python, written in Python using gcc-python-plugin
• gdb Python hooks for debugging CPython itself
• gdb-heap, an extension to gdb for analyzing malloc/free
• squeal: a SQL-like syntax for use in shell pipelines
• asmdiff: tool for comparing objdump results
• gccinvocation: Python module for parsing GCC invocation lines
• jamais-vu: a tool for working with DejaGnu output
• firehose: a proposed common format for static analyzer output, along with a Python module for working with it
• mock-with-analysis: a way of rebuilding an RPM in mock, injecting static analysis, and capturing the result in Firehose format
• gcc-build: some scripts to make it easier to hack on GCC

Older stuff

• rpmgrok
• conglomerate: an XML editor aimed at non-technical users (I rewrote the prototype)