Start using static code analysis

Fragment taken from the Haiku project (inheritor of BeOS). The code contains an error that analyzer diagnoses in the following way: V501 There are identical sub-expressions to the left and to the right of the ‘<‘ operator: lJack->m_jackType < lJack->m_jackType

int compareTypeAndID(....)
{
  ....
  if (lJack && rJack)
  {
    if (lJack->m_jackType < lJack->m_jackType)
    {
      return -1;
    }
    ....
}

Explanation

It’s just a usual typo. Instead of rJack it was accidentally written lJack in the right part of the expression.

This typo is a simple one indeed, but the situation is quite complicated. The thing is that the programming style, or other methods, are of no help here. People just make mistakes while typing and there is nothing you can do about it.

It’s important to emphasize that it’s not a problem of some particular people or projects. No doubt, all people can be mistaken, and even professionals involved in serious projects can be. Here is the proof of my words. You can see the simplest misprints like A == A, in such projects as: Notepad++, WinMerge, Chromium, Qt, Clang, OpenCV, TortoiseSVN, LibreOffice, CoreCLR, Unreal Engine 4 and so on.

So the problem is really there and it’s not about students’ lab works. When somebody tells me that experienced programmers don’t make such mistakes, we usually send them this link.

Correct code

if (lJack->m_jackType < rJack->m_jackType)

Recommendation

скачанные файлы (8)

First of all, let’s speak about some useless tips.

  • Be careful while programming, and don’t let errors sneak into your code (Nice words, but nothing more)
  • Use a good coding style (There isn’t s a programming style which can help to avoid errors in the variable name)

What can really be effective?

  • Code review
  • Unit tests (TDD)
  • Static code analysis

We should say right away, that every strategy has its strong and weak sides. That’s why the best way to get the most efficient and reliable, code is to use all of them together.

Code reviews can help us to find a great deal of different errors, and on top of this, they help us to improve readability of the code. Unfortunately shared reading of the text is quite expensive, tiresome and doesn’t give a full validity guarantee. It’s quite hard to remain alert, and find a typo looking at this kind of code:

qreal l = (orig->x1 - orig->x2)*(orig->x1 - orig->x2) +
          (orig->y1 - orig->y2)*(orig->y1 - orig->y1) *
          (orig->x3 - orig->x4)*(orig->x3 - orig->x4) +
          (orig->y3 - orig->y4)*(orig->y3 - orig->y4);

Theoretically, unit tests can save us. But it’s only in theory. In practice, it’s unreal to check all the possible execution paths; besides that, a test itself can have some errors too🙂

Static code analyzers are mere programs, and not artificial intelligence. An analyzer can skip some errors and, on the contrary, display an error message for code which in actuality, is correct. But despite all these faults, it is a really useful tool. It can detect a whole lot of errors at an early stage.

A static code analyzer can be used as a cheaper version of Code Review. The program examines the code instead of a programmer doing it, and suggests checking certain code fragments more thoroughly.

Attention:

  • A static analyzer can hurt your brain if not used correctly. One of the typical mistakes is to “get the maximum from the check mode options, and drown in the stream of warnings messages”. That’s one of many recommendations I could give, so to get a bigger list, could be useful to go to A, B.
  • A static analyzer should be used on a regular basis, not just from time to time, or when everything gets really bad. Some explanations: C, D.

Finally we would recommend reading an article by John Carmack: Static Code Analysis.

Written by Andrey Karpov.
This error was found with PVS-Studio static analysis tool.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s