Error: ARRAY_VS_SINGLETON:
/qemu-1.0rc1/block/sheepdog.c:667:
address_of: Taking address with "&iov" yields a singleton pointer.
/qemu-1.0rc1/block/sheepdog.c:667:
callee_ptr_arith: Passing "&iov" to function "do_readv_writev" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
/qemu-1.0rc1/block/sheepdog.c:626:
callee_ptr_arith: Performing pointer arithmetic on "iov" in callee "do_send_recv".
/qemu-1.0rc1/block/sheepdog.c:531:
assign: Assigning: "msg.msg_iov" = "iov".
/qemu-1.0rc1/block/sheepdog.c:539:
ptr_arith: Performing pointer arithmetic on "iov" in expression "iov++".

Error: ARRAY_VS_SINGLETON:
/qemu-1.0rc1/tcg/tcg.c:1996:
address_of: Taking address with "&func_arg" yields a singleton pointer.
/qemu-1.0rc1/tcg/tcg.c:1996:
callee_ptr_arith: Passing "&func_arg" to function "tcg_out_op" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
/qemu-1.0rc1/tcg/i386/tcg-target.c:1489:
ptr_arith: Performing pointer arithmetic on "args" in expression "args + 1".

Error: CHECKED_RETURN:
/qemu-1.0rc1/audio/audio.c:176:
check_return: Calling function "audio_bug" without checking return value (as is done elsewhere 25 out of 26 times).
/qemu-1.0rc1/audio/audio.c:192:
example_checked: "audio_bug("audio_calloc", cond)" has its value checked in "audio_bug("audio_calloc", cond)".
/qemu-1.0rc1/audio/audio.c:438:
example_checked: "audio_bug(<anonymous>, !prefix)" has its value checked in "audio_bug(<anonymous>, !prefix)".
/qemu-1.0rc1/audio/audio.c:443:
example_checked: "audio_bug(<anonymous>, !opt)" has its value checked in "audio_bug(<anonymous>, !opt)".
/qemu-1.0rc1/audio/audio.c:857:
example_checked: "audio_bug(<anonymous>, live < 0 || live > hw->samples)" has its value checked in "audio_bug(<anonymous>, live < 0 || live > hw->samples)".
/qemu-1.0rc1/audio/audio.c:895:
example_checked: "audio_bug(<anonymous>, live < 0 || live > hw->samples)" has its value checked in "audio_bug(<anonymous>, live < 0 || live > hw->samples)".
/qemu-1.0rc1/audio/audio.c:176:
unchecked_value: No check of the return value of "audio_bug("bits_to_index", 1)".

Error: CHECKED_RETURN:
/qemu-1.0rc1/block/raw-posix.c:988:
check_return: Calling function "fd_open" without checking return value (as is done elsewhere 5 out of 6 times).
/qemu-1.0rc1/block/raw-posix.c:321:
example_checked: "fd_open(bs)" has its value checked in "fd_open(bs) < 0".
/qemu-1.0rc1/block/raw-posix.c:365:
example_checked: "fd_open(bs)" has its value checked in "fd_open(bs) < 0".
/qemu-1.0rc1/block/raw-posix.c:537:
example_assign: Assigning: "ret" = return value from "fd_open(bs)".
/qemu-1.0rc1/block/raw-posix.c:538:
example_checked: "ret" has its value checked in "ret < 0".
/qemu-1.0rc1/block/raw-posix.c:836:
example_checked: "fd_open(bs)" has its value checked in "fd_open(bs) < 0".
/qemu-1.0rc1/block/raw-posix.c:976:
example_checked: "fd_open(bs)" has its value checked in "fd_open(bs) >= 0".
/qemu-1.0rc1/block/raw-posix.c:988:
unchecked_value: No check of the return value of "fd_open(bs)".

Error: CHECKED_RETURN:
/qemu-1.0rc1/block/sheepdog.c:1368:
check_return: Calling function "strstart" without checking return value (as is done elsewhere 67 out of 69 times).
/qemu-1.0rc1/block/vvfat.c:1011:
example_checked: "strstart(dirname, "fat:", NULL)" has its value checked in "strstart(dirname, "fat:", NULL)".
/qemu-1.0rc1/block/nbd.c:84:
example_checked: "strstart(file, "nbd:", &host_spec)" has its value checked in "strstart(file, "nbd:", &host_spec)".
/qemu-1.0rc1/block/nbd.c:89:
example_checked: "strstart(host_spec, "unix:", &unixpath)" has its value checked in "strstart(host_spec, "unix:", &unixpath)".
/qemu-1.0rc1/block/raw-posix.c:716:
example_checked: "strstart(filename, "/dev/cdrom", NULL)" has its value checked in "strstart(filename, "/dev/cdrom", NULL)".
/qemu-1.0rc1/block/raw-posix.c:764:
example_checked: "strstart(temp, "/dev/sg", NULL)" has its value checked in "strstart(temp, "/dev/sg", NULL)".
/qemu-1.0rc1/block/sheepdog.c:1368:
unchecked_value: No check of the return value of "strstart(filename, "sheepdog:", &vdiname)".

Error: CHECKED_RETURN:
/qemu-1.0rc1/block/sheepdog.c:1205:
check_return: Calling function "strstart" without checking return value (as is done elsewhere 67 out of 69 times).
/qemu-1.0rc1/block/vvfat.c:1011:
example_checked: "strstart(dirname, "fat:", NULL)" has its value checked in "strstart(dirname, "fat:", NULL)".
/qemu-1.0rc1/block/nbd.c:84:
example_checked: "strstart(file, "nbd:", &host_spec)" has its value checked in "strstart(file, "nbd:", &host_spec)".
/qemu-1.0rc1/block/nbd.c:89:
example_checked: "strstart(host_spec, "unix:", &unixpath)" has its value checked in "strstart(host_spec, "unix:", &unixpath)".
/qemu-1.0rc1/block/raw-posix.c:716:
example_checked: "strstart(filename, "/dev/cdrom", NULL)" has its value checked in "strstart(filename, "/dev/cdrom", NULL)".
/qemu-1.0rc1/block/raw-posix.c:764:
example_checked: "strstart(temp, "/dev/sg", NULL)" has its value checked in "strstart(temp, "/dev/sg", NULL)".
/qemu-1.0rc1/block/sheepdog.c:1205:
unchecked_value: No check of the return value of "strstart(filename, "sheepdog:", (char const **)&filename)".

Error: CHECKED_RETURN:
/qemu-1.0rc1/block/vpc.c:270:
check_return: Calling function "bdrv_pwrite_sync" without checking return value (as is done elsewhere 30 out of 32 times).
/qemu-1.0rc1/block/cow.c:111:
example_assign: Assigning: "ret" = return value from "bdrv_pwrite_sync(bs->file, offset, &bitmap, sizeof (bitmap) /*1*/)".
/qemu-1.0rc1/block/cow.c:112:
example_checked: "ret" has its value checked in "ret < 0".
/qemu-1.0rc1/block/qcow.c:260:
example_checked: "bdrv_pwrite_sync(bs->file, s->l1_table_offset + l1_index * sizeof (tmp) /*8*/, &tmp, sizeof (tmp) /*8*/)" has its value checked in "bdrv_pwrite_sync(bs->file, s->l1_table_offset + l1_index * sizeof (tmp) /*8*/, &tmp, sizeof (tmp) /*8*/) < 0".
/qemu-1.0rc1/block/qcow.c:290:
example_checked: "bdrv_pwrite_sync(bs->file, l2_offset, l2_table, s->l2_size * sizeof (uint64_t) /*8*/)" has its value checked in "bdrv_pwrite_sync(bs->file, l2_offset, l2_table, s->l2_size * sizeof (uint64_t) /*8*/) < 0".
/qemu-1.0rc1/block/qcow.c:356:
example_checked: "bdrv_pwrite_sync(bs->file, l2_offset + l2_index * sizeof (tmp) /*8*/, &tmp, sizeof (tmp) /*8*/)" has its value checked in "bdrv_pwrite_sync(bs->file, l2_offset + l2_index * sizeof (tmp) /*8*/, &tmp, sizeof (tmp) /*8*/) < 0".
/qemu-1.0rc1/block/qcow.c:710:
example_checked: "bdrv_pwrite_sync(bs->file, s->l1_table_offset, s->l1_table, l1_length)" has its value checked in "bdrv_pwrite_sync(bs->file, s->l1_table_offset, s->l1_table, l1_length) < 0".
/qemu-1.0rc1/block/vpc.c:270:
unchecked_value: No check of the return value of "bdrv_pwrite_sync(bs->file, bitmap_offset, bitmap, s->bitmap_size)".

Error: CHECKED_RETURN:
/qemu-1.0rc1/block/vpc.c:355:
check_return: Calling function "bdrv_pwrite_sync" without checking return value (as is done elsewhere 30 out of 32 times).
/qemu-1.0rc1/block/cow.c:111:
example_assign: Assigning: "ret" = return value from "bdrv_pwrite_sync(bs->file, offset, &bitmap, sizeof (bitmap) /*1*/)".
/qemu-1.0rc1/block/cow.c:112:
example_checked: "ret" has its value checked in "ret < 0".
/qemu-1.0rc1/block/qcow.c:260:
example_checked: "bdrv_pwrite_sync(bs->file, s->l1_table_offset + l1_index * sizeof (tmp) /*8*/, &tmp, sizeof (tmp) /*8*/)" has its value checked in "bdrv_pwrite_sync(bs->file, s->l1_table_offset + l1_index * sizeof (tmp) /*8*/, &tmp, sizeof (tmp) /*8*/) < 0".
/qemu-1.0rc1/block/qcow.c:290:
example_checked: "bdrv_pwrite_sync(bs->file, l2_offset, l2_table, s->l2_size * sizeof (uint64_t) /*8*/)" has its value checked in "bdrv_pwrite_sync(bs->file, l2_offset, l2_table, s->l2_size * sizeof (uint64_t) /*8*/) < 0".
/qemu-1.0rc1/block/qcow.c:356:
example_checked: "bdrv_pwrite_sync(bs->file, l2_offset + l2_index * sizeof (tmp) /*8*/, &tmp, sizeof (tmp) /*8*/)" has its value checked in "bdrv_pwrite_sync(bs->file, l2_offset + l2_index * sizeof (tmp) /*8*/, &tmp, sizeof (tmp) /*8*/) < 0".
/qemu-1.0rc1/block/qcow.c:710:
example_checked: "bdrv_pwrite_sync(bs->file, s->l1_table_offset, s->l1_table, l1_length)" has its value checked in "bdrv_pwrite_sync(bs->file, s->l1_table_offset, s->l1_table, l1_length) < 0".
/qemu-1.0rc1/block/vpc.c:355:
unchecked_value: No check of the return value of "bdrv_pwrite_sync(bs->file, s->free_data_block_offset, bitmap, s->bitmap_size)".

Error: CHECKED_RETURN:
/qemu-1.0rc1/hw/pflash_cfi01.c:209:
check_return: Calling function "bdrv_write" without checking return value (as is done elsewhere 33 out of 35 times).
/qemu-1.0rc1/nbd.c:669:
example_checked: "bdrv_write(bs, (request.from + dev_offset) / 512UL, data, request.len / 512U)" has its value checked in "bdrv_write(bs, (request.from + dev_offset) / 512UL, data, request.len / 512U) == -1".
/qemu-1.0rc1/block.c:925:
example_checked: "bdrv_write(bs->backing_hd, sector, buf, n)" has its value checked in "bdrv_write(bs->backing_hd, sector, buf, n) != 0".
/qemu-1.0rc1/block.c:1193:
example_checked: "bdrv_write(bs, sector_num, tmp_buf, 1)" has its value checked in "(ret = bdrv_write(bs, sector_num, tmp_buf, 1)) < 0".
/qemu-1.0rc1/block.c:1205:
example_checked: "bdrv_write(bs, sector_num, buf, nb_sectors)" has its value checked in "(ret = bdrv_write(bs, sector_num, buf, nb_sectors)) < 0".
/qemu-1.0rc1/block.c:1218:
example_checked: "bdrv_write(bs, sector_num, tmp_buf, 1)" has its value checked in "(ret = bdrv_write(bs, sector_num, tmp_buf, 1)) < 0".
/qemu-1.0rc1/hw/pflash_cfi01.c:209:
unchecked_value: No check of the return value of "bdrv_write(pfl->bs, offset, pfl->storage + (offset << 9), offset_end - offset)".

Error: CHECKED_RETURN:
/qemu-1.0rc1/hw/pflash_cfi02.c:238:
check_return: Calling function "bdrv_write" without checking return value (as is done elsewhere 33 out of 35 times).
/qemu-1.0rc1/nbd.c:669:
example_checked: "bdrv_write(bs, (request.from + dev_offset) / 512UL, data, request.len / 512U)" has its value checked in "bdrv_write(bs, (request.from + dev_offset) / 512UL, data, request.len / 512U) == -1".
/qemu-1.0rc1/block.c:925:
example_checked: "bdrv_write(bs->backing_hd, sector, buf, n)" has its value checked in "bdrv_write(bs->backing_hd, sector, buf, n) != 0".
/qemu-1.0rc1/block.c:1193:
example_checked: "bdrv_write(bs, sector_num, tmp_buf, 1)" has its value checked in "(ret = bdrv_write(bs, sector_num, tmp_buf, 1)) < 0".
/qemu-1.0rc1/block.c:1205:
example_checked: "bdrv_write(bs, sector_num, buf, nb_sectors)" has its value checked in "(ret = bdrv_write(bs, sector_num, buf, nb_sectors)) < 0".
/qemu-1.0rc1/block.c:1218:
example_checked: "bdrv_write(bs, sector_num, tmp_buf, 1)" has its value checked in "(ret = bdrv_write(bs, sector_num, tmp_buf, 1)) < 0".
/qemu-1.0rc1/hw/pflash_cfi02.c:238:
unchecked_value: No check of the return value of "bdrv_write(pfl->bs, offset, pfl->storage + (offset << 9), offset_end - offset)".

Error: CHECKED_RETURN:
/qemu-1.0rc1/net/slirp.c:332:
check_return: Calling function "get_str_sep" without checking return value (as is done elsewhere 5 out of 6 times).
/qemu-1.0rc1/net/slirp.c:342:
example_checked: "get_str_sep(buf, sizeof (buf) /*256*/, &p, 58)" has its value checked in "get_str_sep(buf, sizeof (buf) /*256*/, &p, 58) < 0".
/qemu-1.0rc1/net/slirp.c:374:
example_checked: "get_str_sep(buf, sizeof (buf) /*256*/, &p, 58)" has its value checked in "get_str_sep(buf, sizeof (buf) /*256*/, &p, 58) < 0".
/qemu-1.0rc1/net/slirp.c:386:
example_checked: "get_str_sep(buf, sizeof (buf) /*256*/, &p, 58)" has its value checked in "get_str_sep(buf, sizeof (buf) /*256*/, &p, 58) < 0".
/qemu-1.0rc1/net/slirp.c:394:
example_checked: "get_str_sep(buf, sizeof (buf) /*256*/, &p, (legacy_format ? 58 : 45))" has its value checked in "get_str_sep(buf, sizeof (buf) /*256*/, &p, (legacy_format ? 58 : 45)) < 0".
/qemu-1.0rc1/net/slirp.c:402:
example_checked: "get_str_sep(buf, sizeof (buf) /*256*/, &p, 58)" has its value checked in "get_str_sep(buf, sizeof (buf) /*256*/, &p, 58) < 0".
/qemu-1.0rc1/net/slirp.c:332:
unchecked_value: No check of the return value of "get_str_sep(buf, sizeof (buf) /*256*/, &p, 58)".

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/buffered_file.c:224:
result_independent_of_operands: new_rate > 18446744073709551615UL is always false regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/hw/max111x.c:73:
missing_parentheses: ((value & 4294967279U /* ~(1 << 4) */) >> 2 /* 2 + 0 */) & 4U is always 0 regardless of the values of its operands. This occurs as the bitwise first operand of '|'. Did you intend to apply '&' to 2 /* 2 + 0 */ and 4U? If so, parentheses would be required to force this interpretation.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/hw/omap_dss.c:392:
logical_vs_bitwise: ~((s->dispc.l[1].attr | s->dispc.l[2].attr) & 1U) is always 1/true regardless of the values of its operand. This occurs as the logical operand of if. Did you intend to use '!' rather than '~'?

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/hw/pxa2xx.c:117:
result_independent_of_operands: 0x15UL & ~(value & 0x2aUL) is always 0x15 regardless of the values of its operands. This occurs as the bitwise operand of '&='.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/hw/sm501.c:624:
result_independent_of_operands: color_reg >> 16 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of '&'.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/hw/sun4c_intctl.c:129:
result_independent_of_operands: s->reg & 0x80000000U is always 0 regardless of the values of its operands. This occurs as the logical operand of '!'.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/hw/usb-net.c:1305:
missing_parentheses: !s->rndis_state == 2 is always false regardless of the values of its operands. Did you intend to either negate the entire comparison expression, in which case parentheses would be required around the entire comparison expression to force that interpretation, or negate the sense of the comparison (that is, use '!=' rather than '==')? This occurs as the logical second operand of '&&'.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/hw/usb-net.c:1271:
missing_parentheses: !s->rndis_state == 2 is always false regardless of the values of its operands. Did you intend to either negate the entire comparison expression, in which case parentheses would be required around the entire comparison expression to force that interpretation, or negate the sense of the comparison (that is, use '!=' rather than '==')? This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/sparc-dis.c:3053:
result_independent_of_operands: (unsigned int)((insn >> 14) & 0x1fUL) < 32U is always true regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/sparc-dis.c:3061:
result_independent_of_operands: (unsigned int)((insn >> 25) & 0x1fUL) < 32U is always true regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/target-s390x/op_helper.c:376:
result_independent_of_operands: (__uint128_t)env->regs[r1] << 64 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of '|'.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/target-s390x/op_helper.c:355:
result_independent_of_operands: res >> 64 is 0 regardless of the values of its operands. This occurs as the non-specific operand of assignment.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/target-sh4/translate.c:1432:
result_independent_of_operands: ((ctx->opcode >> 4) & 7) < 8 is always true regardless of the values of its operands. This occurs as the logical first operand of '&&'.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/target-sh4/translate.c:1436:
result_independent_of_operands: ((ctx->opcode >> 4) & 7) < 8 is always true regardless of the values of its operands. This occurs as the logical first operand of '&&'.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/target-sh4/translate.c:1441:
result_independent_of_operands: ((ctx->opcode >> 4) & 7) < 8 is always true regardless of the values of its operands. This occurs as the logical first operand of '&&'.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/target-sh4/translate.c:1448:
result_independent_of_operands: ((ctx->opcode >> 4) & 7) < 8 is always true regardless of the values of its operands. This occurs as the logical first operand of '&&'.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/target-sh4/translate.c:1867:
result_independent_of_operands: ctx->opcode >> 16 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of '&'.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/target-sh4/translate.c:1868:
result_independent_of_operands: ctx->opcode >> 18 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of '&'.

Error: CONSTANT_EXPRESSION_RESULT:
/qemu-1.0rc1/target-sh4/translate.c:1880:
result_independent_of_operands: ctx->opcode >> 18 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of '&'.

Error: DEADCODE:
/qemu-1.0rc1/aes.c:798:
dead_error_condition: On this path, the condition "bits == 256" cannot be false.
/qemu-1.0rc1/aes.c:776:
const: After this line, the value of "bits" is equal to 256.
/qemu-1.0rc1/aes.c:745:
equality_cond: Condition "bits == 128" is evaluated as false.
/qemu-1.0rc1/aes.c:756:
equality_cond: Condition "bits == 128" is evaluated as false.
/qemu-1.0rc1/aes.c:747:
equality_cond: Condition "bits == 192" is evaluated as false.
/qemu-1.0rc1/aes.c:776:
equality_cond: Condition "bits == 192" is evaluated as false.
/qemu-1.0rc1/aes.c:740:
equality_cond: Condition "bits != 128" is evaluated as true.
/qemu-1.0rc1/aes.c:740:
equality_cond: Condition "bits != 192" is evaluated as true.
/qemu-1.0rc1/aes.c:740:
new_values: Noticing condition "bits != 256".
/qemu-1.0rc1/aes.c:826:
dead_error_line: Execution cannot reach this statement "return 0;".

Error: DEADCODE:
/qemu-1.0rc1/arm-dis.c:4012:
dead_error_condition: On this path, the condition "is_data" cannot be true.
/qemu-1.0rc1/arm-dis.c:3874:
const: After this line, the value of "is_data" is equal to 0.
/qemu-1.0rc1/arm-dis.c:3874:
assignment: Assigning: "is_data" = "0".
/qemu-1.0rc1/arm-dis.c:4014:
dead_error_begin: Execution cannot reach this statement "int i;".

Error: DEADCODE:
/qemu-1.0rc1/bt-host.c:163:
dead_error_condition: On this path, the condition "fd < 0" cannot be false.
/qemu-1.0rc1/bt-host.c:148:
const: After this line, the value of "fd" is equal to -1.
/qemu-1.0rc1/bt-host.c:148:
assignment: Assigning: "fd" = "-1".
/qemu-1.0rc1/bt-host.c:180:
dead_error_begin: Execution cannot reach this statement "s = g_malloc0(sizeof (struc...".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:2357:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:2332:
const: After this line, the value of "op" is equal to 4.
/qemu-1.0rc1/target-s390x/translate.c:2332:
const: After this line, the value of "op" is equal to 8.
/qemu-1.0rc1/target-s390x/translate.c:2353:
equality_cond: Jumping to case "4".
/qemu-1.0rc1/target-s390x/translate.c:2354:
equality_cond: Jumping to case "8".
/qemu-1.0rc1/target-s390x/translate.c:2367:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:2382:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:2332:
const: After this line, the value of "op" is equal to 5.
/qemu-1.0rc1/target-s390x/translate.c:2332:
const: After this line, the value of "op" is equal to 9.
/qemu-1.0rc1/target-s390x/translate.c:2378:
equality_cond: Jumping to case "5".
/qemu-1.0rc1/target-s390x/translate.c:2379:
equality_cond: Jumping to case "9".
/qemu-1.0rc1/target-s390x/translate.c:2392:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:2408:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:2332:
const: After this line, the value of "op" is equal to 10.
/qemu-1.0rc1/target-s390x/translate.c:2332:
const: After this line, the value of "op" is equal to 6.
/qemu-1.0rc1/target-s390x/translate.c:2405:
equality_cond: Jumping to case "10".
/qemu-1.0rc1/target-s390x/translate.c:2404:
equality_cond: Jumping to case "6".
/qemu-1.0rc1/target-s390x/translate.c:2418:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:2434:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:2332:
const: After this line, the value of "op" is equal to 11.
/qemu-1.0rc1/target-s390x/translate.c:2332:
const: After this line, the value of "op" is equal to 7.
/qemu-1.0rc1/target-s390x/translate.c:2431:
equality_cond: Jumping to case "11".
/qemu-1.0rc1/target-s390x/translate.c:2430:
equality_cond: Jumping to case "7".
/qemu-1.0rc1/target-s390x/translate.c:2443:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:3220:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3022:
const: After this line, the value of "op" is equal to 164.
/qemu-1.0rc1/target-s390x/translate.c:3022:
const: After this line, the value of "op" is equal to 165.
/qemu-1.0rc1/target-s390x/translate.c:3216:
equality_cond: Jumping to case "164".
/qemu-1.0rc1/target-s390x/translate.c:3217:
equality_cond: Jumping to case "165".
/qemu-1.0rc1/target-s390x/translate.c:3227:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:3087:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3022:
const: After this line, the value of "op" is equal to 14.
/qemu-1.0rc1/target-s390x/translate.c:3022:
const: After this line, the value of "op" is equal to 30.
/qemu-1.0rc1/target-s390x/translate.c:3022:
const: After this line, the value of "op" is equal to 31.
/qemu-1.0rc1/target-s390x/translate.c:3080:
equality_cond: Jumping to case "14".
/qemu-1.0rc1/target-s390x/translate.c:3081:
equality_cond: Jumping to case "30".
/qemu-1.0rc1/target-s390x/translate.c:3082:
equality_cond: Jumping to case "31".
/qemu-1.0rc1/target-s390x/translate.c:3097:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:3176:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3022:
const: After this line, the value of "op" is equal to 148.
/qemu-1.0rc1/target-s390x/translate.c:3022:
const: After this line, the value of "op" is equal to 149.
/qemu-1.0rc1/target-s390x/translate.c:3022:
const: After this line, the value of "op" is equal to 150.
/qemu-1.0rc1/target-s390x/translate.c:3171:
equality_cond: Jumping to case "148".
/qemu-1.0rc1/target-s390x/translate.c:3172:
equality_cond: Jumping to case "149".
/qemu-1.0rc1/target-s390x/translate.c:3173:
equality_cond: Jumping to case "150".
/qemu-1.0rc1/target-s390x/translate.c:3186:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:3198:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3022:
const: After this line, the value of "op" is equal to 152.
/qemu-1.0rc1/target-s390x/translate.c:3022:
const: After this line, the value of "op" is equal to 153.
/qemu-1.0rc1/target-s390x/translate.c:3022:
const: After this line, the value of "op" is equal to 154.
/qemu-1.0rc1/target-s390x/translate.c:3192:
equality_cond: Jumping to case "152".
/qemu-1.0rc1/target-s390x/translate.c:3193:
equality_cond: Jumping to case "153".
/qemu-1.0rc1/target-s390x/translate.c:3194:
equality_cond: Jumping to case "154".
/qemu-1.0rc1/target-s390x/translate.c:3208:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:3340:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3286:
const: After this line, the value of "op" is equal to 10.
/qemu-1.0rc1/target-s390x/translate.c:3286:
const: After this line, the value of "op" is equal to 8.
/qemu-1.0rc1/target-s390x/translate.c:3334:
equality_cond: Jumping to case "10".
/qemu-1.0rc1/target-s390x/translate.c:3333:
equality_cond: Jumping to case "8".
/qemu-1.0rc1/target-s390x/translate.c:3347:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:3523:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3286:
const: After this line, the value of "op" is equal to 128.
/qemu-1.0rc1/target-s390x/translate.c:3286:
const: After this line, the value of "op" is equal to 129.
/qemu-1.0rc1/target-s390x/translate.c:3286:
const: After this line, the value of "op" is equal to 130.
/qemu-1.0rc1/target-s390x/translate.c:3518:
equality_cond: Jumping to case "128".
/qemu-1.0rc1/target-s390x/translate.c:3519:
equality_cond: Jumping to case "129".
/qemu-1.0rc1/target-s390x/translate.c:3520:
equality_cond: Jumping to case "130".
/qemu-1.0rc1/target-s390x/translate.c:3533:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:3379:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3286:
const: After this line, the value of "op" is equal to 11.
/qemu-1.0rc1/target-s390x/translate.c:3359:
const: After this line, the value of "op" is equal to 25.
/qemu-1.0rc1/target-s390x/translate.c:3359:
const: After this line, the value of "op" is equal to 27.
/qemu-1.0rc1/target-s390x/translate.c:3286:
const: After this line, the value of "op" is equal to 9.
/qemu-1.0rc1/target-s390x/translate.c:3355:
equality_cond: Jumping to case "11".
/qemu-1.0rc1/target-s390x/translate.c:3357:
equality_cond: Jumping to case "25".
/qemu-1.0rc1/target-s390x/translate.c:3366:
equality_cond: Jumping to case "25".
/qemu-1.0rc1/target-s390x/translate.c:3356:
equality_cond: Jumping to case "27".
/qemu-1.0rc1/target-s390x/translate.c:3360:
equality_cond: Jumping to case "27".
/qemu-1.0rc1/target-s390x/translate.c:3354:
equality_cond: Jumping to case "9".
/qemu-1.0rc1/target-s390x/translate.c:3388:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:3718:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3677:
const: After this line, the value of "op" is equal to 11.
/qemu-1.0rc1/target-s390x/translate.c:3677:
const: After this line, the value of "op" is equal to 13.
/qemu-1.0rc1/target-s390x/translate.c:3677:
const: After this line, the value of "op" is equal to 7.
/qemu-1.0rc1/target-s390x/translate.c:3715:
equality_cond: Jumping to case "11".
/qemu-1.0rc1/target-s390x/translate.c:3716:
equality_cond: Jumping to case "13".
/qemu-1.0rc1/target-s390x/translate.c:3714:
equality_cond: Jumping to case "7".
/qemu-1.0rc1/target-s390x/translate.c:3728:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:3780:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3774:
const: After this line, the value of "op" is equal to 10.
/qemu-1.0rc1/target-s390x/translate.c:3774:
const: After this line, the value of "op" is equal to 4.
/qemu-1.0rc1/target-s390x/translate.c:3776:
equality_cond: Jumping to case "10".
/qemu-1.0rc1/target-s390x/translate.c:3775:
equality_cond: Jumping to case "4".
/qemu-1.0rc1/target-s390x/translate.c:3789:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:3802:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3774:
const: After this line, the value of "op" is equal to 11.
/qemu-1.0rc1/target-s390x/translate.c:3774:
const: After this line, the value of "op" is equal to 5.
/qemu-1.0rc1/target-s390x/translate.c:3798:
equality_cond: Jumping to case "11".
/qemu-1.0rc1/target-s390x/translate.c:3797:
equality_cond: Jumping to case "5".
/qemu-1.0rc1/target-s390x/translate.c:3811:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:1725:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:1481:
const: After this line, the value of "op" is equal to 90.
/qemu-1.0rc1/target-s390x/translate.c:1481:
const: After this line, the value of "op" is equal to 91.
/qemu-1.0rc1/target-s390x/translate.c:1716:
equality_cond: Jumping to case "90".
/qemu-1.0rc1/target-s390x/translate.c:1717:
equality_cond: Jumping to case "91".
/qemu-1.0rc1/target-s390x/translate.c:1732:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:1771:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:1481:
const: After this line, the value of "op" is equal to 118.
/qemu-1.0rc1/target-s390x/translate.c:1481:
const: After this line, the value of "op" is equal to 119.
/qemu-1.0rc1/target-s390x/translate.c:1767:
equality_cond: Jumping to case "118".
/qemu-1.0rc1/target-s390x/translate.c:1768:
equality_cond: Jumping to case "119".
/qemu-1.0rc1/target-s390x/translate.c:1780:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:1736:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:1725:
const: After this line, the value of "op" is equal to 90.
/qemu-1.0rc1/target-s390x/translate.c:1725:
const: After this line, the value of "op" is equal to 91.
/qemu-1.0rc1/target-s390x/translate.c:1716:
equality_cond: Jumping to case "90".
/qemu-1.0rc1/target-s390x/translate.c:1726:
equality_cond: Jumping to case "90".
/qemu-1.0rc1/target-s390x/translate.c:1717:
equality_cond: Jumping to case "91".
/qemu-1.0rc1/target-s390x/translate.c:1729:
equality_cond: Jumping to case "91".
/qemu-1.0rc1/target-s390x/translate.c:1743:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:1796:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:1481:
const: After this line, the value of "op" is equal to 128.
/qemu-1.0rc1/target-s390x/translate.c:1481:
const: After this line, the value of "op" is equal to 129.
/qemu-1.0rc1/target-s390x/translate.c:1481:
const: After this line, the value of "op" is equal to 130.
/qemu-1.0rc1/target-s390x/translate.c:1791:
equality_cond: Jumping to case "128".
/qemu-1.0rc1/target-s390x/translate.c:1792:
equality_cond: Jumping to case "129".
/qemu-1.0rc1/target-s390x/translate.c:1793:
equality_cond: Jumping to case "130".
/qemu-1.0rc1/target-s390x/translate.c:1806:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:1649:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:1481:
const: After this line, the value of "op" is equal to 32.
/qemu-1.0rc1/target-s390x/translate.c:1481:
const: After this line, the value of "op" is equal to 33.
/qemu-1.0rc1/target-s390x/translate.c:1481:
const: After this line, the value of "op" is equal to 48.
/qemu-1.0rc1/target-s390x/translate.c:1481:
const: After this line, the value of "op" is equal to 49.
/qemu-1.0rc1/target-s390x/translate.c:1644:
equality_cond: Jumping to case "32".
/qemu-1.0rc1/target-s390x/translate.c:1645:
equality_cond: Jumping to case "33".
/qemu-1.0rc1/target-s390x/translate.c:1646:
equality_cond: Jumping to case "48".
/qemu-1.0rc1/target-s390x/translate.c:1647:
equality_cond: Jumping to case "49".
/qemu-1.0rc1/target-s390x/translate.c:1660:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:1546:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:1535:
const: After this line, the value of "op" is equal to 10.
/qemu-1.0rc1/target-s390x/translate.c:1535:
const: After this line, the value of "op" is equal to 24.
/qemu-1.0rc1/target-s390x/translate.c:1532:
const: After this line, the value of "op" is equal to 26.
/qemu-1.0rc1/target-s390x/translate.c:1535:
const: After this line, the value of "op" is equal to 8.
/qemu-1.0rc1/target-s390x/translate.c:1535:
equality_cond: Condition "op == 24" is evaluated as false.
/qemu-1.0rc1/target-s390x/translate.c:1532:
equality_cond: Condition "op == 26" is evaluated as false.
/qemu-1.0rc1/target-s390x/translate.c:1529:
equality_cond: Jumping to case "10".
/qemu-1.0rc1/target-s390x/translate.c:1530:
equality_cond: Jumping to case "24".
/qemu-1.0rc1/target-s390x/translate.c:1531:
equality_cond: Jumping to case "26".
/qemu-1.0rc1/target-s390x/translate.c:1528:
equality_cond: Jumping to case "8".
/qemu-1.0rc1/target-s390x/translate.c:1535:
new_values: Noticing condition "op == 24".
/qemu-1.0rc1/target-s390x/translate.c:1532:
new_values: Noticing condition "op == 26".
/qemu-1.0rc1/target-s390x/translate.c:1555:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:1578:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:1569:
const: After this line, the value of "op" is equal to 11.
/qemu-1.0rc1/target-s390x/translate.c:1567:
const: After this line, the value of "op" is equal to 25.
/qemu-1.0rc1/target-s390x/translate.c:1569:
const: After this line, the value of "op" is equal to 27.
/qemu-1.0rc1/target-s390x/translate.c:1569:
const: After this line, the value of "op" is equal to 9.
/qemu-1.0rc1/target-s390x/translate.c:1567:
equality_cond: Condition "op == 25" is evaluated as false.
/qemu-1.0rc1/target-s390x/translate.c:1569:
equality_cond: Condition "op == 27" is evaluated as false.
/qemu-1.0rc1/target-s390x/translate.c:1563:
equality_cond: Jumping to case "11".
/qemu-1.0rc1/target-s390x/translate.c:1564:
equality_cond: Jumping to case "25".
/qemu-1.0rc1/target-s390x/translate.c:1565:
equality_cond: Jumping to case "27".
/qemu-1.0rc1/target-s390x/translate.c:1562:
equality_cond: Jumping to case "9".
/qemu-1.0rc1/target-s390x/translate.c:1567:
new_values: Noticing condition "op == 25".
/qemu-1.0rc1/target-s390x/translate.c:1569:
new_values: Noticing condition "op == 27".
/qemu-1.0rc1/target-s390x/translate.c:1587:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:1663:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:1649:
const: After this line, the value of "op" is equal to 32.
/qemu-1.0rc1/target-s390x/translate.c:1649:
const: After this line, the value of "op" is equal to 33.
/qemu-1.0rc1/target-s390x/translate.c:1649:
const: After this line, the value of "op" is equal to 48.
/qemu-1.0rc1/target-s390x/translate.c:1649:
const: After this line, the value of "op" is equal to 49.
/qemu-1.0rc1/target-s390x/translate.c:1644:
equality_cond: Jumping to case "32".
/qemu-1.0rc1/target-s390x/translate.c:1650:
equality_cond: Jumping to case "32".
/qemu-1.0rc1/target-s390x/translate.c:1645:
equality_cond: Jumping to case "33".
/qemu-1.0rc1/target-s390x/translate.c:1651:
equality_cond: Jumping to case "33".
/qemu-1.0rc1/target-s390x/translate.c:1646:
equality_cond: Jumping to case "48".
/qemu-1.0rc1/target-s390x/translate.c:1654:
equality_cond: Jumping to case "48".
/qemu-1.0rc1/target-s390x/translate.c:1647:
equality_cond: Jumping to case "49".
/qemu-1.0rc1/target-s390x/translate.c:1657:
equality_cond: Jumping to case "49".
/qemu-1.0rc1/target-s390x/translate.c:1672:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:2037:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:1981:
const: After this line, the value of "op" is equal to 29.
/qemu-1.0rc1/target-s390x/translate.c:2027:
equality_cond: Jumping to case "29".
/qemu-1.0rc1/target-s390x/translate.c:2041:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:1993:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:1981:
const: After this line, the value of "op" is equal to 10.
/qemu-1.0rc1/target-s390x/translate.c:1981:
const: After this line, the value of "op" is equal to 11.
/qemu-1.0rc1/target-s390x/translate.c:1981:
const: After this line, the value of "op" is equal to 12.
/qemu-1.0rc1/target-s390x/translate.c:1981:
const: After this line, the value of "op" is equal to 13.
/qemu-1.0rc1/target-s390x/translate.c:1981:
const: After this line, the value of "op" is equal to 28.
/qemu-1.0rc1/target-s390x/translate.c:1984:
equality_cond: Jumping to case "10".
/qemu-1.0rc1/target-s390x/translate.c:1985:
equality_cond: Jumping to case "11".
/qemu-1.0rc1/target-s390x/translate.c:1982:
equality_cond: Jumping to case "12".
/qemu-1.0rc1/target-s390x/translate.c:1983:
equality_cond: Jumping to case "13".
/qemu-1.0rc1/target-s390x/translate.c:1986:
equality_cond: Jumping to case "28".
/qemu-1.0rc1/target-s390x/translate.c:2018:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:4969:
dead_error_condition: On this path, the switch value "opc" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 192.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 194.
/qemu-1.0rc1/target-s390x/translate.c:4963:
equality_cond: Jumping to case "192".
/qemu-1.0rc1/target-s390x/translate.c:4964:
equality_cond: Jumping to case "194".
/qemu-1.0rc1/target-s390x/translate.c:4976:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:4246:
dead_error_condition: On this path, the switch value "opc" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 74.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 75.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 76.
/qemu-1.0rc1/target-s390x/translate.c:4234:
equality_cond: Jumping to case "74".
/qemu-1.0rc1/target-s390x/translate.c:4235:
equality_cond: Jumping to case "75".
/qemu-1.0rc1/target-s390x/translate.c:4236:
equality_cond: Jumping to case "76".
/qemu-1.0rc1/target-s390x/translate.c:4258:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:4569:
dead_error_condition: On this path, the switch value "opc" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 136.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 137.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 138.
/qemu-1.0rc1/target-s390x/translate.c:4559:
equality_cond: Jumping to case "136".
/qemu-1.0rc1/target-s390x/translate.c:4560:
equality_cond: Jumping to case "137".
/qemu-1.0rc1/target-s390x/translate.c:4561:
equality_cond: Jumping to case "138".
/qemu-1.0rc1/target-s390x/translate.c:4580:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:4669:
dead_error_condition: On this path, the switch value "opc" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 148.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 150.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 151.
/qemu-1.0rc1/target-s390x/translate.c:4662:
equality_cond: Jumping to case "148".
/qemu-1.0rc1/target-s390x/translate.c:4663:
equality_cond: Jumping to case "150".
/qemu-1.0rc1/target-s390x/translate.c:4664:
equality_cond: Jumping to case "151".
/qemu-1.0rc1/target-s390x/translate.c:4679:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:4368:
dead_error_condition: On this path, the switch value "opc" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 90.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 91.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 94.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 95.
/qemu-1.0rc1/target-s390x/translate.c:4357:
equality_cond: Jumping to case "90".
/qemu-1.0rc1/target-s390x/translate.c:4358:
equality_cond: Jumping to case "91".
/qemu-1.0rc1/target-s390x/translate.c:4359:
equality_cond: Jumping to case "94".
/qemu-1.0rc1/target-s390x/translate.c:4360:
equality_cond: Jumping to case "95".
/qemu-1.0rc1/target-s390x/translate.c:4377:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:4381:
dead_error_condition: On this path, the switch value "opc" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:4368:
const: After this line, the value of "opc" is equal to 90.
/qemu-1.0rc1/target-s390x/translate.c:4368:
const: After this line, the value of "opc" is equal to 91.
/qemu-1.0rc1/target-s390x/translate.c:4368:
const: After this line, the value of "opc" is equal to 94.
/qemu-1.0rc1/target-s390x/translate.c:4368:
const: After this line, the value of "opc" is equal to 95.
/qemu-1.0rc1/target-s390x/translate.c:4357:
equality_cond: Jumping to case "90".
/qemu-1.0rc1/target-s390x/translate.c:4369:
equality_cond: Jumping to case "90".
/qemu-1.0rc1/target-s390x/translate.c:4358:
equality_cond: Jumping to case "91".
/qemu-1.0rc1/target-s390x/translate.c:4373:
equality_cond: Jumping to case "91".
/qemu-1.0rc1/target-s390x/translate.c:4359:
equality_cond: Jumping to case "94".
/qemu-1.0rc1/target-s390x/translate.c:4370:
equality_cond: Jumping to case "94".
/qemu-1.0rc1/target-s390x/translate.c:4360:
equality_cond: Jumping to case "95".
/qemu-1.0rc1/target-s390x/translate.c:4374:
equality_cond: Jumping to case "95".
/qemu-1.0rc1/target-s390x/translate.c:4394:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-s390x/translate.c:4995:
dead_error_condition: On this path, the switch value "opc" cannot reach the default case.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 210.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 212.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 213.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 214.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 215.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 220.
/qemu-1.0rc1/target-s390x/translate.c:3879:
const: After this line, the value of "opc" is equal to 243.
/qemu-1.0rc1/target-s390x/translate.c:4980:
equality_cond: Jumping to case "210".
/qemu-1.0rc1/target-s390x/translate.c:4981:
equality_cond: Jumping to case "212".
/qemu-1.0rc1/target-s390x/translate.c:4982:
equality_cond: Jumping to case "213".
/qemu-1.0rc1/target-s390x/translate.c:4983:
equality_cond: Jumping to case "214".
/qemu-1.0rc1/target-s390x/translate.c:4984:
equality_cond: Jumping to case "215".
/qemu-1.0rc1/target-s390x/translate.c:4985:
equality_cond: Jumping to case "220".
/qemu-1.0rc1/target-s390x/translate.c:4986:
equality_cond: Jumping to case "243".
/qemu-1.0rc1/target-s390x/translate.c:5026:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/fpu/softfloat-macros.h:171:
dead_error_condition: On this path, the condition "count < 64" cannot be true.
/qemu-1.0rc1/fpu/softfloat-macros.h:166:
at_least: After this line, the value of "count" is at least 64.
/qemu-1.0rc1/fpu/softfloat-macros.h:162:
equality_cond: Condition "count == 0" is evaluated as false.
/qemu-1.0rc1/fpu/softfloat-macros.h:166:
new_values: Noticing condition "count < 64".
/qemu-1.0rc1/fpu/softfloat-macros.h:171:
dead_error_line: Execution cannot reach this expression "a0 >> (count & 0x3f)" inside statement "z1 = ((count < 64) ? a0 >> ...".

Error: DEADCODE:
/qemu-1.0rc1/hw/arm_gic.c:409:
dead_error_condition: On this path, the condition "irq < 16" cannot be true.
/qemu-1.0rc1/hw/arm_gic.c:407:
between: After this line, the value of "irq" is between 32 and 95.
/qemu-1.0rc1/hw/arm_gic.c:406:
assignment: Assigning: "irq" = "(offset - 256U) * 8U + 32U".
/qemu-1.0rc1/hw/arm_gic.c:407:
new_values: Noticing condition "irq >= 96".
/qemu-1.0rc1/hw/arm_gic.c:391:
new_values: Noticing condition "offset < 256U".
/qemu-1.0rc1/hw/arm_gic.c:410:
dead_error_line: Execution cannot reach this statement "value = 255U;".

Error: DEADCODE:
/qemu-1.0rc1/hw/arm_gic.c:434:
dead_error_condition: On this path, the condition "irq < 16" cannot be true.
/qemu-1.0rc1/hw/arm_gic.c:432:
between: After this line, the value of "irq" is between 32 and 95.
/qemu-1.0rc1/hw/arm_gic.c:431:
assignment: Assigning: "irq" = "(offset - 384U) * 8U + 32U".
/qemu-1.0rc1/hw/arm_gic.c:432:
new_values: Noticing condition "irq >= 96".
/qemu-1.0rc1/hw/arm_gic.c:391:
new_values: Noticing condition "offset < 256U".
/qemu-1.0rc1/hw/arm_gic.c:435:
dead_error_line: Execution cannot reach this statement "value = 0U;".

Error: DEADCODE:
/qemu-1.0rc1/hw/arm_gic.c:451:
dead_error_condition: On this path, the condition "irq < 16" cannot be true.
/qemu-1.0rc1/hw/arm_gic.c:449:
between: After this line, the value of "irq" is between 32 and 95.
/qemu-1.0rc1/hw/arm_gic.c:448:
assignment: Assigning: "irq" = "(offset - 512U) * 8U + 32U".
/qemu-1.0rc1/hw/arm_gic.c:449:
new_values: Noticing condition "irq >= 96".
/qemu-1.0rc1/hw/arm_gic.c:391:
new_values: Noticing condition "offset < 256U".
/qemu-1.0rc1/hw/arm_gic.c:452:
dead_error_line: Execution cannot reach this statement "irq = 0;".

Error: DEADCODE:
/qemu-1.0rc1/hw/arm_gic.c:480:
dead_error_condition: On this path, the condition "irq < 32" cannot be true.
/qemu-1.0rc1/hw/arm_gic.c:478:
between: After this line, the value of "irq" is between 32 and 95.
/qemu-1.0rc1/hw/arm_gic.c:477:
assignment: Assigning: "irq" = "offset - 1024U + 32U".
/qemu-1.0rc1/hw/arm_gic.c:478:
new_values: Noticing condition "irq >= 96".
/qemu-1.0rc1/hw/arm_gic.c:472:
new_values: Noticing condition "offset < 1024U".
/qemu-1.0rc1/hw/arm_gic.c:481:
dead_error_line: Execution cannot reach this statement "s->priority1[irq][cpu] = va...".

Error: DEADCODE:
/qemu-1.0rc1/hw/ide/core.c:1508:
dead_error_condition: On this path, the condition "hob" cannot be true.
/qemu-1.0rc1/hw/ide/core.c:1499:
const: After this line, the value of "hob" is equal to 0.
/qemu-1.0rc1/hw/ide/core.c:1499:
assignment: Assigning: "hob" = "0".
/qemu-1.0rc1/hw/ide/core.c:1511:
dead_error_line: Execution cannot reach this statement "ret = s->hob_feature;".

Error: DEADCODE:
/qemu-1.0rc1/hw/ide/core.c:1516:
dead_error_condition: On this path, the condition "hob" cannot be true.
/qemu-1.0rc1/hw/ide/core.c:1499:
const: After this line, the value of "hob" is equal to 0.
/qemu-1.0rc1/hw/ide/core.c:1499:
assignment: Assigning: "hob" = "0".
/qemu-1.0rc1/hw/ide/core.c:1519:
dead_error_line: Execution cannot reach this statement "ret = s->hob_nsector;".

Error: DEADCODE:
/qemu-1.0rc1/hw/ide/core.c:1524:
dead_error_condition: On this path, the condition "hob" cannot be true.
/qemu-1.0rc1/hw/ide/core.c:1499:
const: After this line, the value of "hob" is equal to 0.
/qemu-1.0rc1/hw/ide/core.c:1499:
assignment: Assigning: "hob" = "0".
/qemu-1.0rc1/hw/ide/core.c:1527:
dead_error_line: Execution cannot reach this statement "ret = s->hob_sector;".

Error: DEADCODE:
/qemu-1.0rc1/hw/ide/core.c:1532:
dead_error_condition: On this path, the condition "hob" cannot be true.
/qemu-1.0rc1/hw/ide/core.c:1499:
const: After this line, the value of "hob" is equal to 0.
/qemu-1.0rc1/hw/ide/core.c:1499:
assignment: Assigning: "hob" = "0".
/qemu-1.0rc1/hw/ide/core.c:1535:
dead_error_line: Execution cannot reach this statement "ret = s->hob_lcyl;".

Error: DEADCODE:
/qemu-1.0rc1/hw/ide/core.c:1540:
dead_error_condition: On this path, the condition "hob" cannot be true.
/qemu-1.0rc1/hw/ide/core.c:1499:
const: After this line, the value of "hob" is equal to 0.
/qemu-1.0rc1/hw/ide/core.c:1499:
assignment: Assigning: "hob" = "0".
/qemu-1.0rc1/hw/ide/core.c:1543:
dead_error_line: Execution cannot reach this statement "ret = s->hob_hcyl;".

Error: DEADCODE:
/qemu-1.0rc1/hw/pci-hotplug.c:202:
dead_error_condition: On this path, the switch value "type" cannot reach the default case.
/qemu-1.0rc1/hw/pci-hotplug.c:168:
const: After this line, the value of "type" is equal to 2.
/qemu-1.0rc1/hw/pci-hotplug.c:170:
const: After this line, the value of "type" is equal to 7.
/qemu-1.0rc1/hw/pci-hotplug.c:168:
assignment: Assigning: "type" = "2".
/qemu-1.0rc1/hw/pci-hotplug.c:170:
assignment: Assigning: "type" = "7".
/qemu-1.0rc1/hw/pci-hotplug.c:228:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/linux-user/syscall_defs.h:308:
dead_error_condition: On this path, the condition "i < 1" cannot be true.
/qemu-1.0rc1/linux-user/syscall_defs.h:308:
const: After this line, the value of "i" is equal to 1.
/qemu-1.0rc1/linux-user/syscall_defs.h:308:
assignment: Assigning: "i" = "1".
/qemu-1.0rc1/linux-user/syscall_defs.h:309:
dead_error_begin: Execution cannot reach this statement "d->sig[i] = 0UL;".

Error: DEADCODE:
/qemu-1.0rc1/linux-user/signal.c:195:
dead_error_condition: On this path, the condition "i < 1" cannot be true.
/qemu-1.0rc1/linux-user/signal.c:195:
const: After this line, the value of "i" is equal to 1.
/qemu-1.0rc1/linux-user/signal.c:195:
assignment: Assigning: "i" = "1".
/qemu-1.0rc1/linux-user/signal.c:196:
dead_error_begin: Execution cannot reach this statement "d.sig[i] = 0UL;".

Error: DEADCODE:
/qemu-1.0rc1/slirp/misc.c:151:
dead_error_condition: On this path, the condition "do_pty == 2" cannot be true.
/qemu-1.0rc1/slirp/misc.c:129:
cannot_single: After this line (or expression), the value of "do_pty" cannot be 2.
/qemu-1.0rc1/slirp/misc.c:152:
dead_error_line: Execution cannot reach this statement "close(master);".

Error: DEADCODE:
/qemu-1.0rc1/slirp/misc.c:159:
dead_error_condition: On this path, the condition "do_pty == 2" cannot be true.
/qemu-1.0rc1/slirp/misc.c:129:
cannot_single: After this line (or expression), the value of "do_pty" cannot be 2.
/qemu-1.0rc1/slirp/misc.c:160:
dead_error_begin: Execution cannot reach this statement "(void)close(master);".

Error: DEADCODE:
/qemu-1.0rc1/slirp/misc.c:213:
dead_error_condition: On this path, the condition "do_pty == 2" cannot be true.
/qemu-1.0rc1/slirp/misc.c:186:
cannot_set: After this line (or expression), the value of "do_pty" cannot be any of { 1 2 }.
/qemu-1.0rc1/slirp/misc.c:129:
cannot_single: After this line (or expression), the value of "do_pty" cannot be 2.
/qemu-1.0rc1/slirp/misc.c:186:
const: After this line, the value of "do_pty" is equal to 1.
/qemu-1.0rc1/slirp/misc.c:129:
equality_cond: Condition "do_pty == 2" is evaluated as false.
/qemu-1.0rc1/slirp/misc.c:159:
equality_cond: Condition "do_pty == 2" is evaluated as false.
/qemu-1.0rc1/slirp/misc.c:186:
new_values: Noticing condition "do_pty == 1".
/qemu-1.0rc1/slirp/misc.c:214:
dead_error_begin: Execution cannot reach this statement "close(s);".

Error: DEADCODE:
/qemu-1.0rc1/monitor.c:3444:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/monitor.c:3440:
const: After this line, the value of "op" is equal to 37.
/qemu-1.0rc1/monitor.c:3440:
const: After this line, the value of "op" is equal to 42.
/qemu-1.0rc1/monitor.c:3440:
const: After this line, the value of "op" is equal to 47.
/qemu-1.0rc1/monitor.c:3440:
equality_cond: Condition "op != 42" is evaluated as true.
/qemu-1.0rc1/monitor.c:3440:
equality_cond: Condition "op != 47" is evaluated as true.
/qemu-1.0rc1/monitor.c:3440:
new_values: Noticing condition "op != 37".
/qemu-1.0rc1/monitor.c:3440:
new_values: Noticing condition "op != 42".
/qemu-1.0rc1/monitor.c:3440:
new_values: Noticing condition "op != 47".
/qemu-1.0rc1/monitor.c:3445:
dead_error_line: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/monitor.c:3475:
dead_error_condition: On this path, the switch value "op" cannot reach the default case.
/qemu-1.0rc1/monitor.c:3471:
const: After this line, the value of "op" is equal to 124.
/qemu-1.0rc1/monitor.c:3471:
const: After this line, the value of "op" is equal to 38.
/qemu-1.0rc1/monitor.c:3471:
const: After this line, the value of "op" is equal to 94.
/qemu-1.0rc1/monitor.c:3471:
equality_cond: Condition "op != 124" is evaluated as true.
/qemu-1.0rc1/monitor.c:3471:
equality_cond: Condition "op != 38" is evaluated as true.
/qemu-1.0rc1/monitor.c:3471:
new_values: Noticing condition "op != 124".
/qemu-1.0rc1/monitor.c:3471:
new_values: Noticing condition "op != 38".
/qemu-1.0rc1/monitor.c:3471:
new_values: Noticing condition "op != 94".
/qemu-1.0rc1/monitor.c:3476:
dead_error_line: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-i386/op_helper.c:1059:
dead_error_condition: On this path, the condition "ist != 0" cannot be true.
/qemu-1.0rc1/target-i386/op_helper.c:1045:
const: After this line, the value of "ist" is equal to 0.
/qemu-1.0rc1/target-i386/op_helper.c:1045:
new_values: Noticing condition "ist != 0".
/qemu-1.0rc1/target-i386/op_helper.c:1060:
dead_error_line: Execution cannot reach this statement "esp = get_rsp_from_tss(ist ...".

Error: DEADCODE:
/qemu-1.0rc1/target-mips/translate.c:2874:
dead_error_condition: On this path, the switch value "opc" cannot reach the default case.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 1342177280.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 1409286144.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 1476395008.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 1543503872.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 268435456.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 335544320.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 402653184.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 469762048.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 67108864.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 67174400.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 67239936.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 67305472.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 68157440.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 68157445.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 68222976.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 68222981.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 68288512.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 68354048.
/qemu-1.0rc1/target-mips/translate.c:2721:
equality_cond: Jumping to case "1342177280U".
/qemu-1.0rc1/target-mips/translate.c:2723:
equality_cond: Jumping to case "1409286144U".
/qemu-1.0rc1/target-mips/translate.c:2740:
equality_cond: Jumping to case "1476395008U".
/qemu-1.0rc1/target-mips/translate.c:2738:
equality_cond: Jumping to case "1543503872U".
/qemu-1.0rc1/target-mips/translate.c:2720:
equality_cond: Jumping to case "268435456U".
/qemu-1.0rc1/target-mips/translate.c:2722:
equality_cond: Jumping to case "335544320U".
/qemu-1.0rc1/target-mips/translate.c:2739:
equality_cond: Jumping to case "402653184U".
/qemu-1.0rc1/target-mips/translate.c:2737:
equality_cond: Jumping to case "469762048U".
/qemu-1.0rc1/target-mips/translate.c:2741:
equality_cond: Jumping to case "67108864U".
/qemu-1.0rc1/target-mips/translate.c:2732:
equality_cond: Jumping to case "67174400U".
/qemu-1.0rc1/target-mips/translate.c:2745:
equality_cond: Jumping to case "67239936U".
/qemu-1.0rc1/target-mips/translate.c:2736:
equality_cond: Jumping to case "67305472U".
/qemu-1.0rc1/target-mips/translate.c:2742:
equality_cond: Jumping to case "68157440U".
/qemu-1.0rc1/target-mips/translate.c:2743:
equality_cond: Jumping to case "68157445U".
/qemu-1.0rc1/target-mips/translate.c:2733:
equality_cond: Jumping to case "68222976U".
/qemu-1.0rc1/target-mips/translate.c:2734:
equality_cond: Jumping to case "68222981U".
/qemu-1.0rc1/target-mips/translate.c:2744:
equality_cond: Jumping to case "68288512U".
/qemu-1.0rc1/target-mips/translate.c:2735:
equality_cond: Jumping to case "68354048U".
/qemu-1.0rc1/target-mips/translate.c:2959:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 1543503872.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 1946157056.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 1946157061.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 201326592.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 201326597.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 268435456.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 329.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 335544320.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 336.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 402653184.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 469762048.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 67108864.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 67174400.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 67239936.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 67305472.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 68157440.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 68157445.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 68222976.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 68222981.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 68288512.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 68354048.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 8.
/qemu-1.0rc1/target-mips/translate.c:2719:
const: After this line, the value of "opc" is equal to 9.
/qemu-1.0rc1/target-mips/translate.c:2721:
equality_cond: Jumping to case "1342177280U".
/qemu-1.0rc1/target-mips/translate.c:2753:
equality_cond: Jumping to case "134217728U".
/qemu-1.0rc1/target-mips/translate.c:2723:
equality_cond: Jumping to case "1409286144U".
/qemu-1.0rc1/target-mips/translate.c:2740:
equality_cond: Jumping to case "1476395008U".
/qemu-1.0rc1/target-mips/translate.c:2738:
equality_cond: Jumping to case "1543503872U".
/qemu-1.0rc1/target-mips/translate.c:2755:
equality_cond: Jumping to case "1946157056U".
/qemu-1.0rc1/target-mips/translate.c:2757:
equality_cond: Jumping to case "1946157061U".
/qemu-1.0rc1/target-mips/translate.c:2754:
equality_cond: Jumping to case "201326592U".
/qemu-1.0rc1/target-mips/translate.c:2756:
equality_cond: Jumping to case "201326597U".
/qemu-1.0rc1/target-mips/translate.c:2720:
equality_cond: Jumping to case "268435456U".
/qemu-1.0rc1/target-mips/translate.c:2763:
equality_cond: Jumping to case "329U".
/qemu-1.0rc1/target-mips/translate.c:2722:
equality_cond: Jumping to case "335544320U".
/qemu-1.0rc1/target-mips/translate.c:2764:
equality_cond: Jumping to case "336U".
/qemu-1.0rc1/target-mips/translate.c:2739:
equality_cond: Jumping to case "402653184U".
/qemu-1.0rc1/target-mips/translate.c:2737:
equality_cond: Jumping to case "469762048U".
/qemu-1.0rc1/target-mips/translate.c:2741:
equality_cond: Jumping to case "67108864U".
/qemu-1.0rc1/target-mips/translate.c:2732:
equality_cond: Jumping to case "67174400U".
/qemu-1.0rc1/target-mips/translate.c:2745:
equality_cond: Jumping to case "67239936U".
/qemu-1.0rc1/target-mips/translate.c:2736:
equality_cond: Jumping to case "67305472U".
/qemu-1.0rc1/target-mips/translate.c:2742:
equality_cond: Jumping to case "68157440U".
/qemu-1.0rc1/target-mips/translate.c:2743:
equality_cond: Jumping to case "68157445U".
/qemu-1.0rc1/target-mips/translate.c:2733:
equality_cond: Jumping to case "68222976U".
/qemu-1.0rc1/target-mips/translate.c:2734:
equality_cond: Jumping to case "68222981U".
/qemu-1.0rc1/target-mips/translate.c:2744:
equality_cond: Jumping to case "68288512U".
/qemu-1.0rc1/target-mips/translate.c:2735:
equality_cond: Jumping to case "68354048U".
/qemu-1.0rc1/target-mips/translate.c:2761:
equality_cond: Jumping to case "8U".
/qemu-1.0rc1/target-mips/translate.c:2762:
equality_cond: Jumping to case "9U".
/qemu-1.0rc1/target-mips/translate.c:2868:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-mips/translate.c:7730:
dead_error_condition: On this path, the switch value "optype" cannot be "CMPOP".
/qemu-1.0rc1/target-mips/translate.c:6558:
const: After this line, the value of "optype" is equal to 0.
/qemu-1.0rc1/target-mips/translate.c:6573:
const: After this line, the value of "optype" is equal to 0.
/qemu-1.0rc1/target-mips/translate.c:6588:
const: After this line, the value of "optype" is equal to 0.
/qemu-1.0rc1/target-mips/translate.c:6603:
const: After this line, the value of "optype" is equal to 0.
/qemu-1.0rc1/target-mips/translate.c:6956:
const: After this line, the value of "optype" is equal to 0.
/qemu-1.0rc1/target-mips/translate.c:6972:
const: After this line, the value of "optype" is equal to 0.
/qemu-1.0rc1/target-mips/translate.c:6988:
const: After this line, the value of "optype" is equal to 0.
/qemu-1.0rc1/target-mips/translate.c:7004:
const: After this line, the value of "optype" is equal to 0.
/qemu-1.0rc1/target-mips/translate.c:6541:
const: After this line, the value of "optype" is equal to 2.
/qemu-1.0rc1/target-mips/translate.c:6558:
assignment: Assigning: "optype" = "BINOP".
/qemu-1.0rc1/target-mips/translate.c:6573:
assignment: Assigning: "optype" = "BINOP".
/qemu-1.0rc1/target-mips/translate.c:6588:
assignment: Assigning: "optype" = "BINOP".
/qemu-1.0rc1/target-mips/translate.c:6603:
assignment: Assigning: "optype" = "BINOP".
/qemu-1.0rc1/target-mips/translate.c:6956:
assignment: Assigning: "optype" = "BINOP".
/qemu-1.0rc1/target-mips/translate.c:6972:
assignment: Assigning: "optype" = "BINOP".
/qemu-1.0rc1/target-mips/translate.c:6988:
assignment: Assigning: "optype" = "BINOP".
/qemu-1.0rc1/target-mips/translate.c:7004:
assignment: Assigning: "optype" = "BINOP".
/qemu-1.0rc1/target-mips/translate.c:6541:
assignment: Assigning: "optype" = "OTHEROP".
/qemu-1.0rc1/target-mips/translate.c:7730:
dead_error_begin: Execution cannot reach this statement "case CMPOP:".

Error: DEADCODE:
/qemu-1.0rc1/target-sparc/translate.c:4898:
dead_error_condition: On this path, the switch value "xop" cannot reach the default case.
/qemu-1.0rc1/target-sparc/translate.c:4894:
between: After this line, the value of "xop" is between 32 and 35.
/qemu-1.0rc1/target-sparc/translate.c:4682:
equality_cond: Condition "xop == 31U" is evaluated as false.
/qemu-1.0rc1/target-sparc/translate.c:4667:
equality_cond: Condition "xop == 60U" is evaluated as false.
/qemu-1.0rc1/target-sparc/translate.c:4682:
equality_cond: Condition "xop == 61U" is evaluated as false.
/qemu-1.0rc1/target-sparc/translate.c:4667:
equality_cond: Condition "xop == 62U" is evaluated as false.
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop < 20U".
/qemu-1.0rc1/target-sparc/translate.c:4894:
new_values: Noticing condition "xop < 36U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop < 4U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop <= 29U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop > 23U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop > 44U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop > 7U".
/qemu-1.0rc1/target-sparc/translate.c:4894:
new_values: Noticing condition "xop >= 32U".
/qemu-1.0rc1/target-sparc/translate.c:4943:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-sparc/translate.c:5045:
dead_error_condition: On this path, the switch value "xop" cannot reach the default case.
/qemu-1.0rc1/target-sparc/translate.c:5041:
between: After this line, the value of "xop" is between 36 and 39.
/qemu-1.0rc1/target-sparc/translate.c:4946:
equality_cond: Condition "xop == 14U" is evaluated as false.
/qemu-1.0rc1/target-sparc/translate.c:4946:
equality_cond: Condition "xop == 30U" is evaluated as false.
/qemu-1.0rc1/target-sparc/translate.c:4682:
equality_cond: Condition "xop == 31U" is evaluated as false.
/qemu-1.0rc1/target-sparc/translate.c:4667:
equality_cond: Condition "xop == 60U" is evaluated as false.
/qemu-1.0rc1/target-sparc/translate.c:4682:
equality_cond: Condition "xop == 61U" is evaluated as false.
/qemu-1.0rc1/target-sparc/translate.c:4667:
equality_cond: Condition "xop == 62U" is evaluated as false.
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop < 20U".
/qemu-1.0rc1/target-sparc/translate.c:4946:
new_values: Noticing condition "xop < 24U".
/qemu-1.0rc1/target-sparc/translate.c:4894:
new_values: Noticing condition "xop < 36U".
/qemu-1.0rc1/target-sparc/translate.c:5041:
new_values: Noticing condition "xop < 40U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop < 4U".
/qemu-1.0rc1/target-sparc/translate.c:4946:
new_values: Noticing condition "xop < 8U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop <= 29U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop > 23U".
/qemu-1.0rc1/target-sparc/translate.c:5041:
new_values: Noticing condition "xop > 35U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop > 44U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop > 7U".
/qemu-1.0rc1/target-sparc/translate.c:4946:
new_values: Noticing condition "xop >= 20U".
/qemu-1.0rc1/target-sparc/translate.c:4894:
new_values: Noticing condition "xop >= 32U".
/qemu-1.0rc1/target-sparc/translate.c:5096:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/target-sparc/translate.c:4949:
dead_error_condition: On this path, the switch value "xop" cannot reach the default case.
/qemu-1.0rc1/target-sparc/translate.c:4946:
between: After this line, the value of "xop" is between 20 and 23.
/qemu-1.0rc1/target-sparc/translate.c:4946:
between: After this line, the value of "xop" is between 4 and 7.
/qemu-1.0rc1/target-sparc/translate.c:4946:
const: After this line, the value of "xop" is equal to 14.
/qemu-1.0rc1/target-sparc/translate.c:4946:
const: After this line, the value of "xop" is equal to 30.
/qemu-1.0rc1/target-sparc/translate.c:4946:
equality_cond: Condition "xop == 14U" is evaluated as false.
/qemu-1.0rc1/target-sparc/translate.c:4682:
equality_cond: Condition "xop == 31U" is evaluated as false.
/qemu-1.0rc1/target-sparc/translate.c:4667:
equality_cond: Condition "xop == 60U" is evaluated as false.
/qemu-1.0rc1/target-sparc/translate.c:4682:
equality_cond: Condition "xop == 61U" is evaluated as false.
/qemu-1.0rc1/target-sparc/translate.c:4667:
equality_cond: Condition "xop == 62U" is evaluated as false.
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop != 14U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop < 20U".
/qemu-1.0rc1/target-sparc/translate.c:4946:
new_values: Noticing condition "xop < 24U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop < 4U".
/qemu-1.0rc1/target-sparc/translate.c:4946:
new_values: Noticing condition "xop < 8U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop <= 29U".
/qemu-1.0rc1/target-sparc/translate.c:4946:
new_values: Noticing condition "xop == 14U".
/qemu-1.0rc1/target-sparc/translate.c:4946:
new_values: Noticing condition "xop == 30U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop > 23U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop > 44U".
/qemu-1.0rc1/target-sparc/translate.c:4682:
new_values: Noticing condition "xop > 7U".
/qemu-1.0rc1/target-sparc/translate.c:4946:
new_values: Noticing condition "xop >= 20U".
/qemu-1.0rc1/target-sparc/translate.c:4894:
new_values: Noticing condition "xop >= 32U".
/qemu-1.0rc1/target-sparc/translate.c:5038:
dead_error_begin: Execution cannot reach this statement "default:".

Error: DEADCODE:
/qemu-1.0rc1/ui/curses.c:181:
dead_error_condition: On this path, the condition "nextchr == -1" cannot be false.
/qemu-1.0rc1/ui/curses.c:178:
const: After this line, the value of "nextchr" is equal to -1.
/qemu-1.0rc1/ui/curses.c:181:
const: After this line, the value of "nextchr" is equal to -1.
/qemu-1.0rc1/ui/curses.c:211:
const: After this line, the value of "nextchr" is equal to -1.
/qemu-1.0rc1/ui/curses.c:215:
const: After this line, the value of "nextchr" is equal to -1.
/qemu-1.0rc1/ui/curses.c:178:
assignment: Assigning: "nextchr" = "-1".
/qemu-1.0rc1/ui/curses.c:215:
assignment: Assigning: "nextchr" = "-1".
/qemu-1.0rc1/ui/curses.c:211:
new_values: Noticing condition "nextchr != -1".
/qemu-1.0rc1/ui/curses.c:181:
new_values: Noticing condition "nextchr == -1".
/qemu-1.0rc1/ui/curses.c:184:
dead_error_begin: Execution cannot reach this statement "chr = nextchr;".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:603:
var_compare_op: Comparing "*obj" to null implies that "*obj" might be null.
/qemu-1.0rc1/qapi-visit.c:604:
var_deref_op: Dereferencing null variable "*obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:603:
var_compare_op: Comparing "obj" to null implies that "obj" might be null.
/qemu-1.0rc1/qapi-visit.c:604:
var_deref_op: Dereferencing null variable "obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/block/qcow2-refcount.c:420:
assign_zero: Assigning: "refcount_block" = 0.
/qemu-1.0rc1/block/qcow2-refcount.c:472:
var_deref_op: Dereferencing null variable "refcount_block".

Error: FORWARD_NULL:
/qemu-1.0rc1/block/qcow2-refcount.c:1000:
assign_zero: Assigning: "l1_table" = 0.
/qemu-1.0rc1/block/qcow2-refcount.c:1012:
var_deref_op: Dereferencing null variable "l1_table".

Error: FORWARD_NULL:
/qemu-1.0rc1/block/qcow2-refcount.c:707:
assign_zero: Assigning: "l1_table" = 0.
/qemu-1.0rc1/block/qcow2-refcount.c:718:
var_deref_model: Passing null variable "l1_table + i" to function "be64_to_cpus", which dereferences it.
/qemu-1.0rc1/bswap.h:130:
deref_parm: Directly dereferencing parameter "p".

Error: FORWARD_NULL:
/qemu-1.0rc1/block/qcow2-refcount.c:707:
assign_zero: Assigning: "l1_table" = 0.
/qemu-1.0rc1/block/qcow2-refcount.c:710:
var_deref_model: Passing null variable "l1_table" to function "bdrv_pread", which dereferences it.
/qemu-1.0rc1/block.c:1147:
deref_parm_in_call: Function "memcpy" dereferences parameter "buf". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: FORWARD_NULL:
/qemu-1.0rc1/block/qed.c:571:
var_compare_op: Comparing "backing_file" to null implies that "backing_file" might be null.
/qemu-1.0rc1/block/qed.c:586:
var_deref_model: Passing null variable "backing_file" to function "bdrv_pwrite", which dereferences it.
/qemu-1.0rc1/block.c:1192:
deref_parm_in_call: Function "memcpy" dereferences parameter "buf". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: FORWARD_NULL:
/qemu-1.0rc1/block.c:941:
var_compare_op: Comparing "bs->backing_hd" to null implies that "bs->backing_hd" might be null.
/qemu-1.0rc1/block.c:949:
var_deref_model: Passing null variable "bs->backing_hd" to function "bdrv_delete", which dereferences it.
/qemu-1.0rc1/block.c:748:
deref_parm: Directly dereferencing parameter "bs".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:315:
var_compare_op: Comparing "*obj" to null implies that "*obj" might be null.
/qemu-1.0rc1/qapi-visit.c:316:
var_deref_op: Dereferencing null variable "*obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:315:
var_compare_op: Comparing "obj" to null implies that "obj" might be null.
/qemu-1.0rc1/qapi-visit.c:316:
var_deref_op: Dereferencing null variable "obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:350:
var_compare_op: Comparing "*obj" to null implies that "*obj" might be null.
/qemu-1.0rc1/qapi-visit.c:351:
var_deref_op: Dereferencing null variable "*obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:350:
var_compare_op: Comparing "obj" to null implies that "obj" might be null.
/qemu-1.0rc1/qapi-visit.c:351:
var_deref_op: Dereferencing null variable "obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:414:
var_compare_op: Comparing "*obj" to null implies that "*obj" might be null.
/qemu-1.0rc1/qapi-visit.c:415:
var_deref_op: Dereferencing null variable "*obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:414:
var_compare_op: Comparing "obj" to null implies that "obj" might be null.
/qemu-1.0rc1/qapi-visit.c:415:
var_deref_op: Dereferencing null variable "obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:271:
var_compare_op: Comparing "*obj" to null implies that "*obj" might be null.
/qemu-1.0rc1/qapi-visit.c:272:
var_deref_op: Dereferencing null variable "*obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:271:
var_compare_op: Comparing "obj" to null implies that "obj" might be null.
/qemu-1.0rc1/qapi-visit.c:272:
var_deref_op: Dereferencing null variable "obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:209:
var_compare_op: Comparing "*obj" to null implies that "*obj" might be null.
/qemu-1.0rc1/qapi-visit.c:210:
var_deref_op: Dereferencing null variable "*obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:209:
var_compare_op: Comparing "obj" to null implies that "obj" might be null.
/qemu-1.0rc1/qapi-visit.c:210:
var_deref_op: Dereferencing null variable "obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:21:
var_compare_op: Comparing "*obj" to null implies that "*obj" might be null.
/qemu-1.0rc1/qapi-visit.c:22:
var_deref_op: Dereferencing null variable "*obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:21:
var_compare_op: Comparing "obj" to null implies that "obj" might be null.
/qemu-1.0rc1/qapi-visit.c:22:
var_deref_op: Dereferencing null variable "obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:717:
var_compare_op: Comparing "*obj" to null implies that "*obj" might be null.
/qemu-1.0rc1/qapi-visit.c:718:
var_deref_op: Dereferencing null variable "*obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:717:
var_compare_op: Comparing "obj" to null implies that "obj" might be null.
/qemu-1.0rc1/qapi-visit.c:718:
var_deref_op: Dereferencing null variable "obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:679:
var_compare_op: Comparing "*obj" to null implies that "*obj" might be null.
/qemu-1.0rc1/qapi-visit.c:680:
var_deref_op: Dereferencing null variable "*obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:679:
var_compare_op: Comparing "obj" to null implies that "obj" might be null.
/qemu-1.0rc1/qapi-visit.c:680:
var_deref_op: Dereferencing null variable "obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:746:
var_compare_op: Comparing "*obj" to null implies that "*obj" might be null.
/qemu-1.0rc1/qapi-visit.c:747:
var_deref_op: Dereferencing null variable "*obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:746:
var_compare_op: Comparing "obj" to null implies that "obj" might be null.
/qemu-1.0rc1/qapi-visit.c:747:
var_deref_op: Dereferencing null variable "obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:552:
var_compare_op: Comparing "*obj" to null implies that "*obj" might be null.
/qemu-1.0rc1/qapi-visit.c:553:
var_deref_op: Dereferencing null variable "*obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:552:
var_compare_op: Comparing "obj" to null implies that "obj" might be null.
/qemu-1.0rc1/qapi-visit.c:553:
var_deref_op: Dereferencing null variable "obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:448:
var_compare_op: Comparing "*obj" to null implies that "*obj" might be null.
/qemu-1.0rc1/qapi-visit.c:449:
var_deref_op: Dereferencing null variable "*obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:448:
var_compare_op: Comparing "obj" to null implies that "obj" might be null.
/qemu-1.0rc1/qapi-visit.c:449:
var_deref_op: Dereferencing null variable "obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:479:
var_compare_op: Comparing "*obj" to null implies that "*obj" might be null.
/qemu-1.0rc1/qapi-visit.c:480:
var_deref_op: Dereferencing null variable "*obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/qapi-visit.c:479:
var_compare_op: Comparing "obj" to null implies that "obj" might be null.
/qemu-1.0rc1/qapi-visit.c:480:
var_deref_op: Dereferencing null variable "obj".

Error: FORWARD_NULL:
/qemu-1.0rc1/memory.c:651:
assign_zero: Assigning: "ioeventfds" = 0.
/qemu-1.0rc1/memory.c:670:
var_deref_model: Passing null variable "ioeventfds" to function "address_space_add_del_ioeventfds", which dereferences it.
/qemu-1.0rc1/memory.c:628:
deref_parm: Directly dereferencing parameter "fds_new".

Error: FORWARD_NULL:
/qemu-1.0rc1/hw/ivshmem.c:707:
var_compare_op: Comparing "s->shmobj" to null implies that "s->shmobj" might be null.
/qemu-1.0rc1/hw/ivshmem.c:715:
var_deref_model: Passing null variable "s->shmobj" to function "shm_open", which dereferences it.

Error: FORWARD_NULL:
/qemu-1.0rc1/hw/omap_intc.c:394:
assign_zero: Assigning: "bank" = 0.
/qemu-1.0rc1/hw/omap_intc.c:431:
var_deref_op: Dereferencing null variable "bank".
/qemu-1.0rc1/hw/omap_intc.c:434:
var_deref_op: Dereferencing null variable "bank".
/qemu-1.0rc1/hw/omap_intc.c:441:
var_deref_op: Dereferencing null variable "bank".
/qemu-1.0rc1/hw/omap_intc.c:447:
var_deref_op: Dereferencing null variable "bank".
/qemu-1.0rc1/hw/omap_intc.c:450:
var_deref_op: Dereferencing null variable "bank".

Error: FORWARD_NULL:
/qemu-1.0rc1/hw/omap_intc.c:472:
assign_zero: Assigning: "bank" = 0.
/qemu-1.0rc1/hw/omap_intc.c:519:
var_deref_op: Dereferencing null variable "bank".
/qemu-1.0rc1/hw/omap_intc.c:525:
var_deref_op: Dereferencing null variable "bank".
/qemu-1.0rc1/hw/omap_intc.c:531:
var_deref_op: Dereferencing null variable "bank".
/qemu-1.0rc1/hw/omap_intc.c:535:
var_deref_op: Dereferencing null variable "bank".
/qemu-1.0rc1/hw/omap_intc.c:541:
var_deref_op: Dereferencing null variable "bank".

Error: FORWARD_NULL:
/qemu-1.0rc1/hw/qdev.c:179:
var_compare_op: Comparing "driver" to null implies that "driver" might be null.
/qemu-1.0rc1/hw/qdev.c:193:
var_deref_model: Passing null variable "driver" to function "qdev_find_info", which dereferences it.
/qemu-1.0rc1/hw/qdev.c:65:
deref_parm_in_call: Function "strcmp" dereferences parameter "name". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: FORWARD_NULL:
/qemu-1.0rc1/hw/scsi-bus.c:227:
var_compare_op: Comparing "req->dev" to null implies that "req->dev" might be null.
/qemu-1.0rc1/hw/scsi-bus.c:230:
var_deref_model: Passing null variable "req->dev" to function "scsi_req_build_sense", which dereferences it.
/qemu-1.0rc1/hw/scsi-bus.c:615:
deref_parm: Directly dereferencing parameter "req->dev".

Error: FORWARD_NULL:
/qemu-1.0rc1/hw/usb-ehci.c:1984:
assign_zero: Assigning: "q" = 0.
/qemu-1.0rc1/hw/usb-ehci.c:2027:
var_deref_model: Passing null variable "q" to function "ehci_state_advqueue", which dereferences it.
/qemu-1.0rc1/hw/usb-ehci.c:1763:
deref_parm: Directly dereferencing parameter "q".
/qemu-1.0rc1/hw/usb-ehci.c:2031:
var_deref_model: Passing null variable "q" to function "ehci_state_fetchqtd", which dereferences it.
/qemu-1.0rc1/hw/usb-ehci.c:1792:
deref_parm: Directly dereferencing parameter "q".
/qemu-1.0rc1/hw/usb-ehci.c:2035:
var_deref_model: Passing null variable "q" to function "ehci_state_horizqh", which dereferences it.
/qemu-1.0rc1/hw/usb-ehci.c:1811:
deref_parm: Directly dereferencing parameter "q".
/qemu-1.0rc1/hw/usb-ehci.c:2040:
var_deref_model: Passing null variable "q" to function "ehci_state_execute", which dereferences it.
/qemu-1.0rc1/hw/usb-ehci.c:1845:
deref_parm_in_call: Function "ehci_qh_do_overlay" dereferences parameter "q".
/qemu-1.0rc1/hw/usb-ehci.c:1143:
deref_parm: Directly dereferencing parameter "q".
/qemu-1.0rc1/hw/usb-ehci.c:2049:
var_deref_model: Passing null variable "q" to function "ehci_state_writeback", which dereferences it.
/qemu-1.0rc1/hw/usb-ehci.c:1955:
deref_parm: Directly dereferencing parameter "q".

Error: FORWARD_NULL:
/qemu-1.0rc1/i386-dis.c:3826:
var_compare_op: Comparing "dp->name" to null implies that "dp->name" might be null.
/qemu-1.0rc1/i386-dis.c:3867:
var_deref_model: Passing null variable "dp->name" to function "putop", which dereferences it.
/qemu-1.0rc1/i386-dis.c:4340:
var_assign_parm: Assigning: "p" = "template".
/qemu-1.0rc1/i386-dis.c:4340:
deref_var: Dereferencing "p", which equals a pointer parameter.

Error: FORWARD_NULL:
/qemu-1.0rc1/slirp/tcp_subr.c:117:
var_compare_op: Comparing "tp" to null implies that "tp" might be null.
/qemu-1.0rc1/slirp/tcp_subr.c:120:
var_deref_op: Dereferencing null variable "tp".

Error: FORWARD_NULL:
/qemu-1.0rc1/ui/vnc-auth-sasl.c:434:
var_compare_op: Comparing "mechname" to null implies that "mechname" might be null.
/qemu-1.0rc1/ui/vnc-auth-sasl.c:438:
var_deref_model: Passing null variable "mechname" to function "strncpy", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: FORWARD_NULL:
/qemu-1.0rc1/usb-linux.c:1865:
var_compare_op: Comparing "port" to null implies that "port" might be null.
/qemu-1.0rc1/usb-linux.c:1888:
var_deref_model: Passing null variable "port" to function "usb_host_open", which dereferences it.
/qemu-1.0rc1/usb-linux.c:1266:
deref_parm_in_call: Function "strcpy" dereferences parameter "port". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: INFINITE_LOOP:
/qemu-1.0rc1/block.c:1076:
loop_top: Top of the loop.
/qemu-1.0rc1/block.c:1077:
loop_bottom: Bottom of the loop.
/qemu-1.0rc1/block.c:1076:
loop_condition: "2147483647 == rwco.ret" must remain true for the loop to continue.

Error: INFINITE_LOOP:
/qemu-1.0rc1/block.c:2834:
loop_top: Top of the loop.
/qemu-1.0rc1/block.c:2835:
loop_bottom: Bottom of the loop.
/qemu-1.0rc1/block.c:2834:
loop_condition: "2147483647 == rwco.ret" must remain true for the loop to continue.

Error: INFINITE_LOOP:
/qemu-1.0rc1/block/qed-table.c:278:
loop_top: Top of the loop.
/qemu-1.0rc1/block/qed-table.c:279:
loop_bottom: Bottom of the loop.
/qemu-1.0rc1/block/qed-table.c:278:
loop_condition: "ret == -115" must remain true for the loop to continue.

Error: INFINITE_LOOP:
/qemu-1.0rc1/block/qed-table.c:205:
loop_top: Top of the loop.
/qemu-1.0rc1/block/qed-table.c:206:
loop_bottom: Bottom of the loop.
/qemu-1.0rc1/block/qed-table.c:205:
loop_condition: "ret == -115" must remain true for the loop to continue.

Error: INFINITE_LOOP:
/qemu-1.0rc1/block/qed-table.c:300:
loop_top: Top of the loop.
/qemu-1.0rc1/block/qed-table.c:301:
loop_bottom: Bottom of the loop.
/qemu-1.0rc1/block/qed-table.c:300:
loop_condition: "ret == -115" must remain true for the loop to continue.

Error: INFINITE_LOOP:
/qemu-1.0rc1/block/qed-table.c:184:
loop_top: Top of the loop.
/qemu-1.0rc1/block/qed-table.c:185:
loop_bottom: Bottom of the loop.
/qemu-1.0rc1/block/qed-table.c:184:
loop_condition: "ret == -115" must remain true for the loop to continue.

Error: INFINITE_LOOP:
/qemu-1.0rc1/block/qed.c:679:
loop_top: Top of the loop.
/qemu-1.0rc1/block/qed.c:680:
loop_bottom: Bottom of the loop.
/qemu-1.0rc1/block/qed.c:679:
loop_condition: "cb.is_allocated == -1" must remain true for the loop to continue.

Error: INFINITE_LOOP:
/qemu-1.0rc1/block.c:2895:
loop_top: Top of the loop.
/qemu-1.0rc1/block.c:2896:
loop_bottom: Bottom of the loop.
/qemu-1.0rc1/block.c:2895:
loop_condition: "2147483647 == rwco.ret" must remain true for the loop to continue.

Error: INFINITE_LOOP:
/qemu-1.0rc1/qemu-io.c:255:
loop_top: Top of the loop.
/qemu-1.0rc1/qemu-io.c:256:
loop_bottom: Bottom of the loop.
/qemu-1.0rc1/qemu-io.c:255:
loop_condition: "2147483647 == async_ret" must remain true for the loop to continue.

Error: INFINITE_LOOP:
/qemu-1.0rc1/qemu-io.c:274:
loop_top: Top of the loop.
/qemu-1.0rc1/qemu-io.c:275:
loop_bottom: Bottom of the loop.
/qemu-1.0rc1/qemu-io.c:274:
loop_condition: "2147483647 == async_ret" must remain true for the loop to continue.

Error: INFINITE_LOOP:
/qemu-1.0rc1/target-i386/ops_sse.h:2002:
non_progress_update: Update "i--" makes no progress toward satisfying the loop exit condition "i <= 16".
/qemu-1.0rc1/target-i386/ops_sse.h:2002:
loop_top: Top of the loop.
/qemu-1.0rc1/target-i386/ops_sse.h:2002:
loop_bottom: Bottom of the loop.
/qemu-1.0rc1/target-i386/ops_sse.h:2002:
loop_condition: "i <= 16" must remain true for the loop to continue.

