I am really astonished by the capabilities of static code analysis. The tool surprised me the other day as it turned out to be smarter and more attentive than I am. I found I must be careful when working with static analysis tools. Code reported by the analyzer often looks fine and I'm tempted to discard the warning as a false positive and move on. I fell into this trap and failed to spot bugs...Even I, one of the PVS-Studio developers.
So, appreciate and use static code analyzers! They will help save your time and nerve cells.
[Ed note: I debated running this story as there was an element of self-promotion (aka Bin Spam), but the submitter has been with the site for a while and has posted informative comments. Besides, I know there have been far too many times when I've seen a compiler complain about some section of my code and I'm thinking there is nothing wrong with it — and then I, finally, see my mistake. Anyone have samples of code where you just knew the compiler or static analyzer was wrong, only to find out otherwise? --martyb]
(Score: 4, Insightful) by maxwell demon on Monday October 23 2017, @07:07AM (19 children)
The second bug it found was caused by the following definition in a header file:
I hope they immediately fired the programmer who wrote that atrocity (no, I don't mean the obvious typo; even after correcting that, it's just wrong in so many ways).
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by ledow on Monday October 23 2017, @07:12AM (1 child)
What kind of IDE doesn't distinguish between macros and proper functions anyway?
I know Eclipse CDT highlights one in purple, one in grey, and a grey "sprintf" would flag straightaway to me.
(Score: 0) by Anonymous Coward on Monday October 23 2017, @11:38PM
notepad.exe
(Score: 1, Funny) by Anonymous Coward on Monday October 23 2017, @08:47AM
Well, at least he included the std namespace, instead of adding "using namespace std".
(Score: 2, Informative) by Andrey_Karpov on Monday October 23 2017, @09:27AM (3 children)
I don't think so. :) Source: https://github.com/StarEngine/engine/blob/develop/src/definesTypes.h [github.com]
(Score: 3, Insightful) by TheRaven on Monday October 23 2017, @11:43AM
sudo mod me up
(Score: 2) by coolgopher on Monday October 23 2017, @12:40PM
Omfg just no! Noooooooooooooo!
(Score: 2) by forkazoo on Tuesday October 24 2017, @01:05AM
Can someone help me figure out the correct git command for creating a pull request that will murder the author?
(Score: 5, Insightful) by microtodd on Monday October 23 2017, @12:24PM (7 children)
Offtopic, but:
I see this A LOT. Someone makes a mistake, or displays their inexperience or, to sound touchy-feely, an "opportunity to learn", and everyone's response is "fire him!". Its like, no one has any tolerance for mistakes, brain farts, or anything.
You know what? I've made mistakes. And I don't just mean "oops, I just ran rm -rf /"* (although I've done that too). I've done things that, in retrospect, were bad decisions. Hopefully, I've learned from them and gotten better.
Now I'm in management and leadership roles, and I try to take the same attitude. You can make mistakes, but you need to learn from them and get better. You can make bad/questionable decisions, but you'd better be humble enough to accept criticism and improve yourself. I've found if you are willing to coach people in this way, you can build an awesome team of superstars.
So let's take the example above. Explain why its a bad idea, make sure the dev understands it, and I don't just mean "never do this again" but "This is why doing this type of thing is a bad idea...how can we apply that to everything else as well?" You've just now made that dev a little bit better.
* If you ever run "rm -rf $foo/$bar", make damn sure $foo and $bar aren't zero-length strings.
(Score: 0) by Anonymous Coward on Monday October 23 2017, @02:51PM (3 children)
Do you let inexperienced programmers check code into production without an experienced programmer first having a look on it?
But hey, maybe showing this line of code and asking about everything that's wrong with it would make a good job interview question. :-)
(Score: 5, Interesting) by fyngyrz on Monday October 23 2017, @04:27PM (1 child)
Mistakes don't just come about due to inexperience. There are whole rafts of typos that are valid code, but will break stuff. There are mistakes in recall about side effects. There are misunderstandings of documentation.
I pulled a whammy the other day, after not looking at objective c for some time, I went in to do something that should have been fairly easy, got a message from the compiler, completely misunderstood what it meant, and got myself into a hole it took two hours to dig out of plus posted a sadly clueless question on stack overflow for which I got snarked fairly hard, predictably. And I probably have more programming (and hardware) experience than most - about 45 years worth. Once I wrapped my head around what had happened, of course, no problem. But I did make the error.
As the GP stated, we all screw up now and then. Best not to dive into a well of hubris, lest one drown in it some fine day.
(Score: 2) by maxwell demon on Monday October 23 2017, @11:12PM
That line is not just a typo; the typo in it is the only thing in it that is excusable. It definitely is neither a mistake in side effects, nor a misunderstanding of documentation. It violate a whole range of rules which every C++ programmer should know by heart. And those are not violated by accident.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by driverless on Tuesday October 24 2017, @07:40AM
Uhh, that's the open source model, isn't it?
Or is it just the OpenSSL model?
(Score: 2) by riT-k0MA on Monday October 23 2017, @06:32PM
This is one reason I really like the company I work for. They expect people to make mistakes. They're almost happy about it, just so long as one doesn't make the same mistake twice.
(Score: 2, Insightful) by Anonymous Coward on Monday October 23 2017, @09:17PM
To add to what you said.
I have been doing this sort of thing for 25+ years now. I have written that exact same code. Why would I do that? Because the SDK/CRT does not have the newer code in it. Yet I need the newer code to run on the older platform. Guess what I have 0 power to change in that case. There is no newer compiler for a version because it is some rando thing the management decided to code against. Usually against my advise. So I make due and try to guard around it. But 'the customer wants it tomorrow' you make due...
Perhaps the dude had a reason to do it? A comment would have helped. Even a 'the compiler is yelling about this' would have at least pointed people in the right direction at some point.
I personally think the annoying ones are the ones who are forced to use these static tools then ignore the errors spamming out of them. The tools are trying to tell you something yet you are too hard headed to accept that your code has some serious flaws. I have used many of these sorts of tools both static and dynamic. In my years of using them I have found maybe 1 or 2 false positives. Even those I doubt were wrong and I had a misunderstanding on how something worked. Almost every time they are right. You are either doing something shady, unclear, or wrong. The only time they go sideways is if you 'hide' a pointer by use of void type casting. Which is just a bad pattern to use anyway. Just because the language and compiler allows you to do something does not mean it is right or correct. I treat every error out of these tools as something to investigate. I either learn something or find a real bug. Usually that bug has been cut and pasted across the whole codebase. Because the original has a misunderstanding of how something works.
(Score: 4, Interesting) by JoeMerchant on Monday October 23 2017, @09:33PM
Common anecdote from whatever big organization: engineer (of whatever variety) makes a hugely costly mistake, clearly stemming from a bad call on his part, costs the company more than he will earn in several lifetimes. Manager pulls him in afterwards, engineer says: "I'm fired, right?" Manager makes whatever joke and asks: "You know what you did wrong?" "Yes." "You know how to avoid doing that in the future?" "Yes." "Well, then, you've just learned a very valuable lesson, one that anyone who replaces you won't appreciate the way you do. You're not fired, you've just received extremely valuable training."
🌻🌻 [google.com]
(Score: 2) by Azuma Hazuki on Monday October 23 2017, @04:39PM (2 children)
I am not a C++ programmer, but...does that do what i think it does? Which is basically say "Hey when the code calls the secure version of printf() substitute the old insecure one?" That's not just a paddlin', that's "getting stuck in a jail cell for a year with no electronic devices except a speak'n'spell."
I am "that girl" your mother warned you about...
(Score: 4, Informative) by maxwell demon on Monday October 23 2017, @11:18PM (1 child)
No, the "s" in "sprintf" does not stand for "secure", but for "string". Basically it is a version of printf that doesn't output its arguments after formatting, but writes them into a string (actually, character array) instead.
The secure version of sprintf is snprintf.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by turgid on Tuesday October 24 2017, @07:30PM
And nowadays we also have asprintf if you like to leak memory inadvertently.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 0) by Anonymous Coward on Monday October 23 2017, @05:28PM
just to make sure: this would be the type of situation when "using namespace std;" would be adequate, right?
(Score: -1, Troll) by aristarchus on Monday October 23 2017, @07:21AM (35 children)
Yes, I was thinking that Nazism and Racism, and White Supremacism where just wrong, morally, ethically, historically wrong. But then The Mighty Buzzard said I should listen to the alt-right, give them a hearing, let them exercise their right to free speech. So I did, but then I realized that they were just fulcking stupid under-educated MRA's with nothing to go on other than their "White Privilege": Oh, you fuckwads, we will replace you. In fact, we already have. So, in this one case, I was right. Nazi's suck, and need to be punched in the face, for starters.
(Score: 1, Interesting) by Anonymous Coward on Monday October 23 2017, @07:49AM (18 children)
U all right? Looks like your ideation goes less diverse and more obsessive by the day.
(Score: 0, Troll) by aristarchus on Monday October 23 2017, @08:07AM (17 children)
I'm fine. And you will be, too. Just follow the logic! If your logic is incorrect, the compiler will call you out on that. Logic gates do not lie. So if you think that the compiler is full of shit, well, it has nothing to loose, and you do. This is the point of the OP.
Now I was aiming at an analogy, not at all involving cars, that if TMB suggests that I am wrong, I should consider that possibility, much as if your compiler suggest you are full of shit, you should reconsider your coding chops: But the analogy breaks down. Nazis are just wrong, their logic is not that at all, it is hate, and ignorance, and if this is what the Mevrovingian Buzzard is suggesting we listen to, well, there is no logic in the world that could justify us doing so, and even if we do do so, well, their compiler is not compiling at all. In fact, I strongly suspect that TMB is compiling Boobies, and nothing but boobies. Sucks to have been bottle feed at such an early age.
(Score: 4, Insightful) by The Mighty Buzzard on Monday October 23 2017, @10:43AM (9 children)
Let's use your analogy then. I'm not saying you should agree with all the compiler warnings. I'm saying it's moronic beyond belief to turn them off.
My rights don't end where your fear begins.
(Score: 0, Informative) by Anonymous Coward on Monday October 23 2017, @01:57PM (5 children)
Nah, I think you're a secret little fascist hiding behind "libertarian" ideas. Your behavior fits that of the alt-right, equivocate and outright lie/troll. Pretend to be clueless, pull in some suckers, then use horribly bad logic to spread shitty world views.
(Score: 2, Insightful) by The Mighty Buzzard on Monday October 23 2017, @03:34PM (4 children)
Actions speak louder than words, so they say. Check mine. Spam aside, you'll find me standing for free speech every time it's in question. That the regressive left are the only ones calling for the speech policing does not make me any flavor of "right". It just makes you the fascists you claim to oppose.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Saturday October 28 2017, @07:43AM (3 children)
the regressive left are the only ones calling for the speech policing
[02:22:05] Bytram, Fnord666: you gotta be shitting me with the aristarchus sub
[02:25:35] how in the fuck did we decide to run a blatant hatchet piece by the NYT, subbed by aristarchus with his own smarmy bullshit thrown in to boot?
[02:30:44] we're seriously going to let dipshit paint half the country with his nazi brush?
[02:32:12] fuck's sake. there are less than a hundred thousand white supremacists in the entire country of 350+ million. this is some shit i'd expect slate to run not us.
[02:57:05] -!- TheMightyBuzzard has quit [Quit: Leaving]
[02:57:48] -!- TheMightyBuzzard [TheMightyBuzzard!~TheMighty@Soylent/Staff/Developer/TMB] has joined #editorial
(Score: 2) by The Mighty Buzzard on Saturday October 28 2017, @10:13AM (2 children)
And? You believe getting whatever you submit on the front page is an entitlement now, eh?
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Saturday October 28 2017, @12:45PM (1 child)
While The Mighty Buzzard denounces speech policing, TheMightyBuzzard indulges in it. One insists he's not an editor; the other pressures the editors concerning which stories to run.
(Score: 3, Insightful) by The Mighty Buzzard on Saturday October 28 2017, @11:07PM
There's a difference between being able to speak your mind and spray painting dicks all over someone's house.
My rights don't end where your fear begins.
(Score: 3, Insightful) by JoeMerchant on Monday October 23 2017, @09:36PM (2 children)
I'm a believer in zero-warning compiles for release code. It doesn't solve every problem, but in my own code I see compiler warnings catching multiple bugs per year that would otherwise be getting by. On the other hand, there are some warnings in some situations that just don't mean anything valuable and can be turned off, in fact are better turned off, so as not to distract from the real warnings that mean something, and also to save the programmers from unreasonable syntactic gymnastics just to shut them up.
🌻🌻 [google.com]
(Score: 3, Insightful) by The Mighty Buzzard on Monday October 23 2017, @11:05PM (1 child)
To each their own. What you call "unreasonable syntactic gymnastics" could just as well be called "doing things properly so you don't make a noobass mistake" though. Like with speech, every time you refuse to listen you eliminate the chance of finding out you're wrong and being able to correct yourself.
My rights don't end where your fear begins.
(Score: 2) by JoeMerchant on Monday October 23 2017, @11:52PM
I'm o.k. with (void) casting unused variables and similar simple things, but some of the signed/unsigned warnings and other more esoteric type casting stuff can get pretty crazy looking to "do it right" when the simple, warned, code is very straightforward to read and understand.
🌻🌻 [google.com]
(Score: 2, Insightful) by Anonymous Coward on Monday October 23 2017, @02:54PM
Wrong. Logic errors are exactly the type of errors the compiler is unlikely to tell you about. If you are lucky, your test suite catches them.
(Score: 0, Interesting) by Anonymous Coward on Monday October 23 2017, @03:15PM (5 children)
I'm not sure about your compiler, but your interpreter is totally messed up. TMB doesn't suggest you listen to Nazi haters, only that you shall not silence them. You are perfectly free to turn your back and change the channel. The tuner is also called a discriminator. Everybody has one. Always do the filtering at your end.
And really, your cheap shots are so offtopic. I would mod it as such, but I don't like to downmod people. And besides, I think you're just trash talkin' to your buddies, having a bit o' fun, drawin' flies to your steaming heap. And by no means am I complaining. A bit of levity goes a long way in this sad world.
(Score: 0) by Anonymous Coward on Monday October 23 2017, @04:14PM (3 children)
What's a "tuner"?
(Score: 3, Touché) by maxwell demon on Monday October 23 2017, @11:24PM
A misspelled big fish. :-)
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Tuesday October 24 2017, @02:32AM (1 child)
My god! Was radio that long ago?
But I was mistaken. The discriminator (demodulator) is after the tuner.
