Our website uses cookies to enhance your browsing experience.
Accept
to the top
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS‑Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
Just a Few Bugs in 514K Lines of Code -…

Just a Few Bugs in 514K Lines of Code - Amazon Web Services SDK for C++

Mar 03 2016

Amazon Web Services open-sourced C++ SDK, a modern C++ interface with lightweight dependencies. This prompted our team to apply PVS-Studio static analysis tool to the source code in order to try to reveal some interesting code fragments.

0378_AmazonSDK/image1.png

The developers of AWS SDK for C++ state that it is meant to be fully functioning, with both low-level and high-level interfaces; at the same time having minimum dependencies and providing platform portability (Windows, OSX, Linux, and mobile).The source code is available at GitHub repository.

PVS-Studio is a static analyzer for bug detection in the source code of programs, written in C, C++ and C#.

The size of the project to be analyzed is 5415 files, more than 514 thousand lines of code. Usually projects of that size contain a significant number of high and low-severity bugs, making a nice addition to our error collection.

This time, there is nothing much to say, but to give a big round of applause to the AWeSome developers for the quality of this project. They really did a great job: the analyzer managed to detect only a couple of low-severity bugs. Here they are, with the analyzer warnings:

V547 Expression 'pathname_.c_str() == 0' is always false. Pointer 'pathname_.c_str()' != NULL. gtest-all.cc 8189

std::string pathname_;
void FilePath::Normalize() {
  if (pathname_.c_str() == NULL) {  // <=
    pathname_ = "";
    return;
  }
  const char* src = pathname_.c_str();
  char* const dest = new char[pathname_.length() + 1];
  ....
}

The string::c_str() function returns the pointer to the c-string that cannot be equal to NULL. Even if an empty string will be created - like "string buf;", for instance; then the "buf.c_str()" will return a valid pointer to the empty string.

Thus, the condition "pathname_.c_str() == NULL" will always be false and the function will never exit in this fragment. Most likely this function has to be exited if the "pathname_" string is empty. Then the check should be as follows:

std::string pathname_;
void FilePath::Normalize() {
  if (pathname_.empty()) {
    return;
  }
  ....
}

Two more similar fragments:

  • V547 Expression 'output_file_.c_str() == 0' is always false. Pointer 'output_file_.c_str()' != NULL. gtest-all.cc 4575
  • V547 Expression 'os_stack_trace.c_str() != 0' is always true. Pointer 'os_stack_trace.c_str()' != NULL. gtest-all.cc 5286

That's it! Just a couple of suspicious fragments in a project with more than 514 k lines of code. There were several examples of fragments that seemed a little strange, but they aren't even worth mentioning here. That is truly impressive. We have to admit - having checked more than 200 projects we are more than surprised to see such a tiny number of bugs. Way to go, Amazon!

Popular related articles


Comments (0)

Next comments next comments
close comment form