Abstract image of a woman sitting on books and studying on a laptop

I want to sell a PVS-Studio license to the Intel company

P
PVS-Studio

The document is a proposal from Andrey Karpov expressing the desire to sell a PVS-Studio license to Intel's performance primitives library development team. It outlines the potential benefits of the analyzer and highlights various code issues detected in their samples, emphasizing the importance of regular usage for effective error detection. Karpov invites the IPP developers to try the updated trial version of the tool and discusses the willingness to collaborate on implementing relevant diagnostic rules.

TechnologySpiritual
1 of 6
Download to read offline
1
2
3
4
5
6
I want to sell a PVS-Studio license to the Intel company Author: Andrey Karpov Date: 19.04.2012 I cannot get rid of the urge to sell a PVS-Studio license to the developer team of Intel Performance Primitives Library. Of course, I'd like to have some sales in other Intel departments too, but the IPP developers seem closer to us. First, some of them live in Russia. Second, they are already using static analyzers in their work. Third, we already have some groundwork in this area. I mean that we already checked the IPP Samples project twice (first check, second check). It would be, of course, much more interesting to test the IPP library itself instead of the samples, but we don't have access to its source codes. So, I'll resort to the standard method of advertising ourselves. We will continue to reanalyze IPP Samples from time to time to find new errors. It indicates that the PVS-Studio code analyzer is actively developing. But the greatest profit can be, of course, obtained through regular use of the analyzer, not single runs. Do not forget the capabilities of night runs and background analysis after compilation. I will cite some of the errors detected by PVS-Studio v4.60. These are, of course, not all the odd fragments we've found. There are much more of them, but I cannot tell for sure if they have errors or not. At the same time, let it be the reason for IPP developers to install and try our tool. We have changed the trial model so that the tool now possesses its full functionality. So, you are welcome to try it. Let's have a look at odd fragments in the IPP Samples code. Case N1. Meaningless statement AACStatus bsacdecSetNumChannels(Ipp32s channelConfiguration, AACDec *state) { state->com.m_channel_number = channelConfiguration; if (channelConfiguration == 7) { state->com.m_channel_number; } return AAC_OK; }
PVS-Studio's diagnostic message: V607 Ownerless expression 'state->com.m_channel_number'. aac_dec aac_dec_api_fp.c 1404 The "state->com.m_channel_number;" statement is very odd. An assignment or something else must be missing here. Case N2. Filling the virtual method table There are rather many places in IPP Samples where memory is allocated for classes through the malloc() function and initialized through the memset() function. Maybe there's nothing bad about it, but I'm discomforted by the fact that these classes have virtual methods. Thus, I suspect that the virtual method table might be spoiled and something will go wrong. For example, the _MediaDataEx class contains virtual functions: virtual bool TryStrongCasting(....) const; virtual bool TryWeakCasting(....) const; And this is how an object of this class is created: Status VC1Splitter::Init(SplitterParams& rInit) { MediaDataEx::_MediaDataEx *m_stCodes; ... m_stCodes = (MediaDataEx::_MediaDataEx *) ippsMalloc_8u( START_CODE_NUMBER*2*sizeof(Ipp32s)+ sizeof(MediaDataEx::_MediaDataEx)); ... memset(m_stCodes, 0, (START_CODE_NUMBER*2*sizeof(Ipp32s)+ sizeof(MediaDataEx::_MediaDataEx))); ... } PVS-Studio's diagnostic message: V598 The 'memset' function is used to nullify the fields of '_MediaDataEx' class. Virtual method table will be damaged by this. vc1_spl umc_vc1_spl.cpp 131
I don't know if there is a problem here, but we'd better warn about it. The same thing can be seen in the following places: V598 The 'memset' function is used to nullify the fields of '_MediaDataEx' class. Virtual method table will be damaged by this. vc1_dec umc_vc1_video_decoder.cpp 641 False V598 The 'memset' function is used to nullify the fields of 'AVS_DISASSEMBLING_CONTEXT' class. Virtual method table will be damaged by this. avs_enc umc_avs_enc_slice.cpp 45 V598 The 'memset' function is used to nullify the fields of 'AVS_DISASSEMBLING_CONTEXT' class. Virtual method table will be damaged by this. avs_enc umc_avs_enc_slice.cpp 29 V598 The 'memset' function is used to nullify the fields of 'AVS_DISASSEMBLING_CONTEXT' class. Virtual method table will be damaged by this. avs_enc umc_avs_enc_slice.cpp 22 V598 The 'memcpy' function is used to copy the fields of 'AVSVideoEncoderParams' class. Virtual method table will be damaged by this. avs_enc umc_avs_enc.cpp 115 V598 The 'memset' function is used to nullify the fields of 'AVS_DECODING_CONTEXT' class. Virtual method table will be damaged by this. avs_dec umc_avs_dec_slice_init.cpp 65 V598 The 'memset' function is used to nullify the fields of 'AVS_DEBLOCKING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 153 V598 The 'memset' function is used to nullify the fields of 'AVS_RECONSTRUCTING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 133 V598 The 'memset' function is used to nullify the fields of 'AVS_DEBLOCKING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 43 V598 The 'memset' function is used to nullify the fields of 'AVS_RECONSTRUCTING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 42 V598 The 'memset' function is used to nullify the fields of 'AVS_DECODING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 41 V598 The 'memset' function is used to nullify the fields of 'AVS_DEBLOCKING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 32 V598 The 'memset' function is used to nullify the fields of 'AVS_RECONSTRUCTING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 31 V598 The 'memset' function is used to nullify the fields of 'AVS_DECODING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 30 Case N3. Checking pointers after use We've found several fragments where a pointer is used first and then is checked for being a null pointer. Perhaps the pointer will never be null and the code works correctly all the time, but it's not good anyway.
For example: VIDEO_DRV_CREATE_BUFFERS_FUNC(....) { ... VideoDrvVideoMemInfo* drv_vm = &(driver->m_VideoMemInfo); ... if ((NULL == driver) || (NULL == bufs)) { ERR_SET(VM_NULL_PTR, "null ptr"); } ... } PVS-Studio's diagnostic message: V595 The 'driver' pointer was utilized before it was verified against nullptr. Check lines: 40, 46. video_renders drv.c 40 The pointer check here should be either moved up or removed at all if the "driver==NULL" condition is impossible. Here are other identical code samples: Ipp16s *pNewSpeech = encoderObj->stEncState.pSpeechPtrNew; if (NULL==encoderObj || NULL==src || NULL ==dst ) return APIGSMAMR_StsBadArgErr; PVS-Studio's diagnostic message: V595 The 'encoderObj' pointer was utilized before it was verified against nullptr. Check lines: 296, 298. speech encgsmamr.c 296 m_pAVSCompressorParams = DynamicCast<AVSVideoEncoderParams> (pParams); ... m_qp = m_pAVSCompressorParams->m_iConstQuant; // check error(s) if (NULL == m_pAVSCompressorParams) return UMC_ERR_NULL_PTR; PVS-Studio's diagnostic message: V595 The 'm_pAVSCompressorParams' pointer was utilized before it was verified against nullptr. Check lines: 88, 91. avs_enc umc_avs_enc_fusion_core.cpp 88
Case N4. Odd expressions with commas There are a couple of fragments with odd commas ','. The first sample: void GetIntraDCPredictors(VC1Context* pContext) { DCPred.DC[13] = pC->DCBlkPred[5].DC,QurrQuant; ... } PVS-Studio's diagnostic message: V521 Such expressions using the ',' operator are dangerous. Make sure the expression is correct. vc1_dec umc_vc1_dec_mb_com.cpp 370 It might be a misprint, or something is missing here. The second sample: V521 Such expressions using the ',' operator are dangerous. Make sure the expression is correct. speech usc_dtmf.c 309 static int DTMF_16s(....) { ... for (i = pIppTDParams->dtmf_fs, j = 0; i < dtmf_frame_size+pIppTDParams->dtmf_fs, j < nbytes; i++, j++) } PVS-Studio's diagnostic message: V521 Such expressions using the ',' operator are dangerous. Make sure the expression is correct. speech usc_dtmf.c 309 This is a more interesting example than the previous one. The logical condition seems to be written incorrectly. The condition must have looked as follows: i < dtmf_frame_size+pIppTDParams->dtmf_fs && j < nbytes Case N5. Odd implicit type conversion class MeMV { public: MeMV(){};
MeMV(int a0){x = (Ipp16s)a0; y=(Ipp16s)a0;}; MeMV(int a0, int a1){x = (Ipp16s)a0; y=(Ipp16s)a1;}; ... } MeMV MePredictCalculatorVC1::GetPrediction8x8() { ... default: return false; ... } PVS-Studio's diagnostic message: V601 The 'false' value becomes a class object. me umc_vec_prediction.cpp 754 The GetPrediction8x8() function returns the MeMV type. But in one branch, it returns the 'false' value. This value is implicitly cast to 'int' and the MeMV(int a0) constructor is called. I'm not sure, but there is something else to be returned in this code, or an exception should be thrown. An identical implicit type conversion can be found here: V601 The 'false' value becomes a class object. me umc_vec_prediction.cpp 717 Case N6. Undefined behavior In very many places of IPP Samples, you can find constructs that cause undefined or unspecified behavior. I wrote about some of them in the previous post. Now we have found a whole lot of negative value shifts. I cannot tell for sure that it may cause some troubles, but I recommend considering this article: "Wade not in unknown waters. Part three" just in case. In this file - ipp-samples-ub.txt - you can see where the potentially dangerous code is located. Conclusion Dear IPP and IPP Samples developers, we're waiting for your letters. We are ready to discuss and implement missing functionality in the PVS-Studio tool that prevents you from using it. We are also ready to implement diagnostic rules relevant to your project. And all the rest I wish bugless code and invite to our twitter @Code_Analysis where we post links to interesting articles on C++, programming, static code analysis and the PVS-Studio tool.

