PVS-Studio - Program Verification Systems

mangledcobwebΛογισμικό & κατασκευή λογ/κού

14 Δεκ 2013 (πριν από 3 χρόνια και 8 μήνες)

62 εμφανίσεις

PVS
-
Studio

Cost
-
effective C++ static code analysis

© 2012
Program

Verification
Systems
Llc
.

What’s in this presentation

Static code analysis


benefits and challenges

PVS
-
Studio



cost
-
efficient
C++ static analysis tool

Static analysis as an integral part of software
development process

Team work with results of static analysis

Persisting project knowledge

Contact us!

Goals of static code analysis

Stability

Increase stability

of the
system by detecting
common coding errors in
all

parts of the system

Security

Detect common

security
-
related errors

Perfor
-
mance

Detect well
-
known
language constructs
that perform poorly

Cost

Reduce
dev

and testing costs by

letting test team concentrate on
more important issues

Challenges of C++ code analysis

C++is multi
-
paradigm language that allows
to use numerous programming techniques
and employs many powerful features


Rule of thumb:
the more complex is language and its
ecosystem the harder it is to find all possible errors

Things that make C++
hard

Dynamic memory
model allows
efficient memory
management yet is
very error prone

C++ is statically
typed, but anyway
invalid usage of
types is not rare

C++ is cross
-
platform only on
source code level

Challenges
of C++ code analysis


Compiler authors do their best to pin
-
point various errors by compile
-
time
warnings


Authors of run
-
time libraries employ
various run
-
time checks to detect
problems as applications run

Any tool that is able to detect
errors in their applications are
welcome by developers

Challenges of C++ code analysis

Static
code
analysis
tools are
in
-
between:


They are able to detect
errors before application has
a chance to run


They could find common, yet
not flagged by compilers,
error patters

PVS
-
Studio

Cost
-
effective C++ static analysis

PVS
-
Studio

provides best of both worlds

Free

Pros


Free and usually open
-
source

Cons


Low usability


High number of false
positives


noise warnings

Commercial

Pros


Commercial quality and
support


Broad functionality

Cons


Very high price increase
project costs instead of
reducing them

Static analysis tools

PVS
-
Studio



the art of efficiency

Able to detect broad
range of errors
(general, 64
-
bit
portability,
OpenMP

threading errors) with
low false
-
positive rate

Integrates directly
into Visual Studio IDE
and is able to work
with many continuous
integration systems

Reachable and
knowledgeable
product support

Great price and even
better customized
offerings

Grab your trial!

If you did not yet download free trial
version of
PVS
-
Studio



it is good time to
do it now
(go to
http://pvs
-
studio.viva64.com
)





…Then get back, we have more to tell you

Static code analysis


As an integral part of development process

Good to see you’re back

So you’ve installed PVS
-
Studio,
checked your project and
probably already fixed a couple
of errors

And all this with just a free trial!

Why pay for license if it is that
good anyway?

Integration into
dev

process

When product is already few years old these numbers are overwhelming

So now let’s
do a small
guesstimation

task

How many errors that could have
been detected by PVS
-
Studio
were fixed during
dev

testing?

How many errors were detected
during QA activities?

How many errors hit customers of
the product?

Proper way for static analysis

For maximum efficiency static analysis
should take part in 3
-
way process

On
-
line analysis of
all new code on
developer
machines

Running along
with automated
builds to catch
integration errors

Periodic
management
review of metrics
produced by static
analysis tool

Static analysis
vs

code
review

Do you need
to employ
static
analysis
when review
process is
established?


Does project
need manual
reviews
when static
analysis is in
place?


Static analysis and manual code
reviews both are efficient ways to
improve quality and reduce costs



They catch different (yet overlapping)
types of errors



So when used side
-
by
-
side they make
the process even more efficient

Team work

Simple yet efficient team work model of PVS
-
Studio

Various
approaches

to collaboration

Different products offer different way to
store results of static analysis warning
triage for team use


1.
Storing in proprietary database
(yes, maintain
a separate database, and fight code synchronization issues)

2.
In
-
code notation
(this way it is where and when you
need it)

3.
Along with other issues in bug database
(no comments here, plain headache)




Approach of PVS
-
Studio

As usually we are striving for simple yet
efficient approach

Storing results review of static analysis
warnings as a comments in code:



False positives

//
-
Vxxxx
: comment that describes why this is false positive


Fix list

// TODO: comment or description


Why is it
that
good?

Developers are
encouraged to write
useful

comments
for these warnings

Any code edits or
refactoring nearby
won’t affect
placement of tags

No separate storage
is needed


lower
maintenance and
complexity

History of changes is
available from
favorite source
control provider

Integrates well with
TODO comments in
Visual Studio

Persisting team knowledge

In the form of static analysis rules

How static analysis tools can help?

Project
-

or
company
-
specific
knowledge
might be
persisted
in a form
of rules for
PVS
-
Studio

Approach of the least effort


you
define the rule, we implement it

Always on your radar


no chance
that newcomers will miss it because
they forgot to read certain document

Always up
-
to
-
date


if rule need to be
modified or updated the process is
easy and seamless

Feel free to contact us!


Do you have any question?


Want to know more about product or
services?


Maybe need to know more technical
details?



pvs
-
studio.viva64.com


support@viva64.com