What we had to test and
what we learnt during the
creation of the Linux version
of PVS-Studio
Svyatoslav Razmyslov
Evgeniy Ryzhkov
PVS-Studio
www.viva64.com
MySQL (C++)
A lot of similar strings.
Everything should be
fine.
static int rr_cmp(uchar *a, uchar *b){if (a[0] != b[0])
return (int)a[0] - (int)b[0];if (a[1] != b[1])
return (int)a[1] - (int)b[1];if (a[2] != b[2])
return (int)a[2] - (int)b[2];if (a[3] != b[3])
return (int)a[3] - (int)b[3];if (a[4] != b[4])
return (int)a[4] - (int)b[4];if (a[5] != b[5])
return (int)a[1] - (int)b[5];if (a[6] != b[6])
return (int)a[6] - (int)b[6];return (int)a[7] - (int)b[7];
}
CryEngine 3 SDK (C++)
inline bool operator != (const SEfResTexture &m) const{if (stricmp(m_Name.c_str(), m_Name.c_str()) != 0 ||
m_TexFlags != m.m_TexFlags ||m_bUTile != m.m_bUTile ||.....m_Sampler != m.m_Sampler)
return true;return false;
}
Linux (C) kernel
static int tc_ctl_action(struct sk_buff *skb,struct nlmsghdr *n)
{struct net *net = sock_net(skb->sk);struct nlattr *tca[TCA_ACT_MAX + 1];u32 portid = skb ? NETLINK_CB(skb).portid : 0;....
}
The function
got an
argument:
Dereferencing
Oops, it should be checked too.
These bugs have ALWAYS been there.
Taken from Cfront compiler, year 1985:
Pexpr expr::typ(Ptable tbl){....Pclass cl;....cl = (Pclass) nn->tp;cl->permanent=1;if (cl == 0) error('i',"%k %s'sT missing",CLASS,s);....
}
Nothing has changed for the past 30
years. Modern Clang compiler:
Instruction *InstCombiner::visitGetElementPtrInst(....) {....Value *StrippedPtr = PtrOp->stripPointerCasts();PointerType *StrippedPtrTy = dyn_cast<PointerType>(StrippedPtr->getType());
if (!StrippedPtr)return 0;
....}
Static analysis methodology
Automated code review
Regular checks
The human factor is avoided (it is lowered, to be exact).
Specialized tools. The more the better.
But maybe not.
What did the PVS-Studio users wanted
from the Linux version of PVS-Studio?
Command line utility;
“We don’t need integration with IDE!”
We don’t need an installer
"We will set everything ourselves!»
We don’t need the documentation
“We’ll run the program ourselves”
The first build and support
The executable file is not a product
Porting the code is only a small part of the work
You cannot make conclusions without full-fledged
testing - comparison of testing on Windows and Linux
Myth of knowing build scripts
Not all developers are completely familiar with the build system
People need some way of getting to know the product without integrating and setting up
This method should be quite reliable to leave a good impression from the product
The choice of the monitoring technology
(-) Clang scan-build
(+) strace
(+) JSON Compilation Database
(+/-) RD_PRELOAD
Closed testing of a Beta version
Episode 1
The executable file of the analyzer with the setup script
Online documentation
Several different ways to analyze without the integration
Closed testing of a Beta version
Episode 2 Support of non-standard compiler extensions
Dealing with false alarms
Creating Deb/Rpm packages
Small tasks concerning the analyzer and the documentation
Closed testing of a Beta version
Episode 3 We decided not to use the config files for a quick check
Improved work with the log of the strace utilitiy
Work on the DEB/RPM packages
Other tasks concerning the analyzer and the documentation
Closed testing of a Beta version
Episode 4
(Release Candidate)
Heading towards the integration into large projects
Implementation of various user requests
Our own repositories for DEB/RPM packages*
Integration into Makefile/Makefile.am
.cpp.o:
$(CXX) $(CFLAGS) $(DFLAGS) $(INCLUDES) $< -o $@
pvs-studio --cfg $(CFG_PATH) --source-file $< --language C++
--cl-params $(CFLAGS) $(DFLAGS) $(INCLUDES) $<
Details in the analyzer setup
Incremental analysis
Parallelization of the analysis on the build system level
Other pluses of the build system
Integration into CMake /CLion
include(PVS-Studio.cmake)
pvs_studio_add_target(TARGET analyze
OUTPUT FORMAT errorfile
ANALYZE target LOG target.plog
LICENSE "/path/to/PVS-Studio.lic")
Integration into CMake/QtCreator
include(PVS-Studio.cmake)
pvs_studio_add_target(TARGET analyze
OUTPUT FORMAT errorfile
ANALYZE target LOG target.plog
LICENSE "/path/to/PVS-Studio.lic")
Integration into QMake/QtCreator
pvs_studio.target = pvs
pvs_studio.output = true
pvs_studio.license = /path/to/PVS-Studio.lic
pvs_studio.cfg = /path/to/PVS-Studio.cfg
pvs_studio.cxxflags = -std=c++14
pvs_studio.sources = $${SOURCES}
include(PVS-Studio.pri)
Conclusions made during the
development process
Installation from a package or a repository
Getting to know the product using a quick scan
Integration into a project so that the developer may
have incremental analysis
Configuring a complete analysis on the build server
Additional comment - a crazy amount of the Linux projects analyzed, so
that the tool can be considered operational.