SlideShare a Scribd company logo

The Use of Static Code Analysis When Teaching or Developing Open-Source Software

Download as PPTX, PDF
Andrey Karpov, profile picture
Andrey Karpov

The document discusses using static code analysis when teaching or developing open-source software. It outlines how static analysis can help instructors check student homework and projects more efficiently, and help students learn about error patterns. When using static analysis for open-source projects, it recommends integrating it into developers' workflows locally and via continuous integration systems. Regular use is key to maximizing its benefits for finding and fixing bugs.

Education
Related topics:
Insights on Software Development
1 of 51
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
The Use of Static Code Analysis When Teaching or Developing Open-Source Software Presenter: George Gribkov
1. Static analysis: short overview 2. Use of static analysis at colleges and universities 3. Use of static analysis in student and open projects Contents 2
Static Analysis: Short Overview 3
 Write correct code  Unit tests  Regression testing  Code review  …is there some other way?  Yes! For example – tools for automated analysis. How to Improve Code Quality 4
 Static analysis tools: check code when it’s not executed  Dynamic analysis tools: check code when it’s being executed Automated Code Analysis Tools 5  Both approaches compliment each other very well.
Cost to Fix a Bug 6
 Issues false positives  Difficulties with multithreading  Does not eliminate the need for code review Static Analysis Disadvantages 7
 Covers the entire code  Significantly faster than dynamic code analysis  More convenient for large projects Static Analysis Advantages 8
 Can check code style or whether the code complies with a coding standard (MISRA, AUTOSAR C++)  Easy to use  Helps developers learn and teach Static Analysis Advantages 9
Use of Static Analysis at Colleges and Universitites 10
 Helps check homework  Helps check final projects  Saves instructors’ time For Instructors 11
 Provides a chance to learn a new approach  Helps with self-study and problem solving  Facilitates development  Shows and helps study error patterns For Students 12
Pattern Examples (Vangers) 13 void aciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1]; .... delete p; delete p1; }
Pattern Examples (Vangers) 14 void aciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1]; .... delete p; // <= delete p1; // <= }
Pattern Examples (Vangers) 15 void aciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1]; .... delete [] p; delete [] p1; }
Pattern Examples (Apache HTTP Server) 16 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset(x, 0, sizeof(x)); }
Pattern Examples (Apache HTTP Server) 17 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset(x, 0, sizeof(x)); // <= }
Pattern Examples (Apache HTTP Server) 18 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset_s(x, 0, sizeof(x)); } *Or use the following flag: -fno-builtin-memset!
 Provides a chance to learn a new approach  Helps with self-study and problem solving  Facilitates development  Shows and helps study error patterns For Students 19
Use of Static Analysis in Student and Open Projects 20
 Static analysis provides its maximum benefit only when used regularly! Regular Use is the Main Thing 21
Regular Use is the Main Thing 22
Efficient Static Analyzers 23 • PVS-Studio • Clang Static Analyzer • Cppcheck • Infer • IntelliJ IDEA • FindBugs • ... • A detailed list of static analyzers:
1. A classic development scenario (in office) 2. Developing student and open-source projects Introducing Analysis 24
 Locally on developers’ computer (plugins for IDE, compilation monitoring system) A Typical Scenario 25
 Continuous integration systems (command-line utilities, plugins for CI systems, monitoring systems) A Typical Scenario 26
A Typical Scenario 27
What’s the difference? Student and Open-Source Projects 28
A Typical Scenario 29
Student and Open-Source Projects 30
Student and Open-Source Projects 31
Student and Open-Source Projects 32
Student and Open-Source Projects 33
Using an Analyzer on Open-Source Projects 34
Using an Analyzer on Open-Source Projects 35
How to Analyze Community Contribution? 36
What to Do After the First Check? 37
Using an Analyzer on Open-Source Projects 38
Using an Analyzer on Open-Source Projects 39
Pull Request Analysis 40
How to Analyze Community Contribution? 41
 Suppress bases are a mass suppression tool for the analyzer’s warnings. After the First Check 42
 Suppress bases are a mass suppression tool for the analyzer’s warnings. After the First Check 43
 Hide old errors – keep up the normal pace  See only the latest warnings starting from this moment  Get immediate benefits from the analyzer  Do not forget about the old errors! Come back and fix them one-by-one. The Purpose of Suppress Bases 44
 A very convenient approach: the “ratcheting” method  The number of errors in the base is committed to the repository.  Changes are allowed only when they do not increase the total number of errors. How to Work with Suppress Base 45
How to Work with Suppress Base 46
 https://habr.com/en/post/440610/ An Article on the Topic 47
Conclusion 48
 Static analysis helps study programming  It’s important to use static analysis regularly  It’s okay to use static analysis in open-source projects! Recap 49
A Free PVS-Studio License for Open-Source Project Developers 50
END Q&A51

