How to capture a variable in C# and not to shoot yourself in the foot

Back in 2005, with the release of C# 2.0 standard we got a possibility to pass a variable to the body of an anonymous delegate by capturing it from the current context. In 2008 the C# 3.0 brought us lambdas, user anonymous classes, LINQ requests and much more. Now it January, 2017 and the majority of C# developers are looking forward to the release of the C# 7.0 standard that should provide us a bunch of new useful features. However, there are still old features that need to be fixed. That’s why there are plenty of ways to shoot yourself in the foot. Today we are going to speak about one of them, and it is related with quite an unobvious mechanism of variable capture in the body of anonymous functions in C#.

image1

Continue reading

We continue checking Microsoft projects: analysis of PowerShell

It has become a “good tradition” for Microsoft to make their products open-source: CoreFX, .Net Compiler Platform (Roslyn), Code Contracts, MSBuild, and other projects. For us, the developers of PVS-Studio analyzer, it’s an opportunity to check well-known projects, tell people (including the project authors themselves) about the bugs we find, and additionally test our analyzer. Today we are going to talk about the errors found in another project by Microsoft, PowerShell.

4214_powershell20blore-logo_png-550x0

Continue reading

Flaws in Microsoft Code Contracts

We have successfully created and continue developing PVS-Studio analyzer for C/C++ languages. Over the time, it became clear that many of the diagnostics that we have implemented are not related to a specific programming language, so we decided to apply our experience to another programming language, namely C#. In this article, we are talking about the analysis of Code Contracts project by Microsoft done by our C# analyzer.

1fihzq

Continue reading

Analysis of .NET Core Libraries (CoreFX)

About a year ago Microsoft made the CoreCLR and CoreFX source code open. The latter project wasn’t of a big interest to us until recently, as it was written in C#, not in C++. But with the release of PVS-Studio 6.00 that now supports C# I decided to go back to the CoreFX and write an article about its analysis.

1e93eu Continue reading

Searching for bugs in Mono: there are hundreds of them!

It’s very interesting to check large projects. As a rule, we do manage to find unusual and peculiar errors, and tell people about them. Also, it’s a great way to test our analyzer and improve all its different aspects. I’ve long been waiting to check ‘Mono’; and finally, I got the opportunity. I should say that this check really proved its worth as I was able to find a lot of entertaining things. This article is about the bugs we found, and several nuances which arose during the check.

1ba91u-e14748976661741
Continue reading

Checking the Source Code of MSBuild

As we continue developing PVS-Studio static code analyzer, we often have to check large open-source projects by renowned developers. The fact that even such projects contain a certain amount of bugs adds even more sense and weight to our work. Unfortunately, everybody makes mistakes. No matter how carefully you control your code’s quality, there is just no way to avoid “human error”. As long as software is developed by humans, analysis tools like PVS-Studio will remain relevant and needed. Today, we are going to discuss errors found in the source code of MSBuild, which is, unfortunately, not perfect either.

image1

Continue reading

An unusual bug in Lucene.Net

Listening to stories about static analysis, some programmers say that they don’t really need it, as their code is entirely covered by unit tests, and that’s enough to catch all the bugs. Recently we have found a bug that is theoretically possible to find using unit tests, but if you are not aware that it’s there, it’s almost unreal to write such a test to check it.

se1

Continue reading