C# Joins PVS-Studio Line Up
C# Joins PVS-Studio Line Up
Written by Alex Armstrong   
Monday, 18 January 2016

Last month saw the release of the latest static code analyzer from Program Verification Systems. In addition to C and C++, PVS-Studio 6.00 will detect bugs in your C# code.

Last month saw the release of the latest static code analyzer from Program Verification Systems. In addition to C and C++, PVS-Studio 6.00 will detect bugs in your C# code.
pvs6b
 
PVS-Studio has more than 250 diagnostics to help detect bugs. Over 40 of them are now dedicated to performing general analysis of C# code looking for the types of errors that routinely occur in code but are hard to spot. 
 
Once an error is found you are provided, within Visual Studio's IDE, with an explanation of how to fix it together with samples from open-source projects where similar issues were detected. This short video walks you through using it:

 

 

The new version removes support for VS2005 and VS2008 and the advice to anyne still using it is to stick with the previous version, PVS-Studio, 5.31. However, PVS-Studio may also be run separately from Visual Studio in a standalone mode.

To mark the inclusion of PVS-Studio 6 its creator Andrey Karpov, whose article on the bugs he found in the First C++ Compiler appeared on I Programmer a couple of months ago, did a code analysis of Roslyn - which was used to add C# support to the analyzer. 

In the blog posting about it Karpov reports on 20 bugs that were discovered. This the the first:

pvs6wrng

 

This produces the PVS-Studio diagnostic message:

 V3004 The 'then' statement is equivalent to the 'else' statement. 

Karpov writes:

This is an example of errors found in tests. They can live there for years since they don't cause any trouble. It's just that the test doesn't check all that it was meant to. In both branches, thread 1 starts all the time, followed by thread 2. 

This is the code he suggests as being what was intended: 

 pvs6sugg

Other bugs are classified as typos, copy-paste errors, double detection, incorrect or redundant conditions and even "carelessness" and many of them wouldn't cause too many problems. Bug 16, however, could cause havoc. Karpov introduces it with:

Bet you'll just glance over the code below and skip it for good. It's an excellent proof that we need those tireless code analyzers.

 pvs6wrong

 

The diagnostic message is this case is: 

V3027 The variable 'newType' was utilized in the logical expression before it was verified against null in the same logical expression and to show what makes this code dangerous we are given a simple synthetic example based on it:

if ((A != null && A.x == B.y) ||
                   (B != null && B.q == A.w))

Karpov comments:

As you can see, the condition's logic implies that A and B may be null references. The expression consists of two parts: in the first part reference A is checked, but reference B isn't; in the second part reference B is checked, but reference A isn't.

This code may be lucky enough to stay runnable, but it does look strange and dangerous.

If you want to try it out on your own code, you can access a free trial PVS-Studio at: http://www.viva64.com/en/pvs-studio-download/

The demo version is limited to 50 click-jumps to the code. Once you've used them up, the tool will suggest filling out a small questionnaire and if you agree, you'll be granted 50 more. 

pvssq

More Information

PVS-Studio

Scanning Roslyn

Related Articles

Finding Bugs In The First C++ Compiler - What does Bjarne Think! 

Test Your C++ Static Analysis Skills

 

To be informed about new articles on I Programmer subscribe to the RSS feed, follow us on, Twitter, FacebookGoogle+ or Linkedin,  or sign up for our weekly newsletter.

 

Banner


OpenAI Recruiting Fellows
31/05/2018

OpenAI is currently accepting applications for the next cohort of OpenAI Fellows, a program which offers 6-month apprenticeships in AI research at OpenAI to those who do not have a formal backgro [ ... ]



Microsoft Buys GitHub - Get Ready For a Bigger Devil
04/06/2018

Microsoft has announced a deal to acquire GitHub valued at $7.5 billion. Microsoft vice president Nat Friedman, formerly CEO of Xamarin, will become GitHub CEO, taking over from GitHub's founder Chris [ ... ]


More News

 

justjsquare

 



 

Comments




or email your comment to: comments@i-programmer.info

 

Last Updated ( Monday, 18 January 2016 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2018 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.