Static code analysis

Myths about static analysis. The fourth myth - programmers want to add their own rules into a static analyzer.

While communicating with people on forums, I noticed there are a few lasting misconceptions concerning the static analysis methodology. I decided to write a series of brief articles where I want to show you the real state of things.


The fourth myth is: "A static analyzer must enable users to add user-made rules. Programmers want to add their own rules."


No, they don't. They actually want to solve some tasks of searching for particular language constructs. It is not the same thing as creating diagnostic rules.

Myths about static analysis. The fifth myth - a small test program is enough to evaluate a tool.

While communicating with people on forums, I noticed there are a few lasting misconceptions concerning the static analysis methodology. I decided to write a series of brief articles where I want to show you the real state of things.


The fifth myth: "You can easily evaluate capabilities of a static analyzer on a small test code".


This is how this statement looks in discussions on forums (this is a collective image):

Myths about static analysis. The second myth - expert developers do not make silly mistakes.

While communicating with people on forums, I noticed there are a few lasting misconceptions concerning the static analysis methodology. I decided to write a series of brief articles where I want to show you the real state of things.

The second myth is: "Expert developers do not make silly mistakes that are mostly caught by static code analyzers".

This is how this statement looks in discussions on forums (this is a collective image):

Myths about static analysis. The first myth - a static analyzer is a single-use product

While communicating with people on forums, I noticed there are a few lasting misconceptions concerning the static analysis methodology. I decided to write a series of brief articles where I want to show you the real state of things.

The first myth is: "A static analyzer is a single-use product".

This is how this statement looks in discussions on forums (this is a collective image):

When you have a trial/cracked version, you can run it for free on all your projects to find several old errors and feel satisfied for some time.

Как в PVS-Studio мы решали одну инженерную задачу в течение нескольких лет

Сначала я хотел назвать эту заметку "Как PVS-Studio позволяет ДЕШЕВО внедрить статический анализ кода в процесс разработки", но не решился из-за двусмысленного толкования слова "дешево". Поэтому я расскажу об одной инженерной проблеме, которую мы постоянно должны были решать для того, чтобы люди пользовались нашим продуктом. Забегая вперед, скажу, что, как мне кажется, мы ее решили.

How we have Solved an Engineering task for Several Years in PVS-Studio

PVS-Studio

At first I wanted to title this post "How PVS-Studio enables cheap integration of static code analysis into the development process" but I decided not to do it because of the ambiguous interpretation of the word "cheap". So I will tell you about one engineering problem we had to solve constantly to enable people to use our product. Going a bit ahead I want so say that we seem to have solved it.

Assine o Static code analysis