Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Unix AI Bug Operating Systems Security BSD IT

PVS-Studio Analyzer Spots 40 Bugs In the FreeBSD Kernel 169

Andrey_Karpov writes: Svyatoslav Razmyslov from PVS-Studio Team published an article on the check of the FreeBSD kernel. PVS-Studio developers are known for analyzing various projects to show the abilities of their product, and do some advertisement, of course. Perhaps, this is one of the most acceptable and useful ways of promoting a proprietary application. They have already checked more than 200 projects and detected 9355 bugs. At least that's the number of bugs in the error base of their company.

So now it was FreeBSD kernel's turn. The source code was taken from GitHub 'master' branch. Svyatoslav states that PVS-Studio detected more than 1000 suspicious code fragments that are most likely bugs or inaccurate code. He described 40 of them in the article. The list of warnings was given to the FreeBSD developer team and they have already started editing the code.

A couple of words for programmers who are still not familiar with PVS-Studio. PVS-Studio is a tool for bug detection in the source code of programs, written in C, C++ and C#. It performs static code analysis and generates a report that helps a programmer find and fix the errors in the code. You can see a more detailed description of the tool on the company website and download a trial version.
This discussion has been archived. No new comments can be posted.

PVS-Studio Analyzer Spots 40 Bugs In the FreeBSD Kernel

Comments Filter:
  • you're looking at spending about $5k for the product, unless you are a large development team, cost benefit ratio is low
    • by gstoddart ( 321705 ) on Thursday February 18, 2016 @10:21PM (#51539317) Homepage

      You know, if you want "free" advertising by doing free code analysis against a piece of free software, publish your results openly, and give them the output to the project to actually use to improve that project ... you're bloody welcome to some free advertising.

      Depending on the software you write, and what you use it for ... $5k for a development tool isn't that crazy stupid.

      One with proven results against a known piece of software and which contributes to eliminate bugs in a provable way and gives those results freely to open source?

      Oh, hell yeah, bring on the free advertising for more companies like this. And hopefully people are thinking "holy crap, if they found over a 1000 questionable pieces in the FreeBSD kernel, imagine what they can do with my stuff".

      I say kudos to these guys, and any "free" advertising (beyond their time invested and the value of giving back to the FreeBSD project) is deservedly theirs.

      • Wow, I think that's the most positive post I've ever seen you write.
        • by gstoddart ( 321705 ) on Thursday February 18, 2016 @11:31PM (#51539547) Homepage

          LOL ... aww, that's sweet.

          So, yeah -- hate corporate douchebags and morons, can't fault anybody who gets product promotion by actually proving the product works and giving the results for free to a high profile bit of free software to make it better. Who knew?

          I don't hate the entire world, just huge swaths of it made up of assholes and idiots. The good bits still make me happy, but we seldom see those.

          Maybe it's a coherent outrage based on moral principles and reasoned thought? That, or the meds finally worked today, who knows.

          Slashdot posts plenty of things which require outrage -- this particular "Slashvertisement" is pretty much the exact opposite. It's showing you have something of value by proving it works, and contributing to something and making it better. If that leads to sales and revenue, best of luck.

          So, world -- "philanth-ver-tize" more, and grumpy, bitter old men might say "wow, that's awesome". Go ahead, I fucking dare you to give us a few things to be positive about. ;-)

          Cheers

        • This demonstrates the power of coffee.

          Coffee, making people out of assholes since the 1600's...

      • Re: (Score:3, Informative)

        by Anonymous Coward

        Depending on the software you write, and what you use it for ... $5k for a development tool isn't that crazy stupid.

        Agreed, it's not crazy stupid at all. In fact, I think it's pretty reasonable when you think about it.
        For comparison, I remember when JBuilder (the Java IDE) cost at least that much money _per seat_. And that was a long time ago.

        And on the advertising topic, this kind of advertising doesn't bother me at all. It's proving the product, factual, and relevant. What more can you ask for?

        • by arth1 ( 260657 ) on Thursday February 18, 2016 @11:26PM (#51539527) Homepage Journal

          And on the advertising topic, this kind of advertising doesn't bother me at all. It's proving the product, factual, and relevant. What more can you ask for?

          That it's not deceptive, but presents itself as advertising.
          Writing "They have already checked ..." when it's really "We have ..." is deliberately misleading, and I prefer honesty.

          Sure, new powers that be, bring on slashvertisements, as it can be useful, but mark them as such, and avoid astroturfing, with submissions pretending to be an enthused user.

          Honesty in advertising - I know, what a concept. But here, I think it would work better. The curmudgeon user base here likely prides itself on never getting to the once in "fool me once, shame on me", but discards anything that smells of deceptiveness or social engineering. Even in marketing.

      • They do share the results with the project they analyze. They specifically mention that in every one of these articles they write.

      • by DrXym ( 126579 ) on Friday February 19, 2016 @06:26AM (#51540475)
        I've spent a lot of time tracking down bugs which turn out to be stupid coding errors. e.g. one recent example was a piece of code doing a strcpy on a string into a tooltip struct without limiting the length. The copy overran the struct and caused heap corruption and a crash on exit. So the bug happened in one place, the crash happened somewhere else.

        I ran the VS2015 built-in code analysis tools, which didn't find the issue but did highlight some dubious looking code in other places which I fixed while I was at it. So there is merit in code analysis, even if it didn't help me in this instance. I eventually found the issue by plastering crt heap debug calls all over until I isolated the place where the corruption happened.

        And some code analysis tools have proven to be a total waste of time. I recall using Purify / Quantify in one workplace hoping to isolate a runtime issue where it put so much instrumentation over the code that it took 10x as long to build and ended up crashing for its own reasons. It wasted more of my time than it would have taken to fix the issue without its "help". In my experience the more expensive a development tool is, the more bugs and the less benefit it will bestow from its use - and if it's from IBM then it will be massively expensive and bestow zero benefit.

      • Only $5k? I wish I could buy development tools for my workflow for that cheap.

      • That's about how I look at it. Anyone can download the list of the things that the tool found and see for themselves what kinds of issues it was uncovering - the things that it is finding are certainly valid concerns.

        What I find interesting about what it did find is that some of the issues are looking at the code formatting as an indication of what was intended, and it is flagging things that seem suspicious and/or inconsistent. Just using a normal compiler isn't going to catch these sorts of things since

      • "Depending on the software you write, and what you use it for ... $5k for a development tool isn't that crazy stupid."

        I work in a space lab. Spending this kind of money is easily justified on the basis that projects are either long-lived (20+ years) and/or software updates are often difficult (stuff that goes in a spacecraft is hard to do field calls on), so making sure stuff is well written in the first instance saves more than that in the long term.

        Perhaps PVS should offer their services to Toyota.

    • you're looking at spending about $5k for the product, unless you are a large development team, cost benefit ratio is low

      Why? One month of developer time is one month of developer time regardless of the size of the team. Either the product saves that much or more or it does not. If it does it is worthwhile.

      As for whether a developer can afford the cost that again is not the function of the team size, rather the popularity of the dev team's product, the number of users. With a sufficiently sized market the revenue or donations would cover the cost regardless of the size of the team.

    • It's not even obviously $5K, in a field (source code analysis) that's notorious for high prices and opaque pricing practices, PVS is one of the worst offenders, Try finding out what it'd cost to get a long-term license for use by an open-source project of the kind they analyse and publish articles on. I mean an actual hard figure, not a wooly estimate taken from some vague terms on a web page.
    • by drolli ( 522659 )

      $5K =~ 25-50developer hours.

      All SW i work with is either free or costs more than 5K per seat. (I think that the SW licenses used by me should account to about $10k-$20k/year)

      If i believe that a tool licensed for as little as $5k helps me in doing my job (and the job of colleagues) more efficiently, the money usually is not the problem.

    • It all depends how many people rely on the product, and how important it is to them. If it's a piece of avionics that keeps thousands of airliners flying safely, I'd suggest that $5k is not a lot. In such a case, $5 billion would be money well spent if it made the product significantly safer and more reliable.

      Please remember, too, that to many corporate executives $5k is - quite literally - lunch money. Or at least the cost of a good dinner with some "decent" wine.

  • How many static code analyzers do we need? It must be really boring in Russia.
    • Static analysis development is an opportunity for us to achieve some success in life. It isn't very interesing just to do outsource work, as we want something more. It feels that we are getting there. :)
      • There are lots of other projects to work on that will give you more success than static code analyzers. The market is saturated with those, and many of them are free.
  • by ilikenwf ( 1139495 ) on Thursday February 18, 2016 @10:28PM (#51539347)
    It seems like every time they do this for promotion they just claim everything as a "bug" without really individually investigating and reporting all of them, taking only some obviously wrong ones and then lumping the whole report onto the project's bug tracker, if we're lucky.

    PVS Studio is a great application but since they only do team licensing "1-9 developers" I can't see the benefit in buying it, just like IDA Pro. I'm an open source only dev in the C/C++/C# world, all my profitable work is in other languages...

    I'd gladly pay a REASONABLE price for all these tools if they'd not only provide proper Linux versions (PVS studio only ever had an internal Linux version...in projects with Linux and Windows specific code it is difficult if not impossible to analyze the Linux parts) but so far since it seems like the real benefit to open source teams who can't afford this software (that is windows only anyway, mostly) is extremely low despite it's utility otherwise.
    • by ThorGod ( 456163 )

      It's pretty clearly just a marketing strategy if they're not giving teams access to their tools and their reports.

      • Yeah, which sucks. People would be more interested if they'd at least provide the xml exports from their tools.

        Not to mention licensing in a way that makes people able to afford and/or use the software for open source and free software - part of their analyzer uses clang, the least they could do is actually contribute toward that project and the ones that they "analyze."
  • by fahrbot-bot ( 874524 ) on Thursday February 18, 2016 @11:05PM (#51539471)

    PVS-Studio detected more than 1000 suspicious code fragments that are most likely bugs or inaccurate code.

    /*NOTREACHED*/

  • None of the thirty checks that I just read about it are checks for bugs. They are all checks for untested code.

    Every one of those "problems" -- and they are almost all simple mis-types -- are easily spotted by the very first time the developer tests that line of code.

    Ultimately, I'm sure it's a very valuable tool for a company with developers who never test the code that they write.

    On the other hand, since I test every line of code that I write, often as I'm writing it, it can't possibly test the bugs that

  • by Merovign ( 557032 ) on Thursday February 18, 2016 @11:58PM (#51539629)

    Somebody get this to Bethesda, stat!

  • A big code fragment was copied, but later no changes were made.

    Or perhaps during debugging, it was copied, experimental changes were made on one execution path (perhaps just a debug statement), then it was decided the changes weren't all that helpful, and the changes were deleted again, leaving both blocks identical (considered mostly harmless, but ought to have a comment if deliberately left that way).

    • by ledow ( 319597 )

      Then at minimum you'd expect removal of the check (not a comment), or a history of patches which indicate that it was actually a deliberate omission after testing.

  • The submitter, Andrey Karpov, is one of the developers of PVS-Studio. The article he's plugging was written by yet another PVS-Studio developer. I wouldn't be in the least surprised if this got voted to the front page by an army of PVS-Studio sockpuppets. They've been doing the same thing on Wikipedia for years (though their site was long ago put on a Wikimedia-wide spam blacklist), and also post similar spamvertisements, masquerading as "bug reports", to the issue trackers of prominent free software pro
    • Re: (Score:3, Interesting)

      You may just say - hey this is me, psychonaut, I've banned viva64 on Wikipedia. Praise me for that. Because of me you won't see links to really helpful material on viva64.

      For example, it's really not necessary for those who are interested in Precompiled header [wikipedia.org] to know that there is a super useful article StdAfx.h [viva64.com]. Burn it all! :)

      • I had nothing to do with your websites getting blacklisted from Wikipedia. The administrators in the anti-spam brigade did that back in 2008 [wikipedia.org].
    • You call it "spam", yet every single article from PVS that I've seen anywhere always points out actual code defects in real world projects.

  • Please do linux, glibc, openssl, MariaDB, PostgreSQL, httpd, nginx, Chrome, Firefox, python, ruby and gcc next. Thanks.
  • Because these two blocks of code are not the same (spot the difference). Here is block 1:

    static int
    qla_tx_tso(qla_host_t *ha, struct mbuf *mp, ....)
    {
    ....
    if ((*tcp_opt != 0x01) || (*(tcp_opt + 1) != 0x01) ||
    (*(tcp_opt + 2) != 0x08) || (*(tcp_opt + 2) != 10)) { // <=
    return -1;
    }
    ....
    }

    Here is block 2:

    static int
    qla_tx_tso(qla_host_t *ha, struct mbuf *mp, ....)
    {
    ....
    if ((*tcp_opt != 0x01) || (*(tcp_opt + 1) != 0x01) ||
    (*(tcp_opt + 2) != 0x08) || (*(tcp_opt + 3) != 10)) {
    return -1;
    }
    ....
    }

    P.S

If it wasn't for Newton, we wouldn't have to eat bruised apples.

Working...