Howard,
On 8/20/07, Howard Chu hyc@symas.com wrote:
Feel free to check against CVS HEAD, which will shortly be synced up to become the 2.4.5 release.
Precise static checking is quite expensive computationally, and I keep quite a few machines busy 24/7. If you are interested in having openldap checked regularly, please see: http://www.cs.ubc.ca/~babic/index_calysto_community.htm
I'll need more precise feedback than you provided me right now. For instance, there is one report about which I'm not 100% certain, and no one has even looked at reports carefully enough to figure that out.
Also, keep in mind that Calysto is constantly being developed, so although I'm checking only NULL-ptrs now, by the end of the year Calysto will enter the second phase - checking of user provided assertions. Later, I'll introduce checking of implicitly implied properties of C lib (like proper nesting of lock-unlock calls, and so on...)
But, expanding on Kurt's comments - most of the items you reported are in one-shot client or test code. The probability of an alloc routine returning NULL here is near zero, and since it is in code that is either (a) only used for one-shot tests or (b) only invoked for a single request and then exited, we really don't care. For any cases that you find that are in library code that can be executed multiple times in an app or server, we probably need to pay attention.
Even though the probability is near zero, it still will happen, considering the large user base you have.
Cheers,