Category Archives: Coverity

ATBG: non-nullable reference types

Posted on by
53

Today on the Coverity Development Testing Blog‘s continuing series Ask The Bug Guys, a question I’ve gotten many times in person over the years but never blogged about: just how difficult would it be to retrofit non-nullability into the .NET type system? Pretty hard, it turns out.

As always, if you have questions about a bug you’ve found in a C, C++, C# or Java program that you think would make a good episode of ATBG, please send your question along with a small reproducer of the problem to TheBugGuys@Coverity.com. We cannot promise to answer every question or solve every problem, but we’ll take a selection of the best questions that we can answer and address them on the dev testing blog every couple of weeks.

Coverity analysis and FXCOP

Posted on by
2

This has been a crazy busy week and its only Tuesday. I spent the weekend helping set up the new Coverity office on the 12th floor of the Columbia Center — more on that on Thursday, after I’ve had a chance to take some photos — and schmoozing with my old team at Microsoft as part of the MVP summit. I am super-excited to be a C# MVP, though it is a bit odd to be on the audience side rather than the presenter side for the summit. “Thank you Eric for holding onto the microphone for us for the last half hour” was Anthony‘s wry comment after one marathon Q&A session yesterday. Old habits die hard.

One of the questions I’ve gotten frequently, both here at the summit and at other events, is how Coverity’s analysis of C# programs compares to FXCOP. My “Ask the bug guys” colleague Jon has just written an article about that very subject, so check it out. The short version: by design, they do not overlap at all. We want these tools to be complementary, not competitors. (And in fact you can import FXCOP warnings into Coverity Connect to track them alongside of defect reports discovered by Coverity’s analysis.)

ATBG: de facto and de jure reachability

Posted on by
17

UPDATE: Coverity has removed the dev testing blog; I’ve put in a link to the internet archive.

In the latest episode of the Coverity Development Testing Blog‘s continuing series “Ask the Bug Guys”, I dig into an interesting question about inconsistencies between de facto and de jure unreachability — that is, the difference between code that is actually unreachable and the smaller set of code that the C# compiler detects as unreachable. The difference can cause some interesting inconsistencies in the compiler’s behavior. And my colleague Jon ponders the wisdom of fixing fragile, hard-to-understand code even if it is at present correct.

As always, if you have questions about a bug you’ve found in a C, C++, C# or Java program that you think would make a good episode of ATBG, please send your question along with a small reproducer of the problem to TheBugGuys@Coverity.com. We cannot promise to answer every question or solve every problem, but we’ll take a selection of the best questions that we can answer and address them on the dev testing blog every couple of weeks.

ATBG: null coalescing precedence

Posted on by
16

In the latest episode of the Coverity Development Testing Blog‘s continuing series “Ask the Bug Guys”, I dig into two questions about the null coalescing operator. This handy little operator is probably the least well understood of all the C# operators, but it is quite useful. Unfortunately, it is easy to accidentally use it incorrectly due to precedence issues.

As always, if you have questions about a bug you’ve found in a C, C++, C# or Java program that you think would make a good episode of ATBG, please send your question along with a small reproducer of the problem to TheBugGuys@Coverity.com. We cannot promise to answer every question or solve every problem, but we’ll take a selection of the best questions that we can answer and address them on the dev testing blog every couple of weeks.

ATBG: interfaces and increments

Posted on by
2

On today’s episode of the Coverity Development Testing Blog series Ask The Bug Guys we have two posts. I take on the question does explicit interface implementation violate encapsulation? and my colleague Jon follows up on my previous posting about increment operators to discuss the precedence of the increment operator and bonus, the meaning of local static in C/C++.

As always: if you have a question about some aspect of C, C++, C# or Java programming language design, or want to share an interesting bug that bit you in one of those languages, please send it (along with a concise reproducer of the problem) to TheBugGuys@Coverity.com. We cannot promise to answer every question or solve every problem, but we’ll take a selection of the best questions that we can answer and address them here every couple of weeks.

Testers wanted

Posted on by
3

I’ve been at Coverity for nine months now and the Seattle office has expanded from me and Bob to nine developers and testers; it’s been very exciting to help grow this office from a couple of guys with laptops to what will soon be a fully-fledged branch office. We’re shortly to move out of our temporary space on the 42nd floor of the Columbia Center to a larger space on the 12th floor.[1. Unfortunately downgrading my view from absurdly spectacular to merely totally awesome. I’ll post pictures when we move in next month.]

We are looking to fill a few more positions in the Seattle office, and particularly looking for a tester to work on automating testing for our Visual Studio plug-in and other GUI front ends. If you fit the bill and would like to work with me and the rest of the awesome team we’re assembling, please check out the listing here. A complete listing of all open positions at Coverity can be found here.

Do feel free to drop me a line, or leave a comment below, or note in your application that you heard about this on my blog. Please do not just send me a resume; use the link in the job posting so that our recruiting team gets the information as soon as possible.

ATBG meets math from scratch

Posted on by
16

In a nice bit of synchronicity my article this week on Ask The Bug Guys, our continuing series on the Coverity Development Testing Blog, is about the differences between the C, C++ and C# interpretation of the ++ operator[1. And of course everything in there applies equally well to the -- operator.] So read that first, and then it will make perfect sense why the increment operator on my Natural class from last time is simply:

public static Natural operator ++(Natural x)
{
  if (ReferenceEquals(x, null))
    throw new ArgumentNullException("x");
  return Add(x, One);
}

As always, if you have a question about a bug in a C, C++, C# or Java program please email it to TheBugGuys@coverity.com along with a concise reproducer of the problem if possible. We can’t answer every question but we’ll pick a sample of the most interesting ones a post an analysis on the dev testing blog.

Next time on FAIC: multiplication.

ATBG: Reflection and default parameters

Posted on by
Reply

We have two posts today on the Coverity Development Testing Blog‘s continuing series Ask The Bug Guys. First, my colleague Jon explores a tricky difference between the 1989 and 1999 C standards involving conversions of array types to pointer types that can cause undefined behavior if you’re not careful. Then I discuss why Reflection and constructors (or any other method, for that matter) with default parameters do not play nicely with reflection.

Thanks to readers Dennis and Laurence for these interesting questions. If you have a question about a bug in your C, C++, C# or Java program, please send it to TheBugGuys@coverity.com; we’d love to see it. We can’t guarantee an answer to all your problems, but we will pick a selection of the best questions and post about them on the development testing blog. Past episodes can be found here, and the RSS feed for the blog is here.

ATBG: guess the type

Posted on by
Reply

The latest episode of Coverity’s series Ask the Bug Guys is now posted on the Development Testing Blog. In this episode, a reader get me to play “guess the type”, and my colleague Tim talks a bit about the Java equivalent of the C# using statement for releasing resources. Check it out!

As always, if you have a question about an odd bit of C#, C, C++ or Java that led to a bug, send it to TheBugGuys@coverity.com; we’d love to see it. We can’t guarantee an answer to all your problems, but we will pick a selection of the best questions and post about them on the dev testing blog.