COVERITY checker description
Updated on Mon, 2016-05-30 12:47. Originally created by bouchet on 2016-05-30 12:47.
from here (a bit old but still relevant)
NULL_RETURNS: A function that can return NULL must be checked before it is used. This checker identifies for such dereferences of NULL return values.
FORWARD_NULL: A program will normally crash when a NULL pointer is dereferenced. One situation this can happen is when the pointer has been checked against NULL and is dereferenced later. This check identifies such situation by checking all possible paths where such NULL dereferences can occur.
REVERSE_NULL: A program will normally crash when a NULL pointer is dereferenced. Another situation this can happen is when the pointer is dereferenced before it has been checked against NULL. If the dereference is NULL, the check programmer should be warned to place the check against NULL before dereference. This check identifies such situation by checking all possible paths where such NULL dereferences can occur.
UNUSED_VALUE: When a variable is assigned a pointer value returned from a function call and is never used anywhere else in the source code, it can not only cause inefficient use of resources but can also result in undetermined behavior. This checker identifies all variables that are never used anywhere else in the program after a value is assigned to them.
REVERSE_NEGATIVE: Sometimes a negative value is not advisable to use. One way to avoid such use is to check for negative value after a possible dangerous use. In this situation there could be a problem when the value should not be negative before use. This checker identifies such conditions by checking all possible paths where such usage of negative value can occur.
RETURN_LOCAL: If a function returns a pointer to a local stack variable, there could is a possibility of memory corruption and un-deterministic behavior. This checker identifies such returns and marks them as defects.
SIZECHECK: Incorrect amount of memory allocation can lead to undetermined behavior and program crashes. This checker identifies such memory allocations that are assigned to a pointer to a type that are bigger than amount of memory allocated to them.
CHECKED_RETURN: If might be necessary for the developer in many cases to check for the value returned by a function call. This checker uses static analysis to determine whether all the error conditions are handled when the function call is made.
STACK_USE: Some applications have limitations on the overall stack allocation, e.g. device drivers. This checker can be used to determine whether there is a violation of overall stack use. This is a special checker that is required to be enabled. The analysis does not use this checker by default.
RESOURCE_LEAK: Resource leaks can have all kinds of bad effects on the program. A memory leak can lead to program crashes. A leak of file descriptors, and socket can cause crashes and also have other harmful effects on the program. This checker identifies all these kinds of leaks in the source code and marks them as errors. Apart from usual memory leak checks, it checks for interesting situations like aliasing as well.
USE_AFTER_FREE: It is not advisable to use a memory after it has been freed, as it might lead to non-deterministic results when it is used. This checker identifies such conditions where a memory location is dereferenced after it has been freed. This also includes checks for double freeing of a pointer.
DEADCODE: If a certain part of source code can never be reached during the execution of program, it’s called dead code. Usually harmless, it can cause problems when the dead code contains some code that is important for the proper functioning of the program. This checker identifies such pieces of code in the program using static analysis.
UNINIT: The use of un-initialized variables can often result in nondeterministic behavior. Under some situations, it can also cause security vulnerabilities. This checker identifies such variables and points their usage.
DELETE_ARRAY: This checker simply checks if there is a use of “delete” instead of “delete [ ]” to free an array.
INVALIDATE_ITERATOR: A C++ specific checker that identifies a wrong usage of iterators in Standard Template Libraries (STL), as it might not work across operating environments and can cause crashes.
PASS_BY_VALUE: This checker warns if the value being passed in a function is larger than 64 bytes, as it might result in poor performance under certain situations.
OVERRUN_STATIC: This checker identifies invalid accesses to a static array, as it can cause buffer overruns that can ultimately lead to security vulnerabilities and program crashes.
OVERRUN_DYNAMIC: This checker, unlike the static overrun, identifies invalid accesses to a dynamic array, as it can cause buffer overruns that can ultimately lead to major security vulnerabilities and program crashes.
NEGATIVE_RETURNS: If a value that is returned from a function can be negative and is used inappropriately, it can cause multiple errors such as memory corruption, crashes, infinite loops and so on. This checker identifies such situations and marks such usage of a negative value as an error.
