This repository has been archived by the owner on Mar 30, 2021. It is now read-only.
forked from llvm-mirror/clang
-
Notifications
You must be signed in to change notification settings - Fork 10
Memcached XTU Analysis
Whisperity edited this page Mar 24, 2017
·
8 revisions
Memcached without xtu - clang 4.0 http://cc.inf.elte.hu:8080/#run=179
http://cc.inf.elte.hu:8080/#run=180
| Analyzed project | All Non-CTU Findings (baseline) | All CTU Findings | New CTU findings | Disappeared findings | Successfully analyzed | Failed to analyze | Analysis Time (baseline)[s] | Analysis Time XTU (1st Phase + 2nd Phase)[s] | Median of bug path length (BPL) in baseline | Median of BPL CTU | Median of BPL of new findings | Median of BPL of disappeared findings |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MemcacheD | 17 | 28 | 12 | 3 | 35 files | 0 files | 35.05 | 1.53 + 55.14 | 10 | 8.5 | 8 | 58 |
------------------- NEW Bugs grouped by checker ------------------
---------------------------------
Checker ID | Count
---------------------------------
core.CallAndMessage | 1
core.DivideZero | 1
core.NonNullParamChecker | 2
core.NullDereference | 2
core.uninitialized.Assign | 2
unix.Malloc | 4
---------------------------------
------------------- Metrics ------------------
Total # of bugs: 12
MIN BugPath length: 1
MAX BugPath length: 29
Mean length: 10.75
%: 25% percentile: 2.0
%: 50% percentile: 8.0
%: 75% percentile: 18.5
%: 90% percentile: 24.0
- memcached core.NonNullParamChecker http://cc.inf.elte.hu:8080/#run=180&report=18033
- cache.c unix.MallocSizeof http://cc.inf.elte.hu:8080/#run=180&report=18025 http://cc.inf.elte.hu:8080/#run=180&report=18021
in the last but one version there were lost true positives, but this version performed much better in this respect
- slabs.c core.NullDereference
- memcached.c deadcode.DeadStores
- testapp.c deadcode.DeadStores
- memcached.c unix.API
- MOST IMPORTANT XTU-SPECIFIC finding: memcached.c core.DivideZero http://cc.inf.elte.hu:8080/#baseline=179&newcheck=180&report=18035 safe_strtol sets the output c-string to null, and if a range overflow error happens (or str == endptr, see line 126 in util.c), it remains null.
- items.c core.uninitialized.Assign if allocation fails, there is a branch, where a -= operator is called with unitialized value on the left side
- Home
- Usage of CTU Analysis
- Compilation
- Develop and debug CTU
EuroLLVM'17 Extended abstract- Open source project analyzed with CTU
- External resources