BT

Your opinion matters! Please fill in the InfoQ Survey!

An Errors List Underscores the Need for Static Code Analysis

| by Abel Avram Follow 4 Followers on Dec 14, 2012. Estimated reading time: 1 minute |

A note to our readers: As per your request we have developed a set of features that allow you to reduce the noise, while not losing sight of anything that is important. Get email and web notifications by choosing the topics you are interested in.

Program Verification Systems, the creator of PVS-Studio, a static code analyzer for C and C++, has published a list of programming errors, some of them being found in popular open source projects such as Chromium, TortoiseSVN, Apache HTTP Server, MySQL, and others.

The list maintains over 150 types of coding errors, some of them being serious logical errors, others are performance related mistakes, while some are not so harmful.

Following are a couple of error types with code samples from real projects found in this list.

V502 - Perhaps the '?:' operator works in a different way than it was expected. The '?:' operator has a lower priority than the 'foo' operator.

MongoDB:

string sysInfo() {
  ....
  stringstream ss;
  ....
  ss << (sizeof(char *) == 8) ? " 64bit" : " 32bit";
  ....
}

A very nice sample. 0 or 1 will be printed instead of "32bit"/"64bit".

V511 - The sizeof() operator returns size of the pointer, and not of the array, in given expression.

Chromium:

uint8 salt_[LINK_SALT_LENGTH];

VisitedLinkMaster::TableBuilder::TableBuilder(
    VisitedLinkMaster* master,
    const uint8 salt[LINK_SALT_LENGTH])
    : master_(master),
      success_(true) {
  fingerprints_.reserve(4096);
  memcpy(salt_, salt, sizeof(salt));
}

The 'salt' object is simply a pointer. Value LINK_SALT_LENGTH in the square brackets indicates to the programmer that he is working with an array of LINK_SALT_LENGTH items. But it is not an array of items which is passed into the function - it is only the pointer. So, the sizeof(salt) expression will return value 4 or 8 (the size of the pointer in a 32-bit/64-bit system).

It is possible many of the errors signaled on this list as appearing in various open source projects to have been fixed by now. Since any programmer is prone to make errors, it is a good recommendation to run source code through one or several static code analyzers. Wikipedia hosts a page with many such tools for different languages.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT