Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C++ C VC

I am one of the PVS-Studio analyzer’s developers. To learn more about the analyzer, please follow here. We constantly create new diagnostic rules. The list of new rules to be yet implemented seems to be infinite. We constantly enlarge the todo-list with new samples of errors we would like to teach our tool to diagnose. So we don’t have any problems with lack of tasks. But we do have a problem about how to choose the most interesting and frequent types of errors. It’s logical to primarily realize diagnosis of those errors that are most frequent in applications. The question is how to set priorities for different tasks.

There came an idea to create a section on the website where we will list various defect samples and users will be able to vote for those errors they make most often. I don’t like this approach due to the following two crucial reasons.

1) The error list will be too great. It means that nobody will look through it entirely. The samples put in the beginning of the list will get the highest priority. Of course, we could sort the samples at random, but it’s not clear then how to continue studying the list the next day, for example. And in general, all this is becoming too complicated.

2) Programmers underestimate primary mistakes (see Myth two). For example, they don’t like to admit that a huge number of errors occur because of Copy-Paste and misprints. Few people will vote for a sample like the following one:

bool isclosebrace (TCHAR c)
{
  return c == _T ('}') ||
         c == _T ('}') || // there should be ')'
         c == _T (']') ||
         c == _T ('>');
} 

Programmers will vote for uninitialized variables, array overruns and other interesting issues. But as our experience shows, a whole lot of errors are mistakes of various sorts. Thus, the voting won’t correspond to the real situation.

I have invented another method of setting priorities. I’m asking you, dear programmers, to share with us samples of errors you personally ever made. Tell us about any errors, regardless whether you find them serious or not. The examples you will give us will be live and truly represent the actual situation. I hope that we will be able to figure out what issues people are facing most often.

I will post several such topics for discussion on different websites. Error patterns that we have in our base and that will be mentioned by some of you will get a higher priority. If one and the same error type is described several times, then it will be addressed in the first place. We will greatly appreciate your samples.

Here are a couple of examples of code samples we would like to receive from you.

TCHAR headerM[headerSize] = TEXT("");
...
if (headerM != '\0')

The programmer wanted to check that the string is empty but forgot to dereference the pointer. This is a widely spread misprint. This is the correct code: "if (*headerM != _T('\0'))".

if (memcmp(this, &other, sizeof(Matrix4) == 0)) {

A closing parenthesis is put in a wrong place. As a result, the memcmp() function compares 0 bytes.

BOOL ret = TRUE;
if (m_hbitmap)
  BOOL ret = picture.SaveToFile(fptr);

The 'ret' variable is defined one more odd time. As a result, the code won’t handle the case when the file cannot be saved.

These examples don’t require complex AI and therefore are easily diagnosed by static analysis tools. We would like to get something like these samples from you.

I think that many examples you will share are already diagnosable by PVS-Studio. But it doesn’t matter, I will filter them out. If you want, you can try yourselves to find out if PVS-Studio can detect certain error types. For this purpose you can use the demo version. By the way, it’s absolutely full-function, which allows you to try it on your own projects at the same time.

---

Sincerely yours, Andrey Karpov

The best way to share your samples is to post comments here or send them to my e-mail: karpov[@]viva64.com

Posted 16-May-12 6:45am
Edited 16-May-12 7:45am
v2
Comments
Sandeep Mewara at 16-May-12 11:59am
   
Well written question. 5!
SAKryukov at 16-May-12 12:38pm
   
I voted 5, too. I must say, Andrey is the author of very wise articles on code analysis he references (please see my comment below).
--SA
Maximilien at 16-May-12 12:23pm
   
I'm not certain what you are asking; are you asking for a corpus of probable/potential errors ?
Karpov Andrey at 16-May-12 12:48pm
   
I want you to share examples of mistakes that you wrote, and which can be detected by static analysis.
SAKryukov at 16-May-12 12:36pm
   
Thank you, Andrey, for the reference to your article on the analysis. Too bad most readers here won't be able to read it in Russian. Perhaps you should think about English version. I would like to confirm your wise ideas with my own experience.
 
I must say that is should not be confined by the short-living applications. You can talk about analysis of a wide class of code, not necessarily the application code. Any such code could be considered as the application code relative to the analysis technology, but the code under analysis could be anything, including system programming, etc. Relatively recently, I've developed an interesting architecture -- a variant of Data Contact with added flexibility and high performance, with important role of the code analysis. This is a missing link for programming oriented to high-quality output. Even though I'm talking about the analysis of compiled code, functionally it's the same as static analysis, because it's the analysis the CLR CIL code based on pure reflection.
 
I must say that many of your analysis topics are bases on the archaic features of C++. But I want to reassure that your thoughts are applicable even when the "stupid mistakes" you refer to are not possible due to some development technology. Not to worry -- a human developer will always find a room for those "stupid mistakes", albeit of some other nature. :-)
This way, your ideas remain valid.
 
Let me think at your material. Even though I'm not particularly interested in the diagnostics rules of the level you work with mostly, perhaps we will exchange some ideas.
 
Best,
--SA
Karpov Andrey at 16-May-12 12:51pm
   
Thanks for the comments and remarks about the link. I fix the links.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Here's an example of something I've had issues with in the past:
C* makeC()
{
    C c;
    return &c;
}
 
Drove me crazy before I understood the difference in heap vs. stack, because sometimes it would work as expected, sometimes it wouldn't, and I could actually watch the object degrade in the debugger and had no idea why.
  Permalink  
Comments
Karpov Andrey at 16-May-12 13:32pm
   
Thank you for the example. This type of error is already detected by the analyzer. Diagnostic: V558 Function returns the pointer to temporary local object: &c.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

Uneffective code inside loop:
 
char* str = 0;
for( int i = 0; i < strlen( str ); i++ ) {
}
 
strlen() must be carry out of loop.
  Permalink  
Comments
Karpov Andrey at 17-May-12 14:29pm
   
Thanks.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

The discussion here is somehow was not took. I close the question. Discussion can continue here.
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 245
1 Jochen Arndt 155
2 PIEBALDconsult 150
3 Afzaal Ahmad Zeeshan 120
4 DamithSL 115
0 OriginalGriff 5,695
1 DamithSL 4,591
2 Maciej Los 4,012
3 Kornfeld Eliyahu Peter 3,480
4 Sergey Alexandrovich Kryukov 3,190


Advertise | Privacy | Mobile
Web03 | 2.8.141220.1 | Last Updated 18 May 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100