Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

PVS-Studio and static code analysis technique

Download as PPTX, PDF
Andrey Karpov
Andrey Karpov

What is «static code analysis»? It is a technique that allows, at the same time with unit-tests, dynamic code analysis, code review and others, to increase code quality, increase its reliability and decrease the development time.

Related slideshows

Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
 
Server Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep JadonServer Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep Jadon
 
Parasoft fda software compliance part2
Parasoft fda software compliance part2Parasoft fda software compliance part2
Parasoft fda software compliance part2
 
1 of 18
PVS-Studio and static code analysis technique www.viva64.com
What is «static code analysis»? • It is a technique that allows, at the same time with unit-tests, dynamic code analysis, code review and others, to increase code quality, increase its reliability and decrease the development time. • It should be noted that static code analysis is not a universal panacea and is maximally effective in conjunction with other methods of code testing.
Who needs static code analysis? • Any medium-sized and large software development company – to increase code reliability and decrease its price, • Any small company and individual developers – in a lesser extent – to drink coffee instead of searching and fixing annoying bugs, • Anyone, who supports any old code, • Specialists for specific tasks (for instance, Sparce code analyzer for Linux kernel hackers).
Static code analysis advantages • Allows to find bugs on early stages (the earlier the bug was spotted, the cheaper it is to be fixed), • High analysis speed, • Does not require to run the application, only an access to source code and (not always) – to preprocessed files, • Allows to locate bugs in code that is rarely executed (exception handlers, for instance).
Static code analysis disadvantages • Possibility of false positive alarm on correct code, • Correct positive alarms on old code, which works correctly and which should better not be bothered, may be nauseous. • Comparatively small class of bugs detected due to the exponential difficulty of “honest” bug search. • Does not detects logical errors (this is a drawback of almost all automatic testing tools in contrast to code review and manually written unit tests).
PVS-Studio • One of static code analysis tools for C and C++ languages (including C++CX, C++0x and C++11), • Developers – ООО «Program Verification Systems». • Site: http://www.viva64.com/ • From so on, main advantages of this tool will be listed.
PVS-Studio: ease of use • Allows integration into Microsoft Visual Studio (except for Express version – it lacks extension mechanisms), • Includes PVS-Studio Standalone that does not require IDE at all, • Works quickly and “out-of-the-box”, does not require dedicated database servers and personnel training. • Can be integrated into the build system, • Fully-functional trial version.
PVS-Studio: features • Incremental analysis allows to find bugs in new code after every build, • Message suppression allows to concentrate on a newly written code by hiding all the warning messages on the old code (of course, they can be reviewed later), • Special feature – search for bugs that shows up on porting 32-bit application into 64-bit ones.
PVS-Studio: additional features • Quick tech support, • Users may ask for a features in a future releases. Our tool is expanding, and we try to take into account every request, • All errors are properly documented and there are a lot of examples (small fraction of them will be listed on the next slides).
Examples of errors found in real-life applications Error #1 while (node != NULL) { if ((node->hashCode == code) && (node->entry.key == key)) { return true; } node = node->next; } while (node != NULL); It seems like do / while cycles was mixed up in a weird way here. Of course, second ‘while’ operator should never become an endless cycle, but is there actually ‘while’ and not ‘do’ cycle required?
Examples of errors found in real-life applications Error #2 int main(int argc, char** argv) { .... if (getIsInteractiveMode()) //p->writePepSHTML(); //p->printResult(); // regression test? if (testType!=NO_TEST) { .... } } Even comments can sometimes harm the program, especially in the wrong place. In this piece of code second ‘if’ operator will only be evaluated if condition in first ‘if’ is true, but code formatting says that the opposite was intended. By the way, this error was found in unit tests.