More Related Content

PDF
PVS-Studio Meets Octave
PVS-Studio
 
PDF
CppCat Checks OpenMW: Not All is Fine in the Morrowind Universe
Andrey Karpov
 
PDF
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
PVS-Studio
 
PDF
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Andrey Karpov
 
PDF
Checking the code of Valgrind dynamic analyzer by a static analyzer
PVS-Studio
 
PDF
PVS-Studio vs Chromium - Continuation
PVS-Studio
 
PDF
The Unicorn's Travel to the Microcosm
Andrey Karpov
 
PDF
Checking GIMP's Source Code with PVS-Studio
Andrey Karpov
 
PVS-Studio Meets Octave
PVS-Studio
 
CppCat Checks OpenMW: Not All is Fine in the Morrowind Universe
Andrey Karpov
 
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
PVS-Studio
 
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Andrey Karpov
 
Checking the code of Valgrind dynamic analyzer by a static analyzer
PVS-Studio
 
PVS-Studio vs Chromium - Continuation
PVS-Studio
 
The Unicorn's Travel to the Microcosm
Andrey Karpov
 
Checking GIMP's Source Code with PVS-Studio
Andrey Karpov
 

What's hot (20)

PDF
CppCat Static Analyzer Review
Andrey Karpov
 
PDF
Why Windows 8 drivers are buggy
Andrey Karpov
 
PDF
Intel IPP Samples for Windows - error correction
PVS-Studio
 
PDF
Waiting for the Linux-version: Checking the Code of Inkscape Graphics Editor
PVS-Studio
 
PDF
How to make fewer errors at the stage of code writing. Part N4.
PVS-Studio
 
PDF
Checking the World of Warcraft CMaNGOS open source server
PVS-Studio
 
PDF
Linux version of PVS-Studio couldn't help checking CodeLite
PVS-Studio
 
PDF
Tesseract. Recognizing Errors in Recognition Software
Andrey Karpov
 
PDF
Picking Mushrooms after Cppcheck
Andrey Karpov
 
PDF
Checking Oracle VM VirtualBox. Part 1
Andrey Karpov
 
PDF
Checking Intel IPP Samples for Windows - Continuation
PVS-Studio
 
PDF
A Slipshod Check of the Visual C++ 2013 Library (update 3)
Andrey Karpov
 
PDF
A Spin-off: CryEngine 3 SDK Checked with CppCat
Andrey Karpov
 
PDF
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
PVS-Studio
 
PDF
Spring RTS Engine Checkup
PVS-Studio
 
PDF
Intel IPP Samples for Windows - error correction
Andrey Karpov
 
PDF
Intel IPP Samples for Windows - error correction
PVS-Studio
 
PDF
Re-checking the ReactOS project - a large report
PVS-Studio
 
PDF
Reanalyzing the Notepad++ project
PVS-Studio
 
PDF
Checking OpenCV with PVS-Studio
PVS-Studio
 
CppCat Static Analyzer Review
Andrey Karpov
 
Why Windows 8 drivers are buggy
Andrey Karpov
 
Intel IPP Samples for Windows - error correction
PVS-Studio
 
Waiting for the Linux-version: Checking the Code of Inkscape Graphics Editor
PVS-Studio
 
