Appreciate Static Code Analysis!

Andrey Karpov
Articles: 328



I am really astonished by the capabilities of static code analysis even though I am one of the developers of PVS-Studio analyzer myself. The tool surprised me the other day as it turned out to be smarter and more attentive than I am.

Рисунок 5

You must be careful when working with static analysis tools. Code reported by the analyzer often looks fine and you are tempted to discard the warning as a false positive and move on. Even I, one of the PVS-Studio developers, fall into this trap and fail to spot bugs every now and then. A few days ago, I opened two tickets in our bug tracker reporting the V614 diagnostic, which looks for use of uninitialized variables and arrays.

In both cases, I was sure the analyzer was wrong and needed fixing up. Here's the first case:

Рисунок 6

I read this code four times but saw nothing suspicious. I concluded it was a false positive that needed fixing, but the analyzer was actually right, while I was not attentive enough.

The caption buffer remains uninitialized. Look at the first lines: both strings are written to buffer text. This is a typo and I overlooked it.

The second case is even more epic:

Рисунок 7

PVS-Studio warned about the use of uninitialized buffer buf. Nonsense! I reported it as a bug to be fixed since it was obvious that the sprintf function did initialize the buffer and the code was fine.

No way! Again, PVS-Studio was right and I was wrong. The creation excelled the creator. :)

Look what the mean author of that code wrote in one of the header files:

Рисунок 3

sprinf expands into std::printf. Yes, that is right, sprintf does the same as printf in this program.

What a shame! It turns out the printf function uses uninitialized buffer buf as a format string.

So, appreciate and use static code analyzers! They will help save your time and nerve cells.



Use PVS-Studio to search for bugs in C, C++, and C# code

We offer you to check your project code with PVS-Studio. Just one bug found in the project will show you the benefits of the static code analysis methodology better than a dozen of the articles.

goto PVS-Studio;

Andrey Karpov
Articles: 328


Do you make errors in the code?

Check your code
with PVS-Studio

Static code analysis
for C, C++, and C#

goto PVS-Studio;
On our website we use a cookie to collect information of a technical nature.
If you do not agree, please leave the site. Learn More →
Do not show again