Category Archives: Coverity

Ask the Bug Guys

Posted on by
Reply

Today on the Coverity Development Testing blog we’ve announced a new recurring feature: Ask the Bug Guys. If you’ve got a question about a strange behavior that caused a bug in a C#, Java, C or C++ program, or an interesting story to share about finding and fixing bugs, consider sending it to TheBugGuys@coverity.com. I’ll be reviewing the C# bugs, and my colleagues Jon and Tim will be looking at the C, C++ and Java submissions.

We of course cannot promise to write up an analysis of all submissions, but we will choose a selection of the most interesting and informative bugs and periodically post an analysis of them on the blog. Including a small, complete example that clearly demonstrates the bug would be helpful.

The psychology of C# analysis

Posted on by
17

developersThe organizers of the recent Static Analysis Symposium — conveniently held four blocks from my office — were kind enough to invite me to give the opening talk. Now, this is a conference where the presentations have titles like “Efficient Generation of Correctness Certificates for the Abstract Domain of Polyhedra“; I know what all those words mean individually, it’s just them next to each other in that order that I don’t understand. Fortunately for me, the SAS organizers invite people in industry to give talks about the less academic, more pragmatic aspects of program analysis, which I was happy to do.

They also let me pad my presentation with funny pictures of cats, which helped a lot.

Unfortunately I don’t have a recording of the talk, but my slides are posted here if you want to check them out.

Special thanks to Scott Meyer of BasicInstructions.net who was kind enough to allow me to use his comic about informative presentations in my informative presentation.

The answer to the string concatenation puzzle

Posted on by
15

Earlier on FAIC I asked for code that parses as an expression that produces different results for

s = s + expr;

and

s += expr;

This is a pretty easy puzzle; the answers posted in the comments could largely be grouped into two buckets. The first, which is a bit silly, are expressions which always produce a different value, so of course they produce different results in those two cases.

s = s + Guid.NewGuid();

produces a different result than

s += Guid.NewGuid();

but then again, it also produces different results every time you call

s += Guid.NewGuid();

so that’s not a particularly interesting answer.

Continue reading

Free beer!

Posted on by
11

OK, that got your attention.

Most of the Coverity C# analysis team is going to be in Seattle celebrating the opening of our new office on Wednesday February 20th. We’ll be at the Tap House Grill on 6th Avenue in Seattle, starting about 6:15. If you’re in Seattle at that time, over 21 years old, and want to hang out with me and the team then please stop by![1. Note that this is the Tap House Grill in Seattle, not the one in Bellevue.]

There are a very small number of free drink tickets available; if you want one, email me (Eric@Lippert.com) and I’ll send you instructions on how to sign up. Supplies are limited, so serious enquiries only please.

The view from Columbia Center

Posted on by
15

NewOffice

Today we set up Coverity’s Seattle office! I’ve spent the day unpacking boxes and booting machines and discovering why it is a bad idea to ship desktop machines with the hard disks in them. Aside from a minor hard disk mishap, everything has gone very smoothly. Special thanks to my colleagues Deidre and Jeff, who came up from San Francisco to get the network humming and make sure everything was taken care of.

The view from my office is, to say the least, awesome. (Click on the images for larger versions.)

NewOffice2

I haven’t gotten around to untangling all the wires yet, but we’re basically good to go here.

Next time on FAIC: I’ll start a short series on the uses and abuses of the static constructor.

Defect spotting, part two

Posted on by
7

I had a great time hanging out with my colleagues Bob and Amie yesterday at the HUB, talking with students, spotting defects and handing out yo-yos. Thanks to all who came out, and to the SWE for putting on a great event.

To follow up on the puzzle I posted yesterday: the terrible flaw, which most people spotted right away, was that the expression geteuid != 0 was of course intended to be geteuid() != 0. The code as written compares the function pointer to null, which it never is, and therefore the right side is always true, and therefore the conditional falls into the “fail with an error” branch more often than it ought to. The program succeeds if the user really is root, or if they are “sudo” root. It is intended to succeed also if the user is “effectively” root, but it does not. Thank goodness in this case the program fails to a secure mode! It is not at all difficult to imagine a situation where such an accidental function pointer usage causes the program to fail into the insecure mode. In any event, Coverity’s checker catches this one. (And of course more modern languages like C# do not allow you to use methods in a context other than a call or delegate conversion.)

There are of course any number of other flaws in this fragment. First, it’s now considered bad form to check for root like this; rather, check to see if the user is granted an appropriate permission. Second, the code is hard to read if you do not know the convention that the root user gets magical id zero by default; the code could be much more self-documenting. And so on; several people made good observations in the comments.

Next time on FAIC: You can build a hollow house out of solid bricks, and you can build a deadlocking program out of threadsafe methods too.

Defect spotting at the HUB

Posted on by
35

The University of Washington chapter of the Society of Women Engineers is putting on their quarterly career fair today at the Husky Union Building, and I’ll be there with a couple of my fabulous Coverity colleagues. If you happen to be a UW student reading this and want to stop on by for a round of my favourite game, “Spot the Defect” please do. We’ll be presenting a whole pile of buggy code; some of the defects will be quite straightforward and some of them will be subtle, but they all have a lesson.

If you want to play along at home, here’s one of the easy ones; this code was in a real used-by-customers product when Coverity’s static analysis engine discovered it:

{
  ...
  if (!strcmp(argv[i], "-configure"))
  {
    if (getuid() != 0 && geteuid != 0)
    {
      puts("Only root can use -configure.n");
      exit(1);
    }
  }
  xf86DoConfigure = TRUE;
  xf86AllowMouseOpenFail = TRUE;
  return 1;
}

Can you spot the defect and describe its consequence?

Anyways, like I said, if you’re a UW student then stop on by the booth and we’ll chat. The fair is open 12:30 to 5:30; if you’re a SWE member then you get early admission and can come in any time after 12:00. Hope to see you there!

Next time on FAIC: The solution to today’s puzzle.

First day

Posted on by
14

coverity-logoToday is my first day at Coverity! I am super-excited!

I have an enormous amount to learn about their systems. Since I have not so much as logged in to a Unix-based development environment since 1996, I’m going to be completely heads-down for the next couple of weeks. I am spending that time in San Francisco at the head office, drinking from the fire hose of static analysis knowledge. I will therefore have almost no time to spend on the blog. Expect things to be on auto-pilot for a little while. I’ve spent part of my time off queuing up articles, so it should not go entirely dark.

I’ll then spend the last week of January working remotely; the new office in the Columbia Tower in Seattle should be set up by the first week of February if all goes as planned. I am so looking forward to working downtown! I’ll post some photos when I get access to the new space.

Next time on FAIC: we’ll get back to the subject of how the Roslyn compiler optimizes lifted arithmetic.

Fabulous adventures

Posted on by
75

Hello world, this is the new home of Fabulous Adventures in Coding. (The previous site is here.) Long-time readers will need no introduction, but if you are new here, please check out this short bio.

Today, November 29th 2012, is as I noted in my final post on the MSDN blog, my second-last day at Microsoft. After tomorrow I will be taking the next few weeks off and not thinking about programming languages for once. And after that, I’m starting a new gig in 2013 at Coverity.

Most of you probably have not heard of Coverity, but you have almost certainly used software that was affected by their tools. Coverity makes static analysis tools for software developers; these tools analyze source code written in C, C++, Java and C# and tell you about correctness and security issues before they ship to customers. Among their high-profile customers are the Jet Propulsion Lab team that wrote the software for the Curiosity rovers now running around on Mars and the software team for the Large Hadron Collider, which recently confirmed the existence of the Higgs Boson. They also serve more down-to-earth customers; it’s not all weird science.

As an expert on the design and implementation of static analyzers for C# code — because, after all, that’s what the compiler is! — the opportunity to work in downtown Seattle on a small team to improve the C# analysis product was too good to pass up. And so here I am, continuing to try to improve the tools available for C# programmers.

Though I am no longer an “insider” on the C# design team, I intend to continue to blog about the design and implementation of C#, as well as other fabulous adventures in coding. If this sort of thing interests you, please subscribe to the RSS feed at ericlippert.com/feed, and please follow me on Twitter where I am @ericlippert.

Once I’m back from my short vacation we’ll get right back into it. Thanks for reading, and I look forward to sharing more fabulous adventures with you.

Next time on FAIC: Why are the bracing rules inconsistent in C#?