PVS-Studio corporate blog
20 August

PVS-Studio: Engine of Progress

Рисунок 1

A PVS-Studio team and our product make a great contribution to upgrading of software quality. Moreover, in addition to detecting errors in closed and open source projects, there is an indirect contribution to the development of compilers and other tools of code analysis. We are pleased that in some cases we are trendsetters and we decided to dedicate a small note to this in our blog.

PVS-Studio is a static code analyzer for detecting errors and potential vulnerabilities in source code of programs, written in C, C ++, C# and Java.

To popularize the methodology of static code analysis and our tool, we write articles on checks of various open projects. In addition, we check various compilers once in a while. For example, we've tested and found bugs in projects such as: GCC, LLVM, PascalABC.NET, Roslyn.

More than once we've come across an interesting fact. As soon as we check, let's say, LLVM or GCC, a couple of new diagnostics appear in these compilers in the next or in the next but one release. And they detect errors that PVS-Studio managed to find in their code :). Unfortunately, we haven't noted the dates and links to corresponding improvements, so you'll have to take our word for it. Various C++ compilers borrow some of our diagnostics and we think it's perfectly normal, right and useful!

In addition to C++ compilers, C# analyzers have also started adopting ideas of our diagnostics. Which means, the C# analyzer, implemented in PVS-Studio, has become another lodestar! It's nice and cool to be aware of it.

In this case, I can track how it happened, let's say, in real time. On August 13, 2019 we posted a large article on the check of .NET Core Libraries (CoreFX). Among other things, this article describes an error pattern related to usage of interpolated strings (see the V3138 diagnostic). CoreFX developers took an interest in our publication and began to correct the errors we found. And on August 14, they got to the errors we found related to these very interpolated strings: Fix a few missing $s for string interpolation in tracing.

Here starts the most interesting part. In that very day, a new task appeared in the Roslyn Analyzers project on implementing a new diagnostic "New rule: Interpolated strings that are missing the $ special character #2767", related right to errors, fixed in CoreFX. We're so glad that our efforts turned out to be useful for CoreFX developers and our diagnostics have become a role model for Roslyn Analyzers developers. It is a bit unfortunate that the PVS-Studio tool isn't mentioned anywhere in the discussion. It seems as if they found those errors and came up with the idea to make diagnostics themselves. Of course, we would be flattered, if we were mentioned as the original source. Well, that's fine.

Why did we decide to write about all this? We are very pleased and we are even a bit proud of ourselves! By studying our experience, other compilers implement new diagnostics, it improves the quality of developed software as a whole. I understand that we aren't the only one who influence the development of compiler's error-finding capabilities. However, we are pleased to know that we are contributing to this process.

Are we concerned that other tools are gradually learning to find the same bugs as PVS-Studio? No. Our tool exists and is sold right for the reason that we are always ahead of compilers' capabilities. Our purpose is to always stay ahead. The awareness that someone is constantly making up for us doesn't leave us the right to relax, and it benefits everyone. In addition, it should be understood that PVS-Studio is not only warnings, but also:

  • Fast high-quality support (only programmers respond to mail);
  • Integration with Visual Studio, IntelliJ IDEA, SonarQube, Jenkins, IncrediBuild;
  • The ability to use the tool both locally and in the cloud (Docker, Travis CI);
  • Tools to integrate analysis into big old projects (Mass Suppression);
  • Detailed documentation with examples for each error pattern;
  • The mechanism for sending mails to developers (BlameNotifier);
  • Compiler runs monitoring (Compiler Monitoring);
  • And so on.

Thank you for your attention. Hopefully, you share our joy for PVS-Studio. Try our analyzer for continuous code quality control of your projects.

Additional links:

  1. PVS-Studio Graph of Diagnostic Abilities Development.
  2. Technologies used in the PVS-Studio code analyzer for finding bugs and potential vulnerabilities.

+20
344 1
Leave a comment