Our company develops two code analyzers to check C/C++ projects: PVS-Studio and CppCat. In this article, we are going to tell you about the functional differences between these two tools.
Unfortunately, we are no longer developing or supporting the CppCat static code analyzer. Please read here for details.
PVS-Studio and CppCat are static code analysis tools. They allow developers to eliminate numbers of mistakes and typos at a lower cost.
The PVS-Studio analyzer was our first software product. We tried to make it as simple and intuitive as possible. But we have failed, though we tried hard.
In the course of its development, PVS-Studio grew to acquire more and more features, which inevitably lead to more complicated interface and settings. Implementation of custom-made diagnostic rules resulted in a number of possible usage modes, which also makes the tool more difficult to handle.
However, we could not drop all that functionality. But the dream of making a simple, lightweight and inexpensive tool remained – thus we created a lightweight analyzer called CppCat.
CppCat provides the basic functionality that allows one to use it in one's everyday work. The analyzer is easy to get started and work with.
We advise that it is the CppCat analyzer that you should start with. And only if you feel you're missing some functionality, then try PVS-Studio. This article is meant to help you understand the functional similarities and differences between CppCat and PVS-Studio.
Table 1. Functional capabilities of the CppCat and PVS-Studio analyzers.
PVS-Studio and CppCat integrate into the Visual Studio environment and allow you to analyze the source code of applications written in the languages C, C++, C++/CLI, and C++/CX.
You can check both an entire solution and its single files.
PVS-Studio, in addition, allows you to check one project or a set of files selected in the project tree.
Both the analyzers provide a set of general purpose diagnostics. These diagnostics enable detection of the following bug patterns:
The PVS-Studio and CppCat analyzers can run automatically, which mode is enabled by default. Whenever they detect potentially dangerous code, they inform you by a pop-up message.
PVS-Studio and CppCat can integrate into the Visual Studio 2010, 2012, 2013 environments.
PVS-Studio can also integrate into other environments – we will discuss this a bit further.
For CppCat, we decided to refuse support of Visual Studio 2005 and 2008. The statistics we have gathered with the help of PVS-Studio show that pretty few developers use these IDE versions nowadays. The VS2005 and VS2008 environments are usually used in large, complex projects where moving to the newer versions is troublesome and expensive. To integrate into the development process in this case, CppCat's functionality will most likely be insufficient and you will have to use PVS-Studio.
On the other hand, when working in one of the supported Visual Studio versions, you may specify in CppCat's settings to use the Visual Studio 2008 toolset. It will allow you to analyze Visual Studio 2008 projects in Visual Studio 2013, for example.
PVS-Studio offers a few more additional rule sets:
64-bit error diagnostics. This rule set will be useful when developing 64-bit projects handling large memory amounts. Static analysis is an efficient means of searching for many 64-bit errors. It's true that the analyzer produces quite a lot of false positives for this rule set, but the time spent on checking them will be greatly repaid by having your code free of hard-to-catch bugs that would otherwise take you weeks to hunt down.
Microoptimizations. Static code analysis can help you detect fragments where microoptimizations can be applied. This rule set is not a full-blown substitute for profiling tools like Parallel Amplifier, CodeTune – it's just a small supplement to them.
PVS-Studio provides a number of features that can be useful for team work on large projects.
PVS-Studio supports a number of different usage modes. Which one should be chosen for a particular project depends on the type of the project and the intended results. Since it is impossible to provide for every possible mode, we help our customers integrate PVS-Studio into their development process, set up night builds on the server, and so on. If necessary, we also adapt PVS-Studio for customer needs or develop additional utilities. All these questions are solved individually.
The main modes are:
PVS-Studio supports integration into Visual Studio 2005 and 2008.
PVS-Studio's diagnostics are grouped into 3 categories according to their severity level. The third level contains diagnostics that produce too many false positives or detect some subtle and insignificant defects in code. These diagnostics are turned off in PVS-Studio by default, but you may turn them on if necessary. The CppCat analyzer doesn't have these diagnostics at all.
PVS-Studio Standalone combines 3 main functions:
In PVS-Studio, we implement diagnostics irrelevant for most developers but urgent for some of our customers. New diagnostics to be added are discussed and implemented individually.
PVS-Studio provides more advanced settings than CppCat. Here are some of them:
The table says nothing about the functionality of false positive suppression. False positive handling mechanisms are available both in PVS-Studio and CppCat, but they use different approaches. That's why we decided to discuss this subject separately.
CppCat and PVS-Studio use different approaches. In CppCat, the user sees a fixed list of warnings. Having no choice here is not a disadvantage as it may seem at first. We have selected the diagnostics with a considerable ratio of useful messages to false positives. Why it is so important is discussed here (see the answer to the question "I have analyzed my code and found nothing. Why?").
PVS-Studio generates numbers and numbers of messages, for it includes custom-made diagnostics, 64-bit diagnostics producing lots of false positives, and so on. That's why PVS-Studio offers the mechanism of turning single diagnostics or their groups on/off. At the same time, we don't think this mechanism to be an advantage – it's just that we are forced to implement it.
PVS-Studio allows you to:
Now to the question of suppressing single false positives.
Both the tools offer the following mechanisms to eliminate false positives:
PVS-Studio also provides the following additional mechanisms:
All these mechanisms are described in detail in the documentation.