SlideShare a Scribd company logo

The CppCat Analyzer Checks TortoiseGit

Andrey Karpov
Andrey Karpov

In most of our articles about project checks, we mention that bugs are found by the PVS-Studio static code analyzer. In certain cases – when dealing with projects of a complex structure – it is this particular analyzer that is needed. However, many developers will also appreciate its lightweight version, the CppCat analyzer. In this connection, we decided to use CppCat this time, when checking the TortoiseGit project.

Software
1 of 11
Download to read offline
The CppCat Analyzer Checks TortoiseGit Author: Andrey Karpov Date: 18.05.2014 In most of our articles about project checks, we mention that bugs are found by the PVS-Studio static code analyzer. In certain cases – when dealing with projects of a complex structure – it is this particular analyzer that is needed. However, many developers will also appreciate its lightweight version, the CppCat analyzer. In this connection, we decided to use CppCat this time, when checking the TortoiseGit project. TortoiseGit Description from Wikipedia: TortoiseGit is a Git revision control client, implemented as a Microsoft Windows shell extension. It is free software released under the GNU General Public License. The TortoiseGit project is small – the total size of the source codes we have downloaded is 35 Mbytes. And if we don't count the "ext" folder, it leaves only 9 Mbytes. The project developers are obviously concerned with the product's quality. It is indirectly hinted at by the fact that they use the /W4 switch (the fourth warning level) when compiling the code with Visual C++. Besides, I also noticed the Cppcheck analyzer to be mentioned in the source code. So let's find out if CppCat has managed to find anything of interest in this project. CppCat There are two brothers: PVS-Studio, the elder one, and CppCat, the younger one. Both share a number of basic capabilities: • They can integrate into Visual Studio and check projects written in C, C++, C++/CX, and C++/CLI.
• They can automatically check files after compilation. • They allow using various settings and marks in the code in order to eliminate false positives. This functionality is quite enough for most projects. If it suits your task, you obviously need CppCat. Taking into account that the annual license costs $250, you shouldn't delay the purchase: the analyzer will pay off pretty soon through catching typos and other defects. License renewal costs $200. But what does PVS-Studio possess that CppCat lacks? Quite a lot of things; but they are not always necessary. Here is a brief list of PVS-Studio's unique features: • Support of old Visual Studio versions: VS2005 and VS2008. • Integration into automatic build systems. • Standalone version. It allows you to track compiler calls from any build system and collect information necessary for project analysis. Besides, it also allows you to check preprocessed *.i files prepared in advance. • 64-bit error search (relevant for 64-bit programs that make use of large memory buffers); • Recommendations on potential microoptimizations in the code; • Custom-made diagnostics. If you have purchased PVS-Studio, we can implement specific diagnostics by your request. • A bit more general diagnostics than provided by CppCat. They produce too many false positives and refer to the third severity level and are turned off by default. • MSBuild support. • Handling the tool from the command line. • Saving the analysis report into a file, and other useful features. Pretty much, as you can see, but not all of these features are necessary all the time. Now let's pass on from advertising to action; let's see what the CppCat analyzer has managed to find in TortoiseGit. Analysis results A note for TortoiseGit's developers. The project can't be checked right away as there is some trouble with inclusion of stdafx.h files. Below is a brief explanation. In certain places wrong stdafx.h files are included. You don't face any problems during compilation because the compiler takes data from the precompiled *.pch files. But these errors reveal themselves when trying to create preprocessed *.i files. TortoiseGit's developers may contact us, and we will explain how to fix this issue in the project. Troubles with m_Rev2 class CGitStatusListCtrl : public CListCtrl { .... CString m_Rev1; CString m_Rev2; .... };
void CGitStatusListCtrl::OnContextMenuList(....) { .... if( (!this->m_Rev1.IsEmpty()) || (!this->m_Rev1.IsEmpty()) ) .... } CppCat's diagnostic message: V501 There are identical sub-expressions '(!this->m_Rev1.IsEmpty())' to the left and to the right of the '||' operator. gitstatuslistctrl.cpp 1560 There are two members in the class: m_Rev1 and m_Rev2. It is these members that should have been most likely used in the expression. Then the code should look as follows: if( (!this->m_Rev1.IsEmpty()) || (!this->m_Rev2.IsEmpty()) ) Another similar fragment: void CGitStatusListCtrl::OnNMDblclk(....) { .... if( (!m_Rev1.IsEmpty()) || (!m_Rev1.IsEmpty())) // m_Rev1 twice??? .... } CppCat's diagnostic message: V501 There are identical sub-expressions '(!m_Rev1.IsEmpty())' to the left and to the right of the '||' operator. gitstatuslistctrl.cpp 2642 There is a comment in this code hinting that the programmers suspect something is wrong :). Another similar typo can be found in gitstatuslistctrl.cpp 3274. Something wrong with conditions svn_error_t * svn_mergeinfo__adjust_mergeinfo_rangelists(....) { .... if (range->start + offset > 0 && range->end + offset > 0) { if (range->start + offset < 0) range->start = 0; else
range->start = range->start + offset; if (range->end + offset < 0) range->end = 0; else range->end = range->end + offset; .... } CppCat's diagnostic message: V637 Two opposite conditions were encountered. The second condition is always false. Check lines: 2464, 2466. TortoiseGitMerge mergeinfo.c 2464 Something is wrong with conditions. To make it clearer, let's simplify the code a bit: • Replace "range->start + offset" with A; • Replace "range->end + offset" with B. We get the following pseudocode: if (A > 0 && B > 0) { if (A < 0) range->start = 0; else range->start = A; if (B < 0) range->end = 0; else range->end = B; .... } It is now clearly seen that the checks (A < 0) and (B < 0) are meaningless: they will never be true. There must be some logical errors in the code. Undereferenced pointer void svn_path_splitext(const char **path_root, const char **path_ext, const char *path, apr_pool_t *pool) {
const char *last_dot; .... last_dot = strrchr(path, '.'); if (last_dot && (last_dot + 1 != '0')) .... } CppCat's diagnostic message: V528 It is odd that pointer to 'char' type is compared with the '0' value. Probably meant: *last_dot + 1 != '0'. path.c 1258 Let's examine the (last_dot + 1 != '0') expression in detail. Inside it, one is added to the pointer, the result then being compared to zero. This expression doesn't make sense, and I suspect the code should look like this: if (last_dot && (*(last_dot + 1) != '0')) Well, it would probably be better this way: if (last_dot && last_dot[1] != '0') CppCat has found another similar error: static const char * fuzzy_escape(const char *src, apr_size_t len, apr_pool_t *pool) { const char *src_orig = src; .... while (src_orig < src_end) { if (! svn_ctype_isascii(*src_orig) || src_orig == '0') .... } CppCat's diagnostic message: V528 It is odd that pointer to 'char' type is compared with the '0' value. Probably meant: *src_orig == '0'. utf.c 501 The following should be written instead: if (! svn_ctype_isascii(*src_orig) || *src_orig == '0') Octal number There is some piece of code which roams from project to project, and I often stumble across it. This code contains a bug that makes almost every program behave incorrectly with the IBM EBCDIC US-Canada charset. I don't think it is a crucial defect because this charset doesn't seem to be widely used nowadays. But I still should mention this bug. Here is this piece of code: static CodeMap map[]=
{ {037, _T("IBM037")}, // IBM EBCDIC US-Canada {437, _T("IBM437")}, // OEM United States {500, _T("IBM500")}, // IBM EBCDIC International .... }; CppCat's diagnostic message: V536 Be advised that the utilized constant value is represented by an octal form. Oct: 037, Dec: 31. unicodeutils.cpp 42 To make the text look nicer, the programmer wrote number 37 with 0 on the left. Doing so is incorrect because it results in a decimal number 37 becoming an octal number 037. The octal number 037 is equivalent to decimal 31. Conditions which are always true or false void CCloneDlg::OnBnClickedCheckSvn() { .... CString str; m_URLCombo.GetWindowText(str); while(str.GetLength()>=1 && str[str.GetLength()-1] == _T('') && str[str.GetLength()-1] == _T('/')) { str=str.Left(str.GetLength()-1); } .... } CppCat's diagnostic messages: V547 Expression is always false. Probably the '||' operator should be used here. clonedlg.cpp 413 The code fragment above must delete all the and / characters at the end of a string. But it won't happen actually because of the following error: str[str.GetLength()-1] == _T('') && str[str.GetLength()-1] == _T('/') A string character cannot be and / at the same time. The code must have looked like this: while(str.GetLength()>=1 && (str[str.GetLength()-1] == _T('') ||
str[str.GetLength()-1] == _T('/'))) { str=str.Left(str.GetLength()-1); } There is another similar error related to a status check: enum git_ack_status { GIT_ACK_NONE, GIT_ACK_CONTINUE, GIT_ACK_COMMON, GIT_ACK_READY }; static int wait_while_ack(gitno_buffer *buf) { .... if (pkt->type == GIT_PKT_ACK && (pkt->status != GIT_ACK_CONTINUE || pkt->status != GIT_ACK_COMMON)) { .... } CppCat's diagnostic message: V547 Expression is always true. Probably the '&&' operator should be used here. smart_protocol.c 264 The condition here is, on the contrary, always true; the status is always not equal to GIT_ACK_CONTINUE or GIT_ACK_COMMON. Missing virtual destructor The program has the Command class that contains virtual functions: class Command { virtual bool Execute() = 0; .... }; The programmer forgot to declare the destructor virtual. A number of classes are inherited from this class: class SVNIgnoreCommand : public Command .... class AddCommand : public Command ....
class AutoTextTestCommand : public Command .... Since we are working with a pointer to a base class, it causes problems when destroying objects. BOOL CTortoiseProcApp::InitInstance() { .... Command * cmd = server.GetCommand(....); .... delete cmd; .... } CppCat's diagnostic message: V599 The virtual destructor is not present, although the 'Command' class contains virtual functions. TortoiseGitProc tortoiseproc.cpp 497 Note. Now let me digress a bit. Applicants at an interview would often make jokes and laugh when answering the trite question, "What is the purpose of virtual destructors?", meaning that it is too old and trivial to ask it again and again. They shouldn't laugh though. The question is really good, and I always ask it. It allows me to identify suspicious people quicker. If an applicant gives a correct answer about virtual destructors, it doesn't mean too much, of course. It is just that he must have either read about it in a book or investigated the standard questions usually asked at an interview and prepared for it by learning the answers. Once again, a correct answer doesn't guarantee that the guy is a good programmer. A more important thing is when he cannot answer. How on earth can one read books on C++ and articles about job interviews on the Internet and miss this topic? Strange, isn't it? Potential null pointer dereferencing This time I haven't attentively examined the warnings about potential null pointer dereferencing errors. There were a few V595 diagnostics, but honestly I didn't feel like investigating them. Here you are only one example: void free_decoration(struct decoration *n) { unsigned int i; struct object_decoration *hash = n->hash; if (n == NULL || n->hash == NULL) return; .... } CppCat's diagnostic message: V595 The 'n' pointer was utilized before it was verified against nullptr. Check lines: 41, 43. decorate.c 41 The 'n' pointer is dereferenced in the 'n->hash' expression and is later checked for being null. It means that this pointer can potentially be null, so troubles may occur.
Incorrect string formatting int CGit::GetCommitDiffList(....) { .... cmd.Format( _T("git.exe diff -r -R --raw -C -M --numstat -z %s --"), ignore, rev1); .... } CppCat's diagnostic message: V576 Incorrect format. A different number of actual arguments is expected while calling 'Format' function. Expected: 2. Present: 3. git.cpp 1231 One actual argument is redundant. Potentially dangerous array index TortoiseGit contains the following code fragment: static svn_error_t * token_compare(....) { .... int idx = datasource_to_index(file_token[i]->datasource); file[i] = &file_baton->files[idx]; .... } What is dangerous about it is that the 'idx' variable may theoretically be negative. The analyzer has noticed that the datasource_to_index function may return -1 in case of an error: static int datasource_to_index(svn_diff_datasource_e datasource) { switch (datasource) { .... } return -1; } CppCat's diagnostic message: V557 Array underrun is possible. The value of 'idx' index could reach -1. diff_file.c 1052
Thus, although this code works well, it is potentially dangerous as an array overrun may occur. Resource leak CMyMemDC(CDC* pDC, ....) { .... CreateCompatibleDC(pDC); .... } CppCat's diagnostic message: V530 The return value of function 'CreateCompatibleDC' is required to be utilized. mymemdc.h 36 A device context (DC) is created but it is not used in any way and nor is it destroyed. A similar error can be found in mymemdc.h 70 Comparing different enum-types Some mess occurs when comparing enum-types: static enum { ABORT, VERBATIM, WARN, WARN_STRIP, STRIP } signed_tag_mode = ABORT; static enum { ERROR, DROP, REWRITE } tag_of_filtered_mode = ERROR; static void handle_tag(const char *name, struct tag *tag) { .... switch(tag_of_filtered_mode) { case ABORT: .... } CppCat's diagnostic message: V556 The values of different enum types are compared: switch(ENUM_TYPE_A) { case ENUM_TYPE_B: ... }. fast-export.c 449 The variables tag_of_filtered_mode and ABORT are of different types. Typo static int blame_internal(git_blame *blame) {
.... blame->ent = ent; blame->path = blame->path; .... } CppCat's diagnostic message: V570 The 'blame->path' variable is assigned to itself. blame.c 319 Other errors There were some other errors and defects as well, but I didn't find them interesting enough to be mentioned in the article. TortoiseGit's developers will easily find all the defects themselves with the help of the CppCat tool. The demo version is active through 7 days, which is enough to thoroughly investigate a small project and fix all the issues found. Well, after all, the price of $250 is well affordable even for an indie developer. I want to remind you that static analysis brings highest profit when being used regularly. To download the tool and check your code just once is dabbling, not the proper use of the static code analysis methodology. Why, programmers examine compiler warnings regularly, not just once in 3 years before some release, don't they? Conclusion The article appears to have a certain advertising flavor about it. Sorry for that. Firstly, it's not just every time that we manage to write interesting articles about project checks. Secondly, we want the CppCat analyzer to be known by as many programmers as possible. This is a wonderful, inexpensive tool that can suit a large audience of developers working in Visual C++. When used regularly, it will help you save huge amounts of time you would otherwise waste searching for typos and other mistakes. Download CppCat here: http://www.cppcat.com/ If you feel you are missing some functionality, try PVS-Studio instead: Download PVS-Studio here: http://www.viva64.com/en/pvs-studio-download/ But don't rush for it if you don't have the experience of working with static analysis. This methodology will be much easier to master with CppCat than PVS-Studio. Besides, CppCat will be enough for most tasks. On the contrary, PVS-Studio may confuse you with lots of settings options, 64-bit diagnostics, the Standalone version module, and so on.

Recommended

Picking Mushrooms after Cppcheck
Picking Mushrooms after CppcheckPicking Mushrooms after Cppcheck
Picking Mushrooms after CppcheckAndrey Karpov
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerAndrey Karpov
 
100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects 100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects Andrey Karpov
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developAndrey Karpov
 
A Spin-off: CryEngine 3 SDK Checked with CppCat
A Spin-off: CryEngine 3 SDK Checked with CppCatA Spin-off: CryEngine 3 SDK Checked with CppCat
A Spin-off: CryEngine 3 SDK Checked with CppCatAndrey Karpov
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017Andrey Karpov
 
Intel IPP Samples for Windows - error correction
Intel IPP Samples for Windows - error correctionIntel IPP Samples for Windows - error correction
Intel IPP Samples for Windows - error correctionAndrey Karpov
 
Intel IPP Samples for Windows - error correction
Intel IPP Samples for Windows - error correctionIntel IPP Samples for Windows - error correction
Intel IPP Samples for Windows - error correctionPVS-Studio
 

Recommended

Picking Mushrooms after Cppcheck
Picking Mushrooms after CppcheckPicking Mushrooms after Cppcheck
Picking Mushrooms after CppcheckAndrey Karpov
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerAndrey Karpov
 
100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects 100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects Andrey Karpov
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developAndrey Karpov
 
A Spin-off: CryEngine 3 SDK Checked with CppCat
A Spin-off: CryEngine 3 SDK Checked with CppCatA Spin-off: CryEngine 3 SDK Checked with CppCat
A Spin-off: CryEngine 3 SDK Checked with CppCatAndrey Karpov
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017Andrey Karpov
 
Intel IPP Samples for Windows - error correction
Intel IPP Samples for Windows - error correctionIntel IPP Samples for Windows - error correction
Intel IPP Samples for Windows - error correctionAndrey Karpov
 
Intel IPP Samples for Windows - error correction
Intel IPP Samples for Windows - error correctionIntel IPP Samples for Windows - error correction
Intel IPP Samples for Windows - error correctionPVS-Studio
 
Reanalyzing the Notepad++ project
Reanalyzing the Notepad++ projectReanalyzing the Notepad++ project
Reanalyzing the Notepad++ projectPVS-Studio
 
Top 10 bugs in C++ open source projects, checked in 2016
Top 10 bugs in C++ open source projects, checked in 2016Top 10 bugs in C++ open source projects, checked in 2016
Top 10 bugs in C++ open source projects, checked in 2016PVS-Studio
 
LibRaw, Coverity SCAN, PVS-Studio
LibRaw, Coverity SCAN, PVS-StudioLibRaw, Coverity SCAN, PVS-Studio
LibRaw, Coverity SCAN, PVS-StudioAndrey Karpov
 
Waiting for the Linux-version: Checking the Code of Inkscape Graphics Editor
Waiting for the Linux-version: Checking the Code of Inkscape Graphics EditorWaiting for the Linux-version: Checking the Code of Inkscape Graphics Editor
Waiting for the Linux-version: Checking the Code of Inkscape Graphics EditorPVS-Studio
 
PVS-Studio vs Chromium - Continuation
PVS-Studio vs Chromium - ContinuationPVS-Studio vs Chromium - Continuation
PVS-Studio vs Chromium - ContinuationPVS-Studio
 
Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2
Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2
Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2PVS-Studio
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemAndrey Karpov
 
Address/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerAddress/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerPlatonov Sergey
 
Checking OpenCV with PVS-Studio
Checking OpenCV with PVS-StudioChecking OpenCV with PVS-Studio
Checking OpenCV with PVS-StudioPVS-Studio
 
Analysis of the Trans-Proteomic Pipeline (TPP) project
Analysis of the Trans-Proteomic Pipeline (TPP) projectAnalysis of the Trans-Proteomic Pipeline (TPP) project
Analysis of the Trans-Proteomic Pipeline (TPP) projectPVS-Studio
 
Analyzing the Blender project with PVS-Studio
Analyzing the Blender project with PVS-StudioAnalyzing the Blender project with PVS-Studio
Analyzing the Blender project with PVS-StudioPVS-Studio
 
Copy-Paste and Muons
Copy-Paste and MuonsCopy-Paste and Muons
Copy-Paste and MuonsAndrey Karpov
 
Rechecking TortoiseSVN with the PVS-Studio Code Analyzer
Rechecking TortoiseSVN with the PVS-Studio Code AnalyzerRechecking TortoiseSVN with the PVS-Studio Code Analyzer
Rechecking TortoiseSVN with the PVS-Studio Code AnalyzerAndrey Karpov
 
Pre New Year Check of PostgreSQL
Pre New Year Check of PostgreSQLPre New Year Check of PostgreSQL
Pre New Year Check of PostgreSQLAndrey Karpov
 
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...Andrey Karpov
 
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...PVS-Studio
 
PVS-Studio for Linux (CoreHard presentation)
PVS-Studio for Linux (CoreHard presentation)PVS-Studio for Linux (CoreHard presentation)
PVS-Studio for Linux (CoreHard presentation)Andrey Karpov
 
An Experiment with Checking the glibc Library
An Experiment with Checking the glibc LibraryAn Experiment with Checking the glibc Library
An Experiment with Checking the glibc LibraryAndrey Karpov
 
Analyzing Firebird 3.0
Analyzing Firebird 3.0Analyzing Firebird 3.0
Analyzing Firebird 3.0Ekaterina Milovidova
 
Checking GIMP's Source Code with PVS-Studio
Checking GIMP's Source Code with PVS-StudioChecking GIMP's Source Code with PVS-Studio
Checking GIMP's Source Code with PVS-StudioAndrey Karpov
 
Static and Dynamic Code Analysis
Static and Dynamic Code AnalysisStatic and Dynamic Code Analysis
Static and Dynamic Code AnalysisAndrey Karpov
 
Checking Oracle VM VirtualBox. Part 2
Checking Oracle VM VirtualBox. Part 2Checking Oracle VM VirtualBox. Part 2
Checking Oracle VM VirtualBox. Part 2Andrey Karpov
 

More Related Content

What's hot

Reanalyzing the Notepad++ project
Reanalyzing the Notepad++ projectReanalyzing the Notepad++ project
Reanalyzing the Notepad++ projectPVS-Studio
 
Top 10 bugs in C++ open source projects, checked in 2016
Top 10 bugs in C++ open source projects, checked in 2016Top 10 bugs in C++ open source projects, checked in 2016
Top 10 bugs in C++ open source projects, checked in 2016PVS-Studio
 
LibRaw, Coverity SCAN, PVS-Studio
LibRaw, Coverity SCAN, PVS-StudioLibRaw, Coverity SCAN, PVS-Studio
LibRaw, Coverity SCAN, PVS-StudioAndrey Karpov
 
Waiting for the Linux-version: Checking the Code of Inkscape Graphics Editor
Waiting for the Linux-version: Checking the Code of Inkscape Graphics EditorWaiting for the Linux-version: Checking the Code of Inkscape Graphics Editor
Waiting for the Linux-version: Checking the Code of Inkscape Graphics EditorPVS-Studio
 
PVS-Studio vs Chromium - Continuation
PVS-Studio vs Chromium - ContinuationPVS-Studio vs Chromium - Continuation
PVS-Studio vs Chromium - ContinuationPVS-Studio
 
Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2
Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2
Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2PVS-Studio
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemAndrey Karpov
 
Address/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerAddress/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerPlatonov Sergey
 
Checking OpenCV with PVS-Studio
Checking OpenCV with PVS-StudioChecking OpenCV with PVS-Studio
Checking OpenCV with PVS-StudioPVS-Studio
 
Analysis of the Trans-Proteomic Pipeline (TPP) project
Analysis of the Trans-Proteomic Pipeline (TPP) projectAnalysis of the Trans-Proteomic Pipeline (TPP) project
Analysis of the Trans-Proteomic Pipeline (TPP) projectPVS-Studio
 
Analyzing the Blender project with PVS-Studio
Analyzing the Blender project with PVS-StudioAnalyzing the Blender project with PVS-Studio
Analyzing the Blender project with PVS-StudioPVS-Studio
 
Copy-Paste and Muons
Copy-Paste and MuonsCopy-Paste and Muons
Copy-Paste and MuonsAndrey Karpov
 
Rechecking TortoiseSVN with the PVS-Studio Code Analyzer
Rechecking TortoiseSVN with the PVS-Studio Code AnalyzerRechecking TortoiseSVN with the PVS-Studio Code Analyzer
Rechecking TortoiseSVN with the PVS-Studio Code AnalyzerAndrey Karpov
 
Pre New Year Check of PostgreSQL
Pre New Year Check of PostgreSQLPre New Year Check of PostgreSQL
Pre New Year Check of PostgreSQLAndrey Karpov
 
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...Andrey Karpov
 
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...PVS-Studio
 
PVS-Studio for Linux (CoreHard presentation)
PVS-Studio for Linux (CoreHard presentation)PVS-Studio for Linux (CoreHard presentation)
PVS-Studio for Linux (CoreHard presentation)Andrey Karpov
 
An Experiment with Checking the glibc Library
An Experiment with Checking the glibc LibraryAn Experiment with Checking the glibc Library
An Experiment with Checking the glibc LibraryAndrey Karpov
 
Checking GIMP's Source Code with PVS-Studio
Checking GIMP's Source Code with PVS-StudioChecking GIMP's Source Code with PVS-Studio
Checking GIMP's Source Code with PVS-StudioAndrey Karpov
 

What's hot (20)

Reanalyzing the Notepad++ project
Reanalyzing the Notepad++ projectReanalyzing the Notepad++ project
Reanalyzing the Notepad++ project
 
Top 10 bugs in C++ open source projects, checked in 2016
Top 10 bugs in C++ open source projects, checked in 2016Top 10 bugs in C++ open source projects, checked in 2016
Top 10 bugs in C++ open source projects, checked in 2016
 
LibRaw, Coverity SCAN, PVS-Studio
LibRaw, Coverity SCAN, PVS-StudioLibRaw, Coverity SCAN, PVS-Studio
LibRaw, Coverity SCAN, PVS-Studio
 
Waiting for the Linux-version: Checking the Code of Inkscape Graphics Editor
Waiting for the Linux-version: Checking the Code of Inkscape Graphics EditorWaiting for the Linux-version: Checking the Code of Inkscape Graphics Editor
Waiting for the Linux-version: Checking the Code of Inkscape Graphics Editor
 
PVS-Studio vs Chromium - Continuation
PVS-Studio vs Chromium - ContinuationPVS-Studio vs Chromium - Continuation
PVS-Studio vs Chromium - Continuation
 
Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2
Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2
Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating system
 
Address/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerAddress/Thread/Memory Sanitizer
Address/Thread/Memory Sanitizer
 
Checking OpenCV with PVS-Studio
Checking OpenCV with PVS-StudioChecking OpenCV with PVS-Studio
Checking OpenCV with PVS-Studio
 
Analysis of the Trans-Proteomic Pipeline (TPP) project
Analysis of the Trans-Proteomic Pipeline (TPP) projectAnalysis of the Trans-Proteomic Pipeline (TPP) project
Analysis of the Trans-Proteomic Pipeline (TPP) project
 
Analyzing the Blender project with PVS-Studio
Analyzing the Blender project with PVS-StudioAnalyzing the Blender project with PVS-Studio
Analyzing the Blender project with PVS-Studio
 
Copy-Paste and Muons
Copy-Paste and MuonsCopy-Paste and Muons
Copy-Paste and Muons
 
Rechecking TortoiseSVN with the PVS-Studio Code Analyzer
Rechecking TortoiseSVN with the PVS-Studio Code AnalyzerRechecking TortoiseSVN with the PVS-Studio Code Analyzer
Rechecking TortoiseSVN with the PVS-Studio Code Analyzer
 
Pre New Year Check of PostgreSQL
Pre New Year Check of PostgreSQLPre New Year Check of PostgreSQL
Pre New Year Check of PostgreSQL
 
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
 
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
 
PVS-Studio for Linux (CoreHard presentation)
PVS-Studio for Linux (CoreHard presentation)PVS-Studio for Linux (CoreHard presentation)
PVS-Studio for Linux (CoreHard presentation)
 
An Experiment with Checking the glibc Library
An Experiment with Checking the glibc LibraryAn Experiment with Checking the glibc Library
An Experiment with Checking the glibc Library
 
Analyzing Firebird 3.0
Analyzing Firebird 3.0Analyzing Firebird 3.0
Analyzing Firebird 3.0
 
Checking GIMP's Source Code with PVS-Studio
Checking GIMP's Source Code with PVS-StudioChecking GIMP's Source Code with PVS-Studio
Checking GIMP's Source Code with PVS-Studio
 

Viewers also liked

Static and Dynamic Code Analysis
Static and Dynamic Code AnalysisStatic and Dynamic Code Analysis
Static and Dynamic Code AnalysisAndrey Karpov
 
Checking Oracle VM VirtualBox. Part 2
Checking Oracle VM VirtualBox. Part 2Checking Oracle VM VirtualBox. Part 2
Checking Oracle VM VirtualBox. Part 2Andrey Karpov
 
Checking the Qt 5 Framework
Checking the Qt 5 FrameworkChecking the Qt 5 Framework
Checking the Qt 5 FrameworkAndrey Karpov
 
A Post About Analyzing PHP
A Post About Analyzing PHPA Post About Analyzing PHP
A Post About Analyzing PHPAndrey Karpov
 
Archeology for Entertainment, or Checking Microsoft Word 1.1a with PVS-Studio
Archeology for Entertainment, or Checking Microsoft Word 1.1a with PVS-StudioArcheology for Entertainment, or Checking Microsoft Word 1.1a with PVS-Studio
Archeology for Entertainment, or Checking Microsoft Word 1.1a with PVS-StudioAndrey Karpov
 
