Il 19/03/2014 10:08, Markus Armbruster ha scritto:
It probably would make static analysis a bit less powerful or will
return more false positives. The NULL return for realloc (in the
"free" case) already causes some. So I'm undecided between a more
correct model and a more selective one (with a fat comment).
I can't see how lying to the analyzer could make it more powerful :)
It can, however, suppress false positives. Scan and find out how many?
Full model (g_malloc returns NULL for 0 argument) => 750 defects
Posted model (g_malloc never returns NULL) => 702 defects
-59 NULL_RETURNS defects
-1 REVERSE_INULL defects
+12 TAINTED_SCALAR defects
Reduced model (g_realloc never frees) => 690 defects
-12 NULL_RETURNS defects
Of course, silly me, I threw away the results of the analysis for the
full model. I'll now rerun it and look for false negatives caused by
the reduced model.
Paolo
