The document summarizes the analysis of the TensorFlow machine learning library using the PVS-Studio static code analyzer. Some key findings include:
1. PVS-Studio found 64 instances of false positives related to the DCHECK debugging macro that were suppressed. Explanations of how to address false positives were provided.
2. Various PVS-Studio settings like disabling diagnostics rules and excluding automatically generated files helped filter the analysis output.
3. Genuine errors found include a null pointer dereference that could lead to undefined behavior and a redundant null check.
How to Improve Visual C++ 2017 Libraries Using PVS-StudioPVS-Studio
The title of this article is a hint for the Visual Studio developers that they could benefit from the use of PVS-Studio static code analyzer. The article discusses the analysis results of the libraries in the recent Visual C++ 2017 release and gives advice on how to improve them and eliminate the bugs found. Read on to find out how the developers of Visual C++ Libraries shoot themselves in the foot: it's going to be interesting and informative.
Searching for bugs in Mono: there are hundreds of them!PVS-Studio
It's very interesting to check large projects. As a rule, we do manage to find unusual and peculiar errors, and tell people about them. Also, it's a great way to test our analyzer and improve all its different aspects. I've long been waiting to check 'Mono'; and finally, I got the opportunity. I should say that this check really proved its worth as I was able to find a lot of entertaining things. This article is about the bugs we found, and several nuances which arose during the check.
We continue checking Microsoft projects: analysis of PowerShellPVS-Studio
It has become a "good tradition" for Microsoft to make their products open-source: CoreFX, .Net Compiler Platform (Roslyn), Code Contracts, MSBuild, and other projects. For us, the developers of PVS-Studio analyzer, it's an opportunity to check well-known projects, tell people (including the project authors themselves) about the bugs we find, and additionally test our analyzer. Today we are going to talk about the errors found in another project by Microsoft, PowerShell.
New Year PVS-Studio 6.00 Release: Scanning RoslynPVS-Studio
The long wait is finally over. We have released a static code analyzer PVS-Studio 6.00 that supports the analysis of C# projects. It can now analyze projects written in languages C, C++, C++/CLI, C++/CX, and C#. For this release, we have prepared a report based on the analysis of open-source project Roslyn. It is thanks to Roslyn that we were able to add the C# support to PVS-Studio, and we are very grateful to Microsoft for this project.
How PVS-Studio does the bug search: methods and technologiesPVS-Studio
PVS-Studio is a static code analyzer, that searches for errors and vulnerabilities in programs written in C, C++ and C#. In this article, I am going to uncover the technologies that we use in PVS-Studio analyzer. In addition to the general theoretical information, I will show practical examples of how certain technology allows the detection of bugs.
The document discusses the automated testing tools JUnit and Cactus. It outlines some pitfalls of using these tools, such as not using assertions correctly, writing unfocused test methods, and failing to isolate tests. However, it does not mention important drawbacks like the high cost and complexity of distributed testing with Cactus. Alternative tools like HttpUnit may provide simpler web testing without requiring test code on multiple JVMs. While automated testing can save time and money, tools like JUnit and Cactus have limitations and are not perfect for all types of testing.
An ideal static code analyzer would have the following characteristics: 100% detection of all errors with 0% false positives, high performance across any operating system or IDE, and the ability to analyze any programming language. However, the author explains that such an ideal is unachievable. Perfect error detection and no false positives are impossible due to limitations in analyzing program logic and constantly evolving code. Wide system and language support requires significant development efforts. Quality customer support and tool maintenance require ongoing funding which supports an annual licensing model rather than one-time free use. While an ideal analyzer is unattainable, the characteristics define goals for product development.
The document discusses reversing Microsoft patches to reveal vulnerable code. It describes downloading patches and extracting files, using DarunGrim2 for binary differencing to locate code changes between patched and unpatched binaries, analyzing differences to find potential vulnerability fixes while removing false positives, and debugging to validate findings by crashing applications with malformed files. The goal is to create zero-day exploits and vulnerability signatures.
How to Improve Visual C++ 2017 Libraries Using PVS-StudioPVS-Studio
The title of this article is a hint for the Visual Studio developers that they could benefit from the use of PVS-Studio static code analyzer. The article discusses the analysis results of the libraries in the recent Visual C++ 2017 release and gives advice on how to improve them and eliminate the bugs found. Read on to find out how the developers of Visual C++ Libraries shoot themselves in the foot: it's going to be interesting and informative.
Searching for bugs in Mono: there are hundreds of them!PVS-Studio
It's very interesting to check large projects. As a rule, we do manage to find unusual and peculiar errors, and tell people about them. Also, it's a great way to test our analyzer and improve all its different aspects. I've long been waiting to check 'Mono'; and finally, I got the opportunity. I should say that this check really proved its worth as I was able to find a lot of entertaining things. This article is about the bugs we found, and several nuances which arose during the check.
We continue checking Microsoft projects: analysis of PowerShellPVS-Studio
It has become a "good tradition" for Microsoft to make their products open-source: CoreFX, .Net Compiler Platform (Roslyn), Code Contracts, MSBuild, and other projects. For us, the developers of PVS-Studio analyzer, it's an opportunity to check well-known projects, tell people (including the project authors themselves) about the bugs we find, and additionally test our analyzer. Today we are going to talk about the errors found in another project by Microsoft, PowerShell.
New Year PVS-Studio 6.00 Release: Scanning RoslynPVS-Studio
The long wait is finally over. We have released a static code analyzer PVS-Studio 6.00 that supports the analysis of C# projects. It can now analyze projects written in languages C, C++, C++/CLI, C++/CX, and C#. For this release, we have prepared a report based on the analysis of open-source project Roslyn. It is thanks to Roslyn that we were able to add the C# support to PVS-Studio, and we are very grateful to Microsoft for this project.
How PVS-Studio does the bug search: methods and technologiesPVS-Studio
PVS-Studio is a static code analyzer, that searches for errors and vulnerabilities in programs written in C, C++ and C#. In this article, I am going to uncover the technologies that we use in PVS-Studio analyzer. In addition to the general theoretical information, I will show practical examples of how certain technology allows the detection of bugs.
The document discusses the automated testing tools JUnit and Cactus. It outlines some pitfalls of using these tools, such as not using assertions correctly, writing unfocused test methods, and failing to isolate tests. However, it does not mention important drawbacks like the high cost and complexity of distributed testing with Cactus. Alternative tools like HttpUnit may provide simpler web testing without requiring test code on multiple JVMs. While automated testing can save time and money, tools like JUnit and Cactus have limitations and are not perfect for all types of testing.
An ideal static code analyzer would have the following characteristics: 100% detection of all errors with 0% false positives, high performance across any operating system or IDE, and the ability to analyze any programming language. However, the author explains that such an ideal is unachievable. Perfect error detection and no false positives are impossible due to limitations in analyzing program logic and constantly evolving code. Wide system and language support requires significant development efforts. Quality customer support and tool maintenance require ongoing funding which supports an annual licensing model rather than one-time free use. While an ideal analyzer is unattainable, the characteristics define goals for product development.
The document discusses reversing Microsoft patches to reveal vulnerable code. It describes downloading patches and extracting files, using DarunGrim2 for binary differencing to locate code changes between patched and unpatched binaries, analyzing differences to find potential vulnerability fixes while removing false positives, and debugging to validate findings by crashing applications with malformed files. The goal is to create zero-day exploits and vulnerability signatures.
The document discusses various types of software testing including unit testing, functional testing, system testing, performance testing, and acceptance testing. It provides examples of unit test frameworks for different programming languages. Test-driven development and using continuous integration tools are advocated to improve testing practices and prevent code that does not work from being deployed. Challenges of testing like the difficulty of testing distributed systems are also outlined.
I am Kefa J. I am a Database Management Homework Expert at databasehomeworkhelp.com. I hold a Ph.D. in Programming, Princeton University, USA. I have been helping students with their homework for the past 12 years. I solve homework related to Database Management.
Visit databasehomeworkhelp.com or email info@databasehomeworkhelp.com. You can also call on +1 678 648 4277 for any assistance with Database Management Homework.
The document describes an introductory training course on PHPUnit testing. It discusses installing PHPUnit and getting started with writing tests. Specifically, it shows how to write a first test case to test a Game_Grid class by creating a GridTest.php file. It fails initially since the class doesn't exist yet. The test is then made to pass by creating the Grid class file. The document also discusses bootstrapping tests by creating a Bootstrap.php file to autoload classes so requires aren't needed in each test.
An Ideal Way to Integrate a Static Code Analyzer into a ProjectPVS-Studio
One of the most difficult things about using static analysis tools is managing false positives. There are a number of ways to eliminate them using the analyzer's settings or changing the code itself. I took a small project Apple II emulator for Windows as an example to show you how you can handle PVS-Studio's analysis report, and demonstrate by a number of examples how to fix errors and suppress false positives.
This document discusses using GoogleTest as a C++ unit testing framework. It provides an overview of GoogleTest features such as assertion-rich testing, test fixtures, test result reporting, and parameterized/data-driven tests. It also demonstrates how to set up a sample project in Visual Studio to write and run tests using GoogleTest, including features like type assertions, death tests, and test filtering.
Clang static analyzer found some errors in PVS-Studio source code when it was checked against Clang. The errors included using uninitialized variables, uninitialized pointers, and unsafe type conversions. While not critical bugs, they indicate areas for improvement. Clang also reported some false positives but helped uncover unused code that could be removed. Overall, using Clang provided a useful review of PVS-Studio and highlighted opportunities to strengthen the code quality.
The article describes the testing technologies used when developing PVS-Studio static code analyzer. The developers of the tool for programmers talk about the principles of testing their own program product which can be interesting for the developers of similar packages for processing text data or source code.
Ever find a module that does 98% of what you need it to do, and there's no way to make it do that last 2%? Ever need to fix a bug in a module you've run into, but you're the only one who's ever had this problem? You need a patch.
Phase 2 Senior Developer Joshua Turton will cover the hows and whys of patching a module. You will learn:
When is a patch appropriate?
How to edit the module's code and what branch to edit against
How to generate a patch with git, both on the command line and in a GUI
How to report an issue in the module issue queue
How to name your patch file according to drupal's standards
How to use drush make to apply your patch automatically.
What to do if your patch is accepted or rejected
And most importantly: Why you SHOULD contribute your patch, and not be shy!
This presentation is aimed right at the beginner level developer, who is interested in getting involved in Drupal's open-source community, but is intimidated by the complexities and scale of the issue queue and module building. Middle to advanced level developers should also find the session interesting, particularly if they have not gotten involved in the issue queues themselves.
FAQ - why does my code throw a null pointer exception - common reason #1 Rede...Alan Richardson
A common reason for Null Pointer Exceptions in Java is a variable redeclaration instead of instantiation. Learn what that means, how to avoid it, and how to spot it, in this presentation.
Read the full blog post: http://testerhq.com/post/blogs/javafortesters/2017-08-29-faq-null-pointer-exception/
Visit my Java Web Site: http://javafortesters.com
---
# FAQ - why does my code throw a null pointer exception - common reason #1 Redeclaration
- Using `@BeforeClass` or `@Before` can setup data for use in tests
- Any 'variables' we instantiate need to be 'fields' rather than variables
- We want to instantiate them in the setup method rather than redeclare them
---
# Example of the Problem
I know I will use an `Adder` in my test so I create it as a field:
~~~~~~~~
public class WhyCodeThrowsNullPointerExceptionTest {
Adder adder;
~~~~~~~~
I don't want to re-instantiate it each time so I make an `@BeforeClass` method to instantiate it:
~~~~~~~~
@BeforeClass
public static void setupAdder(){
Adder adder = new Adder();
}
~~~~~~~~
**Warning: Error in the above code**
---
# Semantic Error
I just made a Semantic coding error. This won't be caught by a compiler, but it will cause my `@Test` to fail with a Null Pointer Exception.
In the setup method I really wanted to assign a value to the field, instead I created an new variable with the same name.
# In General
- Try to write one test at a time so that if you have a problem it is easier to identify where the problem is
- Try to write working isolated tests and then refactor to a more general solution when you need it - that way, you know it was working, so you just have to work backwards to find out what went wrong
- Try to use automated IDE refactoring rather than move code around manually
- Use the IDE syntax highlighting to help spot any issues
The document provides an introduction and overview of using Google Mock (gmock) for testing in C++. It discusses key concepts like the system under test (SUT), test doubles, mocks, stubs, and fragile tests. It then provides a tutorial example of defining a mock class for a Turtle interface to allow testing code that depends on drawing functions without executing the real drawing implementation.
- Unit testing involves writing code to test individual units or components of an application to ensure they perform as expected.
- The document discusses setting up a unit testing framework for WordPress plugins and themes using PHPUnit and WP-CLI. It provides steps to generate initial test files and install dependencies to support unit testing.
- Examples of writing unit tests are given, including how to structure tests with assertions to validate the behavior of functions and methods. Maintaining well-organized test files and cases is important for an effective testing suite.
How the PVS-Studio analyzer began to find even more errors in Unity projectsAndrey Karpov
When developing the PVS-Studio static analyzer, we try to develop it in various directions. Thus, our team is working on plugins for the IDE (Visual Studio, Rider), improving integration with CI, and so on. Increasing the efficiency of project analysis under Unity is also one of our priority goals. We believe that static analysis will allow programmers using this game engine to improve the quality of their source code and simplify work on any projects. Therefore, we would like to increase the popularity of PVS-Studio among companies that develop under Unity. One of the first steps in implementing this idea was to write annotations for the methods defined in the engine. This allows a developer to control the correctness of the code related to calls of annotated methods.
If you've ever wondered just what happens when you run go test, this talk is for you. Covering flags, pre-checks, incompatible options, and even a few interesting tricks, this talks goes deep into the test tool, but avoids going so deep that the talk turns into a session on how builds actually work - it treads somewhere in the middle.
Creating testing tools to support developmentChema del Barco
This is a presentation I made for the Kraków Java User Group on test automation and how to solve the challenges around it to make it really useful for development teams. It contains some examples of how we are doing it at Akamai's Web department, and some based on my own experience.
The document discusses automated testing in Python and other languages. It covers unit testing, how unit tests work in Python using the unittest module, the benefits of testing like refactoring with confidence and faster debugging. It also briefly mentions test frameworks for other languages like Java, Perl, PHP and Erlang. The key themes are that testing finds bugs, helps refactor code safely, and that when frameworks have shortcomings the better approach is to help fix them rather than starting new ones.
This presentation walks the reader through implementing a simple web application and its tests using Python, Flask, and the Pytest testing framework. Emphasis is placed on following the process of test-driven development (TDD) in creating the application.
Learn why you should put your blackbox (or system/integration) tests into Docker Containers.
Brief (remedial) overview of Docker for software testers who don't know docker, and only need to know the basics to wrap their regression tests inside of a container.
This document discusses program analysis methods and the Valgrind tool. It begins with an introduction to program analysis, including dynamic and static analysis. It then provides an example of bad code containing bugs and demonstrates how Valgrind can detect these bugs, such as invalid reads, writes, and memory leaks. The document also covers some limitations of Valgrind and describes additional tools in Valgrind for profiling and thread error detection. It concludes with sections on how Valgrind works using binary translation and an intermediate representation, as well as tuning Valgrind through suppression files and client requests.
This document provides an overview of automated unit testing in PHP. It discusses what unit testing is, why it is important, what should be tested, when to test, and how to set up and run tests using PHPUnit. Key points include:
- Unit testing validates individual units of source code. Each test should test a single function or class.
- Tests should be run early and often to catch bugs early in development.
- PHPUnit is a popular PHP testing framework that allows creating and running automated tests. It provides assertions, fixtures, and other features to test code.
- Tests can be organized into test suites and run via the command line or configured via an XML file. Groups allow filtering tests to
PVS-Studio analyzed the Boost library and found 7 potential bugs or issues. The issues included a misprint that caused division by zero, incorrect class member initialization, memory being released incorrectly with auto_ptr, a condition that would always be true due to unsigned socket type, another misprint where a variable wasn't assigned a value, potential for infinite loop when reading from a stream, and suspicious subtraction of identical values. Finding even a small number of issues in a heavily used and reviewed library like Boost demonstrates the tool's effectiveness at static analysis.
This post is about love. About the love of the static code analyzer PVS-Studio, for the great open source Linux operating system. This love is young, touching and fragile. It needs help and care. You will help greatly if you volunteer to help testing the beta-version of PVS-Studio for Linux.
The document discusses various types of software testing including unit testing, functional testing, system testing, performance testing, and acceptance testing. It provides examples of unit test frameworks for different programming languages. Test-driven development and using continuous integration tools are advocated to improve testing practices and prevent code that does not work from being deployed. Challenges of testing like the difficulty of testing distributed systems are also outlined.
I am Kefa J. I am a Database Management Homework Expert at databasehomeworkhelp.com. I hold a Ph.D. in Programming, Princeton University, USA. I have been helping students with their homework for the past 12 years. I solve homework related to Database Management.
Visit databasehomeworkhelp.com or email info@databasehomeworkhelp.com. You can also call on +1 678 648 4277 for any assistance with Database Management Homework.
The document describes an introductory training course on PHPUnit testing. It discusses installing PHPUnit and getting started with writing tests. Specifically, it shows how to write a first test case to test a Game_Grid class by creating a GridTest.php file. It fails initially since the class doesn't exist yet. The test is then made to pass by creating the Grid class file. The document also discusses bootstrapping tests by creating a Bootstrap.php file to autoload classes so requires aren't needed in each test.
An Ideal Way to Integrate a Static Code Analyzer into a ProjectPVS-Studio
One of the most difficult things about using static analysis tools is managing false positives. There are a number of ways to eliminate them using the analyzer's settings or changing the code itself. I took a small project Apple II emulator for Windows as an example to show you how you can handle PVS-Studio's analysis report, and demonstrate by a number of examples how to fix errors and suppress false positives.
This document discusses using GoogleTest as a C++ unit testing framework. It provides an overview of GoogleTest features such as assertion-rich testing, test fixtures, test result reporting, and parameterized/data-driven tests. It also demonstrates how to set up a sample project in Visual Studio to write and run tests using GoogleTest, including features like type assertions, death tests, and test filtering.
Clang static analyzer found some errors in PVS-Studio source code when it was checked against Clang. The errors included using uninitialized variables, uninitialized pointers, and unsafe type conversions. While not critical bugs, they indicate areas for improvement. Clang also reported some false positives but helped uncover unused code that could be removed. Overall, using Clang provided a useful review of PVS-Studio and highlighted opportunities to strengthen the code quality.
The article describes the testing technologies used when developing PVS-Studio static code analyzer. The developers of the tool for programmers talk about the principles of testing their own program product which can be interesting for the developers of similar packages for processing text data or source code.
Ever find a module that does 98% of what you need it to do, and there's no way to make it do that last 2%? Ever need to fix a bug in a module you've run into, but you're the only one who's ever had this problem? You need a patch.
Phase 2 Senior Developer Joshua Turton will cover the hows and whys of patching a module. You will learn:
When is a patch appropriate?
How to edit the module's code and what branch to edit against
How to generate a patch with git, both on the command line and in a GUI
How to report an issue in the module issue queue
How to name your patch file according to drupal's standards
How to use drush make to apply your patch automatically.
What to do if your patch is accepted or rejected
And most importantly: Why you SHOULD contribute your patch, and not be shy!
This presentation is aimed right at the beginner level developer, who is interested in getting involved in Drupal's open-source community, but is intimidated by the complexities and scale of the issue queue and module building. Middle to advanced level developers should also find the session interesting, particularly if they have not gotten involved in the issue queues themselves.
FAQ - why does my code throw a null pointer exception - common reason #1 Rede...Alan Richardson
A common reason for Null Pointer Exceptions in Java is a variable redeclaration instead of instantiation. Learn what that means, how to avoid it, and how to spot it, in this presentation.
Read the full blog post: http://testerhq.com/post/blogs/javafortesters/2017-08-29-faq-null-pointer-exception/
Visit my Java Web Site: http://javafortesters.com
---
# FAQ - why does my code throw a null pointer exception - common reason #1 Redeclaration
- Using `@BeforeClass` or `@Before` can setup data for use in tests
- Any 'variables' we instantiate need to be 'fields' rather than variables
- We want to instantiate them in the setup method rather than redeclare them
---
# Example of the Problem
I know I will use an `Adder` in my test so I create it as a field:
~~~~~~~~
public class WhyCodeThrowsNullPointerExceptionTest {
Adder adder;
~~~~~~~~
I don't want to re-instantiate it each time so I make an `@BeforeClass` method to instantiate it:
~~~~~~~~
@BeforeClass
public static void setupAdder(){
Adder adder = new Adder();
}
~~~~~~~~
**Warning: Error in the above code**
---
# Semantic Error
I just made a Semantic coding error. This won't be caught by a compiler, but it will cause my `@Test` to fail with a Null Pointer Exception.
In the setup method I really wanted to assign a value to the field, instead I created an new variable with the same name.
# In General
- Try to write one test at a time so that if you have a problem it is easier to identify where the problem is
- Try to write working isolated tests and then refactor to a more general solution when you need it - that way, you know it was working, so you just have to work backwards to find out what went wrong
- Try to use automated IDE refactoring rather than move code around manually
- Use the IDE syntax highlighting to help spot any issues
The document provides an introduction and overview of using Google Mock (gmock) for testing in C++. It discusses key concepts like the system under test (SUT), test doubles, mocks, stubs, and fragile tests. It then provides a tutorial example of defining a mock class for a Turtle interface to allow testing code that depends on drawing functions without executing the real drawing implementation.
- Unit testing involves writing code to test individual units or components of an application to ensure they perform as expected.
- The document discusses setting up a unit testing framework for WordPress plugins and themes using PHPUnit and WP-CLI. It provides steps to generate initial test files and install dependencies to support unit testing.
- Examples of writing unit tests are given, including how to structure tests with assertions to validate the behavior of functions and methods. Maintaining well-organized test files and cases is important for an effective testing suite.
How the PVS-Studio analyzer began to find even more errors in Unity projectsAndrey Karpov
When developing the PVS-Studio static analyzer, we try to develop it in various directions. Thus, our team is working on plugins for the IDE (Visual Studio, Rider), improving integration with CI, and so on. Increasing the efficiency of project analysis under Unity is also one of our priority goals. We believe that static analysis will allow programmers using this game engine to improve the quality of their source code and simplify work on any projects. Therefore, we would like to increase the popularity of PVS-Studio among companies that develop under Unity. One of the first steps in implementing this idea was to write annotations for the methods defined in the engine. This allows a developer to control the correctness of the code related to calls of annotated methods.
If you've ever wondered just what happens when you run go test, this talk is for you. Covering flags, pre-checks, incompatible options, and even a few interesting tricks, this talks goes deep into the test tool, but avoids going so deep that the talk turns into a session on how builds actually work - it treads somewhere in the middle.
Creating testing tools to support developmentChema del Barco
This is a presentation I made for the Kraków Java User Group on test automation and how to solve the challenges around it to make it really useful for development teams. It contains some examples of how we are doing it at Akamai's Web department, and some based on my own experience.
The document discusses automated testing in Python and other languages. It covers unit testing, how unit tests work in Python using the unittest module, the benefits of testing like refactoring with confidence and faster debugging. It also briefly mentions test frameworks for other languages like Java, Perl, PHP and Erlang. The key themes are that testing finds bugs, helps refactor code safely, and that when frameworks have shortcomings the better approach is to help fix them rather than starting new ones.
This presentation walks the reader through implementing a simple web application and its tests using Python, Flask, and the Pytest testing framework. Emphasis is placed on following the process of test-driven development (TDD) in creating the application.
Learn why you should put your blackbox (or system/integration) tests into Docker Containers.
Brief (remedial) overview of Docker for software testers who don't know docker, and only need to know the basics to wrap their regression tests inside of a container.
This document discusses program analysis methods and the Valgrind tool. It begins with an introduction to program analysis, including dynamic and static analysis. It then provides an example of bad code containing bugs and demonstrates how Valgrind can detect these bugs, such as invalid reads, writes, and memory leaks. The document also covers some limitations of Valgrind and describes additional tools in Valgrind for profiling and thread error detection. It concludes with sections on how Valgrind works using binary translation and an intermediate representation, as well as tuning Valgrind through suppression files and client requests.
This document provides an overview of automated unit testing in PHP. It discusses what unit testing is, why it is important, what should be tested, when to test, and how to set up and run tests using PHPUnit. Key points include:
- Unit testing validates individual units of source code. Each test should test a single function or class.
- Tests should be run early and often to catch bugs early in development.
- PHPUnit is a popular PHP testing framework that allows creating and running automated tests. It provides assertions, fixtures, and other features to test code.
- Tests can be organized into test suites and run via the command line or configured via an XML file. Groups allow filtering tests to
PVS-Studio analyzed the Boost library and found 7 potential bugs or issues. The issues included a misprint that caused division by zero, incorrect class member initialization, memory being released incorrectly with auto_ptr, a condition that would always be true due to unsigned socket type, another misprint where a variable wasn't assigned a value, potential for infinite loop when reading from a stream, and suspicious subtraction of identical values. Finding even a small number of issues in a heavily used and reviewed library like Boost demonstrates the tool's effectiveness at static analysis.
This post is about love. About the love of the static code analyzer PVS-Studio, for the great open source Linux operating system. This love is young, touching and fragile. It needs help and care. You will help greatly if you volunteer to help testing the beta-version of PVS-Studio for Linux.
Static Analysis: From Getting Started to IntegrationAndrey Karpov
Sometimes, tired of endless code review and debugging, you start wondering if there are ways to make your life easier. After some googling or merely by accident, you stumble upon the phrase, "static analysis". Let's find out what it is and how it can be used in your project.
PVS-Studio and CppCat: An Interview with Andrey Karpov, the Project CTO and D...Andrey Karpov
The developers of PVS-Studio analyzer regularly publish new articles about their tool (and sometimes about other analyzers as well) where they share the analysis results of various software projects produced by the analyzer and demonstrate code samples in which defects were found. Quite recently, a new product, CppCat, was released, which is a lightweight version of PVS-Studio at a low cost - compared to that of its heavier counterpart. You can find a brief description of the PVS-Studio project for Visual C++ here and here, and for a description of the new product see the article "An Alternative to PVS-Studio at $250".
You can now use PVS-Studio with Visual Studio absent; just give it the prepro...Andrey Karpov
The new version of the static code analyzer PVS-Studio 5.10 comes with a small utility PVS-Studio Standalone which you may even miss at first. I'd say that's one small step for mankind but one big leap for PVS-Studio :) You can use the current version of this utility in two (for now) ways:
1. View analysis results (the .plog file) saved on another computer without running the Visual Studio IDE.
2. Analyze preprocessed files (generated by any preprocessor beforehand) without a preprocessor and project files or makefiles.
The Development History of PVS-Studio for LinuxPVS-Studio
Earlier this year, we started doing something that we had felt uncertain about for a long time, namely porting PVS-Studio to Linux. In this article, I will tell you how we made the decision to create a product for Linux distributions after 10 years of the Windows version's existence. It's a big job, which, unfortunately, involves much more work than simply compiling the source files for the new platform, as some may think.
Espressif IoT Development Framework: 71 Shots in the FootAndrey Karpov
The article summarizes the author's analysis of errors found in the Espressif IoT Development Framework using the PVS-Studio static analyzer. The analyzer found 71 errors in the framework code related to security vulnerabilities like incorrect argument order, loss of significant bits, and failure to clear private data from memory. The author notes that additional errors may be found with a more complete analysis. Conditional compilation directives and macros used in the framework code generated many false positives from the analyzer.
PVS-Studio Now Supports Any Build System under Windows and Any Compiler. Easy...Andrey Karpov
The next PVS-Studio version 5.15 will be able to analyze projects built by absolutely any build system: Makefile, Visual Studio Project, user-made build systems based on Python, Bash or whatever else... It will allow you to simply "watch" compiler calls and collect all the necessary information to run the analyzer in automatic mode. Moreover, it works with any (sensible) C/C++ compiler under Windows. Want to know more?
Difficulties of comparing code analyzers, or don't forget about usabilityPVS-Studio
Users' desire to compare different code analyzers is natural and understandable. However, it's not so easy to fulfill this desire as it may seem at first sight. The point is that you don't know what particular factors must be compared.
Difficulties of comparing code analyzers, or don't forget about usabilityAndrey Karpov
This document discusses the difficulties in comparing code analyzers based on usability. Simply comparing metrics like number of diagnostics or speed is unreasonable because they don't reflect how usable a tool is for a particular project or user. The document analyzes six usability issues with an analyzer integrated into Visual Studio compared to PVS-Studio when analyzing the eMule project, such as inability to save analysis results or filter duplicate messages. While the Visual Studio analyzer was faster, it took much longer to complete analysis due to usability issues. The document concludes that usability is very important for comparing analyzers and there is no single best tool, only what is better for a specific project and user.
Difficulties of comparing code analyzers, or don't forget about usabilityPVS-Studio
Users' desire to compare different code analyzers is natural and understandable. However, it's not so easy to fulfill this desire as it may seem at first sight. The point is that you don't know what particular factors must be compared.
1) The author conducted experiments to determine if PVS-Studio could analyze code without being tied to Visual Studio. Experiments showed that properly handling include paths and duplicate file names is difficult without a project file, and preprocessing is essential for quality static analysis.
2) Compilation switches had little impact on analysis, except include paths. Preprocessing provides necessary type and symbol information.
3) Checking all files in a folder led to analyzing unnecessary files and preprocessing errors. Project structure is important for proper static analysis.
An ideal static analyzer, or why ideals are unachievablePVS-Studio
Being inspired by Eugene Laspersky's post about an ideal antivirus, I decided to write a similar post about an ideal static analyzer. And meanwhile think how far from being it our PVS-Studio is.
At some moment, long ago, we somehow started to cover in our articles any subject but the PVS-Studio tool itself. We told you about the projects we checked and the C++ language's subtle details; we told you how to create plugins in C# or how to launch PVS-Studio from the command line... But PVS-Studio is first of all meant for developers working in Visual Studio. We've done quite a lot to make it easier and more comfortable for them to use our tool. Yet this particular aspect usually stays off screen. Now I decided to improve that and tell you about the PVS-Studio plugin from scratch. If you are a Visual C++ user, this article is for you.
Static analysis is most efficient when being used regularly. We'll tell you w...Andrey Karpov
Some of our users run static analysis only occasionally. They find new errors in their code and, feeling glad about this, willingly renew PVS-Studio licenses. I should feel glad too, shouldn't I? But I feel sad - because you get only 10-20% of the tool's efficiency when using it in such a way, while you could obtain at least 80-90% if you used it otherwise. In this post I will tell you about the most common mistake among users of static code analysis tools.
Static analysis is most efficient when being used regularly. We'll tell you w...PVS-Studio
The document discusses best practices for using static code analysis tools to maximize their effectiveness. It recommends: 1) Marking false positives to reduce future messages, 2) Using incremental analysis to check modified files, 3) Checking files modified in the last few days, and 4) Running analysis nightly on a build server. Following all recommendations provides the highest return on investment in static analysis by catching errors earlier in development.
The article describes the testing technologies used when developing PVS-Studio static code analyzer. The developers of the tool for programmers talk about the principles of testing their own program product which can be interesting for the developers of similar packages for processing text data or source code.
Konstantin Knizhnik: static analysis, a view from asidePVS-Studio
The article is an interview with Konstantin Knizhnik taken by Andrey Karpov, "Program Verification Systems" company's worker. In this interview the issues of static code analysis, relevance of solutions made in this sphere and prospects of using static analysis while developing applications are discussed.
If the coding bug is banal, it doesn't meant it's not crucialPVS-Studio
Spreading the word about PVS-Studio static analyzer, we usually write articles for programmers. However, some things are seen by programmers quite one-sided. That is why there are project managers who can help manage the process of the project development and guide it to the right direction. I decided to write a series of articles, whose target audience is project managers. These articles will help better understand the use of static code analysis methodology. Today we are going to consider a false postulate: "coding errors are insignificant".
Hartmut Kaiser evaluates his experience using the static analysis tool PVS-Studio to analyze the HPX C++ library source code. PVS-Studio found several issues, including an unused variable, an incorrect return type, and a missing copy constructor. Integrating PVS-Studio into continuous integration was seen as very useful. While the tool caught real problems, it also produced some false positives that could be suppressed. Overall the analysis was seen as valuable for finding subtle bugs.
Similar to War of the Machines: PVS-Studio vs. TensorFlow (20)
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Paul Brebner
Closing talk for the Performance Engineering track at Community Over Code EU (Bratislava, Slovakia, June 5 2024) https://eu.communityovercode.org/sessions/2024/why-apache-kafka-clusters-are-like-galaxies-and-other-cosmic-kafka-quandaries-explored/ Instaclustr (now part of NetApp) manages 100s of Apache Kafka clusters of many different sizes, for a variety of use cases and customers. For the last 7 years I’ve been focused outwardly on exploring Kafka application development challenges, but recently I decided to look inward and see what I could discover about the performance, scalability and resource characteristics of the Kafka clusters themselves. Using a suite of Performance Engineering techniques, I will reveal some surprising discoveries about cosmic Kafka mysteries in our data centres, related to: cluster sizes and distribution (using Zipf’s Law), horizontal vs. vertical scalability, and predicting Kafka performance using metrics, modelling and regression techniques. These insights are relevant to Kafka developers and operators.
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
14 th Edition of International conference on computer visionShulagnaSarkar2
About the event
14th Edition of International conference on computer vision
Computer conferences organized by ScienceFather group. ScienceFather takes the privilege to invite speakers participants students delegates and exhibitors from across the globe to its International Conference on computer conferences to be held in the Various Beautiful cites of the world. computer conferences are a discussion of common Inventions-related issues and additionally trade information share proof thoughts and insight into advanced developments in the science inventions service system. New technology may create many materials and devices with a vast range of applications such as in Science medicine electronics biomaterials energy production and consumer products.
Nomination are Open!! Don't Miss it
Visit: computer.scifat.com
Award Nomination: https://x-i.me/ishnom
Conference Submission: https://x-i.me/anicon
For Enquiry: Computer@scifat.com
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...kalichargn70th171
In today's business landscape, digital integration is ubiquitous, demanding swift innovation as a necessity rather than a luxury. In a fiercely competitive market with heightened customer expectations, the timely launch of flawless digital products is crucial for both acquisition and retention—any delay risks ceding market share to competitors.
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
How Can Hiring A Mobile App Development Company Help Your Business Grow?ToXSL Technologies
ToXSL Technologies is an award-winning Mobile App Development Company in Dubai that helps businesses reshape their digital possibilities with custom app services. As a top app development company in Dubai, we offer highly engaging iOS & Android app solutions. https://rb.gy/necdnt
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISTier1 app
Are you ready to unlock the secrets hidden within Java thread dumps? Join us for a hands-on session where we'll delve into effective troubleshooting patterns to swiftly identify the root causes of production problems. Discover the right tools, techniques, and best practices while exploring *real-world case studies of major outages* in Fortune 500 enterprises. Engage in interactive lab exercises where you'll have the opportunity to troubleshoot thread dumps and uncover performance issues firsthand. Join us and become a master of Java thread dump analysis!
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
A neural network is a machine learning program, or model, that makes decisions in a manner similar to the human brain, by using processes that mimic the way biological neurons work together to identify phenomena, weigh options and arrive at conclusions.
Malibou Pitch Deck For Its €3M Seed Roundsjcobrien
French start-up Malibou raised a €3 million Seed Round to develop its payroll and human resources
management platform for VSEs and SMEs. The financing round was led by investors Breega, Y Combinator, and FCVC.
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...The Third Creative Media
"Navigating Invideo: A Comprehensive Guide" is an essential resource for anyone looking to master Invideo, an AI-powered video creation tool. This guide provides step-by-step instructions, helpful tips, and comparisons with other AI video creators. Whether you're a beginner or an experienced video editor, you'll find valuable insights to enhance your video projects and bring your creative ideas to life.
Project Management: The Role of Project Dashboards.pdfKarya Keeper
Project management is a crucial aspect of any organization, ensuring that projects are completed efficiently and effectively. One of the key tools used in project management is the project dashboard, which provides a comprehensive view of project progress and performance. In this article, we will explore the role of project dashboards in project management, highlighting their key features and benefits.
Project Management: The Role of Project Dashboards.pdf
War of the Machines: PVS-Studio vs. TensorFlow
1. War of the Machines: PVS-Studio vs.
TensorFlow
Author: Sergey Vasiliev
Date: 11.04.2017
"I'll be back" (c). I think everybody knows this phrase. Although, today we aren't going to talk about the
return of the terminator, the topic of the article is similar in some way. We'll discuss the analysis of the
the machine learning library TensorFlow and will try to find out, if we can sleep peacefully or Skynet is
already coming...
TensorFlow
TensorFlow is a machine learning library, developed by Google corporation and available as an open-
source project since November, 9th, 2015 year. At the moment it is actively used in research work and
in dozens of commercial products of Google, including Google Search, Gmail, YouTube, Photos,
Translate, Assistant, etc. The source code is available at the repository on GitHub and on the Google
Open Source platform.
2. Why was this project chosen?
1. Google. If a project is developed by Google, Microsoft or any other famous developers, its
analysis is a kind of a challenge for us. Besides that, a lot of people would be interested to see
the mistakes made by developers from big name corporations.
2. Machine learning. Nowadays, this subject is gaining more and more popularity. For good reason,
some of the results are truly impressive! I won't bring the examples here, you may easily find
them yourselves.
3. Statistics on GitHub. This is also quite an important criterion, because the more popular is the
project, the better. TensorFlow is breaking all the possible and impossible records! It takes one
of the top places among C++ projects, has more than 50 000 stars and over 20 000 forks! It's
amazing!
Of course, we cannot miss a chance to check such a project. I don't even know why my colleagues
haven't checked it yet. Well, it's time to do this.
What was the tool of the analysis?
If you know what PVS-Studio is, then you know the answer. In case you are still not aware, please don't
rush reading on. For example, it could be interesting to know that we have a C# analyzer for more than a
year, and a Linux version for roughly half a year.
Here is also the general information about the tool. The analysis was done using a static code analyzer
PVS-Studio that finds bugs in programs written in C, C++ and C#. PVS-Studio works under Linux and
Windows; currently it has more than 400 diagnostics, whose description you may find on this page.
Besides developing the static analyzer, we also check open source projects and write reports about the
results. By this moment we have checked more than 280 projects, where we found more than 10 800
3. errors. These aren't some small and insignificant projects, but quite well known ones: Chromium, Clang,
GCC, Roslyn, FreeBSD, Unreal Engine, Mono and others.
PVS-Studio is available for download, that's why I suggest trying it on your project and checking out
what it may find in your code.
By the way, PVS-Studio has its own tag on StackOverflow (link). I recommend asking questions there, so
that other developers could quickly find the necessary information without waiting for our reply by the
e-mail. In our turn we are always glad to help our users.
The article format
This time I want to divert from a traditional flow of the analysis: Downloaded the project - checked -
wrote about the found bugs. I also want to tell about some analyzer settings and the ways they can be
useful. In particular I will show how to fight against false positives, how to benefit from disabling certain
diagnostics and excluding particular files from the analysis. Of course, we will have a look at the errors
that PVS-Studio managed to find in the source code TensorFlow.
Preparation for the analysis
Now that PVS-Studio is also available under Linux, we have a choice of how to perform the analysis:
under Linux or Windows. Quite recently I checked one project under openSUSE, which was quite simple
and convenient, but still I decided to check TensorFlow under Windows. It was more familiar for me.
What's more, it can be built using CMake which presupposes further work in the Visual Studio IDE, for
which we have a special plugin (the latest version obtained code highlighting of erroneous fragments).
Officially, the built of TensorFlow under Windows is not supported (according to the website).
Nevertheless, there is also a link of how to build a project using CMake. I should say that it gets easily
built according to these instructions.
As a result we get a set of .vcxproj files, combined as one .sln, which means that further on it will be
comfortable to work with the project from Visual Studio, which is great. I worked from the Visual Studio
2017 IDE, whose support was added to the PVS-Studio 6.14 release.
Note. It's a good idea to build a project before the analysis and make sure that it gets compiled and
there are no errors. It is necessary to reassure that the analysis will be done efficiently and the analyzer
will have all the syntactic and semantic information. There is now a note on the TensorFlow site: By
default, building TensorFlow from sources consumes a lot of RAM. Well, it's okay, because I have a 16 GB
RAM on the machine. What do you think? During the build I had a Fatal Error C1060 (compiler is out of
heap space)! My machine ran our of memory! It was quite unexpected. No, I didn't have five virtual
machines running concurrently with the build. In all fairness it has to be added, that using bazel for
build, you may limit the number of RAM used (the description is given in TensorFlow build instructions).
I couldn't wait to press the sacred button "Analyze solution with PVS-Studio" and see those interesting
bugs we found, but first it would be great to exclude those files from the analysis which aren't much
interesting: third-party libraries, for example. It can be easily done in the PVS-Studio settings: on the tab
'Don't Check Files' we set masks of those files and paths, whose analysis is of no interest. The settings
already have a certain set of paths (/boost/, for example). I have replenished it with two masks:
/third_party/ and /external/. This allows not only excluding warnings from the output window, but also
excluding the files of the directories from the analysis, which decreases the analysis time.
4. Figure 1 - Set exception analysis in PVS-Studio preferences
Finally, we can run the analysis and see what was found.
Note. 'Don't Check Files' can be configured before and after the analysis. I have just described the first
case, the second scenario allows filtering the obtained log, which is also useful and can save you from
viewing unnecessary warnings. This will be described below.
False positives: arithmetic and fun
Why false positives are important (and frustrating)
False positives - a headache for everybody: for us, the developers of a static code analyzer and for the
users because they clutter up useful output. A large number of false positives may repel people from
using the tool. In addition, people usually judge the analyzer based on the criteria of the percentage of
5. false positives. It is not that easy as it may seem, and this topic is for another article and discussion. My
colleague has recently written an article about this, I recommend having a look at it.
How to fight against false positives?
Our task is to try getting rid of the false positives on the analysis stage, so that the users never see them.
To do this, we add exceptions to the diagnostic rules, i.e. special cases, when the analyzer shouldn't
issue warnings at all. The number of these exceptions can vary greatly from the diagnostic to diagnostic:
for some diagnostics we don't have to write exceptions at all and sometimes we may have dozens of
such exceptions implemented.
Nevertheless, we aren't able to cover all the cases (sometimes they are too specific), that's why our
second task is to allow our user exclude the false positives from the analysis themselves. PVS-Studio
provides several mechanisms for this: suppression by comments, configuration files and suppression
bases. There is a separate article devoted to this, so I won't go deep into details.
False positives and TensorFlow
Why have I started speaking about false positives in general? Firstly, because it is very important to fight
against false positives, secondly, because of what I saw when I checked TensorFlow and filtered and
output by the diagnostic rule V654 (the image is clickable).
Figure 2 - All the found warnings of V654 have the same pattern
64 warnings and all of them have the same pattern - the following code:
false && expr
In the code itself, these fragments look like this:
DCHECK(v);
DCHECK(stream != nullptr);
DCHECK(result != nullptr);
Here is how the macro DCHECK is declared:
#ifndef NDEBUG
....
6. #define DCHECK(condition) CHECK(condition)
....
#else
....
#define DCHECK(condition)
while (false && (condition)) LOG(FATAL)
....
#endif
What follows from this code? DCHECK - is a debugging macro. In the debug version it is expanded to the
check of the condition (CHECK(condition)), in the release version - to a loop that will never be executed -
while (false && ....). Since I was building a release version of the code, the macro expanded
correspondingly (to the while loop). As a result, the analyzer seems to complain correctly - because the
result of the expression is always false. But what's the point of these warnings, if they are issued for the
code that was meant to be like this? So, the percentage of false positives for this diagnostic will be the
same as on the diagram below.
Figure 3 - The ratio of good and false positives of diagnostics V654
You may have thought that this was a joke? No, we are not kidding, there are 100% of false positives.
This is exactly what I was talking about. I also said that there are various ways to fight against them. By
pressing 'Add selected messages to suppression base' we can correct this to the opposite direction (the
image is clickable).
7. Figure 4 - Fighting against false positives
This is the way to suppress all current warnings by removing them from the output window. But it is not
quite correct, because if you start using the DCHECK macro again when writing new code, you will get
warnings again. There is a solution. We need to suppress the warning in the macro by leaving a special
comment. Then the suppression code will be as follows:
//-V:DCHECK:654
#define DCHECK(condition)
while (false && (condition)) LOG(FATAL)
The comment should be written in the same header file, where the macro is declared.
That's it, we may forget about DCHECK macro, because the V654 warning will not be issued for it
anymore. As a result, we have successfully dealt with false positives. After these simple actions, the
diagram of false positives for V654 will be as follows.
Figure 5 - We successfully eliminated false positives
We see a completely different picture, as the percentage of false positives is 0. Quite an amusing
arithmetic. Why did I start talking about false positives in general? I just wanted to explain that false
positives are inevitable. The general aim of the analyzer is to decrease their number on the phase of the
analysis, but you'll probably have to deal with them due to some peculiarities of the project. I hope I
managed to convey that false alarms can be handled (and should be handled), and it is quite simple.
8. A couple more settings
Perhaps, you can't wait to take a look at the bugs we found, but please, be patient and read about
couple more settings that will make the life easier during the work with the analysis results.
Warnings in automatically generated files
During the analysis we checked not only the code, which was written manually by the programmers, but
the automatically generated. It won't be interesting for us to warning for such code, that's why we will
exclude them from the analysis. 'Don't check files' settings are coming to aid here. Specifically for this
project, I specified the following file names:
pywrap_*
*.pb.cc
This allowed hiding more than 100 warnings of general analysis (GA) of the medium certainty level.
Disabling specific diagnoses
One more analyzer setting that turned out to be very useful - disabling groups of diagnostic rules. Why
can it be relevant? For example, there were about 70 warnings V730 (not all the class members are
initialized in the constructor). These warnings really need reviewing, because they might signal about
hard-to-detect bugs. Nevertheless, it may not be clear to a person, who is not much familiar with the
code, if the uninitialized member will lead to problems or there is another tricky way of it further
initialization. For an article, these errors aren't much interesting too. That's why, the developers should
really review them and we won't focus on it here. Therefore, we have a goal - to disable a whole group
of diagnostic rules. It can be easily done: in settings of the PVS-Studio plugin you should just uncheck the
necessary diagnostic.
9. Figure 6 - Disabling irrelevant diagnoses
Disabling those diagnostic rules that are not relevant to your project, you simplify the further work with
the output of the analyzer.
The analyzer warnings issued for the project
Well, now let's move on to the most intriguing part - those code fragments that the analyzer found
suspicious.
Usually, I like starting with a classic error, that is made both in C# and C++ projects - an error a == a,
which gets detected by V501 and V3001 diagnostic rules. But there are no such errors here! In general,
the bugs detected in this project... is quite peculiar... So, here we go.
void ToGraphDef(const Graph* g, GraphDef* gdef, bool pretty) {
....
gtl::InlinedVector<const Edge*, 4> inputs;
....
for (const Edge* e : inputs) {
const string srcname = NewName(e->src(), pretty);
if (e == nullptr) {
ndef->add_input("unknown");
} else if (!e->src()->IsOp()) {
} else if (e->IsControlEdge()) {
ndef->add_input(strings::StrCat("^", srcname));
} else if (e->src_output() == 0) {
ndef->add_input(srcname);
} else {
ndef->add_input(strings::StrCat(srcname, ":", e->src_output()));
}
}
....
10. }
A link to GitHub.
PVS-Studio warning: V595 The 'e' pointer was utilized before it was verified against nullptr. Check lines:
1044, 1045. function.cc 1044
In the loop we see that certain vector elements get iterated and depending on the value of the
elements, certain actions are performed. The check e == nullptr presupposes that the pointer can be
null. The thing is that we see the dereference of this pointer during the call of the function NewName: e-
>src(). The result of such an operation is undefined behavior, which may lead, inter alia, to the program
crash.
But the code of TensorFlow is not that simple. The filling of this vector (inputs) happens earlier and looks
as follows:
for (const Edge* e : n->in_edges()) {
if (e->IsControlEdge()) {
inputs.push_back(e);
} else {
if (inputs[e->dst_input()] == nullptr) {
inputs[e->dst_input()] = e;
} else {
LOG(WARNING) << "Malformed graph node. multiple input edges: "
<< n->DebugString();
}
}
}
Looking carefully at the code, you can understand that the null pointers will never be written to the
inputs vector, because there will always be the null pointer dereference before adding the elements,
besides that the check against nullptr is missing before the dereference of the pointer. Since the inputs
vector won't contain null pointers, it turns out that the statement e == nullptr, that we spoke about
before, will always be false.
Anyway, this code is really tricky and PVS-Studio found it really successfully. Let's move on.
Status MasterSession::StartStep(const BuildGraphOptions& opts,
int64* count,
ReffedClientGraph** rcg,
bool is_partial) {
....
ReffedClientGraph* to_unref = nullptr;
....
if (to_unref) to_unref->Unref();
....
}
A link to GitGub.
PVS-Studio warning: V547 Expression 'to_unref' is always false. master_session.cc 1114
11. In the body of the method we see that a local variable to_unref is declared, being initialized by the
nullptr value. Before the if statement, this pointer is not used in any way, its value doesn't get changed.
Thus, the body of the if statement won't be executed, because the pointer remained null. Perhaps, this
code was left after the refactoring. There is a chance that this pointer was to be used somewhere
between the initialization and the check, but instead of it, the programmer used another one (mixed
them up), but I didn't find similar names. Looks suspicious.
Let's go on.
struct LSTMBlockCellBprop ....
{
....
void operator()(...., bool use_peephole, ....) {
....
if (use_peephole) {
cs_prev_grad.device(d) =
cs_prev_grad +
di * wci.reshape(p_shape).broadcast(p_broadcast_shape) +
df * wcf.reshape(p_shape).broadcast(p_broadcast_shape);
}
if (use_peephole) {
wci_grad.device(d) =
(di * cs_prev).sum(Eigen::array<int, 1>({0}));
wcf_grad.device(d) =
(df * cs_prev).sum(Eigen::array<int, 1>({0}));
wco_grad.device(d) =
(do_ * cs).sum(Eigen::array<int, 1>({0}));
}
....
}
};
A link to GitHub.
PVS-Studio warning: V581 The conditional expressions of the 'if' operators situated alongside each
other are identical. Check lines: 277, 284. lstm_ops.h 284
There are two conditional operators with an identical conditional statement, but between these
statements, the expression (in this case the use_peephole parameter) doesn't get changed. Sometimes it
may indicate a serious enough error, when a wrong statement was used in one of the cases, but in this
case, judging by the context, we can say that the conditional statements were just duplicated. I think it's
not a bug, but all the operations could be put in a single conditional statement.