CppCat, an Ambitious C++ Code Analyzer from Tula
CppCat, an Ambitious C++ Code Analyzer from TulaCppCat, an Ambitious C++ Code Analyzer from Tula
CppCat, an Ambitious C++ Code Analyzer from TulaAndrey Karpov
 
Checking the Source SDK Project
Checking the Source SDK ProjectChecking the Source SDK Project
Checking the Source SDK ProjectAndrey Karpov
 
PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniqueAndrey Karpov
 
Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Andrey Karpov
 
Three Interviews About Static Code Analyzers
Three Interviews About Static Code AnalyzersThree Interviews About Static Code Analyzers
Three Interviews About Static Code AnalyzersAndrey Karpov
 
PVS-Studio's New Message Suppression Mechanism
PVS-Studio's New Message Suppression MechanismPVS-Studio's New Message Suppression Mechanism
PVS-Studio's New Message Suppression MechanismAndrey Karpov
 
Trying to Sell PVS-Studio to Google, or New Bugs in Chromium
Trying to Sell PVS-Studio to Google, or New Bugs in ChromiumTrying to Sell PVS-Studio to Google, or New Bugs in Chromium
Trying to Sell PVS-Studio to Google, or New Bugs in ChromiumAndrey Karpov
 
Wade Not in Unknown Waters. Part Four.
Wade Not in Unknown Waters. Part Four.Wade Not in Unknown Waters. Part Four.
Wade Not in Unknown Waters. Part Four.Andrey Karpov
 
The Last Line Effect
The Last Line EffectThe Last Line Effect
The Last Line EffectAndrey Karpov
 
Handling False Positives in PVS-Studio and CppCat
Handling False Positives in PVS-Studio and CppCatHandling False Positives in PVS-Studio and CppCat
Handling False Positives in PVS-Studio and CppCatAndrey Karpov
 
The Unicorn's Travel to the Microcosm
The Unicorn's Travel to the MicrocosmThe Unicorn's Travel to the Microcosm
The Unicorn's Travel to the MicrocosmAndrey Karpov
 

Viewers also liked (16)

Static and Dynamic Code Analysis
Static and Dynamic Code AnalysisStatic and Dynamic Code Analysis
Static and Dynamic Code Analysis
 
Checking Oracle VM VirtualBox. Part 2
Checking Oracle VM VirtualBox. Part 2Checking Oracle VM VirtualBox. Part 2
Checking Oracle VM VirtualBox. Part 2
 
Checking the Qt 5 Framework
Checking the Qt 5 FrameworkChecking the Qt 5 Framework
Checking the Qt 5 Framework
 
A Post About Analyzing PHP
A Post About Analyzing PHPA Post About Analyzing PHP
A Post About Analyzing PHP
 
Archeology for Entertainment, or Checking Microsoft Word 1.1a with PVS-Studio
Archeology for Entertainment, or Checking Microsoft Word 1.1a with PVS-StudioArcheology for Entertainment, or Checking Microsoft Word 1.1a with PVS-Studio
Archeology for Entertainment, or Checking Microsoft Word 1.1a with PVS-Studio
 
CppCat, an Ambitious C++ Code Analyzer from Tula
CppCat, an Ambitious C++ Code Analyzer from TulaCppCat, an Ambitious C++ Code Analyzer from Tula
CppCat, an Ambitious C++ Code Analyzer from Tula
 
Checking the Source SDK Project
Checking the Source SDK ProjectChecking the Source SDK Project
Checking the Source SDK Project
 
PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis technique
 
Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...
 
Three Interviews About Static Code Analyzers
Three Interviews About Static Code AnalyzersThree Interviews About Static Code Analyzers
Three Interviews About Static Code Analyzers
 
PVS-Studio's New Message Suppression Mechanism
PVS-Studio's New Message Suppression MechanismPVS-Studio's New Message Suppression Mechanism
PVS-Studio's New Message Suppression Mechanism
 
Trying to Sell PVS-Studio to Google, or New Bugs in Chromium
Trying to Sell PVS-Studio to Google, or New Bugs in ChromiumTrying to Sell PVS-Studio to Google, or New Bugs in Chromium
Trying to Sell PVS-Studio to Google, or New Bugs in Chromium
 
Wade Not in Unknown Waters. Part Four.
Wade Not in Unknown Waters. Part Four.Wade Not in Unknown Waters. Part Four.
Wade Not in Unknown Waters. Part Four.
 
The Last Line Effect
The Last Line EffectThe Last Line Effect
The Last Line Effect
 
Handling False Positives in PVS-Studio and CppCat
Handling False Positives in PVS-Studio and CppCatHandling False Positives in PVS-Studio and CppCat
Handling False Positives in PVS-Studio and CppCat
 
The Unicorn's Travel to the Microcosm
The Unicorn's Travel to the MicrocosmThe Unicorn's Travel to the Microcosm
The Unicorn's Travel to the Microcosm
 

Similar to The CppCat Analyzer Checks TortoiseGit

Tesseract. Recognizing Errors in Recognition Software
Tesseract. Recognizing Errors in Recognition SoftwareTesseract. Recognizing Errors in Recognition Software
Tesseract. Recognizing Errors in Recognition SoftwareAndrey Karpov
 
PVS-Studio delved into the FreeBSD kernel
PVS-Studio delved into the FreeBSD kernelPVS-Studio delved into the FreeBSD kernel
PVS-Studio delved into the FreeBSD kernelPVS-Studio
 
Heading for a Record: Chromium, the 5th Check
Heading for a Record: Chromium, the 5th CheckHeading for a Record: Chromium, the 5th Check
Heading for a Record: Chromium, the 5th CheckPVS-Studio
 
Analysis of Microsoft Code Contracts
Analysis of Microsoft Code ContractsAnalysis of Microsoft Code Contracts
Analysis of Microsoft Code ContractsPVS-Studio
 
CppCat Static Analyzer Review
CppCat Static Analyzer ReviewCppCat Static Analyzer Review
CppCat Static Analyzer ReviewAndrey Karpov
 
PVS-Studio vs Chromium. 3-rd Check
PVS-Studio vs Chromium. 3-rd CheckPVS-Studio vs Chromium. 3-rd Check
PVS-Studio vs Chromium. 3-rd CheckAndrey Karpov
 
PVS-Studio for Linux Went on a Tour Around Disney
PVS-Studio for Linux Went on a Tour Around DisneyPVS-Studio for Linux Went on a Tour Around Disney
PVS-Studio for Linux Went on a Tour Around DisneyPVS-Studio
 
A Slipshod Check of the Visual C++ 2013 Library (update 3)
A Slipshod Check of the Visual C++ 2013 Library (update 3)A Slipshod Check of the Visual C++ 2013 Library (update 3)
A Slipshod Check of the Visual C++ 2013 Library (update 3)Andrey Karpov
 
Linux version of PVS-Studio couldn't help checking CodeLite
Linux version of PVS-Studio couldn't help checking CodeLiteLinux version of PVS-Studio couldn't help checking CodeLite
Linux version of PVS-Studio couldn't help checking CodeLitePVS-Studio
 
Checking 7-Zip with PVS-Studio analyzer
Checking 7-Zip with PVS-Studio analyzerChecking 7-Zip with PVS-Studio analyzer
Checking 7-Zip with PVS-Studio analyzerPVS-Studio
 
Analyzing Firebird 3.0
Analyzing Firebird 3.0Analyzing Firebird 3.0
Analyzing Firebird 3.0PVS-Studio
 
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ BuilderA Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ BuilderAndrey Karpov
 
100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projectsPVS-Studio
 
A fresh eye on Oracle VM VirtualBox
A fresh eye on Oracle VM VirtualBoxA fresh eye on Oracle VM VirtualBox
A fresh eye on Oracle VM VirtualBoxPVS-Studio
 
Checking the Open-Source Multi Theft Auto Game
Checking the Open-Source Multi Theft Auto GameChecking the Open-Source Multi Theft Auto Game
Checking the Open-Source Multi Theft Auto GameAndrey Karpov
 
Headache from using mathematical software
Headache from using mathematical softwareHeadache from using mathematical software
Headache from using mathematical softwarePVS-Studio
 
The Little Unicorn That Could
The Little Unicorn That CouldThe Little Unicorn That Could
The Little Unicorn That CouldPVS-Studio
 
Story of static code analyzer development
Story of static code analyzer developmentStory of static code analyzer development
Story of static code analyzer developmentAndrey Karpov
 
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...PVS-Studio
 
Analyzing the Dolphin-emu project
Analyzing the Dolphin-emu projectAnalyzing the Dolphin-emu project
Analyzing the Dolphin-emu projectPVS-Studio
 

Similar to The CppCat Analyzer Checks TortoiseGit (20)

Tesseract. Recognizing Errors in Recognition Software
Tesseract. Recognizing Errors in Recognition SoftwareTesseract. Recognizing Errors in Recognition Software
Tesseract. Recognizing Errors in Recognition Software
 
PVS-Studio delved into the FreeBSD kernel
PVS-Studio delved into the FreeBSD kernelPVS-Studio delved into the FreeBSD kernel
PVS-Studio delved into the FreeBSD kernel
 
Heading for a Record: Chromium, the 5th Check
Heading for a Record: Chromium, the 5th CheckHeading for a Record: Chromium, the 5th Check
Heading for a Record: Chromium, the 5th Check
 
Analysis of Microsoft Code Contracts
Analysis of Microsoft Code ContractsAnalysis of Microsoft Code Contracts
Analysis of Microsoft Code Contracts
 
CppCat Static Analyzer Review
CppCat Static Analyzer ReviewCppCat Static Analyzer Review
CppCat Static Analyzer Review
 
PVS-Studio vs Chromium. 3-rd Check
PVS-Studio vs Chromium. 3-rd CheckPVS-Studio vs Chromium. 3-rd Check
PVS-Studio vs Chromium. 3-rd Check
 
PVS-Studio for Linux Went on a Tour Around Disney
PVS-Studio for Linux Went on a Tour Around DisneyPVS-Studio for Linux Went on a Tour Around Disney
PVS-Studio for Linux Went on a Tour Around Disney
 
A Slipshod Check of the Visual C++ 2013 Library (update 3)
A Slipshod Check of the Visual C++ 2013 Library (update 3)A Slipshod Check of the Visual C++ 2013 Library (update 3)
A Slipshod Check of the Visual C++ 2013 Library (update 3)
 
Linux version of PVS-Studio couldn't help checking CodeLite
Linux version of PVS-Studio couldn't help checking CodeLiteLinux version of PVS-Studio couldn't help checking CodeLite
Linux version of PVS-Studio couldn't help checking CodeLite
 
Checking 7-Zip with PVS-Studio analyzer
Checking 7-Zip with PVS-Studio analyzerChecking 7-Zip with PVS-Studio analyzer
Checking 7-Zip with PVS-Studio analyzer
 
Analyzing Firebird 3.0
Analyzing Firebird 3.0Analyzing Firebird 3.0
Analyzing Firebird 3.0
 
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ BuilderA Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
 
100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects
 
A fresh eye on Oracle VM VirtualBox
A fresh eye on Oracle VM VirtualBoxA fresh eye on Oracle VM VirtualBox
A fresh eye on Oracle VM VirtualBox
 
Checking the Open-Source Multi Theft Auto Game
Checking the Open-Source Multi Theft Auto GameChecking the Open-Source Multi Theft Auto Game
Checking the Open-Source Multi Theft Auto Game
 
Headache from using mathematical software
Headache from using mathematical softwareHeadache from using mathematical software
Headache from using mathematical software
 
The Little Unicorn That Could
The Little Unicorn That CouldThe Little Unicorn That Could
The Little Unicorn That Could
 
Story of static code analyzer development
Story of static code analyzer developmentStory of static code analyzer development
Story of static code analyzer development
 
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
 
Analyzing the Dolphin-emu project
Analyzing the Dolphin-emu projectAnalyzing the Dolphin-emu project
Analyzing the Dolphin-emu project
 

More from Andrey Karpov

60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста60 антипаттернов для С++ программиста
60 антипаттернов для С++ программистаAndrey Karpov
 
60 terrible tips for a C++ developer
60 terrible tips for a C++ developer60 terrible tips for a C++ developer
60 terrible tips for a C++ developerAndrey Karpov
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Andrey Karpov
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesAndrey Karpov
 
PVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewPVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewAndrey Karpov
 
PVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокPVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокAndrey Karpov
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Andrey Karpov
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesAndrey Karpov
 
Does static analysis need machine learning?
Does static analysis need machine learning?Does static analysis need machine learning?
Does static analysis need machine learning?Andrey Karpov
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaAndrey Karpov
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)Andrey Karpov
 
Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Andrey Karpov
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareAndrey Karpov
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineAndrey Karpov
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsAndrey Karpov
 
The Great and Mighty C++
The Great and Mighty C++The Great and Mighty C++
The Great and Mighty C++Andrey Karpov
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?Andrey Karpov
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youAndrey Karpov
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsAndrey Karpov
 

More from Andrey Karpov (20)

60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста
 
60 terrible tips for a C++ developer
60 terrible tips for a C++ developer60 terrible tips for a C++ developer
60 terrible tips for a C++ developer
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error Examples
 
PVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewPVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature Overview
 
PVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокPVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибок
 
PVS-Studio в 2021
PVS-Studio в 2021PVS-Studio в 2021
PVS-Studio в 2021
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' Mistakes
 
Does static analysis need machine learning?
Does static analysis need machine learning?Does static analysis need machine learning?
Does static analysis need machine learning?
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and Java
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
 
Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal Engine
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
 
The Great and Mighty C++
The Great and Mighty C++The Great and Mighty C++
The Great and Mighty C++
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for you
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
 

Recently uploaded

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxalwaysnagaraju26
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Nitya salvi
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfayushiqss
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024Mind IT Systems
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456KiaraTiradoMicha
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 

Recently uploaded (20)

Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 

The CppCat Analyzer Checks TortoiseGit

  • 1. The CppCat Analyzer Checks TortoiseGit Author: Andrey Karpov Date: 18.05.2014 In most of our articles about project checks, we mention that bugs are found by the PVS-Studio static code analyzer. In certain cases – when dealing with projects of a complex structure – it is this particular analyzer that is needed. However, many developers will also appreciate its lightweight version, the CppCat analyzer. In this connection, we decided to use CppCat this time, when checking the TortoiseGit project. TortoiseGit Description from Wikipedia: TortoiseGit is a Git revision control client, implemented as a Microsoft Windows shell extension. It is free software released under the GNU General Public License. The TortoiseGit project is small – the total size of the source codes we have downloaded is 35 Mbytes. And if we don't count the "ext" folder, it leaves only 9 Mbytes. The project developers are obviously concerned with the product's quality. It is indirectly hinted at by the fact that they use the /W4 switch (the fourth warning level) when compiling the code with Visual C++. Besides, I also noticed the Cppcheck analyzer to be mentioned in the source code. So let's find out if CppCat has managed to find anything of interest in this project. CppCat There are two brothers: PVS-Studio, the elder one, and CppCat, the younger one. Both share a number of basic capabilities: • They can integrate into Visual Studio and check projects written in C, C++, C++/CX, and C++/CLI.
  • 2. • They can automatically check files after compilation. • They allow using various settings and marks in the code in order to eliminate false positives. This functionality is quite enough for most projects. If it suits your task, you obviously need CppCat. Taking into account that the annual license costs $250, you shouldn't delay the purchase: the analyzer will pay off pretty soon through catching typos and other defects. License renewal costs $200. But what does PVS-Studio possess that CppCat lacks? Quite a lot of things; but they are not always necessary. Here is a brief list of PVS-Studio's unique features: • Support of old Visual Studio versions: VS2005 and VS2008. • Integration into automatic build systems. • Standalone version. It allows you to track compiler calls from any build system and collect information necessary for project analysis. Besides, it also allows you to check preprocessed *.i files prepared in advance. • 64-bit error search (relevant for 64-bit programs that make use of large memory buffers); • Recommendations on potential microoptimizations in the code; • Custom-made diagnostics. If you have purchased PVS-Studio, we can implement specific diagnostics by your request. • A bit more general diagnostics than provided by CppCat. They produce too many false positives and refer to the third severity level and are turned off by default. • MSBuild support. • Handling the tool from the command line. • Saving the analysis report into a file, and other useful features. Pretty much, as you can see, but not all of these features are necessary all the time. Now let's pass on from advertising to action; let's see what the CppCat analyzer has managed to find in TortoiseGit. Analysis results A note for TortoiseGit's developers. The project can't be checked right away as there is some trouble with inclusion of stdafx.h files. Below is a brief explanation. In certain places wrong stdafx.h files are included. You don't face any problems during compilation because the compiler takes data from the precompiled *.pch files. But these errors reveal themselves when trying to create preprocessed *.i files. TortoiseGit's developers may contact us, and we will explain how to fix this issue in the project. Troubles with m_Rev2 class CGitStatusListCtrl : public CListCtrl { .... CString m_Rev1; CString m_Rev2; .... };
  • 3. void CGitStatusListCtrl::OnContextMenuList(....) { .... if( (!this->m_Rev1.IsEmpty()) || (!this->m_Rev1.IsEmpty()) ) .... } CppCat's diagnostic message: V501 There are identical sub-expressions '(!this->m_Rev1.IsEmpty())' to the left and to the right of the '||' operator. gitstatuslistctrl.cpp 1560 There are two members in the class: m_Rev1 and m_Rev2. It is these members that should have been most likely used in the expression. Then the code should look as follows: if( (!this->m_Rev1.IsEmpty()) || (!this->m_Rev2.IsEmpty()) ) Another similar fragment: void CGitStatusListCtrl::OnNMDblclk(....) { .... if( (!m_Rev1.IsEmpty()) || (!m_Rev1.IsEmpty())) // m_Rev1 twice??? .... } CppCat's diagnostic message: V501 There are identical sub-expressions '(!m_Rev1.IsEmpty())' to the left and to the right of the '||' operator. gitstatuslistctrl.cpp 2642 There is a comment in this code hinting that the programmers suspect something is wrong :). Another similar typo can be found in gitstatuslistctrl.cpp 3274. Something wrong with conditions svn_error_t * svn_mergeinfo__adjust_mergeinfo_rangelists(....) { .... if (range->start + offset > 0 && range->end + offset > 0) { if (range->start + offset < 0) range->start = 0; else
  • 4. range->start = range->start + offset; if (range->end + offset < 0) range->end = 0; else range->end = range->end + offset; .... } CppCat's diagnostic message: V637 Two opposite conditions were encountered. The second condition is always false. Check lines: 2464, 2466. TortoiseGitMerge mergeinfo.c 2464 Something is wrong with conditions. To make it clearer, let's simplify the code a bit: • Replace "range->start + offset" with A; • Replace "range->end + offset" with B. We get the following pseudocode: if (A > 0 && B > 0) { if (A < 0) range->start = 0; else range->start = A; if (B < 0) range->end = 0; else range->end = B; .... } It is now clearly seen that the checks (A < 0) and (B < 0) are meaningless: they will never be true. There must be some logical errors in the code. Undereferenced pointer void svn_path_splitext(const char **path_root, const char **path_ext, const char *path, apr_pool_t *pool) {
  • 5. const char *last_dot; .... last_dot = strrchr(path, '.'); if (last_dot && (last_dot + 1 != '0')) .... } CppCat's diagnostic message: V528 It is odd that pointer to 'char' type is compared with the '0' value. Probably meant: *last_dot + 1 != '0'. path.c 1258 Let's examine the (last_dot + 1 != '0') expression in detail. Inside it, one is added to the pointer, the result then being compared to zero. This expression doesn't make sense, and I suspect the code should look like this: if (last_dot && (*(last_dot + 1) != '0')) Well, it would probably be better this way: if (last_dot && last_dot[1] != '0') CppCat has found another similar error: static const char * fuzzy_escape(const char *src, apr_size_t len, apr_pool_t *pool) { const char *src_orig = src; .... while (src_orig < src_end) { if (! svn_ctype_isascii(*src_orig) || src_orig == '0') .... } CppCat's diagnostic message: V528 It is odd that pointer to 'char' type is compared with the '0' value. Probably meant: *src_orig == '0'. utf.c 501 The following should be written instead: if (! svn_ctype_isascii(*src_orig) || *src_orig == '0') Octal number There is some piece of code which roams from project to project, and I often stumble across it. This code contains a bug that makes almost every program behave incorrectly with the IBM EBCDIC US-Canada charset. I don't think it is a crucial defect because this charset doesn't seem to be widely used nowadays. But I still should mention this bug. Here is this piece of code: static CodeMap map[]=
  • 6. { {037, _T("IBM037")}, // IBM EBCDIC US-Canada {437, _T("IBM437")}, // OEM United States {500, _T("IBM500")}, // IBM EBCDIC International .... }; CppCat's diagnostic message: V536 Be advised that the utilized constant value is represented by an octal form. Oct: 037, Dec: 31. unicodeutils.cpp 42 To make the text look nicer, the programmer wrote number 37 with 0 on the left. Doing so is incorrect because it results in a decimal number 37 becoming an octal number 037. The octal number 037 is equivalent to decimal 31. Conditions which are always true or false void CCloneDlg::OnBnClickedCheckSvn() { .... CString str; m_URLCombo.GetWindowText(str); while(str.GetLength()>=1 && str[str.GetLength()-1] == _T('') && str[str.GetLength()-1] == _T('/')) { str=str.Left(str.GetLength()-1); } .... } CppCat's diagnostic messages: V547 Expression is always false. Probably the '||' operator should be used here. clonedlg.cpp 413 The code fragment above must delete all the and / characters at the end of a string. But it won't happen actually because of the following error: str[str.GetLength()-1] == _T('') && str[str.GetLength()-1] == _T('/') A string character cannot be and / at the same time. The code must have looked like this: while(str.GetLength()>=1 && (str[str.GetLength()-1] == _T('') ||
  • 7. str[str.GetLength()-1] == _T('/'))) { str=str.Left(str.GetLength()-1); } There is another similar error related to a status check: enum git_ack_status { GIT_ACK_NONE, GIT_ACK_CONTINUE, GIT_ACK_COMMON, GIT_ACK_READY }; static int wait_while_ack(gitno_buffer *buf) { .... if (pkt->type == GIT_PKT_ACK && (pkt->status != GIT_ACK_CONTINUE || pkt->status != GIT_ACK_COMMON)) { .... } CppCat's diagnostic message: V547 Expression is always true. Probably the '&&' operator should be used here. smart_protocol.c 264 The condition here is, on the contrary, always true; the status is always not equal to GIT_ACK_CONTINUE or GIT_ACK_COMMON. Missing virtual destructor The program has the Command class that contains virtual functions: class Command { virtual bool Execute() = 0; .... }; The programmer forgot to declare the destructor virtual. A number of classes are inherited from this class: class SVNIgnoreCommand : public Command .... class AddCommand : public Command ....
  • 8. class AutoTextTestCommand : public Command .... Since we are working with a pointer to a base class, it causes problems when destroying objects. BOOL CTortoiseProcApp::InitInstance() { .... Command * cmd = server.GetCommand(....); .... delete cmd; .... } CppCat's diagnostic message: V599 The virtual destructor is not present, although the 'Command' class contains virtual functions. TortoiseGitProc tortoiseproc.cpp 497 Note. Now let me digress a bit. Applicants at an interview would often make jokes and laugh when answering the trite question, "What is the purpose of virtual destructors?", meaning that it is too old and trivial to ask it again and again. They shouldn't laugh though. The question is really good, and I always ask it. It allows me to identify suspicious people quicker. If an applicant gives a correct answer about virtual destructors, it doesn't mean too much, of course. It is just that he must have either read about it in a book or investigated the standard questions usually asked at an interview and prepared for it by learning the answers. Once again, a correct answer doesn't guarantee that the guy is a good programmer. A more important thing is when he cannot answer. How on earth can one read books on C++ and articles about job interviews on the Internet and miss this topic? Strange, isn't it? Potential null pointer dereferencing This time I haven't attentively examined the warnings about potential null pointer dereferencing errors. There were a few V595 diagnostics, but honestly I didn't feel like investigating them. Here you are only one example: void free_decoration(struct decoration *n) { unsigned int i; struct object_decoration *hash = n->hash; if (n == NULL || n->hash == NULL) return; .... } CppCat's diagnostic message: V595 The 'n' pointer was utilized before it was verified against nullptr. Check lines: 41, 43. decorate.c 41 The 'n' pointer is dereferenced in the 'n->hash' expression and is later checked for being null. It means that this pointer can potentially be null, so troubles may occur.
  • 9. Incorrect string formatting int CGit::GetCommitDiffList(....) { .... cmd.Format( _T("git.exe diff -r -R --raw -C -M --numstat -z %s --"), ignore, rev1); .... } CppCat's diagnostic message: V576 Incorrect format. A different number of actual arguments is expected while calling 'Format' function. Expected: 2. Present: 3. git.cpp 1231 One actual argument is redundant. Potentially dangerous array index TortoiseGit contains the following code fragment: static svn_error_t * token_compare(....) { .... int idx = datasource_to_index(file_token[i]->datasource); file[i] = &file_baton->files[idx]; .... } What is dangerous about it is that the 'idx' variable may theoretically be negative. The analyzer has noticed that the datasource_to_index function may return -1 in case of an error: static int datasource_to_index(svn_diff_datasource_e datasource) { switch (datasource) { .... } return -1; } CppCat's diagnostic message: V557 Array underrun is possible. The value of 'idx' index could reach -1. diff_file.c 1052
  • 10. Thus, although this code works well, it is potentially dangerous as an array overrun may occur. Resource leak CMyMemDC(CDC* pDC, ....) { .... CreateCompatibleDC(pDC); .... } CppCat's diagnostic message: V530 The return value of function 'CreateCompatibleDC' is required to be utilized. mymemdc.h 36 A device context (DC) is created but it is not used in any way and nor is it destroyed. A similar error can be found in mymemdc.h 70 Comparing different enum-types Some mess occurs when comparing enum-types: static enum { ABORT, VERBATIM, WARN, WARN_STRIP, STRIP } signed_tag_mode = ABORT; static enum { ERROR, DROP, REWRITE } tag_of_filtered_mode = ERROR; static void handle_tag(const char *name, struct tag *tag) { .... switch(tag_of_filtered_mode) { case ABORT: .... } CppCat's diagnostic message: V556 The values of different enum types are compared: switch(ENUM_TYPE_A) { case ENUM_TYPE_B: ... }. fast-export.c 449 The variables tag_of_filtered_mode and ABORT are of different types. Typo static int blame_internal(git_blame *blame) {
  • 11. .... blame->ent = ent; blame->path = blame->path; .... } CppCat's diagnostic message: V570 The 'blame->path' variable is assigned to itself. blame.c 319 Other errors There were some other errors and defects as well, but I didn't find them interesting enough to be mentioned in the article. TortoiseGit's developers will easily find all the defects themselves with the help of the CppCat tool. The demo version is active through 7 days, which is enough to thoroughly investigate a small project and fix all the issues found. Well, after all, the price of $250 is well affordable even for an indie developer. I want to remind you that static analysis brings highest profit when being used regularly. To download the tool and check your code just once is dabbling, not the proper use of the static code analysis methodology. Why, programmers examine compiler warnings regularly, not just once in 3 years before some release, don't they? Conclusion The article appears to have a certain advertising flavor about it. Sorry for that. Firstly, it's not just every time that we manage to write interesting articles about project checks. Secondly, we want the CppCat analyzer to be known by as many programmers as possible. This is a wonderful, inexpensive tool that can suit a large audience of developers working in Visual C++. When used regularly, it will help you save huge amounts of time you would otherwise waste searching for typos and other mistakes. Download CppCat here: http://www.cppcat.com/ If you feel you are missing some functionality, try PVS-Studio instead: Download PVS-Studio here: http://www.viva64.com/en/pvs-studio-download/ But don't rush for it if you don't have the experience of working with static analysis. This methodology will be much easier to master with CppCat than PVS-Studio. Besides, CppCat will be enough for most tasks. On the contrary, PVS-Studio may confuse you with lots of settings options, 64-bit diagnostics, the Standalone version module, and so on.