|
From: | Paolo Bonzini |
Subject: | Re: [Qemu-devel] [PATCH] scripts: add sample model file for Coverity Scan |
Date: | Wed, 19 Mar 2014 13:46:04 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 |
Il 19/03/2014 10:08, Markus Armbruster ha scritto:
It probably would make static analysis a bit less powerful or will return more false positives. The NULL return for realloc (in the "free" case) already causes some. So I'm undecided between a more correct model and a more selective one (with a fat comment).I can't see how lying to the analyzer could make it more powerful :) It can, however, suppress false positives. Scan and find out how many?
Full model (g_malloc returns NULL for 0 argument) => 750 defects Posted model (g_malloc never returns NULL) => 702 defects -59 NULL_RETURNS defects -1 REVERSE_INULL defects +12 TAINTED_SCALAR defects Reduced model (g_realloc never frees) => 690 defects -12 NULL_RETURNS defectsOf course, silly me, I threw away the results of the analysis for the full model. I'll now rerun it and look for false negatives caused by the reduced model.
Paolo
[Prev in Thread] | Current Thread | [Next in Thread] |