Coverity tool
Walter Bright
newshound1 at digitalmars.com
Tue Feb 9 13:42:06 PST 2010
bearophile wrote:
> Regarding D code:
>
> - Use After Free: probably less common in D code, because
> dellocations are done by the GC.
> - Buffer Overflows: less common in D
> code because of array bound tests at runtime, and because some string
> operations/functions are safer.
@safe guarantees memory safety, so these are non-issues in D.
> - Type and Allocation Size Mismatch:
> malloc/calloc are not common in D code, and the usage of the new
> statement avoids many bugs of this class.
Using @safe makes these non-issues.
> - Unsafe Use of Returned
> error values: hopefully in all the code (but where high-performance
> code is necessary) D programmers use exceptions to denote error
> situations, avoiding some of this class of bugs.
As you say, exceptions solve these problems.
> - Resource Leak: in
> theory the GC can help a lot here. In practice the D GC is
> conservative, so it leaks by design.
It is a mistake to rely on the GC to free resources other than memory.
Properly, either RAII or scope guard statements should be used, as these
do not leak.
> - Uninitialized Values Read: D
> "solves" this problem initializing by default all variables. In
> practice probably some default-initialized values can cause troubles
> where a default initialization was not the right thing.
No analysis tool can help you if you initialize things to the wrong
value. That's very, very different from initializing things to GARBAGE
and then using those garbage values.
> - NULL Pointer Deference: this probably happens in D code, by default class
> references can be null.
We've certainly had long threads about this one. I'll just state that
turning on the optimizer will detect many cases of dereferencing null
pointers.
> You can probably find the following bugs in D code:
> - Use Before Test: here the bugs are in the code paths of the try-except.
Not sure what this means.
> - Unsafe Use of Returned NULL: the D2 type system doesn't help here.
Not sure what this means.
> - Unintentional Ignored Expressions
dmd already flags dead code.
More information about the Digitalmars-d
mailing list