Release of PVS-Studio 6.26

    PVS-Studio 6.26

    Usually we do not write notes about the release of a new version of the PVS-Studio analyzer. However, the new release includes many interesting changes regarding the analysis of C and C ++ code, which we would like to tell our users about.

    Soon java


    To be honest, the most recent and interesting innovations in PVS-Studio are still hidden. I mean support in the Java language analyzer. There is no public beta version of PVS-Studio for Java yet, but it will appear very soon. If you want to take part in its testing, you can write to us in support (choose: I want an analyzer for Java).

    New diagnostics for C and C ++


    In the new version, we got a little carried away and immediately added 15 general-purpose diagnostics for C and C ++ (V1021-V1035). In a minor release, so many diagnostics have never been added at once. More details on each of the diagnostics can be found in the documentation . In my opinion, the most interesting among the new diagnostics are:

    • V1026. The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow.
    • V1033. Its default type is int.

    Diagnostics V1026 was created based on the discussion on the forum linux.org.ru. The programmer complained about a glitch in the GCC 8 compiler, but as it turned out later, the culprit was incorrect code leading to undefined behavior. Let's look at this case.

    Note. In the original discussion, the variable s is of type const char * s . However, on the target platform, the char type is unsigned. Therefore, for clarity, I immediately wrote in the example that the pointer type is const unsigned char * .

    intfoo(constunsignedchar *s){
  int r = 0;
  while(*s) {
    r += ((r * 20891 + *s *200) | *s ^ 4 | *s ^ 3) ^ (r >> 1);
    s++;
  }
  return r & 0x7fffffff;
}

    The compiler does not generate code for the bitwise AND operator (&). Because of this, the function returns negative values, although according to the programmer’s idea this should not happen.

    The developer believes that this is a glitch in the compiler. But actually the programmer who wrote such code is wrong. The function does not work correctly because an indefinite behavior occurs in it.

    The compiler sees that a certain amount is considered in the variable r . Overflow of the variable r should not occur. Otherwise, this is an undefined behavior that the compiler should not consider and take into account. So, the compiler believes that since the value in the variable r after the end of the loop cannot be negative, then the operation r & 0x7fffffffto reset the sign bit is superfluous and the compiler simply returns the value of the variable r from the function .

    Diagnostics V1026 is just designed to detect such errors. To correct the code, it is enough to count the hash using an unsigned variable. Corrected code:

    intfoo(constunsignedchar *s){
  unsigned r = 0;
  while(*s) {
    r += ((r * 20891 + *s *200) | *s ^ 4 | *s ^ 3) ^ (r >> 1);
    s++;
  }
  return (int)(r & 0x7fffffff);
}

    Now let's look at another V1033 diagnostic . It is interesting because the cause of possible errors was the new auto keyword , which appeared in C ++ 11. Moreover, it is not the very innovation of the C ++ 11 language that is to blame, but the nuances of a psychological plan :). Now I will explain. Take a look at this code:

    float d = 3.14f;
int i = 1;
auto sum = d + i;

    See in him a mistake? Think about it. Here is a picture to not immediately read the text further.

    Time to think

    Guess what could be wrong? If not, here is another interesting information. The variable sum will be 4, not 4.14. Why?

    Xs

    Now the reader will say that it was an unfair mystery! The thing is that this is not C ++, but C.

    It happens that the project also uses C ++ at the same time, and good old C. The programmer gets used to using auto in C ++ and accidentally can use this word in C. But it means there another:

    auto

    local variable. Keyword auto uses the following syntax:

    [auto] data-definition;

    The auto keyword is extremely rarely used.

    It turns out that the variable sum is of type int , and that is why its value will be equal to 4.

    Unicorn laughs

    Although the error may seem exotic, in fact, in a project that uses a mixture of C and C ++ files, it is very easy to make. Accordingly, when analyzing C-files, PVS-Studio warns about such suspicious constructions.

    Other innovations


    Added the ability to check projects for the Waf assembly system .

    We continue to develop the analyzer in the direction of embedded systems. This version adds support for project validation for the GNU Arm Embedded Toolchain, the Arm Embedded GCC compiler.

    When analyzing projects for the Visual C ++ compiler (cl.exe, vcxproj projects for Visual Studio / Standalone), the analyzer report now stores the register in the paths to the checked files. Revision from the side looks easier than it actually is. When preprocessing files, the cl.exe compiler corrupts case in file names. And you have to restore them back in the analyzer.

    Added ability to use pvsconfig files with CLMonitor / Standalone on Windows.

    Added incremental analysis mode for pvs-studio-analzyer / CMake module. The PVS-Studio CMake module can now be used on Windows for projects using the Visual C ++ compiler (cl.exe).

    Added support for incremental analysis for .NET Core / .NET Standard Visual Studio projects.

    Additional links


    1. PVS-Studio. Version history .
    2. Andrey Karpov. Undefined behavior is closer than you think .
    3. Will Dietz, Peng Li, John Regehr, and Vikram Adve. Understanding Integer Overflow in C / C ++ .
    4. Yegor Bredikhin. Development of a new static analyzer: PVS-Studio Java .
    Tags:

    Also popular now: