Nytro Posted December 3, 2015 Report Posted December 3, 2015 The most dangerous function in the C/C++ world03.12.2015Andrey KarpovCouple of words about meNew observation.ExamplesConclusionAfter checking hundreds of various C/C++ projects I can claim: memset() is the most inefficient and dangerous function. Most errors that I see in the projects are related to the usage of this particular memset() function. I understand that my conclusion is probably neither a revolutional one, nor an extremely useful one, but I think our readers would be interested to find out why I have come to it.Couple of words about meMy name is Andrey Karpov. I do a lot of things in my life. But the main thing what I do is tell the programmers about the benefits of using static code analysis. Of course I do it pursuing an additional goal - I try to raise interest in PVS-Studio. However, this should not lessen the usefulness of my articles.The only form of advertising that can pierce through the armor of programmers' skepticism is the demonstration of the bugs that were found by PVS-Studio. For this purpose I run the analyzer on a big number of projects and write articles about the check results. This brings common benefits. Open-source projects are gradually getting better, and our company is obtaining new customers.You'll see what I'm leaning to. Doing numerous checks of open-source projects, I have gathered a pretty big collection of various bug examples. And now, based on it, I see interesting error patterns.For example, one of the most amusing observations was that most often programmers make mistakes using Copy-Paste at the very end. On this topic there is an article "The Last Line Effect" for those who may be interested.New observation.Now I have another interesting observation. Using one or another function, the programmers can make mistakes. That is clear, you may say. But the probability of the error may also depend on the function. In other words, some functions provoke errors, and some don't.And now I am ready to name the function which causes most of the troubles and using which you have the biggest chance of an epic fail.So, the biggest looser among the functions is the memset function!It's hard to say where is the root of this evil. Apparently it has an unfortunate interface. On top of it, its very usage is quite toilful and it's very easy to get wrong, evaluating values of the actual arguments.The second "Biggest looser" award goes to the printf() function and its variants. I guess it's no surprise. Only lazy people won't write about the danger of the printf() function. Probably the popularity of the issues related to the printf() functions brought it to the second place.All in all there are 9055 bugs in my storage. These are errors that PVS-Studio is able to detect. It is clear that this list is far being a complete one. However, such a large number of bugs allows me to be confident, making such statements about the functions. So, I figured that 329 errors are caused by the memset() function.In sum total, about 3,6% of bugs are related to this function! That's a lot, I should say.Articol complet: http://www.viva64.com/en/b/0360/ Quote
Active Members MrGrj Posted December 3, 2015 Active Members Report Posted December 3, 2015 (edited) Nu inteleg de ce a încadrat printf aici. Îmi poate explica cineva ? Care e pericolul ?la mare ? Hai c? memset() merge, pot întelege c? s-a scremut putin s? scoat? exemplele alea, dar la printf() nu. Edited December 3, 2015 by MrGrj Quote
Nytro Posted December 3, 2015 Author Report Posted December 3, 2015 http://www.cis.syr.edu/~wedu/Teaching/cis643/LectureNotes_New/Format_String.pdfhttps://crypto.stanford.edu/cs155/papers/formatstring-1.2.pdf Quote
