The best way to prove a static code analyzer is to find errors in open source projects and share them with the world. If you have ever heard of PVS-Studio, it was most likely from our articles reporting on the checks of such projects as Chromium, WinMerge, TortoiseSVN, Apache HTTP Server, Qt, Clang and many others.
We have gradually collected a large error database. The reports on these errors were, of course, published in the corresponding articles and the projects' authors are aware of them. At least, we did everything we could to inform them. But we also added the bugs into our internal database. Now this database of errors detected by PVS-Studio is open to the public.
The database is built according to the following principle. The main page contains a list of all the PVS-Studio diagnostics with descriptions and links to the corresponding documentation sections. For most of them, lists of projects are also given where errors detectable through these diagnostics were found. The most valuable information is the code samples from these projects themselves which you can view by clicking the corresponding links.
Not all the diagnostics are represented by examples in our database - this is because we didn't come across defects of these types in those open source projects that we had checked. But it doesn't mean that the diagnostic itself is bad. It may work well on someone's private projects that we cannot add to our database.
Also note that this database is not a complete list of all the errors found with the help of PVS-Studio in a certain project. It presents only some of the errors. Since this database is being created by ourselves, the PVS-Studio developers, we may often not be able to understand if there is actually an error or just a false positive in somebody else's code. That's why the database includes only what we are sure about. But if there are just a few defects mentioned for some project, it doesn't mean that PVS-Studio cannot find anything else in it. It only means that we have come across (and added into the database) just a few bugs.
You will surely find code fragments with the detected errors in our database. But if you download the latest projects source texts, you will most likely fail to find a certain fragment because the error is fixed by now. If you do find it, it means that the author considered the bug not to be too serious, or it might even signal that we're mistaken thinking something was a defect, while it actually was not and only looked like it.
The database of errors found by PVS-Studio allows us to explode the myth that professional skillful programmers don't make silly mistakes. They do, and you can now see it with your own eyes. But this is not a sign of programmers' inaptitude. It's just because EVERYBODY makes mistakes, and nothing can be done about it.
And one more thing. This database was created with the purpose of advertising PVS-Studio. But is such an honest advertisement bad? Who needs all those blah-blah-blah like "We have all the Fortune500 companies among our customers" and "Your code's quality will rise thanks to our tool"? Our advertisement is the errors we have found, and we are saying it straight out. That's not like marketing texts all about nothing.
Date: Feb 28 2024
Author: Elizaveta Kuznetsova
Date: Dec 12 2023
Author: Elizaveta Kuznetsova
Date: Dec 20 2022
Author: Yaroslav Pavlov-Breycher
Date: Aug 31 2022
Author: Alexey Sarkisov
Date: Aug 16 2022
Author: Sviatoslav Razmyslov