(Score: 0) by Anonymous Coward on Tuesday October 24 2017, @04:34AM
And you blame Millennials, when truly, Grandpa, it is your own memory that fails you! Do you remember when blacks knew their place? Do you remember when America was a White nation, with a White President, and a White House with a White Dog? And now all we have is an Orange President, with some ex-Commie Bimbo first Lady, and no dog! Why does the president not have a dog? So, yeah, Nazis are totally cool now, until someone threatens to "punch them in the face!" [youtu.be]
Take it off, white boy, take it off!
(Score: 2, Informative) by Anonymous Coward on Monday October 23 2017, @11:32PM
The folks in Boston had the right idea: Outnumber them.
They did so 40,000:50.
The Boston cops felt it was necessary to escort the skinheads out of the area.
Less dramatic results in Frisco, Berkeley, and Chicago back in August, but always well over 10:1 ratios.
At the appearance of white supremacist Richard Spencer at the University of Florida on October 19, the Neo-Nazis screened out people at the door (e.g. people wearing protest T-shirts or with a lawyer's phone number written on their arms).
They ended up with only 456 of the 700 seats occupied. [wsws.org]
Following the event, Spencer supporters directed gunfire into a crowd.
No one was hit.
2 of the perps are being held pending a $1M bond and the shooter is being held on a $3M bond.
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by JoeMerchant on Monday October 23 2017, @09:40PM (1 child)
I met a kein faschist in 1990, that was his statement about the Neo Nazis then (27 years ago) "when you see a skinhead, you must punch them in the face."
So, while I agree that skinheads were (still are?) needlessly violent idiots, punching them in the face on sight doesn't seem to be accomplishing the goal of reducing violence and prejudice in the world.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Monday October 23 2017, @11:45PM
s/faschist/fascist
(No spellchecker?)
punching them in the face on sight doesn't seem to be accomplishing the goal of reducing violence and prejudice in the world
Not so long ago, I read an article that said protests are counter-productive, giving them a higher profile and bolstering their recruitment efforts.
...but it must give a warm feeling inside when you e.g. dump feces on them and the Reactionary forces who would protect them. [google.com]
-- OriginalOwner_ [soylentnews.org]
(Score: 1, Offtopic) by Runaway1956 on Wednesday October 25 2017, @01:17AM (13 children)
Aristarchus sole purpose in this post is trolling - and moderators are insane enough to give him "insightful" mods? Some of you don't even want to appear to be rational, do you? Everyone should read the above post again. It is nothing more, and nothing less, than a personal attack on another member.
(Score: 3, Insightful) by aristarchus on Wednesday October 25 2017, @01:32AM (5 children)
Really? Which one? And you are hardly the one to complain, mod-bombing Hillbilly of Narcissus!!
(Score: 0, Troll) by Runaway1956 on Wednesday October 25 2017, @01:46AM (4 children)
There are so many, that you can't keep track of them? You have your select group, whom you attack, incessantly, while adding nothing of meaning to the conversation. And, your current post, to which I am replying epitomizes your conduct. It is you who is the tarbaby, you racist. All of "progressive" America attacks a non-progressive for using the term, but you can use it? You're not even black - check your own privileges.
(Score: 3, Insightful) by aristarchus on Wednesday October 25 2017, @02:03AM (3 children)
I am curious, Runaway. What makes you think I am not black? Is this like all those other things you "know"?
(Score: 1, Flamebait) by Runaway1956 on Wednesday October 25 2017, @02:21AM (2 children)
You have clearly stated on multiple occasions that you are ethnically Greek. Since when are Greeks black? Is that something like the Black Dutch? http://blackdutch1.webs.com/ [webs.com] Because you're progressive, you can just appropriate whatever culture you wish to appropriate?
Or, are you now admitting that you are a liar, and that you are no more Greek than Nelson Mandela?
(Score: -1, Troll) by Anonymous Coward on Wednesday October 25 2017, @02:34AM (1 child)
Just give it up, Runaway1956. The Aristarchus creature believes that everyone who is not an Aristarchus is an idiot. He has no need to remember his professed ethnicity, or even his personae, because he needs not explain or justify anything. That sort of thing happens to people who believe that they are demigods, heroes, and legends.
(Score: 2, Troll) by aristarchus on Wednesday October 25 2017, @04:26AM
Or even just progressive people on the internets, trolling the Arkansaws Archie Bunkers of the world. I just want to know what Runaway really, actually believes! I suspect he doesn't know. He has been so wrong about so much before.
(Score: -1, Redundant) by Anonymous Coward on Wednesday October 25 2017, @01:38AM
Easy, man. Those moderators know that they are morally and ethically corrupt. They don't care, and you won't change their minds.
(Score: 0) by Anonymous Coward on Wednesday October 25 2017, @02:58AM
Keep in mind, that everyone on this forum can teach you something. Some, such as Aristarchus, teach how contemptible man can be. But everyone has something to teach.
(Score: 0) by Anonymous Coward on Wednesday October 25 2017, @09:09AM (4 children)
Thing is see Aristarchus gets mod bombed down to oblivion for many of his most insightful and informative posts because they touch the odd nerve or two with the alt-wrong contingent. Karma works in mysterious ways. That's why he gets modded back up in apparently strange places. The universe is funny like that.
(Score: 0) by Anonymous Coward on Wednesday October 25 2017, @01:33PM (3 children)
Negative. Aristarchus got modded to oblivion when he flirted with those "spam" moderations. His posts get him modded up and down, but he managed to stay out of oblivion until he played games with spam. When he did get way down there, near oblivion, he whined, cried, and appealed to the soft hearted to "rescue" him. And, some responded that they would mod him up even for stupid posts, because they felt sorry for him.
Please, try to get your facts straight.
(Score: 1, Informative) by Anonymous Coward on Wednesday October 25 2017, @08:36PM (2 children)
-1 must try harder.
Aristarchus and others were getting mod bombed to oblivion well before the spam mod gate. That was the culmination of it.
Andy Hamilton was on Radio 4 this evening reminiscing.
Back in 1979 when Margaret Thatcher first came to power, himself and a colleague attempted some satire against the right wing ,(Conservative, Thatcher...)
The National Front (1970's British alt-right) adopted said satire in their propaganda, unwittingly.
See, your typical fascist bigot struggles with satire, lateral thinking and abstract thought in general which is why Aristarchus' great philosophical insights get mod bombed.
It's also why the Greeks put Socrates-dude to death.
History rhymes and that's human nature.
(Score: 0) by Anonymous Coward on Thursday October 26 2017, @02:58AM (1 child)
You're still not paying attention. Aristarchus is the mod-bomber-in-chief. There's a quote floating around, showing that Aristarchus has down modded more than twice as much as the next leading contender. The man is a mean, contemptible, petty little worm, who whines and cries when he gets a little dose of his own medicine.
If you have sympathy for his whiny fat ass, that's alright, but don't waste time preaching to those of us who know better.
(Score: 0) by Anonymous Coward on Thursday October 26 2017, @01:53PM
His own medicine? I see the problem. This is why we live in a divided society.
(Score: 3, Informative) by ataradov on Monday October 23 2017, @07:26AM (5 children)
Those PVS guys are annoying as hell. They spam forums with their overt advertising.
(Score: 1) by Andrey_Karpov on Monday October 23 2017, @09:09AM (2 children)
A program product or a company is mentioned in a half of the news. So, each second news can be called advertising. It's not very clear for me why some people are so bothered by PVS-Studio analyzer. Moreover, very few programmers know about it, I'm making sure in it every time when I visit a conference. P.S. "Again this PVS-Studio team. They are everywhere..." - https://www.viva64.com/en/b/0428/ [viva64.com]
(Score: 2, Interesting) by Anonymous Coward on Monday October 23 2017, @09:40PM
The only people I have found that have a negative reaction to these sorts of tools are the very ones who need them, desperately. They want to pretend they do not make errors. Once you accept you are not a walking encyclopedia of the different C/C++ specifications and the nuances of each compiler. Then the easy to find abuses of those specifications you realize you need these tools to help you. I have over the years humbled more than one super wizz kid cowboy programer with these sorts of tools. Then showing them in nice easy examples (usually provided by the tools). Of how big a fuckup to the code they are making. I usually bring them in once a project has spent about a week 'finding that crashing/memory leak' bug. Usually finds them in under a day. Plus a STACK of other issues. Usually knocks off the top bugs the code base was having. Usually for little to no effort. These tools are easy to use and well worth paying for. I have saved several multimillion dollar projects by using these sorts of things.
It can actually be kind of fun. You take a crashy, memory hungry program and turn it into something that works. Usually it was some code smashed out at 2AM because the feature just had to be done 'right now'.
The only ones who discount these sorts of tools are ones who do not bother to use them. Or have used them a couple of times and did not understand what the output meant. So they chuck it up to 'false positives' and then continue to pretend they know better.
(Score: 2) by realDonaldTrump on Tuesday October 24 2017, @12:57PM
We are all businessmen and women, whether you see it that way yet or not. All of us, even Russians. If you like art and can’t make money at it, you eventually realize that everything is business, even your art. That’s why I like Warhol’s statement about good business being the best art. It’s a fact. Part of business is getting your message out, getting your honest and unfiltered message out. And there's always someone who will hate your message. Always someone who will want it watered down. Don't listen to them. Never listen to them.
(Score: 3, Informative) by The Mighty Buzzard on Monday October 23 2017, @10:47AM (1 child)
This almost got chucked as spam but martyb thought we could make a decent discussion out of it. Don't look for him to go pushing out anything they submit though.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Tuesday October 24 2017, @12:05AM
Yeah. When I saw it in the queue, I wondered if it would make the cut.
It has stirred some interesting discussion, so it appears that the proper choice was made.
What I was hoping to see was the names of some tools in use.
Comparisons by folks who had tried multiple apps would be especially interesting.
Licenses (FOSS|proprietary) and license costs would add a dimension as well.
(Envying the larger userbase of the other site here.)
The Wikipedia page linked in TFS has an External links section, but I was hoping to see a link to a "Comparison of..." Wikipedia page there.
-- OriginalOwner_ [soylentnews.org]
(Score: 3, Interesting) by Anonymous Coward on Monday October 23 2017, @07:32AM (7 children)
ever since they reprinted that hatchet-job on Rust, I've known they're either dishonest or stupid. In fact this shows up a lot in their marketing.
Yes, static analysis is something you should do, but don't waste your time on massive analysis tools until you've at least written tests and used a fuzzer. And for fuck's sake: don't start shitting on correct-by-construction techniques (eg. modern type systems) to justify the purchase of this software.
(Score: 5, Insightful) by TheRaven on Monday October 23 2017, @08:23AM (6 children)
I disagree. Static analysis should be something that you integrate into your development flow and run even before you run a test binary. It doesn't catch all of the bugs, but bugs caught by static analysis are typically the easiest to fix. First fix any compiler warnings, then fix any static analyser warnings, then fix test failures, then generate more tests with a fuzzer and fix the failing ones. That gives you a workflow where each round of fixes has an increasing effort:reward ratio.
sudo mod me up
(Score: 4, Informative) by tibman on Monday October 23 2017, @04:24PM (4 children)
I'd rather have the test suite. Then when people are "fixing the issues" they aren't introducing logic bugs. Tests to check for bad input are nice and all but the real value is in proving (and protecting) the business logic. My opinion of course : )
SN won't survive on lurkers alone. Write comments.
(Score: 2) by TheRaven on Monday October 23 2017, @04:54PM (2 children)
sudo mod me up
(Score: 0) by Anonymous Coward on Monday October 23 2017, @05:20PM (1 child)
You need a better test suite than that. If you haven't already spent 10x the cost of PVS studio developing your test suite, your priorities need a rethink.
Static analysis of the sort this tool does is just a bullshit lint pass, supported by the agglomeration of various C++ updates. They shit on other languages because they don't have a product for them. They don't have a product because the compilers already ship a comprehensive lint pass.
(Score: 2) by TheRaven on Tuesday October 24 2017, @08:47AM
That's my point. The cost of developing a good test suite is high. The cost of running a static analyser (particularly something like the Clang analyser, rather than something like PVS, or Coverity which is free for open source projects) is very cheap. The bug reports that you get from a static analyser are much easier to fix, because they already show you the chain of flow control that leads to the possible failure case, whereas failing tests just tell you that something is broken and require developer time to track down exactly why it's broken.
The correct time to run a static analyser is early on in development, more or less the same time as fixing compiler warnings. They give you the low-hanging fruit. If static analysis can find a bug, it can do so with a more helpful report and with a lot less effort than either a robust test suite or a fuzzing tool. If you have finite resources, that leaves you with more time to find the difficult bugs with a test suite.
sudo mod me up
(Score: 3, Informative) by JoeMerchant on Monday October 23 2017, @09:43PM
I prefer to have the requirements for the business logic written in something other than vague non-techie speak before embarking upon a coding up a test suite.
Unfortunately, it seems in my world that the only way to get the vague non-techies to stop with their self-contradictory waffle-speak is to show them a running prototype.
🌻🌻 [google.com]
(Score: 2) by driverless on Tuesday October 24 2017, @07:46AM
The problem with static analysers is that they fall into two classes, really good and commercial, or somewhat basic and free. Then the commercial ones fall into three price classes, fucking expensive, outrageously expensive, and eyewateringly expensive.
PREfast is the closest you can get to free + reasonably good, but it suffers from way too many FPs and the need to annotate your code extensively to get decent results. Oh, and it's Windows-only.
(Score: 1) by Andrey_Karpov on Monday October 23 2017, @09:07AM (8 children)
As it has already been said, sometimes developers don't understand, what a compiler wants to tell them. I wanted to touch upon another close topic. Sometimes developers blame compilers in their errors :). I wrote a note related to this issue. The compiler is to blame for everything - https://www.viva64.com/en/b/0161/ [viva64.com]
(Score: 4, Interesting) by bzipitidoo on Monday October 23 2017, @10:25AM (7 children)
And sometimes, the compiler really is to blame. I haven't forgotten the last time I used Borland C++ 4.5. That terrible compiler had really bad bugs. They screwed up the segmented memory. If your program needed more than 64K data, Borland C++ would reuse the same 64K memory segment! I caught it doing this when I was trying to figure out why my program was not working. Put watches on everything, and saw a totally unrelated array element change on the same line that a loop variable was incremented. Compiled that program, unchanged, with gcc, and the resulting binary worked flawlessly. Turbo C++ 2.0 was even worse. Could not do "x<<=1;", had to write "x = x<<1;" to work around another compiler bug. When it tried to compile the former, it would give up and display a view of the incorrect assembler code it generated.
gcc wasn't without flaws of its own. Saw a program that declared a variable inside a loop, and then use that variable after the loop: "for (int i=0; i<n; i++) { ... } i=x;", and it worked up through about gcc 2.7. Then the gcc maintainers tightened the rules, and version 2.95 had a fit over that code. Well, 2.7 shouldn't have allowed it either, but it did and the programmer ran with it.
