Bug of the month: taking the baton from PC-Lint to PVS-Studio
Recently we published 2 articles about TOP 10 errors in C++ and C# projects found in 2016. We got very positive feedback and that made us think - why not to make such a top rating of bugs for a month? Our site has a huge base of errors that is well-structured and that we can use to choose bugs, which were detected during a certain period of time. In this article you will learn about the new blog section "Bug of the month" and how we prepared articles for it.
Some may say that Gimpel Software has already had such a blog and we just borrowed their idea. But this is really not the case. What we have in common is the title and the fact that we make a post about a bug once a month.
But, although, in Gimpel Software there is really a number next to the diagnostic, the code provided there is artificially created as some kind of a puzzle with quite an amusing description. For example: "Santa and his elves are automating their Christmas delivery system. But one of the elves has made a critical error causing, in some areas, the actions to appear in an unexpected order". or: "Shawn O'Flaherty, perhaps a bit tipsy when he wrote this, is preparing a program for his pub's annual St. Patrick's Day celebration. Although not finished, there's already a bit of a problem". Also, they suggest finding this bug and checking yourself if you were right in solving the problem.
What we do is that we show bugs found only in open source projects, checked in several past years. We also tried choosing those bugs that would be understandable for all readers, not only experts. For example, these can be all favorite copy-paste or various typos that we find almost in all projects. Besides the code fragment, we also cite the text of the diagnostic, which the analyzer used to detect the problem. Below the post there is a link to the article about the check of the project, where you can see other bugs found in this project.
As it is written on the official site of Gimpel Software, their first "bug of the month" was found in March 1991 and the list continued to be replenished for 21 years. At one time they were very popular and promoted PC-Lint rather actively. Since 2012, the updates for this blog stopped, but the developers hope that "bug of the month" can be started again in the future.
In the meantime, we decided to take the baton from PC-Lint and create our own "bug of the month"
with blackja.. using open source projects and errors we find in them.
So, we reviewed a large number of projects that we checked from January 2014 to March and selected 54 interesting bugs: 39 for the C/C++ language and 15 for C#, because we started the C# support only in 2016. The table gets constantly updated and it can be found by this link: https://hownot2code.com/bug-of-the-month/.
As it was already said, we reviewed our existing error base and the always up-to-date list of open source projects. Perhaps, these materials would be interesting and also useful to the readers, as they can be used as recommendations of how to avoid the same errors, they may also help in doing some researches, related to the improvement of the software reliability and even for working on the code standards.
The existence of a large amount of errors in the code (especially in big projects) can be explained by the fact that it's not always possible to hold the attention and control every line of code, especially when there are thousands of them. This is how Copy-paste errors, undefined behavior, null pointer dereference, typos and other errors get in the code. They could all be avoided with the help of static analysis.
To make the number of such bugs less and improve the quality of the code, we suggest downloading and trying PVS-Studio on your project. Who knows, may be you will find your own bug of the month and will tell about it the community of developers to protect them from such errors. For now, you could also practise your bug searching skills and look for bugs in well-known Open Source projects.
Note. Recently, in the newly released version of PVS-Studio 6.14 we have added the support of Visual Studio 2017, Roslyn 2.0/C# 7.0 for the C# analyzer (see the release history).
So, welcome: Bug of the month!