SlideShare a Scribd company logo

Difficulties of comparing code analyzers, or don't forget about usability

•
•
P
PVS-Studio

Users' desire to compare different code analyzers is natural and understandable. However, it's not so easy to fulfill this desire as it may seem at first sight. The point is that you don't know what particular factors must be compared.

Technology
1 of 4
Download to read offline
Difficulties of comparing code analyzers, or don't forget about usability Authors: Evgeniy Ryzhkov, Andrey Karpov Date: 31.03.2011 Abstract Users' desire to compare different code analyzers is natural and understandable. However, it's not so easy to fulfill this desire as it may seem at first sight. The point is that you don't know what particular factors must be compared. Introduction If we eliminate such quite ridiculous ideas like "we should compare the number of diagnosable errors" or "we should compare the number of tool-generated messages", then even the reasonable parameter "signal-to-noise ratio" doesn't seem to be an ideal criterion of estimating code analyzers. You doubt that it's unreasonable to compare the mentioned parameters? Here you are some examples. What parameters are just unreasonable to compare Let's take a simple (at first sight) characteristic like the number of diagnostics. It seems that the more diagnostics, the better. But the general number of rules doesn't matter for the end user who exploits a particular set of operating systems and compilers. Diagnostic rules which are relevant to systems, libraries and compilers he doesn't use won't give him anything useful. They even disturb him overloading the settings system and documentation, and complicate use and integration of the tool. Here you an analogy: say, a man comes in a store to buy a heater. He is interested in the domestic appliances department and it's good if this department has a wide range of goods. But the customer doesn't need other departments. It's OK if he can buy a inflatable boat, cell phone or chair in this store. But the inflatable boats department doesn't enlarge the range of heaters anyway. Take, for instance, the Klockwork tool that supports a lot of various systems, including exotic ones. One of them has a compiler that easily "swallows" this code: inline int x; The Klocwork analyzer has a special diagnostic message to detect this anomaly in code: "The 'inline' keyword is applied to something other than a function or method". Well, it seems good to have such a diagnostic. But developers using the Microsoft Visual C++ compiler or any other adequate compiler won't benefit from this diagnostic anyhow. Visual C++ simply doesn't compile this code: "error C2433: 'x' : 'inline' not permitted on data declarations". Another example. Some compilers provide poor support of the bool type. So Klockwork may warn you when a class member is assigned the bool type: "PORTING.STRUCT.BOOL: This checker detects situations in which a struct/class has a bool member".
"They wrote bool in class! How awful..." It's clear that only few developers will benefit from having this diagnostic message. There are plenty of such examples. So it turns out that the number of diagnostic rules in no way is related to the number of errors an analyzer can detect in a particular project. An analyzer implementing 100 diagnostics and intended for Windows-applications can find much more errors in a project built with Microsoft Visual Studio than a cross-platform analyzer implementing 1000 diagnostics. The conclusion is the number of diagnostic rules cannot be relevant when comparing analyzers by usability. You may say: "OK, let's compare the number of diagnostics relevant for a particular system then. For instance, let's single out all the rules to search for errors in Windows-applications". But this approach doesn't work either. There are two reasons for that: First, it may be that some diagnostic is implemented in one diagnostic rule in some analyzer and in several rules in some other analyzer. If you compare them by the number of diagnostics, the latter analyzer seems better although they both have the same functional to detect a certain type of errors. Second, implementation of certain diagnostics may be of different quality. For instance, nearly all the analyzers have the search of "magic numbers". But, say, some analyzer can detect only magic numbers dangerous from the viewpoint of code migration to 64-bit systems (4, 8, 32, etc) and some other simply detects all the magic numbers (1, 2, 3, etc). So it won't do if we only write a plus mark for each analyzer in the comparison table. They also like to take the characteristic of tool's speed or number of code lines processessed per second. But it's unreasonable from the viewpoint of practice either. There is no relation between the speed of a code analyzer and speed of analysis performed by man! First, code analysis is often launched automatically during night builds. You just must "be in time" for the morning. And second, they often forget about the usability parameter when comparing analyzers. Well, let's study this issue in detail. Tool's usability is very