Error: INFINITE_LOOP:
/qemu-1.0rc1/target-i386/ops_sse.h:1999:
non_progress_update: Update "i--" makes no progress toward satisfying the loop exit condition "i <= 8".
/qemu-1.0rc1/target-i386/ops_sse.h:1999:
loop_top: Top of the loop.
/qemu-1.0rc1/target-i386/ops_sse.h:1999:
loop_bottom: Bottom of the loop.
/qemu-1.0rc1/target-i386/ops_sse.h:1999:
loop_condition: "i <= 8" must remain true for the loop to continue.

Error: INFINITE_LOOP:
/qemu-1.0rc1/target-i386/ops_sse.h:2034:
non_progress_update: Update "i--" makes no progress toward satisfying the loop exit condition "i <= 16".
/qemu-1.0rc1/target-i386/ops_sse.h:2034:
loop_top: Top of the loop.
/qemu-1.0rc1/target-i386/ops_sse.h:2034:
loop_bottom: Bottom of the loop.
/qemu-1.0rc1/target-i386/ops_sse.h:2034:
loop_condition: "i <= 16" must remain true for the loop to continue.

Error: INFINITE_LOOP:
/qemu-1.0rc1/target-i386/ops_sse.h:2031:
non_progress_update: Update "i--" makes no progress toward satisfying the loop exit condition "i <= 8".
/qemu-1.0rc1/target-i386/ops_sse.h:2031:
loop_top: Top of the loop.
/qemu-1.0rc1/target-i386/ops_sse.h:2031:
loop_bottom: Bottom of the loop.
/qemu-1.0rc1/target-i386/ops_sse.h:2031:
loop_condition: "i <= 8" must remain true for the loop to continue.

Error: MISSING_BREAK:
/qemu-1.0rc1/json-lexer.c:302:
unterminated_case: This case (value 104) is not terminated by a 'break' statement.
/qemu-1.0rc1/json-lexer.c:304:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/qemu-option.c:222:
unterminated_case: This case (value 107) is not terminated by a 'break' statement.
/qemu-1.0rc1/qemu-option.c:224:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/qemu-option.c:217:
unterminated_case: This case (value 71) is not terminated by a 'break' statement.
/qemu-1.0rc1/qemu-option.c:219:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/qemu-option.c:219:
unterminated_case: This case (value 77) is not terminated by a 'break' statement.
/qemu-1.0rc1/qemu-option.c:221:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/qemu-option.c:215:
unterminated_case: This case (value 84) is not terminated by a 'break' statement.
/qemu-1.0rc1/qemu-option.c:217:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/bt-host.c:126:
unterminated_case: This case (value 3) is not terminated by a 'break' statement.
/qemu-1.0rc1/bt-host.c:134:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/console.c:981:
unterminated_case: This case (value 74) is not terminated by a 'break' statement.
/qemu-1.0rc1/console.c:1014:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/console.c:1677:
unterminated_case: This case (value 24) is not terminated by a 'break' statement.
/qemu-1.0rc1/console.c:1690:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/cutils.c:368:
unterminated_case: This case (value 0) is not terminated by a 'break' statement.
/qemu-1.0rc1/cutils.c:372:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/hid.c:168:
unterminated_case: This case (value 224) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/hid.c:173:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/hid.c:173:
unterminated_case: This case (value 231) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/hid.c:178:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/cirrus_vga.c:1305:
unterminated_case: This case (value 7) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/cirrus_vga.c:1307:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/ds1338.c:98:
unterminated_case: This case (value 5) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/ds1338.c:100:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/es1370.c:540:
unterminated_case: This case (value 40) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/es1370.c:542:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/es1370.c:538:
unterminated_case: This case (value 44) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/es1370.c:540:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/jazz_led.c:245:
unterminated_case: This case (value 16) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/jazz_led.c:248:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/lan9118.c:857:
unterminated_case: This case (value 4) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/lan9118.c:866:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/pcnet.c:1485:
unterminated_case: This case (value 20) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/pcnet.c:1508:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/omap1.c:534:
unterminated_case: This case (value 44) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/omap1.c:536:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/omap1.c:638:
unterminated_case: This case (value 44) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/omap1.c:640:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/omap_gpmc.c:166:
unterminated_case: This case (value 0) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/omap_gpmc.c:183:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/pflash_cfi02.c:144:
unterminated_default: The default case is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/pflash_cfi02.c:149:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/pxa2xx.c:460:
unterminated_case: This case (value 100) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/pxa2xx.c:464:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/sh_timer.c:71:
unterminated_case: This case (value 3) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/sh_timer.c:74:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/stellaris.c:180:
unterminated_case: This case (value 72) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/stellaris.c:183:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/twl92230.c:492:
unterminated_case: This case (value 19) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/twl92230.c:493:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/usb-ohci.c:1054:
unterminated_case: This case (value -1) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/usb-ohci.c:1056:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/hw/usb-ohci.c:1685:
unterminated_case: This case (value 24) is not terminated by a 'break' statement.
/qemu-1.0rc1/hw/usb-ohci.c:1688:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/m68k-dis.c:1627:
unterminated_case: This case (value 88) is not terminated by a 'break' statement.
/qemu-1.0rc1/m68k-dis.c:1629:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/qemu-ga.c:362:
unterminated_case: This case (value 1) is not terminated by a 'break' statement.
/qemu-1.0rc1/qemu-ga.c:365:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/target-i386/translate.c:3681:
unterminated_case: This case (value 312) is not terminated by a 'break' statement.
/qemu-1.0rc1/target-i386/translate.c:3684:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/target-i386/translate.c:4285:
unterminated_case: This case (value 130) is not terminated by a 'break' statement.
/qemu-1.0rc1/target-i386/translate.c:4288:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/target-i386/translate.c:7612:
unterminated_case: This case (value 271) is not terminated by a 'break' statement.
/qemu-1.0rc1/target-i386/translate.c:7615:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/target-mips/translate.c:12240:
unterminated_case: This case (value 1155530752) is not terminated by a 'break' statement.
/qemu-1.0rc1/target-mips/translate.c:12242:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/target-ppc/op_helper.c:836:
unterminated_case: This case (value 29) is not terminated by a 'break' statement.
/qemu-1.0rc1/target-ppc/op_helper.c:840:
fallthrough: The above case falls through to this one.

Error: MISSING_BREAK:
/qemu-1.0rc1/target-sparc/translate.c:4052:
unterminated_case: This case (value 46) is not terminated by a 'break' statement.
/qemu-1.0rc1/target-sparc/translate.c:4058:
fallthrough: The above case falls through to this one.

Error: MISSING_LOCK:
/qemu-1.0rc1/posix-aio-compat.c:376:
example_lock: Locking "lock".
/qemu-1.0rc1/posix-aio-compat.c:377:
example_access: qemu_paiocb.ret is being accessed with lock "lock" held.
/qemu-1.0rc1/posix-aio-compat.c:583:
example_lock: Locking "lock".
/qemu-1.0rc1/posix-aio-compat.c:586:
example_access: qemu_paiocb.ret is being accessed with lock "lock" held.
/qemu-1.0rc1/posix-aio-compat.c:436:
missing_lock: Accessing variable "aiocb->ret" (qemu_paiocb.ret) requires the lock lock.

Error: MISSING_LOCK:
/qemu-1.0rc1/hw/qxl.c:749:
example_lock: Locking "qxl->async_lock.lock".
/qemu-1.0rc1/hw/qxl.c:751:
example_access: PCIQXLDevice.current_async is being accessed with lock "qxl->async_lock.lock" held.
/qemu-1.0rc1/hw/qxl.c:1200:
example_lock: Locking "d->async_lock.lock".
/qemu-1.0rc1/hw/qxl.c:1207:
example_access: PCIQXLDevice.current_async is being accessed with lock "d->async_lock.lock" held.
/qemu-1.0rc1/hw/qxl.c:1341:
example_lock: Locking "d->async_lock.lock".
/qemu-1.0rc1/hw/qxl.c:1342:
example_access: PCIQXLDevice.current_async is being accessed with lock "d->async_lock.lock" held.
/qemu-1.0rc1/hw/qxl.c:1536:
missing_lock: Accessing variable "qxl->current_async" (PCIQXLDevice.current_async) requires the QemuMutex.lock lock.

Error: MISSING_LOCK:
/qemu-1.0rc1/ui/spice-display.c:325:
example_lock: Locking "ssd->lock.lock".
/qemu-1.0rc1/ui/spice-display.c:337:
example_access: SimpleSpiceDisplay.mouse_x is being accessed with lock "ssd->lock.lock" held.
/qemu-1.0rc1/hw/qxl-render.c:221:
example_lock: Locking "qxl->ssd.lock.lock".
/qemu-1.0rc1/hw/qxl-render.c:226:
example_access: SimpleSpiceDisplay.mouse_x is being accessed with lock "qxl->ssd.lock.lock" held.
/qemu-1.0rc1/hw/qxl-render.c:231:
example_lock: Locking "qxl->ssd.lock.lock".
/qemu-1.0rc1/hw/qxl-render.c:232:
example_access: SimpleSpiceDisplay.mouse_x is being accessed with lock "qxl->ssd.lock.lock" held.
/qemu-1.0rc1/ui/spice-display.c:274:
missing_lock: Accessing variable "ssd->mouse_x" (SimpleSpiceDisplay.mouse_x) requires the QemuMutex.lock lock.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/gdbstub.c:334:
var_tested_neg: Assigning: "s->fd" = a negative value.
/qemu-1.0rc1/gdbstub.c:331:
negative_returns: "s->fd" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/block.c:293:
negative_return_fn: Function "mkstemp(filename)" returns a negative number.
/qemu-1.0rc1/block.c:293:
var_assign: Assigning: signed variable "fd" = "mkstemp".
/qemu-1.0rc1/block.c:294:
negative_returns: "fd" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/block/sheepdog.c:2017:
negative_return_fn: Function "connect_to_sdog(s->addr, s->port)" returns a negative number.
/qemu-1.0rc1/block/sheepdog.c:587:
return_negative_constant: Explicitly returning negative value "-1".
/qemu-1.0rc1/block/sheepdog.c:2017:
var_assign: Assigning: signed variable "fd" = "connect_to_sdog".
/qemu-1.0rc1/block/sheepdog.c:2051:
negative_returns: "fd" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/block/sheepdog.c:1802:
negative_return_fn: Function "connect_to_sdog(s->addr, s->port)" returns a negative number.
/qemu-1.0rc1/block/sheepdog.c:587:
return_negative_constant: Explicitly returning negative value "-1".
/qemu-1.0rc1/block/sheepdog.c:1802:
var_assign: Assigning: signed variable "fd" = "connect_to_sdog".
/qemu-1.0rc1/block/sheepdog.c:1841:
negative_returns: "fd" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/target-s390x/translate.c:5119:
var_tested_neg: Assigning: "lj" = a negative value.
/qemu-1.0rc1/target-s390x/translate.c:5164:
negative_returns: Using variable "lj" as an index to array "gen_opc_pc".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/hw/loader.c:586:
negative_return_fn: Function "lseek(fd, 0L, 2)" returns a negative number.
/qemu-1.0rc1/hw/loader.c:586:
var_assign: Assigning: unsigned variable "rom->romsize" = "lseek".
/qemu-1.0rc1/hw/loader.c:589:
negative_returns: "rom->romsize" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/hw/pcnet.c:1213:
var_tested_neg: Assigning: "s->xmit_pos" = a negative value.
/qemu-1.0rc1/hw/pcnet.c:1240:
negative_returns: Using variable "s->xmit_pos" as an index to array "s->buffer".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/hw/pcnet.c:1263:
var_tested_neg: Assigning: "s->xmit_pos" = a negative value.
/qemu-1.0rc1/hw/pcnet.c:1240:
negative_returns: Using variable "s->xmit_pos" as an index to array "s->buffer".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/hw/loader.c:95:
negative_return_fn: Function "read(fd, buf, nbytes)" returns a negative number.
/qemu-1.0rc1/hw/loader.c:95:
var_assign: Assigning: unsigned variable "did" = "read".
/qemu-1.0rc1/hw/loader.c:97:
negative_returns: "did" is passed to a parameter that cannot be negative.
/qemu-1.0rc1/hw/loader.c:638:
neg_sink_parm_call: Passing "len" to "memcpy", which cannot accept a negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/hw/loader.c:77:
negative_return_fn: Function "lseek(fd, 0L, 2)" returns a negative number.
/qemu-1.0rc1/hw/loader.c:77:
var_assign: Assigning: signed variable "size" = "lseek".
/qemu-1.0rc1/hw/loader.c:79:
negative_returns: "size" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/hw/macio.c:87:
negative_returns: Passing negative constant "-1" to a parameter that cannot be negative.
/qemu-1.0rc1/hw/pci.c:824:
index: Passing parameter "devfn" to an index.
/qemu-1.0rc1/hw/pci.c:745:
index: Indexing with parameter "devfn".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/hw/openpic.c:860:
negative_return_fn: Function "IRQ_get_next(opp, &dst->raised)" returns a negative number.
/qemu-1.0rc1/hw/openpic.c:302:
var_tested_neg: Variable "q->next" is negative.
/qemu-1.0rc1/hw/openpic.c:307:
return_negative_variable: Explicitly returning negative variable "q->next".
/qemu-1.0rc1/hw/openpic.c:860:
var_assign: Assigning: signed variable "n_IRQ" = "IRQ_get_next".
/qemu-1.0rc1/hw/openpic.c:861:
negative_returns: Using variable "n_IRQ" as an index to array "opp->src".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/hw/openpic.c:1195:
negative_returns: Passing negative constant "-1" to a parameter that cannot be negative.
/qemu-1.0rc1/hw/pci.c:824:
index: Passing parameter "devfn" to an index.
/qemu-1.0rc1/hw/pci.c:745:
index: Indexing with parameter "devfn".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/hw/pc.c:654:
negative_return_fn: Function "ftell(f)" returns a negative number.
/qemu-1.0rc1/hw/pc.c:654:
var_assign: Assigning: signed variable "where" = "ftell".
/qemu-1.0rc1/hw/pc.c:657:
negative_returns: "where" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/linux-user/elfload.c:1148:
negative_returns: A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
/qemu-1.0rc1/linux-user/mmap.c:428:
neg_sink_parm_call: Passing "fd" to "fstat", which cannot accept a negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/linux-user/flatload.c:462:
negative_returns: A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
/qemu-1.0rc1/linux-user/mmap.c:428:
neg_sink_parm_call: Passing "fd" to "fstat", which cannot accept a negative.
/qemu-1.0rc1/linux-user/flatload.c:496:
negative_returns: A negative constant "-1" is passed as an argument to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/linux-user/syscall.c:3370:
negative_return_fn: Function "thunk_type_size(arg_type, 0)" returns a negative number.
/qemu-1.0rc1/thunk.h:114:
return_negative_constant: Explicitly returning negative value "-1".
/qemu-1.0rc1/linux-user/syscall.c:3370:
var_assign: Assigning: signed variable "target_size" = "thunk_type_size".
/qemu-1.0rc1/linux-user/syscall.c:3383:
negative_returns: "target_size" is passed to a parameter that cannot be negative.
/qemu-1.0rc1/linux-user/qemu.h:398:
neg_sink_parm_call: Passing "len" to "access_ok", which cannot accept a negative.
/qemu-1.0rc1/linux-user/qemu.h:273:
neg_sink_parm_call: Passing "size" to "page_check_range", which cannot accept a negative.
/qemu-1.0rc1/exec.c:2540:
parm_loop_bound: Using unsigned parameter "len" in a loop exit test.
/qemu-1.0rc1/linux-user/syscall.c:3392:
negative_returns: "target_size" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/linux-user/syscall.c:3166:
negative_return_fn: Function "thunk_type_size(arg_type, 0)" returns a negative number.
/qemu-1.0rc1/thunk.h:114:
return_negative_constant: Explicitly returning negative value "-1".
/qemu-1.0rc1/linux-user/syscall.c:3166:
var_assign: Assigning: signed variable "target_size_in" = "thunk_type_size".
/qemu-1.0rc1/linux-user/syscall.c:3167:
negative_returns: "target_size_in" is passed to a parameter that cannot be negative.
/qemu-1.0rc1/linux-user/qemu.h:398:
neg_sink_parm_call: Passing "len" to "access_ok", which cannot accept a negative.
/qemu-1.0rc1/linux-user/qemu.h:273:
neg_sink_parm_call: Passing "size" to "page_check_range", which cannot accept a negative.
/qemu-1.0rc1/exec.c:2540:
parm_loop_bound: Using unsigned parameter "len" in a loop exit test.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/linux-user/syscall.c:3249:
negative_return_fn: Function "thunk_type_size(arg_type, 0)" returns a negative number.
/qemu-1.0rc1/thunk.h:114:
return_negative_constant: Explicitly returning negative value "-1".
/qemu-1.0rc1/linux-user/syscall.c:3249:
var_assign: Assigning: signed variable "target_size" = "thunk_type_size".
/qemu-1.0rc1/linux-user/syscall.c:3251:
negative_returns: "target_size" is passed to a parameter that cannot be negative.
/qemu-1.0rc1/linux-user/qemu.h:398:
neg_sink_parm_call: Passing "len" to "access_ok", which cannot accept a negative.
/qemu-1.0rc1/linux-user/qemu.h:273:
neg_sink_parm_call: Passing "size" to "page_check_range", which cannot accept a negative.
/qemu-1.0rc1/exec.c:2540:
parm_loop_bound: Using unsigned parameter "len" in a loop exit test.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/slirp/slirp.c:302:
var_tested_neg: Variable "so->s" tests negative.
/qemu-1.0rc1/slirp/slirp.c:355:
negative_returns: "so->s" is passed to a parameter that cannot be negative.
/qemu-1.0rc1/slirp/udp.c:318:
neg_sink_parm_call: Passing "so->s" to "close", which cannot accept a negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/slirp/slirp.c:302:
var_tested_neg: Variable "so->s" tests negative.
/qemu-1.0rc1/slirp/slirp.c:355:
negative_returns: "so->s" is passed to a parameter that cannot be negative.
/qemu-1.0rc1/slirp/udp.c:318:
neg_sink_parm_call: Passing "so->s" to "close", which cannot accept a negative.
/qemu-1.0rc1/slirp/slirp.c:373:
var_assign: Assigning: signed variable "nfds" = "so->s".
/qemu-1.0rc1/slirp/slirp.c:389:
negative_returns: "so->s" is passed to a parameter that cannot be negative.
/qemu-1.0rc1/slirp/ip_icmp.c:105:
neg_sink_parm_call: Passing "so->s" to "close", which cannot accept a negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/slirp/slirp.c:302:
var_tested_neg: Variable "so->s" tests negative.
/qemu-1.0rc1/slirp/slirp.c:355:
negative_returns: "so->s" is passed to a parameter that cannot be negative.
/qemu-1.0rc1/slirp/udp.c:318:
neg_sink_parm_call: Passing "so->s" to "close", which cannot accept a negative.
/qemu-1.0rc1/slirp/slirp.c:373:
var_assign: Assigning: signed variable "nfds" = "so->s".
/qemu-1.0rc1/slirp/slirp.c:389:
negative_returns: "so->s" is passed to a parameter that cannot be negative.
/qemu-1.0rc1/slirp/ip_icmp.c:105:
neg_sink_parm_call: Passing "so->s" to "close", which cannot accept a negative.
/qemu-1.0rc1/slirp/slirp.c:398:
var_assign: Assigning: signed variable "nfds" = "so->s".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/slirp/slirp.c:820:
var_tested_neg: Variable "so->s" tests negative.
/qemu-1.0rc1/slirp/slirp.c:825:
negative_returns: "so->s" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/slirp/tcp_subr.c:403:
negative_return_fn: Function "accept(inso->s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&addr}), &addrlen)" returns a negative number.
/qemu-1.0rc1/slirp/tcp_subr.c:403:
negative_returns: "accept(inso->s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&addr}), &addrlen)" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/slirp/socket.c:628:
negative_return_fn: Function "qemu_socket(2, 1, 0)" returns a negative number.
/qemu-1.0rc1/osdep.c:137:
var_tested_neg: Variable "ret" is negative.
/qemu-1.0rc1/osdep.c:138:
return_negative_variable: Explicitly returning negative variable "ret".
/qemu-1.0rc1/slirp/socket.c:628:
var_assign: Assigning: signed variable "s" = "qemu_socket".
/qemu-1.0rc1/slirp/socket.c:634:
negative_returns: "s" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/slirp/udp.c:356:
negative_return_fn: Function "qemu_socket(2, 2, 0)" returns a negative number.
/qemu-1.0rc1/osdep.c:137:
var_tested_neg: Variable "ret" is negative.
/qemu-1.0rc1/osdep.c:138:
return_negative_variable: Explicitly returning negative variable "ret".
/qemu-1.0rc1/slirp/udp.c:356:
var_assign: Assigning: signed variable "so->s" = "qemu_socket".
/qemu-1.0rc1/slirp/udp.c:364:
negative_returns: "so->s" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/slirp/misc.c:225:
negative_return_fn: Function "accept(s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&addr}), &addrlen)" returns a negative number.
/qemu-1.0rc1/slirp/misc.c:225:
var_assign: Assigning: signed variable "so->s" = "accept".
/qemu-1.0rc1/slirp/misc.c:229:
negative_returns: "so->s" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/slirp/misc.c:136:
negative_return_fn: Function "qemu_socket(2, 1, 0)" returns a negative number.
/qemu-1.0rc1/osdep.c:137:
var_tested_neg: Variable "ret" is negative.
/qemu-1.0rc1/osdep.c:138:
return_negative_variable: Explicitly returning negative variable "ret".
/qemu-1.0rc1/slirp/misc.c:136:
var_assign: Assigning: signed variable "s" = "qemu_socket".
/qemu-1.0rc1/slirp/misc.c:140:
negative_returns: "s" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/slirp/misc.c:171:
negative_return_fn: Function "qemu_socket(2, 1, 0)" returns a negative number.
/qemu-1.0rc1/osdep.c:137:
var_tested_neg: Variable "ret" is negative.
/qemu-1.0rc1/osdep.c:138:
return_negative_variable: Explicitly returning negative variable "ret".
/qemu-1.0rc1/slirp/misc.c:171:
var_assign: Assigning: signed variable "s" = "qemu_socket".
/qemu-1.0rc1/slirp/misc.c:174:
negative_returns: "s" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/monitor.c:989:
negative_return_fn: Function "monitor_get_fd(mon, fdname)" returns a negative number.
/qemu-1.0rc1/monitor.c:2591:
return_negative_constant: Explicitly returning negative value "-1".
/qemu-1.0rc1/monitor.c:989:
var_assign: Assigning: signed variable "fd" = "monitor_get_fd".
/qemu-1.0rc1/monitor.c:991:
negative_returns: "fd" is passed to a parameter that cannot be negative.
/qemu-1.0rc1/ui/vnc.c:2963:
neg_sink_parm_call: Passing "csock" to "vnc_connect", which cannot accept a negative.
/qemu-1.0rc1/ui/vnc.c:2533:
var_assign_parm: Assigning: "vs->csock" = "csock".
/qemu-1.0rc1/ui/vnc.c:2557:
neg_sink_lv_call: Passing "vs->csock" to "vnc_client_cache_addr", which cannot accept a negative.
/qemu-1.0rc1/ui/vnc.c:245:
neg_sink_parm_call: Passing "client->csock" to "vnc_qdict_remote_addr", which cannot accept a negative.
/qemu-1.0rc1/ui/vnc.c:143:
neg_sink_parm_call: Passing "fd" to "getpeername", which cannot accept a negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/qemu-sockets.c:530:
negative_return_fn: Function "mkstemp(un.sun_path)" returns a negative number.
/qemu-1.0rc1/qemu-sockets.c:530:
var_assign: Assigning: signed variable "fd" = "mkstemp".
/qemu-1.0rc1/qemu-sockets.c:530:
negative_returns: "fd" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/qemu-ga.c:281:
negative_return_fn: Function "conn_channel_send_payload(s->conn_channel, rsp)" returns a negative number.
/qemu-1.0rc1/qemu-ga.c:252:
negative_return: Calling "conn_channel_send_buf", which might return a negative value.
/qemu-1.0rc1/qemu-ga.c:225:
return_negative_constant: Explicitly returning negative value "-32".
/qemu-1.0rc1/qemu-ga.c:252:
var_assign: Assigning: "ret" = "conn_channel_send_buf(channel, buf, strlen(buf))", which might be negative.
/qemu-1.0rc1/qemu-ga.c:269:
return_negative_variable: Explicitly returning negative variable "ret".
/qemu-1.0rc1/qemu-ga.c:281:
var_assign: Assigning: signed variable "ret" = "conn_channel_send_payload".
/qemu-1.0rc1/qemu-ga.c:283:
negative_returns: "ret" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/qemu-ga.c:333:
negative_return_fn: Function "conn_channel_send_payload(s->conn_channel, &qdict->base)" returns a negative number.
/qemu-1.0rc1/qemu-ga.c:252:
negative_return: Calling "conn_channel_send_buf", which might return a negative value.
/qemu-1.0rc1/qemu-ga.c:225:
return_negative_constant: Explicitly returning negative value "-32".
/qemu-1.0rc1/qemu-ga.c:252:
var_assign: Assigning: "ret" = "conn_channel_send_buf(channel, buf, strlen(buf))", which might be negative.
/qemu-1.0rc1/qemu-ga.c:269:
return_negative_variable: Explicitly returning negative variable "ret".
/qemu-1.0rc1/qemu-ga.c:333:
var_assign: Assigning: signed variable "ret" = "conn_channel_send_payload".
/qemu-1.0rc1/qemu-ga.c:335:
negative_returns: "ret" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/target-alpha/translate.c:3342:
var_tested_neg: Assigning: "lj" = a negative value.
/qemu-1.0rc1/target-alpha/translate.c:3387:
negative_returns: Using variable "lj" as an index to array "gen_opc_pc".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/target-arm/translate.c:9873:
var_tested_neg: Assigning: "lj" = a negative value.
/qemu-1.0rc1/target-arm/translate.c:9961:
negative_returns: Using variable "lj" as an index to array "gen_opc_pc".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/target-cris/translate.c:3261:
var_tested_neg: Assigning: "lj" = a negative value.
/qemu-1.0rc1/target-cris/translate.c:3280:
negative_returns: Using variable "lj" as an index to array "gen_opc_pc".
/qemu-1.0rc1/target-cris/translate.c:3282:
negative_returns: Using variable "lj" as an index to array "gen_opc_pc".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/target-i386/translate.c:7793:
var_tested_neg: Assigning: "lj" = a negative value.
/qemu-1.0rc1/target-i386/translate.c:7817:
negative_returns: Using variable "lj" as an index to array "gen_opc_pc".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/target-lm32/translate.c:334:
var_tested_neg: Assigning: "rZ" = a negative value.
/qemu-1.0rc1/target-lm32/translate.c:340:
negative_returns: Using variable "rZ" as an index to array "cpu_R".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/target-lm32/translate.c:1048:
var_tested_neg: Assigning: "lj" = a negative value.
/qemu-1.0rc1/target-lm32/translate.c:1067:
negative_returns: Using variable "lj" as an index to array "gen_opc_pc".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/target-m68k/translate.c:2986:
var_tested_neg: Assigning: "lj" = a negative value.
/qemu-1.0rc1/target-m68k/translate.c:3014:
negative_returns: Using variable "lj" as an index to array "gen_opc_pc".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/target-microblaze/translate.c:1653:
var_tested_neg: Assigning: "lj" = a negative value.
/qemu-1.0rc1/target-microblaze/translate.c:1677:
negative_returns: Using variable "lj" as an index to array "gen_opc_pc".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/target-mips/translate.c:10586:
negative_returns: Passing negative constant "-1" to a parameter that cannot be negative.
/qemu-1.0rc1/target-mips/translate.c:6551:
index: Passing parameter "ft" to an index.
/qemu-1.0rc1/target-mips/translate.c:652:
index: Indexing with parameter "reg".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/target-mips/translate.c:12386:
var_tested_neg: Assigning: "lj" = a negative value.
/qemu-1.0rc1/target-mips/translate.c:12438:
negative_returns: Using variable "lj" as an index to array "gen_opc_pc".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/target-ppc/translate.c:9420:
var_tested_neg: Assigning: "lj" = a negative value.
/qemu-1.0rc1/target-ppc/translate.c:9481:
negative_returns: Using variable "lj" as an index to array "gen_opc_pc".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/target-sh4/translate.c:1962:
var_tested_neg: Assigning: "ii" = a negative value.
/qemu-1.0rc1/target-sh4/translate.c:1987:
negative_returns: Using variable "ii" as an index to array "gen_opc_pc".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/target-unicore32/translate.c:1883:
var_tested_neg: Assigning: "lj" = a negative value.
/qemu-1.0rc1/target-unicore32/translate.c:1914:
negative_returns: Using variable "lj" as an index to array "gen_opc_pc".

