More and more users of the PVS-Studio C# analyzer get interested in the possibility to utilize it for checking C# code on Linux and macOS. Today the PVS-Studio team has some good news.
PVS-Studio
Kodi
Missed semicolon
PVS-Studio warning: V504 It is highly probable that the semicolon ‘;’ is missing after ‘return’ keyword. AdvancedSettings.cpp:1476
void CAdvancedSettings::SetExtraArtwork(const TiXmlElement* arttypes,
std::vector& artworkMap)
{
if (!arttypes)
return
artworkMap.clear();
const TiXmlNode* arttype = arttypes->FirstChild("arttype");
....
}
The code formatting suggests the following execution logic:
- if arttypes is a null pointer, the method returns;
- if arttypes is a non-null pointer, the artworkMap vector gets cleared and some actions are then performed.
But the missing ‘;’ character breaks it all, and the actual execution logic is as follows:
- if arttypes is a null pointer, the artworkMap vector gets cleared and the method returns;
- if arttypes is a non-null pointer, the program executes whatever actions come next but the artworkMap vector doesn’t get cleared.
To cut a long story short, this situation does look like a bug. After all, you hardly expect anyone to write expressions like return artworkMap.clear(); :).
Please click here to see more bugs from this project.
Search for Bugs in Code at the Early Stage
Every developer knows about a debugger, version control system or, for example, unit-tests. Nevertheless, not all developers are familiar with the methodology of static code analysis. Meanwhile, the technology becomes an integral part of the development cycle of programs. I would like to suggest a small introductory course for anyone interested in modern development trends.
PVS-Studio 6.16 released
PVS-Studio is a static code analyzer that detects errors and potential vulnerabilities in the source code of programs written in C/C++/C#. Version 6.16 has obtained 11 new general analysis diagnostics.
Top 10 C# projects errors found in 2016
To measure the efficiency of our analyzer, and also to promote the methodology of static analysis, we regularly analyze open source projects for bugs and write articles about the results. 2016 was no exception. This year is especially important as it is the year of the “growth” of the C# analyzer. PVS-Studio has obtained a large number of new C# diagnostics, an improved virtual values mechanism (symbolic execution) and much more. Based on the results of our teamwork, I compiled a kind of chart of the most interesting bugs, found in various C# projects in 2016.
Videos about static code analysis
IT conferences and meetings on programming languages see a growing number of speakers talking about static code analysis. Although this field is quite specific, there is still a number of interesting discussions to be found here to help programmers understand the methods, ways of use, and specifics of static code analysis. In this article, we have collected a number of videos on static analysis whose easy style of presentation makes them useful and interesting to a wide audience of both skilled and novice programmers.
What is Static Analysis?
Author: Matt Might
Static analyzers allow programmers to bound and predict the behavior of software without running it. Once used exclusively for program optimization, they have rapidly risen in prominence for areas like software security and automatic parallelization. The author takes you on a tour of the landscape of static analysis through the lens of abstract interpretation.
PVS-Studio
A logical error
Continue reading
PVS-Studio: 25 Suspicious Code Fragments in CoreCLR
The Microsoft Corporation has recently published, for free, access the source code of the CoreCLR engine, which is a key component of .NET Core. We couldn’t help but pay attention to this event. The wider a project’s audience is, the worse defects found in the code will seem, won’t they? Despite Microsoft themselves being the authors of the product, there are still some issues to examine and think over in their code – just like in any other large project.
Big Brother is helping you
Once more I got reassured that programmers write programs absolutely carelessly, so that their programs work not because of their skill but due to chance and care of Microsoft or Intel compiler developers. Right, it is them who really care and put crutches under our lop-sided programs when necessary.
Here is a byte-breaking story of the CString class and daughter of it, the Format function.
