static code analyzer

Myths about static analysis. The third myth - dynamic analysis is better than static analysis.

While communicating with people on forums, I noticed there are a few lasting misconceptions concerning the static analysis methodology. I decided to write a series of brief articles where I want to show you the real state of things.

The third myth is: "Dynamic analysis performed by tools like valgrind for C/C++ is much better than static code analysis".

Myths about static analysis. The fourth myth - programmers want to add their own rules into a static analyzer.

While communicating with people on forums, I noticed there are a few lasting misconceptions concerning the static analysis methodology. I decided to write a series of brief articles where I want to show you the real state of things.


The fourth myth is: "A static analyzer must enable users to add user-made rules. Programmers want to add their own rules."


No, they don't. They actually want to solve some tasks of searching for particular language constructs. It is not the same thing as creating diagnostic rules.

90 errors in open-source projects

There are actually 91 errors described in the article, but number 90 looks nicer in the title. The article is intended for C/C++ programmers, but developers working with other languages may also find it interesting.
  • C/C++
  • errors
  • bugs
  • PVS-Studio
  • code review
  • static code analyzer
  • Security Community
  • Open source
  • Elaborazione parallela
  • Myths about static analysis. The first myth - a static analyzer is a single-use product

    While communicating with people on forums, I noticed there are a few lasting misconceptions concerning the static analysis methodology. I decided to write a series of brief articles where I want to show you the real state of things.

    The first myth is: "A static analyzer is a single-use product".

    This is how this statement looks in discussions on forums (this is a collective image):

    When you have a trial/cracked version, you can run it for free on all your projects to find several old errors and feel satisfied for some time.

    Cases when a static code analyzer may help you

    Cases when a static code analyzer may help you

    Author: Andrey Karpov

    Date: 24.12.2010

    The static code analysis method is the method of searching for places in program text that are highly probable to contain errors. Programmers use special tools called static code analyzers for this purpose. Having got a list of suspicious code lines, a programmer reviews the corresponding code and fixes errors detected.

    Iscriversi a static code analyzer