Asking for advice about interesting diagnostic rules for C/C++ code to implement in our tool.

I am one of the PVS-Studio analyzer’s developers. We constantly create new diagnostic rules. The list of new rules to be yet implemented seems to be infinite. We constantly enlarge the todo-list with new samples of errors we would like to teach our tool to diagnose. So we don’t have any problems with lack of tasks. But we do have a problem about how to choose the most interesting and frequent types of errors. It’s logical to primarily realize diagnosis of those errors that are most frequent in applications. The question is how to set priorities for different tasks.

There came an idea to create a section on the website where we will list various defect samples and users will be able to vote for those errors they make most often. I don’t like this approach due to the following two crucial reasons.

1) The error list will be too great. It means that nobody will look through it entirely. The samples put in the beginning of the list will get the highest priority. Of course, we could sort the samples at random, but it’s not clear then how to continue studying the list the next day, for example. And in general, all this is becoming too complicated.

2) Programmers underestimate primary mistakes (see Myth two: http://www.viva64.com/en/b/0116/ ). For example, they don’t like to admit that a huge number of errors occur because of Copy-Paste and misprints. Few people will vote for a sample like the following one:



Programmers will vote for uninitialized variables, array overruns and other interesting issues. But as our experience shows ( http://www.viva64.com/en/a/0079/ ), a whole lot of errors are mistakes of various sorts. Thus, the voting won’t correspond to the real situation.

I have invented another method of setting priorities. I’m asking you, dear programmers, to share with us samples of errors you personally ever made. Tell us about any errors, regardless whether you find them serious or not. The examples you will give us will be live and truly represent the actual situation. I hope that we will be able to figure out what issues people are facing most often.

I will post several such topics for discussion on different websites. Error patterns that we have in our base and that will be mentioned by some of you will get a higher priority. If one and the same error type is described several times, then it will be addressed in the first place. We will greatly appreciate your samples.

Here are a couple of examples of code samples we would like to receive from you.



The programmer wanted to check that the string is empty but forgot to dereference the pointer. This is a widely spread misprint. This is the correct code: "if (*headerM != _T('\0'))".



A closing parenthesis is put in a wrong place. As a result, the memcmp() function compares 0 bytes.



The 'ret' variable is defined one more odd time. As a result, the code won’t handle the case when the file cannot be saved.

These examples don’t require complex AI and therefore are easily diagnosed by static analysis tools. We would like to get something like these samples from you.

I think that many examples you will share are already diagnosable by PVS-Studio. But it doesn’t matter, I will filter them out. If you want, you can try yourselves to find out if PVS-Studio can detect certain error types. For this purpose you can use the demo version. By the way, it’s absolutely full-function, which allows you to try it on your own projects at the same time.

The best way to share your samples is to post comments here or send them to my e-mail: karpov[@]viva64.com

@Andrew2011

I think it is not the forum where your question will get adequate answers.:)

Maybe you should ask your question somewhere in google as, for example, comp.lang.c++ or something similar.

Probably. I decided to ask this question in different places. It is impossible to guess where I'll get interesting answers.