Examples of errors found in real-life applications Error #3 HRESULT SHEOW_LoadOpenWithItems(....) { .... if (_ILIsDesktop(pidl) || _ILIsMyDocuments(pidl) || _ILIsControlPanel(pidl) || _ILIsNetHood(pidl) || _ILIsBitBucket(pidl) || _ILIsDrive(pidl) || _ILIsCPanelStruct(pidl) || _ILIsFolder(pidl) || _ILIsControlPanel(pidl)) { TRACE("pidl is a foldern"); SHFree((void*)pidl); return E_FAIL; } .... } For everyone who thinks that every problem that was found by static code analyzer can also be found by code review. Good luck in figuring out what’s wrong here. And don’t forget that real code is much, much bigger than this fragment.
Examples of errors found in real-life applications Error #3 HRESULT SHEOW_LoadOpenWithItems(....) { .... if (_ILIsDesktop(pidl) || _ILIsMyDocuments(pidl) || _ILIsControlPanel(pidl) || _ILIsNetHood(pidl) || _ILIsBitBucket(pidl) || _ILIsDrive(pidl) || _ILIsCPanelStruct(pidl) || _ILIsFolder(pidl) || _ILIsControlPanel(pidl)) { TRACE("pidl is a foldern"); SHFree((void*)pidl); return E_FAIL; } .... } Here it is. A repeated fragment in a logical expression. At least one of this repeated sentences is redundant. More likely scenario: one of this sentences is incorrect, and programmer should have meant something else.
Examples of errors found in real-life applications Error #4 Style & w1Style = _pUserLang->_styleArray.getStyler(STYLE_WORD1_INDEX); styleUpdate(w1Style, _pFgColour[0], _pBgColour[0], IDC_KEYWORD1_FONT_COMBO, IDC_KEYWORD1_FONTSIZE_COMBO, IDC_KEYWORD1_BOLD_CHECK, IDC_KEYWORD1_ITALIC_CHECK, IDC_KEYWORD1_UNDERLINE_CHECK); Style & w2Style = _pUserLang->_styleArray.getStyler(STYLE_WORD2_INDEX); styleUpdate(w2Style, _pFgColour[1], _pBgColour[1], IDC_KEYWORD2_FONT_COMBO, IDC_KEYWORD2_FONTSIZE_COMBO, IDC_KEYWORD2_BOLD_CHECK, IDC_KEYWORD2_ITALIC_CHECK, IDC_KEYWORD2_UNDERLINE_CHECK); Style & w3Style = _pUserLang->_styleArray.getStyler(STYLE_WORD3_INDEX); styleUpdate(w3Style, _pFgColour[2], _pBgColour[2], IDC_KEYWORD3_FONT_COMBO, IDC_KEYWORD3_FONTSIZE_COMBO, IDC_KEYWORD3_BOLD_CHECK, IDC_KEYWORD3_BOLD_CHECK, IDC_KEYWORD3_UNDERLINE_CHECK); Style & w4Style = _pUserLang->_styleArray.getStyler(STYLE_WORD4_INDEX); styleUpdate(w4Style, _pFgColour[3], _pBgColour[3], IDC_KEYWORD4_FONT_COMBO, IDC_KEYWORD4_FONTSIZE_COMBO, IDC_KEYWORD4_BOLD_CHECK, IDC_KEYWORD4_ITALIC_CHECK, IDC_KEYWORD4_UNDERLINE_CHECK); Still not impressed? Well, here comes another example.
Examples of errors found in real-life applications Error #4 Nice example of code produced by copy-paste technique featuring programmer who forgot to fix one word. This error is definitely hard to detect using only code review. However, if you enjoyed searching for errors, we have a quiz for you. Style & w1Style = _pUserLang->_styleArray.getStyler(STYLE_WORD1_INDEX); styleUpdate(w1Style, _pFgColour[0], _pBgColour[0], IDC_KEYWORD1_FONT_COMBO, IDC_KEYWORD1_FONTSIZE_COMBO, IDC_KEYWORD1_BOLD_CHECK, IDC_KEYWORD1_ITALIC_CHECK, IDC_KEYWORD1_UNDERLINE_CHECK); Style & w2Style = _pUserLang->_styleArray.getStyler(STYLE_WORD2_INDEX); styleUpdate(w2Style, _pFgColour[1], _pBgColour[1], IDC_KEYWORD2_FONT_COMBO, IDC_KEYWORD2_FONTSIZE_COMBO, IDC_KEYWORD2_BOLD_CHECK, IDC_KEYWORD2_ITALIC_CHECK, IDC_KEYWORD2_UNDERLINE_CHECK); Style & w3Style = _pUserLang->_styleArray.getStyler(STYLE_WORD3_INDEX); styleUpdate(w3Style, _pFgColour[2], _pBgColour[2], IDC_KEYWORD3_FONT_COMBO, IDC_KEYWORD3_FONTSIZE_COMBO, IDC_KEYWORD3_BOLD_CHECK, IDC_KEYWORD3_BOLD_CHECK, IDC_KEYWORD3_UNDERLINE_CHECK); Style & w4Style = _pUserLang->_styleArray.getStyler(STYLE_WORD4_INDEX); styleUpdate(w4Style, _pFgColour[3], _pBgColour[3], IDC_KEYWORD4_FONT_COMBO, IDC_KEYWORD4_FONTSIZE_COMBO, IDC_KEYWORD4_BOLD_CHECK, IDC_KEYWORD4_ITALIC_CHECK, IDC_KEYWORD4_UNDERLINE_CHECK);
Examples of errors found in real-life applications Error #5 void ListJob::doStart() { Q_D( ListJob ); switch ( d->option ) { break; case IncludeUnsubscribed: d->command = "LIST"; break; case IncludeFolderRoleFlags: d->command = "XLIST"; break; case NoOption: default: d->command = "LSUB"; } .... } One single ‘break’ in unusual place may alter the whole ‘switch’ statement behavior. Or maybe it was intentional, wasn’t it?
Conclusion • All the errors listed in this presentation was found in open-source projects. It proves that even professional programmers tend to make errors. • It is worth to remind that it is better to use the whole bunch of tools, not only static code analysis or only unit tests, and to give enough attention to refactoring and code quality. We are almost certain that this will pay for itself. Analyzer may find a misprint, but would never find a wrong algorithm! Unit tests may contain errors too, and human attention would hardly find a misprint in heaps of duplicate code. • Good luck with development!
Additional links: • PVS-Studio: http://www.viva64.com/en/pvs-studio/ • Updatable List of Open-Source Projects Checked with PVS-Studio: http://www.viva64.com/en/a/0084/ • Blog: http://www.viva64.com/en/b/ • Twitter: https://twitter.com/Code_Analysis

More Related Content

What's hot

Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
Orest Ivasiv
 
Server Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep JadonServer Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep Jadon
Mandeep Jadon
 
Parasoft fda software compliance part2
Parasoft fda software compliance part2Parasoft fda software compliance part2
Parasoft fda software compliance part2
Engineering Software Lab
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysis
Prashant Gupta
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating system
Andrey Karpov
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
Sebastian Marek
 
PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++
Andrey Karpov
 
Continuous Integration: Live Static Analysis with Puma Scan
Continuous Integration: Live Static Analysis with Puma ScanContinuous Integration: Live Static Analysis with Puma Scan
Continuous Integration: Live Static Analysis with Puma Scan
Cypress Data Defense
 
150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis
Raghu Palakodety
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal Engine
Andrey Karpov
 
Code Review
Code ReviewCode Review
Code Review
rantav
 
Code review for secure web applications
Code review for secure web applicationsCode review for secure web applications
Code review for secure web applications
silviad74
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
Taeyeop Kim
 
Making Your Own Static Analyzer Using Freud DSL. Marat Vyshegorodtsev
Making Your Own Static Analyzer Using Freud DSL. Marat Vyshegorodtsev Making Your Own Static Analyzer Using Freud DSL. Marat Vyshegorodtsev
Making Your Own Static Analyzer Using Freud DSL. Marat Vyshegorodtsev
Yandex
 
Software Engineering - RS3
Software Engineering - RS3Software Engineering - RS3
Software Engineering - RS3
AtakanAral
 
PVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced featuresPVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced features
Andrey Karpov
 
Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)
Sung Kim
 
Java Code Review Checklist
Java Code Review ChecklistJava Code Review Checklist
Java Code Review Checklist
Mahesh Chopker
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation
Cysinfo Cyber Security Community
 
Code Review
Code ReviewCode Review
Code Review
Tu Hoang
 

What's hot (20)

Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
 
Server Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep JadonServer Side Template Injection by Mandeep Jadon
Server Side Template Injection by Mandeep Jadon
 
Parasoft fda software compliance part2
Parasoft fda software compliance part2Parasoft fda software compliance part2
Parasoft fda software compliance part2
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysis
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating system
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
 
PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++
 
Continuous Integration: Live Static Analysis with Puma Scan
Continuous Integration: Live Static Analysis with Puma ScanContinuous Integration: Live Static Analysis with Puma Scan
Continuous Integration: Live Static Analysis with Puma Scan
 
150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal Engine
 
Code Review
Code ReviewCode Review
Code Review
 
Code review for secure web applications
Code review for secure web applicationsCode review for secure web applications
Code review for secure web applications
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
 
Making Your Own Static Analyzer Using Freud DSL. Marat Vyshegorodtsev
Making Your Own Static Analyzer Using Freud DSL. Marat Vyshegorodtsev Making Your Own Static Analyzer Using Freud DSL. Marat Vyshegorodtsev
Making Your Own Static Analyzer Using Freud DSL. Marat Vyshegorodtsev
 
Software Engineering - RS3
Software Engineering - RS3Software Engineering - RS3
Software Engineering - RS3
 
PVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced featuresPVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced features
 
Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)
 
Java Code Review Checklist
Java Code Review ChecklistJava Code Review Checklist
Java Code Review Checklist
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation
 
Code Review
Code ReviewCode Review
Code Review
 

Viewers also liked

Static code analysis
Static code analysisStatic code analysis
Static code analysis
mashaathukorala
 
Verification at scale: Fitting static code analysis into continuous integration
Verification at scale: Fitting static code analysis into continuous integrationVerification at scale: Fitting static code analysis into continuous integration
Verification at scale: Fitting static code analysis into continuous integration
Rogue Wave Software
 
Learning from other's mistakes: Data-driven code analysis
Learning from other's mistakes: Data-driven code analysisLearning from other's mistakes: Data-driven code analysis
Learning from other's mistakes: Data-driven code analysis
Andreas Dewes
 
Static Code Analysis and AutoLint
Static Code Analysis and AutoLintStatic Code Analysis and AutoLint
Static Code Analysis and AutoLint
Leander Hasty
 
Static Analysis Techniques For Testing Application Security - Houston Tech Fest
Static Analysis Techniques For Testing Application Security - Houston Tech FestStatic Analysis Techniques For Testing Application Security - Houston Tech Fest
Static Analysis Techniques For Testing Application Security - Houston Tech Fest
Denim Group
 
Quick tour to front end unit testing using jasmine
Quick tour to front end unit testing using jasmineQuick tour to front end unit testing using jasmine
Quick tour to front end unit testing using jasmine
Gil Fink
 
Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code Analysis
Annyce Davis
 
Anaemia in heart failure
Anaemia in heart failureAnaemia in heart failure
Anaemia in heart failure
drabhishekbabbu
 
Unit Testing Concepts and Best Practices
Unit Testing Concepts and Best PracticesUnit Testing Concepts and Best Practices
Unit Testing Concepts and Best Practices
Derek Smith
 
UNIT TESTING PPT
UNIT TESTING PPTUNIT TESTING PPT
UNIT TESTING PPT
suhasreddy1
 

Viewers also liked (10)

Static code analysis
Static code analysisStatic code analysis
Static code analysis
 
Verification at scale: Fitting static code analysis into continuous integration
Verification at scale: Fitting static code analysis into continuous integrationVerification at scale: Fitting static code analysis into continuous integration
Verification at scale: Fitting static code analysis into continuous integration
 
Learning from other's mistakes: Data-driven code analysis
Learning from other's mistakes: Data-driven code analysisLearning from other's mistakes: Data-driven code analysis
Learning from other's mistakes: Data-driven code analysis
 
Static Code Analysis and AutoLint
Static Code Analysis and AutoLintStatic Code Analysis and AutoLint
Static Code Analysis and AutoLint
 
Static Analysis Techniques For Testing Application Security - Houston Tech Fest
Static Analysis Techniques For Testing Application Security - Houston Tech FestStatic Analysis Techniques For Testing Application Security - Houston Tech Fest
Static Analysis Techniques For Testing Application Security - Houston Tech Fest
 
Quick tour to front end unit testing using jasmine
Quick tour to front end unit testing using jasmineQuick tour to front end unit testing using jasmine
Quick tour to front end unit testing using jasmine
 
Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code Analysis
 
Anaemia in heart failure
Anaemia in heart failureAnaemia in heart failure
Anaemia in heart failure
 
Unit Testing Concepts and Best Practices
Unit Testing Concepts and Best PracticesUnit Testing Concepts and Best Practices
Unit Testing Concepts and Best Practices
 
UNIT TESTING PPT
UNIT TESTING PPTUNIT TESTING PPT
UNIT TESTING PPT
 

Similar to PVS-Studio and static code analysis technique

Code quality par Simone Civetta
Code quality par Simone CivettaCode quality par Simone Civetta
Code quality par Simone Civetta
CocoaHeads France
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio
 
PVS-Studio: analyzing ReactOS's code
PVS-Studio: analyzing ReactOS's codePVS-Studio: analyzing ReactOS's code
PVS-Studio: analyzing ReactOS's code
PVS-Studio
 
Measuring Your Code
Measuring Your CodeMeasuring Your Code
Measuring Your Code
Nate Abele
 
Measuring Your Code 2.0
Measuring Your Code 2.0Measuring Your Code 2.0
Measuring Your Code 2.0
Nate Abele
 
Improving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review ProcessImproving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review Process
Dr. Syed Hassan Amin
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Engineering Software Lab
 
Checking the Qt 5 Framework
Checking the Qt 5 FrameworkChecking the Qt 5 Framework
Checking the Qt 5 Framework
Andrey Karpov
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShell
PVS-Studio
 
The operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerThe operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzer
Andrey Karpov
 
Chelberg ptcuser 2010
Chelberg ptcuser 2010Chelberg ptcuser 2010
Chelberg ptcuser 2010
Clay Helberg
 
Python and test
Python and testPython and test
Python and test
Micron Technology
 
Price of an Error
Price of an ErrorPrice of an Error
Price of an Error
Andrey Karpov
 
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
Zhen Huang
 
Wtf per lineofcode
Wtf per lineofcodeWtf per lineofcode
Wtf per lineofcode
David Gómez García
 
how-to-bypass-AM-PPL
how-to-bypass-AM-PPLhow-to-bypass-AM-PPL
how-to-bypass-AM-PPL
nitinscribd
 
Analysis of Godot Engine's Source Code
Analysis of Godot Engine's Source CodeAnalysis of Godot Engine's Source Code
Analysis of Godot Engine's Source Code
PVS-Studio
 
The Art Of Debugging
The Art Of DebuggingThe Art Of Debugging
The Art Of Debugging
svilen.ivanov
 
What's the Difference Between Static Analysis and Compiler Warnings?
What's the Difference Between Static Analysis and Compiler Warnings?What's the Difference Between Static Analysis and Compiler Warnings?
What's the Difference Between Static Analysis and Compiler Warnings?
Andrey Karpov
 
Looking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopLooking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelop
PVS-Studio
 

Similar to PVS-Studio and static code analysis technique (20)

Code quality par Simone Civetta
Code quality par Simone CivettaCode quality par Simone Civetta
Code quality par Simone Civetta
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
 
PVS-Studio: analyzing ReactOS's code
PVS-Studio: analyzing ReactOS's codePVS-Studio: analyzing ReactOS's code
PVS-Studio: analyzing ReactOS's code
 
Measuring Your Code
Measuring Your CodeMeasuring Your Code
Measuring Your Code
 
Measuring Your Code 2.0
Measuring Your Code 2.0Measuring Your Code 2.0
Measuring Your Code 2.0
 
Improving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review ProcessImproving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review Process
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
 
Checking the Qt 5 Framework
Checking the Qt 5 FrameworkChecking the Qt 5 Framework
Checking the Qt 5 Framework
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShell
 
The operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerThe operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzer
 
Chelberg ptcuser 2010
Chelberg ptcuser 2010Chelberg ptcuser 2010
Chelberg ptcuser 2010
 
Python and test
Python and testPython and test
Python and test
 
Price of an Error
Price of an ErrorPrice of an Error
Price of an Error
 
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
 
Wtf per lineofcode
Wtf per lineofcodeWtf per lineofcode
Wtf per lineofcode
 
how-to-bypass-AM-PPL
how-to-bypass-AM-PPLhow-to-bypass-AM-PPL
how-to-bypass-AM-PPL
 
Analysis of Godot Engine's Source Code
Analysis of Godot Engine's Source CodeAnalysis of Godot Engine's Source Code
Analysis of Godot Engine's Source Code
 
The Art Of Debugging
The Art Of DebuggingThe Art Of Debugging
The Art Of Debugging
 
What's the Difference Between Static Analysis and Compiler Warnings?
What's the Difference Between Static Analysis and Compiler Warnings?What's the Difference Between Static Analysis and Compiler Warnings?
What's the Difference Between Static Analysis and Compiler Warnings?
 
Looking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopLooking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelop
 

More from Andrey Karpov

60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста
Andrey Karpov
 
60 terrible tips for a C++ developer
60 terrible tips for a C++ developer60 terrible tips for a C++ developer
60 terrible tips for a C++ developer
Andrey Karpov
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Andrey Karpov
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error Examples
Andrey Karpov
 
PVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewPVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature Overview
Andrey Karpov
 
PVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокPVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибок
Andrey Karpov
 
PVS-Studio в 2021
PVS-Studio в 2021PVS-Studio в 2021
PVS-Studio в 2021
Andrey Karpov
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Andrey Karpov
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' Mistakes
Andrey Karpov
 
Does static analysis need machine learning?
Does static analysis need machine learning?Does static analysis need machine learning?
Does static analysis need machine learning?
Andrey Karpov
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and Java
Andrey Karpov
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
Andrey Karpov
 
Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?
Andrey Karpov
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical Reviewer
Andrey Karpov
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
Andrey Karpov
 
The Great and Mighty C++
The Great and Mighty C++The Great and Mighty C++
The Great and Mighty C++
Andrey Karpov
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?
Andrey Karpov
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for you
Andrey Karpov
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
Andrey Karpov
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
Andrey Karpov
 

More from Andrey Karpov (20)

60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста
 
60 terrible tips for a C++ developer
60 terrible tips for a C++ developer60 terrible tips for a C++ developer
60 terrible tips for a C++ developer
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error Examples
 
PVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewPVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature Overview
 
PVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокPVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибок
 
PVS-Studio в 2021
PVS-Studio в 2021PVS-Studio в 2021
PVS-Studio в 2021
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' Mistakes
 
Does static analysis need machine learning?
Does static analysis need machine learning?Does static analysis need machine learning?
Does static analysis need machine learning?
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and Java
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
 
Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical Reviewer
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
 
The Great and Mighty C++
The Great and Mighty C++The Great and Mighty C++
The Great and Mighty C++
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for you
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
 

Recently uploaded

The two flavors of Python 3.13 - PyHEP 2024
The two flavors of Python 3.13 - PyHEP 2024The two flavors of Python 3.13 - PyHEP 2024
The two flavors of Python 3.13 - PyHEP 2024
Henry Schreiner
 
Cal Girls Fort Chandragupt Jaipur 8445551418 Khusi Top Class Girls Call Jaipu...
Cal Girls Fort Chandragupt Jaipur 8445551418 Khusi Top Class Girls Call Jaipu...Cal Girls Fort Chandragupt Jaipur 8445551418 Khusi Top Class Girls Call Jaipu...
Cal Girls Fort Chandragupt Jaipur 8445551418 Khusi Top Class Girls Call Jaipu...
Trisha Kumari
 
Cloud Databases and Big Data - Mechlin.pptx
Cloud Databases and Big Data - Mechlin.pptxCloud Databases and Big Data - Mechlin.pptx
Cloud Databases and Big Data - Mechlin.pptx
Mitchell Marsh
 
Limited Time Offer! Pay One Time to Access to Sociosight for Only $95
Limited Time Offer! Pay One Time to Access to Sociosight for Only $95Limited Time Offer! Pay One Time to Access to Sociosight for Only $95
Limited Time Offer! Pay One Time to Access to Sociosight for Only $95
Sri Damayanti
 
SOCRadar's Hand Guide For the 2024 Paris Olympics--.pdf
SOCRadar's Hand Guide For the 2024 Paris Olympics--.pdfSOCRadar's Hand Guide For the 2024 Paris Olympics--.pdf
SOCRadar's Hand Guide For the 2024 Paris Olympics--.pdf
SOCRadar
 
My Bully Is My Lover Apk CH1 EP4 (Gallery Unlock, MOD)
My Bully Is My Lover Apk CH1 EP4 (Gallery Unlock, MOD)My Bully Is My Lover Apk CH1 EP4 (Gallery Unlock, MOD)
My Bully Is My Lover Apk CH1 EP4 (Gallery Unlock, MOD)
Apk2me
 
Enhancing Safety Protocols with Permit to Work (PTW) Software
Enhancing Safety Protocols with Permit to Work (PTW) SoftwareEnhancing Safety Protocols with Permit to Work (PTW) Software
Enhancing Safety Protocols with Permit to Work (PTW) Software
CryotosCMMSSoftware
 
WordPress Getting Started: WordPress block themes
WordPress Getting Started: WordPress block themesWordPress Getting Started: WordPress block themes
WordPress Getting Started: WordPress block themes
Kyra Pieterse
 
Automating Enterprise Workflows with Node.pdf
Automating Enterprise Workflows with Node.pdfAutomating Enterprise Workflows with Node.pdf
Automating Enterprise Workflows with Node.pdf
Jane Brewer
 
CrushFTP 10.4.0.29 PC Software - WhizNews
CrushFTP 10.4.0.29 PC Software - WhizNewsCrushFTP 10.4.0.29 PC Software - WhizNews
CrushFTP 10.4.0.29 PC Software - WhizNews
Eman Nisar
 
Availability and Usage of Platform-Specific APIs: A First Empirical Study (MS...
Availability and Usage of Platform-Specific APIs: A First Empirical Study (MS...Availability and Usage of Platform-Specific APIs: A First Empirical Study (MS...
Availability and Usage of Platform-Specific APIs: A First Empirical Study (MS...
Andre Hora
 
Transform Your Innovations with Best Product Engineering Services
Transform Your Innovations with Best Product Engineering ServicesTransform Your Innovations with Best Product Engineering Services
Transform Your Innovations with Best Product Engineering Services
David Wilson
 
Top 10 ERP Companies in UAE Banibro IT Solutions.pdf
Top 10 ERP Companies in UAE Banibro IT Solutions.pdfTop 10 ERP Companies in UAE Banibro IT Solutions.pdf
Top 10 ERP Companies in UAE Banibro IT Solutions.pdf
Banibro IT Solutions
 
What is an Construction Equipment Management System?
What is an Construction Equipment Management System?What is an Construction Equipment Management System?
What is an Construction Equipment Management System?
NYGGS Construction ERP Software
 
Customer Relationship Management Systems.pptx
Customer Relationship Management Systems.pptxCustomer Relationship Management Systems.pptx
Customer Relationship Management Systems.pptx
Amara Nielson
 
Top 5 ERP Companies in India Banibro IT Solutions.pdf
Top 5 ERP Companies in India Banibro IT Solutions.pdfTop 5 ERP Companies in India Banibro IT Solutions.pdf
Top 5 ERP Companies in India Banibro IT Solutions.pdf
Banibro IT Solutions
 
Python Objects and Data Structure Basics
Python Objects and Data Structure BasicsPython Objects and Data Structure Basics
Python Objects and Data Structure Basics
roldangomezjuan0
 
call bomber software for call centers.pdf
call bomber software for call centers.pdfcall bomber software for call centers.pdf
call bomber software for call centers.pdf
Asfera Technologies
 
Augmented Reality (AR) in Ionic Apps Transforming User Experiences.pdf
Augmented Reality (AR) in Ionic Apps Transforming User Experiences.pdfAugmented Reality (AR) in Ionic Apps Transforming User Experiences.pdf
Augmented Reality (AR) in Ionic Apps Transforming User Experiences.pdf
Grey Space Computing
 
4. The Build System _ Embedded Android.pdf
4. The Build System _ Embedded Android.pdf4. The Build System _ Embedded Android.pdf
4. The Build System _ Embedded Android.pdf
VishalKumarJha10
 

Recently uploaded (20)

The two flavors of Python 3.13 - PyHEP 2024
The two flavors of Python 3.13 - PyHEP 2024The two flavors of Python 3.13 - PyHEP 2024
The two flavors of Python 3.13 - PyHEP 2024
 
Cal Girls Fort Chandragupt Jaipur 8445551418 Khusi Top Class Girls Call Jaipu...
Cal Girls Fort Chandragupt Jaipur 8445551418 Khusi Top Class Girls Call Jaipu...Cal Girls Fort Chandragupt Jaipur 8445551418 Khusi Top Class Girls Call Jaipu...
Cal Girls Fort Chandragupt Jaipur 8445551418 Khusi Top Class Girls Call Jaipu...
 
Cloud Databases and Big Data - Mechlin.pptx
Cloud Databases and Big Data - Mechlin.pptxCloud Databases and Big Data - Mechlin.pptx
Cloud Databases and Big Data - Mechlin.pptx
 
Limited Time Offer! Pay One Time to Access to Sociosight for Only $95
Limited Time Offer! Pay One Time to Access to Sociosight for Only $95Limited Time Offer! Pay One Time to Access to Sociosight for Only $95
Limited Time Offer! Pay One Time to Access to Sociosight for Only $95
 
SOCRadar's Hand Guide For the 2024 Paris Olympics--.pdf
SOCRadar's Hand Guide For the 2024 Paris Olympics--.pdfSOCRadar's Hand Guide For the 2024 Paris Olympics--.pdf
SOCRadar's Hand Guide For the 2024 Paris Olympics--.pdf
 
My Bully Is My Lover Apk CH1 EP4 (Gallery Unlock, MOD)
My Bully Is My Lover Apk CH1 EP4 (Gallery Unlock, MOD)My Bully Is My Lover Apk CH1 EP4 (Gallery Unlock, MOD)
My Bully Is My Lover Apk CH1 EP4 (Gallery Unlock, MOD)
 
Enhancing Safety Protocols with Permit to Work (PTW) Software
Enhancing Safety Protocols with Permit to Work (PTW) SoftwareEnhancing Safety Protocols with Permit to Work (PTW) Software
Enhancing Safety Protocols with Permit to Work (PTW) Software
 
WordPress Getting Started: WordPress block themes
WordPress Getting Started: WordPress block themesWordPress Getting Started: WordPress block themes
WordPress Getting Started: WordPress block themes
 
Automating Enterprise Workflows with Node.pdf
Automating Enterprise Workflows with Node.pdfAutomating Enterprise Workflows with Node.pdf
Automating Enterprise Workflows with Node.pdf
 
CrushFTP 10.4.0.29 PC Software - WhizNews
CrushFTP 10.4.0.29 PC Software - WhizNewsCrushFTP 10.4.0.29 PC Software - WhizNews
CrushFTP 10.4.0.29 PC Software - WhizNews
 
Availability and Usage of Platform-Specific APIs: A First Empirical Study (MS...
Availability and Usage of Platform-Specific APIs: A First Empirical Study (MS...Availability and Usage of Platform-Specific APIs: A First Empirical Study (MS...
Availability and Usage of Platform-Specific APIs: A First Empirical Study (MS...
 
Transform Your Innovations with Best Product Engineering Services
Transform Your Innovations with Best Product Engineering ServicesTransform Your Innovations with Best Product Engineering Services
Transform Your Innovations with Best Product Engineering Services
 
Top 10 ERP Companies in UAE Banibro IT Solutions.pdf
Top 10 ERP Companies in UAE Banibro IT Solutions.pdfTop 10 ERP Companies in UAE Banibro IT Solutions.pdf
Top 10 ERP Companies in UAE Banibro IT Solutions.pdf
 
What is an Construction Equipment Management System?
What is an Construction Equipment Management System?What is an Construction Equipment Management System?
What is an Construction Equipment Management System?
 
