Our website uses cookies to enhance your browsing experience.
Accept
to the top
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS‑Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you do not see the email in your inbox, please check if it is filtered to one of the following folders:

  • Promotion
  • Updates
  • Spam

Webinar: C++ semantics - 06.11

>
>
Comparing capabilities of PVS-Studio an…

Comparing capabilities of PVS-Studio and Visual Studio 2010 in detecting defects in 64-bit programs

Jul 06 2010
Author:

In the article, we will compare three mechanisms of code analysis from the viewpoint of detecting 64-bit errors: the Visual C++ 2010 compiler, the Code Analysis for C/C++ component included into Visual Studio 2010 and Viva64 analyzer included into PVS-Studio 3.60. I will show both the capabilities of detecting defects in 64-bit projects and preliminary diagnosis of 64-bit errors in the 32-bit code of projects.

Introduction

Our company OOO "Program Verification Systems" develops a specialized static code analyzer Viva64 intended to detect 64-bit errors in Windows-applications. The Viva64 analyzer is included into the PVS-Studio package integrating into the Visual Studio 2005/2008/2010 environment.

Our potential users who think about purchasing PVS-Studio often ask us what advantages our tool has over diagnostic capabilities of the Visual C++ compiler and Code Analysis for C/C++ component available in extended editions of Visual Studio (for instance, in Visual Studio 2010 Premium/Ultimate).

Our users are also interested in the capability of preliminary detection of 64-bit errors at the stage when there is no 64-bit project yet.

In this article, we will compare various tools by 31 patterns of 64-bit errors and show how efficient they are when checking 32-bit and 64-bit projects. In the third section, there are links for you to learn about each error pattern in detail and comments on the comparison tables. The test project that we used as a basis for comparison and that contains all the error patterns can be downloaded here: http://www.viva64.com/external-pictures/ErrorExamples-vs2010-project.7z.

1. Comparison of tools when analyzing 64-bit projects

Comparison of tools and percentage of defects found when analyzing 64-bit projects are presented in Table 1. Note that the column referring to Code Analysis for C/C++ is empty. The reason is that Code Analysis for C/C++ does not work with 64-bit projects.

Also note that we enabled all the warnings of the Visual C++ compiler with the /Wall switch, i.e. all its diagnostic capabilities are in use. The /Wp64 switch is disabled since it is ignored (has no sense) when compiling 64-bit projects.

The coloring of the table cells (the legend):

  • Grey - cannot be diagnosed.
  • Blue background - can be diagnosed partly (see explanations in the third section).
  • Green background - can be diagnosed.
a0066_PVS_vs_VS/image1.png

Table 1 - Comparison of capabilities of the Visual C++ 2010 compiler, Code Analysis for C/C++ (Visual Studio 2010 Premium) and Viva64 (PVS-Studio 3.60) in detecting 64-bit errors in a 64-bit project

Conclusion

The diagnostic capabilities of the Viva64 static analyzer exceed those of Visual C++ 2010 several times when searching for 64-bit errors in 64-bit projects. The Code Analysis for C/C++ is useless in searching for this type of errors since it cannot work with the code of 64-bit projects at the moment.

2. Comparison of tools when analyzing 32-bit projects

People are often interested in the possibility of detecting 64-bit errors already at the stage of working with the 32-bit project already. This interest results from the following two tasks:

  • To estimate the cost of porting a 32-bit application to a 64-bit system.
  • To eliminate as many 64-bit errors as possible before porting the application.

Comparison of the tools and percentage of defects found when analyzing 32-bit projects are presented in Table 2.

The /Wall and /Wp64 switches are enabled for the Visual C++ compiler to use its diagnostic capabilities to the full extent. For the Code Analysis for C/C++ unit, we have also enabled all the possible warnings.

The coloring of the table cells (the legend):

  • Grey - cannot be diagnosed.
  • Blue background - can be diagnosed partly (see explanations in the third section).
  • Green background - can be diagnosed.
a0066_PVS_vs_VS/image3.png

Table 2 - Comparison of capabilities of the Visual C++ 2010 compiler, Code Analysis for C/C++ (Visual Studio 2010 Premium) and Viva64 (PVS-Studio 3.60) in detecting 64-bit errors in a 32-bit project

Conclusion

The diagnostic capabilities of the Viva64 analyzer exceed those of Visual C++ 2010 several times when searching for 64-bit errors in 32-bit projects.

The diagnostic capabilities of Visual C++ 2010 turn out to be less efficient when analyzing 32-bit projects than in case of 64-bit projects. This is explained by the fact that the compiler uses a different data model (ILP32) when compiling 32-bit projects.

The Code Analysis for C/C++ component is a general-purpose static analyzer and does not help in detecting the type of 64-bit errors we consider here.

The Viva64 analyzer performed equally full analysis both for 32-bit and 64-bit projects. In practice, the Viva64 analyzer still might miss up to 5% of errors and show fewer warnings. To learn more about it, please see - Lesson 28. Estimating the cost of 64-bit migration of C/C++ applications.

3. Description of comparison parameters

A detailed description of each error pattern will take too much space in the article. So let me just give you links to various sources where you may thoroughly study each of the patterns and see various examples. I will also give some comments explaining why some types of errors can be diagnosed only partly.

3.1. Implicit conversion of a 32-bit type to a memsize-type

Description:

3.2. Dangerous address arithmetic

Description:

3.3. Implicit conversion of a memsize-type to a 32-bit type

Description:

3.4. Implicit conversion of a 32-bit type to a memsize-type in a comparison operation

Description:

3.5. Implicit conversion of a 32-bit type to a memsize-type in a ternary operation

Description:

3.6. Implicit conversion of a 32-bit type to a memsize-type when calling a function

Description:

3.7. Implicit conversion of a memsize-type to a 32-bit type when calling a function

Description:

3.8. A non-memsize type is used as an index

Description:

3.9. Implicit conversion of a 32-bit type to a memsize-type inside the return operator

Description:

3.10. Implicit conversion of a memsize-type to a 32-bit type inside the return operator

Description:

3.11. Functions with a variable number of arguments, a value of a memsize-type is passed as the parameter

Description:

3.12. Dangerous magic number

Description:

3.13. Attempt to store a value of a memsize-type in a variable of the double type

Description:

Note to the table

When building a 32-bit project, the Visual C++ compiler warns only about the conversion of the double type to size_t and does not warn about the opposite conversion.

3.14. Incorrect change of the pointer's type

Description:

3.15. Using memsize types when handling exceptions

Description:

3.16. Memsize-types in unions

Description:

3.17. Dangerous expression as an argument of the malloc() function

Description:

3.18. Incorrect calculation of object sizes using several sizeof() operators

Description:

3.19. The new operator accepts an expression of a 32-bit type as an argument

Description:

3.20. Explicit conversion of a 32-bit type to a memsize-type

Description:

3.21. Explicit conversion of a memsize-type to a 32-bit type

Description:

Note to the table

The Visual C++ compiler diagnoses only the explicit conversion of pointers to 32-bit data types but not all the memsize-types.

3.22. Incorrectly defined virtual functions

Description:

Note to the table

The Visual C++ compiler diagnoses all the cases when the function prototype in the descendant class differs from the prototype of the function defined as a virtual function in the base class. As a result, a lot of warnings are generated which do not refer to 64-bit defects and it complicates the use of this diagnosis type. Moreover, the compiler does not detect this type of errors at all when compiling a 32-bit project.

3.23. Dangerous [] operator

Description:

3.24. Using deprecated functions

Description:

3.25. Buffer overflow or underflow error

Description:

  • PVS-Studio documentation. V320. A call of the 'foo' function will lead to a buffer overflow or underflow in a 64-bit system.

Note to the table

The task of searching for the buffer overflow is difficult and often cannot be solved by means of static analysis at all. That is why we specified in the table that the Viva64 analyzer detects only some of the defects of this kind.

3.26. Searching for structures whose sizes can be decreased without performance loss

Description:

Note to the table

The Visual C++ compiler warns about all empty spaces between fields in structures that appear because of data alignment. This information may be used to search for non-optimal structures but it is difficult to do in practice.

3.27. Using a function without preliminarily defining it (in the C language)

Description:

Note to the table

The analyzer diagnoses this type of errors indirectly by generating a warning about conversion of the int type to the pointer.

3.28. Incorrect #ifdef..#else

Description:

3.29. Serialization errors (changes of type sizes, byte order changes)

Description:

3.30. Redirection errors (referring to WoW64)

Description:

3.31. Changes of program behavior when using overloaded functions

Description:

Summary

The Viva64 static analyzer included into PVS-Studio exceeds the capabilities of Visual C++ 2010 and Code Analysis for C/C++ component several times in detecting 64-bit defects. The analyzer can be used with the same efficiency both when developing new 64-bit projects and preparing 32-bit code for migration to a 64-bit system. The Viva64 analyzer also helps in estimating the cost of porting an application to a 64-bit system - this feature is described in "Lesson 28. Estimating the cost of 64-bit migration of C/C++ applications".

Popular related articles


Comments (0)

Next comments next comments
close comment form