NULL_RETURNS: A function that can return NULL must be checked before it is used. This checker identifies for such dereferences of NULL return values.
FORWARD_NULL: A program will normally crash when a NULL pointer is dereferenced. One situation this can happen is when the pointer has been checked against NULL and is dereferenced later. This check identifies such situation by checking all possible paths where such NULL dereferences can occur.
REVERSE_NULL: A program will normally crash when a NULL pointer is dereferenced. Another situation this can happen is when the pointer is dereferenced before it has been checked against NULL. If the dereference is NULL, the check programmer should be warned to place the check against NULL before dereference. This check identifies such situation by checking all possible paths where such NULL dereferences can occur.
UNUSED_VALUE: When a variable is assigned a pointer value returned from a function call and is never used anywhere else in the source code, it can not only cause inefficient use of resources but can also result in undetermined behavior. This checker identifies all variables that are never used anywhere else in the program after a value is assigned to them.
REVERSE_NEGATIVE: Sometimes a negative value is not advisable to use. One way to avoid such use is to check for negative value after a possible dangerous use. In this situation there could be a problem when the value should not be negative before use. This checker identifies such conditions by checking all possible paths where such usage of negative value can occur.
RETURN_LOCAL: If a function returns a pointer to a local stack variable, there could is a possibility of memory corruption and un-deterministic behavior. This checker identifies such returns and marks them as defects.
SIZECHECK: Incorrect amount of memory allocation can lead to undetermined behavior and program crashes. This checker identifies such memory allocations that are assigned to a pointer to a type that are bigger than amount of memory allocated to them.
CHECKED_RETURN: If might be necessary for the developer in many cases to check for the value returned by a function call. This checker uses static analysis to determine whether all the error conditions are handled when the function call is made.
STACK_USE: Some applications have limitations on the overall stack allocation, e.g. device drivers. This checker can be used to determine whether there is a violation of overall stack use. This is a special checker that is required to be enabled. The analysis does not use this checker by default.
RESOURCE_LEAK: Resource leaks can have all kinds of bad effects on the program. A memory leak can lead to program crashes. A leak of file descriptors, and socket can cause crashes and also have other harmful effects on the program. This checker identifies all these kinds of leaks in the source code and marks them as errors. Apart from usual memory leak checks, it checks for interesting situations like aliasing as well.
USE_AFTER_FREE: It is not advisable to use a memory after it has been freed, as it might lead to non-deterministic results when it is used. This checker identifies such conditions where a memory location is dereferenced after it has been freed. This also includes checks for double freeing of a pointer.
DEADCODE: If a certain part of source code can never be reached during the execution of program, it’s called dead code. Usually harmless, it can cause problems when the dead code contains some code that is important for the proper functioning of the program. This checker identifies such pieces of code in the program using static analysis.
UNINIT: The use of un-initialized variables can often result in nondeterministic behavior. Under some situations, it can also cause security vulnerabilities. This checker identifies such variables and points their usage.
DELETE_ARRAY: This checker simply checks if there is a use of “delete” instead of “delete [ ]” to free an array.
INVALIDATE_ITERATOR: A C++ specific checker that identifies a wrong usage of iterators in Standard Template Libraries (STL), as it might not work across operating environments and can cause crashes.
PASS_BY_VALUE: This checker warns if the value being passed in a function is larger than 64 bytes, as it might result in poor performance under certain situations.
OVERRUN_STATIC: This checker identifies invalid accesses to a static array, as it can cause buffer overruns that can ultimately lead to security vulnerabilities and program crashes.
OVERRUN_DYNAMIC: This checker, unlike the static overrun, identifies invalid accesses to a dynamic array, as it can cause buffer overruns that can ultimately lead to major security vulnerabilities and program crashes.
NEGATIVE_RETURNS: If a value that is returned from a function can be negative and is used inappropriately, it can cause multiple errors such as memory corruption, crashes, infinite loops and so on. This checker identifies such situations and marks such usage of a negative value as an error.
»
- bouchet's blog
- Login or register to post comments