NagyDonat wrote: I re-ran the open source evaluation, and here is the clean diff that I promised (italicized notes are just copied from the old table):
| Project | New Reports | Resolved Reports | Notes |---------|-------------|------------------|----------| | memcached | No reports | No reports | – | tmux | No reports | [23 resolved reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tmux_2.6_old_sizeofexpressions_with_new_messages&newcheck=tmux_2.6_new_sizeofexpressions_rerun&diff-type=Resolved) | _reports seem to be FPs, including several ones that [use `qsort` in a clear and straightforward way](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=tmux_2.6_old_sizeofexpressions&newcheck=tmux_2.6_new_sizeofexpressions&diff-type=Resolved&report-id=5493278&report-hash=e1dd82bffcf68169ff8fe7181ca44f16&report-filepath=%2Flocal%2Fpersistent_docker%2FCSA-measurements-driver-2894%2Fmeasurements_workspace%2Ftmux%2Fwindow-buffer.c)_ | curl | [3 new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=curl_curl-7_66_0_old_sizeofexpressions_with_new_messages&newcheck=curl_curl-7_66_0_new_sizeofexpressions_rerun&diff-type=New) | [1 resolved reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=curl_curl-7_66_0_old_sizeofexpressions_with_new_messages&newcheck=curl_curl-7_66_0_new_sizeofexpressions_rerun&diff-type=Resolved) | _new reports are TPs (all reporting incorrect use of the same data structure), resolved one is FP_ | twin | No reports | No reports | – | vim | [1 new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=vim_v8.2.1920_old_sizeofexpressions_with_new_messages&newcheck=vim_v8.2.1920_new_sizeofexpressions_rerun&diff-type=New) | No reports | _true positive_ | openssl | [23 new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=openssl_openssl-3.0.0-alpha7_old_sizeofexpressions_with_new_messages_openssl_ffmpeg&newcheck=openssl_openssl-3.0.0-alpha7_new_sizeofexpressions_rerun_openssl_ffmpeg&diff-type=New) | [22 resolved reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=openssl_openssl-3.0.0-alpha7_old_sizeofexpressions_with_new_messages_openssl_ffmpeg&newcheck=openssl_openssl-3.0.0-alpha7_new_sizeofexpressions_rerun_openssl_ffmpeg&diff-type=Resolved) | resolved reports are FPs, new reports are mostly TPs or "works, but ugly and dodgy" code with a few FPs that look like `generic_function(&arg, sizeof(arg))` or `get_memory(length*sizeof(array[0]))` | sqlite | [11 new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=sqlite_version-3.33.0_old_sizeofexpressions_with_new_messages&newcheck=sqlite_version-3.33.0_new_sizeofexpressions_rerun&diff-type=New) | No reports | _among the new results there are many FPs ([(1)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=sqlite_version-3.33.0_old_sizeofexpressions&newcheck=sqlite_version-3.33.0_new_sizeofexpressions&diff-type=New&report-id=5493379&report-hash=f411835e93b1711c2889d4bef2889db9&report-filepath=%2Flocal%2Fpersistent_docker%2FCSA-measurements-driver-2894%2Fmeasurements_workspace%2Fsqlite%2Fshell.c), [(2)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=sqlite_version-3.33.0_old_sizeofexpressions&newcheck=sqlite_version-3.33.0_new_sizeofexpressions&diff-type=New&report-id=5493385&report-hash=d9e3d0a984913130c821b7c18c2cc8d2&report-filepath=%2Flocal%2Fpersistent_docker%2FCSA-measurements-driver-2894%2Fmeasurements_workspace%2Fsqlite%2Fsqlite3.c)) that do things like `char **mem; realloc(mem, numElements*sizeof(mem[0]))`_ | ffmpeg | [22 new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=ffmpeg_n4.3.1_old_sizeofexpressions_with_new_messages_openssl_ffmpeg&newcheck=ffmpeg_n4.3.1_new_sizeofexpressions_rerun_openssl_ffmpeg&diff-type=New) | [109 resolved reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=ffmpeg_n4.3.1_old_sizeofexpressions_with_new_messages_openssl_ffmpeg&newcheck=ffmpeg_n4.3.1_new_sizeofexpressions_rerun_openssl_ffmpeg&diff-type=Resolved) | postgres | No reports | [5 resolved reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=postgres_REL_13_0_old_sizeofexpressions_with_new_messages&newcheck=postgres_REL_13_0_new_sizeofexpressions_rerun&diff-type=Resolved) | _resolved reports are FPs_ | tinyxml2 | No reports | No reports | – | libwebm | No reports | No reports | – | xerces | [1 new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=xerces_v3.2.3_old_sizeofexpressions_with_new_messages&newcheck=xerces_v3.2.3_new_sizeofexpressions_rerun&diff-type=New) | No reports | true positive, seems to be an ugly bug | bitcoin | [1 new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=bitcoin_v0.20.1_old_sizeofexpressions_with_new_messages&newcheck=bitcoin_v0.20.1_new_sizeofexpressions_rerun&diff-type=New) | No reports | false positive `hasher.Write((const unsigned char*)&ptr, sizeof(ptr));` | protobuf | [5 new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=protobuf_v3.13.0_old_sizeofexpressions_with_new_messages&newcheck=protobuf_v3.13.0_new_sizeofexpressions_rerun&diff-type=New) | [1 resolved reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=protobuf_v3.13.0_old_sizeofexpressions_with_new_messages&newcheck=protobuf_v3.13.0_new_sizeofexpressions_rerun&diff-type=Resolved) | resolved report is FP, new reports are mostly `sizeof(array[0])` FPs + one confusing trickery | qtbase | [10 new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=qtbase_v6.2.0_old_sizeofexpressions_with_new_messages&newcheck=qtbase_v6.2.0_new_sizeofexpressions_rerun&diff-type=New) | No reports | most of them are FPs, including a few `sizeof(array[0])` issues | contour | No reports | No reports | – | openrct2 | [1 new reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=openrct2_v0.4.8_old_sizeofexpressions_with_new_messages&newcheck=openrct2_v0.4.8_new_sizeofexpressions_rerun&diff-type=New) | No reports | arguably a false positive, but the highlighted code is suspicious | llvm-project | No reports | [1 resolved reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=llvm-project_llvmorg-12.0.0_old_sizeofexpressions_with_new_messages&newcheck=llvm-project_llvmorg-12.0.0_new_sizeofexpressions_rerun&diff-type=Resolved) | false positive https://github.com/llvm/llvm-project/pull/94356 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