Error: NEGATIVE_RETURNS:
/qemu-1.0rc1/target-xtensa/translate.c:2410:
var_tested_neg: Assigning: "lj" = a negative value.
/qemu-1.0rc1/target-xtensa/translate.c:2455:
negative_returns: Using variable "lj" as an index to array "gen_opc_pc".

Error: NO_EFFECT:
/qemu-1.0rc1/hw/pl061.c:106:
array_null: Comparing an array to null is not useful: "s->out".

Error: NULL_RETURNS:
/qemu-1.0rc1/block/vpc.c:538:
returned_null: Function "get_option_parameter" returns null (checked 9 out of 11 times).
/qemu-1.0rc1/qemu-option.c:168:
return_null: Explicitly returning NULL.
/qemu-1.0rc1/qemu-option.c:264:
example_assign: Assigning: "list" = return value from "get_option_parameter(list, name)".
/qemu-1.0rc1/qemu-option.c:265:
example_checked: "list" has its value checked in "list == NULL".
/qemu-1.0rc1/qemu-option.c:310:
example_assign: Assigning: "list" = return value from "get_option_parameter(list, name)".
/qemu-1.0rc1/qemu-option.c:311:
example_checked: "list" has its value checked in "list == NULL".
/qemu-1.0rc1/qemu-option.c:384:
example_checked: "get_option_parameter(dest, list->name)" has its value checked in "get_option_parameter(dest, list->name) == NULL".
/qemu-1.0rc1/block.c:3176:
example_assign: Assigning: "backing_file" = return value from "get_option_parameter(param, "backing_file")".
/qemu-1.0rc1/block.c:3177:
example_checked: "backing_file" has its value checked in "backing_file".
/qemu-1.0rc1/block.c:3186:
example_assign: Assigning: "backing_fmt" = return value from "get_option_parameter(param, "backing_fmt")".
/qemu-1.0rc1/block.c:3187:
example_checked: "backing_fmt" has its value checked in "backing_fmt".
/qemu-1.0rc1/block/vpc.c:538:
dereference: Dereferencing a null pointer "get_option_parameter(options, "size")".

Error: NULL_RETURNS:
/qemu-1.0rc1/cris-dis.c:2525:
returned_null: Function "spec_reg_info" returns null (checked 5 out of 6 times).
/qemu-1.0rc1/cris-dis.c:1359:
return_null: Explicitly returning NULL.
/qemu-1.0rc1/cris-dis.c:1693:
example_assign: Assigning: "sregp" = return value from "spec_reg_info(spec_reg, disdata->distype)".
/qemu-1.0rc1/cris-dis.c:1697:
example_checked: "sregp" has its value checked in "sregp".
/qemu-1.0rc1/cris-dis.c:1722:
example_assign: Assigning: "sregp" = return value from "spec_reg_info((insn >> 12) & 0xfU, disdata->distype)".
/qemu-1.0rc1/cris-dis.c:1736:
example_checked: "sregp" has its value checked in "sregp != NULL".
/qemu-1.0rc1/cris-dis.c:1872:
example_assign: Assigning: "sregp" = return value from "spec_reg_info((insn >> 12) & 0xfU, distype)".
/qemu-1.0rc1/cris-dis.c:1876:
example_checked: "sregp" has its value checked in "sregp == NULL".
/qemu-1.0rc1/cris-dis.c:2096:
example_assign: Assigning: "sregp" = return value from "spec_reg_info((insn >> 12) & 0xfU, disdata->distype)".
/qemu-1.0rc1/cris-dis.c:2101:
example_checked: "sregp" has its value checked in "sregp == NULL".
/qemu-1.0rc1/cris-dis.c:2198:
example_assign: Assigning: "sregp" = return value from "spec_reg_info((insn >> 12) & 0xfU, disdata->distype)".
/qemu-1.0rc1/cris-dis.c:2202:
example_checked: "sregp" has its value checked in "sregp == NULL".
/qemu-1.0rc1/cris-dis.c:2525:
var_assigned: Assigning: "sregp" = null return value from "spec_reg_info".
/qemu-1.0rc1/cris-dis.c:2527:
dereference: Dereferencing a null pointer "sregp".

Error: NULL_RETURNS:
/qemu-1.0rc1/target-sparc/cpu_init.c:642:
returned_null: Function "strtok" returns null (checked 8 out of 10 times).
/qemu-1.0rc1/hw/acpi.c:114:
example_assign: Assigning: "f" = return value from "strtok(NULL, ":")".
/qemu-1.0rc1/hw/acpi.c:114:
example_checked: "f" has its value checked in "f".
/qemu-1.0rc1/hw/acpi.c:114:
example_assign: Assigning: "f" = return value from "strtok(buf, ":")".
/qemu-1.0rc1/hw/acpi.c:114:
example_checked: "f" has its value checked in "f".
/qemu-1.0rc1/qemu-timer.c:220:
example_assign: Assigning: "name" = return value from "strtok(arg, ",")".
/qemu-1.0rc1/qemu-timer.c:221:
example_checked: "name" has its value checked in "name".
/qemu-1.0rc1/qemu-timer.c:243:
example_assign: Assigning: "name" = return value from "strtok(NULL, ",")".
/qemu-1.0rc1/qemu-timer.c:221:
example_checked: "name" has its value checked in "name".
/qemu-1.0rc1/target-i386/cpuid.c:632:
example_assign: Assigning: "featurestr" = return value from "strtok(NULL, ",")".
/qemu-1.0rc1/target-i386/cpuid.c:634:
example_checked: "featurestr" has its value checked in "featurestr".
/qemu-1.0rc1/target-sparc/cpu_init.c:642:
var_assigned: Assigning: "name" = null return value from "strtok".
/qemu-1.0rc1/target-sparc/cpu_init.c:649:
dereference: Dereferencing a pointer that might be null "name" when calling "strcasecmp". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: NULL_RETURNS:
/qemu-1.0rc1/hw/leon3.c:158:
returned_null: Function "qemu_find_file" returns null (checked 21 out of 24 times).
/qemu-1.0rc1/vl.c:1722:
return_null: Explicitly returning NULL.
/qemu-1.0rc1/hw/fw_cfg.c:154:
example_assign: Assigning: "filename" = return value from "qemu_find_file(0, boot_splash_filename)".
/qemu-1.0rc1/hw/fw_cfg.c:155:
example_checked: "filename" has its value checked in "filename == NULL".
/qemu-1.0rc1/hw/pci.c:1747:
example_assign: Assigning: "path" = return value from "qemu_find_file(0, pdev->romfile)".
/qemu-1.0rc1/hw/pci.c:1748:
example_checked: "path" has its value checked in "path == NULL".
/qemu-1.0rc1/ui/sdl.c:1006:
example_assign: Assigning: "filename" = return value from "qemu_find_file(0, "qemu-icon.bmp")".
/qemu-1.0rc1/ui/sdl.c:1007:
example_checked: "filename" has its value checked in "filename".
/qemu-1.0rc1/hw/pc.c:1010:
example_assign: Assigning: "filename" = return value from "qemu_find_file(0, bios_name)".
/qemu-1.0rc1/hw/pc.c:1011:
example_checked: "filename" has its value checked in "filename".
/qemu-1.0rc1/hw/alpha_dp264.c:103:
example_assign: Assigning: "palcode_filename" = return value from "qemu_find_file(0, palcode_filename)".
/qemu-1.0rc1/hw/alpha_dp264.c:104:
example_checked: "palcode_filename" has its value checked in "palcode_filename == NULL".
/qemu-1.0rc1/hw/leon3.c:158:
var_assigned: Assigning: "filename" = null return value from "qemu_find_file".
/qemu-1.0rc1/hw/leon3.c:160:
dereference: Dereferencing a pointer that might be null "filename" when calling "get_image_size".
/qemu-1.0rc1/hw/loader.c:61:
deref_parm_in_call: Function "open" dereferences parameter "filename". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: NULL_RETURNS:
/qemu-1.0rc1/target-i386/cpuid.c:604:
returned_null: Function "strtok" returns null (checked 8 out of 10 times).
/qemu-1.0rc1/hw/acpi.c:114:
example_assign: Assigning: "f" = return value from "strtok(NULL, ":")".
/qemu-1.0rc1/hw/acpi.c:114:
example_checked: "f" has its value checked in "f".
/qemu-1.0rc1/hw/acpi.c:114:
example_assign: Assigning: "f" = return value from "strtok(buf, ":")".
/qemu-1.0rc1/hw/acpi.c:114:
example_checked: "f" has its value checked in "f".
/qemu-1.0rc1/qemu-timer.c:220:
example_assign: Assigning: "name" = return value from "strtok(arg, ",")".
/qemu-1.0rc1/qemu-timer.c:221:
example_checked: "name" has its value checked in "name".
/qemu-1.0rc1/qemu-timer.c:243:
example_assign: Assigning: "name" = return value from "strtok(NULL, ",")".
/qemu-1.0rc1/qemu-timer.c:221:
example_checked: "name" has its value checked in "name".
/qemu-1.0rc1/target-i386/cpuid.c:632:
example_assign: Assigning: "featurestr" = return value from "strtok(NULL, ",")".
/qemu-1.0rc1/target-i386/cpuid.c:634:
example_checked: "featurestr" has its value checked in "featurestr".
/qemu-1.0rc1/target-i386/cpuid.c:604:
var_assigned: Assigning: "name" = null return value from "strtok".
/qemu-1.0rc1/target-i386/cpuid.c:616:
dereference: Dereferencing a pointer that might be null "name" when calling "strcmp". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: NULL_RETURNS:
/qemu-1.0rc1/hw/s390-virtio.c:203:
returned_null: Function "qemu_find_file" returns null (checked 21 out of 24 times).
/qemu-1.0rc1/vl.c:1722:
return_null: Explicitly returning NULL.
/qemu-1.0rc1/hw/fw_cfg.c:154:
example_assign: Assigning: "filename" = return value from "qemu_find_file(0, boot_splash_filename)".
/qemu-1.0rc1/hw/fw_cfg.c:155:
example_checked: "filename" has its value checked in "filename == NULL".
/qemu-1.0rc1/hw/pci.c:1747:
example_assign: Assigning: "path" = return value from "qemu_find_file(0, pdev->romfile)".
/qemu-1.0rc1/hw/pci.c:1748:
example_checked: "path" has its value checked in "path == NULL".
/qemu-1.0rc1/ui/sdl.c:1006:
example_assign: Assigning: "filename" = return value from "qemu_find_file(0, "qemu-icon.bmp")".
/qemu-1.0rc1/ui/sdl.c:1007:
example_checked: "filename" has its value checked in "filename".
/qemu-1.0rc1/hw/pc.c:1010:
example_assign: Assigning: "filename" = return value from "qemu_find_file(0, bios_name)".
/qemu-1.0rc1/hw/pc.c:1011:
example_checked: "filename" has its value checked in "filename".
/qemu-1.0rc1/hw/alpha_dp264.c:103:
example_assign: Assigning: "palcode_filename" = return value from "qemu_find_file(0, palcode_filename)".
/qemu-1.0rc1/hw/alpha_dp264.c:104:
example_checked: "palcode_filename" has its value checked in "palcode_filename == NULL".
/qemu-1.0rc1/hw/s390-virtio.c:203:
var_assigned: Assigning: "bios_filename" = null return value from "qemu_find_file".
/qemu-1.0rc1/hw/s390-virtio.c:204:
dereference: Dereferencing a pointer that might be null "bios_filename" when calling "load_image".
/qemu-1.0rc1/hw/loader.c:74:
deref_parm_in_call: Function "open" dereferences parameter "filename". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: NULL_RETURNS:
/qemu-1.0rc1/linux-user/strace.c:237:
example_checked: "lock_user_string(arg1)" has its value checked in "s = lock_user_string(arg1)".
/qemu-1.0rc1/linux-user/strace.c:252:
example_checked: "lock_user_string(arg_addr)" has its value checked in "s = lock_user_string(arg_addr)".
/qemu-1.0rc1/linux-user/strace.c:613:
example_checked: "lock_user_string(addr)" has its value checked in "(s = lock_user_string(addr)) != NULL".
/qemu-1.0rc1/linux-user/syscall.c:7855:
returned_null: Function "lock_user_string" returns null (checked 3 out of 3 times).
/qemu-1.0rc1/linux-user/qemu.h:443:
return_null: Explicitly returning NULL.
/qemu-1.0rc1/linux-user/syscall.c:7855:
var_assigned: Assigning: "p" = null return value from "lock_user_string".
/qemu-1.0rc1/linux-user/syscall.c:7858:
dereference: Dereferencing a pointer that might be null "p" when calling "mq_open". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: NULL_RETURNS:
/qemu-1.0rc1/linux-user/strace.c:237:
example_checked: "lock_user_string(arg1)" has its value checked in "s = lock_user_string(arg1)".
/qemu-1.0rc1/linux-user/strace.c:252:
example_checked: "lock_user_string(arg_addr)" has its value checked in "s = lock_user_string(arg_addr)".
/qemu-1.0rc1/linux-user/strace.c:613:
example_checked: "lock_user_string(addr)" has its value checked in "(s = lock_user_string(addr)) != NULL".
/qemu-1.0rc1/linux-user/syscall.c:7864:
returned_null: Function "lock_user_string" returns null (checked 3 out of 3 times).
/qemu-1.0rc1/linux-user/qemu.h:443:
return_null: Explicitly returning NULL.
/qemu-1.0rc1/linux-user/syscall.c:7864:
var_assigned: Assigning: "p" = null return value from "lock_user_string".
/qemu-1.0rc1/linux-user/syscall.c:7865:
dereference: Dereferencing a pointer that might be null "p" when calling "mq_unlink". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: NULL_RETURNS:
/qemu-1.0rc1/exec.c:3880:
example_checked: "lock_user(0, addr, l, 1)" has its value checked in "p = lock_user(0, addr, l, 1)".
/qemu-1.0rc1/linux-user/syscall.c:834:
example_checked: "lock_user(0, target_fds_addr, sizeof (abi_ulong) /*8*/ * nw, 1)" has its value checked in "target_fds = lock_user(0, target_fds_addr, sizeof (abi_ulong) /*8*/ * nw, 1)".
/qemu-1.0rc1/linux-user/syscall.c:1020:
example_checked: "lock_user(0, target_tv_addr, sizeof (*target_tv) /*16*/, 1)" has its value checked in "target_tv = lock_user(0, target_tv_addr, sizeof (*target_tv) /*16*/, 1)".
/qemu-1.0rc1/linux-user/syscall.c:1055:
example_checked: "lock_user(0, target_mq_attr_addr, sizeof (*target_mq_attr) /*32*/, 1)" has its value checked in "target_mq_attr = lock_user(0, target_mq_attr_addr, sizeof (*target_mq_attr) /*32*/, 1)".
/qemu-1.0rc1/linux-user/syscall.c:1185:
example_assign: Assigning: "target_smreqn" = return value from "lock_user(0, target_addr, len, 1)".
/qemu-1.0rc1/linux-user/syscall.c:1186:
example_checked: "target_smreqn" has its value checked in "target_smreqn".
/qemu-1.0rc1/linux-user/syscall.c:7873:
returned_null: Function "lock_user" returns null (checked 164 out of 167 times).
/qemu-1.0rc1/linux-user/qemu.h:399:
return_null: Explicitly returning NULL.
/qemu-1.0rc1/linux-user/syscall.c:7873:
var_assigned: Assigning: "p" = null return value from "lock_user".
/qemu-1.0rc1/linux-user/syscall.c:7876:
dereference: Dereferencing a pointer that might be null "p" when calling "mq_timedsend". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
/qemu-1.0rc1/linux-user/syscall.c:7880:
dereference: Dereferencing a pointer that might be null "p" when calling "mq_send". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: NULL_RETURNS:
/qemu-1.0rc1/exec.c:3880:
example_checked: "lock_user(0, addr, l, 1)" has its value checked in "p = lock_user(0, addr, l, 1)".
/qemu-1.0rc1/linux-user/syscall.c:834:
example_checked: "lock_user(0, target_fds_addr, sizeof (abi_ulong) /*8*/ * nw, 1)" has its value checked in "target_fds = lock_user(0, target_fds_addr, sizeof (abi_ulong) /*8*/ * nw, 1)".
/qemu-1.0rc1/linux-user/syscall.c:1020:
example_checked: "lock_user(0, target_tv_addr, sizeof (*target_tv) /*16*/, 1)" has its value checked in "target_tv = lock_user(0, target_tv_addr, sizeof (*target_tv) /*16*/, 1)".
/qemu-1.0rc1/linux-user/syscall.c:1055:
example_checked: "lock_user(0, target_mq_attr_addr, sizeof (*target_mq_attr) /*32*/, 1)" has its value checked in "target_mq_attr = lock_user(0, target_mq_attr_addr, sizeof (*target_mq_attr) /*32*/, 1)".
/qemu-1.0rc1/linux-user/syscall.c:1185:
example_assign: Assigning: "target_smreqn" = return value from "lock_user(0, target_addr, len, 1)".
/qemu-1.0rc1/linux-user/syscall.c:1186:
example_checked: "target_smreqn" has its value checked in "target_smreqn".
/qemu-1.0rc1/linux-user/syscall.c:7890:
returned_null: Function "lock_user" returns null (checked 164 out of 167 times).
/qemu-1.0rc1/linux-user/qemu.h:399:
return_null: Explicitly returning NULL.
/qemu-1.0rc1/linux-user/syscall.c:7890:
var_assigned: Assigning: "p" = null return value from "lock_user".
/qemu-1.0rc1/linux-user/syscall.c:7893:
dereference: Dereferencing a pointer that might be null "p" when calling "mq_timedreceive". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
/qemu-1.0rc1/linux-user/syscall.c:7897:
dereference: Dereferencing a pointer that might be null "p" when calling "mq_receive". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: NULL_RETURNS:
/qemu-1.0rc1/qemu-img.c:1597:
returned_null: Function "get_option_parameter" returns null (checked 9 out of 11 times).
/qemu-1.0rc1/qemu-option.c:168:
return_null: Explicitly returning NULL.
/qemu-1.0rc1/qemu-option.c:264:
example_assign: Assigning: "list" = return value from "get_option_parameter(list, name)".
/qemu-1.0rc1/qemu-option.c:265:
example_checked: "list" has its value checked in "list == NULL".
/qemu-1.0rc1/qemu-option.c:310:
example_assign: Assigning: "list" = return value from "get_option_parameter(list, name)".
/qemu-1.0rc1/qemu-option.c:311:
example_checked: "list" has its value checked in "list == NULL".
/qemu-1.0rc1/qemu-option.c:384:
example_checked: "get_option_parameter(dest, list->name)" has its value checked in "get_option_parameter(dest, list->name) == NULL".
/qemu-1.0rc1/block.c:3176:
example_assign: Assigning: "backing_file" = return value from "get_option_parameter(param, "backing_file")".
/qemu-1.0rc1/block.c:3177:
example_checked: "backing_file" has its value checked in "backing_file".
/qemu-1.0rc1/block.c:3186:
example_assign: Assigning: "backing_fmt" = return value from "get_option_parameter(param, "backing_fmt")".
/qemu-1.0rc1/block.c:3187:
example_checked: "backing_fmt" has its value checked in "backing_fmt".
/qemu-1.0rc1/qemu-img.c:1597:
dereference: Dereferencing a null pointer "get_option_parameter(param, "size")".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/gdbstub.c:1744:
overrun-call: Overrunning callee's array of size 16 by passing index "reg" of value 50 in call to function "cpu_gdb_read_register(env, mem_buf, reg)".
/qemu-1.0rc1/gdbstub.c:1449:
index_parm: Indexing parameter - i.

