Following our readers' requests, we have scanned the open-source project FreeSWITCH with PVS-Studio. This project was initially founded by the developers of the Asterisk project, which we already analyzed some time ago. The FreeSWITCH project is actively developing and has a handful of interesting issues, which we will discuss in this article.
The document provides an overview of learning bottom up JavaScript, including the key things it will cover: the JavaScript language, Document Object Model (DOM), how JS and DOM cooperate, libraries, development tools, and resources. It describes the main aspects of JavaScript like being dynamic, weakly typed, prototype-based, and using first-class functions. It also explains the three main things done with JS: attaching event listeners, getting/modifying data, and updating the page.
The document discusses generating headless JavaScript tests for validations. It describes problems with testing JavaScript across many views, models, and validations. It proposes using server-side and client-side validations, widgets, localization, and regular expressions to solve these problems. Tests are generated and executed using RSpec and a standalone JavaScript interpreter to test validations without a browser.
Architecture for Massively Parallel HDL Simulations DVClub
This document describes Art of Silicon's architecture for massively parallel HDL simulations using Verilator. It allows running many simulations concurrently by generating a single testbench that can run on both Verilator and event-driven simulators. Identical C++ stimulus and checking code interfaces with the design through "gaskets". Logs are captured in a unified format across platforms for easy triage. This approach maximizes engineer productivity by minimizing idle simulation time.
This is the support of a course to teach mainly Redux, and Redux with React for Java and C# programmers. It is the third part of the course to recycle programmers from desktop app programming to web app programming. This course covers from history of Redux, its origin, step by step what is a reducer, and later concepts like reducer splitting, action handling, async and many more.
You also can use repositories:
- https://github.com/drpicox/learn-redux-bytesting
- https://github.com/drpicox/learn-redux-zoo-bytesting
To improve your skills.
Ultimate Node.js countdown: the coolest Application Express examplesAlan Arentsen
Node.js is hot and that's not without a reason. There are numerous examples of large websites using Node.js and there is some pretty cool stuff out there.
Since Application Express is officially 'Awesome' and Node.js is 'hot', why not combine the two? With node-oracledb and websockets you can do awesome things, but there is more Node.js has to offer!
In this presentation you will get a short introduction on Node.js. After that I will show you a handful of Node.js applications in Application Express sorted on awesomeness from cool to sub zero.
The document provides an overview of learning bottom up JavaScript, including the key things it will cover: the JavaScript language, Document Object Model (DOM), how JS and DOM cooperate, libraries, development tools, and resources. It describes the main aspects of JavaScript like being dynamic, weakly typed, prototype-based, and using first-class functions. It also explains the three main things done with JS: attaching event listeners, getting/modifying data, and updating the page.
The document discusses generating headless JavaScript tests for validations. It describes problems with testing JavaScript across many views, models, and validations. It proposes using server-side and client-side validations, widgets, localization, and regular expressions to solve these problems. Tests are generated and executed using RSpec and a standalone JavaScript interpreter to test validations without a browser.
Architecture for Massively Parallel HDL Simulations DVClub
This document describes Art of Silicon's architecture for massively parallel HDL simulations using Verilator. It allows running many simulations concurrently by generating a single testbench that can run on both Verilator and event-driven simulators. Identical C++ stimulus and checking code interfaces with the design through "gaskets". Logs are captured in a unified format across platforms for easy triage. This approach maximizes engineer productivity by minimizing idle simulation time.
This is the support of a course to teach mainly Redux, and Redux with React for Java and C# programmers. It is the third part of the course to recycle programmers from desktop app programming to web app programming. This course covers from history of Redux, its origin, step by step what is a reducer, and later concepts like reducer splitting, action handling, async and many more.
You also can use repositories:
- https://github.com/drpicox/learn-redux-bytesting
- https://github.com/drpicox/learn-redux-zoo-bytesting
To improve your skills.
Ultimate Node.js countdown: the coolest Application Express examplesAlan Arentsen
Node.js is hot and that's not without a reason. There are numerous examples of large websites using Node.js and there is some pretty cool stuff out there.
Since Application Express is officially 'Awesome' and Node.js is 'hot', why not combine the two? With node-oracledb and websockets you can do awesome things, but there is more Node.js has to offer!
In this presentation you will get a short introduction on Node.js. After that I will show you a handful of Node.js applications in Application Express sorted on awesomeness from cool to sub zero.
The document analyzes potential issues found by PVS-Studio in various KDE projects and libraries. It identifies several types of issues, including expressions that are always true or false, unsafe pointer usage before validation, missing keywords that could alter program logic, and unsafe realloc() usage. A total of 27 specific code fragments are highlighted across the different libraries and applications as demonstrating these kinds of issues.
A simple talk about appliyng patterns in Javascript.
It focuses in both jQuery and Angular.
It explains some basics MVC, cohesion and coupling.
It also have many examples of the patterns applied.
Full examples and documentation can be found here: http://david-rodenas.com/tutorial-jspatterns-v1/
This document discusses JavaScript control structures and operators. It begins by introducing algorithms, pseudocode, and flowcharts for representing program logic. It then covers different control structures in JavaScript like if/else statements, while loops, and for loops. Various assignment operators and increment/decrement operators are also explained. Examples are provided to demonstrate counter-controlled and sentinel-controlled loop structures as well as preincrementing, postincrementing, and nested control structures.
This document provides an overview of various JavaScript concepts and techniques, including:
- Prototypal inheritance allows objects in JavaScript to inherit properties from other objects. Functions can act as objects and have a prototype property for inheritance.
- Asynchronous code execution in JavaScript is event-driven. Callbacks are assigned as event handlers to execute code when an event occurs.
- Scope and closures - variables are scoped to functions. Functions create closures where they have access to variables declared in their parent functions.
- Optimization techniques like event delegation and requestAnimationFrame can improve performance of event handlers and animations.
Getting start Java EE Action-Based MVC with ThymeleafMasatoshi Tada
This document discusses Java EE action-based MVC frameworks and getting started with the Java EE 8 MVC 1.0 specification. It covers:
1. What is action-based MVC and how it differs from component-based MVC.
2. An overview of getting started with the MVC 1.0 specification, including using Thymeleaf as the view technology.
3. How to use Jersey MVC and RESTEasy HTML in Java EE 7 as alternatives since MVC 1.0 is a Java EE 8 feature.
Workshop JavaScript Testing. Frameworks. Client vs Server Testing. Jasmine. Chai. Nock. Sinon. Spec Runners: Karma. TDD. Code coverage. Building a testable JS app.
Presentado por ing: Raúl Delgado y Mario García
One of the main strengths of serverless and AWS Lambda is that, from a developer perspective, your focus is mostly shifted toward implementing business logic. Anyway, when you are writing an handler, you still have to deal with some common technical concerns outside business logic, like input parsing and validation, output serialization, error handling, etc. Very often, all this necessary code ends up polluting the pure business logic code in your handlers, making the code harder to read and to maintain. In other contexts, like generic web frameworks (express, fastify, hapi, etc.), this problem has been solved using the middleware pattern. Middy brings the middleware pattern into AWS Lambda making it easier to focus on business logic and reuse the boilerplate code across different functions.
A Slipshod Check of the Visual C++ 2013 Library (update 3)Andrey Karpov
Someone suggested to me recently that I check the libraries from Visual Studio 2013. I haven't found
anything of much interest, just a few small errors and slip-ups. They wouldn't make an interesting,
attractive article, but I've still decided to describe all those defects. I just hope it will help make the
libraries a bit better and stimulate the authors to carry out a more thorough analysis. I don't have the
project files necessary to build the libraries, so my analysis had to be superficial and I could have missed
a lot.
The document discusses the evolution of the author's views on JavaScript and front-end frameworks. It begins by expressing dislike for JavaScript but acknowledging the need for it. Various frameworks like Backbone, Angular, and Ember are explored but found lacking. React is then introduced and praised for its declarative and composable approach similar to HTML. The author comes to understand JSX and how React implements unidirectional data flow to separate the UI from data logic. This allows building full-stack applications with React handling both client and server rendering based on shared intentions, state, and data flow patterns.
