Our Customers
PVS-Studio |
|
PVS-Studio code analyzer is based on VivaCore Library
|
|
For Developers |
|
In this post we will continue to introduce you into OpenMP technology and tell you about some functions and new directives.»
Now we would like to start introducing you into OpenMP technology and show you the ways of using it.»
Programmers see in C++0x standard an opportunity to use lambda-functions and other entities I do not quite understand :).»
This paper contains some questions and answers about PVS-Studio code analyzer by OOO "Program Verification Systems".»
This paper contains some questions and answers about VivaCore C/C++ code analysis library by OOO "Program Verification Systems"»
The article describes and demonstrates by an example the use of PVS-Studio 3.40 new function "Mark as False Alarm". »
Terminology
Static code analysis
Static code analysis. A methodology of detecting errors in program code based on the programmer's reviewing the code marked by the analyzer in those places where potential errors may occur. In other words the static analysis tool detects in the program text the places containing or likely to contain errors, subject to errors or possessing bad formatting. Such code sections are to be considered by the programmer and he can decide whether to modify this program section or not. Static analyzers can be both of general purpose (for example, Microsoft PREFast, Gimpel PC-Lint, Parasoft C++Test) and specialized for searching certain error classes (for example, Chord for verifying parallel Java programs). Static analysis tools are usually rather expensive, they demand knowledge in using them and have rather complicated subsystems of setting and suppressing false messages. That's why static analyzers are usually used by companies with high development culture and mature software development processes. In return of complicated usage, static code analyzers allow developers to detect a lot of errors on the early steps of developing program code. Using static analysis methodology also disciplines programmers and helps control young employees' work.
The main advantage of static code analyzers use lies in the possibility of considerable cost saving of defects elimination in a program. The earlier an error is determined, the lower is the cost of its correction. Thus, according to the facts given in the book "Code Complete" by McConnell, correction of an error at the testing stage is ten times more expensive than its correction at the construction (coding) stage:
Figure 1. Average cost of defects correction depending on their time of writing and detection (data for the table taken from the book "Code Complete" by C. McConnell).
Static analysis tools allow to detect a large number of errors at the construction stage, and this considerably reduces the cost of the whole project development.
Our company, "Program Verification Systems", is engaged in the creation of solutions in the sphere of verification and static code analysis. The main program product of our company, PVS-Studio, is a static code analyzer for testing up-to-date and resource-intensive applications. The analyzer allows to diagnose the errors typical of 64-bit and parallel solutions, to help with applications optimization, and improve their security.
Besides, our company provides the following services on the basis of the available experience and projects in the sphere of code analysis:
- specialized code analyzers creation;
- application porting to 64-bit systems;
- code optimization and paralleling;
- program code quality assurance.
You can find more details about the possible variants of cooperation in the section "Services".
References
- Wikipedia "Static code analysis"
- Wikipedia "List of tools for static code analysis"
- Steve McConnell, "Code Complete, 2nd Edition" Microsoft Press, Paperback, 2nd edition, Published June 2004, 914 pages, ISBN: 0-7356-1967-0.