To get a trial key
fill out the form below
Team License (a basic version)
Enterprise License (extended version)
* By clicking this button you agree to our Privacy Policy statement

Request our prices
New License
License Renewal
--Select currency--
USD
EUR
GBP
RUB
* By clicking this button you agree to our Privacy Policy statement

Free PVS-Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
Comparing capabilities of PVS-Studio an…

Comparing capabilities of PVS-Studio and Visual Studio 2010 in detecting defects in 64-bit programs

Jul 06 2010
Author:

In the article, we will compare three mechanisms of code analysis from the viewpoint of detecting 64-bit errors: the Visual C++ 2010 compiler, the Code Analysis for C/C++ component included into Visual Studio 2010 and Viva64 analyzer included into PVS-Studio 3.60. I will show both the capabilities of detecting defects in 64-bit projects and preliminary diagnosis of 64-bit errors in the 32-bit code of projects.

Introduction

Our company OOO "Program Verification Systems" develops a specialized static code analyzer Viva64 intended to detect 64-bit errors in Windows-applications. The Viva64 analyzer is included into the PVS-Studio package integrating into the Visual Studio 2005/2008/2010 environment.

Our potential users who think about purchasing PVS-Studio often ask us what advantages our tool has over diagnostic capabilities of the Visual C++ compiler and Code Analysis for C/C++ component available in extended editions of Visual Studio (for instance, in Visual Studio 2010 Premium/Ultimate).

Our users are also interested in the capability of preliminary detection of 64-bit errors at the stage when there is no 64-bit project yet.

In this article, we will compare various tools by 31 patterns of 64-bit errors and show how efficient they are when checking 32-bit and 64-bit projects. In the third section, there are links for you to learn about each error pattern in detail and comments on the comparison tables. The test project that we used as a basis for comparison and that contains all the error patterns can be downloaded here: http://www.viva64.com/external-pictures/ErrorExamples-vs2010-project.7z.

1. Comparison of tools when analyzing 64-bit projects

Comparison of tools and percentage of defects found when analyzing 64-bit projects are presented in Table 1. Note that the column referring to Code Analysis for C/C++ is empty. The reason is that Code Analysis for C/C++ does not work with 64-bit projects.

Also note that we enabled all the warnings of the Visual C++ compiler with the /Wall switch, i.e. all its diagnostic capabilities are in use. The /Wp64 switch is disabled since it is ignored (has no sense) when compiling 64-bit projects.

The coloring of the table cells (the legend):

  • Grey - cannot be diagnosed.
  • Blue background - can be diagnosed partly (see explanations in the third section).
  • Green background - can be diagnosed.
a0066_PVS_vs_VS/image1.png

Table 1 - Comparison of capabilities of the Visual C++ 2010 compiler, Code Analysis for C/C++ (Visual Studio 2010 Premium) and Viva64 (PVS-Studio 3.60) in detecting 64-bit errors in a 64-bit project

Conclusion

The diagnostic capabilities of the Viva64 static analyzer exceed those of Visual C++ 2010 several times when searching for 64-bit errors in 64-bit projects. The Code Analysis for C/C++ is useless in searching for this type of errors since it cannot work with the code of 64-bit projects at the moment.

2. Comparison of tools when analyzing 32-bit projects

People are often interested in the possibility of detecting 64-bit errors already at the stage of working with the 32-bit project already. This interest results from the following two tasks:

  • To estimate the cost of porting a 32-bit application to a 64-bit system.
  • To eliminate as many 64-bit errors as possible before porting the application.

Comparison of the tools and percentage of defects found when analyzing 32-bit projects are presented in Table 2.

The /Wall and /Wp64 switches are enabled for the Visual C++ compiler to use its diagnostic capabilities to the full extent. For the Code Analysis for C/C++ unit, we have also enabled all the possible warnings.

The coloring of the table cells (the legend):

  • Grey - cannot be diagnosed.
  • Blue background - can be diagnosed partly (see explanations in the third section).
  • Green background - can be diagnosed.
a0066_PVS_vs_VS/image3.png

Table 2 - Comparison of capabilities of the Visual C++ 2010 compiler, Code Analysis for C/C++ (Visual Studio 2010 Premium) and Viva64 (PVS-Studio 3.60) in detecting 64-bit errors in a 32-bit project

Conclusion

The diagnostic capabilities of the Viva64 analyzer exceed those of Visual C++ 2010 several times when searching for 64-bit errors in 32-bit projects.

The diagnostic capabilities of Visual C++ 2010 turn out to be less efficient when analyzing 32-bit projects than in case of 64-bit projects. This is explained by the fact that the compiler uses a different data model (ILP32) when compiling 32-bit projects.

The Code Analysis for C/C++ component is a general-purpose static analyzer and does not help in detecting the type of 64-bit errors we consider here.

The Viva64 analyzer performed equally full analysis both for 32-bit and 64-bit projects. In practice, the Viva64 analyzer still might miss up to 5% of errors and show fewer warnings. To learn more about it, please see - Lesson 28. Estimating the cost of 64-bit migration of C/C++ applications.

3. Description of comparison parameters

A detailed description of each error pattern will take too much space in the article. So let me just give you links to various sources where you may thoroughly study each of the patterns and see various examples. I will also give some comments explaining why some types of errors can be diagnosed only partly.

3.1. Implicit conversion of a 32-bit type to a memsize-type

Description:

3.2. Dangerous address arithmetic

Description:

3.3. Implicit conversion of a memsize-type to a 32-bit type

Description:

3.4. Implicit conversion of a 32-bit type to a memsize-type in a comparison operation

Description:

3.5. Implicit conversion of a 32-bit type to a memsize-type in a ternary operation

Description:

3.6. Implicit conversion of a 32-bit type to a memsize-type when calling a function

Description:

3.7. Implicit conversion of a memsize-type to a 32-bit type when calling a function

Description:

3.8. A non-memsize type is used as an index

Description:

3.9. Implicit conversion of a 32-bit type to a memsize-type inside the return operator

Description:

3.10. Implicit conversion of a memsize-type to a 32-bit type inside the return operator

Description:

3.11. Functions with a variable number of arguments, a value of a memsize-type is passed as the parameter

Description:

3.12. Dangerous magic number

Description:

3.13. Attempt to store a value of a memsize-type in a variable of the double type

Description:

Note to the table

When building a 32-bit project, the Visual C++ compiler warns only about the conversion of the double type to size_t and does not warn about the opposite conversion.

3.14. Incorrect change of the pointer's type

Description:

3.15. Using memsize types when handling exceptions

Description:

3.16. Memsize-types in unions

Description:

3.17. Dangerous expression as an argument of the malloc() function

Description:

3.18. Incorrect calculation of object sizes using several sizeof() operators

Description:

3.19. The new operator accepts an expression of a 32-bit type as an argument

Description:

3.20. Explicit conversion of a 32-bit type to a memsize-type

Description:

3.21. Explicit conversion of a memsize-type to a 32-bit type

Description:

Note to the table

The Visual C++ compiler diagnoses only the explicit conversion of pointers to 32-bit data types but not all the memsize-types.

3.22. Incorrectly defined virtual functions

Description:

Note to the table

The Visual C++ compiler diagnoses all the cases when the function prototype in the descendant class differs from the prototype of the function defined as a virtual function in the base class. As a result, a lot of warnings are generated which do not refer to 64-bit defects and it complicates the use of this diagnosis type. Moreover, the compiler does not detect this type of errors at all when compiling a 32-bit project.

3.23. Dangerous [] operator

Description:

3.24. Using deprecated functions

Description:

3.25. Buffer overflow or underflow error

Description:

  • PVS-Studio documentation. V320. A call of the 'foo' function will lead to a buffer overflow or underflow in a 64-bit system.

Note to the table

The task of searching for the buffer overflow is difficult and often cannot be solved by means of static analysis at all. That is why we specified in the table that the Viva64 analyzer detects only some of the defects of this kind.

3.26. Searching for structures whose sizes can be decreased without performance loss

Description:

Note to the table

The Visual C++ compiler warns about all empty spaces between fields in structures that appear because of data alignment. This information may be used to search for non-optimal structures but it is difficult to do in practice.

3.27. Using a function without preliminarily defining it (in the C language)

Description:

Note to the table

The analyzer diagnoses this type of errors indirectly by generating a warning about conversion of the int type to the pointer.

3.28. Incorrect #ifdef..#else

Description:

3.29. Serialization errors (changes of type sizes, byte order changes)

Description:

3.30. Redirection errors (referring to WoW64)

Description:

3.31. Changes of program behavior when using overloaded functions

Description:

Summary

The Viva64 static analyzer included into PVS-Studio exceeds the capabilities of Visual C++ 2010 and Code Analysis for C/C++ component several times in detecting 64-bit defects. The analyzer can be used with the same efficiency both when developing new 64-bit projects and preparing 32-bit code for migration to a 64-bit system. The Viva64 analyzer also helps in estimating the cost of porting an application to a 64-bit system - this feature is described in "Lesson 28. Estimating the cost of 64-bit migration of C/C++ applications".

Popular related articles
The Evil within the Comparison Functions

Date: May 19 2017

Author: Andrey Karpov

Perhaps, readers remember my article titled "Last line effect". It describes a pattern I've once noticed: in most cases programmers make an error in the last line of similar text blocks. Now I want t…
PVS-Studio ROI

Date: Jan 30 2019

Author: Andrey Karpov

Occasionally, we're asked a question, what monetary value the company will receive from using PVS-Studio. We decided to draw up a response in the form of an article and provide tables, which will sho…
How PVS-Studio Proved to Be More Attentive Than Three and a Half Programmers

Date: Oct 22 2018

Author: Andrey Karpov

Just like other static analyzers, PVS-Studio often produces false positives. What you are about to read is a short story where I'll tell you how PVS-Studio proved, just one more time, to be more atte…
The Ultimate Question of Programming, Refactoring, and Everything

Date: Apr 14 2016

Author: Andrey Karpov

Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The au…
PVS-Studio for Java

Date: Jan 17 2019

Author: Andrey Karpov

In the seventh version of the PVS-Studio static analyzer, we added support of the Java language. It's time for a brief story of how we've started making support of the Java language, how far we've co…
Appreciate Static Code Analysis!

Date: Oct 16 2017

Author: Andrey Karpov

I am really astonished by the capabilities of static code analysis even though I am one of the developers of PVS-Studio analyzer myself. The tool surprised me the other day as it turned out to be sma…
Technologies used in the PVS-Studio code analyzer for finding bugs and potential vulnerabilities

Date: Nov 21 2018

Author: Andrey Karpov

A brief description of technologies used in the PVS-Studio tool, which let us effectively detect a large number of error patterns and potential vulnerabilities. The article describes the implementati…
The Last Line Effect

Date: May 31 2014

Author: Andrey Karpov

I have studied many errors caused by the use of the Copy-Paste method, and can assure you that programmers most often tend to make mistakes in the last fragment of a homogeneous code block. I have ne…
Free PVS-Studio for those who develops open source projects

Date: Dec 22 2018

Author: Andrey Karpov

On the New 2019 year's eve, a PVS-Studio team decided to make a nice gift for all contributors of open-source projects hosted on GitHub, GitLab or Bitbucket. They are given free usage of PVS-Studio s…
Static analysis as part of the development process in Unreal Engine

Date: Jun 27 2017

Author: Andrey Karpov

Unreal Engine continues to develop as new code is added and previously written code is changed. What is the inevitable consequence of ongoing development in a project? The emergence of new bugs in th…

Comments (0)

Next comments
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept