The PVS-Studio team and our product make a great contribution to the development of software quality. Moreover, in addition to the explicit detection of errors in closed and open projects, there is an indirect contribution to the development of compilers and other code analysis tools. We are pleased that we are sometimes trendsetters and we decided to devote a small note to this on our blog.
PVS-Studio is a static analyzer for detecting errors and potential vulnerabilities in the source code of programs written in C, C ++, C # and Java.
To popularize the methodology of static code analysis and our tool, we write notes on the verification of various open source projects
. In particular, we check various compilers from time to time. For example, we checked and found errors in such projects as: GCC, LLVM, PascalABC.NET, Roslyn.
We have repeatedly noticed an interesting fact. As soon as we check, say, LLVM or GCC, after one or two releases in these compilers a couple of new diagnostics appear, aimed at identifying errors that PVS-Studio could find in their code :). Unfortunately, we did not guess to write out dates and links to relevant innovations, so you have to take our word for it here. Various C ++ compilers borrow some of our diagnostics, and we believe that this is completely normal, correct and useful!
In addition to C ++ compilers, C # analyzers are now connected to borrowing diagnostics. This means that the C # analyzer implemented in PVS-Studio becomes a different role model! Realizing this is nice and great.
In this case, I can fix, we can say, in real time, how this happens. On August 13, 2019, we published a large article
dedicated to checking .NET Core Libraries (CoreFX). Among other things, in this article we described the error pattern associated with the use of interpolated strings (see V3138
diagnostics). CoreFX developers reacted with interest to our publication and set about fixing the bugs we found. And already on August 14, they got to the errors we found related to these very interpolated lines: Fix a few missing $ s for string interpolation in tracing
Now the fun part. On the same day, a task appeared in the Roslyn Analyzers project to implement the new diagnostics " New rule: Interpolated strings that are missing the $ special character # 2767
", which is connected with the bugs fixed in CoreFX.
We are pleased that our work was useful to the CoreFX developers and that our diagnostics became an example for Roslyn Analyzers developers to follow. It’s a pity that the PVS-Studio tool is not mentioned anywhere in the discussion. It turns out that as if they themselves found these errors and themselves came up with a diagnosis. Of course, we would be flattered if we were mentioned as the source. Anyway.
Why did we decide to write about all this? We are very pleased, and we are even a little proud of ourselves! Studying our experience, other compilers implement new diagnostics, which improves the quality of the developed software as a whole. I understand that not only do we influence the development of compilers' ability to find errors. However, we are pleased to be aware that we are contributing to this process.
Does it bother us that other tools are gradually learning to find the same errors as PVS-Studio? Not. Our tool just exists and is sold for the reason that we are always ahead of the compiler. Our task is to always stay ahead. Awareness of the fact that we are constantly being caught up does not allow us to relax, and it benefits everyone. In addition to this, one must understand that PVS-Studio is not only warnings, but also:
- Fast high-quality support (only programmers answer letters);
- Integration with Visual Studio, IntelliJ IDEA, SonarQube, Jenkins, IncrediBuild;
- Ability to use both locally and in the cloud (Docker, Travis CI);
- Tools for integrating analysis into large old projects (Mass Suppression);
- Detailed documentation with examples for each error pattern;
- The mechanism for sending letters to developers (BlameNotifier);
- Compiler Monitoring (Compiler Monitoring);
- And so on.
Thanks for attention. I hope you were happy with us for PVS-Studio. And try
our analyzer for continuous quality control of the code of your projects.
- The schedule for the development of diagnostic capabilities in PVS-Studio .
- Technologies used in the PVS-Studio code analyzer to search for errors and potential vulnerabilities .
If you want to share this article with an English-speaking audience, then please use the link to the translation: Andrey Karpov. PVS-Studio: Engine of Progress