static code analyzer

Myths about static analysis. The third myth - dynamic analysis is better than static analysis.

While communicating with people on forums, I noticed there are a few lasting misconceptions concerning the static analysis methodology. I decided to write a series of brief articles where I want to show you the real state of things.

The third myth is: "Dynamic analysis performed by tools like valgrind for C/C++ is much better than static code analysis".

Myths about static analysis. The fourth myth - programmers want to add their own rules into a static analyzer.

While communicating with people on forums, I noticed there are a few lasting misconceptions concerning the static analysis methodology. I decided to write a series of brief articles where I want to show you the real state of things.


The fourth myth is: "A static analyzer must enable users to add user-made rules. Programmers want to add their own rules."


No, they don't. They actually want to solve some tasks of searching for particular language constructs. It is not the same thing as creating diagnostic rules.

90 errors in open-source projects

There are actually 91 errors described in the article, but number 90 looks nicer in the title. The article is intended for C/C++ programmers, but developers working with other languages may also find it interesting.
  • C/C++
  • errors
  • bugs
  • PVS-Studio
  • code review
  • static code analyzer
  • Security Community
  • Открытые исходные коды
  • Параллельные вычисления
  • Myths about static analysis. The first myth - a static analyzer is a single-use product

    While communicating with people on forums, I noticed there are a few lasting misconceptions concerning the static analysis methodology. I decided to write a series of brief articles where I want to show you the real state of things.

    The first myth is: "A static analyzer is a single-use product".

    This is how this statement looks in discussions on forums (this is a collective image):

    When you have a trial/cracked version, you can run it for free on all your projects to find several old errors and feel satisfied for some time.

    How to make fewer errors at the stage of code writing. Part N3.

    This is the third article where I will tell you about a couple of new programming methods that can help you make your code simpler and safer. This time we will take samples from the Qt project.
  • C/C++
  • Qt*/QML
  • PVS-Studio
  • code review
  • static code analyzer
  • Параллельные вычисления
  • Cases when a static code analyzer may help you

    Cases when a static code analyzer may help you

    Author: Andrey Karpov

    Date: 24.12.2010

    The static code analysis method is the method of searching for places in program text that are highly probable to contain errors. Programmers use special tools called static code analyzers for this purpose. Having got a list of suspicious code lines, a programmer reviews the corresponding code and fixes errors detected.

    Static analysis and regular expressions

    I develop the PVS-Studio static code analyzer intended for analyzing C/C++ software. After we implemented general analysis in PVS-Studio 4.00, we received a lot of responses, both positive and negative. By the way, you are welcome to download a new version of PVS-Studio where we have fixed a lot of errors and defects thanks to users who told us about them.

    Подписаться на static code analyzer