SlideShare a Scribd company logo
PVS-Studio team experience:
checking various open source
projects, or mistakes C, C++ and C#
programmers make
Authors:
Candidate of Engineering Sciences,
Evgeniy Ryzhkov, evg@viva64.com
Candidate of Physico-Mathematical Sciences,
Andrey Karpov, karpov@viva64.com
OOO "Program Verification Systems"
(www.viva64.com)
• Development, marketing and sales of our software product
• Office: Tula, 200 km away from Moscow.
• Staff: 14 people
A couple of words about static analysis
• Does everyone know, what static analysis is?

• PVS-Studio performs static analysis of source
code written in C, C++ and C#.
• C, C++-300 diagnostics;
• C# - 100 diagnostics
Our achievements
• To let the world know about our product, we check open-
source projects. By the moment we have checked 245
projects.
• A side effect: we found 9574 errors and notified the authors about
them.
• 9574/245 = 40 errors in a project - not that much. I would like to
stress, that this is a side effect. We didn’t have a goal to find as
many errors as possible. Quite often, we stop when we find
enough errors for an article.
Examples of errors
So, we have checked a lot of open source
projects...
• ... thus we have accumulated various observations that we would like
to share
Let’s start with boring stuff - typical errors
• Let’s speak about the way the programmers usually see the static
analyzers’ work
A boring example N1
OpenMW (C++)
std::string rangeTypeLabel(int idx)
{
const char* rangeTypeLabels [] = {
"Self", "Touch", "Target"
};
if (idx >= 0 && idx <= 3)
return rangeTypeLabels[idx];
else
return "Invalid";
}
3 elements
If idx == 3, we have
array index out of
bounds
V557 Array overrun is possible. The value of 'idx'
index could reach 3. esmtool labels.cpp 502
A boring example N2
CamStudio (C++)
int CopyStream(PAVIFILE pavi, PAVISTREAM pstm)
{
//....
BYTE p[20000];
//....
free(p);
return 0;
}
V726 An attempt to free memory containing the 'p' array by
using the 'free' function. This is incorrect as 'p' was created on
stack. playplusview.cpp 7059
A boring example N3
Sony ATF (C#)
public static QuatF Slerp(QuatF q1, QuatF q2, float t)
{
double dot = q2.X * q1.X + q2.Y * q1.Y +
q2.Z * q1.Z + q2.W * q1.W;
if (dot < 0)
q1.X = -q1.X; q1.Y = -q1.Y; q1.Z = -q1.Z; q1.W = -q1.W;
....
}
V3043 The code's operational logic does not correspond with its formatting.
The statement is indented to the right, but it is always executed. It is possible
that curly brackets are missing. Atf.Core.vs2010 QuatF.cs 282
A boring example N4
Xenko (C#)
public string ToString(string format,
IFormatProvider formatProvider)
{
if (format == null) return ToString(formatProvider);
return string.Format(formatProvider,
"Red:{1} Green:{2} Blue:{3}",
R.ToString(format, formatProvider),
G.ToString(format, formatProvider),
B.ToString(format, formatProvider));
}
V3025 Incorrect format. A different number of
format items is expected while calling 'Format'
function. Expected: 4. Present: 3.
SiliconStudio.Core.Mathematics Color3.cs 765
But life is way more interesting
• Let’s look at the dark side
Programmers do not check comparison
functions
• Psychoanalysis;
• "Can't be wrong" in functions like:
public static int Compare(FooType A, FooType B) {
if (left < right) return -1;
if (left > right) return 1;
return 0;
}
Easy. Example N1.
IronPython and IronRuby (C#)
public static int Compare(SourceLocation left,
SourceLocation right) {
if (left < right) return -1;
if (right > left) return 1;
return 0;
}
Example N2.
Samba (C++)
static int compare_procids(const void *p1, const void *p2)
{
const struct server_id *i1 = (struct server_id *)p1;
const struct server_id *i2 = (struct server_id *)p2;
if (i1->pid < i2->pid) return -1;
if (i2->pid > i2->pid) return 1;
return 0;
}
Example N3.
MySQL (C++)
A lot of similar strings. It
should be fine.
static int rr_cmp(uchar *a, uchar *b)
{
if (a[0] != b[0])
return (int)a[0] - (int)b[0];
if (a[1] != b[1])
return (int)a[1] - (int)b[1];
if (a[2] != b[2])
return (int)a[2] - (int)b[2];
if (a[3] != b[3])
return (int)a[3] - (int)b[3];
if (a[4] != b[4])
return (int)a[4] - (int)b[4];
if (a[5] != b[5])
return (int)a[1] - (int)b[5];
if (a[6] != b[6])
return (int)a[6] - (int)b[6];
return (int)a[7] - (int)b[7];
}
Easy. Example N4.
CryEngine 3 SDK (C++)
inline bool operator != (const SEfResTexture &m) const
{
if (stricmp(m_Name.c_str(), m_Name.c_str()) != 0 ||
m_TexFlags != m.m_TexFlags ||
m_bUTile != m.m_bUTile ||
.....
m_Sampler != m.m_Sampler)
return true;
return false;
}
PVS-Studio is coming to the aid
G3D Content Pak (C++)
bool Matrix4::operator==(const Matrix4& other) const {
if (memcmp(this, &other, sizeof(Matrix4) == 0)) {
return true;
}
....
}
V575 The 'memcmp' function processes '0' elements. Inspect
the 'third' argument. graphics3D matrix4.cpp 269
PVS-Studio is coming to the aid
It detects errors in all the previous cases:
1. V3021 There are two 'if' statements with identical conditional expressions.
The first 'if' statement contains method return. This means that the
second 'if' statement is senseless. SourceLocation.cs 156
2. V501 There are identical sub-expressions to the left and to the right of the
'>' operator: i2->pid > i2->pid brlock.c 1901
3. V525 The code containing the collection of similar blocks. Check items '0',
'1', '2', '3', '4', '1', '6' in lines 680, 682, 684, 689, 691, 693, 695. sql
records.cc 680
4. V549 The first argument of 'stricmp' function is equal to the second
argument. ishader.h 2089
Last line effect
• About mountain - climbers;
• The statistics was gathered from the
error base, when it had about 1500 error
examples.
• 84 suitable fragments were detected.
• In 43 cases the mistake was in the last
line.
Example N1.
TrinityCore (C++)
inline
Vector3int32& operator+=(const Vector3int32& other) {
x += other.x;
y += other.y;
z += other.y;
return *this;
}
Example N2.
Source Engine SDK (C++)
inline void Init(float ix = 0, float iy = 0,
float iz = 0, float iw = 0)
{
SetX(ix);
SetY(iy);
SetZ(iz);
SetZ(iw);
}
Example N3.
Qt (C++)
.....::method_getImageData(.....) {
....
qreal x = ctx->callData->args[0].toNumber();
qreal y = ctx->callData->args[1].toNumber();
qreal w = ctx->callData->args[2].toNumber();
qreal h = ctx->callData->args[3].toNumber();
if (!qIsFinite(x) || !qIsFinite(y) ||
!qIsFinite(w) || !qIsFinite(w))
....
}
Example N4.
Space Engineers (C#)
void DeserializeV0(XmlReader reader)
{
....
if (property.Name == "Rotation" ||
property.Name == "AxisScale" ||
property.Name == "AxisScale")
continue;
....
}
PVS-Studio is coming to the aid
Xamarin.Forms (C#)
internal bool IsDefault
{
get { return Left == 0 && Top == 0 &&
Right == 0 && Left == 0; }
}
V3001 There are identical sub-expressions 'Left == 0' to the
left and to the right of the '&&' operator. Thickness.cs 29
PVS-Studio is coming to the aid
It detects errors in all the previous cases:
1. V537 Consider reviewing the correctness of 'y' item's usage. g3dlib
vector3int32.h 77
2. V525 The code containing the collection of similar blocks. Check items
'SetX', 'SetY', 'SetZ', 'SetZ' in lines 455, 456, 457, 458. Client (HL2)
networkvar.h 455
3. V501 There are identical sub-expressions '!qIsFinite(w)' to the left and to
the right of the '||' operator. qquickcontext2d.cpp 3305
4. V3001 There are identical sub-expressions 'property.Name == "AxisScale"'
to the left and to the right of the '||' operator. Sandbox.Graphics
MyParticleEmitter.cs 352
Let’s take a dark break: the compiler is to
blame for everuthing!
Ffdshow
TprintPrefs::TprintPrefs(....)
{
memset(this, 0, sizeof(this)); // This doesn't seem to
// help after optimization.
dx = dy = 0;
isOSD = false;
xpos = ypos = 0;
align = 0;
....
}
It only seems that people
verify the pointers
(references) against null
• In fact, the programs are not ready to
face nullptr/null;
• This is the most common error that we
find in both C++ and in C# projects.
Example N1.
Linux (C) kernel
static int tc_ctl_action(struct sk_buff *skb,
struct nlmsghdr *n)
{
struct net *net = sock_net(skb->sk);
struct nlattr *tca[TCA_ACT_MAX + 1];
u32 portid = skb ? NETLINK_CB(skb).portid : 0;
....
}
The function
got an
argument:
Dereferencing
Oops, it should be checked too.
Example N2.
These bugs have ALWAYS been there. Taken from Cfront compiler, year 1985:
Pexpr expr::typ(Ptable tbl)
{
....
Pclass cl;
....
cl = (Pclass) nn->tp;
cl->permanent=1;
if (cl == 0) error('i',"%k %s'sT missing",CLASS,s);
....
}
Example N3.
Nothing has changed for the past 30 years. Contemporary Clang compiler:
Instruction *InstCombiner::visitGetElementPtrInst(....) {
....
Value *StrippedPtr = PtrOp->stripPointerCasts();
PointerType *StrippedPtrTy =
dyn_cast<PointerType>(StrippedPtr->getType());
if (!StrippedPtr)
return 0;
....
}
Example N4.
C # projects are no better. In the source code of 270 controls written by
DevExpress we found 460 errors of this kind (1.7 error per project). Example:
public IList<ISeries> CreateBindingSeries(....) {
DataBrowser seriesBrowser = CreateDataBrowser(....);
....
int currentPosition = seriesBrowser.Position;
if (seriesBrowser != null &&
seriesBrowser.Position >= 0)
....
}
PVS-Studio is coming to the aid
Unreal Engine 4 (C++)
FName UKismetNodeHelperLibrary::GetEnumeratorName(
const UEnum* Enum, uint8 EnumeratorValue)
{
int32 EnumeratorIndex = Enum->GetIndexByValue(EnumeratorValue);
return (NULL != Enum) ?
Enum->GetEnum(EnumeratorIndex) : NAME_None;
}
V595 The 'Enum' pointer was utilized before it
was verified against nullptr. Check lines: 146, 147.
kismetnodehelperlibrary.cpp 146
PVS-Studio is coming to the aid
It detects errors in all the previous cases:
1. V595 The 'skb' pointer was utilized before it was verified against nullptr.
Check lines: 949, 951. act_api.c 949
2. V595 The 'cl' pointer was utilized before it was verified against nullptr.
Check lines: 927, 928. expr.c 927
3. V595 The 'StrippedPtr' pointer was utilized before it was verified against
nullptr. Check lines: 918, 920. LLVMInstCombine instructioncombining.cpp
918
4. V3095 The 'seriesBrowser' object was used before it was verified against
null. Check lines: 509, 510. - ADDITIONAL IN CURRENT
DevExpress.Charts.Core BindingProcedure.cs 509
What does a “normal”
programmer think about a code
analyzer?
Myths and stereotypes
Laziness is on my side
• "It is hard to start using static analysis, because
of the large number of messages on the first
stage."
PVS-Studio is coming to the aid:
markup base
• Old messages can be marked as "uninteresting". This is a key point
when you embed the code analyzer into a real project.
All settings turned to the maximum!
• “The more messages the analyzer issues, the
better is the analyzer”
"The first 10 messages”
• People’s attention weakens very quickly.
• The analyzer must take this into account.
• Default settings are chosen in such a way that you have
maximum chances to see the error immediately.
The hardest part about static analysis:
not to issue warnings
• C++: 105 open source projects
• C#: 36 open source projects
• Example V501
V501.
Infix operation is considered as a dangerous one, if
the right and the left operands are the same.
while (X < X)
if (A == B || A == B)
V501. The devil is in the details
• X*X
• while (*p++ == *a++ && *p++ == *a++)
• There are number literals to the left and to the right
if (0 == 0)
… 15 | 15 …
• #define M1 100
#define M2 100
if (x == M1 || x == M2)
• float x = foo();
if (x == x)
V501. The devil is in the details
• /or - apply to numeric constants: 1./1.
• A string from Zlib:
if (opaque) items += size - size; / * make compiler happy * /
• rand() - rand()
rand() % N - rand() % N
• There are classes to the left and right of '|', '&', '^', '%'.
if (str == str) – look for
if (vect ^ vect) – we’d better skip
• sizeof(__int64) < sizeof(__int64)
V501. The devil is in the details
• 0 << 31 | 0 << 30 | ...
(0 << 6) | (0 << 3) | …
• '0' == 0x30 && 'A' == 0x41 && 'a' == 0x61
• This is a template function to define NaN numbers.
• Read(x) && Read(x)
• #define USEDPARAM(p) ((&p) == (&p)) and others
• To the right and left there is a function call with such names as
pop, _pop
• Etc …
Interface? Infrastructure?
• “Give me just a command line utility, nobody
cares about the other stuff”
PVS-Studio is coming to the aid:
Ability to work with the list of messages.
• Filters by the code of the message;
• Filters by the message text;
• Filters by the name of a file or a folder;
• False alarm markup in the code
(Mark As False Alarm: //-V501), including macros;
• 100 messages for an .h-file.
• Interactivity is super important!
PVS-Studio is coming to the aid:
Different ways to run the analyzer
• Integration with IDE;
• A separate application;
• Monitoring of the compiler;
• Command line version;
• Integration with nightly builds;
• IncrediBuild Support.
Static analysis is not a panacea
• This is an answer to the question: "What else can I do to improve the
quality of the code”
On the topic of programming culture in Russia and
in the world, or “Why should I care about static
analysis at all?”
• Western people have used for a long time quite successfully.
• Knowing the principles and tools for static code analysis gives you +10
points on the job interview and +20 during the implementation in
your project. On top of it - a position of a Team Leader.
• Where else can we find articles about static code analysis?
49/26
Q&A
• Contact: evg@viva64.com
• Follow us on twitter: https://twitter.com/Code_Analysis
• Visit the site: www.viva64.com
• Come and talk to us during the conference (mostly, we are friendly
people and won’t bite you, we promise)
50/26

More Related Content

What's hot

CodiLime Tech Talk - Grzegorz Rozdzialik: What the java script
CodiLime Tech Talk - Grzegorz Rozdzialik: What the java scriptCodiLime Tech Talk - Grzegorz Rozdzialik: What the java script
CodiLime Tech Talk - Grzegorz Rozdzialik: What the java script
CodiLime
 
Computer graphics
Computer graphicsComputer graphics
Computer graphics
AAlha PaiKra
 
Tiramisu をちょっと、味見してみました。
Tiramisu をちょっと、味見してみました。Tiramisu をちょっと、味見してみました。
Tiramisu をちょっと、味見してみました。
Mr. Vengineer
 
Yurii Shevtsov "V8 + libuv = Node.js. Under the hood"
Yurii Shevtsov "V8 + libuv = Node.js. Under the hood"Yurii Shevtsov "V8 + libuv = Node.js. Under the hood"
Yurii Shevtsov "V8 + libuv = Node.js. Under the hood"
OdessaJS Conf
 
Timur Shemsedinov "Пишу на колбеках, а что... (Асинхронное программирование)"
Timur Shemsedinov "Пишу на колбеках, а что... (Асинхронное программирование)"Timur Shemsedinov "Пишу на колбеках, а что... (Асинхронное программирование)"
Timur Shemsedinov "Пишу на колбеках, а что... (Асинхронное программирование)"
OdessaJS Conf
 
PVS-Studio for Linux Went on a Tour Around Disney
PVS-Studio for Linux Went on a Tour Around DisneyPVS-Studio for Linux Went on a Tour Around Disney
PVS-Studio for Linux Went on a Tour Around Disney
PVS-Studio
 
Story of static code analyzer development
Story of static code analyzer developmentStory of static code analyzer development
Story of static code analyzer development
Andrey Karpov
 
Gpus graal
Gpus graalGpus graal
Gpus graal
Juan Fumero
 
GPU Programming on CPU - Using C++AMP
GPU Programming on CPU - Using C++AMPGPU Programming on CPU - Using C++AMP
GPU Programming on CPU - Using C++AMPMiller Lee
 
Beauty and the beast - Haskell on JVM
Beauty and the beast  - Haskell on JVMBeauty and the beast  - Haskell on JVM
Beauty and the beast - Haskell on JVM
Jarek Ratajski
 
Network lab manual
Network lab manualNetwork lab manual
Network lab manualPrabhu D
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical Reviewer
Andrey Karpov
 
Network lap pgms 7th semester
Network lap pgms 7th semesterNetwork lap pgms 7th semester
Network lap pgms 7th semesterDOSONKA Group
 
C++ amp on linux
C++ amp on linuxC++ amp on linux
C++ amp on linux
Miller Lee
 
Advance java
Advance javaAdvance java
Advance java
Vivek Kumar Sinha
 
TVM VTA (TSIM)
TVM VTA (TSIM) TVM VTA (TSIM)
TVM VTA (TSIM)
Mr. Vengineer
 
TensorFlow XLA RPC
TensorFlow XLA RPCTensorFlow XLA RPC
TensorFlow XLA RPC
Mr. Vengineer
 
深入淺出C語言
深入淺出C語言深入淺出C語言
深入淺出C語言
Simen Li
 
Computer Graphics Lab
Computer Graphics LabComputer Graphics Lab
Computer Graphics Lab
Neil Mathew
 

What's hot (20)

CodiLime Tech Talk - Grzegorz Rozdzialik: What the java script
CodiLime Tech Talk - Grzegorz Rozdzialik: What the java scriptCodiLime Tech Talk - Grzegorz Rozdzialik: What the java script
CodiLime Tech Talk - Grzegorz Rozdzialik: What the java script
 
Computer graphics
Computer graphicsComputer graphics
Computer graphics
 
Tiramisu をちょっと、味見してみました。
Tiramisu をちょっと、味見してみました。Tiramisu をちょっと、味見してみました。
Tiramisu をちょっと、味見してみました。
 
Yurii Shevtsov "V8 + libuv = Node.js. Under the hood"
Yurii Shevtsov "V8 + libuv = Node.js. Under the hood"Yurii Shevtsov "V8 + libuv = Node.js. Under the hood"
Yurii Shevtsov "V8 + libuv = Node.js. Under the hood"
 
Timur Shemsedinov "Пишу на колбеках, а что... (Асинхронное программирование)"
Timur Shemsedinov "Пишу на колбеках, а что... (Асинхронное программирование)"Timur Shemsedinov "Пишу на колбеках, а что... (Асинхронное программирование)"
Timur Shemsedinov "Пишу на колбеках, а что... (Асинхронное программирование)"
 
PVS-Studio for Linux Went on a Tour Around Disney
PVS-Studio for Linux Went on a Tour Around DisneyPVS-Studio for Linux Went on a Tour Around Disney
PVS-Studio for Linux Went on a Tour Around Disney
 
Story of static code analyzer development
Story of static code analyzer developmentStory of static code analyzer development
Story of static code analyzer development
 
Gpus graal
Gpus graalGpus graal
Gpus graal
 
GPU Programming on CPU - Using C++AMP
GPU Programming on CPU - Using C++AMPGPU Programming on CPU - Using C++AMP
GPU Programming on CPU - Using C++AMP
 
Beauty and the beast - Haskell on JVM
Beauty and the beast  - Haskell on JVMBeauty and the beast  - Haskell on JVM
Beauty and the beast - Haskell on JVM
 
Network lab manual
Network lab manualNetwork lab manual
Network lab manual
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical Reviewer
 
Network lap pgms 7th semester
Network lap pgms 7th semesterNetwork lap pgms 7th semester
Network lap pgms 7th semester
 
C++ amp on linux
C++ amp on linuxC++ amp on linux
C++ amp on linux
 
Advance java
Advance javaAdvance java
Advance java
 
Exploiting vectorization with ISPC
Exploiting vectorization with ISPCExploiting vectorization with ISPC
Exploiting vectorization with ISPC
 
TVM VTA (TSIM)
TVM VTA (TSIM) TVM VTA (TSIM)
TVM VTA (TSIM)
 
TensorFlow XLA RPC
TensorFlow XLA RPCTensorFlow XLA RPC
TensorFlow XLA RPC
 
深入淺出C語言
深入淺出C語言深入淺出C語言
深入淺出C語言
 
Computer Graphics Lab
Computer Graphics LabComputer Graphics Lab
Computer Graphics Lab
 

Viewers also liked

SEO with RoboHelp
SEO with RoboHelpSEO with RoboHelp
SEO with RoboHelp
WvanWeelden
 
Wild-life conservation though "awareness programme and joint patrol in Melgh...
Wild-life conservation  though "awareness programme and joint patrol in Melgh...Wild-life conservation  though "awareness programme and joint patrol in Melgh...
Wild-life conservation though "awareness programme and joint patrol in Melgh...
Indrapratap1
 
Props describing them
Props describing themProps describing them
Props describing them
MattBovill999
 
Upload Form 16 and E-File 2016 Income Tax Return Instantly
Upload Form 16 and E-File 2016 Income Tax Return InstantlyUpload Form 16 and E-File 2016 Income Tax Return Instantly
Upload Form 16 and E-File 2016 Income Tax Return Instantly
MyTaxCafe
 
Prolonger ses prêts
Prolonger ses prêtsProlonger ses prêts
Prolonger ses prêtsNiconum
 
The operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerThe operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzer
Andrey Karpov
 
Redes sociales, familiares y escuela.
Redes sociales, familiares y escuela.Redes sociales, familiares y escuela.
Redes sociales, familiares y escuela.
Yasuira15
 

Viewers also liked (10)

SEO with RoboHelp
SEO with RoboHelpSEO with RoboHelp
SEO with RoboHelp
 
Wild-life conservation though "awareness programme and joint patrol in Melgh...
Wild-life conservation  though "awareness programme and joint patrol in Melgh...Wild-life conservation  though "awareness programme and joint patrol in Melgh...
Wild-life conservation though "awareness programme and joint patrol in Melgh...
 
C.V
C.VC.V
C.V
 
Props describing them
Props describing themProps describing them
Props describing them
 
Upload Form 16 and E-File 2016 Income Tax Return Instantly
Upload Form 16 and E-File 2016 Income Tax Return InstantlyUpload Form 16 and E-File 2016 Income Tax Return Instantly
Upload Form 16 and E-File 2016 Income Tax Return Instantly
 
Prolonger ses prêts
Prolonger ses prêtsProlonger ses prêts
Prolonger ses prêts
 
Ae224maers
Ae224maersAe224maers
Ae224maers
 
The operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerThe operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzer
 
Redes sociales, familiares y escuela.
Redes sociales, familiares y escuela.Redes sociales, familiares y escuela.
Redes sociales, familiares y escuela.
 
Final Report
Final ReportFinal Report
Final Report
 

Similar to PVS-Studio team experience: checking various open source projects, or mistakes C, C++ and C# programmers make

Python for Scientific Computing -- Ricardo Cruz
Python for Scientific Computing -- Ricardo CruzPython for Scientific Computing -- Ricardo Cruz
Python for Scientific Computing -- Ricardo Cruz
rpmcruz
 
Самые вкусные баги из игрового кода: как ошибаются наши коллеги-программисты ...
Самые вкусные баги из игрового кода: как ошибаются наши коллеги-программисты ...Самые вкусные баги из игрового кода: как ошибаются наши коллеги-программисты ...
Самые вкусные баги из игрового кода: как ошибаются наши коллеги-программисты ...
DevGAMM Conference
 
Basic c++ 11/14 for python programmers
Basic c++ 11/14 for python programmersBasic c++ 11/14 for python programmers
Basic c++ 11/14 for python programmers
Jen Yee Hong
 
Sparse Matrix and Polynomial
Sparse Matrix and PolynomialSparse Matrix and Polynomial
Sparse Matrix and Polynomial
Aroosa Rajput
 
Whats new in_csharp4
Whats new in_csharp4Whats new in_csharp4
Whats new in_csharp4Abed Bukhari
 
The present and the future of functional programming in c++
The present and the future of functional programming in c++The present and the future of functional programming in c++
The present and the future of functional programming in c++
Alexander Granin
 
Basic C++ 11/14 for Python Programmers
Basic C++ 11/14 for Python ProgrammersBasic C++ 11/14 for Python Programmers
Basic C++ 11/14 for Python Programmers
Appier
 
Compilation of COSMO for GPU using LLVM
Compilation of COSMO for GPU using LLVMCompilation of COSMO for GPU using LLVM
Compilation of COSMO for GPU using LLVM
Linaro
 
lecture8_Cuong.ppt
lecture8_Cuong.pptlecture8_Cuong.ppt
lecture8_Cuong.ppt
HongV34104
 
Anomalies in X-Ray Engine
Anomalies in X-Ray EngineAnomalies in X-Ray Engine
Anomalies in X-Ray Engine
PVS-Studio
 
C Code and the Art of Obfuscation
C Code and the Art of ObfuscationC Code and the Art of Obfuscation
C Code and the Art of Obfuscation
guest9006ab
 
C++ lectures all chapters in one slide.pptx
C++ lectures all chapters in one slide.pptxC++ lectures all chapters in one slide.pptx
C++ lectures all chapters in one slide.pptx
ssuser3cbb4c
 
How Data Flow analysis works in a static code analyzer
How Data Flow analysis works in a static code analyzerHow Data Flow analysis works in a static code analyzer
How Data Flow analysis works in a static code analyzer
Andrey Karpov
 
The Present and The Future of Functional Programming in C++
The Present and The Future of Functional Programming in C++The Present and The Future of Functional Programming in C++
The Present and The Future of Functional Programming in C++
Alexander Granin
 
Aaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security TeamsAaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security Teams
centralohioissa
 
What&rsquo;s new in Visual C++
What&rsquo;s new in Visual C++What&rsquo;s new in Visual C++
What&rsquo;s new in Visual C++
Microsoft
 
C Programming Training in Ambala ! Batra Computer Centre
C Programming Training in Ambala ! Batra Computer CentreC Programming Training in Ambala ! Batra Computer Centre
C Programming Training in Ambala ! Batra Computer Centre
jatin batra
 
Дмитрий Верескун «Синтаксический сахар C#»
Дмитрий Верескун «Синтаксический сахар C#»Дмитрий Верескун «Синтаксический сахар C#»
Дмитрий Верескун «Синтаксический сахар C#»
SpbDotNet Community
 

Similar to PVS-Studio team experience: checking various open source projects, or mistakes C, C++ and C# programmers make (20)

Python for Scientific Computing -- Ricardo Cruz
Python for Scientific Computing -- Ricardo CruzPython for Scientific Computing -- Ricardo Cruz
Python for Scientific Computing -- Ricardo Cruz
 
Самые вкусные баги из игрового кода: как ошибаются наши коллеги-программисты ...
Самые вкусные баги из игрового кода: как ошибаются наши коллеги-программисты ...Самые вкусные баги из игрового кода: как ошибаются наши коллеги-программисты ...
Самые вкусные баги из игрового кода: как ошибаются наши коллеги-программисты ...
 
Basic c++ 11/14 for python programmers
Basic c++ 11/14 for python programmersBasic c++ 11/14 for python programmers
Basic c++ 11/14 for python programmers
 
Sparse Matrix and Polynomial
Sparse Matrix and PolynomialSparse Matrix and Polynomial
Sparse Matrix and Polynomial
 
Whats new in_csharp4
Whats new in_csharp4Whats new in_csharp4
Whats new in_csharp4
 
The present and the future of functional programming in c++
The present and the future of functional programming in c++The present and the future of functional programming in c++
The present and the future of functional programming in c++
 
Basic C++ 11/14 for Python Programmers
Basic C++ 11/14 for Python ProgrammersBasic C++ 11/14 for Python Programmers
Basic C++ 11/14 for Python Programmers
 
Compilation of COSMO for GPU using LLVM
Compilation of COSMO for GPU using LLVMCompilation of COSMO for GPU using LLVM
Compilation of COSMO for GPU using LLVM
 
lecture8_Cuong.ppt
lecture8_Cuong.pptlecture8_Cuong.ppt
lecture8_Cuong.ppt
 
Anomalies in X-Ray Engine
Anomalies in X-Ray EngineAnomalies in X-Ray Engine
Anomalies in X-Ray Engine
 
C Code and the Art of Obfuscation
C Code and the Art of ObfuscationC Code and the Art of Obfuscation
C Code and the Art of Obfuscation
 
C++ lectures all chapters in one slide.pptx
C++ lectures all chapters in one slide.pptxC++ lectures all chapters in one slide.pptx
C++ lectures all chapters in one slide.pptx
 
How Data Flow analysis works in a static code analyzer
How Data Flow analysis works in a static code analyzerHow Data Flow analysis works in a static code analyzer
How Data Flow analysis works in a static code analyzer
 
The Present and The Future of Functional Programming in C++
The Present and The Future of Functional Programming in C++The Present and The Future of Functional Programming in C++
The Present and The Future of Functional Programming in C++
 
C++ file
C++ fileC++ file
C++ file
 
C++ file
C++ fileC++ file
C++ file
 
Aaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security TeamsAaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security Teams
 
What&rsquo;s new in Visual C++
What&rsquo;s new in Visual C++What&rsquo;s new in Visual C++
What&rsquo;s new in Visual C++
 
C Programming Training in Ambala ! Batra Computer Centre
C Programming Training in Ambala ! Batra Computer CentreC Programming Training in Ambala ! Batra Computer Centre
C Programming Training in Ambala ! Batra Computer Centre
 
Дмитрий Верескун «Синтаксический сахар C#»
Дмитрий Верескун «Синтаксический сахар C#»Дмитрий Верескун «Синтаксический сахар C#»
Дмитрий Верескун «Синтаксический сахар C#»
 

More from Andrey Karpov

60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста
Andrey Karpov
 
60 terrible tips for a C++ developer
60 terrible tips for a C++ developer60 terrible tips for a C++ developer
60 terrible tips for a C++ developer
Andrey Karpov
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Andrey Karpov
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error Examples
Andrey Karpov
 
PVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewPVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature Overview
Andrey Karpov
 
PVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокPVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибок
Andrey Karpov
 
PVS-Studio в 2021
PVS-Studio в 2021PVS-Studio в 2021
PVS-Studio в 2021
Andrey Karpov
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Andrey Karpov
 
Does static analysis need machine learning?
Does static analysis need machine learning?Does static analysis need machine learning?
Does static analysis need machine learning?
Andrey Karpov
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and Java
Andrey Karpov
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
Andrey Karpov
 
Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?
Andrey Karpov
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
Andrey Karpov
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal Engine
Andrey Karpov
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Andrey Karpov
 
The Great and Mighty C++
The Great and Mighty C++The Great and Mighty C++
The Great and Mighty C++
Andrey Karpov
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?
Andrey Karpov
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for you
Andrey Karpov
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
Andrey Karpov
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
Andrey Karpov
 

More from Andrey Karpov (20)

60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста
 
60 terrible tips for a C++ developer
60 terrible tips for a C++ developer60 terrible tips for a C++ developer
60 terrible tips for a C++ developer
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error Examples
 
PVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewPVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature Overview
 
PVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокPVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибок
 
PVS-Studio в 2021
PVS-Studio в 2021PVS-Studio в 2021
PVS-Studio в 2021
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
 
Does static analysis need machine learning?
Does static analysis need machine learning?Does static analysis need machine learning?
Does static analysis need machine learning?
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and Java
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
 
Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal Engine
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
 
The Great and Mighty C++
The Great and Mighty C++The Great and Mighty C++
The Great and Mighty C++
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for you
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
 

Recently uploaded

Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 
RISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent EnterpriseRISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent Enterprise
Srikant77
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
e20449
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
Tier1 app
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 

Recently uploaded (20)

Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 
RISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent EnterpriseRISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent Enterprise
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 

PVS-Studio team experience: checking various open source projects, or mistakes C, C++ and C# programmers make

