To get a trial key
fill out the form below
Team License (a basic version)
Enterprise License (extended version)
* By clicking this button you agree to our Privacy Policy statement

Request our prices
New License
License Renewal
--Select currency--
* By clicking this button you agree to our Privacy Policy statement

Free PVS-Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

Message submitted.

Your message has been sent. We will email you at

If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

Cases when a static code analyzer may h…

Cases when a static code analyzer may help you

Dec 24 2010

The static code analysis method is the method of searching for places in program text that are highly probable to contain errors. Programmers use special tools called static code analyzers for this purpose. Having got a list of suspicious code lines, a programmer reviews the corresponding code and fixes errors detected.

Static code analysis is used most often for controlling the quality of a project being developed. But static code analysis can be also used to solve some more peculiar tasks. I would like to describe some of these in this post.


Static analysis may be used for educational purposes. When estimating a student's work, a teacher usually reviews the code he has written and performs test launches of the program. Since there are a lot of students and only one teacher, he may additionally increase his attention by using a static code analyzer. Static analysis makes it more probable not to miss an issue a student must work on.

Another way of using a static analyzer for educational purposes is to check code written by novice programmers. This will help to find and explain errors in their code quicker. Moreover, the capability of analyzing indents, variable naming and so on, will help a person to quicker get used to writing code in the coding style accepted in the company.

Porting software to a different system

It is very difficult to write portable software especially if you did not intend to port your applications at first. That is why port of a program to some other operating system or hardware platform is always rather painful. You can hardly know all the specific issues awaiting your program on a different platform beforehand and you certainly cannot know how to find all the dangerous fragments in your code. Specialized code analyzers may help you by pointing to all the potentially unsafe fragments. They will tell you where you should not change types' sizes, data alignment rules, byte order or use deprecated functions and so on.

Searching for backdoors

Static analysis may be used both for good and for bad purposes. Since code analysis helps developers to detect buffer overflows, stack overflows and other similar defects, an intruder can also do such things. By studying weak points of software, a hacker can choose an object for attack faster. That is, he does not need to review a huge amount of code - a static analyzer will do a part of work for him. It will tell him where the code is especially vulnerable so that the hacker may go on to the next stage of his work, i.e. estimating if he can use the code defects found for his purposes and how.

Hackers often cannot get access to the source code of applications. But there are static analyzers that handle the executable binary code directly.

Of course, we can turn search of holes into a useful thing. For instance, many companies reward people who detect vulnerabilities in software. It is much easier to look for such vulnerabilities using static analyzers.

Using third-party source codes

Programmers often use various open-source codes. In other words, they use open-source free libraries or their fragments. You may usually solve one task using different third-party solutions. Here the question arises, how to choose among them. Using static analysis in this sphere may appear an interesting method - the fewer errors are found, the more probable it is that this code is quality and safe.

If your team receives a third-party project for maintenance and development, static analysis will help you to detect the most dangerous fragments in the project and therefore you will be able to determine which parts of the system need maximum attention.

Proving the necessity of code refactoring

Programmers often understand that a project becomes too complicated and starts to fall apart. They conclude that they need to perform code refactoring, otherwise most time will be consumed by maintenance and creating crutches to prevent code from complete breakdown. But programmers always have urgent tasks and it is not so easy for me to prove why it is more important to rewrite one of the old dialogues instead of creating a new one. A static analyzer may serve one of the arguments for you to listen to my advice by constantly screaming about too large functions, multiple use of global variables, too complicated class hierarchy and therefore unsafe functions and other horrors.


Of course, I have mentioned only some things I have managed to recall. There are a lot of other tasks static code analysis will help you to solve. Write to us if you have had interesting non-standard ways of using the static analysis methodology in your practice.

Popular related articles
Free PVS-Studio for those who develops open source projects

Date: Dec 22 2018

Author: Andrey Karpov

On the New 2019 year's eve, a PVS-Studio team decided to make a nice gift for all contributors of open-source projects hosted on GitHub, GitLab or Bitbucket. They are given free usage of PVS-Studio s…
Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, 10-15% of False Positives

Date: Jul 31 2017

Author: Andrey Karpov

After I wrote quite a big article about the analysis of the Tizen OS code, I received a large number of questions concerning the percentage of false positives and the density of errors (how many erro…
Technologies used in the PVS-Studio code analyzer for finding bugs and potential vulnerabilities

Date: Nov 21 2018

Author: Andrey Karpov

A brief description of technologies used in the PVS-Studio tool, which let us effectively detect a large number of error patterns and potential vulnerabilities. The article describes the implementati…
How PVS-Studio Proved to Be More Attentive Than Three and a Half Programmers

Date: Oct 22 2018

Author: Andrey Karpov

Just like other static analyzers, PVS-Studio often produces false positives. What you are about to read is a short story where I'll tell you how PVS-Studio proved, just one more time, to be more atte…
Appreciate Static Code Analysis!

Date: Oct 16 2017

Author: Andrey Karpov

I am really astonished by the capabilities of static code analysis even though I am one of the developers of PVS-Studio analyzer myself. The tool surprised me the other day as it turned out to be sma…
The Ultimate Question of Programming, Refactoring, and Everything

Date: Apr 14 2016

Author: Andrey Karpov

Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The au…
The Last Line Effect

Date: May 31 2014

Author: Andrey Karpov

I have studied many errors caused by the use of the Copy-Paste method, and can assure you that programmers most often tend to make mistakes in the last fragment of a homogeneous code block. I have ne…
PVS-Studio for Java

Date: Jan 17 2019

Author: Andrey Karpov

In the seventh version of the PVS-Studio static analyzer, we added support of the Java language. It's time for a brief story of how we've started making support of the Java language, how far we've co…
The way static analyzers fight against false positives, and why they do it

Date: Mar 20 2017

Author: Andrey Karpov

In my previous article I wrote that I don't like the approach of evaluating the efficiency of static analyzers with the help of synthetic tests. In that article, I give the example of a code fragment…
Static analysis as part of the development process in Unreal Engine

Date: Jun 27 2017

Author: Andrey Karpov

Unreal Engine continues to develop as new code is added and previously written code is changed. What is the inevitable consequence of ongoing development in a project? The emergence of new bugs in th…

Comments (0)

Next comments
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →