Defects common to C/C++ and The Psychology of C# Analysis

Defects common to C/C++ and C#
• Copy paste mistakes
• Expression contains variables but always
has the same result
• You checked for null here, you dereferenced
without checking there.
• Some infinite loops
• Dangling else and other indentation issues
• Array index out of bounds
• Integer overflow
• checked arithmetic is off by default
• Non-memory resource leaks
• Such as forgetting to close a file
• Stray semicolons
• Swapped arguments
• Unused return value
• Uncaught exception
• Missing or misordered critical sections
• Including non-atomic operations
inconsistently inside critical sections
• And many more!
And these are just a few that are
common to C and C#; there are
a whole host of defects specific
to C# programs that we could
find statically.
Let’s consider the psychological
aspects of static analysis tools
beyond the compiler.

