Curl XTU Analysis

Baseline:

Curl without xtu - clang 4.0

http://cc.inf.elte.hu:8080/#run=175

Curl with XTU - clang 4.0

http://cc.inf.elte.hu:8080/#run=176

Summary

Analyzed project	All Non-CTU Findings (baseline)	All CTU Findings	New CTU findings	Disappeared findings	Successfully analyzed	Failed to analyze	Analysis Time (baseline)[s]	Analysis Time XTU (1st Phase + 2nd Phase)[s]	Median of bug path length (BPL) in baseline	Median of BPL CTU	Median of BPL of new findings	Median of BPL of disappeared findings
Curl	10	29	19	0	280 files	13 files	44	9.24+90.87	1	12	19	N/A

NEW FINDINGS
------------------- Bugs grouped by checker ------------------
------------------------------------------
Checker ID                         | Count
------------------------------------------
core.NullDereference               | 16   
core.UndefinedBinaryOperatorResult | 1    
core.uninitialized.Assign          | 1    
core.uninitialized.Branch          | 1    
------------------------------------------


------------------- Metrics ------------------
Total # of bugs:             19
MIN BugPath length:          2
MAX BugPath length:          41
Mean length:                 19.0

 %:      25% percentile: 12.0
 %:      50% percentile: 19.0
 %:      75% percentile: 24.0
 %:      90% percentile: 35.0

Some True Positives

http://cc.inf.elte.hu:8080/#baseline=175&newcheck=176&report=17062

Number of new false positives: 3 different

http://cc.inf.elte.hu:8080/#baseline=175&newcheck=176&report=17059

False positive since (list->length != 0) condition excludes that the head is null (listed 7 times since called from different TUs ,CTU uniqueing would solve it)

http://cc.inf.elte.hu:8080/#baseline=175&newcheck=176&report=17076

False positive since Curl_ntlm_core_mk_nt_hash(conn->data, conn->passwd, nt_hash) set the nt_hash pointer

http://cc.inf.elte.hu:8080/#baseline=175&newcheck=176&report=17071