One does not simply write an write and skip copy-paste errors.
struct CompressFlags {
....
Format format;
....
int quality = 95;
13. A link to GitHub.
PVS-Studio warning: V760 Two identical blocks of text were found. The second block begins from line
58. encode_jpeg_op.cc 56
As you can see in the code, the programmer checks the values of the flags, read from the field flags_ in
the constructor of the EncodeJpegOp class via the macros OP_REQUIRES_OK and OP_REQUIRES.
However, in the last lines of the given fragment, the value of the same flag is checked for the
constructor. It looks very much like copy-paste: the code was copied, but not edited.
The most interesting (and the hardest part) is to understand if the copy-paste redundant or something
else was meant to be here. If the code is redundant, then there is nothing horrible, but the situation is
completely different, if another code fragment was meant here, because we get a logical error here.
Having reviewed the body of the constructor, I haven't found the check of the stride field. Perhaps, in
one of the cases, this very check was meant to be. On the other hand, the order of the fields in the
constructor is similar with the order of field declaration in the structure CompressFlags. Thus, it's hard to
say how this code should be fixed, we can only make assumptions. In any case, this code is worth paying
attention to.
The analyzer also found several suspicious fragments related to the bit shifting. Let's have a look at
them. I want to remind, that incorrect use of the shift operations leads to undefined behavior.
class InferenceContext {
....
inline int64 Value(DimensionOrConstant d) const {
return d.dim.IsSet() ? d.dim->value_ : d.val;
}
....
14. }
REGISTER_OP("UnpackPath")
.Input("path: int32")
.Input("path_values: float")
.Output("unpacked_path: float")
.SetShapeFn([](InferenceContext* c) {
....
int64 num_nodes = InferenceContext::kUnknownDim;
if (c->ValueKnown(tree_depth)) {
num_nodes = (1 << c->Value(tree_depth)) - 1; // <=
}
....
})
....;
A link to GitHub.
PVS-Studio warning: V629 Consider inspecting the '1 << c->Value(tree_depth)' expression. Bit shifting of
the 32-bit value with a subsequent expansion to the 64-bit type. unpack_path_op.cc 55
The strangeness of this code is in the fact that the 32 and 64 bit values are mixed in the shift and
assignment operations. The literal 1 is a 32-bit value, for which a left-side shift is performed. The result
of the shift still has a 32-bit type, but is written to the 64-bit variable. It is suspicious, because we may
get undefined behavior if the value returned by the Value method is more than 32.
Here is a quote from the standard: The value of E1 << E2 is E1 left-shifted E2 bit positions; vacated bits
are zero-filled. If E1 has an unsigned type, the value of the result is E1 * 2^E2, reduced modulo one more
than the maximum value representable in the result type. Otherwise, if E1 has a signed type and non-
negative value, and E1*2^E2 is representable in the result type, then that is the resulting value;
otherwise, the behavior is undefined.
This code can be fixed by writing 1 as a 64-bit literal or doing the type extension via casting. More details
on the shift operations can be found in the article "Wade not in unknown waters. Part three".
The extension through the casting was used in another fragment as well. Here is the code:
AlphaNum::AlphaNum(Hex hex) {
....
uint64 value = hex.value;
uint64 width = hex.spec;
// We accomplish minimum width by OR'ing in 0x10000 to the user's
// value,
// where 0x10000 is the smallest hex number that is as wide as the
// user
// asked for.
uint64 mask = ((static_cast<uint64>(1) << (width - 1) * 4)) | value;
....
}
A link to GitHub.
15. PVS-Studio warning: V592 The expression was enclosed by parentheses twice: ((expression)). One pair
of parentheses is unnecessary or misprint is present. strcat.cc 43
This code is actually correct, but the analyzer found it suspicious, having detected duplicate
parentheses. The analyzer thinks in the following way: the double brackets do not affect the evaluation
result, so perhaps one pair of brackets is placed not where it should be.
We cannot exclude that the brackets were probably meant to explicitly underline the precedence of
evaluations and to avoid remembering the priorities of the operations '<<' and '*'. They aren't much
necessary as they are in the wrong place anyway. I reckon that this evaluation order is correct (first we
specify a shift value, and then do the shift itself), so we just have to put the brackets in the correct
order, so that they do not confuse people.
uint64 mask = (static_cast<uint64>(1) << ((width - 1) * 4)) | value;
Let's go on.
void Compute(OpKernelContext* context) override {
....
int64 v = floor(in_x);
....
v = ceil(in_x1);
x_interp.end = ceil(in_x1);
v = x_interp.end - 1;
....
}
A link to GitHub.
PVS-Studio warning: V519 The 'v' variable is assigned values twice successively. Perhaps this is a
mistake. Check lines: 172, 174. resize_area_op.cc 174
The v variable is assigned twice, but between these assignments, the value of this variable is not used in
any way. Moreover, the variable x_interp.end is assigned with the same value of the variable that was
written to the v variable. Even if we omit the fact that the call of the ceil function is redundant here, as it
is not critical (although...), the code looks strange: either it is weirdly written or it contains a tricky error.
What's next?
void Compute(OpKernelContext* context) override {
....
int64 sparse_input_start; // <=
....
if (sparse_input) {
num_total_features += GetNumSparseFeatures(
sparse_input_indices, *it, &sparse_input_start); // <=
}
if (num_total_features == 0) {
LOG(WARNING) << "num total features is zero.";
break;
}
16. if (rand_feature < input_spec_.dense_features_size()) {
....
} else {
....
const int32 sparse_index = sparse_input_start + // <=
rand_feature - input_spec_.dense_features_size();
....
}
....
}
A link to GitHub.
PVS-Studio warning: V614 Potentially uninitialized variable 'sparse_input_start' used.
sample_inputs_op.cc 351
The suspicious thing about this code is that during the initialization of the sparse_index constant, a
potentially uninitialized variable sparse_input_start can also be used. At the time of declaration, this
variable is not initialized with any value, i.e. it contains some junk. Further on, in case the statement
sparse_input is true, the address of the variable sparse_input_start is passed to the function
GetNumSparseFeatures, where perhaps, the variable initialization takes place. Otherwise, if the body of
this conditional operator isn't executed, sparse_input_start will remain uninitialized.
Of course, we can suppose that in case if sparse_input_start remains uninitialized, it won't get used, but
it's too bold and unobvious, so better to set a standard value for the variable.
Is that all?
Well, yes and no. To be honest, I was hoping to find more defects and write an article in the style of the
articles Qt, Mono, Unreal Engine 4 and similar to them, but it didn't work. The project authors did a
great job, there were not so many errors found. I was also hoping that the project would of a bigger size,
but there were only 700 files checked in the chosen configuration, including the auto generated files.
Besides that, a lot of things were left outside the scope of this article, for example:
we reviewed only the warnings of the GA group;
we did not review the warnings of the 3 (Low) level of certainty;
the analyzer issued several dozens of V730 warnings, but it's hard to judge about their criticality,
so it's up to developers to decide;
and many more.
Nevertheless, there was quite a number of interesting fragments found, which we reviewed in this
article.
Summing up
TensorFlow turned out to be quite an interesting and high-quality project in terms of code, but, as we
saw, not without flaws. At the same time PVS-Studio proved once more that it is able to find errors even
in the code of well-known developers.
In conclusion, I cannot but compliment all the developers of TensorFlow for the qualitative code and
wish them the best of luck in the future.
17. Thank you for the attention to those who got to the end of the article and don't forget to use PVS-
Studio!