Memcached XTU Analysis

Baseline:

Memcached without xtu - clang 4.0 http://cc.elte.hu:8080/#run=3

Memcached XTU with XTU - clang 4.0

http://cc.elte.hu:8080/#run=4

###Summary

|Analyzed project| New findings | Disappeared findings | Successfully analyzed | Failed to analyze | Analysis Time (NonXTU)|Analysis Time XTU|Average bug path length in baseline|Average bug path length XTU| |---|---|---|---|---|---|---|---|---|---| |Memcached| 3 (core.*(1), unix.malloc(1)| 15| 35 files | 0 files |26.91s|42.82s|7|20.13

Resolved false positives:

• memcached core.NonNullParamChecker http://cc.elte.hu:8080/#baseline=61&newcheck=62&report=6848

Remaining false positives:

• cache.c unix.MallocSizeof http://cc.elte.hu:8080/#run=62&report=6820 http://cc.elte.hu:8080/#run=62&report=6824

Lost true positives:

in the last but one version there were lost true positives, but this version performed much better in this respect

Remaining true positives:

• slabs.c core.NullDereference http://cc.elte.hu:8080/#run=62&report=6822 http://cc.elte.hu:8080/#run=62&report=6823 http://cc.elte.hu:8080/#run=62&report=6825
• memcached.c deadcode.DeadStores http://cc.elte.hu:8080/#run=62&report=6826 http://cc.elte.hu:8080/#run=62&report=6827 http://cc.elte.hu:8080/#run=62&report=6830 http://cc.elte.hu:8080/#run=62&report=6832
• testapp.c deadcode.DeadStores http://cc.elte.hu:8080/#run=62&report=6844
• memcached.c unix.API http://cc.elte.hu:8080/#run=62&report=6846

###New true positives

• MOST IMPORTANT XTU-SPECIFIC finding: memcached.c core.DivideZero http://cc.elte.hu:8080/#run=62&report=6833 safe_strtol sets the output c-string to null, and if a range overflow error happens (or str == endptr, see line 126 in util.c), it remains null.
• items.c core.uninitialized.Assign if allocation fails, there is a branch, where a -= operator is called with unitialized value on the left side