Natalia Yastrebova 02.08.2010. What is Coverity? Each developer should answer to some very simple,...
7
Coverity and AliRoot: new story begins… Natalia Yastrebova 02.08.2010
-
Upload
augusta-kennedy -
Category
Documents
-
view
213 -
download
0
Transcript of Natalia Yastrebova 02.08.2010. What is Coverity? Each developer should answer to some very simple,...
Coverity and AliRoot: new story begins…
Natalia Yastrebova 02.08.2010
What is Coverity?
Each developer should answer to some very simple, yet difficult to answer questions:
• How do I find new defects introduced by changes?
• How do I know the severity of new defects? • How do I know the impact to my code, my
projects and my products? • How do I fix defects fast? • How do I know and how can I prove that the
defects were fixed?
How it works?
Checkers’ typesC checkers : memory leaks, stack corruptions, buffer overruns, use
after free, uninitialized variables, pointer memory allocation defects, unchecked dereferences of NULL return values, dereferences of NULL pointers, misuses of negative integers, inconsistencies in how function call return values are handled, functions that return a pointer to a local stack variable, and bounds-checking an integer after dangerous use.
C++ checkers: errors in overriding virtual functions, errors in deleting an array, uses of STL iterators that are either invalid or past-the-end, function parameters that are too large, and cases where a C++ exception is thrown and never caught.
Concurrency checkers: double and missing locks, incorrect lock ordering, and situations where blocking functions may cause locks to be held too long.
Security checkers: improper validation of tainted strings, strings that are not null-terminated, failing to size-check strings, failure to bounds-check strings, string overflows, buffer overflows, time-of-check-time-of-use errors , and use of insecure temporary file creation routines.
Current situation in AliRootHigh impact: 1184 issuesMedium impact: 1414Low impact: 1965
Best practice. DELETE_ARRAYWhatever created with new [] must be
destroyed with delete []Consider using std::vector instead of arrays
Dynamic arrays with automatic resizing & deleting No need to call delete [] at all – simplify the code Compatible with all STL & Boost algorithms
Easy to use and fully compatible with arraysExtremely efficient implementation
Copying and assignment of elements Duplication of vector
Best practice. USE_AFTER_FREEAssign zero to raw pointer after deletingConsider using smart pointers
std::auto_ptr, boost::shared_ptr, …Automatic memory managementDifferent ownership policiesEasy & SafeFully compatible with raw pointers
