In the New year 2019, a PVS-Studio team decided to make a nice gift for all contributors of open-source projects hosted on GitHub or Bitbucket. They are given free usage of PVS-Studio static analyzer for development of open source projects.
static code analysis
Search for Bugs in Code at the Early Stage
Every developer knows about a debugger, version control system or, for example, unit-tests. Nevertheless, not all developers are familiar with the methodology of static code analysis. Meanwhile, the technology becomes an integral part of the development cycle of programs. I would like to suggest a small introductory course for anyone interested in modern development trends.
Myths about static analysis. The fifth myth – a small test program is enough to evaluate a tool
This is how this statement looks in discussions on forums (this is a collective image):
I’ve written a special program, its size is 100 code lines. But the analyzer doesn’t generate anything although all the warning levels are enabled. This [tool of yours] / [static analysis] in general is just rubbish.
Myths about static analysis. The fourth myth – programmers want to add their own rules into a static analyzer
No, they don’t. They actually want to solve some tasks of searching for particular language constructs. It is not the same thing as creating diagnostic rules.
Myths about static analysis. The third myth – dynamic analysis is better than static analysis
The statement is rather strange. Dynamic and static analyses are just two different methodologies which supplement each other. Programmers seem to understand it, but I hear it again and again that dynamic analysis is better than static analysis.
Let me list advantages of static code analysis.
Myths about static analysis. The second myth – expert developers do not make silly mistakes
Myths about static analysis. The first myth – a static analyzer is a single-use product
While communicating with people on forums, I noticed there are a few lasting misconceptions concerning the static analysis methodology. I decided to write a series of brief articles where I want to show you the real state of things.
What is static code analysis?
Static code analysis is the process of detecting errors and defects in a software’s source code. Static analysis can be viewed as an automated code review process. Let’s speak about the code review now.
Grounded Pointers
Once one of our colleagues left the team and joined one company developing software for embedded systems. There is nothing extraordinary about it: in every firm people come and go, all the time. Their choice is determined by bonuses offered, the convenience aspect, and personal preferences. What we find interesting is quite another thing. Our ex-colleague is sincerely worried about the quality of the code he deals with in his new job. And that has resulted in us writing a joint article. You see, once you have figured out what static analysis is all about, you just don’t feel like settling for “simply programming”.
Let’s Play a Game
The authors of the PVS-Studio analyzer invite you to test your attentiveness.
Code analyzers never get tired and can find errors a human’s eye cannot easily notice. We have picked a few code fragments with errors revealed by PVS-Studio, all the fragments taken from well-known open-source projects.
