SoylentNews is people
SoylentNews
I am really astonished by the capabilities of static code analysis. The tool surprised me the other day as it turned out to be smarter and more attentive than I am. I found I must be careful when working with static analysis tools. Code reported by the analyzer often looks fine and I'm tempted to discard the warning as a false positive and move on. I fell into this trap and failed to spot bugs...Even I, one of the PVS-Studio developers.
So, appreciate and use static code analyzers! They will help save your time and nerve cells.
[Ed note: I debated running this story as there was an element of self-promotion (aka Bin Spam), but the submitter has been with the site for a while and has posted informative comments. Besides, I know there have been far too many times when I've seen a compiler complain about some section of my code and I'm thinking there is nothing wrong with it — and then I, finally, see my mistake. Anyone have samples of code where you just knew the compiler or static analyzer was wrong, only to find out otherwise? --martyb]
(Score: 2, Insightful) by Anonymous Coward on Monday October 23 2017, @09:17PM
To add to what you said.
I have been doing this sort of thing for 25+ years now. I have written that exact same code. Why would I do that? Because the SDK/CRT does not have the newer code in it. Yet I need the newer code to run on the older platform. Guess what I have 0 power to change in that case. There is no newer compiler for a version because it is some rando thing the management decided to code against. Usually against my advise. So I make due and try to guard around it. But 'the customer wants it tomorrow' you make due...
Perhaps the dude had a reason to do it? A comment would have helped. Even a 'the compiler is yelling about this' would have at least pointed people in the right direction at some point.
I personally think the annoying ones are the ones who are forced to use these static tools then ignore the errors spamming out of them. The tools are trying to tell you something yet you are too hard headed to accept that your code has some serious flaws. I have used many of these sorts of tools both static and dynamic. In my years of using them I have found maybe 1 or 2 false positives. Even those I doubt were wrong and I had a misunderstanding on how something worked. Almost every time they are right. You are either doing something shady, unclear, or wrong. The only time they go sideways is if you 'hide' a pointer by use of void type casting. Which is just a bad pattern to use anyway. Just because the language and compiler allows you to do something does not mean it is right or correct. I treat every error out of these tools as something to investigate. I either learn something or find a real bug. Usually that bug has been cut and pasted across the whole codebase. Because the original has a misunderstanding of how something works.