Finding Bugs with DevPartner Studio Error Detection Philippe CHARMAN Polytech’Nice – Sophia

Installing DevPartner Studio Official name: Micro Focus DevPartner Studio Launch the installer dpspe exe It’s not necessary to install DevPartner System Comparison The trial license is valid during 10 days starting from the installation 2 modes of analysis: –non-instrumented mode: ActiveCheck (default) –instrumented code: FinalCheck

ActiveCheck - Automatic Error Detection for Daily Use ActiveCheck is used by default to find errors Reported errors come from the program executable as well as the DLLs, third-party modules, and COM components used by the program Errors can be found in programs for which you do not have source code; however it’s more efficient to understand what is going wrong when the source code is built with debug info ActiveCheck does not require recompiling or relinking. It can be used during the daily development cycle.

Errors detected by ActiveCheck (non-instrumented mode) Pointer and Leak Errors –Interface leak, memory leak, resource leak, etc. Memory Errors –Dynamic memory overrun –Freed handle is still locked –Memory allocation conflict –etc API and COM Errors –API failure - function failed –API failure - function not implemented –Invalid argument –etc

FinalCheck - Comprehensive Error Detection FinalCheck instrument the source code by adding error detection code and then passes the intrumented source code back to the compiler FinalCheck finds all the errors ActiveCheck finds but also complex or hidden program errors, including: –Memory leaks, including leaks created when reassigning or freeing memory –Memory overflows and initialization errors –Pointer errors, including errors created when assigning out-of- range pointers Because FinalCheck searches for more errors and requires that you rebuild your program, using FinalCheck will lengthen your build times. Therefore, you should use FinalCheck only when you need comprehensive error checking at a key milestone in your program, such as a Beta release, feature complete, or final production.

Errors detected by FinalCheck (instrumented mode) Pointer errors –Array index out of range –Assigning pointer out of range –etc Leak errors –Memory leaked due to free –Memory leaked due to reassignment –etc Memory errors –Reading overflows memory –Reading uninitialized memory –etc

First program hello.c #include int main() { int i; size_t length; char *string1 = "Hello, World"; char *string2 = (char*)malloc(10); length = strlen(string2); for (i = 0; string1[i] != '\0'; i++) { string2[i] = string1[i]; } length = strlen(string2); printf("My message: %s", string2); return 0; }

Building & executing hello.c Build hello.exe with these compiler and link options: cl -c hello.c link.exe hello.obj user32.lib or build by default: cl hello.c Execute hello.exe and check the following message is displayed: My message: Hello, World

Execute hello.exe in DPS Launch DevPartner Error Detection Open hello.exe (File > Open) Execute hello.exe within Error Detection 3 ways to launch the execution: –Program > Start –F5 –Blue arrow in the tool bar Check Don’t show this error dialog with Always Click on Continue

Results found Errors and memory leaks have been found

More info on the errors

More info on the memory leaks

About the results Symptom 1: Reported errors and memory leaks but we don’t see the code source Solution: code must be built in debug mode Sympton 2: Reported errors of code not from hello.cpp Solution: restrict the modules to hello.exe only Sympton 3: Missing errors not reported Solution: build in instrumented mode (FinalCheck)

Code source not displayed To enable the display of the code source, we have to build in debug mode Build hello.exe in debug For instance with these compiler and link options: cl /Zi -c hello.c link.exe /debug hello.obj user32.lib or like this: cl /MTd hello.c

Examine only hello.exe Program > Settings > Modules and Files

Building in instrumented mode NMcl.exe is installed by default in C:\Program Files\Common Files\Micro Focus\NMShared or C:\Program Files (x86)\Common Files\Micro Focus\NMShared Add this directory to your path Relaunch the execution within DPS Error Detection What do we see ?

Fixing bugs of hello.c Fix hello.c and check no more errors and memory leaks are reported

Still some errors are found

Right-click and select Filter Click on OK Do the same for all errors or memory leaks

The examples ex1.cpp.. ex11.cpp For each example exn.cpp (n=1.. 11) –Build and execute sample1.cpp in instrumented code, is by using NMcl instead of cl –Look at the results found by DPS Error Detection –Fix the bugs and check everything’s OK –When checking the bugs are fixed, the build can be done in non-instrumented code, ie by using cl

ex1.cpp void foo1(int *pi) { int j; *pi = j; } void main(int argc, char** argv) { int i=10, j; i = j; printf("i = %d\n", i); int k=10; foo1(&k); printf("k = %d\n", k); }

Analysing ex1.cpp

ex2.cpp typedef struct node { struct node* next; int val; } Node; int findLastNodeValue(Node* head) { while (head->next != NULL) { head = head->next; } return head->val; } void main(int argc, char** argv) { int i = findLastNodeValue(NULL); }

Analysing ex2.cpp

ex3.cpp void main(int argc, char** argv) { int *ipr = (int *) malloc(4 * sizeof(int)); int i, j; i = *(ipr ); j = *(ipr ); free(ipr); int *ipw = (int *) malloc(5 * sizeof(int)); *(ipw ) = 0; *(ipw ) = 0; free(ipw); }

Analysing ex3.cpp

ex4.cpp int* init_array(int *ptr, int new_size) { ptr = (int*) realloc(ptr, new_size*sizeof(int)); memset(ptr, 0, new_size*sizeof(int)); return ptr; } int* fill_fibonacci(int *fib, int size) { int i; init_array(fib, size); fib[1] = 1; for (i=2; i<size; i++) fib[i] = fib[i-1] + fib[i-2]; return fib; } void main(int argc, char** argv) { int *array = (int*)malloc(10); fill_fibonacci(array, 3); }

Analysing ex4.cpp

ex5.cpp char *append(const char* s1, const char *s2) { const int MAXSIZE = 128; char result[128]; int i=0, j=0; for (j=0; i<MAXSIZE-1 && j<strlen(s1); i++,j++) { result[i] = s1[j]; } for (j=0; i<MAXSIZE-1 && j<strlen(s2); i++,j++) { result[i] = s2[j]; } result[++i] = '\0'; return result; } void main(int argc, char** argv) { char *name = append("IBM ", append("Rational ", "Purify")); printf("%s\n", name); /* Expect BSR */ *name = '\0'; /* Expect BSW */ }

Analysing ex5.cpp

ex6.cpp void main(int argc, char** argv) { const char *name = "Life's a beach"; char *str = (char*) malloc(10); strncpy(str, name, 10); str[11] = '\0'; printf("%s\n", str); }

ex6.cpp

ex7.cpp int *pi; void foo() { pi = (int*) malloc(8*sizeof(int)); free(pi); } void main() { pi = (int*) malloc(4*sizeof(int)); foo(); pi[0] = 10; }

ex7.cpp

ex8.cpp int *plk = NULL; void main(int argc, char** argv) { plk = (int *) malloc(2 * sizeof(int)); plk++; }

ex8.cpp

ex9.cpp void main(int argc, char** argv) { int *pi = (int*) malloc(4 * sizeof(int)); delete pi; pi = new int[5]; delete pi; }

ex9.cpp

ex10.cpp void main(int argc, char** argv) { int fnh = 0; free(&fnh); int *fum = (int *) malloc(4 * sizeof(int)); free(fum+1); free(fum); }

ex10.cpp void main(int argc, char** argv) { int fnh = 0; free(&fnh); int *fum = (int *) malloc(4 * sizeof(int)); free(fum+1); free(fum); }