New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Formal verification of your test suite #641
Comments
More details about the issues and potential fixes (see https://ci.trust-in-soft.com/projects/jakub-zwolakowski/json-c):
NOTE: Again, all these problems are pretty innocuous and probably don't have any dangerous consequences at this time. However, if you would like to render your code fully standard-compliant (and be able to use TrustInSoft CI to automatically detect potential serious issues in the future) you might want to consider applying these modification suggestions. |
|
Oh, the other problem with #2 is that, even if we reuse some existing exported symbol (e.g. |
What concerns the issue 1: I understand your concern about the portability. Unfortunately the solution you propose ( Also: do you think that testing/deploying TrustInSoft CI on json-c to guarantee no Undefined Behavior might be beneficial for the project? What do you think about this sample of the results that the tool can provide? We’re currently testing TrustInSoft CI on public projects on GitHub so any feedback is greatly appreciated. |
http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1570.pdf
Ah, I see what you mean, that only applies to a struct, not a union. hmm... If we were to swap the order of the fields and make it an unnamed union, then paragraph 13 applies:
However, I feel like practically speaking making that change would cause more problems, since incomplete array types are less likely to be handled naturally than an array type with some actual size. In short, I think we should leave it as-is, with A similar consideration or practicality applies for whether I think using TrustinSoft would be beneficial. Though I might get a warm fuzzy feeling having some kind of check against UB, whether the code actually works and whether it is written in a way that doesn't compromise the readability just to gain a "pass" on that check is more important. Reports of newly introduced UB would be welcome, since that stands a good chance of indicating areas that might need careful analysis, but I won't be considering all such potential UB as something that must be changes/fixed. |
Hi, I'm Jakub from TrustInSoft, an advanced source code analyzer publisher for C and C++. I set up TrustInSoft CI on your tests: https://ci.trust-in-soft.com/projects/jakub-zwolakowski/json-c/3.
I have found few minor issues, all of them probably quite harmless. This tool relies on formal methods and it is able to detect the most subtle Undefined Behaviors, both significant and harmless, so these results are particularly impressive!
Index out of bound (in file 'json_object.c' line 1284)
Invalid pointer comparison (in file 'linkhash.c' line 634)
Incorrect printf format (in file 'json_util.c' line 76, caused by the call to the function '_json_c_set_last_err' in file 'json_object.c' line 1636)
Invalid argument in a call to 'calloc' (in file 'json_tokener.c' line 130).
Can you let me know if you find those findings interesting?
The text was updated successfully, but these errors were encountered: