Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday October 23 2017, @06:48AM   Printer-friendly
from the MY-code-is-perfect! dept.

I am really astonished by the capabilities of static code analysis. The tool surprised me the other day as it turned out to be smarter and more attentive than I am. I found I must be careful when working with static analysis tools. Code reported by the analyzer often looks fine and I'm tempted to discard the warning as a false positive and move on. I fell into this trap and failed to spot bugs...Even I, one of the PVS-Studio developers.

So, appreciate and use static code analyzers! They will help save your time and nerve cells.

[Ed note: I debated running this story as there was an element of self-promotion (aka Bin Spam), but the submitter has been with the site for a while and has posted informative comments. Besides, I know there have been far too many times when I've seen a compiler complain about some section of my code and I'm thinking there is nothing wrong with it — and then I, finally, see my mistake. Anyone have samples of code where you just knew the compiler or static analyzer was wrong, only to find out otherwise? --martyb]


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Informative) by maxwell demon on Monday October 23 2017, @11:18PM (1 child)

    by maxwell demon (1608) on Monday October 23 2017, @11:18PM (#586642) Journal

    No, the "s" in "sprintf" does not stand for "secure", but for "string". Basically it is a version of printf that doesn't output its arguments after formatting, but writes them into a string (actually, character array) instead.

    The secure version of sprintf is snprintf.

    --
    The Tao of math: The numbers you can count are not the real numbers.
    Starting Score:    1  point
    Moderation   +2  
       Informative=2, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 2) by turgid on Tuesday October 24 2017, @07:30PM

    by turgid (4318) Subscriber Badge on Tuesday October 24 2017, @07:30PM (#587040) Journal

    And nowadays we also have asprintf if you like to leak memory inadvertently.