Pour obtenir une clé
d'essai remplissez le formulaire ci-dessous
Demandez des tariffs
Nouvelle licence
Renouvellement de licence
--Sélectionnez la devise--
USD
EUR
RUB
* En cliquant sur ce bouton, vous acceptez notre politique de confidentialité

Free PVS-Studio license for Microsoft MVP specialists
To get the licence for your open-source project, please fill out this form
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

I am interested to try it on the platforms:
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

Votre message a été envoyé.

Nous vous répondrons à


Si vous n'avez toujours pas reçu de réponse, vérifiez votre dossier
Spam/Junk et cliquez sur le bouton "Not Spam".
De cette façon, vous ne manquerez la réponse de notre équipe.

>
>
Myths about static analysis. The first …

Myths about static analysis. The first myth - a static analyzer is a single-use product

01 Nov 2011
Author:

While communicating with people on forums, I noticed there are a few lasting misconceptions concerning the static analysis methodology. I decided to write a series of brief articles where I want to show you the real state of things.

The first myth is: "A static analyzer is a single-use product".

This is how this statement looks in discussions on forums (this is a collective image):

When you have a trial/cracked version, you can run it for free on all your projects to find several old errors and feel satisfied for some time.

Everyone's happy. People have used the tool, and the developers don't know they were cheated and robbed.

In this case, a programmer cheats himself/herself, not the tool's developers. The programmer just got a seeming profit from the work done, but not the real profit. I cannot manage to bring this idea home to programmers but I will continue trying. There is no use of launching a static analyzer occasionally.

Here is an analogy:

We set the /W0 warning level in compiler and start to develop a project. We curse, fix silly mistakes and misprints and test our code more and longer. Then we occasionally turn on the /W3 switch and fight the warnings and then again set /W0. All those errors the compiler could tell us about at the /W3 level, we were bravely and long searching for in the debugger, having spent 10-100 times more time on that. Besides, note that now the programmer does not like the results given at the /W3 level, for he/she has fixed almost all the errors through testing and debugging. The compiler generates mostly false reports at the /W3 level.

Now let's go back to static analysis. The situation is absolutely the same: an analyzer produces a lot of false reports, being launched on rare occasions. There are few real errors because they have been already found through other methods.

Like the /W3 switch, static analysis brings maximum profit when being used regularly. By the way, static analysis is kind of an extension of compiler-generated warnings. Many diagnostic rules that were once implemented in old analyzers gradually pass to compilers. Of course, analyzers will always be ahead of compilers regarding the diagnostic capabilities; they are developed for this very purpose. The compiler has a lot of other tasks; moreover, it is imposed stricter performance requirements.

Some people give the following answer in the heat of discussion:

The idea is true for novice students. But it's not so much important for expert programmers. If I set the /W0 switch, I won't write worse code. You should improve your programming style instead of getting more crutches.

I absolutely agree with the idea above. But let's play a bit and alter this text in the following way:

The idea is true for novice drivers. But it's not so much important for expert drivers. If I don't buckle up at the wheel, I won't drive worse. You should improve your driving style instead of getting more safety components.

Again, you can't argue against that. However, any adequately thinking driver understands that one still should buckle up when driving a car. The same is with static code analysis. Even a skilled programmer is not secure from mistakes and misprints. Examples given in this article confirm my idea very well. Certainly, all the professional programmers are sure that they never make such silly mistakes, but we'll speak on this point in the next post about myths.

Popular related articles
PVS-Studio's data flow analysis untangles more and more related variables

Date: 08 Aoû 2022

Author: Artem Rovenskii

This is the second article about related variables and how the PVS-Studio analyzer deals with them. This time, let's talk about how we enhanced the mechanism we created, and what problems of the anal…
I want to use PVS-Studio in my project. The manager is against it. How to convince them?

Date: 02 Aoû 2022

Author: Sergey Vasiliev

You decided to integrate PVS-Studio into your project. But suddenly it turns out that the manager is against it, because... because why, actually? Let's try to figure out what to do with potential ob…
Intermodular analysis of C and C++ projects in detail. Part 2

Date: 14 Jul 2022

Author: Oleg Lisiy

In part 1 we discussed the basics of C and C++ projects compiling. We also talked over linking and optimizations. In part 2 we are going to delve deeper into intermodular analysis and discuss its ano…
Intermodular analysis of C and C++ projects in detail. Part 1

Date: 08 Jul 2022

Author: Oleg Lisiy

Starting from PVS-Studio 7.14, the C and C++ analyzer has been supporting intermodular analysis. In this two-part article, we'll describe how similar mechanisms are arranged in compilers and reveal s…
PVS-Studio evolution: data flow analysis for related variables

Date: 28 Avr 2022

Author: Nikita Lipilin

Related variables are one of the main problems of static analysis. This article covers this topic and describes how PVS-Studio developers are fighting false positives caused by different relationship…

Comments (0)

Next comments
Unicorn with delicious cookie
Nous utilisons des cookies pour améliorer votre expérience de navigation. En savoir plus
Accepter