C# Joins PVS-Studio Line Up |
Written by Alex Armstrong |
Monday, 18 January 2016 |
Last month saw the release of the latest static code analyzer from Program Verification Systems. In addition to C and C++, PVS-Studio 6.00 will detect bugs in your C# code. PVS-Studio has more than 250 diagnostics to help detect bugs. Over 40 of them are now dedicated to performing general analysis of C# code looking for the types of errors that routinely occur in code but are hard to spot.
Once an error is found you are provided, within Visual Studio's IDE, with an explanation of how to fix it together with samples from open-source projects where similar issues were detected. This short video walks you through using it:
The new version removes support for VS2005 and VS2008 and the advice to anyne still using it is to stick with the previous version, PVS-Studio, 5.31. However, PVS-Studio may also be run separately from Visual Studio in a standalone mode. To mark the inclusion of PVS-Studio 6 its creator Andrey Karpov, whose article on the bugs he found in the First C++ Compiler appeared on I Programmer a couple of months ago, did a code analysis of Roslyn - which was used to add C# support to the analyzer. In the blog posting about it Karpov reports on 20 bugs that were discovered. This the the first:
This produces the PVS-Studio diagnostic message: V3004 The 'then' statement is equivalent to the 'else' statement. Karpov writes: This is an example of errors found in tests. They can live there for years since they don't cause any trouble. It's just that the test doesn't check all that it was meant to. In both branches, thread 1 starts all the time, followed by thread 2. This is the code he suggests as being what was intended:
Other bugs are classified as typos, copy-paste errors, double detection, incorrect or redundant conditions and even "carelessness" and many of them wouldn't cause too many problems. Bug 16, however, could cause havoc. Karpov introduces it with: Bet you'll just glance over the code below and skip it for good. It's an excellent proof that we need those tireless code analyzers.
The diagnostic message is this case is: V3027 The variable 'newType' was utilized in the logical expression before it was verified against null in the same logical expression and to show what makes this code dangerous we are given a simple synthetic example based on it:
Karpov comments: As you can see, the condition's logic implies that A and B may be null references. The expression consists of two parts: in the first part reference A is checked, but reference B isn't; in the second part reference B is checked, but reference A isn't. This code may be lucky enough to stay runnable, but it does look strange and dangerous. If you want to try it out on your own code, you can access a free trial PVS-Studio at: http://www.viva64.com/en/pvs-studio-download/ The demo version is limited to 50 click-jumps to the code. Once you've used them up, the tool will suggest filling out a small questionnaire and if you agree, you'll be granted 50 more. More InformationRelated ArticlesFinding Bugs In The First C++ Compiler - What does Bjarne Think! Test Your C++ Static Analysis Skills
To be informed about new articles on I Programmer subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin, or sign up for our weekly newsletter.
Comments
or email your comment to: comments@i-programmer.info
|
Last Updated ( Thursday, 24 October 2024 ) |