From time to time we tell you news about our internal researches and developments conducted by the developer team of the PVS-Studio static analyzer for C/C++. Today I'm going to tell you about a new solution we are currently working on within the framework of our main product.
C++ Builder support in PVS-Studio had been dropped after version 5.20. If you have any questions, feel free to contact our support. Analysis based on pre-generated preprocessed files is no longer supported too. Please consider using the Compiler Monitoring mode instead. This mode allows a generation and analysis of preprocessed files automatically during regular build process.
Those who follow the news about our project (or even use it) know that our analyzer was initially a plugin for Visual Studio only. Then we added a feature allowing using it as a console application integrated into Makefile (ask me if you don't know how to do that). After that, in the beginning of this year, we added C++Builder integration. By the way, we have quite few C++Builder users currently and we can't figure out why. Finally, it has recently occurred to us that it would be nice to create a standalone version.
Now, how do users see an ideal static code analyzer (be it a spherical analyzer in vacuum or not)? Relying on my experience in this field, I've worked out the following image. A user downloads the utility, specifies a folder with his source code, and clicks on a large green button "Find All Bugs!" No customization, no "project integration". Users don't need that, do they? No, they don't. However, the analyzer does. It at least needs information about #include's and #define's, if you work in C++. This information is necessary for the task of code preprocessing.
And here we face a necessity to choose among the following ways:
We took the fourth path and tried the following thing. It occurred to us: what if the analyzer gets as the source information already preprocessed files instead of common source .cpp-files? That is, it gets files already processed by the preprocessor. It will free us from the necessity of calling the preprocessor and therefore keeping track of all those #include's and #define's.
This image is not quite the same as the above description of an ideal analyzer of course, yet it allows you to use PVS-Studio for almost any C/C++ project regardless of IDE it's being developed under.
So, the tool being developed in our secret lab looks something like this:
Figure 1 - The dialogue of launching analysis for preprocessed files.
First, we specify a folder with preprocessed .i-files - it is them that the tool will analyze.
Second, we specify a folder with source codes. It is necessary for more precise error detection. Besides, it will be more convenient (from now on) to navigate through user .cpp-files instead of .i-files which don't look very comprehensible to a human.
Third, we specify a folder with system include-files - the most basic ones like <string> or <stream>. What for? For the analyzer to know that this folder contains files for which it shouldn't generate any diagnostic messages.
So, we can "feed" the preprocessed files to this utility and then run analysis on them. It is in this way that we are currently checking the Boost project. By the way, we'll post a report about Boost check soon - subscribe to our blog not to miss it. Once analysis is done, we get a list of diagnostic messages which looks like this:
Figure 2 - The list of diagnostic messages displayed after checking .i-files.
Note that you are not looking at Visual Studio or RAD Studio. This is an independent utility that mimics (or rather exploits) the PVS-Studio window. Like PVS-Studio, It has an integrated code editor (Scintilla from Notepad++) to provide you with enough functionality for bug handling:
Figure 3 - A full-blown code editor.
This post cannot pretend to be a complete description of our secret utility of course, yet we already can answer some of your questions.
Who does NOT need this utility? Those who don't have any troubles checking their projects with PVS-Studio plugin for Visual Studio and C++Builder. Who NEEDS this utility? Those who want to check their source codes with PVS-Studio using other IDE's and/or project files our command line version cannot integrate into.
What would you like our application to look like? Do you find the concept of checking preprocessed files convenient? Do you think the utility lacks any capabilities? Should we continue working on it or drop it if most users appear to find our Microsoft/Embarcadero integration quite enough?
P.S. By the way, we have updated the design of our bug database where we store error samples found in open source projects.
Unfortunately, we must make the PVS-Studio 4.00 static analyzer completely paid. We intended to make only the set of 64-bit rules paid while keeping the general analysis and OpenMP-software analysis free. But the world is stern and we've found no support.