How to make fewer errors at the stage of code writing. Part N4.
PVS-Studio
 
Checking the World of Warcraft CMaNGOS open source server
PVS-Studio
 
Linux version of PVS-Studio couldn't help checking CodeLite
PVS-Studio
 
Tesseract. Recognizing Errors in Recognition Software
Andrey Karpov
 
Picking Mushrooms after Cppcheck
Andrey Karpov
 
Checking Oracle VM VirtualBox. Part 1
Andrey Karpov
 
Checking Intel IPP Samples for Windows - Continuation
PVS-Studio
 
A Slipshod Check of the Visual C++ 2013 Library (update 3)
Andrey Karpov
 
A Spin-off: CryEngine 3 SDK Checked with CppCat
Andrey Karpov
 
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
PVS-Studio
 
Spring RTS Engine Checkup
PVS-Studio
 
Intel IPP Samples for Windows - error correction
Andrey Karpov
 
Intel IPP Samples for Windows - error correction
PVS-Studio
 
Re-checking the ReactOS project - a large report
PVS-Studio
 
Reanalyzing the Notepad++ project
PVS-Studio
 
Checking OpenCV with PVS-Studio
PVS-Studio
 
Ad

Viewers also liked (18)

PDF
Visual Studio commands
PVS-Studio
 
PDF
How to complement TDD with static analysis
PVS-Studio
 
PDF
Analyzing the Quake III Arena GPL project
PVS-Studio
 
PDF
Analyzing the Blender project with PVS-Studio
PVS-Studio
 
PDF
PVS-Studio vs Clang
PVS-Studio
 
PDF
Wade not in unknown waters. Part two.
PVS-Studio
 
PDF
Parallel Lint
PVS-Studio
 
PDF
Introduction into 64 bits for the beginners or where's again the 64-bit world?
PVS-Studio
 
PDF
How we test the code analyzer
PVS-Studio
 
PDF
The forgotten problems of 64-bit programs development
PVS-Studio
 
PDF
Comparing capabilities of PVS-Studio and Visual Studio 2010 in detecting defe...
PVS-Studio
 
PDF
Optimization of 64-bit programs
PVS-Studio
 
PDF
The essence of the VivaCore code analysis library
PVS-Studio
 
PDF
Kylemjones.com the hr-to_who_interview_michael_carty
Kyle Jones
 
PPT
Arvores natal mobi
Mariana Matias
 
PPTX
Abav 2011
Mariana Matias
 
PDF
#PICHR posts from January 2015
Kyle Jones
 
PDF
Mississippi SHRM Social Media Report July 2012
Kyle Jones
 
Visual Studio commands
PVS-Studio
 
How to complement TDD with static analysis
PVS-Studio
 
Analyzing the Quake III Arena GPL project
PVS-Studio
 
Analyzing the Blender project with PVS-Studio
PVS-Studio
 
PVS-Studio vs Clang
PVS-Studio
 
Wade not in unknown waters. Part two.
PVS-Studio
 
Parallel Lint
PVS-Studio
 
Introduction into 64 bits for the beginners or where's again the 64-bit world?
PVS-Studio
 
How we test the code analyzer
PVS-Studio
 
The forgotten problems of 64-bit programs development
PVS-Studio
 
Comparing capabilities of PVS-Studio and Visual Studio 2010 in detecting defe...
PVS-Studio
 
Optimization of 64-bit programs
PVS-Studio
 
The essence of the VivaCore code analysis library
PVS-Studio
 
Kylemjones.com the hr-to_who_interview_michael_carty
Kyle Jones
 
Arvores natal mobi
Mariana Matias
 
Abav 2011
Mariana Matias
 
#PICHR posts from January 2015
Kyle Jones
 
Mississippi SHRM Social Media Report July 2012
Kyle Jones
 
Ad

Similar to I want to sell a PVS-Studio license to the Intel company (20)

