October 27, 2016

About the benefits of a static code analyzer for programs

Forums: 

A lot of programmers make errors when writing the code and regardless of the size of the project, no one is immune to inattentiveness or unawareness of some new features. Static code analyzers are of great help in these cases. There is quite a number of such tools, but today we'll inspect PVS-Studio.

PVS-Studio is a tool for bug detection in the source code of programs, written in C, C++ and C#. The analyzer is available for programmers who are used to working on Windows OS and on Linux, where it can be embedded into any development environment due to the output similar to the compiler one.

In order to improve the quality of the product and the diagnostics in it, which find bugs; the developers tirelessly check new open-source projects and post the results of the checks in their blog.

PVS-Studio team found for more than 10000 bugs in various projects, among which there are many well-known projects, for example: Unreal Engine, React OS, Unity 3D, CryEngine 5, Open JDK, Serious Engine, GCC, Mono and many more.

Some bugs were quite indsignificant and happily lived in the analyzer projects without anybody noticing them. While others were very serious, arising questions like "How on Earth can a programmer code like that???".

For example,

A bug in the GCC compiler:

static bool
dw_val_equal_p (dw_val_node *a, dw_val_node *b)
{
  ....
  case dw_val_class_vms_delta:
    return (!strcmp (a->v.val_vms_delta.lbl1,
                     b->v.val_vms_delta.lbl1)
            && !strcmp (a->v.val_vms_delta.lbl1,
                        b->v.val_vms_delta.lbl1));
  ....
}

PVS-Studio warning: V501 There are identical sub-expressions '!strcmp(a->v.val_vms_delta.lbl1, b->v.val_vms_delta.lbl1)' to the left and to the right of the '&&' operator. dwarf2out.c 1428

A bug in Mono project:

static bool AreEqual (VisualStyleElement value1, 
                      VisualStyleElement value2)
{
  return
    value1.ClassName == value1.ClassName && // <=
    value1.Part == value2.Part &&
    value1.State == value2.State;
}

PVS-Studio warning: V3001 There are identical sub-expressions 'value1.ClassName' to the left and to the right of the '==' operator. ThemeVisualStyles.cs 2141

In both fragments, there were serious errors because of simple typos. As a result, in GCC a check of the string lbl1 is done twice, while the string lbl2 was forgotten at all. In Mono the name of the class is compared with itself.

PVS-Studio analyzer can easily cope with such problems. Moreover, previously it could be used only on Windows, but now the developers have released a new version of PVS-Studio for Linux.

The new version of PVS-Studio for GNU/Linux OS, in addition to the native version of the analyzer offers convenient variants of integration to the projects, using CMake and QMake and the display of the analysis results in the QtCreator and CLion IDE. The product is available as .deb, .rpm or .tgz packages. Soon the developers are planning to launch their own repositories for a convenient auto-updating of the tool.

The analyzer can be installed as Visual Studio plug-in and can do the analysis in the background of modified files after their compilation. PVS-Studio detects potential errors of three main groups: general analysis, optimizations and 64-bit issues. The diagnostic set of general analysis allows detecting logic errors, typos, code fragments, causing access violation, incorrect usage of algorithms from STL libraries and a lot more.

The best way to see the benefits from the use of the analyzer is to run it on your own project. You can download and try both versions of the product on their official site.

PVS-Studio - http://www.viva64.com/en/pvs-studio-download/

PVS-Studio for Linux - http://www.viva64.com/en/pvs-studio-download-linux/

Click Here!