Using Intel® Inspector XE on Fortran Applications – Static Security Analysis

Intel® Inspector XE supports analysis of programs written in the C/C++, C#, and Fortran languages. This is the third article in a three part series covering how to use Intel Inspector XE on Fortran applications.  Part 1 covered memory analysis and part 2 covered threading analysis. Memory and threading analysis are both dynamic analysis types which are performed during runtime. This article will cover the static analysis which is performed at compile time. This static analysis analyzes all of the source code in an application for both coding errors and security issues. This Static Security Analysis is an additional correctness tool available with Intel Parallel Studio XE and our other Studio XE bundles.

Static analysis uses the GCC/Microsoft* compatible front end of the Intel® C++ or Intel® Fortran Compiler in a special mode which is turned on through the use of compiler flags. Static analysis requires your code to compile without serious errors using the Intel Compiler, but no code is generated. Your application does not need to run with code generated by the Intel compiler and you do not need to use the Intel compiler to create your production binaries in order to take advantage of static analysis. The figure below is taken from the compiler documentation and describes the different flags that are available for static analysis.


If you are using Microsoft* Visual Studio these flags can be set from the Project Properties via the Fortran > Diagnostics property page. After running the compilation, an Intel Inspector XE result will be created that can be viewed with the standalone GUI, within Visual Studio, or from the command line. The figure below shows the results of a static  analysis run using the flag value "All Errors and Warnings (/Qdiag-enable:sc3)" in Visual Studio.


In this example static analysis detected two errors and one warning, denoted by the red circles and yellow triangle symbols respectively. The Code Locations pane shows source code locations related to the selected problem.

The first error is an "UnALLOCATED array ref (possible)" and it is selected by default in the Summary view. The code location shows that the array "queens" is being written without an allocation taking place. In order to correct this error, allocate memory for a variable before using it. To fix this particular issue, add the following line of code:


This allocation will fix the first problem.  The second problem that is reported is an "Optional arg unchecked". This problem can arise if a subroutine uses optional arguments without checking for their existence first. Double-clicking on the problem will navigate to the Sources view. This will provide the complete source code context as well as additional Traceback information.

Here the argument "output" is an optional argument and there is an assignment without a check for its existence. This can be dangerous and cause runtime errors. To fix this issue an additional check is added before the assignment.
The final reported problem is an "Unused subroutine". This is only a warning and may not be an issue depending on the code. In the case of this application, the subroutine is used for debugging and is not called in this particular build. However, if an application is expected to use a subroutine and the analysis finds that the subroutine is not called this may be a real problem.

There are many more code and security issues that static analysis can detect and this article only presents a few as a sample result. Using Intel Inspector XE on Fortran applications is straightforward and increases your confidence in the correctness and security of an application.

Para obtener información más completa sobre las optimizaciones del compilador, consulte nuestro Aviso de optimización.