to the top
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS-Studio license for Microsoft MVP specialists
** By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
** By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
** By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
>
Upsetting opinions about static analyze…

Upsetting opinions about static analyzers

Oct 12 2020
Author:

Static analysis tools have advanced far over the time they've been around. They no longer resemble the "linters" that were in active use 20 years ago. But some programmers still view them as extremely primitive tools. And that's very sad. It hurts to see the static analysis methodology in general and our PVS-Studio analyzer in particular treated that way.

0765_Sadness/image1.png

That feeling was evoked by a comment left under one of our articles. In that article, we said that the analyzer would detect a typo by issuing a warning on the following code pattern:

if (A[0] == 0)
{
  X = Y;
  if (A[0] == 0)
    ....
}

The analyzer says the second condition is always true. Indeed, a close look at the function's body reveals that the programmer intended some other element to be checked.

Now, someone commented on this along the following lines:

Yes, it's indeed an error in this particular case. But in the general case, this warning is wrong because the element may change its value during the time between the two identical checks, in which case the second check would make sense.

It's sad. Programmers still seem to think that code analyzers are based on the use of regular expressions – they believe the tool gets mad on simply seeing two identical nested ifs :(.

Of course, any modern static analyzer tracks the changes of variables' values. If a variable doesn't change, a warning is issued. If it does, no warning is issued. To ensure that, analyzers rely on data stream analysis.

And that's exactly how PVS-Studio works. Let's take a look at the following synthetic example:

char get();
int foo(char *p, bool arg)
{
    if (p[1] == 1)
    {
        if (arg)
            p[0] = get();
        if (p[1] == 1)          // Warning
            return 1;
    }
    if (p[2] == 2)
    {
        if (arg)
            p[2] = get();
        if (p[2] == 2)          // Ok
            return 2;
    }
    return 3;
}

This code consists of two similar blocks. In one, the variable being checked doesn't change, while in the other it does. That's why the analyzer issues a warning only on the first block: V547 Expression 'p[1] == 1' is always true.

Programmers needn't worry. Modern tools are advanced enough to issue warnings only on really suspicious code. Sure, false positives occur every now and then, but they usually have to do with complicated code structure, which even a human reviewer may have a hard time figuring out.

GetFreeTrialImage

Further reading

Popular related articles
Under the hood of SAST: how code analysis tools look for security flaws

Date: Jan 26 2023

Author: Sergey Vasiliev

Here we'll discuss how SAST solutions find security flaws. I'll tell you about different and complementary approaches to detecting potential vulnerabilities, explain why each of them is necessary, an…
Intermodular analysis of C and C++ projects in detail. Part 2

Date: Jul 14 2022

Author: Oleg Lisiy

In part 1 we discussed the basics of C and C++ projects compiling. We also talked over linking and optimizations. In part 2 we are going to delve deeper into intermodular analysis and discuss its ano…
Intermodular analysis of C and C++ projects in detail. Part 1

Date: Jul 08 2022

Author: Oleg Lisiy

Starting from PVS-Studio 7.14, the C and C++ analyzer has been supporting intermodular analysis. In this two-part article, we'll describe how similar mechanisms are arranged in compilers and reveal s…
How to speed up building and analyzing of your project with Incredibuild?

Date: May 17 2021

Author: Maxim Zvyagintsev

"How much longer are you going to build it?" - a phrase that every developer has uttered at least once in the middle of the night. Yes, a build can be long and there is no escaping it. One does not s…
GTK: the first analyzer run in figures

Date: Jan 04 2021

Author: Sviatoslav Razmyslov

For some people, the introduction of a static analyzer into a project seems like an insurmountable obstacle. It is widely believed that the amount of analysis results issued after the first run is so…


Comments (0)

Next comments next comments
close comment form
Unicorn with delicious cookie
Our website uses cookies to enhance your browsing experience.
Accept