[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Calysto v1.5 reports on openldap_v2.4.4alpha


On 8/20/07, Howard Chu <hyc@symas.com> wrote:
> Feel free to check against CVS HEAD, which will shortly be synced up to become
> the 2.4.5 release.

Precise static checking is quite expensive computationally, and I keep quite
a few machines busy 24/7. If you are interested in having openldap checked
regularly, please see:

I'll need more precise feedback than you provided me right now. For instance,
there is one report about which I'm not 100% certain, and no one has even
looked at reports carefully enough to figure that out.

Also, keep in mind that Calysto is constantly being developed, so although
I'm checking only NULL-ptrs now, by the end of the year Calysto will enter
the second phase - checking of user provided assertions. Later, I'll
introduce checking of implicitly implied properties of C lib (like proper
nesting of lock-unlock calls, and so on...)

> But, expanding on Kurt's comments - most of the items you reported are in
> one-shot client or test code. The probability of an alloc routine returning
> NULL here is near zero, and since it is in code that is either (a) only used
> for one-shot tests or (b) only invoked for a single request and then exited, we
> really don't care. For any cases that you find that are in library code that
> can be executed multiple times in an app or server, we probably need to pay
> attention.

Even though the probability is near zero, it still will happen, considering
the large user base you have.


        Domagoj Babic