Webinar: C++ semantics - 06.11
In the article, we will compare three mechanisms of code analysis from the viewpoint of detecting 64-bit errors: the Visual C++ 2010 compiler, the Code Analysis for C/C++ component included into Visual Studio 2010 and Viva64 analyzer included into PVS-Studio 3.60. I will show both the capabilities of detecting defects in 64-bit projects and preliminary diagnosis of 64-bit errors in the 32-bit code of projects.
Our company OOO "Program Verification Systems" develops a specialized static code analyzer Viva64 intended to detect 64-bit errors in Windows-applications. The Viva64 analyzer is included into the PVS-Studio package integrating into the Visual Studio 2005/2008/2010 environment.
Our potential users who think about purchasing PVS-Studio often ask us what advantages our tool has over diagnostic capabilities of the Visual C++ compiler and Code Analysis for C/C++ component available in extended editions of Visual Studio (for instance, in Visual Studio 2010 Premium/Ultimate).
Our users are also interested in the capability of preliminary detection of 64-bit errors at the stage when there is no 64-bit project yet.
In this article, we will compare various tools by 31 patterns of 64-bit errors and show how efficient they are when checking 32-bit and 64-bit projects. In the third section, there are links for you to learn about each error pattern in detail and comments on the comparison tables. The test project that we used as a basis for comparison and that contains all the error patterns can be downloaded here: http://www.viva64.com/external-pictures/ErrorExamples-vs2010-project.7z.
Comparison of tools and percentage of defects found when analyzing 64-bit projects are presented in Table 1. Note that the column referring to Code Analysis for C/C++ is empty. The reason is that Code Analysis for C/C++ does not work with 64-bit projects.
Also note that we enabled all the warnings of the Visual C++ compiler with the /Wall switch, i.e. all its diagnostic capabilities are in use. The /Wp64 switch is disabled since it is ignored (has no sense) when compiling 64-bit projects.
The coloring of the table cells (the legend):
Table 1 - Comparison of capabilities of the Visual C++ 2010 compiler, Code Analysis for C/C++ (Visual Studio 2010 Premium) and Viva64 (PVS-Studio 3.60) in detecting 64-bit errors in a 64-bit project
Conclusion
The diagnostic capabilities of the Viva64 static analyzer exceed those of Visual C++ 2010 several times when searching for 64-bit errors in 64-bit projects. The Code Analysis for C/C++ is useless in searching for this type of errors since it cannot work with the code of 64-bit projects at the moment.
People are often interested in the possibility of detecting 64-bit errors already at the stage of working with the 32-bit project already. This interest results from the following two tasks:
Comparison of the tools and percentage of defects found when analyzing 32-bit projects are presented in Table 2.
The /Wall and /Wp64 switches are enabled for the Visual C++ compiler to use its diagnostic capabilities to the full extent. For the Code Analysis for C/C++ unit, we have also enabled all the possible warnings.
The coloring of the table cells (the legend):
Table 2 - Comparison of capabilities of the Visual C++ 2010 compiler, Code Analysis for C/C++ (Visual Studio 2010 Premium) and Viva64 (PVS-Studio 3.60) in detecting 64-bit errors in a 32-bit project
Conclusion
The diagnostic capabilities of the Viva64 analyzer exceed those of Visual C++ 2010 several times when searching for 64-bit errors in 32-bit projects.
The diagnostic capabilities of Visual C++ 2010 turn out to be less efficient when analyzing 32-bit projects than in case of 64-bit projects. This is explained by the fact that the compiler uses a different data model (ILP32) when compiling 32-bit projects.
The Code Analysis for C/C++ component is a general-purpose static analyzer and does not help in detecting the type of 64-bit errors we consider here.
The Viva64 analyzer performed equally full analysis both for 32-bit and 64-bit projects. In practice, the Viva64 analyzer still might miss up to 5% of errors and show fewer warnings. To learn more about it, please see - Lesson 28. Estimating the cost of 64-bit migration of C/C++ applications.
A detailed description of each error pattern will take too much space in the article. So let me just give you links to various sources where you may thoroughly study each of the patterns and see various examples. I will also give some comments explaining why some types of errors can be diagnosed only partly.
Description:
Description:
Description:
Description:
Description:
Description:
Description:
Description:
Description:
Description:
Description:
Description:
Description:
Note to the table
When building a 32-bit project, the Visual C++ compiler warns only about the conversion of the double type to size_t and does not warn about the opposite conversion.
Description:
Description:
Description:
Description:
Description:
Description:
Description:
Description:
Note to the table
The Visual C++ compiler diagnoses only the explicit conversion of pointers to 32-bit data types but not all the memsize-types.
Description:
Note to the table
The Visual C++ compiler diagnoses all the cases when the function prototype in the descendant class differs from the prototype of the function defined as a virtual function in the base class. As a result, a lot of warnings are generated which do not refer to 64-bit defects and it complicates the use of this diagnosis type. Moreover, the compiler does not detect this type of errors at all when compiling a 32-bit project.
Description:
Description:
Description:
Note to the table
The task of searching for the buffer overflow is difficult and often cannot be solved by means of static analysis at all. That is why we specified in the table that the Viva64 analyzer detects only some of the defects of this kind.
Description:
Note to the table
The Visual C++ compiler warns about all empty spaces between fields in structures that appear because of data alignment. This information may be used to search for non-optimal structures but it is difficult to do in practice.
Description:
Note to the table
The analyzer diagnoses this type of errors indirectly by generating a warning about conversion of the int type to the pointer.
Description:
Description:
Description:
Description:
The Viva64 static analyzer included into PVS-Studio exceeds the capabilities of Visual C++ 2010 and Code Analysis for C/C++ component several times in detecting 64-bit defects. The analyzer can be used with the same efficiency both when developing new 64-bit projects and preparing 32-bit code for migration to a 64-bit system. The Viva64 analyzer also helps in estimating the cost of porting an application to a 64-bit system - this feature is described in "Lesson 28. Estimating the cost of 64-bit migration of C/C++ applications".
0