Presented at GOTO Amsterdam (2017-06-13)
Video available at https://www.youtube.com/watch?v=YyhfK-aBo-Y
What is risk? Many people aren't sure, but it's not just uncertainty: risk is exposure to uncertainty.
Instead of just plastering over the cracks, security should also involve reducing the size and number of cracks, reducing the opportunities for cracks to appear, reducing the class of errors and oversights that can open a system to failure instigated from the outside. We can learn a lot from other kinds of software failure, because every failure unrelated to security can be easily reframed as a security-failure opportunity.
This is not a talk about access control models, authentication, encryption standards, firewalls, etc. This is a talk about reducing risk that lives in the code and the assumptions of architecture, reducing the risk in development practices and in the blind spot of development practices.
The document contains presentations on various looping statements in programming like while, do-while and for loops. It includes examples of using these loops to iterate through a menu of options until a valid selection is made, print a countdown until a condition is met, and explanations of how each loop type works. Code snippets with explanations are provided to demonstrate the different looping statements and switch-case structure.
PVS-Studio and Continuous Integration: TeamCity. Analysis of the Open RollerC...Andrey Karpov
One of the most relevant scenarios for using the PVS-Studio analyzer is its integration into CI systems. Even though a project analysis by PVS-Studio can already be embedded with just a few commands into almost any continuous integration system, we continue to make this process even more convenient. PVS-Studio now supports converting the analyzer output to the TeamCity format-TeamCity Inspections Type. Let's see how it works.
Linux version of PVS-Studio couldn't help checking CodeLitePVS-Studio
As is already known to our readers, PVS-Studio static analyzer is exploring a new development direction - the Linux platform; as you may have noticed from the previous articles, it is doing well. This article shows how easily you can check a project with the help of the Linux version of the analyzer, because the simpler PVS-Studio for Linux is, the more supporters it will have. This time our choice was the CodeLite project. CodeLite was compiled and tested in Linux. Let's see what results we got.
Analyzing the Blender project with PVS-StudioPVS-Studio
We go on analyzing open source projects and making the software world better. This time we have checked the Blender 2.62 package intended for creating 3D computer graphics.
The document discusses HTML5 features such as new structural elements, form types, media elements, and JavaScript APIs for canvas, local storage, web databases, web workers, websockets, geolocation, and offline web applications. It also covers tools and techniques for building mobile web apps, including jQtouch for iPhone styling, feature detection over browser detection, and PhoneGap for compiling HTML5 apps to native mobile apps. While HTML5 provides many capabilities for mobile, native apps still have advantages in accessing device hardware and approval processes.
Building complex async applications is really hard. Whether you use callbacks, Promises, or EventEmitters, Error objects should have a place in your utility belt. They are indispensable when it comes to managing work flows in a highly asynchronous environment.
This talk covers patterns for using JavaScript Error (with a capital E) objects to build resilient applications, and introduce some modules that can be used to build errors with an elegant history of stack traces even through multiple asynchronous operations. Try/catch, callbacks, and other error handling mechanisms will be examined, revealing some potential deficiencies in the JavaScript language for dealing with errors.
Video: https://www.youtube.com/watch?v=PyCHbi_EqPs
JEEConf 2017 - How to find deadlock not getting into itNikita Koval
Deadlocks are one of the main problems in multithreaded programming. This talk presents Dl-Check – a novel tool for detecting potential deadlocks at runtime of Java programs. In order to implement this tool, the bytecode instrumentation is required as well as the ASM framework is advantageous.
In the first part of the talk, the general approach and the algorithm for online detection of potential deadlocks will be presented. As for the second part, byte-code instrumentation and several useful techniques and associated cases related to it will be discussed.
The document discusses JIT-aware programming for ActionScript virtual machines. It provides examples of how different programming patterns can affect JIT compilation results. Specifically, it shows how using classes, methods, and types can influence optimization of JIT outputs. The author encourages programmers to be mindful of these language features in order to better facilitate JIT compilation and potentially improve performance.
The document discusses new features in C# 5.0 including async and await keywords for asynchronous programming. It provides examples of how async and await allow asynchronous code to be written in a synchronous-looking way. The document also mentions breaking changes in C# 5.0 and provides resources for further information.
1. The document discusses strategies for optimizing software costs, including the costs of introduction, change, and ownership over the lifetime of a project.
2. It emphasizes focusing on optimizing for cost of introduction early on, as this cost is relatively easy to optimize and loses relevance over time. However, cost of change increases exponentially and is most important to optimize for longer-term projects.
3. Cost of ownership involves ongoing maintenance and allows balancing the costs of introduction and change by selectively taking ownership of only necessary logic through techniques like testing and refactoring.
This document provides instructions to install FreeSWITCH on CentOS/RedHat/Fedora in 13 steps: 1) Install dependencies with YUM; 2) Download and extract FreeSWITCH source; 3) Add OpenZAP support to configuration; 4) Compile and install FreeSWITCH; 5) Create symlinks for main binaries; 6) Launch FreeSWITCH as a service or from the command line; 7) Use fs_cli to access the command line.
CTO Karl Anderson discusses the state of Kazoo. This includes integrations with FreeSWITCH, erlang, and Kamailio. Reseller milestones include the release of whitelabeling, webhooks, migration, carriers, debugging, account management and more.
The document analyzes potential issues found by PVS-Studio in various KDE projects and libraries. It identifies several types of issues, including expressions that are always true or false, unsafe pointer usage before validation, missing keywords that could alter program logic, and unsafe realloc() usage. A total of 27 specific code fragments are highlighted across the different libraries and applications as demonstrating these kinds of issues.
A simple talk about appliyng patterns in Javascript.
It focuses in both jQuery and Angular.
It explains some basics MVC, cohesion and coupling.
It also have many examples of the patterns applied.
Full examples and documentation can be found here: http://david-rodenas.com/tutorial-jspatterns-v1/
This document discusses JavaScript control structures and operators. It begins by introducing algorithms, pseudocode, and flowcharts for representing program logic. It then covers different control structures in JavaScript like if/else statements, while loops, and for loops. Various assignment operators and increment/decrement operators are also explained. Examples are provided to demonstrate counter-controlled and sentinel-controlled loop structures as well as preincrementing, postincrementing, and nested control structures.
This document provides an overview of various JavaScript concepts and techniques, including:
- Prototypal inheritance allows objects in JavaScript to inherit properties from other objects. Functions can act as objects and have a prototype property for inheritance.
- Asynchronous code execution in JavaScript is event-driven. Callbacks are assigned as event handlers to execute code when an event occurs.
- Scope and closures - variables are scoped to functions. Functions create closures where they have access to variables declared in their parent functions.
- Optimization techniques like event delegation and requestAnimationFrame can improve performance of event handlers and animations.
Getting start Java EE Action-Based MVC with ThymeleafMasatoshi Tada
This document discusses Java EE action-based MVC frameworks and getting started with the Java EE 8 MVC 1.0 specification. It covers:
1. What is action-based MVC and how it differs from component-based MVC.
2. An overview of getting started with the MVC 1.0 specification, including using Thymeleaf as the view technology.
3. How to use Jersey MVC and RESTEasy HTML in Java EE 7 as alternatives since MVC 1.0 is a Java EE 8 feature.
Workshop JavaScript Testing. Frameworks. Client vs Server Testing. Jasmine. Chai. Nock. Sinon. Spec Runners: Karma. TDD. Code coverage. Building a testable JS app.
Presentado por ing: Raúl Delgado y Mario García
One of the main strengths of serverless and AWS Lambda is that, from a developer perspective, your focus is mostly shifted toward implementing business logic. Anyway, when you are writing an handler, you still have to deal with some common technical concerns outside business logic, like input parsing and validation, output serialization, error handling, etc. Very often, all this necessary code ends up polluting the pure business logic code in your handlers, making the code harder to read and to maintain. In other contexts, like generic web frameworks (express, fastify, hapi, etc.), this problem has been solved using the middleware pattern. Middy brings the middleware pattern into AWS Lambda making it easier to focus on business logic and reuse the boilerplate code across different functions.
A Slipshod Check of the Visual C++ 2013 Library (update 3)Andrey Karpov
Someone suggested to me recently that I check the libraries from Visual Studio 2013. I haven't found
anything of much interest, just a few small errors and slip-ups. They wouldn't make an interesting,
attractive article, but I've still decided to describe all those defects. I just hope it will help make the
libraries a bit better and stimulate the authors to carry out a more thorough analysis. I don't have the
project files necessary to build the libraries, so my analysis had to be superficial and I could have missed
a lot.
The document discusses the evolution of the author's views on JavaScript and front-end frameworks. It begins by expressing dislike for JavaScript but acknowledging the need for it. Various frameworks like Backbone, Angular, and Ember are explored but found lacking. React is then introduced and praised for its declarative and composable approach similar to HTML. The author comes to understand JSX and how React implements unidirectional data flow to separate the UI from data logic. This allows building full-stack applications with React handling both client and server rendering based on shared intentions, state, and data flow patterns.
Presented at GOTO Amsterdam (2017-06-13)
Video available at https://www.youtube.com/watch?v=YyhfK-aBo-Y
What is risk? Many people aren't sure, but it's not just uncertainty: risk is exposure to uncertainty.
Instead of just plastering over the cracks, security should also involve reducing the size and number of cracks, reducing the opportunities for cracks to appear, reducing the class of errors and oversights that can open a system to failure instigated from the outside. We can learn a lot from other kinds of software failure, because every failure unrelated to security can be easily reframed as a security-failure opportunity.
This is not a talk about access control models, authentication, encryption standards, firewalls, etc. This is a talk about reducing risk that lives in the code and the assumptions of architecture, reducing the risk in development practices and in the blind spot of development practices.
The document contains presentations on various looping statements in programming like while, do-while and for loops. It includes examples of using these loops to iterate through a menu of options until a valid selection is made, print a countdown until a condition is met, and explanations of how each loop type works. Code snippets with explanations are provided to demonstrate the different looping statements and switch-case structure.
PVS-Studio and Continuous Integration: TeamCity. Analysis of the Open RollerC...Andrey Karpov
One of the most relevant scenarios for using the PVS-Studio analyzer is its integration into CI systems. Even though a project analysis by PVS-Studio can already be embedded with just a few commands into almost any continuous integration system, we continue to make this process even more convenient. PVS-Studio now supports converting the analyzer output to the TeamCity format-TeamCity Inspections Type. Let's see how it works.
Linux version of PVS-Studio couldn't help checking CodeLitePVS-Studio
As is already known to our readers, PVS-Studio static analyzer is exploring a new development direction - the Linux platform; as you may have noticed from the previous articles, it is doing well. This article shows how easily you can check a project with the help of the Linux version of the analyzer, because the simpler PVS-Studio for Linux is, the more supporters it will have. This time our choice was the CodeLite project. CodeLite was compiled and tested in Linux. Let's see what results we got.
Analyzing the Blender project with PVS-StudioPVS-Studio
We go on analyzing open source projects and making the software world better. This time we have checked the Blender 2.62 package intended for creating 3D computer graphics.
The document discusses HTML5 features such as new structural elements, form types, media elements, and JavaScript APIs for canvas, local storage, web databases, web workers, websockets, geolocation, and offline web applications. It also covers tools and techniques for building mobile web apps, including jQtouch for iPhone styling, feature detection over browser detection, and PhoneGap for compiling HTML5 apps to native mobile apps. While HTML5 provides many capabilities for mobile, native apps still have advantages in accessing device hardware and approval processes.
Building complex async applications is really hard. Whether you use callbacks, Promises, or EventEmitters, Error objects should have a place in your utility belt. They are indispensable when it comes to managing work flows in a highly asynchronous environment.
This talk covers patterns for using JavaScript Error (with a capital E) objects to build resilient applications, and introduce some modules that can be used to build errors with an elegant history of stack traces even through multiple asynchronous operations. Try/catch, callbacks, and other error handling mechanisms will be examined, revealing some potential deficiencies in the JavaScript language for dealing with errors.
Video: https://www.youtube.com/watch?v=PyCHbi_EqPs
JEEConf 2017 - How to find deadlock not getting into itNikita Koval
Deadlocks are one of the main problems in multithreaded programming. This talk presents Dl-Check – a novel tool for detecting potential deadlocks at runtime of Java programs. In order to implement this tool, the bytecode instrumentation is required as well as the ASM framework is advantageous.
In the first part of the talk, the general approach and the algorithm for online detection of potential deadlocks will be presented. As for the second part, byte-code instrumentation and several useful techniques and associated cases related to it will be discussed.
The document discusses JIT-aware programming for ActionScript virtual machines. It provides examples of how different programming patterns can affect JIT compilation results. Specifically, it shows how using classes, methods, and types can influence optimization of JIT outputs. The author encourages programmers to be mindful of these language features in order to better facilitate JIT compilation and potentially improve performance.
The document discusses new features in C# 5.0 including async and await keywords for asynchronous programming. It provides examples of how async and await allow asynchronous code to be written in a synchronous-looking way. The document also mentions breaking changes in C# 5.0 and provides resources for further information.
1. The document discusses strategies for optimizing software costs, including the costs of introduction, change, and ownership over the lifetime of a project.
2. It emphasizes focusing on optimizing for cost of introduction early on, as this cost is relatively easy to optimize and loses relevance over time. However, cost of change increases exponentially and is most important to optimize for longer-term projects.
3. Cost of ownership involves ongoing maintenance and allows balancing the costs of introduction and change by selectively taking ownership of only necessary logic through techniques like testing and refactoring.
This document provides instructions to install FreeSWITCH on CentOS/RedHat/Fedora in 13 steps: 1) Install dependencies with YUM; 2) Download and extract FreeSWITCH source; 3) Add OpenZAP support to configuration; 4) Compile and install FreeSWITCH; 5) Create symlinks for main binaries; 6) Launch FreeSWITCH as a service or from the command line; 7) Use fs_cli to access the command line.
CTO Karl Anderson discusses the state of Kazoo. This includes integrations with FreeSWITCH, erlang, and Kamailio. Reseller milestones include the release of whitelabeling, webhooks, migration, carriers, debugging, account management and more.
2600Hz - Tuning Kazoo to 10,000 Handsets - KazooCon 20152600Hz
People love to talk about scale. Some vendors pitch that their systems easily support 100,000 simultaneous calls, or 500 calls per second, etc. The reality is, in the real world, people’s behaviors vary and the feature sets they use can cut these numbers down quickly. For example, ask that same vendor claiming 100,000 simultaneous calls if it can be done while call recording, call statistics and other features are turned on at the same time, and you’ll usually get a very different, cautious, qualified response.
In this presentation, we'll show you how to set up your infrastructure to support 100,000 simultaneous calls.
Virtual machines are important tools in the arsenal of a software developer. Being an active user of VirtualBox, and checking various open source projects with the help of it, I was personally interested in checking its source code. We did the first check of this project in 2014, and the description of 50 errors barely fit into two articles. With the release of Windows 10 and VirtualBox 5.0.XX the stability of the program got significantly worse, in my humble opinion. So, I decided to check the project again.
This document discusses configuring FreeSWITCH, an open source telephony platform, on Docker. It provides background on IP telephony systems and introduces FreeSWITCH and Docker. The benefits of using FreeSWITCH on Docker are explained, such as easier deployment and scalability. Steps are outlined to install FreeSWITCH from source on a CentOS Docker container and configure the network settings. Finally, instructions are given to configure a SIP phone like Linphone and verify the FreeSWITCH installation by placing test calls.
Este documento presenta una introducción a FreeSWITCH, un software de telefonía de código abierto que ofrece alternativas a Asterisk. Explica brevemente conceptos básicos de telefonía, luego describe las características clave de FreeSWITCH como su arquitectura modular, soporte para múltiples protocolos de voz y PSTN, y capacidad de escalabilidad. Finalmente, compara la arquitectura de FreeSWITCH con Asterisk y concluye que la competencia entre ambos proyectos los ha llevado a mejorar continuamente.
Seven Du has over 7 years of experience working with PSTN networks and over 3 years experience with FreeSWITCH and Erlang. He created the website www.freeswitch.org.cn in 2009 to help support the FreeSWITCH community in China. He discussed his past work adapting IP technologies for telecom networks in China, challenges with SIP and RTP traffic crossing oceans, and using FreeSWITCH, Sofia, and other tools. He also described his work building a simplified IVR system using Erlang and FreeSWITCH and managing FreeSWITCH systems through a web GUI built with Ruby on Rails.
Kamailio is the leading Open Source SIP Server - a SIP proxy, registrar, location server, presence server, IMS server and much more. Find out more by viewing this quick presentation! (Updated June 2014)
Why Don't Software Developers Use Static Analysis Tools to Find Bugs?PVS-Studio
Using static analysis tools for automating code inspections can be beneficial for software engineers. Such tools can make finding bugs, or software defects, faster and cheaper than manual inspections. Despite the benefits of using static analysis tools to find bugs, research suggests that these tools are underused. In this paper, we investigate why developers are not widely using static analysis tools and how current tools could potentially be improved. We conducted interviews with 20 developers and found that although all of our participants felt that use is beneficial, false positives and the way in which the warnings are presented, among other things, are barriers to use. We discuss several implications of these results, such as the need for an interactive mechanism to help developers fix defects.
Celebrating 30-th anniversary of the first C++ compiler: let's find bugs in it.PVS-Studio
Cfront is a C++ compiler which came into existence in 1983 and was developed by Bjarne Stroustrup. At that time it was known as "C with Classes". Cfront had a complete parser, symbol tables, and built a tree for each class, function, etc. Cfront was based on CPre. Cfront defined the language until circa 1990. Many of the obscure corner cases in C++ are related to the Cfront implementation limitations. The reason is that Cfront performed translation from C++ to C. In short, Cfront is a sacred artifact for a C++ programmer. So I just couldn't help checking such a project.
Java-Anwendungen betreiben mit DurchblickTobias Frech
Was tun, wenn ein Troubleshooting in der Produktion, eine Analyse eines Lasttests oder einfach die Unterstützung der Entwicklung auf anderen Systemen durch den Betrieb angesagt ist? Ein langjähriger Java-Administrator öffnet seinen Erfahrungsschatz und berichtet, welche Werkzeuge und Vorgehensweisen sich für ihn in diesen Fällen bewährt haben:
Bei den Werkzeugen geht es um die im JDK mitgelieferten jstat/jinfo/jmap und das neue jcmd. Auf der grafischen Seite sollte jeder Entwickler und Admin die Möglichkeiten der VisualVM kennen. Damit Troubleshooting möglichst erfolgreich abläuft und der Lasttest einen Erkenntnisgewinn über das System bringt, muss man sich nicht auf das Glück verlassen, sondern kann dies mit einem systematischen Vorgehen zuverlässig und wiederholbar meistern.
Type Conversion in C++ and C# Arithmetic ExpressionsPVS-Studio
In arithmetic expressions, the types of operands can be converted to a common type. Such conversions are described in the language standard, and in C# they are much simpler than in C++. However, I'm not sure that many programmers know all the details.
This document provides an introduction to FreeSWITCH, an open source communications platform. It discusses IP telephony systems and what FreeSWITCH is. The document outlines FreeSWITCH's functions and architecture, including important modules like endpoints, dialplans and applications. It describes FreeSWITCH fundamentals like its threaded model and dynamic modules. Finally, it gives examples of PBX applications and provides a brief history of FreeSWITCH development.
The document welcomes Ricardo A. VanEgas to an online forensic accounting and fraud examination course. It outlines the course features which include video lectures, student discussions, end of chapter quizzes, and an optional workbook. The course is self-paced and can be completed over 5 weeks or at one's own pace. It recommends reviewing the syllabus and grading information and participating in the first week's material which covers elements of fraud and reasons for fraud commission.
This document analyzes potential bugs in the Spring RTS game engine codebase. It identifies issues such as identical comparisons, missing checks of return values, inconsistent formatting, and improper pointer and memory handling. The author encourages the developers to carefully examine the issues flagged by the static analysis tool to make the code more robust.
New Year PVS-Studio 6.00 Release: Scanning RoslynPVS-Studio
The long wait is finally over. We have released a static code analyzer PVS-Studio 6.00 that supports the analysis of C# projects. It can now analyze projects written in languages C, C++, C++/CLI, C++/CX, and C#. For this release, we have prepared a report based on the analysis of open-source project Roslyn. It is thanks to Roslyn that we were able to add the C# support to PVS-Studio, and we are very grateful to Microsoft for this project.
C++ Tail Recursion Using 64-bit variablesPVS-Studio
I want to share with you a problem I run into comparing iterative and recursive functions in C++. There are several differences between recursion and iteration, this article explains the topic nicely if you want to know more. In general languages like Java, C, and Python, recursion is fairly expensive compared to iteration because it requires the allocation of a new stack frame. It is possible to eliminate this overhead in C/C++ enabling compiler optimization to perform tail recursion, which transforms certain types of recursion (actually, certain types of tail calls) into jumps instead of function calls. To let the compiler performs this optimization it is necessary that the last thing a function does before it returns is call another function (in this case itself). In this scenario it should be safe to jump to the start of the second routine. Main disadvantage of Recursion in imperative languages is the fact that not always is possible to have tail calls, which means an allocation of the function address (and relative variables, like structs for instance) onto the stack at each call. For deep recursive function this can cause a stack-overflow exception because of a limit to the maximum size of the stack, which is typically less than the size of RAM by quite a few orders of magnitude.
Why Students Need the CppCat Code AnalyzerPVS-Studio
CppCat is a simple static code analyzer capable of detecting bugs in C/C++ programs. We started granting free academic licenses to all interested (students, teachers, and so on). For the sake of popularizing CppCat among students, I decided to write this post about errors that can be found in student lab work tasks posted at Pastebin.com.
Re-checking the ReactOS project - a large reportPVS-Studio
The ReactOS project is rapidly developing. One of the developers participating in this project suggested that we re-analyzed the source code, as the code base is growing fast. We were glad to do that. We like this project, and we'll be happy if this article helps the developers to eliminate some bugs. Analysis was performed with the PVS-Studio 5.02 code analyzer.
Top 10 bugs in C++ open source projects, checked in 2016PVS-Studio
While the world is discussing the 89th Ceremony of Oscar award and charts of actors and costumes, we've decided to write a review article about the IT-sphere. The article is going to cover the most interesting bugs, made in open source projects in 2016. This year was remarkable for our tool, as PVS-Studio has become available on Linux OS. The errors we present are hopefully, already fixed, but every reader can see how serious are the errors made by developers.
We have checked the Windows 8 Driver Samples pack with our analyzer PVS-Studio and found various bugs in its samples. There is nothing horrible about it - bugs can be found everywhere, so the title of this article may sound a bit high-flown. But these particular errors may be really dangerous, as it is a usual practice for developers to use demo samples as a basis for their own projects or borrow code fragments from them.
Explanations to the article on Copy-PastePVS-Studio
Many readers liked my article "Consequences of using the Copy-Paste method in C++ programming and how to deal with it" [1]. Scott Meyers [2] noticed it too and asked me how static analysis proper helped us to detect the errors described in the article.
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...Andrey Karpov
The article demonstrates errors detected with the static code analyzer integrated into Visual Studio 2010. The research was performed on five open source projects. The same projects were also checked with PVS-Studio. Results of comparing these two tools are presented at the end of the article.
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...PVS-Studio
The article demonstrates errors detected with the static code analyzer integrated into Visual Studio 2010. The research was performed on five open source projects. The same projects were also checked with PVS-Studio. Results of comparing these two tools are presented at the end of the article.
Errors detected in the Visual C++ 2012 librariesPVS-Studio
Static code analysis is one of the error detection methodologies. We are glad that this methodology is becoming more and more popular nowadays. Visual Studio which includes static analysis as one of its many features contributes to this process to a large extent. This feature is easy to try and start using regularly. When one understands one likes static code analysis, we are glad to offer a professional analyzer PVS-Studio for the languages C/C++/C++11.
Checking the Cross-Platform Framework Cocos2d-xAndrey Karpov
Cocos2d is an open source software framework. It can be used to build games, apps and other cross-platform GUI based interactive programs. Cocos2d contains many branches with the best known being Cocos2d-Swift, Cocos2d-x, Cocos2d-html5 and Cocos2d-XNA.
In this article, we are going to discuss results of the check of Cocos2d-x, the framework for C++, done by PVS-Studio 5.18. The project is pretty high-quality, but there are still some issues to consider. The source code was downloaded from GitHub.
In this article, I'm going to tell you about my experience of analyzing the Octave project. It is quite a popular one, especially among students who need to scan their math task solutions yet don't feel like buying a Matlab license.
One year ago, we picked Wine project to analyze with PVS-Studio and provided the analysis results in an article within the scope of our practice of analyzing open-source projects. So the article was written and the project's authors were informed about it. They even asked for a complete analysis log and we submitted it to them. Recently one of the project developers has contacted us again. In this article I will tell you about some points of our discussion, several improvements that Wine authors have done in their code and work that is yet to be done.
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...PVS-Studio
The article demonstrates errors detected with the static code analyzer integrated into Visual Studio 2010. The research was performed on five open source projects. The same projects were also checked with PVS-Studio. Results of comparing these two tools are presented at the end of the article.
Every now and then, we have to write articles about how we've checked another fresh version of some compiler. That's not really much fun. However, as practice shows, if we stop doing that for a while, folks start doubting whether PVS-Studio is worth its title of a good catcher of bugs and vulnerabilities. What if the new compiler can do that too? Sure, compilers evolve, but so does PVS-Studio – and it proves, again and again, its ability to catch bugs even in high-quality projects such as compilers.
Checking the Code of LDAP-Server ReOpenLDAP on Our Readers' RequestPVS-Studio
In this article, I'd like to talk about the analysis of ReOpenLDAP project. It was developed to help solve issues that PAO (PJSC) MegaFon, Russia's largest mobile network operator, was faced with when employing OpenLDAP in their infrastructure. ReOpenLDAP is now successfully used in MegaFon affiliates all over Russia, so we thought it would be interesting to check such a high-load project as this one with our static analyzer PVS-Studio.
PVS-Studio delved into the FreeBSD kernelPVS-Studio
The document summarizes the author's analysis of the FreeBSD kernel source code using the PVS-Studio static analysis tool. Some key findings include:
1) Over 1000 potential errors were detected by the analyzer, including many typos, copy-paste errors, and issues involving incorrect logical expression evaluations due to operator precedence.
2) Many of the warnings pointed to real bugs, such as identical subexpressions compared using equality operators, equivalent code in "if-else" blocks, and recurring checks of the same condition.
3) Macros were found to cause issues by altering expression evaluation order, highlighting the importance of operator precedence.
4) Examples of specific errors are provided to demonstrate common bugs like
Checking Wine with PVS-Studio and Clang Static AnalyzerAndrey Karpov
In this article, I'm going to tell you about the check of the Wine project done by the static analyzers for C/C++ code PVS-Studio and Clang Static Analyzer.
Checking the code of Valgrind dynamic analyzer by a static analyzerPVS-Studio
This statement would be incorrect, as well as the reverse idea. The tools of static and dynamic analysis complement each other, they do not compete with each other. Both of these methods have strengths and weaknesses. Some errors cannot be detected by dynamic analyzers, some - by static ones. That's why I suggest treating this post as another demonstration of the abilities of PVS-Studio, not the comparison of two methodologies.
The document analyzes the source code of the Godot game engine using the PVS-Studio static code analyzer. It finds and discusses several types of errors identified by the analyzer, including duplicated comparisons, array overruns due to enum/array mismatches, incorrect data type checks, typos causing logic errors or infinite loops, and unsafe pointer usage. The analysis aims to both introduce readers to the Godot project and help its developers fix bugs and improve code quality.
We have checked the Windows 8 Driver Samples pack with our analyzer PVS-Studio and found various bugs in its samples. There is nothing horrible about it - bugs can be found everywhere, so the title of this article may sound a bit high-flown. But these particular errors may be really dangerous, as it is a usual practice for developers to use demo samples as a basis for their own projects or borrow code fragments from them.
Some of you may know that we have recently released version 6.00 of our analyzer, that now has C# support. The ability to scan C# projects increases the number of open-source projects we can analyze. This article is about one such check. This time it is a project, developed by Sony Computer Entertainment (SCEI).
Rewrite few familiar Cocoa Touch code examples from Obj-C to Swift by learning to use Closures, Enums, Switch-Case with Pattern matching, Singleton, GCD, CoreGraphics.
Presented at Tel Aviv iOS Developers Meetup.
Similar to Hello, Is That FreeSWITCH? Then We're Coming to Check You! (20)
What to do when you have a perfect model for your software but you are constrained by an imperfect business model?
This talk explores the challenges of bringing modelling rigour to the business and strategy levels, and talking to your non-technical counterparts in the process.
Unveiling the Advantages of Agile Software Development.pdfbrainerhub1
Learn about Agile Software Development's advantages. Simplify your workflow to spur quicker innovation. Jump right in! We have also discussed the advantages.
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
Preparing Non - Technical Founders for Engaging a Tech AgencyISH Technologies
Preparing non-technical founders before engaging a tech agency is crucial for the success of their projects. It starts with clearly defining their vision and goals, conducting thorough market research, and gaining a basic understanding of relevant technologies. Setting realistic expectations and preparing a detailed project brief are essential steps. Founders should select a tech agency with a proven track record and establish clear communication channels. Additionally, addressing legal and contractual considerations and planning for post-launch support are vital to ensure a smooth and successful collaboration. This preparation empowers non-technical founders to effectively communicate their needs and work seamlessly with their chosen tech agency.Visit our site to get more details about this. Contact us today www.ishtechnologies.com.au
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
Malibou Pitch Deck For Its €3M Seed Roundsjcobrien
French start-up Malibou raised a €3 million Seed Round to develop its payroll and human resources
management platform for VSEs and SMEs. The financing round was led by investors Breega, Y Combinator, and FCVC.
UI5con 2024 - Bring Your Own Design SystemPeter Muessig
How do you combine the OpenUI5/SAPUI5 programming model with a design system that makes its controls available as Web Components? Since OpenUI5/SAPUI5 1.120, the framework supports the integration of any Web Components. This makes it possible, for example, to natively embed own Web Components of your design system which are created with Stencil. The integration embeds the Web Components in a way that they can be used naturally in XMLViews, like with standard UI5 controls, and can be bound with data binding. Learn how you can also make use of the Web Components base class in OpenUI5/SAPUI5 to also integrate your Web Components and get inspired by the solution to generate a custom UI5 library providing the Web Components control wrappers for the native ones.
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Hello, Is That FreeSWITCH? Then We're Coming to Check You!
1. Hello, Is That FreeSWITCH? Then We're
Coming to Check You!
Author: Svyatoslav Razmyslov
Date: 11.10.2015
Following our readers' requests, we have scanned the open-source project FreeSWITCH with PVS-
Studio. This project was initially founded by the developers of the Asterisk project, which we already
analyzed some time ago. The FreeSWITCH project is actively developing and has a handful of interesting
issues, which we will discuss in this article.
Introduction
FreeSWITCH is a scalable open source cross-platform telephony platform designed to route and
interconnect popular communication protocols using audio, video, text or any other form of media. It
was created in 2006 to fill the void left by proprietary commercial solutions. FreeSWITCH also provides a
stable telephony platform on which many applications can be developed using a wide range of free
tools.
2. The FreeSWITCH project was smoothly analyzed with the PVS-Studio 5.29 analyzer in Visual Studio 2015.
If (bug) then find_copy_paste();
V593 Consider reviewing the expression of the 'A = B != C' kind. The expression is calculated as
following: 'A = (B != C)'. switch_channel.c 493
typedef enum {
SWITCH_STATUS_SUCCESS,
SWITCH_STATUS_FALSE,
SWITCH_STATUS_TIMEOUT,
SWITCH_STATUS_RESTART,
....
} switch_status_t;
SWITCH_DECLARE(switch_status_t) switch_channel_queue_dtmf(....)
{
....
switch_status_t status;
....
if ((status = switch_core_session_recv_dtmf(channel->session,
dtmf) != SWITCH_STATUS_SUCCESS)) {
goto done;
}
....
}
The source of logical errors in a program may be in an incorrectly written condition. In this code
fragment, for example, the comparison operation's precedence is higher than that of the assignment
operation. So what is saved into the 'status' variable is the result of a logical operation, not of the
switch_core_session_recv_dtmf() function. The code also contains the goto statement, so the spoiled
value of the 'status' variable may be then used anywhere in the code.
Unfortunately, the code is abundant in bugs like that:
V593 Consider reviewing the expression of the 'A = B != C' kind. The expression is calculated as
following: 'A = (B != C)'. switch_core_db.c 208
3. V593 Consider reviewing the expression of the 'A = B != C' kind. The expression is calculated as
following: 'A = (B != C)'. switch_core_db.c 211
V593 Consider reviewing the expression of the 'A = B != C' kind. The expression is calculated as
following: 'A = (B != C)'. switch_core_db.c 214
V593 Consider reviewing the expression of the 'A = B != C' kind. The expression is calculated as
following: 'A = (B != C)'. switch_core_db.c 217
V593 Consider reviewing the expression of the 'A = B != C' kind. The expression is calculated as
following: 'A = (B != C)'. switch_event.c 2986
V593 Consider reviewing the expression of the 'A = B != C' kind. The expression is calculated as
following: 'A = (B != C)'. switch_ivr.c 3905
V593 Consider reviewing the expression of the 'A = B == C' kind. The expression is calculated as
following: 'A = (B == C)'. fsodbc.cpp 285
V593 Consider reviewing the expression of the 'A = B != C' kind. The expression is calculated as
following: 'A = (B != C)'. mod_db.c 653
V517 The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error
presence. Check lines: 141, 168. mod_easyroute.c 141
static switch_status_t load_config(void)
{
....
if (globals.db_dsn) { //<==
....
} else if (globals.db_dsn) { //<==
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_CRIT,
"Cannot Open ODBC Connection (did you enable it?!)n");
}
....
}
In a cascade of conditions, one and the same variable, "globals.db_dsn", is checked, so the message
about a database connection failure won't be logged.
V523 The 'then' statement is equivalent to the 'else' statement. sofia_glue.c 552
char *sofia_overcome_sip_uri_weakness(....)
{
....
if (strchr(stripped, ';')) {
if (params) {
new_uri = switch_core_session_sprintf(session, "....",
uri_only ? "" : "<", stripped, sofia_glue_transport2str(
transport), params, uri_only ? "" : ">");
} else {
new_uri = switch_core_session_sprintf(session, "....",
uri_only ? "" : "<", stripped, sofia_glue_transport2str(
transport), uri_only ? "" : ">");
}
4. } else {
if (params) {
new_uri = switch_core_session_sprintf(session, "....",
uri_only ? "" : "<", stripped, sofia_glue_transport2str(
transport), params, uri_only ? "" : ">");
} else {
new_uri = switch_core_session_sprintf(session, "....",
uri_only ? "" : "<", stripped, sofia_glue_transport2str(
transport), uri_only ? "" : ">");
}
}
....
}
That's a large bulk of code with lots of identical text. If there appears to be no error here, this fragment
can be abridged twice. Otherwise, it's another unfixed copy-paste.
V590 Consider inspecting the '* data == ' ' && * data != '0'' expression. The expression is excessive or
contains a misprint. mod_curl.c 306
static char *print_json(switch_memory_pool_t *pool, ....)
{
....
while (*data == ' ' && *data != '0') {
data++;
}
....
}
No error here, but the expression is redundant, which may make the code difficult to read. The "*data
!= '0' " check makes no sense. The correct, abridged, version of this code should look as follows:
while (*data == ' ') {
data++;
V646 Consider inspecting the application's logic. It's possible that 'else' keyword is missing.
conference_api.c 1532
switch_status_t conference_api_sub_vid_logo_img(....)
{
....
if (!strcasecmp(text, "allclear")) {
switch_channel_set_variable(member->channel, "....", NULL);
member->video_logo = NULL;
} if (!strcasecmp(text, "clear")) { //<==
member->video_logo = NULL;
} else {
member->video_logo = switch_core_strdup(member->pool, text);
}
....
}
As seen from the code, the programmer intended to write "else if" but probably missed the 'else'
keyword, which resulted in changing the program's logic.
5. To understand what this error is about, let's examine a simplified version of this code. Here's the correct
version first:
if (A == 1) {
X();
} else if (A == 2) {
Y();
} else {
Z();
}
Depending on the A variable's value, one of the functions X, Y, or Z will be called. Let's see now what will
happen if we "forget" 'else':
if (A == 1) {
X();
} if (A == 2) {
Y();
} else {
Z();
}
Now, if A equals one, not only will the X function be called, but the Z function as well!
Using the SOCKET type
V605 Consider verifying the expression: context->curlfd > - 1. An unsigned value is compared to the
number -1. mod_shout.c 151
typedef SOCKET curl_socket_t;
curl_socket_t curlfd;
6. static inline void free_context(shout_context_t *context)
{
....
if (context->curlfd > -1) {
shutdown(context->curlfd, 2);
context->curlfd = -1;
}
....
}
The SOCKET type is unsigned, which means it's not valid to compare it with a negative number. In cases
like this, the comparison should be done against special named constants, when handling the SOCKET
type – for example SOCKET_ERROR and the like.
V547 Expression is always false. Unsigned type value is never < 0. esl.c 690
typedef SOCKET ws_socket_t;
static ws_socket_t prepare_socket(ips_t *ips)
{
ws_socket_t sock = ws_sock_invalid;
....
if ((sock = socket(family, SOCK_STREAM, IPPROTO_TCP)) < 0) {
die("Socket Error!n");
}
....
}
A similar example of incorrect handling of SOCKET-type variables. This is an unsigned type, and one
should use special constants to check for the error status – for example SOCKET_ERROR.
Double assignments
V570 The variable is assigned to itself. skypopen_protocol.c 1512
7. struct SkypopenHandles {
HWND win32_hInit_MainWindowHandle;
HWND win32_hGlobal_SkypeAPIWindowHandle;
....
};
LRESULT APIENTRY skypopen_present(...., WPARAM uiParam, ....)
{
....
if (!tech_pvt->SkypopenHandles.currentuserhandle) {
tech_pvt->SkypopenHandles.api_connected = 1;
tech_pvt->SkypopenHandles.win32_hGlobal_SkypeAPIWindowHandle =
(HWND) uiParam;
tech_pvt->SkypopenHandles.win32_hGlobal_SkypeAPIWindowHandle =
tech_pvt->SkypopenHandles.win32_hGlobal_SkypeAPIWindowHandle;
}
....
}
The analyzer has detected a variable being assigned to itself. I guess the programmer picked a wrong
structure field for the second assignment operation: "win32_hGlobal_SkypeAPIWindowHandle" instead
of "win32_hInit_MainWindowHandle".
The function's code should have probably looked like this:
if (!tech_pvt->SkypopenHandles.currentuserhandle) {
tech_pvt->SkypopenHandles.api_connected = 1;
tech_pvt->SkypopenHandles.win32_hGlobal_SkypeAPIWindowHandle =
(HWND) uiParam;
tech_pvt->SkypopenHandles. win32_hInit_MainWindowHandle =
tech_pvt->SkypopenHandles.win32_hGlobal_SkypeAPIWindowHandle;
}
V519 The 'status' variable is assigned values twice successively. Perhaps this is a mistake. Check lines:
365, 368. fscoredb.cpp 368
JS_COREDB_FUNCTION_IMPL(BindInt)
{
bool status;
....
/* convert args */
status = !info[0].IsEmpty() && info[0]->IsInt32() ? true:false;
param_index = info[0]->Int32Value();
status = !info[1].IsEmpty() && info[1]->IsInt32() ? true:false;
param_value = info[1]->Int32Value();
if (param_index < 1) {
info.GetIsolate()->ThrowException(....);
return;
}
....