  • 1. PVS-Studio team experience: checking various open source projects, or mistakes C, C++ and C# programmers make Authors: Candidate of Engineering Sciences, Evgeniy Ryzhkov, evg@viva64.com Candidate of Physico-Mathematical Sciences, Andrey Karpov, karpov@viva64.com
  • 2. OOO "Program Verification Systems" (www.viva64.com) • Development, marketing and sales of our software product • Office: Tula, 200 km away from Moscow. • Staff: 14 people
  • 3. A couple of words about static analysis • Does everyone know, what static analysis is?  • PVS-Studio performs static analysis of source code written in C, C++ and C#. • C, C++-300 diagnostics; • C# - 100 diagnostics
  • 4. Our achievements • To let the world know about our product, we check open- source projects. By the moment we have checked 245 projects. • A side effect: we found 9574 errors and notified the authors about them. • 9574/245 = 40 errors in a project - not that much. I would like to stress, that this is a side effect. We didn’t have a goal to find as many errors as possible. Quite often, we stop when we find enough errors for an article.
  • 6. So, we have checked a lot of open source projects... • ... thus we have accumulated various observations that we would like to share
  • 7. Let’s start with boring stuff - typical errors • Let’s speak about the way the programmers usually see the static analyzers’ work
  • 8. A boring example N1 OpenMW (C++) std::string rangeTypeLabel(int idx) { const char* rangeTypeLabels [] = { "Self", "Touch", "Target" }; if (idx >= 0 && idx <= 3) return rangeTypeLabels[idx]; else return "Invalid"; } 3 elements If idx == 3, we have array index out of bounds V557 Array overrun is possible. The value of 'idx' index could reach 3. esmtool labels.cpp 502
  • 9. A boring example N2 CamStudio (C++) int CopyStream(PAVIFILE pavi, PAVISTREAM pstm) { //.... BYTE p[20000]; //.... free(p); return 0; } V726 An attempt to free memory containing the 'p' array by using the 'free' function. This is incorrect as 'p' was created on stack. playplusview.cpp 7059
  • 10. A boring example N3 Sony ATF (C#) public static QuatF Slerp(QuatF q1, QuatF q2, float t) { double dot = q2.X * q1.X + q2.Y * q1.Y + q2.Z * q1.Z + q2.W * q1.W; if (dot < 0) q1.X = -q1.X; q1.Y = -q1.Y; q1.Z = -q1.Z; q1.W = -q1.W; .... } V3043 The code's operational logic does not correspond with its formatting. The statement is indented to the right, but it is always executed. It is possible that curly brackets are missing. Atf.Core.vs2010 QuatF.cs 282
  • 11. A boring example N4 Xenko (C#) public string ToString(string format, IFormatProvider formatProvider) { if (format == null) return ToString(formatProvider); return string.Format(formatProvider, "Red:{1} Green:{2} Blue:{3}", R.ToString(format, formatProvider), G.ToString(format, formatProvider), B.ToString(format, formatProvider)); } V3025 Incorrect format. A different number of format items is expected while calling 'Format' function. Expected: 4. Present: 3. SiliconStudio.Core.Mathematics Color3.cs 765
  • 12. But life is way more interesting • Let’s look at the dark side
  • 13. Programmers do not check comparison functions • Psychoanalysis; • "Can't be wrong" in functions like: public static int Compare(FooType A, FooType B) { if (left < right) return -1; if (left > right) return 1; return 0; }
  • 14. Easy. Example N1. IronPython and IronRuby (C#) public static int Compare(SourceLocation left, SourceLocation right) { if (left < right) return -1; if (right > left) return 1; return 0; }
  • 15. Example N2. Samba (C++) static int compare_procids(const void *p1, const void *p2) { const struct server_id *i1 = (struct server_id *)p1; const struct server_id *i2 = (struct server_id *)p2; if (i1->pid < i2->pid) return -1; if (i2->pid > i2->pid) return 1; return 0; }
  • 16. Example N3. MySQL (C++) A lot of similar strings. It should be fine. static int rr_cmp(uchar *a, uchar *b) { if (a[0] != b[0]) return (int)a[0] - (int)b[0]; if (a[1] != b[1]) return (int)a[1] - (int)b[1]; if (a[2] != b[2]) return (int)a[2] - (int)b[2]; if (a[3] != b[3]) return (int)a[3] - (int)b[3]; if (a[4] != b[4]) return (int)a[4] - (int)b[4]; if (a[5] != b[5]) return (int)a[1] - (int)b[5]; if (a[6] != b[6]) return (int)a[6] - (int)b[6]; return (int)a[7] - (int)b[7]; }
  • 17. Easy. Example N4. CryEngine 3 SDK (C++) inline bool operator != (const SEfResTexture &m) const { if (stricmp(m_Name.c_str(), m_Name.c_str()) != 0 || m_TexFlags != m.m_TexFlags || m_bUTile != m.m_bUTile || ..... m_Sampler != m.m_Sampler) return true; return false; }
  • 18. PVS-Studio is coming to the aid G3D Content Pak (C++) bool Matrix4::operator==(const Matrix4& other) const { if (memcmp(this, &other, sizeof(Matrix4) == 0)) { return true; } .... } V575 The 'memcmp' function processes '0' elements. Inspect the 'third' argument. graphics3D matrix4.cpp 269
  • 19. PVS-Studio is coming to the aid It detects errors in all the previous cases: 1. V3021 There are two 'if' statements with identical conditional expressions. The first 'if' statement contains method return. This means that the second 'if' statement is senseless. SourceLocation.cs 156 2. V501 There are identical sub-expressions to the left and to the right of the '>' operator: i2->pid > i2->pid brlock.c 1901 3. V525 The code containing the collection of similar blocks. Check items '0', '1', '2', '3', '4', '1', '6' in lines 680, 682, 684, 689, 691, 693, 695. sql records.cc 680 4. V549 The first argument of 'stricmp' function is equal to the second argument. ishader.h 2089
  • 20. Last line effect • About mountain - climbers; • The statistics was gathered from the error base, when it had about 1500 error examples. • 84 suitable fragments were detected. • In 43 cases the mistake was in the last line.
  • 21. Example N1. TrinityCore (C++) inline Vector3int32& operator+=(const Vector3int32& other) { x += other.x; y += other.y; z += other.y; return *this; }
  • 22. Example N2. Source Engine SDK (C++) inline void Init(float ix = 0, float iy = 0, float iz = 0, float iw = 0) { SetX(ix); SetY(iy); SetZ(iz); SetZ(iw); }
  • 23. Example N3. Qt (C++) .....::method_getImageData(.....) { .... qreal x = ctx->callData->args[0].toNumber(); qreal y = ctx->callData->args[1].toNumber(); qreal w = ctx->callData->args[2].toNumber(); qreal h = ctx->callData->args[3].toNumber(); if (!qIsFinite(x) || !qIsFinite(y) || !qIsFinite(w) || !qIsFinite(w)) .... }
  • 24. Example N4. Space Engineers (C#) void DeserializeV0(XmlReader reader) { .... if (property.Name == "Rotation" || property.Name == "AxisScale" || property.Name == "AxisScale") continue; .... }
  • 25. PVS-Studio is coming to the aid Xamarin.Forms (C#) internal bool IsDefault { get { return Left == 0 && Top == 0 && Right == 0 && Left == 0; } } V3001 There are identical sub-expressions 'Left == 0' to the left and to the right of the '&&' operator. Thickness.cs 29
