Abstract image of a woman sitting on books and studying on a laptop

PVS-Studio for Linux (CoreHard presentation)

Download as PPTX, PDF
Andrey Karpov, profile picture
Andrey Karpov

This document discusses the development process of the Linux version of the static analysis tool PVS-Studio. It describes testing the tool on various open source projects written in C/C++ to identify compatibility issues. It also discusses integrating the tool with common build systems like Make, CMake, and QMake. The goal was to make the tool easily usable without complex installation or configuration. Based on feedback from beta tests, improvements were made to support non-standard compilers, handle false alarms better, and provide DEB/RPM packages. Ultimately the tool was integrated into large projects and made available as both a standalone analyzer and integrated with IDEs and build systems.

1 of 24
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
What we had to test and what we learnt during the creation of the Linux version of PVS-Studio Svyatoslav Razmyslov Evgeniy Ryzhkov PVS-Studio www.viva64.com
Who needs static code analysis? • Beginners • «Hindu programmers» • Bad programmers
MySQL (C++) A lot of similar strings. Everything should be fine. static int rr_cmp(uchar *a, uchar *b) { if (a[0] != b[0]) return (int)a[0] - (int)b[0]; if (a[1] != b[1]) return (int)a[1] - (int)b[1]; if (a[2] != b[2]) return (int)a[2] - (int)b[2]; if (a[3] != b[3]) return (int)a[3] - (int)b[3]; if (a[4] != b[4]) return (int)a[4] - (int)b[4]; if (a[5] != b[5]) return (int)a[1] - (int)b[5]; if (a[6] != b[6]) return (int)a[6] - (int)b[6]; return (int)a[7] - (int)b[7]; }
CryEngine 3 SDK (C++) inline bool operator != (const SEfResTexture &m) const { if (stricmp(m_Name.c_str(), m_Name.c_str()) != 0 || m_TexFlags != m.m_TexFlags || m_bUTile != m.m_bUTile || ..... m_Sampler != m.m_Sampler) return true; return false; }
Linux (C) kernel static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n) { struct net *net = sock_net(skb->sk); struct nlattr *tca[TCA_ACT_MAX + 1]; u32 portid = skb ? NETLINK_CB(skb).portid : 0; .... } The function got an argument: Dereferencing Oops, it should be checked too.
These bugs have ALWAYS been there. Taken from Cfront compiler, year 1985: Pexpr expr::typ(Ptable tbl) { .... Pclass cl; .... cl = (Pclass) nn->tp; cl->permanent=1; if (cl == 0) error('i',"%k %s'sT missing",CLASS,s); .... }
Nothing has changed for the past 30 years. Modern Clang compiler: Instruction *InstCombiner::visitGetElementPtrInst(....) { .... Value *StrippedPtr = PtrOp->stripPointerCasts(); PointerType *StrippedPtrTy = dyn_cast<PointerType>(StrippedPtr->getType()); if (!StrippedPtr) return 0; .... }
Static analysis methodology  Automated code review  Regular checks  The human factor is avoided (it is lowered, to be exact).  Specialized tools. The more the better. But maybe not.
What did the PVS-Studio users wanted from the Linux version of PVS-Studio?  Command line utility; “We don’t need integration with IDE!”  We don’t need an installer "We will set everything ourselves!»  We don’t need the documentation “We’ll run the program ourselves”
The first build and support  The executable file is not a product  Porting the code is only a small part of the work  You cannot make conclusions without full-fledged testing - comparison of testing on Windows and Linux
Myth of knowing build scripts  Not all developers are completely familiar with the build system  People need some way of getting to know the product without integrating and setting up  This method should be quite reliable to leave a good impression from the product
Support of multiple Linux distributions
The choice of the monitoring technology  (-) Clang scan-build  (+) strace  (+) JSON Compilation Database  (+/-) RD_PRELOAD
Innumerable non-standard extensions of GCC compilers
Closed testing of a Beta version Episode 1  The executable file of the analyzer with the setup script  Online documentation  Several different ways to analyze without the integration
Closed testing of a Beta version Episode 2  Support of non-standard compiler extensions  Dealing with false alarms  Creating Deb/Rpm packages  Small tasks concerning the analyzer and the documentation
Closed testing of a Beta version Episode 3  We decided not to use the config files for a quick check  Improved work with the log of the strace utilitiy  Work on the DEB/RPM packages  Other tasks concerning the analyzer and the documentation
Closed testing of a Beta version Episode 4 (Release Candidate)  Heading towards the integration into large projects  Implementation of various user requests  Our own repositories for DEB/RPM packages*
Integration into Makefile/Makefile.am .cpp.o: $(CXX) $(CFLAGS) $(DFLAGS) $(INCLUDES) $< -o $@ pvs-studio --cfg $(CFG_PATH) --source-file $< --language C++ --cl-params $(CFLAGS) $(DFLAGS) $(INCLUDES) $<  Details in the analyzer setup  Incremental analysis  Parallelization of the analysis on the build system level  Other pluses of the build system
Integration into CMake /CLion include(PVS-Studio.cmake) pvs_studio_add_target(TARGET analyze OUTPUT FORMAT errorfile ANALYZE target LOG target.plog LICENSE "/path/to/PVS-Studio.lic")
Integration into CMake/QtCreator include(PVS-Studio.cmake) pvs_studio_add_target(TARGET analyze OUTPUT FORMAT errorfile ANALYZE target LOG target.plog LICENSE "/path/to/PVS-Studio.lic")
Integration into QMake/QtCreator pvs_studio.target = pvs pvs_studio.output = true pvs_studio.license = /path/to/PVS-Studio.lic pvs_studio.cfg = /path/to/PVS-Studio.cfg pvs_studio.cxxflags = -std=c++14 pvs_studio.sources = $${SOURCES} include(PVS-Studio.pri)
Conclusions made during the development process  Installation from a package or a repository  Getting to know the product using a quick scan  Integration into a project so that the developer may have incremental analysis  Configuring a complete analysis on the build server  Additional comment - a crazy amount of the Linux projects analyzed, so that the tool can be considered operational.
Questions?  Release of PVS-Studio for Linux: October 25, Tuesday www.viva64.com PVS-Studio checks C,C++ and C#

More Related Content

PPTX
200 Open Source Projects Later: Source Code Static Analysis Experience
Andrey Karpov
 
PPTX
PVS-Studio 5.00, a solution for developers of modern resource-intensive appl...
Andrey Karpov
 
PDF
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
Andrey Karpov
 
PDF
How to make a large C++-code base manageable
corehard_by
 
PPTX
C++17 now
corehard_by
 
PDF
Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability
CanSecWest
 
PDF
Valgrind overview: runtime memory checker and a bit more aka использование #v...
Minsk Linux User Group
 
PDF
Csw2016 gawlik bypassing_differentdefenseschemes
CanSecWest
 
200 Open Source Projects Later: Source Code Static Analysis Experience
Andrey Karpov
 
PVS-Studio 5.00, a solution for developers of modern resource-intensive appl...
Andrey Karpov
 
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
Andrey Karpov
 
How to make a large C++-code base manageable
corehard_by
 
C++17 now
corehard_by
 
Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability
CanSecWest
 
Valgrind overview: runtime memory checker and a bit more aka использование #v...
Minsk Linux User Group
 
Csw2016 gawlik bypassing_differentdefenseschemes
CanSecWest
 

What's hot(20)

PDF
Антон Наумович, Система автоматической крэш-аналитики своими средствами
Sergey Platonov
 
PPTX
Дмитрий Демчук. Кроссплатформенный краш-репорт
Sergey Platonov
 
PDF
The CppCat Analyzer Checks TortoiseGit
Andrey Karpov
 
PDF
Работа с реляционными базами данных в C++
corehard_by
 
PDF
Skiron - Experiments in CPU Design in D
Mithun Hunsur
 
PDF
clWrap: Nonsense free control of your GPU
John Colvin
 
PDF
[COSCUP 2021] A trip about how I contribute to LLVM
Douglas Chen
 
PDF
Checking the Source SDK Project
Andrey Karpov
 
PPTX
Gor Nishanov, C++ Coroutines – a negative overhead abstraction
Sergey Platonov
 
PDF
Valgrind
aidanshribman
 
PPTX
Evgeniy Muralev, Mark Vince, Working with the compiler, not against it
Sergey Platonov
 
PDF
PVS-Studio vs Chromium
Andrey Karpov
 
PDF
PVS-Studio vs Chromium
PVS-Studio
 
PPTX
RuntimeUnitTestToolkit for Unity(English)
Yoshifumi Kawai
 
PDF
GOCON Autumn (Story of our own Monitoring Agent in golang)
Huy Do
 
PDF
用 Go 語言打造多台機器 Scale 架構
Bo-Yi Wu
 
PDF
Linux Kernel, tested by the Linux-version of PVS-Studio
PVS-Studio
 
PDF
Bridge TensorFlow to run on Intel nGraph backends (v0.5)
Mr. Vengineer
 
ODP
The why and how of moving to php 7.x
Wim Godden
 
PDF
Windbg랑 친해지기
Ji Hun Kim
 
Антон Наумович, Система автоматической крэш-аналитики своими средствами
Sergey Platonov
 
Дмитрий Демчук. Кроссплатформенный краш-репорт
Sergey Platonov
 
The CppCat Analyzer Checks TortoiseGit
Andrey Karpov
 
Работа с реляционными базами данных в C++
corehard_by
 
Skiron - Experiments in CPU Design in D
Mithun Hunsur
 
clWrap: Nonsense free control of your GPU
John Colvin
 
[COSCUP 2021] A trip about how I contribute to LLVM
Douglas Chen
 
Checking the Source SDK Project
Andrey Karpov
 
Gor Nishanov, C++ Coroutines – a negative overhead abstraction
Sergey Platonov
 
Valgrind
aidanshribman
 
Evgeniy Muralev, Mark Vince, Working with the compiler, not against it
Sergey Platonov
 
PVS-Studio vs Chromium
Andrey Karpov
 
PVS-Studio vs Chromium
PVS-Studio
 
RuntimeUnitTestToolkit for Unity(English)
Yoshifumi Kawai
 
GOCON Autumn (Story of our own Monitoring Agent in golang)
Huy Do
 
用 Go 語言打造多台機器 Scale 架構
Bo-Yi Wu
 
Linux Kernel, tested by the Linux-version of PVS-Studio
PVS-Studio
 
Bridge TensorFlow to run on Intel nGraph backends (v0.5)
Mr. Vengineer
 
The why and how of moving to php 7.x
Wim Godden
 
Windbg랑 친해지기
Ji Hun Kim
 

Viewers also liked(12)

PPTX
Teoria del color
rocio obrero daza
 
PPTX
Aparato respiratorio
LilieBenz1
 
DOCX
COMPARATIVO DE INICIATIVAS RELATIVAS A LA LEY GENERAL DEL SISTEMA NACIONAL AN...
Senadores PRD
 
PDF
Revista de Economia I
rodriel arias
 
PDF
PlumbingDrainWasteVentcoursecompletion
Nate LaBlance
 
RTF
5
Nikoolaas1
 
PDF
Public notices for June 5, 2012
Post-Bulletin Co.
 
DOCX
Trabajo práctico n°6
consueloisasmendi
 
DOCX
Informe completo acerca de la escuela
Yasuira15
 
PPTX
ευριπίδου άλκηστης
Λωρα Μας
 
PPTX
Linux ppt
lincy21
 
PPTX
Linux.ppt
onu9
 
Teoria del color
rocio obrero daza
 
Aparato respiratorio
LilieBenz1
 
COMPARATIVO DE INICIATIVAS RELATIVAS A LA LEY GENERAL DEL SISTEMA NACIONAL AN...
Senadores PRD
 
Revista de Economia I
rodriel arias
 
PlumbingDrainWasteVentcoursecompletion
Nate LaBlance
 
5
Nikoolaas1
 
Public notices for June 5, 2012
Post-Bulletin Co.
 
Trabajo práctico n°6
consueloisasmendi
 
Informe completo acerca de la escuela
Yasuira15
 
ευριπίδου άλκηστης
Λωρα Μας
 
Linux ppt
lincy21
 
Linux.ppt
onu9
 

Similar to PVS-Studio for Linux (CoreHard presentation)(20)

PDF
stackconf 2020 | Enterprise CI/CD Integration Testing Environments Done Right...
NETWAYS
 
PDF
Comparing Functionalities of PVS-Studio and CppCat Static Code Analyzers
Andrey Karpov
 
PDF
C++ Windows Forms L01 - Intro
Mohammad Shaker
 
PDF
Analysis of merge requests in GitLab using PVS-Studio for C#
Andrey Karpov
 
PDF
Test Kitchen and Infrastructure as Code
Cybera Inc.
 
PDF
stackconf 2024 | How to hack and defend (your) open source by Roman Zhukov.pdf
NETWAYS
 
PDF
PVS-Studio in the Clouds: Travis CI
Andrey Karpov
 
PPTX
Continuous Delivery - Automate & Build Better Software with Travis CI
wajrcs
 
PPTX
Effective C++
Andrey Karpov
 
PDF
Jenkins Pipelines
Steffen Gebert
 
PDF
PVS-Studio confesses its love for Linux
PVS-Studio
 
PDF
Continous UI testing with Espresso and Jenkins
Sylwester Madej
 
PDF
High Productivity Web Development Workflow
Vũ Nguyễn
 
PDF
High productivity web development workflow - JavaScript Meetup Saigon 2014
Oliver N
 
PPTX
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
Andrey Karpov
 
PPTX
C# Production Debugging Made Easy
Alon Fliess
 
PPT
01 Introduction to programming
maznabili
 
PPTX
Developing SharePoint Framework Solutions for the Enterprise (SPC 2019)
Eric Shupps
 
PPT
Introduction to Programming Lesson 01
A-Tech and Software Development
 
PDF
Trying to Sell PVS-Studio to Google, or New Bugs in Chromium
Andrey Karpov
 
stackconf 2020 | Enterprise CI/CD Integration Testing Environments Done Right...
NETWAYS
 
Comparing Functionalities of PVS-Studio and CppCat Static Code Analyzers
Andrey Karpov
 
C++ Windows Forms L01 - Intro
Mohammad Shaker
 
Analysis of merge requests in GitLab using PVS-Studio for C#
Andrey Karpov
 
Test Kitchen and Infrastructure as Code
Cybera Inc.
 
stackconf 2024 | How to hack and defend (your) open source by Roman Zhukov.pdf
NETWAYS
 
PVS-Studio in the Clouds: Travis CI
Andrey Karpov
 
Continuous Delivery - Automate & Build Better Software with Travis CI
wajrcs
 
Effective C++
Andrey Karpov
 
Jenkins Pipelines
Steffen Gebert
 
PVS-Studio confesses its love for Linux
PVS-Studio
 
Continous UI testing with Espresso and Jenkins
Sylwester Madej
 
High Productivity Web Development Workflow
Vũ Nguyễn
 
High productivity web development workflow - JavaScript Meetup Saigon 2014
Oliver N
 
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
Andrey Karpov
 
C# Production Debugging Made Easy
Alon Fliess
 
01 Introduction to programming
maznabili
 
Developing SharePoint Framework Solutions for the Enterprise (SPC 2019)
Eric Shupps
 
Introduction to Programming Lesson 01
A-Tech and Software Development
 
Trying to Sell PVS-Studio to Google, or New Bugs in Chromium
Andrey Karpov
 

More from Andrey Karpov(20)

