SlideShare a Scribd company logo

Why I Dislike Synthetic Tests

P
PVS-Studio

I don't like it when people use artificial code examples to evaluate the diagnostic capabilities of static code analyzers. There is one particular example I'm going to discuss to explain my negative attitude to synthetic tests.

Software
1 of 4
Download to read offline
Why I Dislike Synthetic Tests Author: Andrey Karpov Date: 06.02.2017 I don't like it when people use artificial code examples to evaluate the diagnostic capabilities of static code analyzers. There is one particular example I'm going to discuss to explain my negative attitude to synthetic tests. Bill Torpey recently wrote a blog post entitled "Even Mo' Static", where he shared his view on the results of testing Cppcheck and PVS-Studio analyzers on the itc-benchmarks project, which is a set of static analysis benchmarks by Toyota ITC. That post upset me because it would leave you with an impression that Cppcheck's and PVS-Studio's capabilities were very similar. What follows from the article is that one analyzer is better at diagnosing some types of errors and the other, at diagnosing other types of errors, but their capabilities are generally the same. I think it's a wrong conclusion. My opinion is that our analyzer, PVS-Studio, is several times more powerful than Cppcheck. Well, it's not even an "opinion" - it's what I know for sure! However, since it's not obvious to an outside observer that PVS-Studio is ten times better than Cppcheck, there must be a reason for that. I decided to take a look at that project, itc-benchmarks, and figure out why PVS-Studio didn't perform at its best on that code base. The more I was digging, the greater irritation I felt. There was one particular example that drove me really crazy, and I'm going to tell you about it in a moment. What I have to say as a conclusion is this: I have no complaints against Bill Torpey. He wrote a good, honest article. Thank you, Bill! But I do have complaints against Toyota ITC. I personally think their code base is crap. Yes, it's a blunt statement, but I believe I have enough competence and experience to debate about static code analyzers and ways of evaluating them. In my opinion, itc-benchmarks can't be used to adequately evaluate tools' diagnostic capabilities. Now, here's the test that killed me. It's a test for null pointer dereference:
void null_pointer_001 () { int *p = NULL; *p = 1; /*Tool should detect this line as error*/ /*ERROR:NULL pointer dereference*/ } Cppcheck analyzer reports an error in this code: Null pointer dereference: p PVS-Studio analyzer keeps silent, although it does have diagnostic V522 for cases like that. So, does it mean that PVS-Studio is worse at diagnosing this example than Cppcheck? No, it's just the opposite: it's better! PVS-Studio understands that this code was written on purpose and there is no error there. In certain cases, programmers write code like that intentionally to make the program throw an exception when a null pointer dereference occurs. This trick is used in tests and specific code fragments, and I have seen it more than once. Here's, for example, how it can be in a real-life project: void GpuChildThread::OnCrash() { LOG(INFO) << "GPU: Simulating GPU crash"; // Good bye, cruel world. volatile int* it_s_the_end_of_the_world_as_we_know_it = NULL; *it_s_the_end_of_the_world_as_we_know_it = 0xdead; } That's why we have included a number of exceptions into PVS-Studio's V522 diagnostic rule so that it doesn't go mad about code like that. The analyzer understands that null_pointer_001 is an artificial function; there are just no errors that deal with assigning zero to a pointer and then immediately dereferencing it in real functions. The function name itself is also a sign for the analyzer that the "null pointer" here is not an accident. For cases like that, the V522 diagnostic has exception A6. It is this exception that synthetic function null_pointer_001 falls under. This is the description of the A6 exception: The variable is dereferenced in the body of a function whose name contains one of the following words:  error  default  crash  null  test  violation  throw  exception Before being dereferenced, the variable is assigned 0 one line earlier.
The synthetic test in question totally fits into this description. Firstly, the function name contains the word "null". Secondly, the variable is assigned zero exactly one line earlier. The exception revealed unreal code, which it really is because it's a synthetic test. It's for these subtle details that I dislike synthetic tests! It's not the only complaint I have against itc-benchmarks. For example, there is another test in the same file: void null_pointer_006 () { int *p; p = (int *)(intptr_t)rand(); *p = 1; /*Tool should detect this line as error*/ /*ERROR:NULL pointer dereference*/ } The rand function can return 0, which will then turn into NULL. PVS-Studio analyzer doesn't know yet what rand can return, so it has no suspicions about this code. I asked my colleagues to teach the analyzer to better understand how exactly function rand works. There's no choice; we have to smooth the tool manually so that it could do better on the test base in question. We are forced to do it, since people use test suits like that to evaluate analyzers. But don't you worry. I promise that we will be still working on real-life, useful diagnostics as before instead of adapting the analyzer for tests. We might polish PVS-Studio slightly for itc-benchmarks, but not as a top-priority task and only for those cases that do make at least some sense. I want developers to understand that the example with rand does not actually show anything. It's synthetic, totally far-fetched. No one writes programs that way; there are no real errors like that. By the way, if the rand function returns 1400 instead of 0, it won't be any better. A pointer like that can't be dereferenced in any case. So, this null pointer dereference is some strange private case of completely incorrect code, which was simply made up by the suite authors and which you are never going to see in reality. I know what the real programming problems are. These are, among others, typos, and our tool is regularly catching hundreds of them using, say, diagnostic V501. It's funny, but I haven't found a test in itc-benchmarks that checks if tools can spot the "if (a.x == a.x)" typo pattern. Not a single test! It turns out that itc-benchmarks ignores the analyzers' typo-search capabilities, while our readers surely know how widespread defects of this type are. And what that project does have is test cases that I find stupid and that are never found in real programs. I can't imagine stumbling upon code like the one below, resulting in an array overrun, in a real, serious project: void overrun_st_014 () { int buf[5]; int index; index = rand();
buf[index] = 1; /*Tool should detect this line as error*/ /*ERROR: buffer overrun */ sink = buf[idx]; } The only type of programs where you could probably find that is students' programming exercises. At the same time, I do know that you are very likely to come across the following typo in a serious project: return (!strcmp (a->v.val_vms_delta.lbl1, b->v.val_vms_delta.lbl1) && !strcmp (a->v.val_vms_delta.lbl1, b->v.val_vms_delta.lbl1)); This error was found by PVS-Studio in GCC compiler's code: the same strings are compared twice. So, the suite includes tests for diagnosing exotic code with rand but zero tests for classic typos. I could go on and on, but I'd rather stop. I've let off steam and feel better now. Thank you for reading. Now I have an article to support my opinion about synthetic error bases. Welcome to install and try a most powerful code analyzer PVS-Studio. References: 1. PVS-Studio's diagnostic capabilities. 2. Database of real-life errors found by PVS-Studio in open-source projects. 3. Myths about static analysis. The fifth myth - a small test program is enough to evaluate a tool.

Recommended

Comparing PVS-Studio with other code analyzers
Comparing PVS-Studio with other code analyzersComparing PVS-Studio with other code analyzers
Comparing PVS-Studio with other code analyzers
PVS-Studio
 
Parallel Lint
Parallel LintParallel Lint
Parallel Lint
PVS-Studio
 
The D language comes to help
The D language comes to helpThe D language comes to help
The D language comes to help
PVS-Studio
 
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
Andrey Karpov
 
Errors that static code analysis does not find because it is not used
Errors that static code analysis does not find because it is not usedErrors that static code analysis does not find because it is not used
Errors that static code analysis does not find because it is not used
Andrey Karpov
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio
 
Microsoft opened the source code of Xamarin.Forms. We couldn't miss a chance ...
Microsoft opened the source code of Xamarin.Forms. We couldn't miss a chance ...Microsoft opened the source code of Xamarin.Forms. We couldn't miss a chance ...
Microsoft opened the source code of Xamarin.Forms. We couldn't miss a chance ...
PVS-Studio
 
PVS-Studio Has Finally Got to Boost
PVS-Studio Has Finally Got to BoostPVS-Studio Has Finally Got to Boost
PVS-Studio Has Finally Got to Boost
Andrey Karpov
 

Recommended

Comparing PVS-Studio with other code analyzers
Comparing PVS-Studio with other code analyzersComparing PVS-Studio with other code analyzers
Comparing PVS-Studio with other code analyzers
PVS-Studio
 
Parallel Lint
Parallel LintParallel Lint
Parallel Lint
PVS-Studio
 
The D language comes to help
The D language comes to helpThe D language comes to help
The D language comes to help
PVS-Studio
 
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
Andrey Karpov
 
Errors that static code analysis does not find because it is not used
Errors that static code analysis does not find because it is not usedErrors that static code analysis does not find because it is not used
Errors that static code analysis does not find because it is not used
Andrey Karpov
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio
 
Microsoft opened the source code of Xamarin.Forms. We couldn't miss a chance ...
Microsoft opened the source code of Xamarin.Forms. We couldn't miss a chance ...Microsoft opened the source code of Xamarin.Forms. We couldn't miss a chance ...
Microsoft opened the source code of Xamarin.Forms. We couldn't miss a chance ...
PVS-Studio
 
PVS-Studio Has Finally Got to Boost
PVS-Studio Has Finally Got to BoostPVS-Studio Has Finally Got to Boost
PVS-Studio Has Finally Got to Boost
Andrey Karpov
 
What's the Difference Between Static Analysis and Compiler Warnings?
What's the Difference Between Static Analysis and Compiler Warnings?What's the Difference Between Static Analysis and Compiler Warnings?
What's the Difference Between Static Analysis and Compiler Warnings?
Andrey Karpov
 
Logical Expressions in C/C++. Mistakes Made by Professionals
Logical Expressions in C/C++. Mistakes Made by ProfessionalsLogical Expressions in C/C++. Mistakes Made by Professionals
Logical Expressions in C/C++. Mistakes Made by Professionals
PVS-Studio
 
How to Improve Visual C++ 2017 Libraries Using PVS-Studio
How to Improve Visual C++ 2017 Libraries Using PVS-StudioHow to Improve Visual C++ 2017 Libraries Using PVS-Studio
How to Improve Visual C++ 2017 Libraries Using PVS-Studio
PVS-Studio
 
Programming katas for Software Testers - CounterStrings
Programming katas for Software Testers - CounterStringsProgramming katas for Software Testers - CounterStrings
Programming katas for Software Testers - CounterStrings
Alan Richardson
 
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-StudioAnalysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
PVS-Studio
 
Interview with Dmitriy Vyukov - the author of Relacy Race Detector (RRD)
Interview with Dmitriy Vyukov - the author of Relacy Race Detector (RRD)Interview with Dmitriy Vyukov - the author of Relacy Race Detector (RRD)
Interview with Dmitriy Vyukov - the author of Relacy Race Detector (RRD)
PVS-Studio
 
Errors detected in the Visual C++ 2012 libraries
Errors detected in the Visual C++ 2012 librariesErrors detected in the Visual C++ 2012 libraries
Errors detected in the Visual C++ 2012 libraries
PVS-Studio
 
Static analysis and ROI
Static analysis and ROIStatic analysis and ROI
Static analysis and ROI
PVS-Studio
 
Static analysis and ROI
Static analysis and ROIStatic analysis and ROI
Static analysis and ROI
Andrey Karpov
 
150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis
Raghu Palakodety
 
War of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlowWar of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlow
PVS-Studio
 
1Sem-MTech-Design For Verification Notes-Unit2-Verification Tools
1Sem-MTech-Design For Verification Notes-Unit2-Verification Tools1Sem-MTech-Design For Verification Notes-Unit2-Verification Tools
1Sem-MTech-Design For Verification Notes-Unit2-Verification Tools
Dr. Shivananda Koteshwar
 
Why Students Need the CppCat Code Analyzer
Why Students Need the CppCat Code AnalyzerWhy Students Need the CppCat Code Analyzer
Why Students Need the CppCat Code Analyzer
PVS-Studio
 
C# Exceptions Handling
C# Exceptions Handling C# Exceptions Handling
C# Exceptions Handling
sharqiyem
 
Machine Learning in Static Analysis of Program Source Code
Machine Learning in Static Analysis of Program Source CodeMachine Learning in Static Analysis of Program Source Code
Machine Learning in Static Analysis of Program Source Code
Andrey Karpov
 
Static Analysis: From Getting Started to Integration
Static Analysis: From Getting Started to IntegrationStatic Analysis: From Getting Started to Integration
Static Analysis: From Getting Started to Integration
Andrey Karpov
 
Checking PVS-Studio with Clang
Checking PVS-Studio with ClangChecking PVS-Studio with Clang
Checking PVS-Studio with Clang
Andrey Karpov
 
Exception handling in ASP .NET
Exception handling in ASP .NETException handling in ASP .NET
Exception handling in ASP .NET
baabtra.com - No. 1 supplier of quality freshers
 
Best Coding Practices For Android Application Development
Best Coding Practices For Android Application DevelopmentBest Coding Practices For Android Application Development
Best Coding Practices For Android Application Development
Ketan Raval
 
Finding bugs in the code of LLVM project with the help of PVS-Studio
Finding bugs in the code of LLVM project with the help of PVS-StudioFinding bugs in the code of LLVM project with the help of PVS-Studio
Finding bugs in the code of LLVM project with the help of PVS-Studio
PVS-Studio
 
метод семинар учитель года
метод семинар учитель годаметод семинар учитель года
метод семинар учитель года
HanovaSveta
 
Serena Keogh- Location Reece- Unit 14
Serena Keogh- Location Reece- Unit 14Serena Keogh- Location Reece- Unit 14
Serena Keogh- Location Reece- Unit 14
serenakeogh15
 

More Related Content

What's hot

Logical Expressions in C/C++. Mistakes Made by Professionals
Logical Expressions in C/C++. Mistakes Made by ProfessionalsLogical Expressions in C/C++. Mistakes Made by Professionals
Logical Expressions in C/C++. Mistakes Made by Professionals
PVS-Studio
 
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-StudioAnalysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
PVS-Studio
 

What's hot (20)

What's the Difference Between Static Analysis and Compiler Warnings?
What's the Difference Between Static Analysis and Compiler Warnings?What's the Difference Between Static Analysis and Compiler Warnings?
What's the Difference Between Static Analysis and Compiler Warnings?
 
Logical Expressions in C/C++. Mistakes Made by Professionals
Logical Expressions in C/C++. Mistakes Made by ProfessionalsLogical Expressions in C/C++. Mistakes Made by Professionals
Logical Expressions in C/C++. Mistakes Made by Professionals
 
How to Improve Visual C++ 2017 Libraries Using PVS-Studio
How to Improve Visual C++ 2017 Libraries Using PVS-StudioHow to Improve Visual C++ 2017 Libraries Using PVS-Studio
How to Improve Visual C++ 2017 Libraries Using PVS-Studio
 
Programming katas for Software Testers - CounterStrings
Programming katas for Software Testers - CounterStringsProgramming katas for Software Testers - CounterStrings
Programming katas for Software Testers - CounterStrings
 
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-StudioAnalysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
 
Interview with Dmitriy Vyukov - the author of Relacy Race Detector (RRD)
Interview with Dmitriy Vyukov - the author of Relacy Race Detector (RRD)Interview with Dmitriy Vyukov - the author of Relacy Race Detector (RRD)
Interview with Dmitriy Vyukov - the author of Relacy Race Detector (RRD)
 
Errors detected in the Visual C++ 2012 libraries
Errors detected in the Visual C++ 2012 librariesErrors detected in the Visual C++ 2012 libraries
Errors detected in the Visual C++ 2012 libraries
 
Static analysis and ROI
Static analysis and ROIStatic analysis and ROI
Static analysis and ROI
 
Static analysis and ROI
Static analysis and ROIStatic analysis and ROI
Static analysis and ROI
 
150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis
 
War of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlowWar of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlow
 
1Sem-MTech-Design For Verification Notes-Unit2-Verification Tools
1Sem-MTech-Design For Verification Notes-Unit2-Verification Tools1Sem-MTech-Design For Verification Notes-Unit2-Verification Tools
1Sem-MTech-Design For Verification Notes-Unit2-Verification Tools
 
Why Students Need the CppCat Code Analyzer
Why Students Need the CppCat Code AnalyzerWhy Students Need the CppCat Code Analyzer
Why Students Need the CppCat Code Analyzer
 
C# Exceptions Handling
C# Exceptions Handling C# Exceptions Handling
C# Exceptions Handling
 
Machine Learning in Static Analysis of Program Source Code
Machine Learning in Static Analysis of Program Source CodeMachine Learning in Static Analysis of Program Source Code
Machine Learning in Static Analysis of Program Source Code
 
Static Analysis: From Getting Started to Integration
Static Analysis: From Getting Started to IntegrationStatic Analysis: From Getting Started to Integration
Static Analysis: From Getting Started to Integration
 
Checking PVS-Studio with Clang
Checking PVS-Studio with ClangChecking PVS-Studio with Clang
Checking PVS-Studio with Clang
 
Exception handling in ASP .NET
Exception handling in ASP .NETException handling in ASP .NET
Exception handling in ASP .NET
 
Best Coding Practices For Android Application Development
Best Coding Practices For Android Application DevelopmentBest Coding Practices For Android Application Development
Best Coding Practices For Android Application Development
 
Finding bugs in the code of LLVM project with the help of PVS-Studio
Finding bugs in the code of LLVM project with the help of PVS-StudioFinding bugs in the code of LLVM project with the help of PVS-Studio
Finding bugs in the code of LLVM project with the help of PVS-Studio
 

Viewers also liked

How to capture a variable in C# and not to shoot yourself in the foot
How to capture a variable in C# and not to shoot yourself in the footHow to capture a variable in C# and not to shoot yourself in the foot
How to capture a variable in C# and not to shoot yourself in the foot
PVS-Studio
 
How to capture a variable in C# and not to shoot yourself in the foot
How to capture a variable in C# and not to shoot yourself in the footHow to capture a variable in C# and not to shoot yourself in the foot
How to capture a variable in C# and not to shoot yourself in the foot
Sofia Fateeva
 
2a. PARTE REVISTA MES DE MAYO 2010
2a. PARTE REVISTA MES DE MAYO 20102a. PARTE REVISTA MES DE MAYO 2010
2a. PARTE REVISTA MES DE MAYO 2010
Periodismo
 
No Te Robes Mis Ideas!
No Te Robes Mis Ideas!No Te Robes Mis Ideas!
No Te Robes Mis Ideas!
Fabian Acosta
 
Modulo Instruccional Del Diccionario
Modulo Instruccional Del DiccionarioModulo Instruccional Del Diccionario
Modulo Instruccional Del Diccionario
armandotorres1982
 
Aproximaciones
AproximacionesAproximaciones
Aproximaciones
Vanessa
 
La Pupila Del Cielo
La Pupila Del CieloLa Pupila Del Cielo
La Pupila Del Cielo
Periodismo
 

Viewers also liked (20)

метод семинар учитель года
метод семинар учитель годаметод семинар учитель года
метод семинар учитель года
 
Serena Keogh- Location Reece- Unit 14
Serena Keogh- Location Reece- Unit 14Serena Keogh- Location Reece- Unit 14
Serena Keogh- Location Reece- Unit 14
 
Moving from CruiseControl.NET to Jenkins in the PVS-Studio development team
Moving from CruiseControl.NET to Jenkins in the PVS-Studio development teamMoving from CruiseControl.NET to Jenkins in the PVS-Studio development team
Moving from CruiseControl.NET to Jenkins in the PVS-Studio development team
 
Rechecking SharpDevelop: Any New Bugs?
Rechecking SharpDevelop: Any New Bugs?Rechecking SharpDevelop: Any New Bugs?
Rechecking SharpDevelop: Any New Bugs?
 
How to capture a variable in C# and not to shoot yourself in the foot
How to capture a variable in C# and not to shoot yourself in the footHow to capture a variable in C# and not to shoot yourself in the foot
How to capture a variable in C# and not to shoot yourself in the foot
 
How to capture a variable in C# and not to shoot yourself in the foot
How to capture a variable in C# and not to shoot yourself in the footHow to capture a variable in C# and not to shoot yourself in the foot
How to capture a variable in C# and not to shoot yourself in the foot
 
Moving from CruiseControl.NET to Jenkins in the PVS-Studio development team
Moving from CruiseControl.NET to Jenkins in the PVS-Studio development teamMoving from CruiseControl.NET to Jenkins in the PVS-Studio development team
Moving from CruiseControl.NET to Jenkins in the PVS-Studio development team
 
Redes
RedesRedes
Redes
 
Diapositivas Con Sonido De Derechos De Autor
Diapositivas Con Sonido De Derechos De AutorDiapositivas Con Sonido De Derechos De Autor
Diapositivas Con Sonido De Derechos De Autor
 
Guía blog
Guía blogGuía blog
Guía blog
 
2a. PARTE REVISTA MES DE MAYO 2010
2a. PARTE REVISTA MES DE MAYO 20102a. PARTE REVISTA MES DE MAYO 2010
2a. PARTE REVISTA MES DE MAYO 2010
 
Configuracion De P C Cecytem Tecamac
Configuracion De P C Cecytem TecamacConfiguracion De P C Cecytem Tecamac
Configuracion De P C Cecytem Tecamac
 
Todo Estaba Bien
Todo Estaba BienTodo Estaba Bien
Todo Estaba Bien
 
No Te Robes Mis Ideas!
No Te Robes Mis Ideas!No Te Robes Mis Ideas!
No Te Robes Mis Ideas!
 
Secuencia 10
Secuencia 10Secuencia 10
Secuencia 10
 
Nutricuates: Consume Sano
Nutricuates: Consume SanoNutricuates: Consume Sano
Nutricuates: Consume Sano
 
Modulo Instruccional Del Diccionario
Modulo Instruccional Del DiccionarioModulo Instruccional Del Diccionario
Modulo Instruccional Del Diccionario
 
Aproximaciones
AproximacionesAproximaciones
Aproximaciones
 
La Pupila Del Cielo
La Pupila Del CieloLa Pupila Del Cielo
La Pupila Del Cielo
 
Syri 131 estudiantes pos
Syri 131 estudiantes posSyri 131 estudiantes pos
Syri 131 estudiantes pos
 

Similar to Why I Dislike Synthetic Tests

PVS-Studio and CppCat: An Interview with Andrey Karpov, the Project CTO and D...
PVS-Studio and CppCat: An Interview with Andrey Karpov, the Project CTO and D...PVS-Studio and CppCat: An Interview with Andrey Karpov, the Project CTO and D...
PVS-Studio and CppCat: An Interview with Andrey Karpov, the Project CTO and D...
Andrey Karpov
 
CppCat Static Analyzer Review
CppCat Static Analyzer ReviewCppCat Static Analyzer Review
CppCat Static Analyzer Review
Andrey Karpov
 
Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, ...
Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, ...Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, ...
Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, ...
PVS-Studio
 
The way static analyzers fight against false positives, and why they do it
The way static analyzers fight against false positives, and why they do itThe way static analyzers fight against false positives, and why they do it
The way static analyzers fight against false positives, and why they do it
PVS-Studio
 
How to find 56 potential vulnerabilities in FreeBSD code in one evening
How to find 56 potential vulnerabilities in FreeBSD code in one eveningHow to find 56 potential vulnerabilities in FreeBSD code in one evening
How to find 56 potential vulnerabilities in FreeBSD code in one evening
PVS-Studio
 
Comparing PVS-Studio for C# and a built-in Visual Studio analyzer, using the ...
Comparing PVS-Studio for C# and a built-in Visual Studio analyzer, using the ...Comparing PVS-Studio for C# and a built-in Visual Studio analyzer, using the ...
Comparing PVS-Studio for C# and a built-in Visual Studio analyzer, using the ...
Ekaterina Milovidova
 

Similar to Why I Dislike Synthetic Tests (20)

Searching for bugs in Mono: there are hundreds of them!
Searching for bugs in Mono: there are hundreds of them!Searching for bugs in Mono: there are hundreds of them!
Searching for bugs in Mono: there are hundreds of them!
 
Accord.Net: Looking for a Bug that Could Help Machines Conquer Humankind
Accord.Net: Looking for a Bug that Could Help Machines Conquer HumankindAccord.Net: Looking for a Bug that Could Help Machines Conquer Humankind
Accord.Net: Looking for a Bug that Could Help Machines Conquer Humankind
 
PVS-Studio and CppCat: An Interview with Andrey Karpov, the Project CTO and D...
PVS-Studio and CppCat: An Interview with Andrey Karpov, the Project CTO and D...PVS-Studio and CppCat: An Interview with Andrey Karpov, the Project CTO and D...
PVS-Studio and CppCat: An Interview with Andrey Karpov, the Project CTO and D...
 
Static and Dynamic Code Analysis
Static and Dynamic Code AnalysisStatic and Dynamic Code Analysis
Static and Dynamic Code Analysis
 
How PVS-Studio does the bug search: methods and technologies
How PVS-Studio does the bug search: methods and technologiesHow PVS-Studio does the bug search: methods and technologies
How PVS-Studio does the bug search: methods and technologies
 
CppCat Static Analyzer Review
CppCat Static Analyzer ReviewCppCat Static Analyzer Review
CppCat Static Analyzer Review
 
Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, ...
Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, ...Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, ...
Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, ...
 
Espressif IoT Development Framework: 71 Shots in the Foot
Espressif IoT Development Framework: 71 Shots in the FootEspressif IoT Development Framework: 71 Shots in the Foot
Espressif IoT Development Framework: 71 Shots in the Foot
 
Leo Tolstoy and static code analysis
Leo Tolstoy and static code analysisLeo Tolstoy and static code analysis
Leo Tolstoy and static code analysis
 
Looking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopLooking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelop
 
The way static analyzers fight against false positives, and why they do it
The way static analyzers fight against false positives, and why they do itThe way static analyzers fight against false positives, and why they do it
The way static analyzers fight against false positives, and why they do it
 
Checking the Source SDK Project
Checking the Source SDK ProjectChecking the Source SDK Project
Checking the Source SDK Project
 
Grounded Pointers
Grounded PointersGrounded Pointers
Grounded Pointers
 
How to find 56 potential vulnerabilities in FreeBSD code in one evening
How to find 56 potential vulnerabilities in FreeBSD code in one eveningHow to find 56 potential vulnerabilities in FreeBSD code in one evening
How to find 56 potential vulnerabilities in FreeBSD code in one evening
 
Analysis of Godot Engine's Source Code
Analysis of Godot Engine's Source CodeAnalysis of Godot Engine's Source Code
Analysis of Godot Engine's Source Code
 
Why Windows 8 drivers are buggy
Why Windows 8 drivers are buggyWhy Windows 8 drivers are buggy
Why Windows 8 drivers are buggy
 
Comparing PVS-Studio for C# and a built-in Visual Studio analyzer, using the ...
Comparing PVS-Studio for C# and a built-in Visual Studio analyzer, using the ...Comparing PVS-Studio for C# and a built-in Visual Studio analyzer, using the ...
Comparing PVS-Studio for C# and a built-in Visual Studio analyzer, using the ...
 
I just had to check ICQ project
I just had to check ICQ projectI just had to check ICQ project
I just had to check ICQ project
 
How we test the code analyzer
How we test the code analyzerHow we test the code analyzer
How we test the code analyzer
 
Konstantin Knizhnik: static analysis, a view from aside
Konstantin Knizhnik: static analysis, a view from asideKonstantin Knizhnik: static analysis, a view from aside
Konstantin Knizhnik: static analysis, a view from aside
 

Recently uploaded

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
VictorSzoltysek
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 

Recently uploaded (20)

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 

Why I Dislike Synthetic Tests

  • 1. Why I Dislike Synthetic Tests Author: Andrey Karpov Date: 06.02.2017 I don't like it when people use artificial code examples to evaluate the diagnostic capabilities of static code analyzers. There is one particular example I'm going to discuss to explain my negative attitude to synthetic tests. Bill Torpey recently wrote a blog post entitled "Even Mo' Static", where he shared his view on the results of testing Cppcheck and PVS-Studio analyzers on the itc-benchmarks project, which is a set of static analysis benchmarks by Toyota ITC. That post upset me because it would leave you with an impression that Cppcheck's and PVS-Studio's capabilities were very similar. What follows from the article is that one analyzer is better at diagnosing some types of errors and the other, at diagnosing other types of errors, but their capabilities are generally the same. I think it's a wrong conclusion. My opinion is that our analyzer, PVS-Studio, is several times more powerful than Cppcheck. Well, it's not even an "opinion" - it's what I know for sure! However, since it's not obvious to an outside observer that PVS-Studio is ten times better than Cppcheck, there must be a reason for that. I decided to take a look at that project, itc-benchmarks, and figure out why PVS-Studio didn't perform at its best on that code base. The more I was digging, the greater irritation I felt. There was one particular example that drove me really crazy, and I'm going to tell you about it in a moment. What I have to say as a conclusion is this: I have no complaints against Bill Torpey. He wrote a good, honest article. Thank you, Bill! But I do have complaints against Toyota ITC. I personally think their code base is crap. Yes, it's a blunt statement, but I believe I have enough competence and experience to debate about static code analyzers and ways of evaluating them. In my opinion, itc-benchmarks can't be used to adequately evaluate tools' diagnostic capabilities. Now, here's the test that killed me. It's a test for null pointer dereference:
  • 2. void null_pointer_001 () { int *p = NULL; *p = 1; /*Tool should detect this line as error*/ /*ERROR:NULL pointer dereference*/ } Cppcheck analyzer reports an error in this code: Null pointer dereference: p PVS-Studio analyzer keeps silent, although it does have diagnostic V522 for cases like that. So, does it mean that PVS-Studio is worse at diagnosing this example than Cppcheck? No, it's just the opposite: it's better! PVS-Studio understands that this code was written on purpose and there is no error there. In certain cases, programmers write code like that intentionally to make the program throw an exception when a null pointer dereference occurs. This trick is used in tests and specific code fragments, and I have seen it more than once. Here's, for example, how it can be in a real-life project: void GpuChildThread::OnCrash() { LOG(INFO) << "GPU: Simulating GPU crash"; // Good bye, cruel world. volatile int* it_s_the_end_of_the_world_as_we_know_it = NULL; *it_s_the_end_of_the_world_as_we_know_it = 0xdead; } That's why we have included a number of exceptions into PVS-Studio's V522 diagnostic rule so that it doesn't go mad about code like that. The analyzer understands that null_pointer_001 is an artificial function; there are just no errors that deal with assigning zero to a pointer and then immediately dereferencing it in real functions. The function name itself is also a sign for the analyzer that the "null pointer" here is not an accident. For cases like that, the V522 diagnostic has exception A6. It is this exception that synthetic function null_pointer_001 falls under. This is the description of the A6 exception: The variable is dereferenced in the body of a function whose name contains one of the following words:  error  default  crash  null  test  violation  throw  exception Before being dereferenced, the variable is assigned 0 one line earlier.
  • 3. The synthetic test in question totally fits into this description. Firstly, the function name contains the word "null". Secondly, the variable is assigned zero exactly one line earlier. The exception revealed unreal code, which it really is because it's a synthetic test. It's for these subtle details that I dislike synthetic tests! It's not the only complaint I have against itc-benchmarks. For example, there is another test in the same file: void null_pointer_006 () { int *p; p = (int *)(intptr_t)rand(); *p = 1; /*Tool should detect this line as error*/ /*ERROR:NULL pointer dereference*/ } The rand function can return 0, which will then turn into NULL. PVS-Studio analyzer doesn't know yet what rand can return, so it has no suspicions about this code. I asked my colleagues to teach the analyzer to better understand how exactly function rand works. There's no choice; we have to smooth the tool manually so that it could do better on the test base in question. We are forced to do it, since people use test suits like that to evaluate analyzers. But don't you worry. I promise that we will be still working on real-life, useful diagnostics as before instead of adapting the analyzer for tests. We might polish PVS-Studio slightly for itc-benchmarks, but not as a top-priority task and only for those cases that do make at least some sense. I want developers to understand that the example with rand does not actually show anything. It's synthetic, totally far-fetched. No one writes programs that way; there are no real errors like that. By the way, if the rand function returns 1400 instead of 0, it won't be any better. A pointer like that can't be dereferenced in any case. So, this null pointer dereference is some strange private case of completely incorrect code, which was simply made up by the suite authors and which you are never going to see in reality. I know what the real programming problems are. These are, among others, typos, and our tool is regularly catching hundreds of them using, say, diagnostic V501. It's funny, but I haven't found a test in itc-benchmarks that checks if tools can spot the "if (a.x == a.x)" typo pattern. Not a single test! It turns out that itc-benchmarks ignores the analyzers' typo-search capabilities, while our readers surely know how widespread defects of this type are. And what that project does have is test cases that I find stupid and that are never found in real programs. I can't imagine stumbling upon code like the one below, resulting in an array overrun, in a real, serious project: void overrun_st_014 () { int buf[5]; int index; index = rand();
  • 4. buf[index] = 1; /*Tool should detect this line as error*/ /*ERROR: buffer overrun */ sink = buf[idx]; } The only type of programs where you could probably find that is students' programming exercises. At the same time, I do know that you are very likely to come across the following typo in a serious project: return (!strcmp (a->v.val_vms_delta.lbl1, b->v.val_vms_delta.lbl1) && !strcmp (a->v.val_vms_delta.lbl1, b->v.val_vms_delta.lbl1)); This error was found by PVS-Studio in GCC compiler's code: the same strings are compared twice. So, the suite includes tests for diagnosing exotic code with rand but zero tests for classic typos. I could go on and on, but I'd rather stop. I've let off steam and feel better now. Thank you for reading. Now I have an article to support my opinion about synthetic error bases. Welcome to install and try a most powerful code analyzer PVS-Studio. References: 1. PVS-Studio's diagnostic capabilities. 2. Database of real-life errors found by PVS-Studio in open-source projects. 3. Myths about static analysis. The fifth myth - a small test program is enough to evaluate a tool.