Some C static analysis benchmarks


#1

I have found this through a recent article linked on Reddit, static analysis benchmarks from Toyota ITC:

It’s a collection of several tiny C programs that contain bugs that are all supposed to be found at compile time, plus there’s another directory that contains very similar C files that don’t contain bugs. So you can use those program to measure how many false positives and false negatives has your C static analysis tool (or your compiler).

Some of those little C programs probably can’t even be translated to idiomatic Rust, but I guess most of them have some kind of translation. So their translation could be useful to asses how well the rustc compiler does on them at spotting bugs at compile-time.

An example of false positive bug in the D compiler I have found:

void main() {
    const i = 10;
    uint[5] arr;
    if (i < arr.length) {
        arr[i] += 1;
    }
}

test.d(5,9): Error: array index 10 is out of bounds arr[0 .. 5]

An easy false negative for Rustc (the D compiler catches this at compile-time):

fn main() {
    let mut arr = [0u32; 5];
    let i = 10;
    if i > 3 {
        arr[i] += 1;
    }
}