Pour obtenir une clé
d'essai remplissez le formulaire ci-dessous
Demandez des tariffs
Nouvelle licence
Renouvellement de licence
--Sélectionnez la devise--
USD
EUR
RUB
* En cliquant sur ce bouton, vous acceptez notre politique de confidentialité

Free PVS-Studio license for Microsoft MVP specialists
To get the licence for your open-source project, please fill out this form
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

I am interested to try it on the platforms:
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

Votre message a été envoyé.

Nous vous répondrons à


Si vous n'avez toujours pas reçu de réponse, vérifiez votre dossier
Spam/Junk et cliquez sur le bouton "Not Spam".
De cette façon, vous ne manquerez la réponse de notre équipe.

>
>
Cases when a static code analyzer may h…

Cases when a static code analyzer may help you

24 Déc 2010
Author:

The static code analysis method is the method of searching for places in program text that are highly probable to contain errors. Programmers use special tools called static code analyzers for this purpose. Having got a list of suspicious code lines, a programmer reviews the corresponding code and fixes errors detected.

Static code analysis is used most often for controlling the quality of a project being developed. But static code analysis can be also used to solve some more peculiar tasks. I would like to describe some of these in this post.

Education

Static analysis may be used for educational purposes. When estimating a student's work, a teacher usually reviews the code he has written and performs test launches of the program. Since there are a lot of students and only one teacher, he may additionally increase his attention by using a static code analyzer. Static analysis makes it more probable not to miss an issue a student must work on.

Another way of using a static analyzer for educational purposes is to check code written by novice programmers. This will help to find and explain errors in their code quicker. Moreover, the capability of analyzing indents, variable naming and so on, will help a person to quicker get used to writing code in the coding style accepted in the company.

Porting software to a different system

It is very difficult to write portable software especially if you did not intend to port your applications at first. That is why port of a program to some other operating system or hardware platform is always rather painful. You can hardly know all the specific issues awaiting your program on a different platform beforehand and you certainly cannot know how to find all the dangerous fragments in your code. Specialized code analyzers may help you by pointing to all the potentially unsafe fragments. They will tell you where you should not change types' sizes, data alignment rules, byte order or use deprecated functions and so on.

Searching for backdoors

Static analysis may be used both for good and for bad purposes. Since code analysis helps developers to detect buffer overflows, stack overflows and other similar defects, an intruder can also do such things. By studying weak points of software, a hacker can choose an object for attack faster. That is, he does not need to review a huge amount of code - a static analyzer will do a part of work for him. It will tell him where the code is especially vulnerable so that the hacker may go on to the next stage of his work, i.e. estimating if he can use the code defects found for his purposes and how.

Hackers often cannot get access to the source code of applications. But there are static analyzers that handle the executable binary code directly.

Of course, we can turn search of holes into a useful thing. For instance, many companies reward people who detect vulnerabilities in software. It is much easier to look for such vulnerabilities using static analyzers.

Using third-party source codes

Programmers often use various open-source codes. In other words, they use open-source free libraries or their fragments. You may usually solve one task using different third-party solutions. Here the question arises, how to choose among them. Using static analysis in this sphere may appear an interesting method - the fewer errors are found, the more probable it is that this code is quality and safe.

If your team receives a third-party project for maintenance and development, static analysis will help you to detect the most dangerous fragments in the project and therefore you will be able to determine which parts of the system need maximum attention.

Proving the necessity of code refactoring

Programmers often understand that a project becomes too complicated and starts to fall apart. They conclude that they need to perform code refactoring, otherwise most time will be consumed by maintenance and creating crutches to prevent code from complete breakdown. But programmers always have urgent tasks and it is not so easy for me to prove why it is more important to rewrite one of the old dialogues instead of creating a new one. A static analyzer may serve one of the arguments for you to listen to my advice by constantly screaming about too large functions, multiple use of global variables, too complicated class hierarchy and therefore unsafe functions and other horrors.

Summary

Of course, I have mentioned only some things I have managed to recall. There are a lot of other tasks static code analysis will help you to solve. Write to us if you have had interesting non-standard ways of using the static analysis methodology in your practice.

Popular related articles
PVS-Studio's data flow analysis untangles more and more related variables

Date: 08 Aoû 2022

Author: Artem Rovenskii

This is the second article about related variables and how the PVS-Studio analyzer deals with them. This time, let's talk about how we enhanced the mechanism we created, and what problems of the anal…
I want to use PVS-Studio in my project. The manager is against it. How to convince them?

Date: 02 Aoû 2022

Author: Sergey Vasiliev

You decided to integrate PVS-Studio into your project. But suddenly it turns out that the manager is against it, because... because why, actually? Let's try to figure out what to do with potential ob…
Intermodular analysis of C and C++ projects in detail. Part 2

Date: 14 Jul 2022

Author: Oleg Lisiy

In part 1 we discussed the basics of C and C++ projects compiling. We also talked over linking and optimizations. In part 2 we are going to delve deeper into intermodular analysis and discuss its ano…
Intermodular analysis of C and C++ projects in detail. Part 1

Date: 08 Jul 2022

Author: Oleg Lisiy

Starting from PVS-Studio 7.14, the C and C++ analyzer has been supporting intermodular analysis. In this two-part article, we'll describe how similar mechanisms are arranged in compilers and reveal s…
PVS-Studio evolution: data flow analysis for related variables

Date: 28 Avr 2022

Author: Nikita Lipilin

Related variables are one of the main problems of static analysis. This article covers this topic and describes how PVS-Studio developers are fighting false positives caused by different relationship…

Comments (0)

Next comments
Unicorn with delicious cookie
Nous utilisons des cookies pour améliorer votre expérience de navigation. En savoir plus
Accepter