[Olsr-dev] static analysis of olsrd

David Cornejo (spam-protected)
Fri Oct 5 01:01:40 CEST 2007 

Think of this like super-lint (the sales person would kill me for this
description, but it's true).  It catches all the things that lint
would plus many others.  If you go to www.coverity.com you can find
all the docs (unfortunately they require registration, so I can't
redistribute them).

For example, in mpr.c:olsr_calculate_mpr(), the variable
two_hop_covered_count is uninitialized when we get to line 471 where
the return value of add_will_always_nodes() is added to it.  This is
probably fairly benign, but technically the value of the variable is
indeterminate when it gets to the += and hence a 'defect'.

Actually, if there is interest we could see about getting olsrd added
to a free service coverity offers to open source projects
(http://scan.coverity.com).

dave c

Index: src/mpr.c
===================================================================
RCS file: /cvsroot/olsrd/olsrd-current/src/mpr.c,v
retrieving revision 1.17
diff -u -r1.17 mpr.c
--- src/mpr.c   25 Apr 2007 22:08:09 -0000      1.17
+++ src/mpr.c   4 Oct 2007 22:49:56 -0000
@@ -468,7 +468,7 @@

   olsr_clear_mprs();
   two_hop_count = olsr_calculate_two_hop_neighbors();
-  two_hop_covered_count += add_will_always_nodes();
+  two_hop_covered_count = add_will_always_nodes();

   /*
    *Calculate MPRs based on WILLINGNESS


On 10/4/07, Aaron Kaplan <(spam-protected)> wrote:
> First of all: this is wonderful!
>
> But could you also explain the defects?
> Because this will give a much better insight into further defects
> which will be out there and which were not discovered.
>
> just my 2 cents...
>
> besides we said in OLSR-NG that all patches should go thru bernd as a
> quality control instance.
> And that really payed off so far :) (patting bernd on the shoulder ;-)
>
> best,
> aaron.
>
>
> On Oct 5, 2007, at 12:26 AM, David Cornejo wrote:
>
> > Hi,
> >
> > My employer is going to be using olsrd (on FreeBSD).  We develop
> > medical equipment and so need to run all the code used through a QA
> > suite which includes a static analysis tool (Coverity Prevent).  I
> > would like to modify the code to fix some/all of the defects found and
> > commit them to the tree.
> >
> > First, is there any objection to this?  If not, then would people
> > prefer a patch posted for review or should I just commit it (I think I
> > still have commit privs on sourceforge) and see what happens?
> >
> > Unfortunately I cannot provide others with access to the defects
> > viewer, though I can try and put together a summary if there's
> > interest.
> >
> > I pulled a snapshot from yesterday and came up with a total of 23
> > defects (in 29129 lines of code) - which is about 0.790 defects per
> > 1000 lines of code.  (for reference, a snapshot of the Linux kernel
> > had 0.127, FreeBSD had 0.386).
> >
> > thanks,
> > dave c
> > Hoana Medical, Inc.
> > Honolulu, HI USA
> >
> > --
> > Olsr-dev mailing list
> > (spam-protected)
> > http://lists.olsr.org/mailman/listinfo/olsr-dev
> >
>
> ---
> there's no place like 127.0.0.1
>
>
>
>

More information about the Olsr-dev mailing list