PVS-Studio and GitHub community: let the friendship begin

Sofiya Fateeva
Articles: 2



Some time ago it was decided to make PVS-Studio static code analyzer free for certain categories of developers: students for educational purposes, individual developers and teams of enthusiasts. Gradually the number of free users increases, but we decided to remind about this possibility because some developers might have missed this news.

Picture 1

So, it all started with the article: How to use PVS-Studio for free.

The first reaction of users was quite controversial. On the one hand, individual developers were happy to use the tool for free, but on the other hand we faced with discontent about the required comments in the code. Initially there was no secret that the proposed comments would not fit everybody, and that was the point in all that. As we have already mentioned in the previous news posts, if none of the variants of free use fits, we suggest discussing the idea of purchasing the license.

Now we decided to monitor how you a free version of PVS-Studio will be distributed among the GitHub community. To do this, we contacted those GitHub developers who are already using the free version of our analyzer. Perhaps, having read a few reviews, some developers might want to begin using the analyzer in the development of their projects.

Picture 2

As you can see on the screenshot, there are not that many people, using PVS-Studio yet. But the number continues gradually growing. Let's have a look at some reviews of these users.

What people say about us

Below you will find some reviews from GitHub developers who use the free version of PVS-Studio.

Evgeniy Lepikhin (TrafficProcessor project):

I don't write in C++ much, and I use static code analyzers even less (there aren't many working under Linux). In comparison with lint, your analyzer was easily installed and was effortlessly integrated in the IDE. I cannot say much regarding the quality of the analyzer itself- I don't have much experience in that. But it works, doesn't glitch and it's already enough.

Alexey Schadin (NppKate project):

In general I am satisfied with the work of the analyzer, thanks to PVS-Studio team for their work. Unfortunately my project is very small; before that buy used analysis that is done by MS Visual Studio 2015 that's why the list of potentially troublesome places was very small (less than 10 items). I also liked the interface looking at the description of the warning it's clear how to correct the error. Thank you for making Open Source products better! I will also use this tool and other open source projects if the policy of the company doesn't change.

We should issue Alex and other developers that our company is not going to change that policy in the nearest future - the free version is a long-term project.

Sergey Zhejgurov (ToolsGenGkode project):

I am very pleased with your program especially with the ability to use it without the need to buy it, because programming in C# is just my hobby and purchasing the license would be not expedient for me. However, finding bugs is very useful due to my lack of experience C#. I am very happy that your company made it possible to use the program for free :-)

Alibek Omarov (cs16-clientproject):

I have long been following the news of PVS-Studio and took part in the beta testing of the analyzer for Linux. I am "Chuffed to bits". The tool does its work looking for context typos and does it really well. The free license was very helpful to me because I am an individual developer and moreover an amateur developer.

Alexey Lesovskij (pgcenter project):

Yes, I use PVS-Studio in my project because I am not a professional developer but more of a system administrator, that's why I tend to make many unobvious mistakes. When programming, PVS-Studio points to the bugs and I try to correct using those recommendations that are given on the website. To my mind, PVS-Studio is a very useful tool that allows correcting bugs in the code and helps a developer to improve the coding skills. It's very easy to use PVS-Studio, the setting, analysis understanding of the warnings is not hard at all.

Although, it would be unfair to cite only positive feedback in this article. We take constructive criticism normally, and that's why we would like to share one more review.

Grigoriev Vitaliy - network application security specialist says:

I have being using your tool to work for several years and wrote to you several times about the bugs and flaws I found in it .

It seems to me that you have chosen an incorrect way of providing the tool to the users.

Your approach has several disadvantages. The first is everything depends on the honesty of the developers and the license agreement. It's impossible in the Russian conditions.

Another - you have no ability to check whether the project is open source or not .

One more point - how are you going to promote your tool among the programmers if you want to attract foreign programmers, but the "advertisement" is hidden inside the code? You must promote your analyzer among large projects on GitHub; but even those large programs that are absolutely free will not agree to add any comments to their files.

I suggest having a look at the way Soverity Scan does their advertisement - they have a website for using the tool for free and complete integration with various repositories ... Integration with Travis-CI and so on. In addition to this is the advertisement as a README tag that everybody sees. Such an approach excludes all the disadvantages provided above. That's why Coverity is used in every other project on Git. Also, I think you have already considered such a variant but for some reason didn't decide to do this. This is probably because your action is temporary or due to the expenses for the development of a new website.

One more minus is that you write very long, but not very complete settings manuals (for example integration to a build system Cmake in Linux and so on.) They have very few user cases and practical components. The number of various projects is really large and they get built differently but the examples examples are given for one or two simplest cases...

If you made your extension for CLion but not using other approaches - that would be very useful. Almost all the companies that develop programs for Linux have switched it to CLion and the number of people who are still using "Vim and the analogues" is decreasing. In general I recommend having a look at the products by JetBrains to be exact by TeamCity and YouTrack. These are tools that are used by almost ALL large and medium sized companies and the integration of PVS-Studio there will be a very correct Business model.

Thanks, Vitaliy, for such a detailed review but still, there are some moments we need to comment.

  • A free version of PVS-Studio is not a temporary action, it is done permanently. We're happy that we can help enthusiastic developers to use a commercial product for free.
  • Yes, Coverity is an example for us and we try to follow it: this company is really an authority for us. However, we decided to take another way regarding the free license.The thing is that we want to make a free license not only for open source projects. And and there is some advantage for developers. Yes we won't be able to check the honesty of a developer but those companies that respect themselves, won't be using cheating methods and those who will, aren't our clients anyway.
  • Speaking about CLion. PVS-Studio for Linux appeared quite recently, and we've done the integration of the analyzer through a CMake project file (this is how it looks and is configured http://www.viva64.com/en/m/0036/). We are considering now an ability to release an extension for the IDE.

Conclusion

We would like to thank all the developers that gave us the feedback. We were very pleased to talk to them and get the positive opinions.

In general we're quite happy about the feedback we got. Despite a negative reaction in the beginning, the developers are now taking advantage of using a free version of PVS-Studio. We think that this is the beginning of our friendship with the GitHub community. You are welcome to join. We suggest downloading and trying PVS-Studio for free on your project. Let's be friends!

If you have any questions regarding this setting integration and using PVS-Studio you may always contact us. We always try to help the developers fight against bugs.



Use PVS-Studio to search for bugs in C, C++, C# and Java

We offer you to check your project code with PVS-Studio. Just one bug found in the project will show you the benefits of the static code analysis methodology better than a dozen of the articles.

goto PVS-Studio;

Sofiya Fateeva
Articles: 2


Bugs Found

Checked Projects
344
Collected Errors
12 970