I don't know how many of these are false positives, but I ran clang's
static analyzer and it found a few potential issues. e.g.:
client.c:1577:3: warning: Use of memory after it is freed
fio_client_dec_jobs_eta(eta, ops->eta);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
client.c:1579:2: warning: Use of memory after it is freed
dprint(FD_NET, "client: requested eta tag %p\n", eta);
I've attached a copy of the build log, which includes the other warnings.
--
Bruce
Script started on Tue 04 Aug 2015 09:35:56 AM MDT
bcran@cube:~/fio> scan-build make
scan-build: Using '/home/bcran/bin/clang-3.7' for static analysis
Makefile:20: config-host.mak: No such file or directory
FIO_VERSION = fio-2.2.9-26-g669e
Running configure for you...
Operating system Linux
CPU x86_64
Big endian no
Compiler /home/bcran/bin/ccc-analyzer
Cross compile no
Static build no
Wordsize 64
zlib yes
Linux AIO support yes
POSIX AIO support yes
POSIX AIO support needs -lrt yes
POSIX AIO fsync yes
Solaris AIO support no
__sync_fetch_and_add yes
libverbs no
rdmacm no
Linux fallocate yes
POSIX fadvise yes
POSIX fallocate yes
sched_setaffinity(3 arg) yes
sched_setaffinity(2 arg) no
clock_gettime yes
CLOCK_MONOTONIC yes
CLOCK_MONOTONIC_RAW yes
CLOCK_MONOTONIC_PRECISE no
gettimeofday yes
fdatasync yes
sync_file_range yes
EXT4 move extent yes
Linux splice(2) yes
GUASI no
Fusion-io atomic engine no
libnuma no
strsep yes
strcasestr yes
getopt_long_only() yes
inet_aton yes
socklen_t yes
__thread yes
RUSAGE_THREAD yes
SCHED_IDLE yes
TCP_NODELAY yes
Net engine window_size yes
TCP_MAXSEG yes
RLIMIT_MEMLOCK yes
pwritev/preadv yes
IPv6 helpers yes
Rados Block Device engine no
setvbuf yes
Gluster API engine no
s390_z196_facilities no
HDFS engine no
MTD yes
lex/yacc for arithmetic no
getmntent yes
getmntinfo no
Static Assert no
CC gettime.o
CC ioengines.o
CC init.o
CC stat.o
stat.c:240:6: warning: Branch condition evaluates to a garbage value
if (ovals)
^~~~~
stat.c:572:2: warning: Value stored to 'nr_uninit' is never read
nr_uninit = 0;
^ ~
stat.c:639:3: warning: Function call argument is an uninitialized value
log_info(" %s=%u%c",
^~~~~~~~~~~~~~~~~~~~
stat.c:1790:14: warning: Call to 'realloc' has an allocation size of 0 bytes
new_log = realloc(iolog->log, new_size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4 warnings generated.
CC log.o
CC time.o
CC filesetup.o
filesetup.c:436:3: warning: Value stored to 'ret' is never read
ret = 0;
^ ~
1 warning generated.
CC eta.o
eta.c:148:2: warning: Value stored to 'str' is never read
str += sprintf(str, "%02us", s);
^ ~~~~~~~~~~~~~~~~~~~~~~~~
eta.c:571:2: warning: Value stored to 'p' is never read
p += sprintf(p, "\r");
^ ~~~~~~~~~~~~~~~~
2 warnings generated.
CC verify.o
CC memory.o
CC io_u.o
CC parse.o
parse.c:1085:3: warning: Value stored to 'org' is never read
org = o;
^ ~
1 warning generated.
CC mutex.o
CC options.o
In file included from options.c:16:
./lib/fls.h:35:3: warning: Value stored to 'x' is never read
x <<= 1;
^ ~
options.c:215:4: warning: Value stored to 'ret' is never read
ret = bssplit_ddir(&td->o, DDIR_TRIM, op);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
options.c:257:10: warning: Result of 'malloc' is converted to a pointer of type 'int', which is incompatible with sizeof operand type 'struct bssplit'
error = malloc(4 * sizeof(struct bssplit));
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~
3 warnings generated.
CC lib/rbtree.o
CC smalloc.o
CC filehash.o
CC profile.o
CC debug.o
CC lib/rand.o
CC lib/num2str.o
CC lib/ieee754.o
CC engines/cpu.o
CC engines/mmap.o
CC engines/sync.o
CC engines/null.o
CC engines/net.o
engines/net.c:309:18: warning: The left operand of '&' is a garbage value
if (pfd.revents & events)
~~~~~~~~~~~ ^
1 warning generated.
CC memalign.o
CC server.o
server.c:125:13: warning: The right operand of '>=' is a garbage value
if (ret >= iov->iov_len) {
^ ~~~~~~~~~~~~
server.c:888:3: warning: Value stored to 'ret' is never read
ret = 0;
^ ~
2 warnings generated.
CC client.o
client.c:1577:3: warning: Use of memory after it is freed
fio_client_dec_jobs_eta(eta, ops->eta);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
client.c:1579:2: warning: Use of memory after it is freed
dprint(FD_NET, "client: requested eta tag %p\n", eta);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./debug.h:46:3: note: expanded from macro 'dprint'
__dprint((type), (str), ##args); \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
client.c:1580:1: warning: Potential leak of memory pointed to by 'eta'
}
^
3 warnings generated.
CC iolog.o
In file included from iolog.c:16:
./lib/../flist.h:98:14: warning: Use of memory after it is freed
__flist_del(entry->prev, entry->next);
^~~~~~~~~~~
iolog.c:393:5: warning: Value stored to 'fileno' is never read
fileno = add_file(td, fname, 0, 1);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
iolog.c:704:2: warning: Function call argument is an uninitialized value
free(ic->buf);
^~~~~~~~~~~~~
iolog.c:852:2: warning: Potential leak of memory pointed to by 'iter.buf'
return iter.err;
^~~~~~~~~~~~~~~
4 warnings generated.
CC backend.o
backend.c:280:3: warning: Value stored to 'r' is never read
r = io_u_queued_complete(td, td->cur_depth);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
backend.c:479:21: warning: Value stored to 'f' during its initialization is never read
struct fio_file *f = io_u->file;
^ ~~~~~~~~~~
2 warnings generated.
CC libfio.o
CC flow.o
CC cconv.o
CC lib/prio_tree.o
CC json.o
CC lib/zipf.o
CC lib/axmap.o
CC lib/lfsr.o
CC gettime-thread.o
CC helpers.o
CC lib/flist_sort.o
CC lib/hweight.o
CC lib/getrusage.o
CC idletime.o
CC td_error.o
CC profiles/tiobench.o
CC profiles/act.o
CC io_u_queue.o
CC filelock.o
CC lib/tp.o
CC lib/bloom.o
CC lib/gauss.o
CC lib/mountcheck.o
CC workqueue.o
workqueue.c:72:6: warning: Access to field 'index' results in a dereference of a null pointer (loaded from variable 'sw')
if (sw->index == wq->next_free_worker) {
^~~~~~~~~
1 warning generated.
CC crc/crc16.o
CC crc/sha512.o
crc/sha512.c:146:2: warning: Value stored to 'a' is never read
a = b = c = d = e = f = g = h = t1 = t2 = 0;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
CC crc/crc7.o
CC crc/sha1.o
CC crc/crc32c.o
CC crc/test.o
CC crc/crc32.o
CC crc/murmur3.o
CC crc/crc32c-intel.o
CC crc/xxhash.o
CC crc/sha256.o
crc/sha256.c:226:2: warning: Value stored to 'a' is never read
a = b = c = d = e = f = g = h = t1 = t2 = 0;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
CC crc/fnv.o
CC crc/md5.o
CC crc/crc64.o
CC engines/libaio.o
CC engines/posixaio.o
CC engines/falloc.o
CC engines/e4defrag.o
CC engines/splice.o
CC engines/mtd.o
CC lib/libmtd.o
lib/libmtd.c:1005:2: warning: Value stored to 'err' is never read
err = 0;
^ ~
lib/libmtd.c:1120:9: warning: Potential leak of memory pointed to by 'tmp_buf'
return 0;
^
2 warnings generated.
CC lib/libmtd_legacy.o
CC diskutil.o
CC fifo.o
CC blktrace.o
CC cgroup.o
CC trim.o
CC engines/sg.o
engines/sg.c:396:3: warning: Value stored to 'ret' is never read
ret = generic_close_file(td, f);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
CC engines/binject.o
engines/binject.c:370:3: warning: Value stored to 'ret' is never read
ret = generic_close_file(td, f);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
CC lib/linux-dev-lookup.o
CC fio.o
LINK fio
CC t/log.o
CC t/genzipf.o
LINK t/fio-genzipf
CC t/btrace2fio.o
LINK t/fio-btrace2fio
CC t/dedupe.o
In file included from t/dedupe.c:17:
t/../lib/rbtree.h:125:45: warning: The left operand of '&' is a garbage value
rb->rb_parent_color = (rb->rb_parent_color & 3) | (uintptr_t)p;
~~~~~~~~~~~~~~~~~~~ ^
t/dedupe.c:350:11: warning: Assigned value is garbage or undefined
nitems += threads[i].items;
^ ~~~~~~~~~~~~~~~~
t/dedupe.c:407:3: warning: Function call argument is an uninitialized value
pthread_join(threads[i].thread, &ret);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3 warnings generated.
CC t/debug.o
LINK t/fio-dedupe
CC t/stest.o
LINK t/stest
CC t/ieee754.o
LINK t/ieee754
CC t/axmap.o
LINK t/axmap
CC t/lfsr-test.o
LINK t/lfsr-test
scan-build: 32 bugs found.
scan-build: Run 'scan-view /tmp/scan-build-2015-08-04-093604-9307-1' to examine bug reports.
scan-build: The analyzer encountered problems on some source files.
scan-build: Preprocessed versions of these sources were deposited in '/tmp/scan-build-2015-08-04-093604-9307-1/failures'.
scan-build: Please consider submitting a bug report using these files:
scan-build: http://clang-analyzer.llvm.org/filing_bugs.html
bcran@cube:~/fio> exit
Script done on Tue 04 Aug 2015 09:39:43 AM MDT