Error: OVERRUN_STATIC:
/qemu-1.0rc1/gdbstub.c:1759:
overrun-call: Overrunning callee's array of size 16 by passing index "reg" of value 50 in call to function "cpu_gdb_write_register(env, mem_buf, reg)".
/qemu-1.0rc1/gdbstub.c:1479:
index_parm: Indexing parameter - i.

Error: OVERRUN_STATIC:
/qemu-1.0rc1/block/vvfat.c:445:
assignment: Assigning: "offset" = "14 + offset - 10".
/qemu-1.0rc1/block/vvfat.c:443:
assignment: Assigning: "offset" = "i % 26".
/qemu-1.0rc1/block/vvfat.c:448:
overrun-local: Overrunning static array "entry->name", with 8 elements, at position 25 with index variable "offset".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/block/vvfat.c:615:
overrun-buffer-arg: Overrunning static array "entry->name" of size 8 bytes by passing it to a function which indexes it with argument "11UL" at byte position 10.

Error: OVERRUN_STATIC:
/qemu-1.0rc1/block/vvfat.c:630:
overrun-buffer-arg: Overrunning static array "entry->name" of size 8 bytes by passing it to a function which indexes it with argument "11UL" at byte position 10.

Error: OVERRUN_STATIC:
/qemu-1.0rc1/block/vvfat.c:653:
overrun-buffer-arg: Overrunning static array "entry->name" of size 8 bytes by passing it to a function which indexes it with argument "11UL" at byte position 10.

Error: OVERRUN_STATIC:
/qemu-1.0rc1/block/vvfat.c:653:
overrun-buffer-arg: Overrunning static array "entry1->name" of size 8 bytes by passing it to a function which indexes it with argument "11UL" at byte position 10.

Error: OVERRUN_STATIC:
/qemu-1.0rc1/block/vvfat.c:639:
overrun-local: Overrunning static array "entry->name", with 8 elements, at position 9 with index variable "i".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/arm_gic.c:235:
overrun-local: Overrunning static array "s->last_active", with 96 elements, at position 1023 with index variable "irq".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/arm_gic.c:274:
assignment: Assigning: "irq" = "(offset - 256U) * 8U".
/qemu-1.0rc1/hw/arm_gic.c:277:
assignment: Assigning: "irq" = "irq += 0".
/qemu-1.0rc1/hw/arm_gic.c:282:
overrun-local: Overrunning static array "s->irq_state", with 96 elements, at position 96 with index variable "irq + i".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/arm_gic.c:461:
assignment: Assigning: "irq" = "(offset - 640U) * 8U + 0U".
/qemu-1.0rc1/hw/arm_gic.c:469:
overrun-local: Overrunning static array "s->irq_state", with 96 elements, at position 96 with index variable "irq + i".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/arm_gic.c:235:
overrun-local: Overrunning static array "s->last_active", with 64 elements, at position 1023 with index variable "irq".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/arm_gic.c:274:
assignment: Assigning: "irq" = "(offset - 256U) * 8U".
/qemu-1.0rc1/hw/arm_gic.c:277:
assignment: Assigning: "irq" = "irq += 0".
/qemu-1.0rc1/hw/arm_gic.c:282:
overrun-local: Overrunning static array "s->irq_state", with 64 elements, at position 64 with index variable "irq + i".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/arm_gic.c:461:
assignment: Assigning: "irq" = "(offset - 640U) * 8U + 0U".
/qemu-1.0rc1/hw/arm_gic.c:469:
overrun-local: Overrunning static array "s->irq_state", with 64 elements, at position 64 with index variable "irq + i".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/arm_timer.c:276:
overrun-local: Overrunning static array "s->timer", with 3 elements, at position 3 with index variable "n".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/arm_timer.c:290:
overrun-local: Overrunning static array "s->timer", with 3 elements, at position 3 with index variable "n".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/arm_gic.c:235:
overrun-local: Overrunning static array "s->last_active", with 96 elements, at position 1023 with index variable "irq".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/arm_gic.c:274:
assignment: Assigning: "irq" = "(offset - 256U) * 8U".
/qemu-1.0rc1/hw/arm_gic.c:277:
assignment: Assigning: "irq" = "irq += 32".
/qemu-1.0rc1/hw/arm_gic.c:282:
overrun-local: Overrunning static array "s->irq_state", with 96 elements, at position 96 with index variable "irq + i".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/arm_gic.c:406:
assignment: Assigning: "irq" = "(offset - 256U) * 8U + 32U".
/qemu-1.0rc1/hw/arm_gic.c:416:
overrun-local: Overrunning static array "s->irq_state", with 96 elements, at position 96 with index variable "irq + i".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/target-cris/translate.c:3470:
overrun-local: Overrunning static array "env->sregs", with 4 elements, at position 255 with index variable "srs".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/bt-hci.c:2205:
overrun-call: Overrunning callee's array of size 16 by passing index "handle" of value 47 in call to function "bt_hci_disconnect(hci, handle, 21)".
/qemu-1.0rc1/hw/bt-hci.c:899:
index_parm_in_call: Called function indexes parameter.
/qemu-1.0rc1/hw/bt-hci.c:667:
index_parm: Directly indexing parameter.

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/bt-hci.c:1322:
overrun-buffer-arg: Overrunning struct type evt_encrypt_change of size 4 bytes by passing it to a function which indexes it with argument "5" at byte position 4.
/qemu-1.0rc1/hw/bt-hci.c:465:
access_dbuff_in_call: Calling "memcpy" indexes array "params" with index "len".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/ccid-card-passthru.c:154:
overrun-buffer-arg: Overrunning static array "card->atr" of size 40 bytes by passing it to a function which indexes it with argument "scr_msg_header->length" at byte position 40.

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/ide/core.c:1371:
overrun-local: Overrunning static array "smart_attributes", with 8 elements, at position 29 with index variable "n".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/lan9118.c:868:
overrun-local: Overrunning static array "s->eeprom", with 128 elements, at position 128 with index variable "addr".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/target-mips/translate.c:12576:
overrun-local: Overrunning static array of size 256 bytes at byte position 256 by indexing pointer "&env->active_fpu.fpr[i]" with index variable "1".
/qemu-1.0rc1/target-mips/translate.c:12576:
overrun-local: Note: These bugs are often difficult to see at first glance.  Coverity recommends a close inspection of the events leading to this overrun.

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/musicpal.c:300:
overrun-local: Overrunning static array "s->tx_queue", with 2 elements, at position 2 with index variable "(offset - 1248U) / 4U".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/musicpal.c:354:
overrun-local: Overrunning static array "s->tx_queue", with 2 elements, at position 2 with index variable "(offset - 1248U) / 4U".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/ppc405_uc.c:209:
overrun-local: Overrunning static array "pob->besr", with 2 elements, at position 2 with index variable "dcrn - 160".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/ppc405_uc.c:232:
overrun-local: Overrunning static array "pob->besr", with 2 elements, at position 2 with index variable "dcrn - 160".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/qxl.c:1024:
overrun-local: Overrunning static array "qxl->guest_slots", with 8 elements, at position 8 with index variable "slot".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/arm_gic.c:235:
overrun-local: Overrunning static array "s->last_active", with 96 elements, at position 1023 with index variable "irq".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/arm_gic.c:274:
assignment: Assigning: "irq" = "(offset - 256U) * 8U".
/qemu-1.0rc1/hw/arm_gic.c:277:
assignment: Assigning: "irq" = "irq += 0".
/qemu-1.0rc1/hw/arm_gic.c:282:
overrun-local: Overrunning static array "s->irq_state", with 96 elements, at position 96 with index variable "irq + i".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/arm_gic.c:461:
assignment: Assigning: "irq" = "(offset - 640U) * 8U + 0U".
/qemu-1.0rc1/hw/arm_gic.c:469:
overrun-local: Overrunning static array "s->irq_state", with 96 elements, at position 96 with index variable "irq + i".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/virtio-blk.c:330:
ptr_assign: Pointer "blkreq" is assigned the address of a static array pointer "&mrb->blkreq[mrb->num_writes]" of size 1536 bytes and offset 1536 bytes.
/qemu-1.0rc1/hw/virtio-blk.c:331:
overrun-local: Overrunning static array of size 1536 bytes at byte position 1536 by accessing with pointer "blkreq".
/qemu-1.0rc1/hw/virtio-blk.c:331:
overrun-local: Note: These bugs are often difficult to see at first glance.  Coverity recommends a close inspection of the events leading to this overrun.

Error: OVERRUN_STATIC:
/qemu-1.0rc1/hw/vt82c686.c:90:
overrun-local: Overrunning static array "superio_conf->config", with 255 elements, at position 255 with index variable "superio_conf->index".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/linux-user/syscall.c:3159:
overrun-buffer-val: Overrunning static array "extent_arg_type" of size 8 bytes by passing it as an argument to a function which indexes it at byte position 8.
/qemu-1.0rc1/thunk.h:109:
index_const: Pointer "type_ptr" indexed by constant "2" through dereference in call to "thunk_type_size_array".
/qemu-1.0rc1/thunk.c:281:
deref_parm_in_call: Function "thunk_type_size" dereferences parameter "type_ptr".
/qemu-1.0rc1/thunk.h:86:
deref_parm: Directly dereferencing parameter "type_ptr".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/linux-user/syscall.c:3261:
overrun-buffer-val: Overrunning static array "ifreq_arg_type" of size 8 bytes by passing it as an argument to a function which indexes it at byte position 8.
/qemu-1.0rc1/thunk.h:109:
index_const: Pointer "type_ptr" indexed by constant "2" through dereference in call to "thunk_type_size_array".
/qemu-1.0rc1/thunk.c:281:
deref_parm_in_call: Function "thunk_type_size" dereferences parameter "type_ptr".
/qemu-1.0rc1/thunk.h:86:
deref_parm: Directly dereferencing parameter "type_ptr".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/slirp/ip_icmp.c:301:
assignment: Assigning: "s_ip_len" = "548U".
/qemu-1.0rc1/slirp/ip_icmp.c:312:
overrun-buffer-arg: Overrunning struct type struct ip of size 20 bytes by passing it to a function which indexes it with argument "s_ip_len" at byte position 547.

Error: OVERRUN_STATIC:
/qemu-1.0rc1/slirp/socket.c:320:
overrun-local: Overrunning static array of size 2048 bytes at byte position 2048 by accessing with pointer "&buff[len]" through dereference in call to "memcpy". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
/qemu-1.0rc1/slirp/socket.c:320:
overrun-local: Note: These bugs are often difficult to see at first glance.  Coverity recommends a close inspection of the events leading to this overrun.

Error: OVERRUN_STATIC:
/qemu-1.0rc1/target-cris/translate.c:209:
overrun-local: Overrunning static array "cpu_PR", with 16 elements, at position 16 with index variable "r".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/target-cris/translate.c:226:
overrun-local: Overrunning static array "cpu_PR", with 16 elements, at position 16 with index variable "r".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/target-cris/translate.c:178:
overrun-local: Overrunning static array "cpu_R", with 16 elements, at position 16 with index variable "r".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/target-cris/translate.c:184:
overrun-local: Overrunning static array "cpu_R", with 16 elements, at position 16 with index variable "r".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/target-i386/ops_sse.h:1903:
assignment: Assigning: "i" = "validd".
/qemu-1.0rc1/target-i386/ops_sse.h:1904:
overrun-call: Overrunning callee's array of size 8 by passing index "i" of value 14 in call to function "pcmp_val(d, ctrl, i)".
/qemu-1.0rc1/target-i386/ops_sse.h:1876:
index_parm: Directly indexing parameter.

Error: OVERRUN_STATIC:
/qemu-1.0rc1/target-i386/ops_sse.h:1900:
assignment: Assigning: "j" = "valids".
/qemu-1.0rc1/target-i386/ops_sse.h:1902:
overrun-call: Overrunning callee's array of size 8 by passing index "j" of value 14 in call to function "pcmp_val(s, ctrl, j)".
/qemu-1.0rc1/target-i386/ops_sse.h:1876:
index_parm: Directly indexing parameter.

Error: OVERRUN_STATIC:
/qemu-1.0rc1/target-i386/ops_sse.h:2000:
overrun-local: Overrunning static array "d->_w", with 8 elements, at position 8 with index variable "i".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/target-i386/ops_sse.h:2032:
overrun-local: Overrunning static array "d->_w", with 8 elements, at position 8 with index variable "i".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/target-i386/ops_sse.h:208:
assignment: Assigning: "i" = "0".
/qemu-1.0rc1/target-i386/ops_sse.h:209:
overrun-local: Overrunning static array "d->_b", with 16 elements, at position 16 with index variable "i + shift".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/target-sparc/ldst_helper.c:2036:
overrun-local: Overrunning static array "env->gregs", with 8 elements, at position 8 with index variable "rd + 1".

Error: OVERRUN_STATIC:
/qemu-1.0rc1/ui/curses.c:290:
overrun-local: Overrunning static array "curses2qemu", with 511 elements, at position 511 with index variable "chr".

Error: RESOURCE_LEAK:
/qemu-1.0rc1/linux-user/syscall.c:2517:
alloc_arg: Calling allocation function "target_to_host_semarray" on "array".
/qemu-1.0rc1/linux-user/syscall.c:2452:
alloc_fn: Storage is returned from allocation function "malloc".
/qemu-1.0rc1/linux-user/syscall.c:2452:
var_assign: Assigning: "*host_array" = "malloc(nsems * sizeof (unsigned short) /*2*/)".
/qemu-1.0rc1/linux-user/syscall.c:2519:
leaked_storage: Variable "array" going out of scope leaks the storage it points to.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:604:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:605:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:604:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:608:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:604:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:610:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:604:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:613:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:604:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:615:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:604:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:618:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:604:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:620:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:604:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:623:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:604:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:625:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:604:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:628:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:604:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:630:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:316:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:317:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:316:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:320:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:351:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:352:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:351:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:355:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:351:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:357:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:351:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:360:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:351:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:362:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:415:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:416:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:415:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:419:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:415:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:420:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:415:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:422:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:272:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:273:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:272:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:276:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:272:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:278:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:272:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:281:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:272:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:283:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:272:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:286:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:272:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:288:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:272:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:291:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:210:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:211:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:210:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:214:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:210:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:216:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:210:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:219:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:210:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:221:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:22:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:23:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:718:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:719:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:680:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:681:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:680:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:684:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:680:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:686:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:747:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:748:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:747:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:751:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:747:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:754:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:747:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:755:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:747:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:757:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:747:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:759:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:747:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:762:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:747:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:763:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:747:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:765:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:747:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:768:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:553:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:554:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:553:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:557:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:553:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:559:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:553:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:562:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:553:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:564:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:553:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:567:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:553:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:569:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:553:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:572:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:553:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:574:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:553:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:577:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:553:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:579:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:449:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:450:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:449:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:453:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:449:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:455:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:480:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:481:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:480:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:484:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:480:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:486:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:480:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:489:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:480:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:491:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:480:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:494:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:480:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:496:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:480:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:499:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qapi-visit.c:480:
deref_ptr: Directly dereferencing pointer "*obj".
/qemu-1.0rc1/qapi-visit.c:501:
check_after_deref: Dereferencing "*obj" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/hw/tc58128.c:34:
deref_ptr_in_call: Dereferencing pointer "dev->flash_contents". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
/qemu-1.0rc1/hw/tc58128.c:35:
check_after_deref: Dereferencing "dev->flash_contents" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/kvm-all.c:709:
deref_ptr: Directly dereferencing pointer "s".
/qemu-1.0rc1/kvm-all.c:801:
check_after_deref: Dereferencing "s" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/linux-user/elfload.c:1109:
deref_ptr_in_call: Dereferencing pointer "pag". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
/qemu-1.0rc1/linux-user/elfload.c:1111:
check_after_deref: Dereferencing "pag" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/migration.c:218:
deref_ptr_in_call: Dereferencing pointer "s->file".
/qemu-1.0rc1/savevm.c:497:
deref_parm: Directly dereferencing parameter "f".
/qemu-1.0rc1/migration.c:219:
check_after_deref: Dereferencing "s->file" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/qemu-sockets.c:333:
deref_ptr: Directly dereferencing pointer "peer".
/qemu-1.0rc1/qemu-sockets.c:399:
check_after_deref: Dereferencing "peer" before a null check.

Error: REVERSE_INULL:
/qemu-1.0rc1/ui/keymaps.c:129:
deref_ptr_in_call: Dereferencing pointer "rest". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
/qemu-1.0rc1/ui/keymaps.c:131:
check_after_deref: Dereferencing "rest" before a null check.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/arm-dis.c:4041:
sign_extension: Suspicious implicit sign extension: "b[0]" with type "unsigned char" (8 bits, unsigned) is promoted in "b[3] | (b[2] << 8) | (b[1] << 16) | (b[0] << 24)" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed).  If "b[3] | (b[2] << 8) | (b[1] << 16) | (b[0] << 24)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/arm-dis.c:4039:
sign_extension: Suspicious implicit sign extension: "b[3]" with type "unsigned char" (8 bits, unsigned) is promoted in "b[0] | (b[1] << 8) | (b[2] << 16) | (b[3] << 24)" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed).  If "b[0] | (b[1] << 8) | (b[2] << 16) | (b[3] << 24)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/block.c:1599:
sign_extension: Suspicious implicit sign extension: "parse->last_sect" with type "unsigned char" (8 bits, unsigned) is promoted in "(parse->max_head + 1) * parse->max_track * parse->last_sect" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "(parse->max_head + 1) * parse->max_track * parse->last_sect" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/cris-dis.c:2136:
sign_extension: Suspicious implicit sign extension: "buffer[5]" with type "unsigned char" (8 bits, unsigned) is promoted in "buffer[2] + buffer[3] * 256 + buffer[4] * 65536 + buffer[5] * 16777216" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed).  If "buffer[2] + buffer[3] * 256 + buffer[4] * 65536 + buffer[5] * 16777216" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/cris-dis.c:2353:
sign_extension: Suspicious implicit sign extension: "prefix_buffer[5]" with type "unsigned char" (8 bits, unsigned) is promoted in "prefix_buffer[2] + prefix_buffer[3] * 256 + prefix_buffer[4] * 65536 + prefix_buffer[5] * 16777216" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed).  If "prefix_buffer[2] + prefix_buffer[3] * 256 + prefix_buffer[4] * 65536 + prefix_buffer[5] * 16777216" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/cris-dis.c:2047:
sign_extension: Suspicious implicit sign extension: "buffer[5]" with type "unsigned char" (8 bits, unsigned) is promoted in "buffer[2] + buffer[3] * 256 + buffer[4] * 65536 + buffer[5] * 16777216" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "buffer[2] + buffer[3] * 256 + buffer[4] * 65536 + buffer[5] * 16777216" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/cris-dis.c:2239:
sign_extension: Suspicious implicit sign extension: "prefix_buffer[5]" with type "unsigned char" (8 bits, unsigned) is promoted in "prefix_buffer[2] + prefix_buffer[3] * 256 + prefix_buffer[4] * 65536 + prefix_buffer[5] * 16777216" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "prefix_buffer[2] + prefix_buffer[3] * 256 + prefix_buffer[4] * 65536 + prefix_buffer[5] * 16777216" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/hw/dp8393x.c:354:
sign_extension: Suspicious implicit sign extension: "s->regs[6]" with type "unsigned short" (16 bits, unsigned) is promoted in "(s->regs[6] << 16) | s->regs[32]" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "(s->regs[6] << 16) | s->regs[32]" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/hw/dp8393x.c:389:
sign_extension: Suspicious implicit sign extension: "s->regs[6]" with type "unsigned short" (16 bits, unsigned) is promoted in "(s->regs[6] << 16) | s->regs[32]" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "(s->regs[6] << 16) | s->regs[32]" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/hw/dp8393x.c:430:
sign_extension: Suspicious implicit sign extension: "s->regs[6]" with type "unsigned short" (16 bits, unsigned) is promoted in "(s->regs[6] << 16) | s->regs[32]" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "(s->regs[6] << 16) | s->regs[32]" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/hw/dp8393x.c:754:
sign_extension: Suspicious implicit sign extension: "s->regs[13]" with type "unsigned short" (16 bits, unsigned) is promoted in "(s->regs[13] << 16) | s->regs[14]" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "(s->regs[13] << 16) | s->regs[14]" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/hw/dp8393x.c:812:
sign_extension: Suspicious implicit sign extension: "s->regs[13]" with type "unsigned short" (16 bits, unsigned) is promoted in "(s->regs[13] << 16) | s->regs[14]" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "(s->regs[13] << 16) | s->regs[14]" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/hw/dp8393x.c:821:
sign_extension: Suspicious implicit sign extension: "s->regs[13]" with type "unsigned short" (16 bits, unsigned) is promoted in "(s->regs[13] << 16) | s->regs[14]" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "(s->regs[13] << 16) | s->regs[14]" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/hw/omap1.c:2678:
sign_extension: Suspicious implicit sign extension: "from_bcd(value)" with type "unsigned char" (8 bits, unsigned) is promoted in "from_bcd(value) * 31536000" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed).  If "from_bcd(value) * 31536000" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/hw/qxl-render.c:167:
sign_extension: Suspicious implicit sign extension: "cursor->header.height" with type "unsigned short" (16 bits, unsigned) is promoted in "cursor->header.width * cursor->header.height" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "cursor->header.width * cursor->header.height" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/hw/qxl-render.c:167:
sign_extension: Suspicious implicit sign extension: "cursor->header.width" with type "unsigned short" (16 bits, unsigned) is promoted in "cursor->header.width * cursor->header.height" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "cursor->header.width * cursor->header.height" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/hw/stellaris_enet.c:173:
sign_extension: Suspicious implicit sign extension: "s->conf.macaddr.a[3]" with type "unsigned char" (8 bits, unsigned) is promoted in "s->conf.macaddr.a[0] | (s->conf.macaddr.a[1] << 8) | (s->conf.macaddr.a[2] << 16) | (s->conf.macaddr.a[3] << 24)" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "s->conf.macaddr.a[0] | (s->conf.macaddr.a[1] << 8) | (s->conf.macaddr.a[2] << 16) | (s->conf.macaddr.a[3] << 24)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/m68k-dis.c:4693:
sign_extension: Suspicious implicit sign extension: "data[cur_byte]" with type "unsigned char" (8 bits, unsigned) is promoted in "data[cur_byte] << cur_bitshift" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "data[cur_byte] << cur_bitshift" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/microblaze-dis.c:773:
sign_extension: Suspicious implicit sign extension: "ibytes[0]" with type "unsigned char" (8 bits, unsigned) is promoted in "(ibytes[0] << 24) | (ibytes[1] << 16) | (ibytes[2] << 8) | ibytes[3]" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "(ibytes[0] << 24) | (ibytes[1] << 16) | (ibytes[2] << 8) | ibytes[3]" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIGN_EXTENSION:
/qemu-1.0rc1/microblaze-dis.c:775:
sign_extension: Suspicious implicit sign extension: "ibytes[3]" with type "unsigned char" (8 bits, unsigned) is promoted in "(ibytes[3] << 24) | (ibytes[2] << 16) | (ibytes[1] << 8) | ibytes[0]" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "(ibytes[3] << 24) | (ibytes[2] << 16) | (ibytes[1] << 8) | ibytes[0]" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Error: SIZEOF_MISMATCH:
/qemu-1.0rc1/block/vvfat.c:2815:
suspicious_sizeof: Passing argument "sizeof (void *) /*8*/" to function "g_malloc" which returns a value of type "void *" is suspicious.

Error: SIZEOF_MISMATCH:
/qemu-1.0rc1/cris-dis.c:1403:
suspicious_sizeof: Passing argument "524288UL /* 65536UL * sizeof (struct cris_opcode const **) /*8*/ */" to function "g_malloc" and then casting the return value to "struct cris_opcode const **" is suspicious.  Did you intend to use "sizeof(struct cris_opcode const *)" instead of "sizeof (struct cris_opcode const **)" ?  In this particular case sizeof(struct cris_opcode const **) happens to be equal to sizeof(struct cris_opcode const *), but this is not a portable assumption.

Error: SIZEOF_MISMATCH:
/qemu-1.0rc1/cris-dis.c:1408:
suspicious_sizeof: Passing argument "524288UL /* 65536UL * sizeof (struct cris_opcode const **) /*8*/ */" to function "g_malloc" and then casting the return value to "struct cris_opcode const **" is suspicious.  Did you intend to use "sizeof(struct cris_opcode const *)" instead of "sizeof (struct cris_opcode const **)" ?  In this particular case sizeof(struct cris_opcode const **) happens to be equal to sizeof(struct cris_opcode const *), but this is not a portable assumption.

Error: SIZEOF_MISMATCH:
/qemu-1.0rc1/cris-dis.c:1413:
suspicious_sizeof: Passing argument "524288UL /* 65536UL * sizeof (struct cris_opcode const **) /*8*/ */" to function "g_malloc" and then casting the return value to "struct cris_opcode const **" is suspicious.  Did you intend to use "sizeof(struct cris_opcode const *)" instead of "sizeof (struct cris_opcode const **)" ?  In this particular case sizeof(struct cris_opcode const **) happens to be equal to sizeof(struct cris_opcode const *), but this is not a portable assumption.

Error: SIZEOF_MISMATCH:
/qemu-1.0rc1/cris-dis.c:1418:
suspicious_sizeof: Passing argument "524288UL /* 65536UL * sizeof (struct cris_opcode const **) /*8*/ */" to function "g_malloc" and then casting the return value to "struct cris_opcode const **" is suspicious.  Did you intend to use "sizeof(struct cris_opcode const *)" instead of "sizeof (struct cris_opcode const **)" ?  In this particular case sizeof(struct cris_opcode const **) happens to be equal to sizeof(struct cris_opcode const *), but this is not a portable assumption.

Error: SIZEOF_MISMATCH:
/qemu-1.0rc1/cris-dis.c:1423:
suspicious_sizeof: Passing argument "524288UL /* 65536UL * sizeof (struct cris_opcode const **) /*8*/ */" to function "g_malloc" and then casting the return value to "struct cris_opcode const **" is suspicious.  Did you intend to use "sizeof(struct cris_opcode const *)" instead of "sizeof (struct cris_opcode const **)" ?  In this particular case sizeof(struct cris_opcode const **) happens to be equal to sizeof(struct cris_opcode const *), but this is not a portable assumption.

Error: SIZEOF_MISMATCH:
/qemu-1.0rc1/hw/wm8750.c:566:
suspicious_division: Pointer differences, such as "s->rate - wm_rate_table", are automatically scaled down by the size (16 bytes) of the pointed-to type ("WMRate const").  Most likely, the division by "sizeof (*s->rate)" is extraneous and should be eliminated.

Error: UNINIT:
/qemu-1.0rc1/oslib-posix.c:168:
var_decl: Declaring variable "tv_now" without initializer.
/qemu-1.0rc1/oslib-posix.c:199:
uninit_use: Using uninitialized value "tv_now.tv_sec".
/qemu-1.0rc1/oslib-posix.c:200:
uninit_use: Using uninitialized value "tv_now.tv_usec".

Error: UNINIT:
/qemu-1.0rc1/hw/elf_ops.h:80:
var_decl: Declaring variable "key" without initializer.
/qemu-1.0rc1/hw/elf_ops.h:85:
uninit_use_in_call: Using uninitialized value "key": field "key".st_shndx is uninitialized when calling "bsearch".

Error: UNINIT:
/qemu-1.0rc1/hw/elf_ops.h:80:
var_decl: Declaring variable "key" without initializer.
/qemu-1.0rc1/hw/elf_ops.h:85:
uninit_use_in_call: Using uninitialized value "key": field "key".st_size is uninitialized when calling "bsearch".

Error: UNINIT:
/qemu-1.0rc1/hw/pc.c:338:
var_decl: Declaring variable "fd_type" without initializer.
/qemu-1.0rc1/hw/pc.c:393:
uninit_use_in_call: Using uninitialized value "fd_type[0]" when calling "cmos_get_fd_drive_type".
/qemu-1.0rc1/hw/pc.c:197:
read_parm: Reading a parameter value.

Error: UNINIT:
/qemu-1.0rc1/hw/sun4m.c:828:
var_decl: Declaring variable "fdc_tc" without initializer.
/qemu-1.0rc1/hw/sun4m.c:927:
uninit_use_in_call: Using uninitialized value "fdc_tc" when calling "slavio_misc_init".
/qemu-1.0rc1/hw/sun4m.c:514:
read_parm: Reading a parameter value.

Error: UNINIT:
/qemu-1.0rc1/hw/usb-uhci.c:949:
var_decl: Declaring variable "qhdb" without initializer.
/qemu-1.0rc1/hw/usb-uhci.c:967:
uninit_use_in_call: Using uninitialized element of array "qhdb.addr" when calling "qhdb_insert".
/qemu-1.0rc1/hw/usb-uhci.c:932:
read_parm_fld: Reading a parameter field.

Error: UNINIT:
/qemu-1.0rc1/hw/virtio-serial-bus.c:320:
var_decl: Declaring variable "cpkt" without initializer.
/qemu-1.0rc1/hw/virtio-serial-bus.c:388:
uninit_use_in_call: Using uninitialized value "cpkt": field "cpkt".id is uninitialized when calling "memcpy".

Error: UNINIT:
/qemu-1.0rc1/linux-user/arm/nwfpe/double_cpdo.c:40:
var_decl: Declaring variable "rFm" without initializer.
/qemu-1.0rc1/linux-user/arm/nwfpe/double_cpdo.c:98:
uninit_use_in_call: Using uninitialized value "rFm" when calling "float64_add".
/qemu-1.0rc1/fpu/softfloat.c:3419:
read_parm: Reading a parameter value.
/qemu-1.0rc1/linux-user/arm/nwfpe/double_cpdo.c:103:
uninit_use_in_call: Using uninitialized value "rFm" when calling "float64_mul".
/qemu-1.0rc1/fpu/softfloat.c:3468:
read_parm: Reading a parameter value.
/qemu-1.0rc1/linux-user/arm/nwfpe/double_cpdo.c:107:
uninit_use_in_call: Using uninitialized value "rFm" when calling "float64_sub".
/qemu-1.0rc1/fpu/softfloat.c:3442:
read_parm: Reading a parameter value.
/qemu-1.0rc1/linux-user/arm/nwfpe/double_cpdo.c:111:
uninit_use_in_call: Using uninitialized value "rFm" when calling "float64_sub".
/qemu-1.0rc1/fpu/softfloat.c:3441:
read_parm: Reading a parameter value.
/qemu-1.0rc1/linux-user/arm/nwfpe/double_cpdo.c:116:
uninit_use_in_call: Using uninitialized value "rFm" when calling "float64_div".
/qemu-1.0rc1/fpu/softfloat.c:3530:
read_parm: Reading a parameter value.
/qemu-1.0rc1/linux-user/arm/nwfpe/double_cpdo.c:121:
uninit_use_in_call: Using uninitialized value "rFm" when calling "float64_div".
/qemu-1.0rc1/fpu/softfloat.c:3529:
read_parm: Reading a parameter value.
/qemu-1.0rc1/linux-user/arm/nwfpe/double_cpdo.c:135:
uninit_use_in_call: Using uninitialized value "rFm" when calling "float64_rem".
/qemu-1.0rc1/fpu/softfloat.c:3603:
read_parm: Reading a parameter value.
/qemu-1.0rc1/linux-user/arm/nwfpe/double_cpdo.c:146:
uninit_use: Using uninitialized value "rFm".
/qemu-1.0rc1/linux-user/arm/nwfpe/double_cpdo.c:175:
uninit_use_in_call: Using uninitialized value "rFm" when calling "float64_round_to_int".
/qemu-1.0rc1/fpu/softfloat.c:3196:
read_parm: Reading a parameter value.
/qemu-1.0rc1/linux-user/arm/nwfpe/double_cpdo.c:179:
uninit_use_in_call: Using uninitialized value "rFm" when calling "float64_sqrt".
/qemu-1.0rc1/fpu/softfloat.c:3906:
read_parm: Reading a parameter value.

Error: UNINIT:
/qemu-1.0rc1/linux-user/arm/nwfpe/extended_cpdo.c:40:
var_decl: Declaring variable "rFn" without initializer.
/qemu-1.0rc1/linux-user/arm/nwfpe/extended_cpdo.c:96:
uninit_use_in_call: Using uninitialized value "rFn": field "rFn".high is uninitialized when calling "floatx80_add".
/qemu-1.0rc1/fpu/softfloat.c:4662:
read_parm: Reading a parameter value.
/qemu-1.0rc1/linux-user/arm/nwfpe/extended_cpdo.c:101:
uninit_use_in_call: Using uninitialized value "rFn": field "rFn".high is uninitialized when calling "floatx80_mul".
/qemu-1.0rc1/fpu/softfloat.c:4707:
read_parm: Reading a parameter value.
/qemu-1.0rc1/linux-user/arm/nwfpe/extended_cpdo.c:105:
uninit_use_in_call: Using uninitialized value "rFn": field "rFn".high is uninitialized when calling "floatx80_sub".
/qemu-1.0rc1/fpu/softfloat.c:4683:
read_parm: Reading a parameter value.
/qemu-1.0rc1/linux-user/arm/nwfpe/extended_cpdo.c:109:
uninit_use_in_call: Using uninitialized value "rFn": field "rFn".high is uninitialized when calling "floatx80_sub".
/qemu-1.0rc1/fpu/softfloat.c:4684:
read_parm: Reading a parameter value.
/qemu-1.0rc1/linux-user/arm/nwfpe/extended_cpdo.c:114:
uninit_use_in_call: Using uninitialized value "rFn": field "rFn".high is uninitialized when calling "floatx80_div".
/qemu-1.0rc1/fpu/softfloat.c:4767:
read_parm: Reading a parameter value.
/qemu-1.0rc1/linux-user/arm/nwfpe/extended_cpdo.c:119:
uninit_use_in_call: Using uninitialized value "rFn": field "rFn".high is uninitialized when calling "floatx80_div".
/qemu-1.0rc1/fpu/softfloat.c:4770:
read_parm: Reading a parameter value.
/qemu-1.0rc1/linux-user/arm/nwfpe/extended_cpdo.c:133:
uninit_use_in_call: Using uninitialized value "rFn": field "rFn".high is uninitialized when calling "floatx80_rem".
/qemu-1.0rc1/fpu/softfloat.c:4847:
read_parm: Reading a parameter value.

Error: UNINIT:
/qemu-1.0rc1/linux-user/elfload.c:1707:
var_decl: Declaring variable "key" without initializer.
/qemu-1.0rc1/linux-user/elfload.c:1712:
uninit_use_in_call: Using uninitialized value "key": field "key".st_size is uninitialized when calling "bsearch".

Error: UNINIT:
/qemu-1.0rc1/linux-user/syscall.c:7910:
var_decl: Declaring variable "posix_mq_attr_in" without initializer.
/qemu-1.0rc1/linux-user/syscall.c:7918:
uninit_use_in_call: Using uninitialized value "posix_mq_attr_in": field "posix_mq_attr_in".__pad is uninitialized when calling "mq_setattr".

Error: UNINIT:
/qemu-1.0rc1/slirp/slirp.c:411:
var_decl: Declaring variable "ret" without initializer.
/qemu-1.0rc1/slirp/slirp.c:491:
uninit_use_in_call: Using uninitialized value "ret" when calling "send".

Error: UNINIT:
/qemu-1.0rc1/net/socket.c:251:
var_decl: Declaring variable "saddr" without initializer.
/qemu-1.0rc1/net/socket.c:293:
uninit_use: Using uninitialized value "saddr.sin_port".

Error: UNINIT:
/qemu-1.0rc1/net/socket.c:253:
var_decl: Declaring variable "saddr_len" without initializer.
/qemu-1.0rc1/net/socket.c:263:
uninit_use_in_call: Using uninitialized value "saddr_len" when calling "getsockname".

Error: UNINIT:
/qemu-1.0rc1/vl.c:1039:
var_decl: Declaring variable "p" without initializer.
/qemu-1.0rc1/vl.c:1058:
uninit_use_in_call: Using uninitialized value "p" when calling "hci_init".
/qemu-1.0rc1/vl.c:618:
read_parm: Reading a parameter value.

Error: UNREACHABLE:
/qemu-1.0rc1/hw/ide/microdrive.c:212:
unreachable: This code cannot be reached: "if (s->cycle)ret = s->io >>...".

Error: UNREACHABLE:
/qemu-1.0rc1/hw/ide/microdrive.c:273:
unreachable: This code cannot be reached: "if (s->cycle)ide_data_write...".

Error: UNREACHABLE:
/qemu-1.0rc1/hw/sd.c:335:
unreachable: This code cannot be reached: "return sd_crc7(buffer, 5UL)...".

Error: UNREACHABLE:
/qemu-1.0rc1/hw/usb-musb.c:573:
unreachable: This code cannot be reached: "switch (ttype){
  case 0:
 ...".

Error: UNREACHABLE:
/qemu-1.0rc1/target-s390x/op_helper.c:260:
unreachable: This code cannot be reached: "if (dest != src + 1UL){
  f...".

Error: UNUSED_VALUE:
/qemu-1.0rc1/linux-user/mmap.c:463:
returned_pointer: Pointer "p" returned by "mmap((void *)((unsigned long)mmap_start + guest_base), len, prot, flags | 0x10, fd, host_offset)" is never used.

Error: UNUSED_VALUE:
/qemu-1.0rc1/linux-user/mmap.c:730:
returned_pointer: Pointer "host_addr" returned by "mremap((void *)((unsigned long)old_addr + guest_base), new_size, old_size, flags)" is never used.

Error: USE_AFTER_FREE:
/qemu-1.0rc1/audio/wavaudio.c:212:
freed_arg: "fclose" frees "wav->f".
/qemu-1.0rc1/audio/wavaudio.c:213:
pass_freed_arg: Passing freed pointer "wav->f" as an argument to function "dolog".

Error: USE_AFTER_FREE:
/qemu-1.0rc1/envlist.c:52:
alias: Assigning: "entry" = "envlist->el_entries.lh_first". Now both point to the same storage.
/qemu-1.0rc1/envlist.c:56:
freed_arg: "free" frees "entry".
/qemu-1.0rc1/envlist.c:52:
use_after_free: Using freed pointer "envlist->el_entries.lh_first".

Error: USE_AFTER_FREE:
/qemu-1.0rc1/envlist.c:154:
alias: Assigning: "entry" = "envlist->el_entries.lh_first". Now both point to the same storage.
/qemu-1.0rc1/envlist.c:163:
freed_arg: "free" frees "entry".
/qemu-1.0rc1/envlist.c:174:
use_after_free: Using freed pointer "envlist->el_entries.lh_first".