[Date Prev][Date Next]
Re: Calysto v1.5 reports on openldap_v2.4.4alpha
On 8/20/07, Howard Chu <firstname.lastname@example.org> wrote:
> Feel free to check against CVS HEAD, which will shortly be synced up to become
> the 2.4.5 release.
Precise static checking is quite expensive computationally, and I keep quite
a few machines busy 24/7. If you are interested in having openldap checked
regularly, please see:
I'll need more precise feedback than you provided me right now. For instance,
there is one report about which I'm not 100% certain, and no one has even
looked at reports carefully enough to figure that out.
Also, keep in mind that Calysto is constantly being developed, so although
I'm checking only NULL-ptrs now, by the end of the year Calysto will enter
the second phase - checking of user provided assertions. Later, I'll
introduce checking of implicitly implied properties of C lib (like proper
nesting of lock-unlock calls, and so on...)
> But, expanding on Kurt's comments - most of the items you reported are in
> one-shot client or test code. The probability of an alloc routine returning
> NULL here is near zero, and since it is in code that is either (a) only used
> for one-shot tests or (b) only invoked for a single request and then exited, we
> really don't care. For any cases that you find that are in library code that
> can be executed multiple times in an app or server, we probably need to pay
Even though the probability is near zero, it still will happen, considering
the large user base you have.