Your SlideShare is downloading. ×
  • Like
Comparing capabilities of PVS-Studio and Visual Studio 2010 in detecting defects in 64-bit programs
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Comparing capabilities of PVS-Studio and Visual Studio 2010 in detecting defects in 64-bit programs

  • 317 views
Published

In the article, we will compare three mechanisms of code analysis from the viewpoint of detecting 64-bit errors: the Visual C++ 2010 compiler, the Code Analysis for C/C++ component included into …

In the article, we will compare three mechanisms of code analysis from the viewpoint of detecting 64-bit errors: the Visual C++ 2010 compiler, the Code Analysis for C/C++ component included into Visual Studio 2010 and Viva64 analyzer included into PVS-Studio 3.60. I will show both the capabilities of detecting defects in 64-bit projects and preliminary diagnosis of 64-bit errors in the 32-bit code of projects.

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
317
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
2
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Comparing capabilities of PVS-Studioand Visual Studio 2010 in detectingdefects in 64-bit programsAuthor: Andrey KarpovDate: 06.07.2010AbstractIn the article, we will compare three mechanisms of code analysis from the viewpoint of detecting 64-biterrors: the Visual C++ 2010 compiler, the Code Analysis for C/C++ component included into Visual Studio2010 and Viva64 analyzer included into PVS-Studio 3.60. I will show both the capabilities of detectingdefects in 64-bit projects and preliminary diagnosis of 64-bit errors in the 32-bit code of projects.IntroductionOur company OOO "Program Verification Systems" develops a specialized static code analyzer Viva64intended to detect 64-bit errors in Windows-applications. The Viva64 analyzer is included into the PVS-Studio package integrating into the Visual Studio 2005/2008/2010 environment.Our potential users who think about purchasing PVS-Studio often ask us what advantages our tool hasover diagnostic capabilities of the Visual C++ compiler and Code Analysis for C/C++ component availablein extended editions of Visual Studio (for instance, in Visual Studio 2010 Premium/Ultimate).Our users are also interested in the capability of preliminary detection of 64-bit errors at the stage whenthere is no 64-bit project yet.In this article, we will compare various tools by 31 patterns of 64-bit errors and show how efficient theyare when checking 32-bit and 64-bit projects. In the third section, there are links for you to learn abouteach error pattern in detail and comments on the comparison tables. The test project that we used as abasis for comparison and that contains all the error patterns can be downloaded here:http://www.viva64.com/external-pictures/ErrorExamples-vs2010-project.7z.1. Comparison of tools when analyzing 64-bit projectsComparison of tools and percentage of defects found when analyzing 64-bit projects are presented inTable 1. Note that the column referring to Code Analysis for C/C++ is empty. The reason is that CodeAnalysis for C/C++ does not work with 64-bit projects.Also note that we enabled all the warnings of the Visual C++ compiler with the /Wall switch, i.e. all itsdiagnostic capabilities are in use. The /Wp64 switch is disabled since it is ignored (has no sense) whencompiling 64-bit projects.The coloring of the table cells (the legend): • Grey - cannot be diagnosed.
  • 2. • Blue background - can be diagnosed partly (see explanations in the third section).• Green background - can be diagnosed.
  • 3. Table 1 - Comparison of capabilities of the Visual C++ 2010 compiler, Code Analysis for C/C++ (VisualStudio 2010 Premium) and Viva64 (PVS-Studio 3.60) in detecting 64-bit errors in a 64-bit projectConclusionThe diagnostic capabilities of the Viva64 static analyzer exceed those of Visual C++ 2010 several timeswhen searching for 64-bit errors in 64-bit projects. The Code Analysis for C/C++ is useless in searchingfor this type of errors since it cannot work with the code of 64-bit projects at the moment.2. Comparison of tools when analyzing 32-bit projectsPeople are often interested in the possibility of detecting 64-bit errors already at the stage of workingwith the 32-bit project already. This interest results from the following two tasks: 1. To estimate the cost of porting a 32-bit application to a 64-bit system. 2. To eliminate as many 64-bit errors as possible before porting the application.Comparison of the tools and percentage of defects found when analyzing 32-bit projects are presentedin Table 2.The /Wall and /Wp64 switches are enabled for the Visual C++ compiler to use its diagnostic capabilitiesto the full extent. For the Code Analysis for C/C++ unit, we have also enabled all the possible warnings.The coloring of the table cells (the legend): • Grey - cannot be diagnosed. • Blue background - can be diagnosed partly (see explanations in the third section). • Green background - can be diagnosed.
  • 4. Table 2 - Comparison of capabilities of the Visual C++ 2010 compiler, Code Analysis for C/C++ (VisualStudio 2010 Premium) and Viva64 (PVS-Studio 3.60) in detecting 64-bit errors in a 32-bit projectConclusionThe diagnostic capabilities of the Viva64 analyzer exceed those of Visual C++ 2010 several times whensearching for 64-bit errors in 32-bit projects.The diagnostic capabilities of Visual C++ 2010 turn out to be less efficient when analyzing 32-bit projectsthan in case of 64-bit projects. This is explained by the fact that the compiler uses a different data model(ILP32) when compiling 32-bit projects.The Code Analysis for C/C++ component is a general-purpose static analyzer and does not help indetecting the type of 64-bit errors we consider here.The Viva64 analyzer performed equally full analysis both for 32-bit and 64-bit projects. In practice, theViva64 analyzer still might miss up to 5% of errors and show fewer warnings. To learn more about it,please see - Lesson 28. Estimating the cost of 64-bit migration of C/C++ applications.3. Description of comparison parametersA detailed description of each error pattern will take too much space in the article. So let me just giveyou links to various sources where you may thoroughly study each of the patterns and see variousexamples. I will also give some comments explaining why some types of errors can be diagnosed onlypartly.3.1. Implicit conversion of a 32-bit type to a memsize-typeDescription: • PVS-Studio documentation. V101. Implicit assignment type conversion to memsize type. • Lessons on development of 64-bit C/C++ applications. Lesson 11. Pattern 3. Shift operations. • Lessons on development of 64-bit C/C++ applications. Lesson 17. Pattern 9. Mixed arithmetic.3.2. Dangerous address arithmeticDescription: • PVS-Studio documentation. V102. Usage of non memsize type for pointer arithmetic. • Lessons on development of 64-bit C/C++ applications. Lesson 13. Pattern 5. Address arithmetic.3.3. Implicit conversion of a memsize-type to a 32-bit typeDescription: • PVS-Studio documentation. V103. Implicit type conversion from memsize type to 32-bit type. • Lessons on development of 64-bit C/C++ applications. Lesson 17. Pattern 9. Mixed arithmetic. • Andrey Karpov. OOO "Program Verification Systems" company blog. Problems of 64-bit code in real programs: FreeBSD.3.4. Implicit conversion of a 32-bit type to a memsize-type in a comparisonoperationDescription:
  • 5. • PVS-Studio documentation. V104. Implicit type conversion to memsize type in an arithmetic expression. • Lessons on development of 64-bit C/C++ applications. Lesson 17. Pattern 9. Mixed arithmetic. • Andrey Karpov. OOO "Program Verification Systems" company blog. Why A + B != A - (-B).3.5. Implicit conversion of a 32-bit type to a memsize-type in a ternaryoperationDescription: • PVS-Studio documentation. V105. N operand of ?: operation: implicit type conversion to memsize type. • Lessons on development of 64-bit C/C++ applications. Lesson 17. Pattern 9. Mixed arithmetic.3.6. Implicit conversion of a 32-bit type to a memsize-type when calling afunctionDescription: • PVS-Studio documentation. V106. Implicit type conversion N argument of function foo to memsize type. • Lessons on development of 64-bit C/C++ applications. Lesson 17. Pattern 9. Mixed arithmetic.3.7. Implicit conversion of a memsize-type to a 32-bit type when calling afunctionDescription: • PVS-Studio documentation. V107. Implicit type conversion N argument of function foo to 32-bit type. • Lessons on development of 64-bit C/C++ applications. Lesson 17. Pattern 9. Mixed arithmetic.3.8. A non-memsize type is used as an indexDescription: • PVS-Studio documentation. V108. Incorrect index type: foo[not a memsize-type]. Use memsize type instead. • Lessons on development of 64-bit C/C++ applications. Lesson 13. Pattern 5. Address arithmetic.3.9. Implicit conversion of a 32-bit type to a memsize-type inside the returnoperatorDescription: • PVS-Studio documentation. V109. Implicit type conversion of return value to memsize type. • Lessons on development of 64-bit C/C++ applications. Lesson 17. Pattern 9. Mixed arithmetic.3.10. Implicit conversion of a memsize-type to a 32-bit type inside the returnoperatorDescription: • PVS-Studio documentation. V110. Implicit type conversion of return value from memsize type to 32-bit type.