PDF
Checking VirtualDub
Andrey Karpov
 
PDF
Rechecking TortoiseSVN with the PVS-Studio Code Analyzer
Andrey Karpov
 
PDF
Analyzing the Dolphin-emu project
PVS-Studio
 
PDF
How to Improve Visual C++ 2017 Libraries Using PVS-Studio
PVS-Studio
 
PDF
The Little Unicorn That Could
PVS-Studio
 
PDF
PVS-Studio for Linux Went on a Tour Around Disney
PVS-Studio
 
PPTX
PVS-Studio team experience: checking various open source projects, or mistake...
Andrey Karpov
 
PDF
Errors that static code analysis does not find because it is not used
Andrey Karpov
 
PDF
Can We Trust the Libraries We Use?
Andrey Karpov
 
PDF
Checking WinMerge with PVS-Studio for the second time
PVS-Studio
 
PDF
Errors detected in C++Builder
PVS-Studio
 
PDF
Anomalies in X-Ray Engine
PVS-Studio
 
PDF
Documenting Bugs in Doxygen
PVS-Studio
 
PPTX
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
Andrey Karpov
 
PDF
"Why is there no artificial intelligence yet?" Or, analysis of CNTK tool kit ...
PVS-Studio
 
PDF
PVS-Studio team is about to produce a technical breakthrough, but for now let...
PVS-Studio
 
PDF
Analyzing Firebird 3.0
Ekaterina Milovidova
 
PDF
Analyzing Firebird 3.0
PVS-Studio
 
PDF
HPX and PVS-Studio
PVS-Studio
 
PDF
How to make fewer errors at the stage of code writing. Part N1
Andrey Karpov
 
Checking VirtualDub
Andrey Karpov
 
Rechecking TortoiseSVN with the PVS-Studio Code Analyzer
Andrey Karpov
 
Analyzing the Dolphin-emu project
PVS-Studio
 
How to Improve Visual C++ 2017 Libraries Using PVS-Studio
PVS-Studio
 
The Little Unicorn That Could
PVS-Studio
 
PVS-Studio for Linux Went on a Tour Around Disney
PVS-Studio
 
PVS-Studio team experience: checking various open source projects, or mistake...
Andrey Karpov
 
Errors that static code analysis does not find because it is not used
Andrey Karpov
 
Can We Trust the Libraries We Use?
Andrey Karpov
 
Checking WinMerge with PVS-Studio for the second time
PVS-Studio
 
Errors detected in C++Builder
PVS-Studio
 
Anomalies in X-Ray Engine
PVS-Studio
 
Documenting Bugs in Doxygen
PVS-Studio
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
Andrey Karpov
 
"Why is there no artificial intelligence yet?" Or, analysis of CNTK tool kit ...
PVS-Studio
 
PVS-Studio team is about to produce a technical breakthrough, but for now let...
PVS-Studio
 
Analyzing Firebird 3.0
Ekaterina Milovidova
 
Analyzing Firebird 3.0
PVS-Studio
 
HPX and PVS-Studio
PVS-Studio
 
How to make fewer errors at the stage of code writing. Part N1
Andrey Karpov
 

Recently uploaded (20)

PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PPT
Geologic Time for studying geology for geologist
ssuser738f5a
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PPTX
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Geologic Time for studying geology for geologist
ssuser738f5a
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
The various Industrial Revolutions .pptx
bandileshozi3
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
Five Habits of High-Impact Board Members
OnBoard
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 