PDF
60 антипаттернов для С++ программиста
Andrey Karpov
 
PDF
60 terrible tips for a C++ developer
Andrey Karpov
 
PPTX
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Andrey Karpov
 
PDF
PVS-Studio in 2021 - Error Examples
Andrey Karpov
 
PDF
PVS-Studio in 2021 - Feature Overview
Andrey Karpov
 
PDF
PVS-Studio в 2021 - Примеры ошибок
Andrey Karpov
 
PDF
PVS-Studio в 2021
Andrey Karpov
 
PPTX
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Andrey Karpov
 
PPTX
Best Bugs from Games: Fellow Programmers' Mistakes
Andrey Karpov
 
PPTX
Does static analysis need machine learning?
Andrey Karpov
 
PPTX
Typical errors in code on the example of C++, C#, and Java
Andrey Karpov
 
PPTX
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
Andrey Karpov
 
PPTX
Game Engine Code Quality: Is Everything Really That Bad?
Andrey Karpov
 
PPTX
C++ Code as Seen by a Hypercritical Reviewer
Andrey Karpov
 
PPTX
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
Andrey Karpov
 
PPTX
Static Code Analysis for Projects, Built on Unreal Engine
Andrey Karpov
 
PPTX
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Andrey Karpov
 
PPTX
The Great and Mighty C++
Andrey Karpov
 
PPTX
Static code analysis: what? how? why?
Andrey Karpov
 
PDF
Zero, one, two, Freddy's coming for you
Andrey Karpov
 
60 антипаттернов для С++ программиста
Andrey Karpov
 
60 terrible tips for a C++ developer
Andrey Karpov
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Andrey Karpov
 
PVS-Studio in 2021 - Error Examples
Andrey Karpov
 
PVS-Studio in 2021 - Feature Overview
Andrey Karpov
 
PVS-Studio в 2021 - Примеры ошибок
Andrey Karpov
 
PVS-Studio в 2021
Andrey Karpov
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Andrey Karpov
 
Best Bugs from Games: Fellow Programmers' Mistakes
Andrey Karpov
 
Does static analysis need machine learning?
Andrey Karpov
 
Typical errors in code on the example of C++, C#, and Java
Andrey Karpov
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
Andrey Karpov
 
Game Engine Code Quality: Is Everything Really That Bad?
Andrey Karpov
 
C++ Code as Seen by a Hypercritical Reviewer
Andrey Karpov
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
Andrey Karpov
 
Static Code Analysis for Projects, Built on Unreal Engine
Andrey Karpov
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Andrey Karpov
 
The Great and Mighty C++
Andrey Karpov
 
Static code analysis: what? how? why?
Andrey Karpov
 
Zero, one, two, Freddy's coming for you
Andrey Karpov
 

Recently uploaded(20)

PDF
IObit Driver Booster Pro Crack Latest Version Download
henryc1122g
 
PPTX
Augmented Reality and Virtual Reality Information
vruttipacific
 
PDF
How to Set Realistic Project Milestones and Deadlines
Orangescrum
 
PDF
4K Video Downloader Crack + License Key 2025
bobykhan786g
 
PDF
KidsTale AI Review - Create Magical Kids’ Story Videos in 2 Minutes.pdf
THEMESMO
 
PDF
Why a Facebook Account is Necessary in Every Person’s Life.pdf
https://usasuperservice.com/
 
PDF
How to Write Automated Test Scripts Using Selenium.pdf
kalichargn70th171
 
PPTX
Ensuring Quality with Software Testing ppt
aecitaninditachatter
 
PPTX
SIH2024_IDEA_dy_dx_deepfakedetection.pptx
namiichan101108
 
PPT
chapter01_java_programming_object_oriented
mjmansoori54
 
PPTX
SQL introduction and commands, SQL joining
Rukhmanisahu5
 
PPTX
HackYourBrain__UtrechtJUG__11092025.pptx
SimonedeGijt
 
PDF
OpenTimelineIO Virtual Town Hall - August 2025
AcademySoftwareFoundation
 
PPTX
Software Engineering - System Modeling.pptx
MasterHackerx
 
PDF
XAI_Based_Cattle_Identification_with_YOLO_and_SIFT_Technique.pdf
vineetsuradkar
 
PPTX
Independent Consultants’ Biggest Challenges in ERP Projects – and How Apagen ...
SatishKumar2651
 
PPTX
Phoenix Marketo User Group: Building Nurtures that Work for Your Audience. An...
bbedford2
 
