Sometimes people ask the question, which addresses a certain topic but is actually about another thing. As the saying goes, a competently asked question contains half the answer.
Recently I've returned from the JPoint conference, where we first presented our new PVS-Studio analyzer for Java. Interest in static analysis is growing strongly in the last few years, so the audience perceived PVS-Studio enthusiastically. In addition to the positive feedback, as it happens, we had to handle objections. The most frequent objection to the suggestion to try PVS-Studio sounds something like this: "C'mon, why do we try PVS-Studio? We use IntelliJ IDEA, ReSharper, SonarLint and SonarQube. We've run PVS-Studio recently and it found errors, already highlighted by IntelliJ IDEA!"
I just can't help but write a small reply note to this comment. I even have two responses to this objection. And yes, I intentionally stated ReSharper, as there are some questions to our C# analyzer as well. Well, here comes the answer.
Firstly, we DO NOT make PVS-Studio by copying diagnostics of competitors. Blind copying without understanding the point leads nowhere. The value of static code analysis, the value of its diagnostics is not where to issue a warning. It is where NOT to issue a warning. We have 10, 20 and even more exceptions for each diagnostic when it mustn't trigger. To copy diagnostics from other products just by their description in the documentation is the same as to construct a similar building by a photo. Will the Coliseum photo be of use if "gods make" you build the same one?
So we never copy. "But you have similar diagnostics!" - you would say. Of course, we do. The concepts of many errors lie on the surface. It is absolutely obvious. But frequently, diagnostics with the same descriptions even behave differently.
In other words, if you use one of the these products in the header, you will most likely find a bunch of NEW errors when running PVS-Studio which haven't been detected by other products. Both our customers' feedback and our own experience of checking open source projects confirm this.
Secondly, even if you use IntelliJ IDEA, ReSharper, and SonarLint/SonarQube and they find the same errors as PVS-Studio in your code, I have bad news for you. You use tools that find errors, OK. Why does PVS-Studio find errors in your code which seem to be found by other tools? Why usage of tools, which will "detect everything the same as PVS-Studio will" still doesn't help to fix the errors? Maybe these tools just LET them stay without fixing?
IntelliJ IDEA, ReSharper, SonarLint and SonarQube are great tools without exceptions. Very highly skilled teams are making them. If you use them - you do the right thing. The higher the level of the the engineering culture - the better for business.
However, if all these tools find "the same errors as PVS-Studio", but errors are still in the code, you do something wrong. Introduce such practice as the regular usage of PVS-Studio in a team. This way, errors will be both found and fixed. Introduction of PVS-Studio WILL MAKE developers fix the bugs. But not just find them.
0