What is «static code analysis»? It is a technique that allows, at the same time with unit-tests, dynamic code analysis, code review and others, to increase code quality, increase its reliability and decrease the development time.

1. PVS-Studio
and static code analysis technique
www.viva64.com

2. What is «static code analysis»?
• It is a technique that allows, at the same time with unit-tests, dynamic code
analysis, code review and others, to increase code quality, increase its
reliability and decrease the development time.
• It should be noted that static code analysis is not a universal panacea and is
maximally effective in conjunction with other methods of code testing.

3. Who needs static code analysis?
• Any medium-sized and large software development company – to increase
code reliability and decrease its price,
• Any small company and individual developers – in a lesser extent – to drink
coffee instead of searching and fixing annoying bugs,
• Anyone, who supports any old code,
• Specialists for specific tasks (for instance, Sparce code analyzer for Linux
kernel hackers).

4. Static code analysis advantages
• Allows to find bugs on early stages (the earlier the bug was spotted, the
cheaper it is to be fixed),
• High analysis speed,
• Does not require to run the application, only an access to source code and
(not always) – to preprocessed files,
• Allows to locate bugs in code that is rarely executed (exception handlers, for
instance).

5. Static code analysis disadvantages
• Possibility of false positive alarm on correct code,
• Correct positive alarms on old code, which works correctly and which should
better not be bothered, may be nauseous.
• Comparatively small class of bugs detected due to the exponential difficulty
of “honest” bug search.
• Does not detects logical errors (this is a drawback of almost all automatic
testing tools in contrast to code review and manually written unit tests).

6. PVS-Studio
• One of static code analysis tools for C and C++ languages (including C++CX,
C++0x and C++11),
• Developers – ООО «Program Verification Systems».
• Site: http://www.viva64.com/
• From so on, main advantages of this tool will be listed.

7. PVS-Studio: ease of use
• Allows integration into Microsoft Visual Studio (except for Express version –
it lacks extension mechanisms),
• Includes PVS-Studio Standalone that does not require IDE at all,
• Works quickly and “out-of-the-box”, does not require dedicated database
servers and personnel training.
• Can be integrated into the build system,
• Fully-functional trial version.

8. PVS-Studio: features
• Incremental analysis allows to find bugs in new code after every build,
• Message suppression allows to concentrate on a newly written code by
hiding all the warning messages on the old code (of course, they can be
reviewed later),
• Special feature – search for bugs that shows up on porting 32-bit application
into 64-bit ones.

9. PVS-Studio: additional features
• Quick tech support,
• Users may ask for a features in a future releases. Our tool is expanding, and
we try to take into account every request,
• All errors are properly documented and there are a lot of examples (small
fraction of them will be listed on the next slides).

10. Examples of errors found in
real-life applications
Error #1
while (node != NULL) {
if ((node->hashCode == code) &&
(node->entry.key == key)) {
return true;
}
node = node->next;
} while (node != NULL);
It seems like do / while cycles was mixed
up in a weird way here. Of course,
second ‘while’ operator should never
become an endless cycle, but is there
actually ‘while’ and not ‘do’ cycle
required?

11. Examples of errors found in
real-life applications
Error #2
int main(int argc, char** argv) {
....
if (getIsInteractiveMode())
//p->writePepSHTML();
//p->printResult();
// regression test?
if (testType!=NO_TEST) {
....
}
}
Even comments can sometimes harm the
program, especially in the wrong place. In
this piece of code second ‘if’ operator will
only be evaluated if condition in first ‘if’ is
true, but code formatting says that the
opposite was intended. By the way, this
error was found in unit tests.

12. Examples of errors found in
real-life applications
Error #3
HRESULT
SHEOW_LoadOpenWithItems(....)
{
....
if (_ILIsDesktop(pidl) || _ILIsMyDocuments(pidl)
|| _ILIsControlPanel(pidl) || _ILIsNetHood(pidl)
|| _ILIsBitBucket(pidl) || _ILIsDrive(pidl)
|| _ILIsCPanelStruct(pidl) || _ILIsFolder(pidl)
|| _ILIsControlPanel(pidl))
{
TRACE("pidl is a foldern");
SHFree((void*)pidl);
return E_FAIL;
}
....
}
For everyone who thinks that every
problem that was found by static code
analyzer can also be found by code
review. Good luck in figuring out what’s
wrong here. And don’t forget that real
code is much, much bigger than this
fragment.

13. Examples of errors found in
real-life applications
Error #3
HRESULT
SHEOW_LoadOpenWithItems(....)
{
....
if (_ILIsDesktop(pidl) || _ILIsMyDocuments(pidl)
|| _ILIsControlPanel(pidl) || _ILIsNetHood(pidl)
|| _ILIsBitBucket(pidl) || _ILIsDrive(pidl)
|| _ILIsCPanelStruct(pidl) || _ILIsFolder(pidl)
|| _ILIsControlPanel(pidl))
{
TRACE("pidl is a foldern");
SHFree((void*)pidl);
return E_FAIL;
}
....
}
Here it is. A repeated fragment in a
logical expression. At least one of this
repeated sentences is redundant. More
likely scenario: one of this sentences is
incorrect, and programmer should have
meant something else.

14. Examples of errors found in
real-life applications
Error #4
Style & w1Style =
_pUserLang->_styleArray.getStyler(STYLE_WORD1_INDEX);
styleUpdate(w1Style, _pFgColour[0], _pBgColour[0],
IDC_KEYWORD1_FONT_COMBO, IDC_KEYWORD1_FONTSIZE_COMBO,
IDC_KEYWORD1_BOLD_CHECK, IDC_KEYWORD1_ITALIC_CHECK,
IDC_KEYWORD1_UNDERLINE_CHECK);
Style & w2Style =
_pUserLang->_styleArray.getStyler(STYLE_WORD2_INDEX);
styleUpdate(w2Style, _pFgColour[1], _pBgColour[1],
IDC_KEYWORD2_FONT_COMBO, IDC_KEYWORD2_FONTSIZE_COMBO,
IDC_KEYWORD2_BOLD_CHECK, IDC_KEYWORD2_ITALIC_CHECK,
IDC_KEYWORD2_UNDERLINE_CHECK);
Style & w3Style =
_pUserLang->_styleArray.getStyler(STYLE_WORD3_INDEX);
styleUpdate(w3Style, _pFgColour[2], _pBgColour[2],
IDC_KEYWORD3_FONT_COMBO, IDC_KEYWORD3_FONTSIZE_COMBO,
IDC_KEYWORD3_BOLD_CHECK, IDC_KEYWORD3_BOLD_CHECK,
IDC_KEYWORD3_UNDERLINE_CHECK);
Style & w4Style =
_pUserLang->_styleArray.getStyler(STYLE_WORD4_INDEX);
styleUpdate(w4Style, _pFgColour[3], _pBgColour[3],
IDC_KEYWORD4_FONT_COMBO, IDC_KEYWORD4_FONTSIZE_COMBO,
IDC_KEYWORD4_BOLD_CHECK, IDC_KEYWORD4_ITALIC_CHECK,
IDC_KEYWORD4_UNDERLINE_CHECK);
Still not impressed? Well, here comes
another example.

15. Examples of errors found in
real-life applications
Error #4
Nice example of code produced by
copy-paste technique featuring
programmer who forgot to fix one
word. This error is definitely hard to
detect using only code review.
However, if you enjoyed searching for
errors, we have a quiz for you.
Style & w1Style =
_pUserLang->_styleArray.getStyler(STYLE_WORD1_INDEX);
styleUpdate(w1Style, _pFgColour[0], _pBgColour[0],
IDC_KEYWORD1_FONT_COMBO, IDC_KEYWORD1_FONTSIZE_COMBO,
IDC_KEYWORD1_BOLD_CHECK, IDC_KEYWORD1_ITALIC_CHECK,
IDC_KEYWORD1_UNDERLINE_CHECK);
Style & w2Style =
_pUserLang->_styleArray.getStyler(STYLE_WORD2_INDEX);
styleUpdate(w2Style, _pFgColour[1], _pBgColour[1],
IDC_KEYWORD2_FONT_COMBO, IDC_KEYWORD2_FONTSIZE_COMBO,
IDC_KEYWORD2_BOLD_CHECK, IDC_KEYWORD2_ITALIC_CHECK,
IDC_KEYWORD2_UNDERLINE_CHECK);
Style & w3Style =
_pUserLang->_styleArray.getStyler(STYLE_WORD3_INDEX);
styleUpdate(w3Style, _pFgColour[2], _pBgColour[2],
IDC_KEYWORD3_FONT_COMBO, IDC_KEYWORD3_FONTSIZE_COMBO,
IDC_KEYWORD3_BOLD_CHECK, IDC_KEYWORD3_BOLD_CHECK,
IDC_KEYWORD3_UNDERLINE_CHECK);
Style & w4Style =
_pUserLang->_styleArray.getStyler(STYLE_WORD4_INDEX);
styleUpdate(w4Style, _pFgColour[3], _pBgColour[3],
IDC_KEYWORD4_FONT_COMBO, IDC_KEYWORD4_FONTSIZE_COMBO,
IDC_KEYWORD4_BOLD_CHECK, IDC_KEYWORD4_ITALIC_CHECK,
IDC_KEYWORD4_UNDERLINE_CHECK);

16. Examples of errors found in
real-life applications
Error #5
void ListJob::doStart()
{
Q_D( ListJob );
switch ( d->option ) {
break;
case IncludeUnsubscribed:
d->command = "LIST";
break;
case IncludeFolderRoleFlags:
d->command = "XLIST";
break;
case NoOption:
default:
d->command = "LSUB";
}
....
}
One single ‘break’ in unusual place may
alter the whole ‘switch’ statement
behavior. Or maybe it was intentional,
wasn’t it?

17. Conclusion
• All the errors listed in this presentation was found in open-source projects. It
proves that even professional programmers tend to make errors.
• It is worth to remind that it is better to use the whole bunch of tools, not only static
code analysis or only unit tests, and to give enough attention to refactoring and
code quality. We are almost certain that this will pay for itself. Analyzer may find a
misprint, but would never find a wrong algorithm! Unit tests may contain errors
too, and human attention would hardly find a misprint in heaps of duplicate code.
• Good luck with development!

18. Additional links:
• PVS-Studio: http://www.viva64.com/en/pvs-studio/
• Updatable List of Open-Source Projects Checked with PVS-Studio:
http://www.viva64.com/en/a/0084/
• Blog: http://www.viva64.com/en/b/
• Twitter: https://twitter.com/Code_Analysis