Thanks to the Compiler Explorer project, programmers can now quickly prepare synthetic examples of C and C++ code and see what results PVS-Studio will produce when run on them.
Here is an example of code with two bugs in it, which demonstrates PVS-Studio's data flow analysis abilities.
First, there is a typo that leads to storing the addresses of two allocated buffers twice in a row into the 'a' variable. This results in losing one of the pointers, and so the analyzer warns us about a memory leak. Another effect of that typo is null pointer dereferencing in the 'use' function.
Second, the memory was allocated using the 'new' operator but freed using the 'free' function.
The analyzer reports all these defects by issuing a few warnings:
V522 Dereferencing of the null pointer 'p' might take place. The null pointer is passed into 'use' function. Inspect the first argument. Check lines: 7, 18.
V773 The 'a' pointer was assigned values twice without releasing the memory. A memory leak is possible.
V519 The 'a' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 14, 15.
V611 The memory was allocated using 'new' operator but was released using the 'free' function. Consider inspecting operation logics behind the 'a' variable.
We have prepared a few more examples demonstrating other diagnostic abilities of the PVS-Studio analyzer:
You can modify our examples or compose your own from scratch.
Applications of the feature
There are a few things you can do with PVS-Studio in online mode on Compiler Explorer:
- Explore the analyzer's diagnostic abilities;
- Generate a permanent link to the warning case by clicking "Share" and send it to your friend or coworker;
- Write a working example demonstrating your problem and share a permanent link to it with our support;
- Prepare illustrative examples for articles on static code analysis.
What you shouldn't try to do in this mode:
- Compare static analyzers based on how they perform on synthetic examples. Analyzers are sensitive to how such short synthetic tests are written and may perform differently on them from what they would do on a real code base. See the article "A Note of Caution about Using PVS-Studio on godbolt.org" for more details about that.
- Determine if PVS-Studio is a good choice for your project. The most reliable way to do this is to download the demo version and check your code base. Also remember that PVS-Studio is not only about diagnostics but also about a highly developed infrastructure and integration with Visual Studio, Rider, TeamCity, PlatformIO, Azure DevOps, Travis CI, CircleCI, GitLab CI/CD, Jenkins, SonarQube, and so on.
A note for students and teachers
Compiler Explorer comes in handy when you need to do a short lab assignment on programming. You can write a code snippet, make sure it compiles, run it, and see the results. You can then generate a link to share with your teacher for assessment.
In addition to this, there is now the ability to check the code using PVS-Studio which will help to get started with static analysis. We know that students and teachers are using PVS-Studio in free mode quite a lot. The new feature makes experimenting with PVS-Studio especially easy for those who use Compiler Explorer to teach and learn C and C++.