# PVS-Studio says FreeBSD kernel has bugs



## johnblue (Feb 19, 2016)

http://www.viva64.com/en/b/0377/

Might be a high percentage of FUD, but an interesting read nonetheless.


> In this article we'll provide about 40 fragments, but the developers of this project may have a look at a full list, which contains around 1000 analyzer warnings of high severity.


----------



## kpa (Feb 19, 2016)

This again? Anyone who has used code analysis tools for real know that they throw a whole bunch of false positives that you have to go through and mark them as such. Code analysis tools can do only heuristic analysis and are very limited in tracking down problems that occur in deep recursion and other complex algorithmic constructs.


----------



## johnblue (Feb 19, 2016)

kpa said:


> This again?


Someone else has done the FreeBSD kernel besides Coverity?


----------



## wblock@ (Feb 19, 2016)

The PVS people offered to share their report with us, and it has been under developer-only review for a few days.  As kpa points out, static analysis can give a lot of false positives, and many have been identified.  But some actual bugs have also been found and fixed.  The review will be made public, probably today, so that everyone can have a look.

FreeBSD has used and continues to use some static analysis tools.  I know there was some agreement with Coverity, but don't know the details.


----------



## kpa (Feb 19, 2016)

Ok, I took the time to read the article and it seems to be genuine and well researched and not the typical "FreeBSD sucks" FUD you tend to come across.


----------



## johnblue (Feb 19, 2016)

wblock@ said:


> But some actual bugs have also been found and fixed.


Given the aggravation of dealing with false positives notwithstanding, getting bugs taken care of would put the cost-to-benefit ratio of doing this type of code scan as generally a good thing, eh?


----------



## johnblue (Feb 19, 2016)

kpa said:


> Ok, I took the time to read the article and it seems to be genuine and well researched and not the typical "FreeBSD sucks" FUD you tend to come across.


Your killing me kpa.  I actually thought to myself 'surely he read the article before posting'.


----------



## wblock@ (Feb 19, 2016)

I just opened up the bug review: https://reviews.freebsd.org/D5245.

The original report file provided by PVS is available for download: https://people.freebsd.org/~wblock/files/PVS-Studio-log-freebsd.zip.


----------

