To get a trial key
fill out the form below
Team License (a basic version)
Enterprise License (an extended version)
* By clicking this button you agree to our Privacy Policy statement

Request our prices
New License
License Renewal
--Select currency--
USD
EUR
RUB
* By clicking this button you agree to our Privacy Policy statement

Free PVS-Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
Cases when a static code analyzer may h…

Cases when a static code analyzer may help you

Dec 24 2010
Author:

The static code analysis method is the method of searching for places in program text that are highly probable to contain errors. Programmers use special tools called static code analyzers for this purpose. Having got a list of suspicious code lines, a programmer reviews the corresponding code and fixes errors detected.

Static code analysis is used most often for controlling the quality of a project being developed. But static code analysis can be also used to solve some more peculiar tasks. I would like to describe some of these in this post.

Education

Static analysis may be used for educational purposes. When estimating a student's work, a teacher usually reviews the code he has written and performs test launches of the program. Since there are a lot of students and only one teacher, he may additionally increase his attention by using a static code analyzer. Static analysis makes it more probable not to miss an issue a student must work on.

Another way of using a static analyzer for educational purposes is to check code written by novice programmers. This will help to find and explain errors in their code quicker. Moreover, the capability of analyzing indents, variable naming and so on, will help a person to quicker get used to writing code in the coding style accepted in the company.

Porting software to a different system

It is very difficult to write portable software especially if you did not intend to port your applications at first. That is why port of a program to some other operating system or hardware platform is always rather painful. You can hardly know all the specific issues awaiting your program on a different platform beforehand and you certainly cannot know how to find all the dangerous fragments in your code. Specialized code analyzers may help you by pointing to all the potentially unsafe fragments. They will tell you where you should not change types' sizes, data alignment rules, byte order or use deprecated functions and so on.

Searching for backdoors

Static analysis may be used both for good and for bad purposes. Since code analysis helps developers to detect buffer overflows, stack overflows and other similar defects, an intruder can also do such things. By studying weak points of software, a hacker can choose an object for attack faster. That is, he does not need to review a huge amount of code - a static analyzer will do a part of work for him. It will tell him where the code is especially vulnerable so that the hacker may go on to the next stage of his work, i.e. estimating if he can use the code defects found for his purposes and how.

Hackers often cannot get access to the source code of applications. But there are static analyzers that handle the executable binary code directly.

Of course, we can turn search of holes into a useful thing. For instance, many companies reward people who detect vulnerabilities in software. It is much easier to look for such vulnerabilities using static analyzers.

Using third-party source codes

Programmers often use various open-source codes. In other words, they use open-source free libraries or their fragments. You may usually solve one task using different third-party solutions. Here the question arises, how to choose among them. Using static analysis in this sphere may appear an interesting method - the fewer errors are found, the more probable it is that this code is quality and safe.

If your team receives a third-party project for maintenance and development, static analysis will help you to detect the most dangerous fragments in the project and therefore you will be able to determine which parts of the system need maximum attention.

Proving the necessity of code refactoring

Programmers often understand that a project becomes too complicated and starts to fall apart. They conclude that they need to perform code refactoring, otherwise most time will be consumed by maintenance and creating crutches to prevent code from complete breakdown. But programmers always have urgent tasks and it is not so easy for me to prove why it is more important to rewrite one of the old dialogues instead of creating a new one. A static analyzer may serve one of the arguments for you to listen to my advice by constantly screaming about too large functions, multiple use of global variables, too complicated class hierarchy and therefore unsafe functions and other horrors.

Summary

Of course, I have mentioned only some things I have managed to recall. There are a lot of other tasks static code analysis will help you to solve. Write to us if you have had interesting non-standard ways of using the static analysis methodology in your practice.

Popular related articles
PVS-Studio: static code analysis technology

Date: Jan 11 2022

Author: Andrey Karpov, Paul Eremeev

PVS-Studio provides static analyzers for C, C++, C# and Java languages on Windows, Linux and macOS platforms. PVS-Studio analyzers can vary slightly due to certain features that the languages have. H…
How to speed up building and analyzing of your project with IncrediBuild?

Date: May 17 2021

Author: Maxim Zvyagintsev

"How much longer are you going to build it?" - a phrase that every developer has uttered at least once in the middle of the night. Yes, a build can be long and there is no escaping it. One does not s…
GTK: the first analyzer run in figures

Date: Jan 04 2021

Author: Svyatoslav Razmyslov

For some people, the introduction of a static analyzer into a project seems like an insurmountable obstacle. It is widely believed that the amount of analysis results issued after the first run is so…
Did it have to take so long to find a bug?

Date: Dec 21 2020

Author: Svyatoslav Razmyslov

Have you ever wondered which type of project demonstrates higher code quality – open-source or proprietary? Our blog posts may seem to suggest that bugs tend to concentrate in open-source projects. B…
How static code analysis helps in the GameDev industry

Date: Nov 30 2020

Author: George Gribkov

The gaming industry is constantly evolving and is developing faster than a speeding bullet. Along with the growth of the industry, the complexity of development also increases: the code base is getti…

Comments (0)

Next comments
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept