Lints, Condate and bugs
Don
nospam at nospam.com
Thu Oct 28 05:30:27 PDT 2010
Walter Bright wrote:
> Looking at what the rule based analyzers do falls into predictable
> categories:
>
> 1. Memory allocation errors - failure to free, dangling pointers,
> redundant frees
>
> 2. Use of uninitialized data
>
> 3. Related to (1), failure to clean up properly after allocating some
> resource
>
> 4. Memory corruption, such as buffer overflows
>
> 5. Failure to do transaction cleanup properly in the event part of the
> transaction failed
>
> 6. Failure to deal with error returns
>
> 7. Null pointer dereferencing
>
> 8. Signed/unsigned mismatching
>
> Keep in mind that such tools can also produce large quantities of false
> positives, requiring ugly workarounds or causing the programmer to miss
> the real bugs. Keep in mind also that these tools are often way oversold
> - they catch a few kinds of bugs, but not logic errors. Over time, I've
> found my own coding bugs that such tools might catch get less and less
> rare. The bugs in my code are logic errors that no tool could catch.
With the bugs I've fixed in the DMD source, I've seen very many cases of
7, several cases of 2 and 6, and only one case of 8.
Many bugs are also caused by dangerous casts (where a pointer is cast
from one type to another).
But almost everything else been caused by a logic error.
I am certain that there are still many null pointer bugs in DMD.
More information about the Digitalmars-d
mailing list