This is to make it easier to track ongoing analyses involving *hydras and Pork.
What kind of analyses are expected ?
This is a tracking bug. "Depends on" lists the analyses under way.
i am not familiar with hydra yet.
here are some random thoughts.
code analysis tools can't be made perfect, so the primary goal should
be to be effective imho.
refactoring kinda scares me - debugging a program generated by a
program generated by program is hard if possible at all.
besides a systematic scientific approach, i suggest additional
heuristic/chaotic approach - checking for blacklisted constructs that
may be dangerous - basically gcc's -Wall on steroids.
off the top of my head some checks that may help:
1. assignment in |if| - e.g. |if (a = 1)|. in some cases this
is valid, yet it may be a bug
2. misuse of preprocessing macros - macros changing stuff in unexpected
ways, e.g. in pseudocode
#define max(a,b) ((a)>(b) ? (a) : (b))
this example is kinda fabricated, though i reported a real bug because
of similar misuse
very useful but probably hard to implement feature will be value
on line X in file Y what are the possible values of int variable Z ?
basically Z may be anything, it may be just a singe number, it may be
in a given range or in a finite set of ranges.
Created attachment 364503 [details]
cppcheck static analysis 2009-02-27, 290 lines
cppcheck seems interesting static analysis tool:
bugs found by it:
seems nice their goal is to keep false positives very low (sure there are FP)
> 1. assignment in |if| - e.g. |if (a = 1)|
i patched cppcheck to search for this. the way cppcheck works i am not sure i caught all cases. caught 2 occurrences of this and they look legitimate to me.
i am investigating using hydra for security stuff.
while (isspace(*end)) end--;
this will crash in layout:
<UNMAPPED> <SPACES> end
is it worth a bug?
can hydra check for constructs like:
while( SINGLECONDITION( *ptr ) ) ptr--;
while( SINGLECONDITION( *ptr ) ) --ptr;
i think both of the above are in most cases real crashes.