软件检测之缺陷模式库

       此文内容是以LIST的形式，列出与软件缺陷相关特征及其描述。对不同类型的错误有较大粒度的分类，在每一个分类下有若干具体的错误形式的描述，这些描述包括但不限于：错误名称(NAME)、错误描述(DESCRIPTION)、示例错误代码(SAMPLE)、可能还会提供可行修改方案(PATCH，说可能是因为如果我太懒就不想写了)。

      *程序语法错不在此列，因其与程序员编程能力、具体语言特征以及编译器所能支持的程序特性相关。

      *此LIST会持续不定期更新。

====================================

CATEGORY 1：subtle semantic errors(most of these are runtime errors)

[1] :

NAME: branches errors 

DESCRIPTION: redundant program ingredient after branches    

SAMPLE:  

if( ... );  return;

PATCH: delete redundant program ingredient

[2]

NAME: undefined symbol

DESCRIPTION: binary can not find and correctly link to the specified symbol.

SAMPLE: Most of these errors are caused by you reference a symbol from a lib, but not correctly specify the path of the lib(either static lib or dynamic lib)

                 The other situation included but not limit to that such as you declared an "inline" function in a class while define it in the source file.

CATEGORY 2: general semantic errors

[1]

NAME: memory leak

DESCRIPTION: malloc new memory from heap and forget to release it; or does not release it in all control flow pathes.

SAMPLE:

pt=new xxx;...... // no delete

PATCH: release related memory in all related control flow path

CATEGORY 3: concurrency bugs

[1]

NAME: data race

DESCRIPTION: two threads modify the same shared memory without synchronization, at least one of them are write operation

SAMPLE:

int glo;thread 1glo=1;thread 2:local=glo;

PATCH: add suitable synchronization between related threads.

TO BE CONTINUED ...