On Tue, Oct 22, 2013 at 12:26:06PM +0200, Martin Milata wrote:
I uploaded the clang-analyzer-generated html reports for the three "interesting" cases that the script found and took a further look at them.
- nautilus 1 [1], clang-analyzer report [2]
The trace from the static analyzer consists of nautilus_file_operations_copy_move calling nautilus_file_operations_move which then segfaults. This agrees with the backtraces. Unfortunately there is no BZ ticket associated probably due to too few people affected by this bug
- nautilus 2 [3], clang-analyzer report [4]
Only nautilus_file_operations_copy_move is in the static analyzer trace. There's bugzilla ticket [5] with full backtrace corresponding to this problem.
- python [6], clang-analyzer report [7]
The trace consists of PyObject_Unicode calling PyObject_GetAttr, which is not the case of the linked backtrace, making this pair a false positive. The trace from clang-analyzer describes a real bug though, one that has been already fixed [8][9].
Didn't know clang-analyzer can do inter-procedural analysis, that's nice.
Thrilling stuff, nice work!
I'll soon have a corpus of checks being run against Debian packages, I'll be sure to forward you data points (if y'all have the same source/version pair in Fedoraland)
Keep up the great work, Paul