Aaron Tomb
unread,Aug 26, 2005, 5:42:19 PM8/26/05Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to mono...@googlegroups.com
This week, I spent most of my time testing my code on large examples
written by other people. I fixed a number of small bugs, but didn't add
any major new functionality.
Here are some results of running my bug finder on various targets.
* With the double-check locking checker, it reports 5 warnings for the
System.dll file distributed with the 1.1.8.2 version of Mono
distributed in Debian unstable. Two of these seem to be real to me
(based on the current source code in SVN HEAD):
System.Net.GlobalProxySelection::GetProxy
System.Net.HttpWebRequest::GetServicePoint
one is a false alarm:
System.Net.WebConnectionStream::EndRead
and the others I haven't found the source code for:
System.ComponentModel.TypeDescriptor::get_DefaultConverters
System.Net.DigestSession::Authenticate
* With the bad recursive invocation checker, it reports 6 warnings on
the same System.dll. They are:
System.CodeDom.Compiler.Executor::ExecWaitWithCapture
System.ComponentModel.PropertyTabAttribute::Equals
System.Diagnostics.CounterSampleCalculator::ComputeCounterValue
System.Diagnostics.EventLog::GetEventLogs
System.IO.KeventWatcher::ProcessEvent
System.Net.ChunkStream::InternalWrite
I haven't been able to determine yet which are real bugs and which
are not.
* With the nullderef checker, on its own source code (around 3000
lines), it gives 72 warnings. As is typical with dataflow based
null-pointer analyses, these are all false positives. The code is
annotated, with approximately 150 methods, fields, and parameters
having the [NonNull] annotation. The checks were done with respect
to a list of 25 methods in the standard library and in Cecil which
will never return null.
In the absence of both the annotations and the list of non-null
library methods, it gives hundreds of warnings (~500 or so). While
the remaining warnings are all false positives, careful examination
of them has helped eliminate real bugs in the BugFinder source code
itself.
So, my assesment is that, while there is a nearly infinite supply of
possible new checks, tuning of existing checks, and so on, I have
achieved what I agreed to for the Summer of Code.
However, I have no intention of stopping work on this project when
September 1st rolls around. I have enjoyed the work, and would love to
add new analyses, and improve the existing ones. After September 1st, I
may slow down a little, as my research is taking up a lot of time, but I
still plan to commit regular changes.
Specifically for next week, I'm planning to do the following:
* Run my checker on more of the Mono standard library, and try to
determine if I've found real bugs.
* Document my code more comprehensively.
* Do any more tuning I can think of to reduce the number of false
positives generated by the null pointer dereference analysis.
Aaron