To get a trial key
fill out the form below
Team License (a basic version)
Enterprise License (extended version)
* By clicking this button you agree to our Privacy Policy statement

Request our prices
New License
License Renewal
--Select currency--
USD
EUR
GBP
RUB
* By clicking this button you agree to our Privacy Policy statement

Free PVS-Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
>
Experiment of Bug Detection in the Code…

Experiment of Bug Detection in the Code of C# Tizen Components

Jun 29 2017

Recently, my colleague Andrey Karpov asked me to find 3-4 bugs in one of the Tizen components, written in C#.He has also done the analysis of Tizen, searching for bugs in the C/C++ code and is now writing several articles on this topic.Inspired by his example, I did an experiment on finding bugs in C# components of Tizen.I should say that it was quite a successful venture, soon I will write a big article ob this topic, now I would like to share the results of a trial test.

0518_Tizen_Cs/image1.png

For a start, I decided not to do a complex in-depth analysis of the whole Tizen codebase, but chose just a couple of projects in C# that do not require much effort. The purpose of this experiment is to try to understand whether we need to work in this direction.

The result of such a superficial analysis showed that I managed to find several real bugs, which suggests that there is a lot of work for PVS-Studio here. In this article I will give just a short description of these errors, leaving a detailed examination of this question for the future.

According to my calculations, the Tizen code has 4 929 files of the source code with the extension cs, with about 691 000 lines of code. The source code is rather large and its full-fledged analysis will take some time. Later, by the results of this work, I will write a detailed article.

In the meantime, I will give a description of the three bugs, detected at this stage of work. For simplicity I will specify the name of the top-level folder in the hierarchy of Tizen projects, which has a file with an error.

xamarin-forms-tizen

PVS-Studio: V3001 There are identical sub-expressions 'RwWait' to the left and to the right of the '|' operator. Xamarin.Forms.Platform.WP8 SplitOrderedList.cs 458

struct SimpleRwLock
{
  const int RwWait = 1;
  const int RwWrite = 2;
  const int RwRead = 4;
  ....
  public void EnterReadLock()
  {
    var sw = new SpinWait();
    do
    {
      while ((_rwlock & (RwWrite | RwWait)) > 0)
        sw.SpinOnce();

      if ((Interlocked.Add(ref _rwlock, RwRead)
          & (RwWait | RwWait)) == 0)                // <=
        return;

      Interlocked.Add(ref _rwlock, -RwRead);
    } while (true);
  }
  ....
}

Perhaps, there is a typo in the condition of the if block, related to the fact that RwWait and RwWrite are spelled very similarly, which led to RwWait being mistakenly used twice. The condition in the while block above proves my suspicious, as the combination RwWrite | RwWait is used correctly there.

PVS-Studio: V3095 The 'type' object was used before it was verified against null. Check lines: 147, 149. Xamarin.Forms.Xaml ExpandMarkupsVisitor.cs 147

CWE-476 NULL Pointer Dereference

public class MarkupExpansionParser : 
  MarkupExpressionParser, IExpressionParser<INode>
{
  ....
  public INode Parse(....)
  {
    ....
    Type type;
    ....
    var xmltype = new XmlType(namespaceuri, type.Name, null); // <=
   
    if (type == null)
      throw new NotSupportedException();
    ....
  }
  ....
}

The variable type is first used to access type.Name and then it is verified against null. As a result, an exception NullReferenceException is possible.

csapi-location

PVS-Studio. V3110 Possible infinite recursion inside 'Timestamp' property. Tizen.Location Location.cs 186

CWE-674 Uncontrolled Recursion

public class Location
{
  ....
  internal int _timestamp;
  ....
  public DateTime Timestamp
  {
    get
    {
        return Interop.ConvertDateTime(_timestamp);
    }
    internal set
    {
        Timestamp = value;             // <=
    }
  }  
  ....
}

This code contains an error, inevitably resulting in the exhaustion of the stack (infinite recursion) upon the attempt to access the Timestamp property. At the same time there are no visible signs if a typo. The field _timestamp is very different from Timestamp, so it's not really likely that they were confused. Besides that, _timestamp has an int type, which makes it impossible to assign with the value of the DateTime type. It would requite type conversion, such as the one implemented in the get section. I think, only the author would be able to correct this error.

That's it for a start, I'll save the remaining errors for my big article.

What we can surely say is that PVS-Studio analyzer can be used not only to check the C and C++ code, but C# components as well.

Download and try PVS-Studio: /en/pvs-studio/

Additional links:

Popular related articles
The way static analyzers fight against false positives, and why they do it

Date: Mar 20 2017

Author: Andrey Karpov

In my previous article I wrote that I don't like the approach of evaluating the efficiency of static analyzers with the help of synthetic tests. In that article, I give the example of a code fragment…
The Last Line Effect

Date: May 31 2014

Author: Andrey Karpov

I have studied many errors caused by the use of the Copy-Paste method, and can assure you that programmers most often tend to make mistakes in the last fragment of a homogeneous code block. I have ne…
PVS-Studio ROI

Date: Jan 30 2019

Author: Andrey Karpov

Occasionally, we're asked a question, what monetary value the company will receive from using PVS-Studio. We decided to draw up a response in the form of an article and provide tables, which will sho…
Technologies used in the PVS-Studio code analyzer for finding bugs and potential vulnerabilities

Date: Nov 21 2018

Author: Andrey Karpov

A brief description of technologies used in the PVS-Studio tool, which let us effectively detect a large number of error patterns and potential vulnerabilities. The article describes the implementati…
Appreciate Static Code Analysis!

Date: Oct 16 2017

Author: Andrey Karpov

I am really astonished by the capabilities of static code analysis even though I am one of the developers of PVS-Studio analyzer myself. The tool surprised me the other day as it turned out to be sma…
Free PVS-Studio for those who develops open source projects

Date: Dec 22 2018

Author: Andrey Karpov

On the New 2019 year's eve, a PVS-Studio team decided to make a nice gift for all contributors of open-source projects hosted on GitHub, GitLab or Bitbucket. They are given free usage of PVS-Studio s…
PVS-Studio for Java

Date: Jan 17 2019

Author: Andrey Karpov

In the seventh version of the PVS-Studio static analyzer, we added support of the Java language. It's time for a brief story of how we've started making support of the Java language, how far we've co…
The Ultimate Question of Programming, Refactoring, and Everything

Date: Apr 14 2016

Author: Andrey Karpov

Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The au…
The Evil within the Comparison Functions

Date: May 19 2017

Author: Andrey Karpov

Perhaps, readers remember my article titled "Last line effect". It describes a pattern I've once noticed: in most cases programmers make an error in the last line of similar text blocks. Now I want t…
Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, 10-15% of False Positives

Date: Jul 31 2017

Author: Andrey Karpov

After I wrote quite a big article about the analysis of the Tizen OS code, I received a large number of questions concerning the percentage of false positives and the density of errors (how many erro…

Comments (0)

Next comments
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept