Pour obtenir une clé
d'essai remplissez le formulaire ci-dessous
Demandez des tariffs
Nouvelle licence
Renouvellement de licence
--Sélectionnez la devise--
USD
EUR
RUB
* En cliquant sur ce bouton, vous acceptez notre politique de confidentialité

Free PVS-Studio license for Microsoft MVP specialists
To get the licence for your open-source project, please fill out this form
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

I am interested to try it on the platforms:
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
>
Experiment of Bug Detection in the Code…

Experiment of Bug Detection in the Code of C# Tizen Components

29 Jui 2017

Recently, my colleague Andrey Karpov asked me to find 3-4 bugs in one of the Tizen components, written in C#.He has also done the analysis of Tizen, searching for bugs in the C/C++ code and is now writing several articles on this topic.Inspired by his example, I did an experiment on finding bugs in C# components of Tizen.I should say that it was quite a successful venture, soon I will write a big article ob this topic, now I would like to share the results of a trial test.

0518_Tizen_Cs/image1.png

For a start, I decided not to do a complex in-depth analysis of the whole Tizen codebase, but chose just a couple of projects in C# that do not require much effort. The purpose of this experiment is to try to understand whether we need to work in this direction.

The result of such a superficial analysis showed that I managed to find several real bugs, which suggests that there is a lot of work for PVS-Studio here. In this article I will give just a short description of these errors, leaving a detailed examination of this question for the future.

According to my calculations, the Tizen code has 4 929 files of the source code with the extension cs, with about 691 000 lines of code. The source code is rather large and its full-fledged analysis will take some time. Later, by the results of this work, I will write a detailed article.

In the meantime, I will give a description of the three bugs, detected at this stage of work. For simplicity I will specify the name of the top-level folder in the hierarchy of Tizen projects, which has a file with an error.

xamarin-forms-tizen

PVS-Studio: V3001 There are identical sub-expressions 'RwWait' to the left and to the right of the '|' operator. Xamarin.Forms.Platform.WP8 SplitOrderedList.cs 458

struct SimpleRwLock
{
  const int RwWait = 1;
  const int RwWrite = 2;
  const int RwRead = 4;
  ....
  public void EnterReadLock()
  {
    var sw = new SpinWait();
    do
    {
      while ((_rwlock & (RwWrite | RwWait)) > 0)
        sw.SpinOnce();

      if ((Interlocked.Add(ref _rwlock, RwRead)
          & (RwWait | RwWait)) == 0)                // <=
        return;

      Interlocked.Add(ref _rwlock, -RwRead);
    } while (true);
  }
  ....
}

Perhaps, there is a typo in the condition of the if block, related to the fact that RwWait and RwWrite are spelled very similarly, which led to RwWait being mistakenly used twice. The condition in the while block above proves my suspicious, as the combination RwWrite | RwWait is used correctly there.

PVS-Studio: V3095 The 'type' object was used before it was verified against null. Check lines: 147, 149. Xamarin.Forms.Xaml ExpandMarkupsVisitor.cs 147

CWE-476 NULL Pointer Dereference

public class MarkupExpansionParser : 
  MarkupExpressionParser, IExpressionParser<INode>
{
  ....
  public INode Parse(....)
  {
    ....
    Type type;
    ....
    var xmltype = new XmlType(namespaceuri, type.Name, null); // <=
   
    if (type == null)
      throw new NotSupportedException();
    ....
  }
  ....
}

The variable type is first used to access type.Name and then it is verified against null. As a result, an exception NullReferenceException is possible.

csapi-location

PVS-Studio. V3110 Possible infinite recursion inside 'Timestamp' property. Tizen.Location Location.cs 186

CWE-674 Uncontrolled Recursion

public class Location
{
  ....
  internal int _timestamp;
  ....
  public DateTime Timestamp
  {
    get
    {
        return Interop.ConvertDateTime(_timestamp);
    }
    internal set
    {
        Timestamp = value;             // <=
    }
  }  
  ....
}

This code contains an error, inevitably resulting in the exhaustion of the stack (infinite recursion) upon the attempt to access the Timestamp property. At the same time there are no visible signs if a typo. The field _timestamp is very different from Timestamp, so it's not really likely that they were confused. Besides that, _timestamp has an int type, which makes it impossible to assign with the value of the DateTime type. It would requite type conversion, such as the one implemented in the get section. I think, only the author would be able to correct this error.

That's it for a start, I'll save the remaining errors for my big article.

What we can surely say is that PVS-Studio analyzer can be used not only to check the C and C++ code, but C# components as well.

Download and try PVS-Studio: http://www.viva64.com/en/pvs-studio/

Additional links:

Popular related articles
Sorting in C#: OrderBy.OrderBy or OrderBy.ThenBy? What's more effective and why?

Date: 20 Sep 2022

Author: Sergey Vasiliev

Suppose we need to sort the collection by multiple keys. In C#, we can do this with the help of OrderBy().OrderBy() or OrderBy().ThenBy(). But what is the difference between these calls? To answer th…
ML.NET: can Microsoft's machine learning be trusted?

Date: 08 Sep 2022

Author: Andrey Moskalev

In 2018, Microsoft created ML.NET, a machine learning framework for .NET developers. Since then, the machine learning library has undergone significant changes and acquired new features to identify p…
The risks of using vulnerable dependencies in your project, and how SCA helps manage them

Date: 06 Sep 2022

Author: Nikita Lipilin

Most applications today use third-party libraries. If such a library contains a vulnerability, an app that uses this library may also be vulnerable. But how can you identify such problematic dependen…
Build to order? Checking MSBuild for the second time

Date: 01 Sep 2022

Author: Nikita Panevin

MSBuild is a popular open-source build platform created by Microsoft. Developers all over the world use MSBuild. In 2016, we checked it for the first time and found several suspicious places. Can we …
The Orchard Core threequel. Rechecking the project with PVS-Studio

Date: 25 Aoû 2022

Author: Aleksey Avdeev

In this article, we check the Orchard Core project with the help of the PVS-Studio static analyzer. We are going to find out if the platform code is as good as the sites created on its basis. May the…

Comments (0)

Next comments
Unicorn with delicious cookie
Nous utilisons des cookies pour améliorer votre expérience de navigation. En savoir plus
Accepter