PPTX
oracle_ebs_12.2_project_cutoveroutage.pptx
SivaKandasamy7
 
PDF
10 Mistakes Agile Project Managers Still Make
Sahil Aggarwal
 
PDF
solman-7.0-ehp1-sp21-incident-management
Giuseppe Caselli
 
IObit Driver Booster Pro Crack Latest Version Download
henryc1122g
 
Augmented Reality and Virtual Reality Information
vruttipacific
 
How to Set Realistic Project Milestones and Deadlines
Orangescrum
 
4K Video Downloader Crack + License Key 2025
bobykhan786g
 
KidsTale AI Review - Create Magical Kids’ Story Videos in 2 Minutes.pdf
THEMESMO
 
Why a Facebook Account is Necessary in Every Person’s Life.pdf
https://usasuperservice.com/
 
How to Write Automated Test Scripts Using Selenium.pdf
kalichargn70th171
 
Ensuring Quality with Software Testing ppt
aecitaninditachatter
 
SIH2024_IDEA_dy_dx_deepfakedetection.pptx
namiichan101108
 
chapter01_java_programming_object_oriented
mjmansoori54
 
SQL introduction and commands, SQL joining
Rukhmanisahu5
 
HackYourBrain__UtrechtJUG__11092025.pptx
SimonedeGijt
 
OpenTimelineIO Virtual Town Hall - August 2025
AcademySoftwareFoundation
 
Software Engineering - System Modeling.pptx
MasterHackerx
 
XAI_Based_Cattle_Identification_with_YOLO_and_SIFT_Technique.pdf
vineetsuradkar
 
Independent Consultants’ Biggest Challenges in ERP Projects – and How Apagen ...
SatishKumar2651
 
Phoenix Marketo User Group: Building Nurtures that Work for Your Audience. An...
bbedford2
 
oracle_ebs_12.2_project_cutoveroutage.pptx
SivaKandasamy7
 
10 Mistakes Agile Project Managers Still Make
Sahil Aggarwal
 
solman-7.0-ehp1-sp21-incident-management
Giuseppe Caselli
 

PVS-Studio for Linux (CoreHard presentation)

