People against PVS-Studio: First Double
Good evening!
Inspired by this post and the Habrasoobshchestvom, I offer you my own version of the analysis of a well-developed utility (as Wo1f put it mildly ) - PVS-Studio.
As a note, I used Visual Studio 2010 (cracked, of course) and downloaded PVS-Studio from the official site by clicking “Download and Try” and following the instructions. I am writing all this because I have questions about this utility and I need your help, so to speak.
')
First of all, we run tests from the previous article, and so:
VS2010 : nothing
PVS-Studio : nothing
VS2010 : warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead.
PVS-Studio : nothing
VS2010 : warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead.
warning C4700: uninitialized local variable 'a' used
PVS-Studio : nothing
VS2010 : In addition to the previous two, warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead.
warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead.
PVS-Studio : nothing
My question is here: why PVS-Studio does not give out anything, I have all three levels of "issue" turned on. Maybe I'm doing something wrong? (I select PVS-Studio -> Check Solution from the menu), do not laugh if I am not able to “use” the utility.
And so, we continue. The simplest example that came to mind:
PVS-Studio is again silent, and Visual Studio again warns of a possible problem when using the “unsafe” function, in this case, strncpy ().
What is the real problem? The problem is the classic buffer overflow, an error that caused many to stop loving C / C ++, and the rest found a reason to oppose these beautiful languages. In this example, the length of the input buffer is passed as the last argument to the strncpy function, not the size of the target buffer!
The next test is of a more “professional” level, with an emphasis on multithreading. Code snippet:
VS2010 : nothing
PVS-Studio : nothing
At first glance, everything is fine, if you do not think that there may be a race. She - race (race condition) - can occur when there are two programs running in different processes or threads. These programs can interrupt each other, and in doing so, each changes the same resource. In the example above, it is enough that one thread finishes checking for the presence of elements in the list before the other one retrieves the last element from the list by calling pop_front.
Here, I think for the first take is enough, in the next take it is planned to run a real test, a big such application. I want to note that, as idemura noted, one should not rely on analyzers; rather, one just needs to increase his level of professionalism.
PS For grammatical errors ... - wrote a post late.
Inspired by this post and the Habrasoobshchestvom, I offer you my own version of the analysis of a well-developed utility (as Wo1f put it mildly ) - PVS-Studio.
As a note, I used Visual Studio 2010 (cracked, of course) and downloaded PVS-Studio from the official site by clicking “Download and Try” and following the instructions. I am writing all this because I have questions about this utility and I need your help, so to speak.
')
First of all, we run tests from the previous article, and so:
Test 1:
int main() { vector<int> v; v.reserve(2); assert(v.capacity() == 2); v[0]; v[0] = 1; v[1] = 2; cout << v[0] << endl; v.reserve(100); cout << v[0] << endl; return 0; } VS2010 : nothing
PVS-Studio : nothing
Test 2:
void prettyFormat(int i, char* buf) { sprintf(buf, "%4d", i); } int main() { vector<int> v; v.reserve(2); //.... char buf[5]; prettyFormat(10, buf); return 0; } VS2010 : warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead.
PVS-Studio : nothing
Test 3:
int* prettyFormat(int i, char* buf) { sprintf(buf, "%4d", i); int* a; return a; } int main() { ... VS2010 : warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead.
warning C4700: uninitialized local variable 'a' used
PVS-Studio : nothing
Test 4:
int* prettyFormat(int i, char* buf) { sprintf(buf, "%4d", i); int* a; fopen("filename", "r"); char buf2[5]; strcpy(buf2, buf); return a; } VS2010 : In addition to the previous two, warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead.
warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead.
PVS-Studio : nothing
My question is here: why PVS-Studio does not give out anything, I have all three levels of "issue" turned on. Maybe I'm doing something wrong? (I select PVS-Studio -> Check Solution from the menu), do not laugh if I am not able to “use” the utility.
New tests
And so, we continue. The simplest example that came to mind:
char buf[32]; strncpy(buf, data, strlen(data)); PVS-Studio is again silent, and Visual Studio again warns of a possible problem when using the “unsafe” function, in this case, strncpy ().
What is the real problem? The problem is the classic buffer overflow, an error that caused many to stop loving C / C ++, and the rest found a reason to oppose these beautiful languages. In this example, the length of the input buffer is passed as the last argument to the strncpy function, not the size of the target buffer!
The next test is of a more “professional” level, with an emphasis on multithreading. Code snippet:
list<unsigned long> a_list; unsigned long get_next() { unsigned long ret = 0; if (!a_list.empty()) { ret = a_list.front(); a_list.pop_front(); } return ret; } VS2010 : nothing
PVS-Studio : nothing
At first glance, everything is fine, if you do not think that there may be a race. She - race (race condition) - can occur when there are two programs running in different processes or threads. These programs can interrupt each other, and in doing so, each changes the same resource. In the example above, it is enough that one thread finishes checking for the presence of elements in the list before the other one retrieves the last element from the list by calling pop_front.
Here, I think for the first take is enough, in the next take it is planned to run a real test, a big such application. I want to note that, as idemura noted, one should not rely on analyzers; rather, one just needs to increase his level of professionalism.
PS For grammatical errors ... - wrote a post late.
Source: https://habr.com/ru/post/128607/
All Articles