|Locating Bugs In ChakraCore|
|Written by Svyatoslav Razmyslov|
|Monday, 22 February 2016|
Page 3 of 3
As an example of another diagnostic which is also connected with pointers, this is a code fragment of the MergeSuccBlocksInfo() function, which is quite long - 707 strings. But with the help of static analysis we managed to find "tempNumberTracker" pointer, whose initialization can potentially fail due to several conditions. As a result, if the odds are against the programmer, there will be a dereference of a null pointer.
V522 Dereferencing of the null pointer 'tempNumberTracker' might take place. backwardpass.cpp 578
Stop! Check Assert!
Assert, located in the program indicates that a programmer assumes that some expression is true for a correctly running program. But can these "successful checks be trusted"?
V547 Expression 'srcIndex - src->left >= 0' is always true. Unsigned type value is always >= 0. sparsearraysegment.inl 355
Note the comparison "srcIndex-src-> left > = 0". The difference of two unsigned numbers will always be greater than or equal to zero. Further on this function is used for working with the memory. The result can be different from the one that the programmer expected.
V547 Expression is always true. Probably the '&&' operator should be used here. bytecodegenerator.cpp 805
In this Assert testing of some values is done only partially. If the expression "sym->GetDecl() == nullptr" is false, then the following conditions are always true. You can check it by building a truth table:
V547 Expression 'callSiteId >= 0' is always true. Unsigned type value is always >= 0. inline.cpp 1181
In this and couple of other fragments the analyzer detected incorrect comparison of an unsigned number with null:
Increasingly Microsoft has adopted the policy of releasing its projects under free licenses. This gives PVS-Studio an additional opportunity to test its analyzer on new projects and demonstrate the usefulness and effectiveness of static code analysis on the projects of this large and well known software vendor.
Also from PVS-Studio on IProgrammer:
or email your comment to: firstname.lastname@example.org
|Last Updated ( Tuesday, 23 February 2016 )|