|
Years ago, I did a very extensive analysis of C++ static analyzers. The two best were PVS-Studio (for 'fast' analsysis) and Coverity (which found several really obscure bugs and relatively fewer false positives.)
How does this compare to those two?
Note: One big problem is that if not tuned right static analyzers generate a lot of false positives. With several products (esp. one) the false positives, even after tuning, were absurd. Worse, that one product was so wrong, sometimes were its suggestions followed, it would have made the code materially worse.
|
|
|
|
|
@Mark-Wallace @Member-7989122
In case you're interested, here[^] are the changes that I made as the result of DeepCode's analysis. I summarized what it found in a previous post[^].
I've now run PVS-Studio, made changes based on what it found, and have started regression testing. It generates lots of errors and warnings, many of which are false alarms (some understandably so) or violations of obsessive coding standards (e.g., MISRA). Some of the false alarms involve virtual functions, where it suggests making an argument const even though the function is an override and the argument has to be non-const for other overrides. But some of its "argument could be const " warnings look good but were missed by own static analysis tool[^], so I also have some escape analysis to do.
Here's a summary of most of the changes I made as the result of PVS-Studio's findings:
- changing
unique_ptr.release() to reset() to fix a memory leak - adding either a missing
break or [[fallthrough]] at the end of a case clause - removing an expression that always evaluates to
true or false (most were checks for < 0 on an unsigned type) - removing checks for
nullptr after invoking new (unreachable because an exception occurs if new fails) - changing occurrences of
(strlen(str) == 0) to (str[0] == NUL) for efficiency - moving an invariant call to
strlen out of a loop for efficiency - changing a type from signed to unsigned or vice versa (usually involving
size_t ) - removing redundant checks or assignments
- changing the order of data members for more efficient memory usage
- making an argument
const
Mostly cosmetic, but there were some real bugs (the first two bullets).
It also told me that a multithreaded Windows application is supposed to use _beginthreadex instead of CreateThread . This was a revelation and something that I'll be changing later. My code seems to work using CreateThread , but maybe a tiger is waiting to pounce.
|
|
|
|
|
I'm quite impressed by the DeepCode results, especially if it's as quick as you say. It may not have flagged anything big enough to make the baby Jesus cry (presumably because you're not rubbish at it), but, for example, your For loop in ServiceSM is certainly improved a bit, so that makes it worth the effort.
Good stuff! Cheers for the update!
Greg Utas wrote: [PVS-Studio] also told me that a multithreaded Windows application is supposed to use _beginthreadex instead of CreateThread I came across the _beginthread /_beginthreadex thing a while back, while trying to track a minor but annoying memory leak. Apparently, calling CreateThread directly from the API can cause tiddly chunks of memory (I think it was 72 bytes each time) to be leaked, because of some jiggery-pokery with the CRT signal function.
Like you say, it's one of those things you either find out about while not particularly looking for it, or when it bites you in the @rse.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Mark_Wallace wrote: Apparently, calling CreateThread directly from the API can cause tiddly chunks of memory (I think it was 72 bytes each time) to be leaked, because of some jiggery-pokery with the CRT signal function. I also saw this while browsing through things found by a search but also recall someone claiming that the leak had been fixed.
|
|
|
|
|
Greg Utas wrote: but also recall someone claiming that the leak had been fixed. Gawd, there was I, thinking that I was all super-duper cutting-edge, but I'm already behind the times!
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
The suspicious network activities revealed in the research by Positive Technologies are traffic hiding, VPN tunneling, connections to the Tor anonymous network, and network proxying. "A man who trusts everyone is a fool and a man who trusts no one is a fool."
|
|
|
|
|
Kent Sharkey wrote: "A man who trusts everyone is a fool and a man who trusts no one is a fool." I prefer:
The first time you lie me, it will be your fault. The second one, it will be my fault.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Kent Sharkey wrote: traffic hiding, VPN tunneling, connections to the Tor anonymous network, and network proxying They can't be very good at their jobs. All they seem to have found is people trying to protect their privacy from @rsehole companies that "analyse" what people are doing with the Internet.
Essentially, what they've discovered is that people don't like being snooped on by companies like them.
As for nasty boys on the Interwebs, just look as any server or router log for any ten minute period of any day, and you'll find "suspicious network activity" in all of them.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Quote: The suspicious network activities revealed in the research by Positive Technologies are traffic hiding, VPN tunneling, connections to the Tor anonymous network, and network proxying.
Is it an example of Newspeak from 1984?
|
|
|
|
|
Delivering reliable, high-performance results across the breadth of Windows hardware, Windows ML is designed to make ML deployment easier, allowing developers to focus on creating innovative applications. Now you can make that data entry form artificially intelligent
Edit: fixed the blurb. That's it. Done for the week. 'night all.
modified 19-Mar-20 17:45pm.
|
|
|
|
|
Was on purpose to repeat the comment?
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Oh duh. No, thank you.
TTFN - Kent
|
|
|
|
|
Summit, IBM's supercomputer equipped with the "brain of AI," ran thousands of simulations to analyze which drug compounds might effectively stop the virus from infecting host cells. Why does it keep recommending arsenic, cyanide, and gin?
|
|
|
|
|
Don't get me wrong... I will be happy if they do find something that helps, but... AI? Again? seriously?
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
|
Kent Sharkey wrote: Maybe it's telling us to drink more gin? I think you have been too close to Nagy lately
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
The American dick of a writer said: the original is China Daily, but you’ll have to deal with the little box up in the right corner labled “Xi’s Moments”, where a smiling Xi Jinping urges joint efforts to fight the pandemic As opposed to putting up with the constant, incessant, self-serving sh1te from a certain-coloured person who lives in a certain-coloured house?
I mean, things like:Quote: President Xi backs Italy's fight against COVID-19 andQuote: Xi lauds post-90s generation's fight against COVID-19 Highlight really stupid, terrible things for the leader of a country to say, don't they? How awful that people should "have to deal with" grown-up behaviour from politicians.
Forgive me if I don't repeat anything that spewed from the orifice of a certain-coloured person who lives in a certain-coloured house, but I'm actually getting sick of hearing about it myself -- clowns aren't funny when they're costing people their lives.
And how nice to see such mindless political sh1te on what is supposed to be a science-based web-site.
That's another American dick on my "don't read any of this guy's sh1te" list.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
This seems like a great application for it: filter out all the chemicals that probably won't work and indicate the ones that they should focus on, as opposed to the alternative of looking through all of them by hand. I'm pretty sure (or at least I hope) that this group isn't the one to blindly take a computer's word and act on it.
|
|
|
|
|
Nelek wrote: AI? Again? seriously? What's your concern?
Social Media - A platform that makes it easier for the crazies to find each other.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
Everybodys Buzzword Bingo cards have "AI" spread all over. We need others to get ahead with the bingo!
|
|
|
|
|
Initial assumption:
The corona virus spreads fast, so we need a fast computer to analyse the effects of chemicals on it, because, well, y'know, fast, yeah?
I'm putting that down as a fail right there, but if you insist on defending your idiotically illogical thesis, go ahead -- I'll just sit here and play candy crush.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Microsoft is giving customers an additional six months of support for some variants of Windows 10 1709 as a result of the impact of COVID-19 on IT professionals. There you go: bright side for COVID-19
|
|
|
|
|
Kent Sharkey wrote: There you go: bright side for COVID-19 It would be even brighter if the impact was in the update's programmers
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
So are they saying that one isn't the last-ever windows, but that the next one will be, or what?
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Last week, Microsoft and Canonical (the company behind the Ubuntu Linux distribution) were scheduled to host a developer conference focused on the Windows Subsystem for Linux (WSL) at Microsoft's Redmond campus. "We are not on a path to win against Linux. We must change some things and we must do it immediately. "
Because I got tired of the Ballmer quote.
|
|
|
|