Bug finder: Report #8
23 views
Skip to first unread message
Aaron Tomb
Aug 26, 2005, 5:42:19 PM8/26/05
to mono...@googlegroups.com
This week, I spent most of my time testing my code on large examples
written by other people. I fixed a number of small bugs, but didn't add
any major new functionality.
Here are some results of running my bug finder on various targets.
* With the double-check locking checker, it reports 5 warnings for the
System.dll file distributed with the 1.1.8.2 version of Mono
distributed in Debian unstable. Two of these seem to be real to me
(based on the current source code in SVN HEAD):
System.Net.GlobalProxySelection::GetProxy
System.Net.HttpWebRequest::GetServicePoint
one is a false alarm:
System.Net.WebConnectionStream::EndRead
and the others I haven't found the source code for:
System.ComponentModel.TypeDescriptor::get_DefaultConverters
System.Net.DigestSession::Authenticate
* With the bad recursive invocation checker, it reports 6 warnings on
the same System.dll. They are:
System.CodeDom.Compiler.Executor::ExecWaitWithCapture
System.ComponentModel.PropertyTabAttribute::Equals
System.Diagnostics.CounterSampleCalculator::ComputeCounterValue
System.Diagnostics.EventLog::GetEventLogs
System.IO.KeventWatcher::ProcessEvent
System.Net.ChunkStream::InternalWrite
I haven't been able to determine yet which are real bugs and which
are not.
* With the nullderef checker, on its own source code (around 3000
lines), it gives 72 warnings. As is typical with dataflow based
null-pointer analyses, these are all false positives. The code is
annotated, with approximately 150 methods, fields, and parameters
having the [NonNull] annotation. The checks were done with respect
to a list of 25 methods in the standard library and in Cecil which
will never return null.
In the absence of both the annotations and the list of non-null
library methods, it gives hundreds of warnings (~500 or so). While
the remaining warnings are all false positives, careful examination
of them has helped eliminate real bugs in the BugFinder source code
itself.
So, my assesment is that, while there is a nearly infinite supply of
possible new checks, tuning of existing checks, and so on, I have
achieved what I agreed to for the Summer of Code.
However, I have no intention of stopping work on this project when
September 1st rolls around. I have enjoyed the work, and would love to
add new analyses, and improve the existing ones. After September 1st, I
may slow down a little, as my research is taking up a lot of time, but I
still plan to commit regular changes.
Specifically for next week, I'm planning to do the following:
* Run my checker on more of the Mono standard library, and try to
determine if I've found real bugs.
* Document my code more comprehensively.
* Do any more tuning I can think of to reduce the number of false
positives generated by the null pointer dereference analysis.
Aaron
written by other people. I fixed a number of small bugs, but didn't add
any major new functionality.
Here are some results of running my bug finder on various targets.
* With the double-check locking checker, it reports 5 warnings for the
System.dll file distributed with the 1.1.8.2 version of Mono
distributed in Debian unstable. Two of these seem to be real to me
(based on the current source code in SVN HEAD):
System.Net.GlobalProxySelection::GetProxy
System.Net.HttpWebRequest::GetServicePoint
one is a false alarm:
System.Net.WebConnectionStream::EndRead
and the others I haven't found the source code for:
System.ComponentModel.TypeDescriptor::get_DefaultConverters
System.Net.DigestSession::Authenticate
* With the bad recursive invocation checker, it reports 6 warnings on
the same System.dll. They are:
System.CodeDom.Compiler.Executor::ExecWaitWithCapture
System.ComponentModel.PropertyTabAttribute::Equals
System.Diagnostics.CounterSampleCalculator::ComputeCounterValue
System.Diagnostics.EventLog::GetEventLogs
System.IO.KeventWatcher::ProcessEvent
System.Net.ChunkStream::InternalWrite
I haven't been able to determine yet which are real bugs and which
are not.
* With the nullderef checker, on its own source code (around 3000
lines), it gives 72 warnings. As is typical with dataflow based
null-pointer analyses, these are all false positives. The code is
annotated, with approximately 150 methods, fields, and parameters
having the [NonNull] annotation. The checks were done with respect
to a list of 25 methods in the standard library and in Cecil which
will never return null.
In the absence of both the annotations and the list of non-null
library methods, it gives hundreds of warnings (~500 or so). While
the remaining warnings are all false positives, careful examination
of them has helped eliminate real bugs in the BugFinder source code
itself.
So, my assesment is that, while there is a nearly infinite supply of
possible new checks, tuning of existing checks, and so on, I have
achieved what I agreed to for the Summer of Code.
However, I have no intention of stopping work on this project when
September 1st rolls around. I have enjoyed the work, and would love to
add new analyses, and improve the existing ones. After September 1st, I
may slow down a little, as my research is taking up a lot of time, but I
still plan to commit regular changes.
Specifically for next week, I'm planning to do the following:
* Run my checker on more of the Mono standard library, and try to
determine if I've found real bugs.
* Document my code more comprehensively.
* Do any more tuning I can think of to reduce the number of false
positives generated by the null pointer dereference analysis.
Aaron
Florian Gross
Aug 26, 2005, 8:16:13 PM8/26/05
to mono...@googlegroups.com
Aaron Tomb wrote:
> Specifically for next week, I'm planning to do the following:
> * Run my checker on more of the Mono standard library, and try to
> determine if I've found real bugs.
Hm, can you run it on the JScript.NET stuff? I'd be very interested in
> Specifically for next week, I'm planning to do the following:
> * Run my checker on more of the Mono standard library, and try to
> determine if I've found real bugs.
the results. :)
miguel de icaza
Aug 28, 2005, 10:35:52 AM8/28/05
to mono...@googlegroups.com
Hey!
Ah! Lovely! Gonzalo has now fixed these two ;-)
Miguel
* With the double-check locking checker, it reports 5 warnings for the
System.dll file distributed with the 1.1.8.2 version of Mono
distributed in Debian unstable. Two of these seem to be real to me
(based on the current source code in SVN HEAD):
System.Net.GlobalProxySelection::GetProxy
System.Net.HttpWebRequest::GetServicePoint
Ah! Lovely! Gonzalo has now fixed these two ;-)
Miguel
Reply all
Reply to author
Forward
0 new messages