BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Using PVS to Find Bugs in .NET Core

Using PVS to Find Bugs in .NET Core

The makers behind PVS Studio, a C++ static analyzer, have released their study of the CoreCLR source code. Though meant primarily to demonstrate the capabilities of their tools, it does reveal how difficult it is to write bug free C++ code.

The first bug they looked for was typos. Consider this line of code:

if ((tree->gtOper == GT_CLS_VAR ||
    tree->gtOper == GT_CLS_VAR) && i == 1)

Clearly the intention wasn’t to compare a value against the same constant twice, so this was probably a copy-and-paste error. (And a mistake that could occur in any language.)

Another typo they found that could happen in any C-style language is initializing a variable through itself.

CorElementType elemType = elemType = TryEncodeUsingShortcut(pMT);

So far the bugs are of a nature that can easily be caught via a code review. This next one isn’t:

CodeGenInterface::CodeGenInterface(Compiler* theCompiler) :
    compiler(theCompiler),
    gcInfo(theCompiler),
    regSet(theCompiler, gcInfo)

{

}

You can’t tell from just this snippet, but regSet is being initialized before gcInfo. Svyatoslav Razmyslov explains,

Under the standard, the class members are initialized in the constructor in the same order as they are declared in the class. To fix the error, we should move the declaration of the 'gcInfo' class member above that of 'regSet'.

Aside from tools such as PVS Studio, the only way to catch this bug is to manually compare the order in which member variables are declared with the order they need to be initialized in the constructor. And an innocent refactoring such as alphabetizing the list of fields could recreate the bug.

And this brings us to the point of the piece, which is that programming in C++ is surprisingly hard. For more examples, read the full article titled PVS-Studio: 25 Suspicious Code Fragments in CoreCLR.

Rate this Article

Adoption
Style

BT