  • 6. • Lessons on development of 64-bit C/C++ applications. Lesson 17. Pattern 9. Mixed arithmetic.3.11. Functions with a variable number of arguments, a value of a memsize-type is passed as the parameterDescription: • PVS-Studio documentation. V111. Call function foo with variable number of arguments. N argument has memsize type. • Lessons on development of 64-bit C/C++ applications. Lesson 10. Pattern 2. Functions with variable number of arguments.3.12. Dangerous magic numberDescription: • PVS-Studio documentation. V112. Dangerous magic number N used. • Lessons on development of 64-bit C/C++ applications. Lesson 9. Pattern 1. Magic numbers.3.13. Attempt to store a value of a memsize-type in a variable of the doubletypeDescription: • PVS-Studio documentation. V113. Implicit type conversion from memsize to double type or vice versa. • PVS-Studio documentation. V203. Explicit type conversion from memsize to double type or vice versa. • Lessons on development of 64-bit C/C++ applications. Lesson 18. Pattern 10. Storage of integer values in double.Note to the tableWhen building a 32-bit project, the Visual C++ compiler warns only about the conversion of the doubletype to size_t and does not warn about the opposite conversion.3.14. Incorrect change of the pointers typeDescription: • PVS-Studio documentation. V114. Dangerous explicit type pointer conversion. • Lessons on development of 64-bit C/C++ applications. Lesson 14. Pattern 6. Changing an arrays type. • Andrey Karpov. OOO "Program Verification Systems" company blog. 64-bit code issues in real programs: pointer type change.3.15. Using memsize types when handling exceptionsDescription: • PVS-Studio documentation. V115. Memsize type is used for throw. • PVS-Studio documentation. V116. Memsize type is used for catch. • Lessons on development of 64-bit C/C++ applications. Lesson 20. Pattern 12. Exceptions.
  • 7. 3.16. Memsize-types in unionsDescription: • PVS-Studio documentation. V117. Memsize type is used in the union. • Lessons on development of 64-bit C/C++ applications. Lesson 16. Pattern 8. Memsize-types in unions.3.17. Dangerous expression as an argument of the malloc() functionDescription: • PVS-Studio documentation. V118. malloc() function accepts a dangerous expression in the capacity of an argument. • Lessons on development of 64-bit C/C++ applications. Lesson 9. Pattern 1. Magic numbers.3.18. Incorrect calculation of object sizes using several sizeof() operatorsDescription: • PVS-Studio documentation. V119. More than one sizeof() operators are used in one expression. • Lessons on development of 64-bit C/C++ applications. Lesson 21. Pattern 13. Data alignment.3.19. The new operator accepts an expression of a 32-bit type as an argumentDescription: • PVS-Studio documentation. V121. Implicit conversion of the type of new operators argument to size_t type. • Lessons on development of 64-bit C/C++ applications. Lesson 17. Pattern 9. Mixed arithmetic.3.20. Explicit conversion of a 32-bit type to a memsize-typeDescription: • PVS-Studio documentation. V201. Explicit type conversion. Type casting to memsize.3.21. Explicit conversion of a memsize-type to a 32-bit typeDescription: • PVS-Studio documentation. V202. Explicit type conversion. Type casting from memsize to 32-bit. • Lessons on development of 64-bit C/C++ applications. Lesson 15. Pattern 7. Pointer packing. • Andrey Karpov. OOO "Program Verification Systems" company blog. Search of explicit type conversion errors in 64-bit programs.Note to the tableThe Visual C++ compiler diagnoses only the explicit conversion of pointers to 32-bit data types but notall the memsize-types.3.22. Incorrectly defined virtual functionsDescription: • PVS-Studio documentation. V301. Unexpected function overloading behavior. See N argument of function foo in derived class derived and base class base. • Lessons on development of 64-bit C/C++ applications. Lesson 12. Pattern 4. Virtual functions.
  • 8. • Andrey Karpov. OOO "Program Verification Systems" company blog. Issues of 64-bit code in real programs: virtual functions.Note to the tableThe Visual C++ compiler diagnoses all the cases when the function prototype in the descendant classdiffers from the prototype of the function defined as a virtual function in the base class. As a result, a lotof warnings are generated which do not refer to 64-bit defects and it complicates the use of thisdiagnosis type. Moreover, the compiler does not detect this type of errors at all when compiling a 32-bitproject.3.23. Dangerous [] operatorDescription: • PVS-Studio documentation. V302. Member operator[] of foo class has a 32-bit type argument. Use memsize-type here. • Andrey Karpov. OOO "Program Verification Systems" company blog. Search of 64-bit errors in array implementation.3.24. Using deprecated functionsDescription: • PVS-Studio documentation. V303. The function is deprecated in the Win64 system. It is safer to use the foo function.3.25. Buffer overflow or underflow errorDescription: • PVS-Studio documentation. V320. A call of the foo function will lead to a buffer overflow or underflow in a 64-bit system.Note to the tableThe task of searching for the buffer overflow is difficult and often cannot be solved by means of staticanalysis at all. That is why we specified in the table that the Viva64 analyzer detects only some of thedefects of this kind.3.26. Searching for structures whose sizes can be decreased withoutperformance lossDescription: • PVS-Studio documentation. V401. The structures size can be decreased via changing the fields order. The size can be reduced from N to K bytes. • Lessons on development of 64-bit C/C++ applications. Lesson 23. Pattern 15. Growth of structures sizes. • Andrey Karpov. OOO "Program Verification Systems" company blog. Viva64 for optimizing data structures.Note to the table
  • 9. The Visual C++ compiler warns about all empty spaces between fields in structures that appear becauseof data alignment. This information may be used to search for non-optimal structures but it is difficult todo in practice.3.27. Using a function without preliminarily defining it (in the C language)Description: • PVS-Studio documentation. V102. Usage of non memsize type for pointer arithmetic. • Andrey Karpov. OOO "Program Verification Systems" company blog. A nice 64-bit error in C.Note to the tableThe analyzer diagnoses this type of errors indirectly by generating a warning about conversion of the inttype to the pointer.3.28. Incorrect #ifdef..#elseDescription: • Andrey Karpov. A Collection of Examples of 64-bit Errors in Real Programs. Example 3.3.29. Serialization errors (changes of type sizes, byte order changes)Description: • Lessons on development of 64-bit C/C++ applications. Lesson 19. Pattern 11. Serialization and data interchange.3.30. Redirection errors (referring to WoW64)Description: • Andrey Karpov. A Collection of Examples of 64-bit Errors in Real Programs. Example 30.3.31. Changes of program behavior when using overloaded functionsDescription: • Lessons on development of 64-bit C/C++ applications. Lesson 22. Pattern 14. Overloaded functions.SummaryThe Viva64 static analyzer included into PVS-Studio exceeds the capabilities of Visual C++ 2010 and CodeAnalysis for C/C++ component several times in detecting 64-bit defects. The analyzer can be used withthe same efficiency both when developing new 64-bit projects and preparing 32-bit code for migrationto a 64-bit system. The Viva64 analyzer also helps in estimating the cost of porting an application to a64-bit system - this feature is described in "Lesson 28. Estimating the cost of 64-bit migration of C/C++applications".