Appreciate Static Code Analysis!

Andrey Karpov
Articles: 332

I am really astonished by the capabilities of static code analysis even though I am one of the developers of PVS-Studio analyzer myself. The tool surprised me the other day as it turned out to be smarter and more attentive than I am.

Рисунок 5

You must be careful when working with static analysis tools. Code reported by the analyzer often looks fine and you are tempted to discard the warning as a false positive and move on. Even I, one of the PVS-Studio developers, fall into this trap and fail to spot bugs every now and then. A few days ago, I opened two tickets in our bug tracker reporting the V614 diagnostic, which looks for use of uninitialized variables and arrays.

In both cases, I was sure the analyzer was wrong and needed fixing up. Here's the first case:

Рисунок 6

I read this code four times but saw nothing suspicious. I concluded it was a false positive that needed fixing, but the analyzer was actually right, while I was not attentive enough.

The caption buffer remains uninitialized. Look at the first lines: both strings are written to buffer text. This is a typo and I overlooked it.

The second case is even more epic:

Рисунок 7

PVS-Studio warned about the use of uninitialized buffer buf. Nonsense! I reported it as a bug to be fixed since it was obvious that the sprintf function did initialize the buffer and the code was fine.

No way! Again, PVS-Studio was right and I was wrong. The creation excelled the creator. :)

Look what the mean author of that code wrote in one of the header files:

Рисунок 3

sprinf expands into std::printf. Yes, that is right, sprintf does the same as printf in this program.

What a shame! It turns out the printf function uses uninitialized buffer buf as a format string.

So, appreciate and use static code analyzers! They will help save your time and nerve cells.

Use PVS-Studio to search for bugs in C, C++, and C# code

We offer you to check your project code with PVS-Studio. Just one bug found in the project will show you the benefits of the static code analysis methodology better than a dozen of the articles.

goto PVS-Studio;

Andrey Karpov
Articles: 332

Do you make errors in the code?

Check your code
with PVS-Studio

Static code analysis
for C, C++, and C#

goto PVS-Studio;
We use cookies for the analysis of events to improve our content and make user interaction more convenient. By continuing the view of our web-pages you accept the terms of using these files. You can find out more about cookie-files and privacy policy or close the notification, by clicking on the button. Learn More →
Do not show