important for adequate comparison The point is that usability of a tool influences the practice of real use of code analyzers very much... We have checked the eMule project recently with two code analyzers estimating the convenience of this operation in each case. One of the tools was a static analyzer integrated into some Visual Studio editions. The second analyzer was our PVS-Studio. We at once encountered several issues when handling the code analyzer integrated into Visual Studio. And those issues did not relate to the analysis quality itself or speed. The first issue is that you cannot save a list of analyzer-generated messages for further examination. For instance, while checking eMule with the integrated analyzer, I got two thousand messages. No one can thoroughly investigate them all at once, so you have to examine them for several days. But the impossibility to save analysis results causes me to re-analyze the project each time, which tires me very much. PVS-Studio allows you to save analysis results for you to continue examining them later. The second issue is about the way how processing of duplicate analyzer-messages is implemented. I mean diagnosis of problems in header files (.h-files). Say the analyzer has detected an issue in an .h-file included into ten .cpp-files. While analyzing each of these ten .cpp-files, the Visual Studio-integrated
analyzer produces the same message about the issue in the .h-file ten times! Here you are a real sample. The following message was generated more than ten times while checking eMule: c:usersevgdocumentsemuleplusdialogmintraybtn.hpp(450): warning C6054: String 'szwThemeColor' might not be zero-terminated: Lines: 434, 437, 438, 443, 445, 448, 450 Because of this, analysis results get messy and you have to review almost the same messages. I should say, PVS-Studio has been filtering duplicate messages instead of showing them to user since the very beginning. The third issue is generation of messages on issues in plug-in files (from folders like C:Program Files (x86)Microsoft Visual Studio 10.0VCinclude). The analyzer built into Visual Studio is not ashamed to attaint system header files although there is little sense in it. Again, here you are an example. We got several times one and the same message about system files while checking eMule: 1>c:program files (x86)microsoft sdkswindowsv7.0aincludews2tcpip.h(729): warning C6386: Buffer overrun: accessing 'argument 1', the writable size is '1*4' bytes, but '4294967272' bytes might be written: Lines: 703, 704, 705, 707, 713, 714, 715, 720, 721, 722, 724, 727, 728, 729 Nobody will ever edit system files. What for to "curse" them? PVS-Studio has never done that. Into the same category we can place the impossibility to tell the analyzer not to perform mask-check of certain files, for instance, all the files "*_generated.cpp" or "c:libs". You may specify exception files in PVS-Studio. The fourth issue relates to the very process of handling the list of analyzer-generated messages. Of course, you may disable any diagnostic messages by code in any code analyzer. But it can be done at different convenience levels. To be more exact, the question is: should analysis be relaunched to hide unnecessary messages by code or not. In the Visual-Studio-integrated analyzer, you must rewrite codes of messages to be disabled in the project's settings and relaunch the analysis. Sure, you hardly can specify all the "unnecessary" diagnostics, so you will have to relaunch the analysis several times. In PVS- Studio, you can easily hide and reveal messages by code without relaunching the analysis, which is much more convenient. The fifth issue is filtering of messages not only by code but by text as well. For instance, it might be useful to hide all the messages containing "printf". The analyzer integrated into Visual Studio doesn't have this feature while PVS-Studio has it. Finally, the sixth issue is convenience of specifying false alarms to the tool. The #pragma warning disable mechanism employed in Visual Studio lets you hide a message only relaunching the analysis. The
mechanism in PVS-Studio lets you mark messages as "False Alarm" and hide them without relaunching the analysis. All the six above mentioned issues don't relate to code analysis itself yet they are very important since usability of a tool is that very integral index showing whether it will come to estimating analysis quality at all. Let's see what we've got. The static analyzer integrated into Visual Studio checks the eMule project several times quicker than PVS-Studio. But it took us 3 days to complete work with the Visual Studio's analyzer (actually it was less but we had to switch to other tasks to have a rest). PVS-Studio took us only 4 hours to complete the work. Note. What the quantity of errors found is concerned - the both analyzers have shown almost the same results and found the same errors. Summary Comparison of two static analyzers is a very difficult and complex task. And there is no answer to the question what tool is the best IN GENERAL. You can only speak of what tool is better for a particular project and user.

Recommended

PVS-Studio's New Message Suppression Mechanism
PVS-Studio's New Message Suppression MechanismPVS-Studio's New Message Suppression Mechanism
PVS-Studio's New Message Suppression MechanismAndrey Karpov
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellPVS-Studio
 
Espressif IoT Development Framework: 71 Shots in the Foot
Espressif IoT Development Framework: 71 Shots in the FootEspressif IoT Development Framework: 71 Shots in the Foot
Espressif IoT Development Framework: 71 Shots in the FootAndrey Karpov
 
How the PVS-Studio analyzer began to find even more errors in Unity projects
How the PVS-Studio analyzer began to find even more errors in Unity projectsHow the PVS-Studio analyzer began to find even more errors in Unity projects
How the PVS-Studio analyzer began to find even more errors in Unity projectsAndrey Karpov
 
PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio
 
An Ideal Way to Integrate a Static Code Analyzer into a Project
An Ideal Way to Integrate a Static Code Analyzer into a ProjectAn Ideal Way to Integrate a Static Code Analyzer into a Project
An Ideal Way to Integrate a Static Code Analyzer into a ProjectPVS-Studio
 
Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Andrey Karpov
 
HPX and PVS-Studio
HPX and PVS-StudioHPX and PVS-Studio
HPX and PVS-StudioPVS-Studio
 

Recommended

PVS-Studio's New Message Suppression Mechanism
PVS-Studio's New Message Suppression MechanismPVS-Studio's New Message Suppression Mechanism
PVS-Studio's New Message Suppression MechanismAndrey Karpov
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellPVS-Studio
 
Espressif IoT Development Framework: 71 Shots in the Foot
Espressif IoT Development Framework: 71 Shots in the FootEspressif IoT Development Framework: 71 Shots in the Foot
Espressif IoT Development Framework: 71 Shots in the FootAndrey Karpov
 
How the PVS-Studio analyzer began to find even more errors in Unity projects
How the PVS-Studio analyzer began to find even more errors in Unity projectsHow the PVS-Studio analyzer began to find even more errors in Unity projects
How the PVS-Studio analyzer began to find even more errors in Unity projectsAndrey Karpov
 
PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio
 
An Ideal Way to Integrate a Static Code Analyzer into a Project
An Ideal Way to Integrate a Static Code Analyzer into a ProjectAn Ideal Way to Integrate a Static Code Analyzer into a Project
An Ideal Way to Integrate a Static Code Analyzer into a ProjectPVS-Studio
 
Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Andrey Karpov
 
HPX and PVS-Studio
HPX and PVS-StudioHPX and PVS-Studio
HPX and PVS-StudioPVS-Studio
 
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesSandeep Kumar Seeram
 
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-StudioAnalysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-StudioPVS-Studio
 
Lesson 7. The issues of detecting 64-bit errors
Lesson 7. The issues of detecting 64-bit errorsLesson 7. The issues of detecting 64-bit errors
Lesson 7. The issues of detecting 64-bit errorsPVS-Studio
 
Testing parallel programs
Testing parallel programsTesting parallel programs
Testing parallel programsPVS-Studio
 
Use of Cell Block As An Indent Space In Python
Use of Cell Block As An Indent Space In PythonUse of Cell Block As An Indent Space In Python
Use of Cell Block As An Indent Space In PythonWaqas Tariq
 
Production Debugging at Code Camp Philly
Production Debugging at Code Camp PhillyProduction Debugging at Code Camp Philly
Production Debugging at Code Camp PhillyBrian Lyttle
 
Looking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopLooking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopPVS-Studio
 
Exploit Frameworks
Exploit FrameworksExploit Frameworks
Exploit Frameworksphanleson
 
Half-automatic Compilable Source Code Recovery
Half-automatic Compilable Source Code RecoveryHalf-automatic Compilable Source Code Recovery
Half-automatic Compilable Source Code RecoveryJoxean Koret
 
Information sheet PVS-Studio
Information sheet PVS-StudioInformation sheet PVS-Studio
Information sheet PVS-StudioPVS-Studio
 
Static and Dynamic Code Analysis
Static and Dynamic Code AnalysisStatic and Dynamic Code Analysis
Static and Dynamic Code AnalysisAndrey Karpov
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersPVS-Studio
 
Breaking av software
Breaking av softwareBreaking av software
Breaking av softwareThomas Pollet
 
Wcre2009 bettenburg
Wcre2009 bettenburgWcre2009 bettenburg
Wcre2009 bettenburgSAIL_QU
 
Tizen: Summing Up
Tizen: Summing UpTizen: Summing Up
Tizen: Summing UpPVS-Studio
 
Creation of a Test Bed Environment for Core Java Applications using White Box...
Creation of a Test Bed Environment for Core Java Applications using White Box...Creation of a Test Bed Environment for Core Java Applications using White Box...
Creation of a Test Bed Environment for Core Java Applications using White Box...cscpconf
 
On the Use of Static Analysis to Safeguard Recursive Dependency Resolution
On the Use of Static Analysis to Safeguard Recursive Dependency ResolutionOn the Use of Static Analysis to Safeguard Recursive Dependency Resolution
On the Use of Static Analysis to Safeguard Recursive Dependency ResolutionKamil Jezek
 
Understanding Log Lines using Development Knowledge
Understanding Log Lines using Development KnowledgeUnderstanding Log Lines using Development Knowledge
Understanding Log Lines using Development KnowledgeSAIL_QU
 
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable codenullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable coden|u - The Open Security Community
 
PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++Andrey Karpov
 
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-StudioComparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-StudioPVS-Studio
 
If the coding bug is banal, it doesn't meant it's not crucial
If the coding bug is banal, it doesn't meant it's not crucialIf the coding bug is banal, it doesn't meant it's not crucial
If the coding bug is banal, it doesn't meant it's not crucialPVS-Studio
 

More Related Content

What's hot

Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesSandeep Kumar Seeram
 
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-StudioAnalysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-StudioPVS-Studio
 
Lesson 7. The issues of detecting 64-bit errors
Lesson 7. The issues of detecting 64-bit errorsLesson 7. The issues of detecting 64-bit errors
Lesson 7. The issues of detecting 64-bit errorsPVS-Studio
 
Testing parallel programs
Testing parallel programsTesting parallel programs
Testing parallel programsPVS-Studio
 
Use of Cell Block As An Indent Space In Python
Use of Cell Block As An Indent Space In PythonUse of Cell Block As An Indent Space In Python
Use of Cell Block As An Indent Space In PythonWaqas Tariq
 
Production Debugging at Code Camp Philly
Production Debugging at Code Camp PhillyProduction Debugging at Code Camp Philly
Production Debugging at Code Camp PhillyBrian Lyttle
 
Looking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopLooking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopPVS-Studio
 
Exploit Frameworks
Exploit FrameworksExploit Frameworks
Exploit Frameworksphanleson
 
Half-automatic Compilable Source Code Recovery
Half-automatic Compilable Source Code RecoveryHalf-automatic Compilable Source Code Recovery
Half-automatic Compilable Source Code RecoveryJoxean Koret
 
Information sheet PVS-Studio
Information sheet PVS-StudioInformation sheet PVS-Studio
Information sheet PVS-StudioPVS-Studio
 
Static and Dynamic Code Analysis
Static and Dynamic Code AnalysisStatic and Dynamic Code Analysis
Static and Dynamic Code AnalysisAndrey Karpov
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersPVS-Studio
 
Breaking av software
Breaking av softwareBreaking av software
Breaking av softwareThomas Pollet
 
Wcre2009 bettenburg
Wcre2009 bettenburgWcre2009 bettenburg
Wcre2009 bettenburgSAIL_QU
 
Tizen: Summing Up
Tizen: Summing UpTizen: Summing Up
Tizen: Summing UpPVS-Studio
 
Creation of a Test Bed Environment for Core Java Applications using White Box...
Creation of a Test Bed Environment for Core Java Applications using White Box...Creation of a Test Bed Environment for Core Java Applications using White Box...
Creation of a Test Bed Environment for Core Java Applications using White Box...cscpconf
 
