To get a trial key
fill out the form below
Team License (a basic version)
Enterprise License (an extended version)
* By clicking this button you agree to our Privacy Policy statement

Request our prices
New License
License Renewal
--Select currency--
USD
EUR
GBP
RUB
* By clicking this button you agree to our Privacy Policy statement

Free PVS-Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
Power of PVS-Studio

Power of PVS-Studio

Feb 17 2021
Author:

This is exactly the case when a reply to a comment turned into a small blog post. The power of the PVS-Studio analyzer is not only in finding particular errors but also in the process of finding them.

0802_power_of_pvs_studio/image1.png

From time to time, readers of our articles leave comments, saying that a particular error can be found without using PVS-Studio, simply by enabling the corresponding compiler warning. Yes, that's right. However, in practice, these compiler warnings are not so easy to use.

If everything was so simple, there would be no base of errors examples found by our team in open projects. At the time of writing this note, we have spotted more than 14000 bugs in projects such as Qt, Chromium, CMake, GTK 4. By the way, the code of the compilers (GCC 10, Clang 11) is not an exception. It's thought-provoking :).

Why were the errors waiting for PVS-Studio? After all, some of them may be quite well detected by compilers. The answer is obvious: it's challenging to up and enable all these warnings. It's difficult to work with too much noise.

Besides the fact that PVS-Studio has more diagnostic capabilities than compilers do, there are two other important advantages:

  • Minimal setting ensures a low percentage of false positives.
  • The analyzer integration into the development process of even large old projects is well thought out.

Our team works hard to reduce the number of false positives. However, there's no guarantee that you won't get a great number of meaningless warnings in the first analyzer run on a random project. For example, in a C project, a couple of failed macros are enough to ruin the whole picture and lead to thousands of false warnings.

It should be noted that if you have such a situation working with PVS-Studio, that's not a problem. Here's a case example of a small setup for a C++ project resulted in only 10-15% of the false warnings. It's happening thanks to comments, suppressing warnings in macros, and other various settings. It's usually not that easy with compilers. As a result, it's easier to find errors with PVS-Studio, rather than a compiler.

Check the following article: How to introduce a static code analyzer in a legacy project and not to discourage the team if you're curious about the process of static analyzer integration into large project development.

The comment on GitHub encouraged me to write about the beautiful error found in the COVID-19 CovidSim Model project. Here's the comment:

Merged - thank you. It's in some new code we're not yet using, and it's a missed simple compiler warning actually - it doesn't really demonstrate the power of PVS, re the first post. When we eventually fix all the tiny "fscanf return value ignored" style warnings leftover, we may treat warnings as errors in the future to spot these sort of things earlier.

Yes, this error may definitely be found by a compiler. But the fact remains that it was found using the PVS-Studio analyzer. A compiler use for these purposes is still only a dream and requires a lot of work.

If you enable the fourth level of warnings (/W4) in Visual C++, then one of the messages will certainly indicate the described error. But to do this, you need to break through all 150 warnings:

0802_power_of_pvs_studio/image2.png

The PVS-Studio analyzer also generates about 150 General Analysis warnings, but at the same time, it separates the important from the secondary more clearly. At the first certainty level, there are only 3 warnings, one of which indicates the same error of using an uninitialized variable:

0802_power_of_pvs_studio/image4.png

I suggest not looking forward to a bright future when the compiler can be set up for the maximum error search mode. Use the PVS-Studio static analyzer and find as many errors as possible at once. To start using the analyzer regularly, apply the mechanism of warnings mass suppression (set the baseline). For convenience, PVS-Studio can be integrated into various CI systems. Further, suppressed warnings can be viewed as uncritical technical debt, which can be gradually disposed of. Once again, check this article for more details.

If you are an open source code developer, you can use the free licensing option.

If you still have questions, then perhaps you'll find most of the answers in the following article: Why you should choose the PVS-Studio static analyzer to integrate into your development process. Thank you for your attention.

Popular related articles
The way static analyzers fight against false positives, and why they do it

Date: Mar 20 2017

Author: Andrey Karpov

In my previous article I wrote that I don't like the approach of evaluating the efficiency of static analyzers with the help of synthetic tests. In that article, I give the example of a code fragment…
How PVS-Studio Proved to Be More Attentive Than Three and a Half Programmers

Date: Oct 22 2018

Author: Andrey Karpov

Just like other static analyzers, PVS-Studio often produces false positives. What you are about to read is a short story where I'll tell you how PVS-Studio proved, just one more time, to be more atte…
The Last Line Effect

Date: May 31 2014

Author: Andrey Karpov

I have studied many errors caused by the use of the Copy-Paste method, and can assure you that programmers most often tend to make mistakes in the last fragment of a homogeneous code block. I have ne…
Technologies used in the PVS-Studio code analyzer for finding bugs and potential vulnerabilities

Date: Nov 21 2018

Author: Andrey Karpov

A brief description of technologies used in the PVS-Studio tool, which let us effectively detect a large number of error patterns and potential vulnerabilities. The article describes the implementati…
PVS-Studio for Java

Date: Jan 17 2019

Author: Andrey Karpov

In the seventh version of the PVS-Studio static analyzer, we added support of the Java language. It's time for a brief story of how we've started making support of the Java language, how far we've co…
PVS-Studio ROI

Date: Jan 30 2019

Author: Andrey Karpov

Occasionally, we're asked a question, what monetary value the company will receive from using PVS-Studio. We decided to draw up a response in the form of an article and provide tables, which will sho…
Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, 10-15% of False Positives

Date: Jul 31 2017

Author: Andrey Karpov

After I wrote quite a big article about the analysis of the Tizen OS code, I received a large number of questions concerning the percentage of false positives and the density of errors (how many erro…
The Ultimate Question of Programming, Refactoring, and Everything

Date: Apr 14 2016

Author: Andrey Karpov

Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The au…
Free PVS-Studio for those who develops open source projects

Date: Dec 22 2018

Author: Andrey Karpov

On the New 2019 year's eve, a PVS-Studio team decided to make a nice gift for all contributors of open-source projects hosted on GitHub, GitLab or Bitbucket. They are given free usage of PVS-Studio s…
Appreciate Static Code Analysis!

Date: Oct 16 2017

Author: Andrey Karpov

I am really astonished by the capabilities of static code analysis even though I am one of the developers of PVS-Studio analyzer myself. The tool surprised me the other day as it turned out to be sma…

Comments (0)

Next comments
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept