Skip to main content

Did you know that the bug search tools in Java code have bugs too?

The PVS-Studio development doesn’t stand still – the team is always monitoring new trends in programming and working hard on further analyzer development. The biggest feature that appeared in the analyzer is support for Java. It is a widely used one today, and it was one of the candidates when we were considering which language to choose next. The team made available the most popular ways of the analyzer integration in the build system for the users: plugins for Maven, Gradle, and IntelliJ IDEA. However, this is just the beginning – there are a lot of ideas on further improvements in this area.

In 2018, the team was also actively working on C++ and C# analyzer development and had released a new version of the PVS-Studio. C++ (and C#) analyzer warnings were classified according to the Common Weakness Enumeration (CWE). A PVS-Studio static code analyzer has become able to classify its warnings according to MISRA C and MISRA C++ standards. It has become relevant in relation to the development of support for various embedded systems. Documentation has also undergone big changes: all improvements have been focused on writing more common and easy-to-understand instructions for working on different systems.

Of course, the developers couldn’t help testing the new version of the analyzer and have checked open projects such as IntelliJ IDEA, SpotBugs, SonarQube, и SonarJava. Here are some of the examples.

private static boolean checkSentenceCapitalization(@NotNull String value) {
  List<String> words = StringUtil.split(value, " ");
  ....
  int capitalized = 1;
  ....
  return capitalized / words.size() < 0.2; // allow reasonable amount of
                                           // capitalized words
}

The point was that the function should return true if less than 20% of the words begin with a capital letter. Actually, the check is not working, because integer division occurs. As a result of division, we can obtain only two values: 0 or 1.

The function will return false, only if all words begin with a capital letter. In all other cases, division operation will result in 0 and the function will return true.

Here is another interesting example:

public synchronized boolean isIdentifier(@NotNull String name,
                                         final Project project) {
  if (!StringUtil.startsWithChar(name,'\'') &&
      !StringUtil.startsWithChar(name,'\"')) {
    name = "\"" + name;
  }
  if (!StringUtil.endsWithChar(name,'"') &&
      !StringUtil.endsWithChar(name,'\"')) {
    name += "\"";
  }
 ....
}

This code fragment checks that the name is enclosed in either single or double quotation marks. If it’s not so, double quotation marks are added automatically.

Due to a typo, the end of the name is checked only for the presence of double quotation marks. As a result, the name in single quotation marks will be processed incorrectly.

The name

‘Abcd’

due to adding extra double quotes will turn into:

‘Abcd'”

Read more about other errors in Java code here: https://www.viva64.com/en/b/0603/

Beyond all this, the PVS-Studio team made a nice New Year’s gift for those who develops open source projects. All the contributors of such projects hosted on GitHub or Bitbucket are given free usage of the static code analyzer.

The post Did you know that the bug search tools in Java code have bugs too? appeared first on The Crazy Programmer.



from The Crazy Programmer https://www.thecrazyprogrammer.com/2019/01/did-you-know-that-the-bug-search-tools-in-java-code-have-bugs-too.html
Labels:

Comments

Post a Comment

Popular posts from this blog

dotnet sdk list and dotnet sdk latest

Can someone make .NET Core better with a simple global command? Fanie Reynders did and he did it in a simple and elegant way. I'm envious, in fact, because I spec'ed this exact thing out in a meeting a few months ago but I could have just done it like he did and I would have used fewer keystrokes! Last year when .NET Core was just getting started, there was a "DNVM" helper command that you could use to simplify dealing with multiple versions of the .NET SDK on one machine. Later, rather than 'switching global SDK versions,' switching was simplified to be handled on a folder by folder basis. That meant that if you had a project in a folder with no global.json that pinned the SDK version, your project would use the latest installed version. If you liked, you could create a global.json file and pin your project's folder to a specific version. Great, but I would constantly have to google to remember the format for the global.json file, and I'd constan...
Post a Comment
Read more

Rail Fence Cipher Program in C and C++[Encryption & Decryption]

Here you will get rail fence cipher program in C and C++ for encryption and decryption. It is a kind of transposition cipher which is also known as zigzag cipher. Below is an example. Here Key = 3. For encryption we write the message diagonally in zigzag form in a matrix having total rows = key and total columns = message length. Then read the matrix row wise horizontally to get encrypted message. Rail Fence Cipher Program in C #include<stdio.h> #include<string.h> void encryptMsg(char msg[], int key){ int msgLen = strlen(msg), i, j, k = -1, row = 0, col = 0; char railMatrix[key][msgLen]; for(i = 0; i < key; ++i) for(j = 0; j < msgLen; ++j) railMatrix[i][j] = '\n'; for(i = 0; i < msgLen; ++i){ railMatrix[row][col++] = msg[i]; if(row == 0 || row == key-1) k= k * (-1); row = row + k; } printf("\nEncrypted Message: "); for(i = 0; i < key; ++i) f...
3 comments
Read more

Data Encryption Standard (DES) Algorithm

Data Encryption Standard is a symmetric-key algorithm for the encrypting the data. It comes under block cipher algorithm which follows Feistel structure. Here is the block diagram of Data Encryption Standard. Fig1: DES Algorithm Block Diagram [Image Source: Cryptography and Network Security Principles and Practices 4 th Ed by William Stallings] Explanation for above diagram: Each character of plain text converted into binary format. Every time we take 64 bits from that and give as input to DES algorithm, then it processed through 16 rounds and then converted to cipher text. Initial Permutation: 64 bit plain text goes under initial permutation and then given to round 1. Since initial permutation step receiving 64 bits, it contains an 1×64 matrix which contains numbers from 1 to 64 but in shuffled order. After that, we arrange our original 64 bit text in the order mentioned in that matrix. [You can see the matrix in below code] After initial permutation, 64 bit text passed throug...
Post a Comment
Read more