Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 12 submissions in the queue.

Code Analyzer Turned Out to be Smarter Than One of its Creators

posted by martyb on Monday October 23 2017, @06:48AM   Printer-friendly
from the MY-code-is-perfect! dept.

Andrey_Karpov writes:

I am really astonished by the capabilities of static code analysis. The tool surprised me the other day as it turned out to be smarter and more attentive than I am. I found I must be careful when working with static analysis tools. Code reported by the analyzer often looks fine and I'm tempted to discard the warning as a false positive and move on. I fell into this trap and failed to spot bugs...Even I, one of the PVS-Studio developers.

So, appreciate and use static code analyzers! They will help save your time and nerve cells.

[Ed note: I debated running this story as there was an element of self-promotion (aka Bin Spam), but the submitter has been with the site for a while and has posted informative comments. Besides, I know there have been far too many times when I've seen a compiler complain about some section of my code and I'm thinking there is nothing wrong with it — and then I, finally, see my mistake. Anyone have samples of code where you just knew the compiler or static analyzer was wrong, only to find out otherwise? --martyb]

Original Submission

 
This discussion has been archived. No new comments can be posted.
Code Analyzer Turned Out to be Smarter Than One of its Creators | Log In/Create an Account | Top | 91 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Azuma Hazuki on Monday October 23 2017, @04:39PM (2 children)

    by Azuma Hazuki (5086) on Monday October 23 2017, @04:39PM (#586402) Journal

    I am not a C++ programmer, but...does that do what i think it does? Which is basically say "Hey when the code calls the secure version of printf() substitute the old insecure one?" That's not just a paddlin', that's "getting stuck in a jail cell for a year with no electronic devices except a speak'n'spell."

    --
    I am "that girl" your mother warned you about...
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 4, Informative) by maxwell demon on Monday October 23 2017, @11:18PM (1 child)

    by maxwell demon (1608) on Monday October 23 2017, @11:18PM (#586642) Journal

    No, the "s" in "sprintf" does not stand for "secure", but for "string". Basically it is a version of printf that doesn't output its arguments after formatting, but writes them into a string (actually, character array) instead.

    The secure version of sprintf is snprintf.

    --
    The Tao of math: The numbers you can count are not the real numbers.