Coverity

The FreeBSD Project uses the Synopsys Coverity Scan service for static analysis of FreeBSD source code to identity security vulnerabilities and other code quality issues.

Getting Access


Using Coverity Scan

If in doubt, do not classify any issues in the dashboard

Improving Result Quality

Static code analysis has some limitations in its ability to understand certain dynamic operations. This limitation may result in falsely detecting defects. Since most false-positive defects are caused by few functions in your code base, Coverity allows you to tell the analysis engine to treat these functions differently. This is called a Modeling File. By providing a modeling file, most projects reduce their false-positive rate to the ballpark of 10%.

Modeling

Modeling File Examples

TODO

TAILQ Macro model

It seems that the TAILQ macros confuse Coverity. For example TAILQ_FIRST() seems to trigger a use after free error in <list>.tqh_first when entries are removed in a loop (loop by hand or with FOREACH). In particular, it does not recognize that TAILQ_REMOVE puts a new pointer in place and the pointer which previously aliases the tqh_first is not aliasing anymore, but is the only valid pointer.

Such cases should be marked as XXX (at the moment marked as IGNORE until we determine if it should be marked as a FALSE or if this should stay as IGNORE until a custom model is developed for this).

TODO: Model for TAILQ macros added to Modelling File

UMA Model

References

Contact

Coverity Administrators:


CategoryServices CategorySecurity

CoverityPrevent (last edited 2020-10-31T01:53:35+0000 by SashaVigole)