Category Archives: Code analysis

The Easy Ones – Three Bugs Hiding in the Open

Posted on August 30, 2020 by brucedawson

I write a lot about investigations into tricky bugs – CPU defects, kernel bugs, transient 4-GB memory allocations – but most bugs are not that esoteric. Sometimes tracking down a bug is as simple as paying attention to server dashboards, … Continue reading →

Posted in Bugs, Code analysis, Code Reliability, Debugging, Floating Point, Linux, Performance | Tagged coding values | 17 Comments

A Crash of Great Opportunity

Posted on September 24, 2014 by brucedawson

It was a fairly straightforward bug. A wide-character string function was called with a byte count instead of a character count, leading to a buffer overrun. After finding the problem the fix was as simple as changing sizeof to _countof. … Continue reading →

Posted in Code analysis, Code Reliability, Programming | Tagged crashes; static code analysis; preventative maintenance; black swan | 11 Comments

You Got Your Web Browser in my Compiler!

Posted on March 31, 2014 by brucedawson

I recently discovered that Microsoft’s VC++ compiler loads mshtml.dll – also known as Internet Explorer. The compiler does this whenever the /analyze option (requesting static code analysis) is used. I’m no compiler architecture expert, but a compiler that loads Internet … Continue reading →

Posted in Code analysis, Investigative Reporting, Performance, Visual Studio, xperf | Tagged carl sagan, nuclear testing, peanut butter, rhetoric | 84 Comments

Vote for the VC++ Improvements That Matter

Posted on September 9, 2013 by brucedawson

VS 2013 is almost done and VS 2014 is being planned and I’ve been pushing for the VC++ features/bug-fixes that matter most to me. I’ve come up with two requests that seem plausible and valuable. If you like them then … Continue reading →

Posted in Code analysis, Programming, Visual Studio | Tagged /analyze, VC++ 2014 | 10 Comments

Two Years (and Thousands of Bugs) of Static Analysis

Posted on June 24, 2013 by brucedawson

I’ve been running static code analysis on four large code bases for over two years now. After the initial work of looking through all of the warnings and fixing the serious bugs I put the projects into code analysis maintenance … Continue reading →

Posted in Code analysis, Code Reliability, Programming, Visual Studio | Tagged /analyze, clang, VC++, visual studio | 22 Comments

VC++ /analyze Bug Finder Bug Fixed

Posted on June 14, 2013 by brucedawson

Last October I wrote about a crashing bug in the /analyze feature of Microsoft’s VC++ compiler – a use-after-free in their annotation parser. It’s now fixed.

Posted in Code analysis, Code Reliability, Investigative Reporting, Visual Studio | Tagged /analyze, Application Verifier, compiler crashes, VC++ 2012, visual studio | 4 Comments

Another Bug in Your Bug (Finder): __offsetof

Posted on November 28, 2012 by brucedawson

Last month I posted about a crashing bug in Visual Studio 2012’s static code analysis feature. The irony was delicious. Yesterday I found another bug in the same feature. This one isn’t quite as dramatic, but I found it amusing, … Continue reading →

Posted in Code analysis, Code Reliability, Programming, Visual Studio | Tagged /analyze, sizeof, size_t, VC++, visual studio, __offsetof | 2 Comments

You’ve Got a Bug in Your Bug (Finder)

Posted on October 2, 2012 by brucedawson

All software has bugs, but there is something ironic about a crashing bug in the /analyze portion of Microsoft’s VC++ 2012 compiler. The investigation of this bug also shows yet another reason you should test your software using Microsoft’s Application … Continue reading →

Posted in Code analysis, Code Reliability, Investigative Reporting, Visual Studio | Tagged /analyze, Application Verifier, compiler crashes, VC++ 2012, visual studio | 8 Comments

Try /analyze for Free

Posted on October 15, 2011 by brucedawson

I’ve written a half-dozen posts on /analyze, but since it is only available in the super-ultimate-team-extreme-ultimate edition of Visual Studio this information is of purely theoretical value for many people. It turns out, however, that there are two three ways … Continue reading →

Posted in Code analysis, Code Reliability, Programming, Visual Studio | 10 Comments

/analyze–Command Line Options

Posted on October 4, 2011 by brucedawson

/analyze has a few command line options to control its behavior. However only one of them is actually documented. In this article I share what I’ve figured out about these options.

Posted in Code analysis, Code Reliability, Programming, Visual Studio | 8 Comments