ITC-Benchmarks Test suite #104
DownloadDescription
Toyota InfoTechnology Center (ITC), U.S.A.static analysis benchmarks for undefined behavior andconcurrency weaknesses. 100 test cases in C and C++containing a total of 685 pairs of intended weaknesses.Each pair has a version with a weakness and a fixed version.The test cases are Copyright (c) 2012-2014 and distributedunder the "BSD License." See Shin''ichi Shiraishi, Veena Mohan,and Hemalatha Marimuthu, "Test Suites for Benchmarks ofStatic Analysis Tools," IEEE Int''l Symp. on Software ReliabilityEngineering (ISSRE ''15), DOI: 10.1109/ISSREW.2015.7392027,originally obtained from https://github.com/regehr/itc-benchmarks.
Please note that test cases contain coincidental weaknessesflagged by SAMATE team, each described accordingly and individually.
Also please note that the SAMATE team determined that in a few cases,the code that was marked as weakness originally was in fact correct code.We describe these cases accordingly and individually.
-
Defect Type: Numerical defects Defect Sub-type: Integer sign lost because of unsigned cast Description: Defect Free Code to identify false positives in losing sign due to cast
-
Defect Type: Concurrency defects Defect Sub-type: Long lock
-
Defect Type: Concurrency defects Defect Sub-type: Long lock Description: Defect Free Code to identify false positives of long lock conditions
-
Defect Type: Stack related defects Defect Sub-type: Cross thread stack access
-
Defect Type: Stack related defects Defect Sub-type: Cross thread stack access Description: Defect Free Code to identify false positives in cross thread access
-
Defect Type: Stack related defects Defect Sub-type: Stack overflow
-
Defect Type: Stack related defects Defect Sub-type: Stack overflow Description: Defect Free Code to identify false positives in stack overflow conditions
-
Defect Type: Stack related defects Defect Sub-type: Stack underrun The test case contains coincidental weaknesses along with intended ones as follows for file st_underrun.c: * line(s): 25,51,92,130,150,193 CWE-835 * line(s): 193,195,204 CWE-121 * line(s): 195,227 CWE-124 * line(s): 247 CWE-561
-
Defect Type: Stack related defects Defect Sub-type: Stack underrun Description: Defect Free Code to identify false positives in stack underrun conditions The test case contains coincidental weaknesses along with intended ones as follows for file st_underrun.c: * line(s): 51,235,237 CWE-124 * line...
-
Defect Type: Static memory defects Defect Sub-type: Static buffer underrun
-
Defect Type: Static memory defects Defect Sub-type: Static buffer underrun Description: Defect Free Code to identify false positives in stack underun condition
-
Defect Type: Resource management defects Defect Sub-type: Uninitialized memory access Description: Defect Code to identify access to memory locations which are uninitialized Created on: Sep 26, 2013 Author: hemalatha The test case contains coincidental weaknesses along with intended ones as follo...
-
Defect Type: Resource management defects Defect Sub-type: Uninitialized memory access Description: Defect Free Code to identify false positives to identify access to memory locations which are uninitialized Created on: Sep 26, 2013 Author: hemalatha The test case contains coincidental weaknesses ...
-
Defect Type: Pointer related defects Defect Sub-type: Uninitialized pointer Description: Defect Code to identify uninitialized pointer access in the code flow The test case contains coincidental weaknesses along with intended ones as follows for file uninit_pointer.c: * line(s): 182 CWE-824 * lin...
-
Defect Type: Pointer related defects Defect Sub-type: Uninitialized pointer Description: Defect Free Code to identify false positives to identify uninitialized pointer access in the code flow The test case contains coincidental weaknesses along with intended ones as follows for file uninit_pointe...
-
Defect Type: Misc defects Defect Sub-type: Uninitialized variable Description: Defect code to identify uninitialized variable in a code flow The test case contains coincidental weaknesses along with intended ones as follows for file uninit_var.c: * line(s): 57,59,73 CWE-561 * line(s): 120,176 CWE...
-
Defect Type: Misc defects Defect Sub-type: Uninitialized variable Description: Defect Free Code to identify false positives to identify uninitialized variable in a code flow The test case contains coincidental weaknesses along with intended ones as follows for file uninit_var.c: * line(s): 66,68 ...
-
Defect Type: Concurrency defects Defect Sub-type: Unlock without lock Description: Defect Code to identify if a shared resource is unlocked without preceeding lock The test case contains coincidental weaknesses along with intended ones as follows for file unlock_without_lock.c: * line(s): 43,104,...
-
Defect Type: Concurrency defects Defect Sub-type: Unlock without lock Description: Defect Free Code to identify false positives to identify if a shared resource is unlocked without preceeding lock
-
Defect Type: Inappropriate code Defect Sub-type: Unused variable Description: Defect Code to identify the unused variable in a function
-
Defect Type: Inappropriate code Defect Sub-type: Unused variable Description: Defect Free Code to identify false positives to identify the unused variable in a function
-
Defect Type: Pointer related defects Defect Sub-type: Comparison NULL with function pointer Description: Defect Code to identify the wrong arguments fed into a function pointer Created on: Oct 8, 2013 Author: hemalatha The test case contains coincidental weaknesses along with intended ones as fol...
-
Defect Type: Pointer related defects Defect Sub-type: Comparison NULL with function pointer Description: Defect Free Code to identify false positives to identify the wrong arguments fed into a function pointer Created on: Oct 8, 2013 Author: hemalatha The test case contains coincidental weaknesse...
-
Defect Type: Numerical defects Defect Sub-type: Division by zero Description: Defect Code used to identify the division by zero functionality The test case contains coincidental weaknesses along with intended ones as follows for file zero_division.c: * line(s): 235,239,249 CWE-476
-
Defect Type: Numerical defects Defect Sub-type: Division by zero Description: Defect Free Code to identify false positives to identify the division by zero functionality The test case contains coincidental weaknesses along with intended ones as follows for file zero_division.c: * line(s): 236,240...