[cfe-dev] False positives when analyzing 'sdlmame'

Luis Felipe Strano Moraes luis.strano at gmail.com
Fri Jun 12 13:12:52 PDT 2009

>From a quick glance at the forum and at the output in question, the first
false positive could indeed be a bug, since the same loop condition is
considered false at first and true later on, with no code in-between that
could possibly change it (don't know if the static analyzer takes into
account that the struct might have been changed from another thread
or something like that).
The second one pointed out is not exactly a false positive, since if it
weren't for the fact that the structure in question is initialized always
with at least 32 entries, then that null dereference could very much
happen. The thing is, clang is not yet, AFAIK, doing interprocedural
analysis, so it has no way of possibly knowing that.

I'm not familiar with the SDL codebase, but the report generated is
quite extensive, I'd suggest that you and/or the other developers do
not simply forget about clang because of these two issues. Not everything
pointed out there might be an issue, but if you find at least one possible
problem then it will already have been worth it IMHO.

There's been an extensive cleanup on the codebase for the Enlightenment
project using the output of clang's static analyzer, and I've already sent
patches for a few other projects as well (like mplayer). I'd suggest you try
to find a server somewhere where you could put this output so others can
more easily take a look at it.

Best regards,

On Fri, Jun 12, 2009 at 4:30 PM, Ted Kremenek<kremenek at apple.com> wrote:
> Hi John,
> Thanks so much for the feedback!  Please do file a bug report in
> Bugzilla, even with just the information you have.  False positives
> reported to this mailing list will just get lost.
> When you file the bug report, please include the information about how
> to reproduce the false positive, and what file and line where the
> false positive occurs.  It is also good to know *why* you think it is
> a false positive, as sometimes it isn't always obvious.  Basically I
> need to know where to get the code, what was the build line you passed
> to scan-build, etc.
> Thanks so much!
> Ted
> On Jun 12, 2009, at 10:58 AM, John Smith wrote:
>> Hi,
>> I am not a developer myself (just a lowly system administrator), but I
>> was intrigued by the idea of an open source static source analyzer
>> Just the Same. So I decided to run scan-build on my favorite emulator,
>> 'sdlmame', and posted the results of the scan/build to the sldmame
>> forum. there it was looked at by qat least one developer, and he
>> noticed at least two false positives.
>> Now since im not a developer myself, I can only point to the forum
>> posts, the analyzer results, and the source code, hoping that someone
>> on this list is interested enough to investigate further. The main
>> reason I did not post a bug in the bugtravker instead of sending this
>> message to the mailing list is because I cannot create a (small)
>> testcase myself :(
>> Anyway, here's the info :
>> The source code on which the analysis was run:
>> http://www.mediafire.com/?2ndj2wjkgjf
>> The full results of the scan-build analysis:
>> http://www.mediafire.com/?ryyvj3lazma
>> The post on the forum discussing the two false positives:
>> http://www.bannister.org/forums/ubbthreads.php?ubb=showflat&Number=50763#Post50763
>> Please feel free to ignore this message if it is not at all helpfull,
>> or if I violated the mailing list rules, and if that is the case, then
>> I sincerely apologize,
>> Regards,
>> John Smith
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

"Sometimes you gotta look reality in the face and say no!" -- Benjamin Gonzalez

More information about the cfe-dev mailing list