On the Use of Static Analysis to Safeguard Recursive Dependency Resolution
On the Use of Static Analysis to Safeguard Recursive Dependency ResolutionOn the Use of Static Analysis to Safeguard Recursive Dependency Resolution
On the Use of Static Analysis to Safeguard Recursive Dependency ResolutionKamil Jezek
 
Understanding Log Lines using Development Knowledge
Understanding Log Lines using Development KnowledgeUnderstanding Log Lines using Development Knowledge
Understanding Log Lines using Development KnowledgeSAIL_QU
 
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable codenullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable coden|u - The Open Security Community
 

What's hot (19)

Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on Examples
 
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-StudioAnalysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
 
Lesson 7. The issues of detecting 64-bit errors
Lesson 7. The issues of detecting 64-bit errorsLesson 7. The issues of detecting 64-bit errors
Lesson 7. The issues of detecting 64-bit errors
 
Testing parallel programs
Testing parallel programsTesting parallel programs
Testing parallel programs
 
Use of Cell Block As An Indent Space In Python
Use of Cell Block As An Indent Space In PythonUse of Cell Block As An Indent Space In Python
Use of Cell Block As An Indent Space In Python
 
Production Debugging at Code Camp Philly
Production Debugging at Code Camp PhillyProduction Debugging at Code Camp Philly
Production Debugging at Code Camp Philly
 
Looking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopLooking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelop
 
Exploit Frameworks
Exploit FrameworksExploit Frameworks
Exploit Frameworks
 
Half-automatic Compilable Source Code Recovery
Half-automatic Compilable Source Code RecoveryHalf-automatic Compilable Source Code Recovery
Half-automatic Compilable Source Code Recovery
 
Information sheet PVS-Studio
Information sheet PVS-StudioInformation sheet PVS-Studio
Information sheet PVS-Studio
 
Static and Dynamic Code Analysis
Static and Dynamic Code AnalysisStatic and Dynamic Code Analysis
Static and Dynamic Code Analysis
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzers
 
Breaking av software
Breaking av softwareBreaking av software
Breaking av software
 
Wcre2009 bettenburg
Wcre2009 bettenburgWcre2009 bettenburg
Wcre2009 bettenburg
 
Tizen: Summing Up
Tizen: Summing UpTizen: Summing Up
Tizen: Summing Up
 
Creation of a Test Bed Environment for Core Java Applications using White Box...
Creation of a Test Bed Environment for Core Java Applications using White Box...Creation of a Test Bed Environment for Core Java Applications using White Box...
Creation of a Test Bed Environment for Core Java Applications using White Box...
 
On the Use of Static Analysis to Safeguard Recursive Dependency Resolution
On the Use of Static Analysis to Safeguard Recursive Dependency ResolutionOn the Use of Static Analysis to Safeguard Recursive Dependency Resolution
On the Use of Static Analysis to Safeguard Recursive Dependency Resolution
 
Understanding Log Lines using Development Knowledge
Understanding Log Lines using Development KnowledgeUnderstanding Log Lines using Development Knowledge
Understanding Log Lines using Development Knowledge
 
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable codenullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
 

Similar to Difficulties of comparing code analyzers, or don't forget about usability

PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++Andrey Karpov
 
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-StudioComparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-StudioPVS-Studio
 
If the coding bug is banal, it doesn't meant it's not crucial
If the coding bug is banal, it doesn't meant it's not crucialIf the coding bug is banal, it doesn't meant it's not crucial
If the coding bug is banal, it doesn't meant it's not crucialPVS-Studio
 
Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...PVS-Studio
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team developmentPVS-Studio
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team developmentPVS-Studio
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team developmentAndrey Karpov
 
How we test the code analyzer
How we test the code analyzerHow we test the code analyzer
How we test the code analyzerPVS-Studio
 
Static Analysis: From Getting Started to Integration
Static Analysis: From Getting Started to IntegrationStatic Analysis: From Getting Started to Integration
Static Analysis: From Getting Started to IntegrationAndrey Karpov
 
War of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlowWar of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlowPVS-Studio
 
Diving into VS 2015 Day2
Diving into VS 2015 Day2Diving into VS 2015 Day2
Diving into VS 2015 Day2Akhil Mittal
 
How we test the code analyzer
How we test the code analyzerHow we test the code analyzer
How we test the code analyzerPVS-Studio
 
An ideal static analyzer, or why ideals are unachievable
An ideal static analyzer, or why ideals are unachievableAn ideal static analyzer, or why ideals are unachievable
An ideal static analyzer, or why ideals are unachievablePVS-Studio
 
0136 ideal static_analyzer
0136 ideal static_analyzer0136 ideal static_analyzer
0136 ideal static_analyzerPVS-Studio
 
Static analysis as part of the development process in Unreal Engine
Static analysis as part of the development process in Unreal EngineStatic analysis as part of the development process in Unreal Engine
Static analysis as part of the development process in Unreal EnginePVS-Studio
 
PVS-Studio Has Finally Got to Boost
PVS-Studio Has Finally Got to BoostPVS-Studio Has Finally Got to Boost
PVS-Studio Has Finally Got to BoostAndrey Karpov
 
New Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynNew Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynPVS-Studio
 
Searching for bugs in Mono: there are hundreds of them!
Searching for bugs in Mono: there are hundreds of them!Searching for bugs in Mono: there are hundreds of them!
Searching for bugs in Mono: there are hundreds of them!PVS-Studio
 
How to Improve Visual C++ 2017 Libraries Using PVS-Studio
How to Improve Visual C++ 2017 Libraries Using PVS-StudioHow to Improve Visual C++ 2017 Libraries Using PVS-Studio
How to Improve Visual C++ 2017 Libraries Using PVS-StudioPVS-Studio
 

Similar to Difficulties of comparing code analyzers, or don't forget about usability (20)

PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++
 
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-StudioComparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
 
If the coding bug is banal, it doesn't meant it's not crucial
If the coding bug is banal, it doesn't meant it's not crucialIf the coding bug is banal, it doesn't meant it's not crucial
If the coding bug is banal, it doesn't meant it's not crucial
 
Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
 
How we test the code analyzer
How we test the code analyzerHow we test the code analyzer
How we test the code analyzer
 
Static Analysis: From Getting Started to Integration
Static Analysis: From Getting Started to IntegrationStatic Analysis: From Getting Started to Integration
Static Analysis: From Getting Started to Integration
 
War of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlowWar of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlow
 
Diving into VS 2015 Day2
Diving into VS 2015 Day2Diving into VS 2015 Day2
Diving into VS 2015 Day2
 
How we test the code analyzer
How we test the code analyzerHow we test the code analyzer
How we test the code analyzer
 
An ideal static analyzer, or why ideals are unachievable
An ideal static analyzer, or why ideals are unachievableAn ideal static analyzer, or why ideals are unachievable
An ideal static analyzer, or why ideals are unachievable
 
0136 ideal static_analyzer
0136 ideal static_analyzer0136 ideal static_analyzer
0136 ideal static_analyzer
 
Static analysis as part of the development process in Unreal Engine
Static analysis as part of the development process in Unreal EngineStatic analysis as part of the development process in Unreal Engine
Static analysis as part of the development process in Unreal Engine
 
PVS-Studio Has Finally Got to Boost
PVS-Studio Has Finally Got to BoostPVS-Studio Has Finally Got to Boost
PVS-Studio Has Finally Got to Boost
 
New Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynNew Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning Roslyn
 
Searching for bugs in Mono: there are hundreds of them!
Searching for bugs in Mono: there are hundreds of them!Searching for bugs in Mono: there are hundreds of them!
Searching for bugs in Mono: there are hundreds of them!
 
How to Improve Visual C++ 2017 Libraries Using PVS-Studio
How to Improve Visual C++ 2017 Libraries Using PVS-StudioHow to Improve Visual C++ 2017 Libraries Using PVS-Studio
How to Improve Visual C++ 2017 Libraries Using PVS-Studio
 

Recently uploaded

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Difficulties of comparing code analyzers, or don't forget about usability

  • 1. Difficulties of comparing code analyzers, or don't forget about usability Authors: Evgeniy Ryzhkov, Andrey Karpov Date: 31.03.2011 Abstract Users' desire to compare different code analyzers is natural and understandable. However, it's not so easy to fulfill this desire as it may seem at first sight. The point is that you don't know what particular factors must be compared. Introduction If we eliminate such quite ridiculous ideas like "we should compare the number of diagnosable errors" or "we should compare the number of tool-generated messages", then even the reasonable parameter "signal-to-noise ratio" doesn't seem to be an ideal criterion of estimating code analyzers. You doubt that it's unreasonable to compare the mentioned parameters? Here you are some examples. What parameters are just unreasonable to compare Let's take a simple (at first sight) characteristic like the number of diagnostics. It seems that the more diagnostics, the better. But the general number of rules doesn't matter for the end user who exploits a particular set of operating systems and compilers. Diagnostic rules which are relevant to systems, libraries and compilers he doesn't use won't give him anything useful. They even disturb him overloading the settings system and documentation, and complicate use and integration of the tool. Here you an analogy: say, a man comes in a store to buy a heater. He is interested in the domestic appliances department and it's good if this department has a wide range of goods. But the customer doesn't need other departments. It's OK if he can buy a inflatable boat, cell phone or chair in this store. But the inflatable boats department doesn't enlarge the range of heaters anyway. Take, for instance, the Klockwork tool that supports a lot of various systems, including exotic ones. One of them has a compiler that easily "swallows" this code: inline int x; The Klocwork analyzer has a special diagnostic message to detect this anomaly in code: "The 'inline' keyword is applied to something other than a function or method". Well, it seems good to have such a diagnostic. But developers using the Microsoft Visual C++ compiler or any other adequate compiler won't benefit from this diagnostic anyhow. Visual C++ simply doesn't compile this code: "error C2433: 'x' : 'inline' not permitted on data declarations". Another example. Some compilers provide poor support of the bool type. So Klockwork may warn you when a class member is assigned the bool type: "PORTING.STRUCT.BOOL: This checker detects situations in which a struct/class has a bool member".
  • 2. "They wrote bool in class! How awful..." It's clear that only few developers will benefit from having this diagnostic message. There are plenty of such examples. So it turns out that the number of diagnostic rules in no way is related to the number of errors an analyzer can detect in a particular project. An analyzer implementing 100 diagnostics and intended for Windows-applications can find much more errors in a project built with Microsoft Visual Studio than a cross-platform analyzer implementing 1000 diagnostics. The conclusion is the number of diagnostic rules cannot be relevant when comparing analyzers by usability. You may say: "OK, let's compare the number of diagnostics relevant for a particular system then. For instance, let's single out all the rules to search for errors in Windows-applications". But this approach doesn't work either. There are two reasons for that: First, it may be that some diagnostic is implemented in one diagnostic rule in some analyzer and in several rules in some other analyzer. If you compare them by the number of diagnostics, the latter analyzer seems better although they both have the same functional to detect a certain type of errors. Second, implementation of certain diagnostics may be of different quality. For instance, nearly all the analyzers have the search of "magic numbers". But, say, some analyzer can detect only magic numbers dangerous from the viewpoint of code migration to 64-bit systems (4, 8, 32, etc) and some other simply detects all the magic numbers (1, 2, 3, etc). So it won't do if we only write a plus mark for each analyzer in the comparison table. They also like to take the characteristic of tool's speed or number of code lines processessed per second. But it's unreasonable from the viewpoint of practice either. There is no relation between the speed of a code analyzer and speed of analysis performed by man! First, code analysis is often launched automatically during night builds. You just must "be in time" for the morning. And second, they often forget about the usability parameter when comparing analyzers. Well, let's study this issue in detail. Tool's usability is very important for