From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:32876) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WQFtD-0004o5-Ay for qemu-devel@nongnu.org; Wed, 19 Mar 2014 08:46:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WQFt4-000389-Ps for qemu-devel@nongnu.org; Wed, 19 Mar 2014 08:46:35 -0400 Sender: Paolo Bonzini Message-ID: <5329918C.8090403@redhat.com> Date: Wed, 19 Mar 2014 13:46:04 +0100 From: Paolo Bonzini MIME-Version: 1.0 References: <1395162223-28733-1-git-send-email-pbonzini@redhat.com> <874n2vcpu9.fsf@blackfin.pond.sub.org> <53294155.8040403@redhat.com> <87d2hi4ktz.fsf@blackfin.pond.sub.org> In-Reply-To: <87d2hi4ktz.fsf@blackfin.pond.sub.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] scripts: add sample model file for Coverity Scan List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Markus Armbruster Cc: qemu-trivial@nongnu.org, qemu-devel@nongnu.org Il 19/03/2014 10:08, Markus Armbruster ha scritto: >> It probably would make static analysis a bit less powerful or will >> return more false positives. The NULL return for realloc (in the >> "free" case) already causes some. So I'm undecided between a more >> correct model and a more selective one (with a fat comment). > > I can't see how lying to the analyzer could make it more powerful :) > It can, however, suppress false positives. Scan and find out how many? Full model (g_malloc returns NULL for 0 argument) => 750 defects Posted model (g_malloc never returns NULL) => 702 defects -59 NULL_RETURNS defects -1 REVERSE_INULL defects +12 TAINTED_SCALAR defects Reduced model (g_realloc never frees) => 690 defects -12 NULL_RETURNS defects Of course, silly me, I threw away the results of the analysis for the full model. I'll now rerun it and look for false negatives caused by the reduced model. Paolo