1 files changed, 52 insertions, 19 deletions
diff --git a/open_issues/code_analysis.mdwn b/open_issues/code_analysis.mdwn
index 00915651..2ab8bf1d 100644
--- a/open_issues/code_analysis.mdwn
+++ b/open_issues/code_analysis.mdwn
@@ -42,10 +42,13 @@ There is a [[!FF_project 276]][[!tag bounty]] on some of these tasks.
     "1123688017.3905.22.camel@buko.sinrega.org"]].  This could be checked by a
     static analysis tool.
 
-  * [Static Source Code Analysis Tools for C](http://spinroot.com/static/)
-
   * [[!wikipedia List_of_tools_for_static_code_analysis]]
 
+  * [Engineering zero-defect software](http://esr.ibiblio.org/?p=4340), Eric
+    S. Raymond, 2012-05-13
+
+  * [Static Source Code Analysis Tools for C](http://spinroot.com/static/)
+
   * [Cppcheck](http://sourceforge.net/apps/mediawiki/cppcheck/)
 
     For example, [Debian's hurd_20110319-2
@@ -59,13 +62,9 @@ There is a [[!FF_project 276]][[!tag bounty]] on some of these tasks.
 
       * <http://www.google.com/search?q=coccinelle+analysis>
 
-  * clang
-
-      * <http://www.google.com/search?q=clang+analysis>
+  * [clang](http://www.google.com/search?q=clang+analysis)
 
-  * Linux' sparse
-
-      * <https://sparse.wiki.kernel.org/>
+  * [Linux' sparse](https://sparse.wiki.kernel.org/)
 
   * <http://klee.llvm.org/>
 
@@ -83,13 +82,34 @@ There is a [[!FF_project 276]][[!tag bounty]] on some of these tasks.
 
   * [sixgill](http://sixgill.org/)
 
+  * [s-spider](http://code.google.com/p/s-spider/)
+
+  * [CIL (C Intermediate Language)](http://kerneis.github.com/cil/)
+
+  * [Frama-C](http://frama-c.com/)
+
   * [Coverity](http://www.coverity.com/) (nonfree?)
 
+  * [Splint](http://www.splint.org/)
+
+      * IRC, freenode, #hurd, 2011-12-04
+
+            <mcsim> has anyone used splint on hurd?
+            <mcsim> this is tool for statically checking C programs
+            <mcsim> seems I made it work
+
 
 # Dynamic
 
   * [[community/gsoc/project_ideas/Valgrind]]
 
+  * glibc's `libmcheck`
+
+      * Used by GDB, for example.
+
+      * Is not thread-safe, [[!sourceware_PR 6547]], [[!sourceware_PR 9939]],
+        [[!sourceware_PR 12751]], [[!stackoverflow_question 314931]].
+
   * <http://en.wikipedia.org/wiki/Electric_Fence>
 
       * <http://sourceforge.net/projects/duma/>
@@ -98,18 +118,25 @@ There is a [[!FF_project 276]][[!tag bounty]] on some of these tasks.
 
   * <https://wiki.ubuntu.com/CompilerFlags>
 
-  * IRC, freenode, #glibc, 2011-09-28
+  * `MALLOC_CHECK_`/`MALLOC_PERTURB_`
 
-        <vsrinivas> two things you can do -- there is an environment variable
-          (DEBUG_MALLOC_ iirc?) that can be set to 2 to make ptmalloc (glibc's
-          allocator) more forceful and verbose wrt error checking
-        <vsrinivas> another is to grab a copy of Tor's source tree and copy out
-          OpenBSD's allocator (its a clearly-identifyable file in the tree);
-          LD_PRELOAD it or link it into your app, it is even more aggressive
-          about detecting memory misuse.
-        <vsrinivas> third, Red hat has a gdb python plugin that can instrument
-          glibc's heap structure. its kinda handy, might help?
-        <vsrinivas> MALLOC_CHECK_ was the envvar you want, sorry.
+      * IRC, freenode, #glibc, 2011-09-28
+
+            <vsrinivas> two things you can do -- there is an environment
+              variable (DEBUG_MALLOC_ iirc?) that can be set to 2 to make
+              ptmalloc (glibc's allocator) more forceful and verbose wrt error
+              checking
+            <vsrinivas> another is to grab a copy of Tor's source tree and copy
+              out OpenBSD's allocator (its a clearly-identifyable file in the
+              tree); LD_PRELOAD it or link it into your app, it is even more
+              aggressive about detecting memory misuse.
+            <vsrinivas> third, Red hat has a gdb python plugin that can
+              instrument glibc's heap structure. its kinda handy, might help?
+            <vsrinivas> MALLOC_CHECK_ was the envvar you want, sorry.
+
+      * [`MALLOC_PERTURB_`](http://udrepper.livejournal.com/11429.html)
+
+      * <http://git.fedorahosted.org/cgit/initscripts.git/diff/?id=deb0df0124fbe9b645755a0a44c7cb8044f24719>
 
   * In context of [[!message-id
     "1341350006-2499-1-git-send-email-rbraun@sceen.net"]]/the `alloca` issue
@@ -125,6 +152,12 @@ There is a [[!FF_project 276]][[!tag bounty]] on some of these tasks.
         <youpi> ah, no, the libthreads code properly sets the guard, just for
           grow-up stacks
 
+  * GCC's AddressSanitizer (ASan; `-faddress-sanitizer`)
+
+    [Finding races and memory errors with GCC instrumentation
+    (AddressSanitizer)](http://gcc.gnu.org/wiki/cauldron2012#Finding_races_and_memory_errors_with_GCC_instrumentation_.28AddressSanitizer.29),
+    GNU Tools Cauldron 2012.
+
   * Input fuzzing
 
     Not a new topic; has been used (and a paper published) for early UNIX