adequate comparison The point is that usability of a tool influences the practice of real use of code analyzers very much... We have checked the eMule project recently with two code analyzers estimating the convenience of this operation in each case. One of the tools was a static analyzer integrated into some Visual Studio editions. The second analyzer was our PVS-Studio. We at once encountered several issues when handling the code analyzer integrated into Visual Studio. And those issues did not relate to the analysis quality itself or speed. The first issue is that you cannot save a list of analyzer-generated messages for further examination. For instance, while checking eMule with the integrated analyzer, I got two thousand messages. No one can thoroughly investigate them all at once, so you have to examine them for several days. But the impossibility to save analysis results causes me to re-analyze the project each time, which tires me very much. PVS-Studio allows you to save analysis results for you to continue examining them later. The second issue is about the way how processing of duplicate analyzer-messages is implemented. I mean diagnosis of problems in header files (.h-files). Say the analyzer has detected an issue in an .h-file included into ten .cpp-files. While analyzing each of these ten .cpp-files, the Visual Studio-integrated
  • 3. analyzer produces the same message about the issue in the .h-file ten times! Here you are a real sample. The following message was generated more than ten times while checking eMule: c:usersevgdocumentsemuleplusdialogmintraybtn.hpp(450): warning C6054: String 'szwThemeColor' might not be zero-terminated: Lines: 434, 437, 438, 443, 445, 448, 450 Because of this, analysis results get messy and you have to review almost the same messages. I should say, PVS-Studio has been filtering duplicate messages instead of showing them to user since the very beginning. The third issue is generation of messages on issues in plug-in files (from folders like C:Program Files (x86)Microsoft Visual Studio 10.0VCinclude). The analyzer built into Visual Studio is not ashamed to attaint system header files although there is little sense in it. Again, here you are an example. We got several times one and the same message about system files while checking eMule: 1>c:program files (x86)microsoft sdkswindowsv7.0aincludews2tcpip.h(729): warning C6386: Buffer overrun: accessing 'argument 1', the writable size is '1*4' bytes, but '4294967272' bytes might be written: Lines: 703, 704, 705, 707, 713, 714, 715, 720, 721, 722, 724, 727, 728, 729 Nobody will ever edit system files. What for to "curse" them? PVS-Studio has never done that. Into the same category we can place the impossibility to tell the analyzer not to perform mask-check of certain files, for instance, all the files "*_generated.cpp" or "c:libs". You may specify exception files in PVS-Studio. The fourth issue relates to the very process of handling the list of analyzer-generated messages. Of course, you may disable any diagnostic messages by code in any code analyzer. But it can be done at different convenience levels. To be more exact, the question is: should analysis be relaunched to hide unnecessary messages by code or not. In the Visual-Studio-integrated analyzer, you must rewrite codes of messages to be disabled in the project's settings and relaunch the analysis. Sure, you hardly can specify all the "unnecessary" diagnostics, so you will have to relaunch the analysis several times. In PVS- Studio, you can easily hide and reveal messages by code without relaunching the analysis, which is much more convenient. The fifth issue is filtering of messages not only by code but by text as well. For instance, it might be useful to hide all the messages containing "printf". The analyzer integrated into Visual Studio doesn't have this feature while PVS-Studio has it. Finally, the sixth issue is convenience of specifying false alarms to the tool. The #pragma warning disable mechanism employed in Visual Studio lets you hide a message only relaunching the analysis. The
  • 4. mechanism in PVS-Studio lets you mark messages as "False Alarm" and hide them without relaunching the analysis. All the six above mentioned issues don't relate to code analysis itself yet they are very important since usability of a tool is that very integral index showing whether it will come to estimating analysis quality at all. Let's see what we've got. The static analyzer integrated into Visual Studio checks the eMule project several times quicker than PVS-Studio. But it took us 3 days to complete work with the Visual Studio's analyzer (actually it was less but we had to switch to other tasks to have a rest). PVS-Studio took us only 4 hours to complete the work. Note. What the quantity of errors found is concerned - the both analyzers have shown almost the same results and found the same errors. Summary Comparison of two static analyzers is a very difficult and complex task. And there is no answer to the question what tool is the best IN GENERAL. You can only speak of what tool is better for a particular project and user.