Customer Relationship Management Systems.pptx
Customer Relationship Management Systems.pptxCustomer Relationship Management Systems.pptx
Customer Relationship Management Systems.pptx
 
Top 5 ERP Companies in India Banibro IT Solutions.pdf
Top 5 ERP Companies in India Banibro IT Solutions.pdfTop 5 ERP Companies in India Banibro IT Solutions.pdf
Top 5 ERP Companies in India Banibro IT Solutions.pdf
 
Python Objects and Data Structure Basics
Python Objects and Data Structure BasicsPython Objects and Data Structure Basics
Python Objects and Data Structure Basics
 
call bomber software for call centers.pdf
call bomber software for call centers.pdfcall bomber software for call centers.pdf
call bomber software for call centers.pdf
 
Augmented Reality (AR) in Ionic Apps Transforming User Experiences.pdf
Augmented Reality (AR) in Ionic Apps Transforming User Experiences.pdfAugmented Reality (AR) in Ionic Apps Transforming User Experiences.pdf
Augmented Reality (AR) in Ionic Apps Transforming User Experiences.pdf
 
4. The Build System _ Embedded Android.pdf
4. The Build System _ Embedded Android.pdf4. The Build System _ Embedded Android.pdf
4. The Build System _ Embedded Android.pdf
 

