BT

Using PVS to Find Bugs in .NET Core

| by Jonathan Allen Follow 576 Followers on Mar 19, 2015. Estimated reading time: 1 minute |

The makers behind PVS Studio, a C++ static analyzer, have released their study of the CoreCLR source code. Though meant primarily to demonstrate the capabilities of their tools, it does reveal how difficult it is to write bug free C++ code.

The first bug they looked for was typos. Consider this line of code:

if ((tree->gtOper == GT_CLS_VAR ||
    tree->gtOper == GT_CLS_VAR) && i == 1)

Clearly the intention wasn’t to compare a value against the same constant twice, so this was probably a copy-and-paste error. (And a mistake that could occur in any language.)

Another typo they found that could happen in any C-style language is initializing a variable through itself.

CorElementType elemType = elemType = TryEncodeUsingShortcut(pMT);

So far the bugs are of a nature that can easily be caught via a code review. This next one isn’t:

CodeGenInterface::CodeGenInterface(Compiler* theCompiler) :
    compiler(theCompiler),
    gcInfo(theCompiler),
    regSet(theCompiler, gcInfo)

{

}

You can’t tell from just this snippet, but regSet is being initialized before gcInfo. Svyatoslav Razmyslov explains,

Under the standard, the class members are initialized in the constructor in the same order as they are declared in the class. To fix the error, we should move the declaration of the 'gcInfo' class member above that of 'regSet'.

Aside from tools such as PVS Studio, the only way to catch this bug is to manually compare the order in which member variables are declared with the order they need to be initialized in the constructor. And an innocent refactoring such as alphabetizing the list of fields could recreate the bug.

And this brings us to the point of the piece, which is that programming in C++ is surprisingly hard. For more examples, read the full article titled PVS-Studio: 25 Suspicious Code Fragments in CoreCLR.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT