Amount of dangerous magic used N

Question

Amount of dangerous magic used N

PVS-Studio , a static code analyzer, for the next bit of code

size_t const n = 4; int a[n] = {};

reports:

V112 Dangerous magic number 4 used: ...t const n = 4;. test.cpp 3 ...t const n = 4;. test.cpp 3

Although PVS-Studio is used with the Visual Studio 2017 project and reports the same warning for 32 and 64 bits, these assembly configurations are not taken into account by the AFAIU analyzer.

I would expect the context to be better parsed and process the code above as the equivalent of this

 int a[4] = {};

for which PVS-Studio does not perform any diagnostic operations.

In the above case, is this dangerous magic number N used, false positive?

What are the reasons why the two code examples above are not parsed as equivalent?

+5

c ++ static-analysis pvs-studio

mloskot Jul 19 '17 at 15:39

source share

3 answers

After reading the link that you posted, I came to the conclusion that this is a false positive in your case.

The tool assumes that you use n in the malloc (or equivalent distribution) statement to be equivalent to the size of an int (or any variable of 4 bytes). Therefore, it is recommended to use sizeof(desired type) .

If you used n inside the malloc operator, that would make sense - since int (or any other type) might be different for different architectures (if not now, in the future). But apparently this is not your case.

+2

Leonardo Alves Machado Jul 19 '17 at 16:14

source share

The number 4 is considered one of the potentially dangerous numbers when porting from 32 to 64 bits, so a warning about the assignment of the constant 4. Other numbers are listed in the table by the link that you provided. With examples of how this can be dangerous.

You can suppress an individual warning by adding // - V112 at the end of the line, you are 100% OK.

 size_t const n = 4; //-V112

This will alert you, and you can focus on your work again.

As for int a[4] = {}; PVS-Studio considers this a special case for which it does not issue a warning. Why this is not taken into account in the first case, I do not know. But this looks like a tough exception for a really specific case.

If you are not building 64-bit assemblies, I assume that you can now turn off the warning alltogether. But be careful - it proceeds from the mind, proceeding from the mind.

+2

Marek vitek Jul 19 '17 at 16:37

source share

AndreyKarpov · Accepted Answer · 2017-07-19T16:14:38+0000

it

 size_t const n = 4; int a[n] = {};

is false positive.

The 64-bit diagnostics are very noisy and there is nothing you can do about it. Yes, the analyzer creates many false positives, such as magic numbers, such as 4 , 0xFFFFFFFF , etc. The analyzer has already made many exceptions when it does not complain (for example: int a[4] = {}; ). However, there are so many options for using constants that it is impossible to predict them all.

When porting code to a 64-bit system, it makes sense to look at all the magic numbers to make sure that the programmer, for example, does not expect the size of pointer 4 to be somewhere. Then it makes sense to disable the V112 diagnostics so that it does not bother you.

Amount of dangerous magic used N

More articles: