DonatNagyE wrote: I tested this commit on several open-source projects, comparing it and its parent with a configuration that enables the non-alpha checkers (so StdCLibraryFunctions becomes enabled when this commit moves it out of alpha).
The results show that this checker doesn't produce random noise and can provide some useful results: | Project | New reports | Lost reports | Changes | | --- | --- | --- | --- | | memcached | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=memcached_1.6.8_baseline&newcheck=memcached_1.6.8_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=memcached_1.6.8_baseline&newcheck=memcached_1.6.8_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect | | tmux | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tmux_2.6_baseline&newcheck=tmux_2.6_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tmux_2.6_baseline&newcheck=tmux_2.6_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect | | twin | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=twin_v0.8.1_baseline&newcheck=twin_v0.8.1_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=twin_v0.8.1_baseline&newcheck=twin_v0.8.1_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect | | vim | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=vim_v8.2.1920_baseline&newcheck=vim_v8.2.1920_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=vim_v8.2.1920_baseline&newcheck=vim_v8.2.1920_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect | | openssl | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=openssl_openssl-3.0.0-alpha7_baseline&newcheck=openssl_openssl-3.0.0-alpha7_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=openssl_openssl-3.0.0-alpha7_baseline&newcheck=openssl_openssl-3.0.0-alpha7_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect | | sqlite | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=sqlite_version-3.33.0_baseline&newcheck=sqlite_version-3.33.0_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=sqlite_version-3.33.0_baseline&newcheck=sqlite_version-3.33.0_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect | | ffmpeg | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=ffmpeg_n4.3.1_baseline&newcheck=ffmpeg_n4.3.1_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=ffmpeg_n4.3.1_baseline&newcheck=ffmpeg_n4.3.1_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect | | postgres | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=postgres_REL_13_0_baseline&newcheck=postgres_REL_13_0_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=postgres_REL_13_0_baseline&newcheck=postgres_REL_13_0_with_std_library_functions&is-unique=on&diff-mode=Resolved) | 5 new TPs [1] | tinyxml2 | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tinyxml2_8.0.0_baseline&newcheck=tinyxml2_8.0.0_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tinyxml2_8.0.0_baseline&newcheck=tinyxml2_8.0.0_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect | | libwebm | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=libwebm_libwebm-1.0.0.27_baseline&newcheck=libwebm_libwebm-1.0.0.27_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=libwebm_libwebm-1.0.0.27_baseline&newcheck=libwebm_libwebm-1.0.0.27_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect | | xerces | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=xerces_v3.2.3_baseline&newcheck=xerces_v3.2.3_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=xerces_v3.2.3_baseline&newcheck=xerces_v3.2.3_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect | | bitcoin | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=bitcoin_v0.20.1_baseline&newcheck=bitcoin_v0.20.1_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=bitcoin_v0.20.1_baseline&newcheck=bitcoin_v0.20.1_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect | | protobuf | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=protobuf_v3.13.0_baseline&newcheck=protobuf_v3.13.0_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=protobuf_v3.13.0_baseline&newcheck=protobuf_v3.13.0_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect | [1] One [unix.StdCLibraryFunctions report](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_baseline&newcheck=postgres_REL_13_0_with_std_library_functions&is-unique=on&diff-mode=New&report-id=2751977&report-hash=1928ba718d9742340937d425ec3978c6&report-filepath=%2apg_backup_custom.c) and four very similar TOCTOU bugs reported by core.NonNullParamChecker ([one example](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_baseline&newcheck=postgres_REL_13_0_with_std_library_functions&is-unique=on&diff-mode=New&report-id=2751787&report-hash=c469e10d32261326b999f84ee5f2d5fa&report-filepath=%2aoption.c)). These are all real issues, although it'd be very difficult to trigger them in practice. Note that we're testing stable versions of open-source projects, so it's not surprising that we don't see serious issues. https://github.com/llvm/llvm-project/pull/66207 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
