|
| From: | Paolo Bonzini |
| Subject: | Re: [Qemu-devel] [PATCH] scripts: add sample model file for Coverity Scan |
| Date: | Wed, 19 Mar 2014 13:46:04 +0100 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 |
Il 19/03/2014 10:08, Markus Armbruster ha scritto:
It probably would make static analysis a bit less powerful or will return more false positives. The NULL return for realloc (in the "free" case) already causes some. So I'm undecided between a more correct model and a more selective one (with a fat comment).I can't see how lying to the analyzer could make it more powerful :) It can, however, suppress false positives. Scan and find out how many?
Full model (g_malloc returns NULL for 0 argument) => 750 defects
Posted model (g_malloc never returns NULL) => 702 defects
-59 NULL_RETURNS defects
-1 REVERSE_INULL defects
+12 TAINTED_SCALAR defects
Reduced model (g_realloc never frees) => 690 defects
-12 NULL_RETURNS defects
Of course, silly me, I threw away the results of the analysis for the
full model. I'll now rerun it and look for false negatives caused by
the reduced model.
Paolo
| [Prev in Thread] | Current Thread | [Next in Thread] |