Using Intel® Inspector XE on Fortran Applications – Static Security Analysis

Intel® Inspector XE supports analysis of programs written in the C/C++, C#, and Fortran languages. This is the third article in a three part series covering how to use Intel Inspector XE on Fortran applications.  Part 1 covered memory analysis and part 2covered threading analysis. Memory and threading analysis are both dynamic analysis types which are performed during runtime. This article will cover the static analysis which is performed at compile time. This static analysis analyzes all of the source code in an application for both coding errors and security issues. This Static Security Analysis is an additional correctness tool available with Intel Parallel Studio XE and our other Studio XE bundles.

Static analysis uses the GCC/Microsoft* compatible front end of the Intel® C++ or Intel® Fortran Compiler in a special mode which is turned on through the use of compiler flags. Static analysis requires your code to compile without serious errors using the Intel Compiler, but no code is generated. Your application does not need to run with code generated by the Intel compiler and you do not need to use the Intel compiler to create your production binaries in order to take advantage of static analysis. The figure below is taken from the compiler documentation and describes the different flags that are available for static analysis.


If you are using Microsoft* Visual Studio these flags can be set from the Project Properties via the Fortran > Diagnostics property page. After running the compilation, an Intel Inspector XE result will be created that can be viewed with the standalone GUI, within Visual Studio, or from the command line. The figure below shows the results of a static  analysis run using the flag value "All Errors and Warnings (/Qdiag-enable:sc3)" in Visual Studio.


In this example static analysis detected two errors and one warning, denoted by the red circles and yellow triangle symbols respectively. The Code Locations pane shows source code locations related to the selected problem.

The first error is an "UnALLOCATED array ref (possible)" and it is selected by default in the Summary view. The code location shows that the array "queens" is being written without an allocation taking place. In order to correct this error, allocate memory for a variable before using it. To fix this particular issue, add the following line of code:


This allocation will fix the first problem.  The second problem that is reported is an "Optional arg unchecked". This problem can arise if a subroutine uses optional arguments without checking for their existence first. Double-clicking on the problem will navigate to the Sources view. This will provide the complete source code context as well as additional Traceback information.

Here the argument "output" is an optional argument and there is an assignment without a check for its existence. This can be dangerous and cause runtime errors. To fix this issue an additional check is added before the assignment.
The final reported problem is an "Unused subroutine". This is only a warning and may not be an issue depending on the code. In the case of this application, the subroutine is used for debugging and is not called in this particular build. However, if an application is expected to use a subroutine and the analysis finds that the subroutine is not called this may be a real problem.

There are many more code and security issues that static analysis can detect and this article only presents a few as a sample result. Using Intel Inspector XE on Fortran applications is straightforward and increases your confidence in the correctness and security of an application.

For more complete information about compiler optimizations, see our Optimization Notice.


Jackson Marusarz (Intel)'s picture

In order to use static analysis without Visual Studio, you need to add the flag listed in the table above to your build line. For more details about using static analysis you can see the help topic here: and check out the section under "Using Static Analysis from the Command Line". If that does not contain the information you need, or if you are having trouble using static analysis, the best place to go for help would be the forums here:

anonymous's picture

You help is absolutely use for trying to use static code analysis WITHOUT visual studio. I have a full license for Intel Visual studio, but where is the help to make a static analysis on WIndows (7 64 bit) OS without VS. No where. The samples in the install are only for VS - come on guys - this really sucks.

Add a Comment

Have a technical question? Visit our forums. Have site or software product issues? Contact support.