  • 1.
    What we hadto test and what we learnt during the creation of the Linux version of PVS-Studio Svyatoslav Razmyslov Evgeniy Ryzhkov PVS-Studio www.viva64.com
  • 2.
    Who needs staticcode analysis? • Beginners • «Hindu programmers» • Bad programmers
  • 3.
    MySQL (C++) A lotof similar strings. Everything should be fine. static int rr_cmp(uchar *a, uchar *b) { if (a[0] != b[0]) return (int)a[0] - (int)b[0]; if (a[1] != b[1]) return (int)a[1] - (int)b[1]; if (a[2] != b[2]) return (int)a[2] - (int)b[2]; if (a[3] != b[3]) return (int)a[3] - (int)b[3]; if (a[4] != b[4]) return (int)a[4] - (int)b[4]; if (a[5] != b[5]) return (int)a[1] - (int)b[5]; if (a[6] != b[6]) return (int)a[6] - (int)b[6]; return (int)a[7] - (int)b[7]; }
  • 4.
    CryEngine 3 SDK(C++) inline bool operator != (const SEfResTexture &m) const { if (stricmp(m_Name.c_str(), m_Name.c_str()) != 0 || m_TexFlags != m.m_TexFlags || m_bUTile != m.m_bUTile || ..... m_Sampler != m.m_Sampler) return true; return false; }
  • 5.
    Linux (C) kernel staticint tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n) { struct net *net = sock_net(skb->sk); struct nlattr *tca[TCA_ACT_MAX + 1]; u32 portid = skb ? NETLINK_CB(skb).portid : 0; .... } The function got an argument: Dereferencing Oops, it should be checked too.
  • 6.
    These bugs haveALWAYS been there. Taken from Cfront compiler, year 1985: Pexpr expr::typ(Ptable tbl) { .... Pclass cl; .... cl = (Pclass) nn->tp; cl->permanent=1; if (cl == 0) error('i',"%k %s'sT missing",CLASS,s); .... }
  • 7.
    Nothing has changedfor the past 30 years. Modern Clang compiler: Instruction *InstCombiner::visitGetElementPtrInst(....) { .... Value *StrippedPtr = PtrOp->stripPointerCasts(); PointerType *StrippedPtrTy = dyn_cast<PointerType>(StrippedPtr->getType()); if (!StrippedPtr) return 0; .... }
  • 8.
    Static analysis methodology Automated code review  Regular checks  The human factor is avoided (it is lowered, to be exact).  Specialized tools. The more the better. But maybe not.
  • 9.
    What did thePVS-Studio users wanted from the Linux version of PVS-Studio?  Command line utility; “We don’t need integration with IDE!”  We don’t need an installer "We will set everything ourselves!»  We don’t need the documentation “We’ll run the program ourselves”
  • 10.
    The first buildand support  The executable file is not a product  Porting the code is only a small part of the work  You cannot make conclusions without full-fledged testing - comparison of testing on Windows and Linux
  • 11.
    Myth of knowingbuild scripts  Not all developers are completely familiar with the build system  People need some way of getting to know the product without integrating and setting up  This method should be quite reliable to leave a good impression from the product
  • 12.
    Support of multipleLinux distributions
  • 13.
    The choice ofthe monitoring technology  (-) Clang scan-build  (+) strace  (+) JSON Compilation Database  (+/-) RD_PRELOAD
  • 14.
  • 15.
    Closed testing ofa Beta version Episode 1  The executable file of the analyzer with the setup script  Online documentation  Several different ways to analyze without the integration
  • 16.
    Closed testing ofa Beta version Episode 2  Support of non-standard compiler extensions  Dealing with false alarms  Creating Deb/Rpm packages  Small tasks concerning the analyzer and the documentation
  • 17.
    Closed testing ofa Beta version Episode 3  We decided not to use the config files for a quick check  Improved work with the log of the strace utilitiy  Work on the DEB/RPM packages  Other tasks concerning the analyzer and the documentation
  • 18.
    Closed testing ofa Beta version Episode 4 (Release Candidate)  Heading towards the integration into large projects  Implementation of various user requests  Our own repositories for DEB/RPM packages*
  • 19.
    Integration into Makefile/Makefile.am .cpp.o: $(CXX)$(CFLAGS) $(DFLAGS) $(INCLUDES) $< -o $@ pvs-studio --cfg $(CFG_PATH) --source-file $< --language C++ --cl-params $(CFLAGS) $(DFLAGS) $(INCLUDES) $<  Details in the analyzer setup  Incremental analysis  Parallelization of the analysis on the build system level  Other pluses of the build system
  • 20.
    Integration into CMake/CLion include(PVS-Studio.cmake) pvs_studio_add_target(TARGET analyze OUTPUT FORMAT errorfile ANALYZE target LOG target.plog LICENSE "/path/to/PVS-Studio.lic")
  • 21.
    Integration into CMake/QtCreator include(PVS-Studio.cmake) pvs_studio_add_target(TARGETanalyze OUTPUT FORMAT errorfile ANALYZE target LOG target.plog LICENSE "/path/to/PVS-Studio.lic")
  • 22.
    Integration into QMake/QtCreator pvs_studio.target= pvs pvs_studio.output = true pvs_studio.license = /path/to/PVS-Studio.lic pvs_studio.cfg = /path/to/PVS-Studio.cfg pvs_studio.cxxflags = -std=c++14 pvs_studio.sources = $${SOURCES} include(PVS-Studio.pri)
  • 23.
    Conclusions made duringthe development process  Installation from a package or a repository  Getting to know the product using a quick scan  Integration into a project so that the developer may have incremental analysis  Configuring a complete analysis on the build server  Additional comment - a crazy amount of the Linux projects analyzed, so that the tool can be considered operational.
  • 24.
    Questions?  Release ofPVS-Studio for Linux: October 25, Tuesday www.viva64.com PVS-Studio checks C,C++ and C#