I want to sell a PVS-Studio license to the Intel company

  • 1. I want to sell a PVS-Studio license to the Intel company Author: Andrey Karpov Date: 19.04.2012 I cannot get rid of the urge to sell a PVS-Studio license to the developer team of Intel Performance Primitives Library. Of course, I'd like to have some sales in other Intel departments too, but the IPP developers seem closer to us. First, some of them live in Russia. Second, they are already using static analyzers in their work. Third, we already have some groundwork in this area. I mean that we already checked the IPP Samples project twice (first check, second check). It would be, of course, much more interesting to test the IPP library itself instead of the samples, but we don't have access to its source codes. So, I'll resort to the standard method of advertising ourselves. We will continue to reanalyze IPP Samples from time to time to find new errors. It indicates that the PVS-Studio code analyzer is actively developing. But the greatest profit can be, of course, obtained through regular use of the analyzer, not single runs. Do not forget the capabilities of night runs and background analysis after compilation. I will cite some of the errors detected by PVS-Studio v4.60. These are, of course, not all the odd fragments we've found. There are much more of them, but I cannot tell for sure if they have errors or not. At the same time, let it be the reason for IPP developers to install and try our tool. We have changed the trial model so that the tool now possesses its full functionality. So, you are welcome to try it. Let's have a look at odd fragments in the IPP Samples code. Case N1. Meaningless statement AACStatus bsacdecSetNumChannels(Ipp32s channelConfiguration, AACDec *state) { state->com.m_channel_number = channelConfiguration; if (channelConfiguration == 7) { state->com.m_channel_number; } return AAC_OK; }
  • 2. PVS-Studio's diagnostic message: V607 Ownerless expression 'state->com.m_channel_number'. aac_dec aac_dec_api_fp.c 1404 The "state->com.m_channel_number;" statement is very odd. An assignment or something else must be missing here. Case N2. Filling the virtual method table There are rather many places in IPP Samples where memory is allocated for classes through the malloc() function and initialized through the memset() function. Maybe there's nothing bad about it, but I'm discomforted by the fact that these classes have virtual methods. Thus, I suspect that the virtual method table might be spoiled and something will go wrong. For example, the _MediaDataEx class contains virtual functions: virtual bool TryStrongCasting(....) const; virtual bool TryWeakCasting(....) const; And this is how an object of this class is created: Status VC1Splitter::Init(SplitterParams& rInit) { MediaDataEx::_MediaDataEx *m_stCodes; ... m_stCodes = (MediaDataEx::_MediaDataEx *) ippsMalloc_8u( START_CODE_NUMBER*2*sizeof(Ipp32s)+ sizeof(MediaDataEx::_MediaDataEx)); ... memset(m_stCodes, 0, (START_CODE_NUMBER*2*sizeof(Ipp32s)+ sizeof(MediaDataEx::_MediaDataEx))); ... } PVS-Studio's diagnostic message: V598 The 'memset' function is used to nullify the fields of '_MediaDataEx' class. Virtual method table will be damaged by this. vc1_spl umc_vc1_spl.cpp 131
  • 3. I don't know if there is a problem here, but we'd better warn about it. The same thing can be seen in the following places: V598 The 'memset' function is used to nullify the fields of '_MediaDataEx' class. Virtual method table will be damaged by this. vc1_dec umc_vc1_video_decoder.cpp 641 False V598 The 'memset' function is used to nullify the fields of 'AVS_DISASSEMBLING_CONTEXT' class. Virtual method table will be damaged by this. avs_enc umc_avs_enc_slice.cpp 45 V598 The 'memset' function is used to nullify the fields of 'AVS_DISASSEMBLING_CONTEXT' class. Virtual method table will be damaged by this. avs_enc umc_avs_enc_slice.cpp 29 V598 The 'memset' function is used to nullify the fields of 'AVS_DISASSEMBLING_CONTEXT' class. Virtual method table will be damaged by this. avs_enc umc_avs_enc_slice.cpp 22 V598 The 'memcpy' function is used to copy the fields of 'AVSVideoEncoderParams' class. Virtual method table will be damaged by this. avs_enc umc_avs_enc.cpp 115 V598 The 'memset' function is used to nullify the fields of 'AVS_DECODING_CONTEXT' class. Virtual method table will be damaged by this. avs_dec umc_avs_dec_slice_init.cpp 65 V598 The 'memset' function is used to nullify the fields of 'AVS_DEBLOCKING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 153 V598 The 'memset' function is used to nullify the fields of 'AVS_RECONSTRUCTING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 133 V598 The 'memset' function is used to nullify the fields of 'AVS_DEBLOCKING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 43 V598 The 'memset' function is used to nullify the fields of 'AVS_RECONSTRUCTING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 42 V598 The 'memset' function is used to nullify the fields of 'AVS_DECODING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 41 V598 The 'memset' function is used to nullify the fields of 'AVS_DEBLOCKING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 32 V598 The 'memset' function is used to nullify the fields of 'AVS_RECONSTRUCTING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 31 V598 The 'memset' function is used to nullify the fields of 'AVS_DECODING_CONTEXT' class. Virtual method table will be damaged by this. avs_common umc_avs_slice.cpp 30 Case N3. Checking pointers after use We've found several fragments where a pointer is used first and then is checked for being a null pointer. Perhaps the pointer will never be null and the code works correctly all the time, but it's not good anyway.
  • 4. For example: VIDEO_DRV_CREATE_BUFFERS_FUNC(....) { ... VideoDrvVideoMemInfo* drv_vm = &(driver->m_VideoMemInfo); ... if ((NULL == driver) || (NULL == bufs)) { ERR_SET(VM_NULL_PTR, "null ptr"); } ... } PVS-Studio's diagnostic message: V595 The 'driver' pointer was utilized before it was verified against nullptr. Check lines: 40, 46. video_renders drv.c 40 The pointer check here should be either moved up or removed at all if the "driver==NULL" condition is impossible. Here are other identical code samples: Ipp16s *pNewSpeech = encoderObj->stEncState.pSpeechPtrNew; if (NULL==encoderObj || NULL==src || NULL ==dst ) return APIGSMAMR_StsBadArgErr; PVS-Studio's diagnostic message: V595 The 'encoderObj' pointer was utilized before it was verified against nullptr. Check lines: 296, 298. speech encgsmamr.c 296 m_pAVSCompressorParams = DynamicCast<AVSVideoEncoderParams> (pParams); ... m_qp = m_pAVSCompressorParams->m_iConstQuant; // check error(s) if (NULL == m_pAVSCompressorParams) return UMC_ERR_NULL_PTR; PVS-Studio's diagnostic message: V595 The 'm_pAVSCompressorParams' pointer was utilized before it was verified against nullptr. Check lines: 88, 91. avs_enc umc_avs_enc_fusion_core.cpp 88
  • 5. Case N4. Odd expressions with commas There are a couple of fragments with odd commas ','. The first sample: void GetIntraDCPredictors(VC1Context* pContext) { DCPred.DC[13] = pC->DCBlkPred[5].DC,QurrQuant; ... } PVS-Studio's diagnostic message: V521 Such expressions using the ',' operator are dangerous. Make sure the expression is correct. vc1_dec umc_vc1_dec_mb_com.cpp 370 It might be a misprint, or something is missing here. The second sample: V521 Such expressions using the ',' operator are dangerous. Make sure the expression is correct. speech usc_dtmf.c 309 static int DTMF_16s(....) { ... for (i = pIppTDParams->dtmf_fs, j = 0; i < dtmf_frame_size+pIppTDParams->dtmf_fs, j < nbytes; i++, j++) } PVS-Studio's diagnostic message: V521 Such expressions using the ',' operator are dangerous. Make sure the expression is correct. speech usc_dtmf.c 309 This is a more interesting example than the previous one. The logical condition seems to be written incorrectly. The condition must have looked as follows: i < dtmf_frame_size+pIppTDParams->dtmf_fs && j < nbytes Case N5. Odd implicit type conversion class MeMV { public: MeMV(){};
  • 6. MeMV(int a0){x = (Ipp16s)a0; y=(Ipp16s)a0;}; MeMV(int a0, int a1){x = (Ipp16s)a0; y=(Ipp16s)a1;}; ... } MeMV MePredictCalculatorVC1::GetPrediction8x8() { ... default: return false; ... } PVS-Studio's diagnostic message: V601 The 'false' value becomes a class object. me umc_vec_prediction.cpp 754 The GetPrediction8x8() function returns the MeMV type. But in one branch, it returns the 'false' value. This value is implicitly cast to 'int' and the MeMV(int a0) constructor is called. I'm not sure, but there is something else to be returned in this code, or an exception should be thrown. An identical implicit type conversion can be found here: V601 The 'false' value becomes a class object. me umc_vec_prediction.cpp 717 Case N6. Undefined behavior In very many places of IPP Samples, you can find constructs that cause undefined or unspecified behavior. I wrote about some of them in the previous post. Now we have found a whole lot of negative value shifts. I cannot tell for sure that it may cause some troubles, but I recommend considering this article: "Wade not in unknown waters. Part three" just in case. In this file - ipp-samples-ub.txt - you can see where the potentially dangerous code is located. Conclusion Dear IPP and IPP Samples developers, we're waiting for your letters. We are ready to discuss and implement missing functionality in the PVS-Studio tool that prevents you from using it. We are also ready to implement diagnostic rules relevant to your project. And all the rest I wish bugless code and invite to our twitter @Code_Analysis where we post links to interesting articles on C++, programming, static code analysis and the PVS-Studio tool.