adventure with PVS-Studio C/C++ analyzer

I've recently read a promo article about a static C/C++ analyzer called PVS-Studio by viva64.com, where the readers were urged to use the product, and I did just that. Evgeniy Ryzhkov, the creator of the program kindly sent me a one-week key, and I immediately started testing some of my C/XS code.

I'm also using valgrind and was rather sure that all major problems were long gone, but how wrong I was. There were also a couple nasties, in cases not covered by tests, and thus valgrind had no chance to detect them. There were also a couple of WTFs, such as

void * x = result();
x-> something++;
if (!x) return;

where the logic was clearly there, but somehow on wrong lines. A shame really.

I did like the output of the analyzer, and not content with that, tried to run it against the latest perl sources. Retroactively, an idea struck me, that there's little chance that I'm the first person trying to do that, but google only gave me a last-year mail from Jarkko Hientaniemi where he asked the p5-porters if anyone could do this. Feeling like a necromancer (i.e. the one who loves reviving dead threads) I produces this: http://karasik.eu.org/misc/pvs/perl.log . It's mostly noise, but there are a interesting remarks as well, for example:

src/blead/toke.c:10975
Uninitialized variable 'len' was used. The variable was used to initialize itself.
CvOUTSIDE(PL_compcv) = MUTABLE_CV(SvREFCNT_inc_simple(outsidecv));

...and good luck figuring out where there is this _p and whether it was indeed uninitialzied or it was false alarm.

I also tried to run it against a couple larger perl distros (same directory online), but it's much less interesting.

All in all I think PVS is a decent tool in the box (John Carmark of Doom's fame apparently loves it), it runs on both linux and win32, but for the price of over $5k it not something one decides to use easily. On the downside there were lots of noise errors, that are not errors at all, it took really long time to munch on a 200K+ C file from rakudo, so the way the company advocates to use the tool, as a part of build process, might not always be practical.

If you're interested to run your pet C project through it, I've read on the company site that open-source tools might be given a short evaluation key without support for exactly that purpose. However there's one thing that I couldn't stop thinking about. Statical text analyzers like this should've been written in perl, should've been a perl killer app, but somehow ... they haven't. I wonder why.

Leave a comment

About Dmitry Karasik

user-pic I blog about Perl.