(Score: 2) by FatPhil on Monday October 23 2017, @11:15AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1, Informative) by Anonymous Coward on Monday October 23 2017, @03:01PM
Indeed. I once got mysteriously wrong results from my code. I couldn't explain it until I found out that output of a long double simply didn't work correctly; the data was calculated right, but output wrong. Casting to double before output solved the issue.
And I was using std::cout so it isn't a case of me using the wrong format specifier in printf.
(Score: 0) by Anonymous Coward on Monday October 23 2017, @09:26PM (1 child)
You realize you are talking about a compiler from 1994 from a company that does not make compilers anymore right?
and it worked up through about gcc 2.7
The language specification changed. The compilers were keeping up. Most of the magazines of the time made a big deal about what the changes were. That was one of them.
For your particular example it was not clear from the specification if the declaration was scoped inside of the loop or outside. Some compilers did it one way and some others (I had the joy of moving between a couple that interpreted it differently). The guys who wrote the original specification put what they intended into the ISO group meetings. It broke a few bits of my code too. It was an easy fix. Move the declaration outside of the loop initializer. Same effect and you were being clear you wanted the scope of that variable to be longer than the for loop which is what your code was doing and what you intended. The compiler does not interpret your intent. It interprets what you tell it.
(Score: 2, Troll) by aristarchus on Tuesday October 24 2017, @05:24AM
No, I did not realize this. Should I have? Could you have included indications of the irrelevance of your experience in your original post? Back in the early days of computing, we had to carry our own calcules, or pebbles, and an abacus, of course. And we had to both compile and test our algorithms by hand! Computer Scientists these days! What a bunch of wooshes!
(Score: 2) by JoeMerchant on Monday October 23 2017, @09:46PM (2 children)
So, you were trying to use Borland C++ in the early 1990s? Couldn't you tell that was a mistake? I remember evaluating it in 1991 and coming to the conclusion that it was unsuitable for any applications more complex than: "Hello world, how are you?". We spent the next several years developing our apps in straight C, didn't revisit C++ until Windows 95 came out (in 1996.)
🌻🌻 [google.com]
(Score: 2) by bzipitidoo on Monday October 23 2017, @11:06PM (1 child)
Why, no, I couldn't tell right away. The school I graduated from had a very poor CS program. In 1990, they were still stuck on Pascal, and Turbo Pascal (from Borland, of course) was their compiler of choice. All this was on PCs running MS DOS, and Windows 3 was pretty much a useless curiosity, more for lusers in business school who couldn't handle the command line and insisted on bogging their computers down with GUI versions of office apps. They didn't teach or use C, let alone C++. I had to learn C on my own. And since Turbo Pascal seemed to be an excellent compiler and environment, why should I think that excellence would not extend to their C/C++ compilers? The only exposure to C was a class on OSes that used Minix, as Linux didn't yet exist at that time. The professor didn't spend any time teaching C, seemed to expect everyone to be able to dive right into the Minix source code.
(Score: 2) by JoeMerchant on Tuesday October 24 2017, @02:59AM
I guess I got lucky, I tried to do a few simple things in C++ and it became clear within less than a week that the compiler wasn't doing what the book said it should.
Your school experience sounds typical late 80s - in my Computer Engineering program, we had a Pascal class, then later we had a Compilers class where we were supposed to write a full assembler using C language, but no C language class as a pre-requisite. Further, the project was supposed to be done on a mainframe that was always down, so I did it in Turbo C on IBM PCs in various other labs and at a friend's house, thinking I would port it to the mainframe when it started working - which it never did. The prof tried to give me a ration of (*#% "porting is not a trivial exercise, the assignment was to do it on the mainframe" - to which I responded "did a single student successfully code anything on that mainframe? It was only working for about 4 hours this semester, total."
We spent the early 90s coding in C on DOS with PharLap 32 bit extender, using the Menuet GUI library - which we eventually purchased the source code to and ported it to compile in the PharLap environment also. Finally around the fall of '96 we started porting the C project into C++, running Borland's API - whatever they called it. Around 2000, someone bought the code and the first thing they did was hire a team to port it to Visual Studio, cost them about a quarter million to do the port - but the investors were happier that way since they could hire Visual Studio programmers more readily.
🌻🌻 [google.com]
(Score: 4, Interesting) by shortscreen on Monday October 23 2017, @10:16AM (3 children)
One time I thought a 68K linker was outputting a section with reversed byte order, so as a workaround I flipped the byte order of the data... Until later when I noticed that my own code was reversing the byte order at run time :p
It gets more interesting when you write stuff and run it in an emulator, since emulators regularly have bugs. One time I wrote something that caused the emulator itself to crash. I contacted the authors, they fixed something, and uploaded a new version of the emulator. I tried the fixed version and it didn't crash but my program still didn't work. I contacted them again, and they said that my code was sending nonsense parameters to the (emulated) hardware, which is what had triggered their bug. Oops.
One time I complained that a different emulator was not handling an interrupt status bit correctly. Someone replied that there was no status bit, the register was marked write-only in the documentation. I looked at the documentation, and they were right. But my code ran correctly on the real hardware, the documentation was wrong!
One time I found a legit bug in FreeBASIC, but I was using an old version and by that time it had already been fixed in subsequent versions.
(Score: 3, Informative) by bzipitidoo on Monday October 23 2017, @10:35AM (2 children)
One bug I know of in Applesoft BASIC (on the Apple II+ computer) happens if you use a variable named just "A". Write "IF B>A THEN" and the interpreter will parse that as "IF B> AT HEN" and bomb on that line. Have to put parentheses around the condition, or switch the order of the variables in the comparison: "IF A<B THEN"
(Score: 0) by Anonymous Coward on Monday October 23 2017, @03:30PM (1 child)
Is that really a bug? I mean, subtraction and division aren't commutative either.
(Score: 3, Informative) by bzipitidoo on Monday October 23 2017, @11:11PM
Didn't have anything to do with commutativity. It was "A THEN" that the interpreter couldn't handle. It would see that as the keyword "AT" followed by a variable named "HEN". You might say it laid an egg at that point :D.
(Score: 3, Interesting) by pTamok on Monday October 23 2017, @11:18AM (2 children)
The bugs I love are Heisenbugs [wikipedia.org].
I was trying to debug some code, which failed when run normally, but worked as wanted when run step-by-step in the debugger. After turning on increasingly fine-grained logging and adding explicit status outputs to logfiles etc, I eventually caught on that the environment set up for the debugger was different to the standard run-time environment, and after a 'a bit' of bisection of the environment variables discovered the issue. There was, in fact, nothing wrong with the initial code - it just needed a particular environment variable set in a different way to work.
Moral of the story is: when you are looking really hard in one place with no effect, try widening the scope.
It is also disheartening sometimes to find that optimised code produced by the complier fails, when the non-optimised code produced for the debugger works fine.
(Score: 2) by bart on Monday October 23 2017, @06:41PM (1 child)
They always included multi-threading, multi-process or multi-machine, and generally with some closed source stuff included.
I find that old-fashioned printf debugging is generally the best way to get to the bottom of difficult bugs.
(Score: 2) by Kromagv0 on Monday October 23 2017, @07:52PM
So I'm not the only one who has dealt with that. My favorite bug related to this is the fork function in AIX isn't thread safe and if a semaphore or mutex changes state while a fork is happening it may result in the semaphore or mutex ending up in an indeterminate state. Some times it would crap out within seconds other times it would take days and finding out that fork wasn't thread safe was a bastard as it wasn't documented well and wasn't mentioned in the fork, popen, exec, etc. function call documentation. Since I could show that the code I wrote wasn't wandering off and causing the problem it meant that it had to be some system call I was making Depending on what random state the mutex or semaphore was in the program would spin like mad eating all CPU or deadlock. I experienced that on a multi-treaded, multi-process, multi-machine system just to make life more interesting.
T-Shirts and bumper stickers [zazzle.com] to offend someone
(Score: 3, Funny) by stretch611 on Monday October 23 2017, @11:57AM (2 children)
Never, my code is ALWAYS correct... the computer is always at fault.
Whether it is just to stupid to understand my genius, mistakes the position of the shift key to display the wrong case, has byte degradation in memory to change my periods to commas, or just blatantly lies and thinks I typed functions from a language other than the one I am working on... It is always the computer.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 3, Interesting) by stretch611 on Monday October 23 2017, @11:59AM
tbh... I'm the type that worries when something compiles clean the first time. There is always a coding error and I prefer the computer to find a simple syntax error or some other flub, instead of me having to track down the logic error the computer can't see later.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 2) by bzipitidoo on Monday October 23 2017, @11:26PM
Compiler error messages are always stupidly obtuse, when they bother to say anything at all! "Bad Lvalue!" WTF? ALGOL is dead, stop using ALGOL concepts in the error messages! And stop thinking there's no room for more comprehensible error messages, this is not the 1960s anymore, when 1K was a lot of memory. Could the compiler at least spell it out, you know, say "left value" instead of "lvalue"? Maybe even "the expression on the left side of the assignment operator"?
And, leave out one tiny little semicolon or brace, and the compiler goes nuts. Thinks ill of every line after such an insignificant error and spams the programmer with a lot of useless and untrue error messages. It's like the compiler is trying to make the real error message scroll off the top so the programmer can't read it! If a compiler like that was a 1st grader, it would've been diagnosed with autism and ADHD the first time it had such a huge meltdown over a bit of missing punctuation.
(Score: 0) by Anonymous Coward on Monday October 23 2017, @01:08PM (1 child)
Really, it's come to this now? Even smart (*) people don't understand what "smart" means anymore? Wake me up when a tool not designed to write articles writes a better article than this tool. Until then, anyone that claims to have created something "smart" immediately shows they're not worthy of that label.
Now get off my lawn.
* for classic, patriarchic, economyopic values of smart
(Score: 0) by Anonymous Coward on Monday October 23 2017, @03:12PM
So what should I claim if I implemented smart pointers? [wikipedia.org] ;-)