  • 26. PVS-Studio is coming to the aid It detects errors in all the previous cases: 1. V537 Consider reviewing the correctness of 'y' item's usage. g3dlib vector3int32.h 77 2. V525 The code containing the collection of similar blocks. Check items 'SetX', 'SetY', 'SetZ', 'SetZ' in lines 455, 456, 457, 458. Client (HL2) networkvar.h 455 3. V501 There are identical sub-expressions '!qIsFinite(w)' to the left and to the right of the '||' operator. qquickcontext2d.cpp 3305 4. V3001 There are identical sub-expressions 'property.Name == "AxisScale"' to the left and to the right of the '||' operator. Sandbox.Graphics MyParticleEmitter.cs 352
  • 27. Let’s take a dark break: the compiler is to blame for everuthing! Ffdshow TprintPrefs::TprintPrefs(....) { memset(this, 0, sizeof(this)); // This doesn't seem to // help after optimization. dx = dy = 0; isOSD = false; xpos = ypos = 0; align = 0; .... }
  • 28. It only seems that people verify the pointers (references) against null • In fact, the programs are not ready to face nullptr/null; • This is the most common error that we find in both C++ and in C# projects.
  • 29. Example N1. Linux (C) kernel static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n) { struct net *net = sock_net(skb->sk); struct nlattr *tca[TCA_ACT_MAX + 1]; u32 portid = skb ? NETLINK_CB(skb).portid : 0; .... } The function got an argument: Dereferencing Oops, it should be checked too.
  • 30. Example N2. These bugs have ALWAYS been there. Taken from Cfront compiler, year 1985: Pexpr expr::typ(Ptable tbl) { .... Pclass cl; .... cl = (Pclass) nn->tp; cl->permanent=1; if (cl == 0) error('i',"%k %s'sT missing",CLASS,s); .... }
  • 31. Example N3. Nothing has changed for the past 30 years. Contemporary Clang compiler: Instruction *InstCombiner::visitGetElementPtrInst(....) { .... Value *StrippedPtr = PtrOp->stripPointerCasts(); PointerType *StrippedPtrTy = dyn_cast<PointerType>(StrippedPtr->getType()); if (!StrippedPtr) return 0; .... }
  • 32. Example N4. C # projects are no better. In the source code of 270 controls written by DevExpress we found 460 errors of this kind (1.7 error per project). Example: public IList<ISeries> CreateBindingSeries(....) { DataBrowser seriesBrowser = CreateDataBrowser(....); .... int currentPosition = seriesBrowser.Position; if (seriesBrowser != null && seriesBrowser.Position >= 0) .... }
  • 33. PVS-Studio is coming to the aid Unreal Engine 4 (C++) FName UKismetNodeHelperLibrary::GetEnumeratorName( const UEnum* Enum, uint8 EnumeratorValue) { int32 EnumeratorIndex = Enum->GetIndexByValue(EnumeratorValue); return (NULL != Enum) ? Enum->GetEnum(EnumeratorIndex) : NAME_None; } V595 The 'Enum' pointer was utilized before it was verified against nullptr. Check lines: 146, 147. kismetnodehelperlibrary.cpp 146
  • 34. PVS-Studio is coming to the aid It detects errors in all the previous cases: 1. V595 The 'skb' pointer was utilized before it was verified against nullptr. Check lines: 949, 951. act_api.c 949 2. V595 The 'cl' pointer was utilized before it was verified against nullptr. Check lines: 927, 928. expr.c 927 3. V595 The 'StrippedPtr' pointer was utilized before it was verified against nullptr. Check lines: 918, 920. LLVMInstCombine instructioncombining.cpp 918 4. V3095 The 'seriesBrowser' object was used before it was verified against null. Check lines: 509, 510. - ADDITIONAL IN CURRENT DevExpress.Charts.Core BindingProcedure.cs 509
  • 35. What does a “normal” programmer think about a code analyzer? Myths and stereotypes
  • 36. Laziness is on my side • "It is hard to start using static analysis, because of the large number of messages on the first stage."
  • 37. PVS-Studio is coming to the aid: markup base • Old messages can be marked as "uninteresting". This is a key point when you embed the code analyzer into a real project.
  • 38. All settings turned to the maximum! • “The more messages the analyzer issues, the better is the analyzer”
  • 39. "The first 10 messages” • People’s attention weakens very quickly. • The analyzer must take this into account. • Default settings are chosen in such a way that you have maximum chances to see the error immediately.
  • 40. The hardest part about static analysis: not to issue warnings • C++: 105 open source projects • C#: 36 open source projects • Example V501
  • 41. V501. Infix operation is considered as a dangerous one, if the right and the left operands are the same. while (X < X) if (A == B || A == B)
  • 42. V501. The devil is in the details • X*X • while (*p++ == *a++ && *p++ == *a++) • There are number literals to the left and to the right if (0 == 0) … 15 | 15 … • #define M1 100 #define M2 100 if (x == M1 || x == M2) • float x = foo(); if (x == x)
  • 43. V501. The devil is in the details • /or - apply to numeric constants: 1./1. • A string from Zlib: if (opaque) items += size - size; / * make compiler happy * / • rand() - rand() rand() % N - rand() % N • There are classes to the left and right of '|', '&', '^', '%'. if (str == str) – look for if (vect ^ vect) – we’d better skip • sizeof(__int64) < sizeof(__int64)
  • 44. V501. The devil is in the details • 0 << 31 | 0 << 30 | ... (0 << 6) | (0 << 3) | … • '0' == 0x30 && 'A' == 0x41 && 'a' == 0x61 • This is a template function to define NaN numbers. • Read(x) && Read(x) • #define USEDPARAM(p) ((&p) == (&p)) and others • To the right and left there is a function call with such names as pop, _pop • Etc …
  • 45. Interface? Infrastructure? • “Give me just a command line utility, nobody cares about the other stuff”
  • 46. PVS-Studio is coming to the aid: Ability to work with the list of messages. • Filters by the code of the message; • Filters by the message text; • Filters by the name of a file or a folder; • False alarm markup in the code (Mark As False Alarm: //-V501), including macros; • 100 messages for an .h-file. • Interactivity is super important!
  • 47. PVS-Studio is coming to the aid: Different ways to run the analyzer • Integration with IDE; • A separate application; • Monitoring of the compiler; • Command line version; • Integration with nightly builds; • IncrediBuild Support.
  • 48. Static analysis is not a panacea • This is an answer to the question: "What else can I do to improve the quality of the code”
  • 49. On the topic of programming culture in Russia and in the world, or “Why should I care about static analysis at all?” • Western people have used for a long time quite successfully. • Knowing the principles and tools for static code analysis gives you +10 points on the job interview and +20 during the implementation in your project. On top of it - a position of a Team Leader. • Where else can we find articles about static code analysis? 49/26
  • 50. Q&A • Contact: evg@viva64.com • Follow us on twitter: https://twitter.com/Code_Analysis • Visit the site: www.viva64.com • Come and talk to us during the conference (mostly, we are friendly people and won’t bite you, we promise) 50/26