Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 23 Apr 2014 12:06:30 +0200
From:      Erik Cederstrand <erik+lists@cederstrand.dk>
To:        "Ronald F. Guilmette" <rfg@tristatelogic.com>
Cc:        "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject:   Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
Message-ID:  <50CA7E78-BB5E-4872-A272-B7374627EC12@cederstrand.dk>
In-Reply-To: <10999.1398215531@server1.tristatelogic.com>
References:  <10999.1398215531@server1.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Den 23/04/2014 kl. 03.12 skrev Ronald F. Guilmette =
<rfg@tristatelogic.com>:
>=20
> In message <20140423010054.2891E143D098@rock.dv.isc.org>,=20
> Mark Andrews <marka@isc.org> wrote:
>=20
>> As for the number of CLANG analysis warnings.  Clang has false
>> positives
>=20
> Please define your terms.
>=20
> I do imagine that the truth or falsehood of your assertion may depend
> quite substantally on what one does or does not consider a "false
> positive" in this context.

Have a look at the ~10.000 reports at =
http://scan.freebsd.your.org/freebsd-head/ (unavailable ATM). Silly =
things are reported like missing return at the end of main() or not =
free()ing memory two lines before program exit. There are nonsensical =
reports because the analyzer doesn't detect exit() in a usage() function =
because usage() is defined in a separate compilation unit, or this:

int foo(int y, int z) {
   int x;
   if (y =3D=3D z) {
       x =3D 0;
   } else  {
       if (y !=3D z) {
           x =3D 1;
       }
   }
   return x;
}

warning that x may be uninitialized. Fixing these require considerable =
effort e.g. improving IPA and adding alpha-remaning support to the =
analyzer's constraint manager, or would result in unnecessary code churn =
in FreeBSD just to work around the reports.

My best guess is that at least 90% of the reports are either false =
positives or really silly. Which doesn't mean that the reports are =
useless, but a lot of time is wasted finding real bugs.

Erik=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50CA7E78-BB5E-4872-A272-B7374627EC12>