}
8. The analyzer has detected a potential error that has to do with one and the same variable being
assigned values twice on end, the variable itself not being used in any way between the two assignment
operations. The analyzer has helped to find a missing check: the value of the 'status' variable is not used
anywhere.
The code should probably look as follows:
....
param_index = status ? info[0]->Int32Value() : 0;
....
param_value = status ? info[1]->Int32Value() : 0;
V519 The 'status' variable is assigned values twice successively. Perhaps this is a mistake. Check lines:
1239, 1240. switch_core_io.c 1240
SWITCH_DECLARE(switch_status_t)
switch_core_session_write_frame(...., int stream_id)
{
....
if (ptime_mismatch && status != SWITCH_STATUS_GENERR) {
status = perform_write(session, frame, flags, stream_id);
status = SWITCH_STATUS_SUCCESS;
goto error;
}
....
}
It's not clear why the writing status is simply redefined as successful. Let's leave it to the code's authors
to sort it out.
Errors in strings
V694 The condition (mode + 5) is only false if there is pointer overflow which is undefined behaviour
anyway. mod_ilbc.c 51
9. static switch_status_t switch_ilbc_fmtp_parse(....)
{
....
if (fmtp && (mode = strstr(fmtp, "mode=")) && (mode + 5)) {
codec_ms = atoi(mode + 5);
}
if (!codec_ms) {
/* default to 30 when no mode is defined for ilbc ONLY */
codec_ms = 30;
}
....
}
At first sight, we seem to have a simple algorithm in this code:
1. Find the "mode=" substring;
2. Make sure there is no null character after the substring;
3. Convert the next character into a number.
The bug is lurking in step 2: after checking that the 'mode' pointer, pointing to the substring, is not null,
it is shifted by 5 characters, but it will still remain non-null. In the (mode + 5) expression, dereferencing
of the shifted pointer is missing. This error opens the way for issues when a null character is converted
into a number, resulting in the value zero. Thanks to the "if (!codec_ms) { codec_ms = 30;}" check, the
value zero is always cast back to the default value.
V519 The '* e' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 1438,
1439. switch_xml.c 1439
static int preprocess(....)
{
....
if ((e = strstr(tcmd, "/>"))) {
*e += 2;
*e = '0';
if (fwrite(e, 1, (unsigned) strlen(e),
write_fd) != (int) strlen(e)) {
switch_log_printf(....);
}
}
....
}
Here we've got a similar error as in the previous example save that it is opposite in meaning. On finding
the substring, the programmer wants the pointer to be shifted and the null character written. But in the
"*e += 2" expression, it is the code of the character the pointer refers to that is changed instead of the
pointer itself. After that, it's just the null terminator to be written into this character.
The correct version of this code should look as follows:
if ((e = strstr(tcmd, "/>"))) {
e += 2;
*e = '0';
....
}
V600 Consider inspecting the condition. The 'name' pointer is always not equal to NULL. fsodbc.cpp 323
10. JS_ODBC_FUNCTION_IMPL(GetData)
{
....
SQLCHAR name[1024] = ""; //<==
SQLCHAR *data = _colbuf;
SQLLEN pcbValue;
SQLDescribeCol(_stmt, x, name, sizeof(name), ....); //<==
SQLGetData(_stmt, x, SQL_C_CHAR, _colbuf, _cblen, &pcbValue);
if (name) { //<==
if (SQL_NULL_DATA == pcbValue) {
arg->Set(String::NewFromUtf8(GetIsolate(),
(const char *)name), Null(info.GetIsolate()));
} else {
arg->Set(String::NewFromUtf8(GetIsolate(),
(const char *)name), String::NewFromUtf8(GetIsolate(),
data ? (const char *)data : ""));
}
}
....
}
In this function, memory is allocated on the stack for the character array "name". A null character is
written into the beginning of the array, the latter being then handled somehow. In the "if (name) {....}"
condition, the programmer wanted to check if the string had remained empty (which is indicated by a
null character in the beginning of the string), but because of the missing pointer-dereferencing
character, they check a pointer that is never null.
V595 The 'val' pointer was utilized before it was verified against nullptr. Check lines: 2496, 2499.
switch_ivr.c 2496
static int
switch_ivr_set_xml_chan_var(...., const char *val, int off)
{
char *data;
switch_size_t dlen = strlen(val) * 3 + 1; //<==
switch_xml_t variable;
if (!val) val = ""; //<==
....
}
The function may receive a null pointer to the character array "val", which is indicated by the presence
of the corresponding check. But before that, this null pointer will be passed into the "strlen()" function
to evaluate the string length, where it will be dereferenced.
11. Dangerous pointers
V713 The pointer codec->cur_frame was utilized in the logical expression before it was verified against
nullptr in the same logical expression. mod_opus.c 631
static switch_status_t
switch_opus_decode(switch_codec_t *codec, ....)
{
....
if (opus_packet_get_bandwidth(codec->cur_frame->data) != //<==
OPUS_BANDWIDTH_FULLBAND && codec->cur_frame && //<==
(jb = switch_core_session_get_jb(....))) {
....
}
....
}
It was tricky, but the analyzer has managed to find a potential null-pointer-dereferencing issue caused
by an incorrect order of logical expressions inside a condition. In that condition, the "codec->cur_frame-
>data" variable is used first and then the "codec->cur_frame" pointer is checked for null.
V595 The 'a_engine' pointer was utilized before it was verified against nullptr. Check lines: 6024, 6052.
switch_core_media.c 6024
SWITCH_DECLARE(switch_status_t)
switch_core_media_activate_rtp(switch_core_session_t *session)
{
....
switch_port_t remote_rtcp_port = a_engine->remote_rtcp_port;
....
if (session && a_engine) {
check_dtls_reinvite(session, a_engine);
}
....
}
12. Unlike the V713 diagnostic, diagnostic V595 searches for potential null-pointer-dereferencing errors
through the entire function. Notice the way the "a_engine" pointer is used.
Here's a list of other dangerous issues with pointers:
V595 The 'session' pointer was utilized before it was verified against nullptr. Check lines: 6027,
6052. switch_core_media.c 6027
V595 The 'session' pointer was utilized before it was verified against nullptr. Check lines: 6689,
6696. switch_core_media.c 6689
V595 The 'v_engine' pointer was utilized before it was verified against nullptr. Check lines: 6677,
6696. switch_core_media.c 6677
V595 The 'stream.data' pointer was utilized before it was verified against nullptr. Check lines:
2409, 2411. switch_event.c 2409
V595 The 'stack' pointer was utilized before it was verified against nullptr. Check lines: 461, 466.
switch_ivr_menu.c 461
V595 The 'smin' pointer was utilized before it was verified against nullptr. Check lines: 3269,
3277. switch_utils.c 3269
V595 The 'key' pointer was utilized before it was verified against nullptr. Check lines: 111, 124.
switch_xml.c 111
V547 Expression 'fftstate->Perm == ((void *) 0)' is always false. Pointer 'fftstate->Perm' != NULL. fft.c 339
typedef struct {
unsigned int SpaceAlloced;
unsigned int MaxPermAlloced;
double Tmp0[MAXFFTSIZE];
double Tmp1[MAXFFTSIZE];
double Tmp2[MAXFFTSIZE];
double Tmp3[MAXFFTSIZE];
int Perm[MAXFFTSIZE];
int factor [NFACTOR];
} FFTstr;
static int FFTRADIX (...., FFTstr *fftstate)
{
....
if (fftstate->Tmp0 == NULL || fftstate->Tmp1 == NULL ||
fftstate->Tmp2 == NULL || fftstate->Tmp3 == NULL ||
fftstate->Perm == NULL) {
return -1;
}
....
}
There is a large yet meaningless condition checking the addresses of 5 arrays belonging to the FFTstr
class, and it doesn't matter whether the class object is created on the stack or the heap. The arrays'
addresses will always be different from zero. Even if the 'fftstate' pointer equals 0, the checks don't
make sense anyway because the Tmp0..Tmp3 members are offset from the structure's beginning.
13. Double defense
V530 The return value of function 'LoadLibraryExA' is required to be utilized. switch_dso.c 42
V581 The conditional expressions of the 'if' operators situated alongside each other are identical. Check
lines: 41, 45. switch_dso.c 45
SWITCH_DECLARE(switch_dso_lib_t) switch_dso_open(....)
{
HINSTANCE lib;
lib = LoadLibraryEx(path, NULL, 0);
if (!lib) {
LoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
}
if (!lib) {
DWORD error = GetLastError();
*err = switch_mprintf("dll open error [%ul]n", error);
}
return lib;
}
What's interesting about this fragment is that it triggered two different diagnostics at once. Diagnostic
V530 tells us that the return value of the "LoadLibraryEx()" function is not used, while diagnostic V581,
that the code contains two checks with identical logical expressions.
The first check of the "lib" descriptor checks if the module has been loaded by the "LoadLibraryEx()"
function; if the descriptor is null, the program will attempt to load the module once again. It is at this
point that the programmer forgot to rewrite the value in the 'lib' descriptor with a new value returned
by the function, so the descriptor will still remain null at the second check.
The correct version of this code:
lib = LoadLibraryEx(path, NULL, 0);
if (!lib) {
lib = LoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
}
14. Memory-related issues
V597 The compiler could delete the 'memset' function call, which is used to flush 'corrSurfBuff' buffer.
The RtlSecureZeroMemory() function should be used to erase the private data. pitch_estimator.c 158
void WebRtcIsac_InitializePitch(const double *in,
const double old_lag,
const double old_gain,
PitchAnalysisStruct *State,
double *lags)
{
....
for(k = 0; k < 2*PITCH_BW+3; k++)
{
CorrSurf[k] = &corrSurfBuff[10 + k * (PITCH_LAG_SPAN2+4)];
}
/* reset CorrSurf matrix */
memset(corrSurfBuff, 0, sizeof(double) * (10 + (2*PITCH_BW+3)
* (PITCH_LAG_SPAN2+4)));
....
}
15. The code above may leave the matrix uncleared. Notice that the "corrSurfBuff" array is cleared at the
end and is not used anymore afterwards. Because of that, the compiler will almost surely delete the call
of the memset() function when building the Release version of the program, and it does have an
absolute right to do so. The analyzer suggests using the RtlSecureZeroMemory() function for Windows
instead, but since the project is cross-platform, the authors need to find another way to avoid
optimizations by other compilers.
Note. We are not being paranoid. The compiler does delete function calls like that. Look for the V597
diagnostic rule's description to see how deep the rabbit hole goes. For those who don't trust me, there
is even an assembly listing included. This is a serious, and unfortunately very common, security issue.
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'abuf' is lost.
Consider assigning realloc() to a temporary pointer. switch_ivr_play_say.c 1535
SWITCH_DECLARE(switch_status_t) switch_ivr_play_file(....)
{
....
if (buflen > write_frame.buflen) {
abuf = realloc(abuf, buflen);
write_frame.data = abuf;
write_frame.buflen = buflen;
}
....
}
This code is potentially dangerous: we recommend that the realloc() function's result be saved in a
different variable. The realloc() function is used to change the size of a certain memory block. If it is
impossible at the moment, the function will return a null pointer. The biggest problem here is that in
"ptr = realloc(ptr, ...)"-like constructs, the ptr pointer to this data block may get lost.
Two other similar issues:
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'buf' is
lost. Consider assigning realloc() to a temporary pointer. switch_event.c 1556
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'buf' is
lost. Consider assigning realloc() to a temporary pointer. switch_event.c 1582
16. Miscellaneous
V665 Possibly, the usage of '#pragma warning(default: X)' is incorrect in this context. The '#pragma
warning(push/pop)' should be used instead. Check lines: 802, 837. switch_utils.h 837
#ifdef _MSC_VER
#pragma warning(disable:6011)
#endif
static inline char *switch_lc_strdup(const char *it)
{
....
}
static inline char *switch_uc_strdup(const char *it)
{
....
}
#ifdef _MSC_VER
#pragma warning(default:6011)
#endif
Many programmers believe that after the "pragma warning(default : X)" directive, warnings previously
disabled through the "pragma warning(disable: X)" directive will start working again. They are wrong.
The 'pragma warning(default : X)' directive sets the warning with number 'X' to its DEFAULT state, which
is quite a different thing.
The correct version of this code:
#pragma warning(push)
#pragma warning(disable: 6011)
....
// Correct code triggering the 6011 warning
17. ....
#pragma warning(pop)
V555 The expression 'parser->maxlen - parser->minlen > 0' will work as 'parser->maxlen != parser-
>minlen'. switch_ivr.c 2342
typedef uintptr_t switch_size_t;
switch_size_t maxlen;
switch_size_t buflen;
switch_size_t minlen;
SWITCH_DECLARE(void *) switch_ivr_digit_stream_parser_feed(....)
{
....
if (parser->maxlen - parser->minlen > 0 && ....) {
len = 0;
}
....
}
A difference of unsigned numbers is always larger than zero unless they are equal. So is there an error
here or did the programmer actually mean the 'parser->maxlen != parser->minlen' check?
V612 An unconditional 'goto' within a loop. mod_verto.c 112
static void json_cleanup(void)
{
....
top:
for (hi = switch_core_hash_first_iter(....); hi;) {
switch_core_hash_this(hi, &var, NULL, &val);
json = (cJSON *) val;
cJSON_Delete(json);
switch_core_hash_delete(json_GLOBALS.store_hash, var);
goto top;
}
switch_safe_free(hi);
switch_mutex_unlock(json_GLOBALS.store_mutex);
}
Also, the project's authors use unconditional jump statements at some points in the code, which makes
it more difficult to read and maintain, especially where loops are involved.
A few other issues of this kind:
V612 An unconditional 'break' within a loop. mod_event_socket.c 1643
V612 An unconditional 'goto' within a loop. mod_verto.c 328
V612 An unconditional 'break' within a loop. mod_verto.c 1993
V652 The '!' operation is executed 3 or more times in succession. mod_verto.c 3032
static switch_bool_t verto__modify_func(....)
{
....
18. switch_core_media_toggle_hold(session,
!!!switch_channel_test_flag(tech_pvt->channel, ....));
....
}
A strange fragment with as many as three negation operators used at once. There is probably a typo
somewhere.
V567 Unspecified behavior. The order of argument evaluation is not defined for 'strtol' function.
Consider inspecting the 'exp' variable. switch_utils.c 3759
SWITCH_DECLARE(int) switch_number_cmp(const char *exp, int val)
{
for (;; ++exp) {
int a = strtol(exp, (char **)&exp, 10);
if (*exp != '-') {
if (a == val)
return 1;
} else {
int b = strtol(++exp, (char **)&exp, 10); //<==
....
}
if (*exp != ',')
return 0;
}
}
It's unknown whether first the 'exp' pointer will be changed or its address obtained. Therefore, whether
or not the expression works right depends on chance.
V621 Consider inspecting the 'for' operator. It's possible that the loop will be executed incorrectly or
won't be executed at all. switch_core.c 3014
SWITCH_DECLARE(int) switch_max_file_desc(void)
{
int max = 0; //<==
#ifndef WIN32
#if defined(HAVE_GETDTABLESIZE)
max = getdtablesize();
#else
max = sysconf(_SC_OPEN_MAX);
#endif
#endif
return max;
}
SWITCH_DECLARE(void) switch_close_extra_files(....)
{
int open_max = switch_max_file_desc();
int i, j;
for (i = 3; i < open_max; i++) { //<==
....
19. close(i);
skip:
continue;
}
}
I don't know if it's an error or not, but the analyzer has found a stub for the Windows version inside the
"switch_max_file_desc()" function. If this function always returns zero on Windows, the loop following it
is never executed.
Conclusion
In this article, I've told you about the most suspicious (to my mind) code fragments of the FreeSWITCH
project detected by the PVS-Studio static analyzer. It's just another project dealing with computer
telephony: I once scanned a similar project Asterisk. The FreeSWITCH project is pretty large, and the
analyzer output plenty of interesting messages, although the libraries it uses triggered way more
warnings, but it's just a different story. Before this article was published, we had informed the project's
authors about the analysis and sent them a detailed analysis report. So some of the issues discussed
here may be already fixed by now.