Category Archives: Code analysis

A Crash of Great Opportunity

It was a fairly straightforward bug. A wide-character string function was called with a byte count instead of a character count, leading to a buffer overrun. After finding the problem the fix was as simple as changing sizeof to _countof. … Continue reading

Posted in Code analysis, Code Reliability, Programming | Tagged | 12 Comments

You Got Your Web Browser in my Compiler!

I recently discovered that Microsoft’s VC++ compiler loads mshtml.dll – also known as Internet Explorer. The compiler does this whenever the /analyze option (requesting static code analysis) is used. I’m no compiler architecture expert, but a compiler that loads Internet … Continue reading

Posted in Code analysis, Investigative Reporting, Performance, Visual Studio, xperf | Tagged , , , | 88 Comments

Vote for the VC++ Improvements That Matter

VS 2013 is almost done and VS 2014 is being planned and I’ve been pushing for the VC++ features/bug-fixes that matter most to me. I’ve come up with two requests that seem plausible and valuable. If you like them then … Continue reading

Posted in Code analysis, Programming, Visual Studio | Tagged , | 10 Comments

Two Years (and Thousands of Bugs) of Static Analysis

I’ve been running static code analysis on four large code bases for over two years now. After the initial work of looking through all of the warnings and fixing the serious bugs I put the projects into code analysis maintenance … Continue reading

Posted in Code analysis, Code Reliability, Programming, Visual Studio | Tagged , , , | 22 Comments

VC++ /analyze Bug Finder Bug Fixed

Last October I wrote about a crashing bug in the /analyze feature of Microsoft’s VC++ compiler – a use-after-free in their annotation parser. It’s now fixed.

Posted in Code analysis, Code Reliability, Investigative Reporting, Visual Studio | Tagged , , , , | 4 Comments

Another Bug in Your Bug (Finder): __offsetof

Last month I posted about a crashing bug in Visual Studio 2012’s static code analysis feature.  The irony was delicious. Yesterday I found another bug in the same feature. This one isn’t quite as dramatic, but I found it amusing, … Continue reading

Posted in Code analysis, Code Reliability, Programming, Visual Studio | Tagged , , , , , | 2 Comments

You’ve Got a Bug in Your Bug (Finder)

All software has bugs, but there is something ironic about a crashing bug in the /analyze portion of Microsoft’s VC++ 2012 compiler. The investigation of this bug also shows yet another reason you should test your software using Microsoft’s Application … Continue reading

Posted in Code analysis, Code Reliability, Investigative Reporting, Visual Studio | Tagged , , , , | 8 Comments