Thread: Android kernel: revealed 359 software defects
View Single Post
PMaff's Avatar
PMaff is offline PMaff
2010-11-04 , 21:17
Posts: 361 | Thanked: 219 times | Joined on Sep 2010
#13
Originally Posted by javispedro View Post
I do marginalize the effectiveness of a static analysis code tool for detecting such issues.
Code:
struct some_interface *c = get_from_global_variable();
some_callback_type f = default_callback();

if (c->do_something(c, &f)) {
   f();
}
I would ask why there is no
check for c and f at first.
;-)
Plain defensive programming.


Originally Posted by javispedro View Post
What's a static code analysis tool doing to do here? It may
a ) Either detect a "potential NULL dereference", thus indicating that the 5000000 potential bugs found count is pure crap.
It will find this:
http://scan.coverity.com/report/Cove...eport_2009.pdf
and there the stuff about
"In drivers/net/tun.c, the relevant code fragment is
static unsigned int tun_chr_poll(struct file *file, poll_table * wait)"


Originally Posted by javispedro View Post
Now, of course their tools ain't cheap. They're doing a great service to the community IMHO but also getting some free marketing for a tool a decade or two ago would be laughed at.

Note: not saying it is useless; it's as useless as getting a human to do it: they might get it wrong, but "the more eyes...".
You know that sometimes when you look at your code over and over again you simply miss certain points.
Especially after long nights, much coffee and pizza.