Love static code analysis

I am shocked by the possibilities of static code analysis, although I myself participate in the development of the PVS-Studio tool. The other day I was genuinely surprised that the analyzer was smarter and more attentive than me.

Working with static code analysis tools requires care. Very often the code pointed to by the analyzer seems correct. I just want to count the warning as a false positive and go further. Even I, one of the developers of PVS-Studio, fall into this trap and do not see the error. The other day I discovered 2 tickets in our bugtracker regarding the V614 diagnostics, which seeks the use of uninitialized variables and arrays.

In both cases, I thought that the analyzer was wrong and I had to fix something in it. The first case:

I read this code four times, but did not see the error. And I decided that this is a false positive that needs to be corrected. But the analyzer is right, and I'm just an inattentive person.
')
The caption buffer remains uninitialized. Look above, there both lines are loaded into the text buffer. A typo. I could not see her.

And here is another more epic case:

The PVS-Studio analyzer says that an uninitialized buffer buf is used . This makes no sense. And I unsubscribe this case in the bugtracker as a bug that needs to be fixed. After all, it is obvious that the sprintf function initializes the buffer and everything in this code is good.

Nifiga! PVS-Studio analyzer is right again, not me. The case when the creation has surpassed the creator. :)

A very bad programmer wrote this in one of the header files:

See, sprinf is expanded in std :: printf . Yes, yes, in this program sprintf is the same as printf .

What a horror. It turns out that the printf function uses the uninitialized buffer buf as a control string.

Love and use static code analyzers! They will save you nerves and time.


If you want to share this article with an English-speaking audience, then please use the link to the translation: Andrey Karpov. Appreciate Static Code Analysis!