Skip to content
This repository was archived by the owner on Mar 30, 2021. It is now read-only.

Memcached XTU Analysis

Jump to bottom
Whisperity edited this page Jan 27, 2017 · 8 revisions

Baseline:

Memcached without xtu - clang 4.0 http://cc.elte.hu:8080/#run=61

Memcached XTU with XTU - clang 4.0

http://cc.elte.hu:8080/#run=62

###Summary

Bug numbers do not match those on the linked viewer. The reason behind this is that we used bug deduplication not yet committed into the CodeChecker codebase.

Analyzed project All Non-CTU Findings (baseline) All CTU Findings New CTU findings Disappeared findings Successfully analyzed Failed to analyze Analysis Time (baseline)[s] Analysis Time XTU (1st Phase + 2nd Phase)[s] Median of bug path length (BPL) in baseline Median of BPL CTU Median of BPL of new findings Median of BPL of disappeared findings
MemcacheD 16 27 14 3 35 files 0 files 26.91 42.82 9.5 8 8.5 58
Checker ID Number of new findings
core.CallAndMessage 2
core.DivideZero 1
core.NonNullParamChecker 2
core.NullDereference 2
core.uninitialized.Assign 3
unix.Malloc 4

Resolved false positives:

Remaining false positives:

Lost true positives:

in the last but one version there were lost true positives, but this version performed much better in this respect

Remaining true positives:

###New true positives

  • MOST IMPORTANT XTU-SPECIFIC finding: memcached.c core.DivideZero http://cc.elte.hu:8080/#run=62&report=6833 safe_strtol sets the output c-string to null, and if a range overflow error happens (or str == endptr, see line 126 in util.c), it remains null.
  • items.c core.uninitialized.Assign if allocation fails, there is a branch, where a -= operator is called with unitialized value on the left side
Clone this wiki locally