PVS-Studio and static code analysis technique

  • 1. PVS-Studio and static code analysis technique www.viva64.com
  • 2. What is «static code analysis»? • It is a technique that allows, at the same time with unit-tests, dynamic code analysis, code review and others, to increase code quality, increase its reliability and decrease the development time. • It should be noted that static code analysis is not a universal panacea and is maximally effective in conjunction with other methods of code testing.
  • 3. Who needs static code analysis? • Any medium-sized and large software development company – to increase code reliability and decrease its price, • Any small company and individual developers – in a lesser extent – to drink coffee instead of searching and fixing annoying bugs, • Anyone, who supports any old code, • Specialists for specific tasks (for instance, Sparce code analyzer for Linux kernel hackers).
  • 4. Static code analysis advantages • Allows to find bugs on early stages (the earlier the bug was spotted, the cheaper it is to be fixed), • High analysis speed, • Does not require to run the application, only an access to source code and (not always) – to preprocessed files, • Allows to locate bugs in code that is rarely executed (exception handlers, for instance).
  • 5. Static code analysis disadvantages • Possibility of false positive alarm on correct code, • Correct positive alarms on old code, which works correctly and which should better not be bothered, may be nauseous. • Comparatively small class of bugs detected due to the exponential difficulty of “honest” bug search. • Does not detects logical errors (this is a drawback of almost all automatic testing tools in contrast to code review and manually written unit tests).
  • 6. PVS-Studio • One of static code analysis tools for C and C++ languages (including C++CX, C++0x and C++11), • Developers – ООО «Program Verification Systems». • Site: http://www.viva64.com/ • From so on, main advantages of this tool will be listed.
  • 7. PVS-Studio: ease of use • Allows integration into Microsoft Visual Studio (except for Express version – it lacks extension mechanisms), • Includes PVS-Studio Standalone that does not require IDE at all, • Works quickly and “out-of-the-box”, does not require dedicated database servers and personnel training. • Can be integrated into the build system, • Fully-functional trial version.
  • 8. PVS-Studio: features • Incremental analysis allows to find bugs in new code after every build, • Message suppression allows to concentrate on a newly written code by hiding all the warning messages on the old code (of course, they can be reviewed later), • Special feature – search for bugs that shows up on porting 32-bit application into 64-bit ones.
  • 9. PVS-Studio: additional features • Quick tech support, • Users may ask for a features in a future releases. Our tool is expanding, and we try to take into account every request, • All errors are properly documented and there are a lot of examples (small fraction of them will be listed on the next slides).
  • 10. Examples of errors found in real-life applications Error #1 while (node != NULL) { if ((node->hashCode == code) && (node->entry.key == key)) { return true; } node = node->next; } while (node != NULL); It seems like do / while cycles was mixed up in a weird way here. Of course, second ‘while’ operator should never become an endless cycle, but is there actually ‘while’ and not ‘do’ cycle required?
  • 11. Examples of errors found in real-life applications Error #2 int main(int argc, char** argv) { .... if (getIsInteractiveMode()) //p->writePepSHTML(); //p->printResult(); // regression test? if (testType!=NO_TEST) { .... } } Even comments can sometimes harm the program, especially in the wrong place. In this piece of code second ‘if’ operator will only be evaluated if condition in first ‘if’ is true, but code formatting says that the opposite was intended. By the way, this error was found in unit tests.
  • 12. Examples of errors found in real-life applications Error #3 HRESULT SHEOW_LoadOpenWithItems(....) { .... if (_ILIsDesktop(pidl) || _ILIsMyDocuments(pidl) || _ILIsControlPanel(pidl) || _ILIsNetHood(pidl) || _ILIsBitBucket(pidl) || _ILIsDrive(pidl) || _ILIsCPanelStruct(pidl) || _ILIsFolder(pidl) || _ILIsControlPanel(pidl)) { TRACE("pidl is a foldern"); SHFree((void*)pidl); return E_FAIL; } .... } For everyone who thinks that every problem that was found by static code analyzer can also be found by code review. Good luck in figuring out what’s wrong here. And don’t forget that real code is much, much bigger than this fragment.
  • 13. Examples of errors found in real-life applications Error #3 HRESULT SHEOW_LoadOpenWithItems(....) { .... if (_ILIsDesktop(pidl) || _ILIsMyDocuments(pidl) || _ILIsControlPanel(pidl) || _ILIsNetHood(pidl) || _ILIsBitBucket(pidl) || _ILIsDrive(pidl) || _ILIsCPanelStruct(pidl) || _ILIsFolder(pidl) || _ILIsControlPanel(pidl)) { TRACE("pidl is a foldern"); SHFree((void*)pidl); return E_FAIL; } .... } Here it is. A repeated fragment in a logical expression. At least one of this repeated sentences is redundant. More likely scenario: one of this sentences is incorrect, and programmer should have meant something else.
  • 14. Examples of errors found in real-life applications Error #4 Style & w1Style = _pUserLang->_styleArray.getStyler(STYLE_WORD1_INDEX); styleUpdate(w1Style, _pFgColour[0], _pBgColour[0], IDC_KEYWORD1_FONT_COMBO, IDC_KEYWORD1_FONTSIZE_COMBO, IDC_KEYWORD1_BOLD_CHECK, IDC_KEYWORD1_ITALIC_CHECK, IDC_KEYWORD1_UNDERLINE_CHECK); Style & w2Style = _pUserLang->_styleArray.getStyler(STYLE_WORD2_INDEX); styleUpdate(w2Style, _pFgColour[1], _pBgColour[1], IDC_KEYWORD2_FONT_COMBO, IDC_KEYWORD2_FONTSIZE_COMBO, IDC_KEYWORD2_BOLD_CHECK, IDC_KEYWORD2_ITALIC_CHECK, IDC_KEYWORD2_UNDERLINE_CHECK); Style & w3Style = _pUserLang->_styleArray.getStyler(STYLE_WORD3_INDEX); styleUpdate(w3Style, _pFgColour[2], _pBgColour[2], IDC_KEYWORD3_FONT_COMBO, IDC_KEYWORD3_FONTSIZE_COMBO, IDC_KEYWORD3_BOLD_CHECK, IDC_KEYWORD3_BOLD_CHECK, IDC_KEYWORD3_UNDERLINE_CHECK); Style & w4Style = _pUserLang->_styleArray.getStyler(STYLE_WORD4_INDEX); styleUpdate(w4Style, _pFgColour[3], _pBgColour[3], IDC_KEYWORD4_FONT_COMBO, IDC_KEYWORD4_FONTSIZE_COMBO, IDC_KEYWORD4_BOLD_CHECK, IDC_KEYWORD4_ITALIC_CHECK, IDC_KEYWORD4_UNDERLINE_CHECK); Still not impressed? Well, here comes another example.
  • 15. Examples of errors found in real-life applications Error #4 Nice example of code produced by copy-paste technique featuring programmer who forgot to fix one word. This error is definitely hard to detect using only code review. However, if you enjoyed searching for errors, we have a quiz for you. Style & w1Style = _pUserLang->_styleArray.getStyler(STYLE_WORD1_INDEX); styleUpdate(w1Style, _pFgColour[0], _pBgColour[0], IDC_KEYWORD1_FONT_COMBO, IDC_KEYWORD1_FONTSIZE_COMBO, IDC_KEYWORD1_BOLD_CHECK, IDC_KEYWORD1_ITALIC_CHECK, IDC_KEYWORD1_UNDERLINE_CHECK); Style & w2Style = _pUserLang->_styleArray.getStyler(STYLE_WORD2_INDEX); styleUpdate(w2Style, _pFgColour[1], _pBgColour[1], IDC_KEYWORD2_FONT_COMBO, IDC_KEYWORD2_FONTSIZE_COMBO, IDC_KEYWORD2_BOLD_CHECK, IDC_KEYWORD2_ITALIC_CHECK, IDC_KEYWORD2_UNDERLINE_CHECK); Style & w3Style = _pUserLang->_styleArray.getStyler(STYLE_WORD3_INDEX); styleUpdate(w3Style, _pFgColour[2], _pBgColour[2], IDC_KEYWORD3_FONT_COMBO, IDC_KEYWORD3_FONTSIZE_COMBO, IDC_KEYWORD3_BOLD_CHECK, IDC_KEYWORD3_BOLD_CHECK, IDC_KEYWORD3_UNDERLINE_CHECK); Style & w4Style = _pUserLang->_styleArray.getStyler(STYLE_WORD4_INDEX); styleUpdate(w4Style, _pFgColour[3], _pBgColour[3], IDC_KEYWORD4_FONT_COMBO, IDC_KEYWORD4_FONTSIZE_COMBO, IDC_KEYWORD4_BOLD_CHECK, IDC_KEYWORD4_ITALIC_CHECK, IDC_KEYWORD4_UNDERLINE_CHECK);
  • 16. Examples of errors found in real-life applications Error #5 void ListJob::doStart() { Q_D( ListJob ); switch ( d->option ) { break; case IncludeUnsubscribed: d->command = "LIST"; break; case IncludeFolderRoleFlags: d->command = "XLIST"; break; case NoOption: default: d->command = "LSUB"; } .... } One single ‘break’ in unusual place may alter the whole ‘switch’ statement behavior. Or maybe it was intentional, wasn’t it?
  • 17. Conclusion • All the errors listed in this presentation was found in open-source projects. It proves that even professional programmers tend to make errors. • It is worth to remind that it is better to use the whole bunch of tools, not only static code analysis or only unit tests, and to give enough attention to refactoring and code quality. We are almost certain that this will pay for itself. Analyzer may find a misprint, but would never find a wrong algorithm! Unit tests may contain errors too, and human attention would hardly find a misprint in heaps of duplicate code. • Good luck with development!
  • 18. Additional links: • PVS-Studio: http://www.viva64.com/en/pvs-studio/ • Updatable List of Open-Source Projects Checked with PVS-Studio: http://www.viva64.com/en/a/0084/ • Blog: http://www.viva64.com/en/b/ • Twitter: https://twitter.com/Code_Analysis