Current version

v1.10.4 (stable)

Navigation

Main page
Archived news
Downloads
Documentation
   Capture
   Compiling
   Processing
   Crashes
Features
Filters
Plugin SDK
Knowledge base
Contact info
Forum
 
Other projects
   Altirra

Search

Archives

01 Dec - 31 Dec 2013
01 Oct - 31 Oct 2013
01 Aug - 31 Aug 2013
01 May - 31 May 2013
01 Mar - 31 Mar 2013
01 Feb - 29 Feb 2013
01 Dec - 31 Dec 2012
01 Nov - 30 Nov 2012
01 Oct - 31 Oct 2012
01 Sep - 30 Sep 2012
01 Aug - 31 Aug 2012
01 June - 30 June 2012
01 May - 31 May 2012
01 Apr - 30 Apr 2012
01 Dec - 31 Dec 2011
01 Nov - 30 Nov 2011
01 Oct - 31 Oct 2011
01 Sep - 30 Sep 2011
01 Aug - 31 Aug 2011
01 Jul - 31 Jul 2011
01 June - 30 June 2011
01 May - 31 May 2011
01 Apr - 30 Apr 2011
01 Mar - 31 Mar 2011
01 Feb - 29 Feb 2011
01 Jan - 31 Jan 2011
01 Dec - 31 Dec 2010
01 Nov - 30 Nov 2010
01 Oct - 31 Oct 2010
01 Sep - 30 Sep 2010
01 Aug - 31 Aug 2010
01 Jul - 31 Jul 2010
01 June - 30 June 2010
01 May - 31 May 2010
01 Apr - 30 Apr 2010
01 Mar - 31 Mar 2010
01 Feb - 29 Feb 2010
01 Jan - 31 Jan 2010
01 Dec - 31 Dec 2009
01 Nov - 30 Nov 2009
01 Oct - 31 Oct 2009
01 Sep - 30 Sep 2009
01 Aug - 31 Aug 2009
01 Jul - 31 Jul 2009
01 June - 30 June 2009
01 May - 31 May 2009
01 Apr - 30 Apr 2009
01 Mar - 31 Mar 2009
01 Feb - 29 Feb 2009
01 Jan - 31 Jan 2009
01 Dec - 31 Dec 2008
01 Nov - 30 Nov 2008
01 Oct - 31 Oct 2008
01 Sep - 30 Sep 2008
01 Aug - 31 Aug 2008
01 Jul - 31 Jul 2008
01 June - 30 June 2008
01 May - 31 May 2008
01 Apr - 30 Apr 2008
01 Mar - 31 Mar 2008
01 Feb - 29 Feb 2008
01 Jan - 31 Jan 2008
01 Dec - 31 Dec 2007
01 Nov - 30 Nov 2007
01 Oct - 31 Oct 2007
01 Sep - 30 Sep 2007
01 Aug - 31 Aug 2007
01 Jul - 31 Jul 2007
01 June - 30 June 2007
01 May - 31 May 2007
01 Apr - 30 Apr 2007
01 Mar - 31 Mar 2007
01 Feb - 29 Feb 2007
01 Jan - 31 Jan 2007
01 Dec - 31 Dec 2006
01 Nov - 30 Nov 2006
01 Oct - 31 Oct 2006
01 Sep - 30 Sep 2006
01 Aug - 31 Aug 2006
01 Jul - 31 Jul 2006
01 June - 30 June 2006
01 May - 31 May 2006
01 Apr - 30 Apr 2006
01 Mar - 31 Mar 2006
01 Feb - 29 Feb 2006
01 Jan - 31 Jan 2006
01 Dec - 31 Dec 2005
01 Nov - 30 Nov 2005
01 Oct - 31 Oct 2005
01 Sep - 30 Sep 2005
01 Aug - 31 Aug 2005
01 Jul - 31 Jul 2005
01 June - 30 June 2005
01 May - 31 May 2005
01 Apr - 30 Apr 2005
01 Mar - 31 Mar 2005
01 Feb - 29 Feb 2005
01 Jan - 31 Jan 2005
01 Dec - 31 Dec 2004
01 Nov - 30 Nov 2004
01 Oct - 31 Oct 2004
01 Sep - 30 Sep 2004
01 Aug - 31 Aug 2004

Stuff

Powered by Pivot  
XML: RSS feed 
XML: Atom feed 

§ Weird PREfast problem

For a while now, Microsoft has made the /analyze mode of the VC++ compiler -- a.k.a. PREfast -- available through the Windows SDK. I've run it a couple of times before out of curiosity, and it's found a few interesting null pointer deference paths, but like most static analysis tools it has a huge problem with spewing dubious results when you first sic it on a codebase. This mainly results from C/C++ being an unexpressive language, and while you can fix that and improve the results by peppering your source code with annotations, it's not something I've gotten around to doing given the time and risk involved.

One of the problems specifically with PREfast is that it seems to have a habit of issuing bogus warnings about bad array indices. For instance, take this simplified code:

void foo(int *p) {
static const int data[16] = {0};
    for(int i=0; i<16; ++i) {
if (i != 0)
p[i] = data[i-1];
}
}

The if() clearly prevents any pointer deferencing when i = 0, but PREfast gives this output:

Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.

oops.cpp
oops.cpp(6) : warning C6200: Index '-1' is out of valid index range '0' to '15' for non-stack buffer 'int const * const `void __cdecl foo(int *)'::`2'::data'

All such warnings turned out to be impossible cases in code. I tracked down some of them to PREfast being confused by an assert macro, but this is the one case I've been able to pin down to the static analyzer ignoring an obvious prohibition in control flow. A related problem is that it isn't very good about indicating how sure it is about a buffer overflow, so instead of indicating that it has found a possible overflow, it assumes some rather large numbers:

warning C6201: Index '18446744073709551615' is out of valid index range '0' to '255' for possibly stack allocated buffer 'mStackLevels'

Kind of hard to do that when indexing with a uint8_t in 32-bit code.

I did try cppcheck once as a possible alternative for a free code analysis tool. It was a bit better about false positives and focused more on structural issues rather than dynamic ones, but its problem was speed -- due to a combination of not supporting precompiled headers and slow parsing performance it was taking over five minutes per .cpp file. It turned out to be primarily due to an unexpectedly mediocre implementation of std::string::operator==(const char *) in the VC++ STL and an O(N^2) implementation of a core string pattern matching algorithm, but even after fixing those it was still prohibitively slow.

Comments

Comments posted:


How about this one: http://www.viva64.com/ ?
And maybe llvm static analyzer, if it is available for win32.

Z.T. - 08 09 11 - 19:22


http://clang-analyzer.llvm.org/installat..

http://clang.llvm.org/get_started.html#b..

Supposedly can be built using visual studio.

Z.T. - 08 09 11 - 19:25


It's not free but I find PC-lint quite useful for static analysis as a complement to /analyze
It does however suffer from bad value tracking for some cases which can trigger false positives in situations like the one described in the text.

neko - 09 09 11 - 06:38


PVS-Studio:


void foo1(int *p) {
static const int data[16] = {0};
for(int i=0; i!=16; ++i) {
if (i != 0)
p[i] = data[i-1]; //ok
}
}

PVS-Studio output: OK

void foo2(int *p) {
static const int data[16] = {0};
for(int i=0; i!=16; ++i) {
p[i] = data[i-1]; //V557
}
}

PVS-Studio output: V557. Array underrun is possible. The value of 'i - 1' index could reach -1.

Andrey (link) - 10 09 11 - 19:41


Could you submit/post your cppcheck modifications?

Firewave - 20 09 11 - 09:20

Comment form


Please keep comments on-topic for this entry. If you have unrelated comments about VirtualDub, the forum is a better place to post them.
Name:  
Remember personal info?

Email (Optional):
Your email address is only revealed to the blog owner and is not shown to the public.
URL (Optional):
Comment: /

An authentication dialog may appear when you click Post Comment. Simply type in "post" as the user and "now" as the password. I have had to do this to stop automated comment spam.



Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.