To get a trial key
fill out the form below
Team license
Enterprise license
** By clicking this button you agree to our Privacy Policy statement

Request our prices
New License
License Renewal
--Select currency--
USD
EUR
RUB
* By clicking this button you agree to our Privacy Policy statement

Free PVS-Studio license for Microsoft MVP specialists
** By clicking this button you agree to our Privacy Policy statement

To get the licence for your open-source project, please fill out this form
** By clicking this button you agree to our Privacy Policy statement

I am interested to try it on the platforms:
** By clicking this button you agree to our Privacy Policy statement

Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
Myths about static analysis. The first …

Myths about static analysis. The first myth - a static analyzer is a single-use product

Nov 01 2011
Author:

While communicating with people on forums, I noticed there are a few lasting misconceptions concerning the static analysis methodology. I decided to write a series of brief articles where I want to show you the real state of things.

The first myth is: "A static analyzer is a single-use product".

This is how this statement looks in discussions on forums (this is a collective image):

When you have a trial/cracked version, you can run it for free on all your projects to find several old errors and feel satisfied for some time.

Everyone's happy. People have used the tool, and the developers don't know they were cheated and robbed.

In this case, a programmer cheats himself/herself, not the tool's developers. The programmer just got a seeming profit from the work done, but not the real profit. I cannot manage to bring this idea home to programmers but I will continue trying. There is no use of launching a static analyzer occasionally.

Here is an analogy:

We set the /W0 warning level in compiler and start to develop a project. We curse, fix silly mistakes and misprints and test our code more and longer. Then we occasionally turn on the /W3 switch and fight the warnings and then again set /W0. All those errors the compiler could tell us about at the /W3 level, we were bravely and long searching for in the debugger, having spent 10-100 times more time on that. Besides, note that now the programmer does not like the results given at the /W3 level, for he/she has fixed almost all the errors through testing and debugging. The compiler generates mostly false reports at the /W3 level.

Now let's go back to static analysis. The situation is absolutely the same: an analyzer produces a lot of false reports, being launched on rare occasions. There are few real errors because they have been already found through other methods.

Like the /W3 switch, static analysis brings maximum profit when being used regularly. By the way, static analysis is kind of an extension of compiler-generated warnings. Many diagnostic rules that were once implemented in old analyzers gradually pass to compilers. Of course, analyzers will always be ahead of compilers regarding the diagnostic capabilities; they are developed for this very purpose. The compiler has a lot of other tasks; moreover, it is imposed stricter performance requirements.

Some people give the following answer in the heat of discussion:

The idea is true for novice students. But it's not so much important for expert programmers. If I set the /W0 switch, I won't write worse code. You should improve your programming style instead of getting more crutches.

I absolutely agree with the idea above. But let's play a bit and alter this text in the following way:

The idea is true for novice drivers. But it's not so much important for expert drivers. If I don't buckle up at the wheel, I won't drive worse. You should improve your driving style instead of getting more safety components.

Again, you can't argue against that. However, any adequately thinking driver understands that one still should buckle up when driving a car. The same is with static code analysis. Even a skilled programmer is not secure from mistakes and misprints. Examples given in this article confirm my idea very well. Certainly, all the professional programmers are sure that they never make such silly mistakes, but we'll speak on this point in the next post about myths.

Latest articles:

Poll:

Popular related articles
PVS-Studio's data flow analysis untangles more and more related variables

Date: Aug 08 2022

Author: Artem Rovenskii

This is the second article about related variables and how the PVS-Studio analyzer deals with them. This time, let's talk about how we enhanced the mechanism we created, and what problems of the anal…
I want to use PVS-Studio in my project. The manager is against it. How to convince them?

Date: Aug 02 2022

Author: Sergey Vasiliev

You decided to integrate PVS-Studio into your project. But suddenly it turns out that the manager is against it, because... because why, actually? Let's try to figure out what to do with potential ob…
Intermodular analysis of C and C++ projects in detail. Part 2

Date: Jul 14 2022

Author: Oleg Lisiy

In part 1 we discussed the basics of C and C++ projects compiling. We also talked over linking and optimizations. In part 2 we are going to delve deeper into intermodular analysis and discuss its ano…
Intermodular analysis of C and C++ projects in detail. Part 1

Date: Jul 08 2022

Author: Oleg Lisiy

Starting from PVS-Studio 7.14, the C and C++ analyzer has been supporting intermodular analysis. In this two-part article, we'll describe how similar mechanisms are arranged in compilers and reveal s…
PVS-Studio evolution: data flow analysis for related variables

Date: Apr 28 2022

Author: Nikita Lipilin

Related variables are one of the main problems of static analysis. This article covers this topic and describes how PVS-Studio developers are fighting false positives caused by different relationship…

Comments (0)

Next comments
Unicorn with delicious cookie
Our website uses cookies to enhance your browsing experience.
Accept