Your SlideShare is downloading. ×
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
PVS-Studio 5.00, a solution for developers of modern resource-intensive applications
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

PVS-Studio 5.00, a solution for developers of modern resource-intensive applications

356

Published on

PVS-Studio is a static analyzer that detects errors in source code of C, C++, C++11, C++/CX applications.

PVS-Studio is a static analyzer that detects errors in source code of C, C++, C++11, C++/CX applications.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
356
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. PVS-Studio,a solution for developers of modernresource-intensive applicationsOOO “Program Verification Systems” (Co Ltd) www.viva64.com
  • 2. PVS-Studio Overview PVS-Studio is a static analyzer that detects errors in source code of C, C++, C++11, C++/CX applications. There are 3 sets of rules included into PVS-Studio: 1. General-purpose diagnosis 2. Diagnosis of 64-bit errors (Viva64) 3. Diagnosis of parallel errors (VivaMP)
  • 3. Examples of errors we detect
  • 4. Priority of & and ! operations Return to Castle Wolfenstein – computer game, first person shooter, developed by id Software company. Game engine is available under GPL license. #define SVF_CASTAI 0x00000010 if ( !ent->r.svFlags & SVF_CASTAI ) if ( ! (ent->r.svFlags & SVF_CASTAI) )
  • 5. Usage of && instead of & Stickies – yellow sticky notes, just only on your monitor.#define REO_INPLACEACTIVE (0x02000000L)#define REO_OPEN (0x04000000L)if (reObj.dwFlags && REO_INPLACEACTIVE) m_pRichEditOle->InPlaceDeactivate();if(reObj.dwFlags && REO_OPEN) hr = reObj.poleobj->Close(OLECLOSE_NOSAVE);
  • 6. Undefined behavior Miranda IM (Miranda Instant Messenger) – instant messaging software for Microsoft Windows.while (*(n = ++s + strspn(s, EZXML_WS)) && *n != >) {
  • 7. Usage of `delete` for an array Chromium – open source web browser developed by Google. The development of Google Chrome browser is based upon Chromium. auto_ptr<VARIANT> child_array(new VARIANT[child_count]);You should not use auto_ptr with arrays. Only one element is destroyed insideauto_ptr destructor:~auto_ptr() { delete _Myptr;}For example you can use boost::scoped_array as an alternative.
  • 8. Condition is always true WinDjView is fast and small app for viewing files of DjVu format.inline bool IsValidChar(int c){ return c == 0x9 || 0xA || c == 0xD || c >= 0x20 && c <= 0xD7FF || c >= 0xE000 && c <= 0xFFFD || c >= 0x10000 && c <= 0x10FFFF;}
  • 9. Code formatting differs from it’s own logic Squirrel – interpreted programming language, which is developed to be used as a scripting language in real time applications such as computer games. if(pushval != 0) if(pushval) v->GetUp(-1) = t; else v->Pop(1);v->Pop(1); - will never be reached
  • 10. Incidental local variable declaration FCE Ultra – open source Nintendo Entertainment System console emulator int iNesSaveAs(char* name) { ... fp = fopen(name,"wb"); int x = 0; if (!fp) int x = 1; ... }
  • 11. Using char as unsigned char // check each line for illegal utf8 sequences. // If one is found, we treat the file as ASCII, // otherwise we assume an UTF8 file. char * utf8CheckBuf = lineptr; while ((bUTF8)&&(*utf8CheckBuf)) { if ((*utf8CheckBuf == 0xC0)|| (*utf8CheckBuf == 0xC1)|| (*utf8CheckBuf >= 0xF5)) { bUTF8 = false; break; }TortoiseSVN — client of Subversion revision control system,implemented as Windows shell extension.
  • 12. Incidental use of octal valuesoCell._luminance = uint16(0.2220f*iPixel._red + 0.7067f*iPixel._blue + 0.0713f*iPixel._green);....oCell._luminance = 2220*iPixel._red + 7067*iPixel._blue + 0713*iPixel._green; eLynx Image Processing SDK and Lab
  • 13. One variable is used for two loops Lugaru — first commercial game developed by Wolfire Games independent team. static int i,j,k,l,m; ... for(j=0; j<numrepeats; j++){ ... for(i=0; i<num_joints; i++){ ... for(j=0;j<num_joints;j++){ if(joints[j].locked)freely=0; } ... } ... }
  • 14. Array overrun LAME – free app for MP3 audio encoding.#define SBMAX_l 22int l[1+SBMAX_l];for (r0 = 0; r0 < 16; r0++) { ... for (r1 = 0; r1 < 8; r1++) { int a2 = gfc->scalefac_band.l[r0 + r1 + 2];
  • 15. Priority of * and ++ operations eMule is a client for ED2K file sharing network. STDMETHODIMP CCustomAutoComplete::Next(..., ULONG *pceltFetched) { ... if (pceltFetched != NULL) *pceltFetched++; ... } (*pceltFetched)++;
  • 16. Comparison mistake WinMerge — free open source software intended for the comparison and synchronization of files and directories.BUFFERTYPE m_nBufferType[2];...// Handle unnamed buffersif ((m_nBufferType[nBuffer] == BUFFER_UNNAMED) || (m_nBufferType[nBuffer] == BUFFER_UNNAMED)) nSaveErrorCode = SAVE_NO_FILENAME;By reviewing the code close by, this should contain:(m_nBufferType[0] == BUFFER_UNNAMED) ||(m_nBufferType[1] == BUFFER_UNNAMED)
  • 17. Forgotten array indexvoid lNormalizeVector_32f_P3IM(..., Ipp32s* mask, ...) { Ipp32s i; Ipp32f norm; for(i=0; i<len; i++) { if(mask<0) continue; ... }}if(mask[i]<0) continue; IPP Samples are samples demonstrating how to work with Intel Performance Primitives Library 7.0.
  • 18. Identical source code branches Notepad++ - free text editor for Windows supporting syntax highlight for a variety of programming languages.if (!_isVertical) if (!_isVertical) Flags |= DT_BOTTOM; Flags |= DT_VCENTER;else else Flags |= DT_BOTTOM; Flags |= DT_BOTTOM;
  • 19. Calling incorrect function with similar nameWhat a beautiful comment. But it is sad that here we’re doing not what wasintended./** Deletes all previous field specifiers. * This should be used when dealing * with clients that send multiple NEP_PACKET_SPEC * messages, so only the last PacketSpec is taken * into account. */int NEPContext::resetClientFieldSpecs(){ this->fspecs.empty(); return OP_SUCCESS;} /* End of resetClientFieldSpecs() */ Nmap Security Scanner – free utility intended for diverse customizable scanning of IP-networks with any number of objects and for identification of the statuses of the objects belonging to the network which is being scanned.
  • 20. Dangerous ?: operator Newton Game Dynamics – a well known physics engine which allows for reliable and fast simulation of environmental object’s physical behavior.den = dgFloat32 (1.0e-24f) * (den > dgFloat32(0.0f)) ? dgFloat32(1.0f) : dgFloat32(-1.0f);The priority of ?: is lower than that of multiplication operator *.
  • 21. And so on, and so on…if((t=(char *)realloc( next->name, strlen(name+1)))) FCE Ultraif((t=(char *)realloc( next->name, strlen(name)+1)))minX=max(0,minX+mcLeftStart-2);minY=max(0,minY+mcTopStart-2);maxX=min((int)width,maxX+mcRightEnd-1);maxY=min((int)height,maxX+mcBottomEnd-1);minX=max(0,minX+mcLeftStart-2);minY=max(0,minY+mcTopStart-2);maxX=min((int)width,maxX+mcRightEnd-1);maxY=min((int)height,maxY+mcBottomEnd-1);
  • 22. Low level memory management operationsID_INLINE mat3_t::mat3_t( float src[3][3] ) Return to Castle{ Wolfenstein memcpy( mat, src, sizeof( src ) );}ID_INLINE mat3_t::mat3_t( float (&src)[3][3] ){ memcpy( mat, src, sizeof( src ) );}itemInfo_t *itemInfo;memset( itemInfo, 0, sizeof( &itemInfo ) );memset( itemInfo, 0, sizeof( *itemInfo ) );
  • 23. Low level memory management operations CxImage – open image processing library.memset(tcmpt->stepsizes, 0, sizeof(tcmpt->numstepsizes * sizeof(uint_fast16_t)));memset(tcmpt->stepsizes, 0, tcmpt->numstepsizes * sizeof(uint_fast16_t));
  • 24. Low level memory management operations A beautiful example of 64-bit error:dgInt32 faceOffsetHitogram[256];dgSubMesh* mainSegmenst[256];memset (faceOffsetHitogram, 0, sizeof (faceOffsetHitogram));memset (mainSegmenst, 0, sizeof (faceOffsetHitogram));This code was duplicated but was not entirely corrected. As a result thesize of pointer will not be equal to the size of dgInt32 type on Win64 andwe will flush only a fraction of mainSegmenst array.
  • 25. Low level memory management operations#define CONT_MAP_MAX 50int _iContMap[CONT_MAP_MAX];...memset(_iContMap, -1, CONT_MAP_MAX);memset(_iContMap, -1, CONT_MAP_MAX * sizeof(int));
  • 26. Low level memory management operations OGRE — open source Object-Oriented Graphics Rendering Engine written in C++. Real w, x, y, z; ... inline Quaternion(Real* valptr) { memcpy(&w, valptr, sizeof(Real)*4); } Yes, at present this is not a mistake. But it is a landmine!
  • 27. And a whole lot of other errors in well known projects• WinMerge• Chromium, Return to Castle Wolfenstein, etc• Miranda IM• Intel IPP Samples• Fennec Media Project• Ultimate Toolbox• Loki• eMule Plus, Pixie, VirtualDub, WinMerge, XUIFramework• Chromium• Qt• Apache HTTP Server• TortoiseSVN Here are the links to the articles containing descriptions of the errors: http://www.viva64.com/en/pvs-studio/
  • 28. Types of detectable errors• copy-paste errors;• Incorrect formatting strings (printf);• buffer overflow;• Incorrect utilization of STL, WinAPI;• ...• errors concerning the migration of 32-bit applications to 64-bit systems (Viva64);• errors concerning the incorrect usage of OpenMP;
  • 29. Integration• Visual Studio 2012: C, C++, C++11, C++/CX (WinRT).• Visual Studio 2010: C, C++, C++0x.• Visual Studio 2008: C, C++.• Visual Studio 2005: C, C++.• Embarcadero RAD Studio XE3: C, C++, C++11.• Embarcadero RAD Studio XE2: C, C++.• MinGW: C, C++.
  • 30. PVS-Studio Features• Incremental Analysis – verification of newly compiled files;• Verification of files which were recently modified several days ago;• Verification of files by their filenames from within the text file list;• continuous integration systems support;• version control systems integration;• ability to operate fro m command line interface;• «False Alarms» marking;• saving and loading of analysis results;• utilizing all available cores and processors;• interactive filters;• Russian and English online documentation;• Pdf documentation;
  • 31. Integration with Visual Studio 2005/2008/2010/2012
  • 32. Integration withEmbarcadero RAD Studio XE2/XE3
  • 33. Incremental Analysis – verification of newly compiled files• you just work with Visual Studio as usual;• compile by F7;• the verification of newly compiled files will start in background automatically;• At the end of verification the notification will appear, allowing you to inspect detected errors;
  • 34. VCS and CI support (revision control, continuous integration)• launching from command line: "C:Program Files (x86)PVS-Studiox64PVS-Studio.exe" --sln-file "C:UsersevgDocuments OmniSampleOmniSample (vs2008).sln" --plog-file "C:UsersevgDocumentsresult.plog" --vcinstalldir "C:Program Files (x86)Microsoft Visual Studio 9.0VC" --platform "x64" --configuration "Release”• sending the results by mail: cmd.exe /c type result-log.plog.only_new_messages.txt• commands for launching from CruiseControl.Net, Hudson, Microsoft TFS are readily available
  • 35. Interactive filters• filtering messages without restarting the analysis• Filtering by errors’ code, by filenames (including masks), by messages’ text, by warning levels;• displaying/hiding false alarms.
  • 36. Integrated help reference(description of the errors)
  • 37. PVS-Studio Advantages• Easy-to-download! You may download the PVS-Studio distribution package without registering and filling in any forms.• Easy-to-try! The PVS-Studio program is implemented as a plug-in for Visual Studio and Embarcadero RAD Studio.• Easy-to-buy! Unlike other code analyzers, we have simple pricing and licensing policy.• Easy-to-support! It is the analyzers developers who directly communicate with users, which enables you to quickly get answers to even complicated questions related to programming.
  • 38. Pricing policy• a license for a team of no more than five developers is €5250;• prolongation for one year – 80% of base price;• the site license for teams with 20+ developers;
  • 39. Information about companyOOO “Program Verification Systems” (Co Ltd) 300027, Russia, Tula, Metallurgov 70-1-88.www.viva64.comsupport@viva64.comWorking time: 09:00 – 18:00 (GMT +3:00)

×