More Related Content

PDF
TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...
Iosif Itkin
 
PDF
TMPA-2017: Vellvm - Verifying the LLVM
Iosif Itkin
 
PDF
TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...
Iosif Itkin
 
PDF
TMPA-2015: A Need To Specify and Verify Standard Functions
Iosif Itkin
 
PDF
Cppcheck
PVS-Studio
 
PPTX
Reverse Engineering automation
Positive Hack Days
 
PDF
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
Iosif Itkin
 
PPT
Testing
Steve Loughran
 
TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...
Iosif Itkin
 
TMPA-2017: Vellvm - Verifying the LLVM
Iosif Itkin
 
TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...
Iosif Itkin
 
TMPA-2015: A Need To Specify and Verify Standard Functions
Iosif Itkin
 
Cppcheck
PVS-Studio
 
Reverse Engineering automation
Positive Hack Days
 
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
Iosif Itkin
 
Testing
Steve Loughran
 

What's hot (20)

PDF
Symbolic Execution (introduction and hands-on)
Emilio Coppa
 
PPTX
Loops in c
shubhampandav3
 
PDF
Program errors occurring while porting C++ code from 32-bit platforms on 64-b...
Andrey Karpov
 
PPT
Code Analysis-run time error prediction
NIKHIL NAWATHE
 
PPTX
Static analysis
GowriLatha1
 
PDF
Search-driven String Constraint Solving for Vulnerability Detection
Lionel Briand
 
PDF
SherLog: Error Diagnosis by Connecting Clues from Run-time Logs
Dacong (Tony) Yan
 
PPTX
IEEE SCAM 2017 Revisiting Exception Handling Practices with Exception Flow An...
Gui Padua
 
PPT
Templates exception handling
sanya6900
 
PPT
9781285852744 ppt ch14
Terry Yoast
 
PPTX
Extending C# with Roslyn and Code Aware Libraries
Carlo Pescio
 
PPT
Unit iii
snehaarao19
 
PDF
Mock object
Hiroyuki Ohnaka
 
PDF
Java 8 - Lambdas and much more
Alin Pandichi
 
PPTX
STAMP
Saswat Anand
 
PPTX
C programming language tutorial
Dr. SURBHI SAROHA
 
PPT
Storage classes
Shanmughaneethi Velu
 
DOCX
Qtp certification questions2
Ramu Palanki
 
PPTX
C language (Part 2)
Dr. SURBHI SAROHA
 
PDF
Headache from using mathematical software
PVS-Studio
 
Symbolic Execution (introduction and hands-on)
Emilio Coppa
 
Loops in c
shubhampandav3
 
Program errors occurring while porting C++ code from 32-bit platforms on 64-b...
Andrey Karpov
 
Code Analysis-run time error prediction
NIKHIL NAWATHE
 
Static analysis
GowriLatha1
 
Search-driven String Constraint Solving for Vulnerability Detection
Lionel Briand
 
SherLog: Error Diagnosis by Connecting Clues from Run-time Logs
Dacong (Tony) Yan
 
IEEE SCAM 2017 Revisiting Exception Handling Practices with Exception Flow An...
Gui Padua
 
Templates exception handling
sanya6900
 
9781285852744 ppt ch14
Terry Yoast
 
Extending C# with Roslyn and Code Aware Libraries
Carlo Pescio
 
Unit iii
snehaarao19
 
Mock object
Hiroyuki Ohnaka
 
Java 8 - Lambdas and much more
Alin Pandichi
 
STAMP
Saswat Anand
 
C programming language tutorial
Dr. SURBHI SAROHA
 
Storage classes
Shanmughaneethi Velu
 
Qtp certification questions2
Ramu Palanki
 
C language (Part 2)
Dr. SURBHI SAROHA
 
Headache from using mathematical software
PVS-Studio
 
Ad

Similar to The Use of Static Code Analysis When Teaching or Developing Open-Source Software (20)

PPTX
Does static analysis need machine learning?
Andrey Karpov
 
PPT
CS2006Ch02A.ppt dfxgbfdcgbhfcdhbfdcbfdcgfdg
RahithAhsan1
 
PPTX
The operation principles of PVS-Studio static code analyzer
Andrey Karpov
 
PPTX
PVS-Studio and static code analysis technique
Andrey Karpov
 
PDF
Reducing Redundancies in Multi-Revision Code Analysis
Sebastiano Panichella
 
PPTX
Introduction to White box testing
Aliaa Monier Ismaail
 
PDF
Skiron - Experiments in CPU Design in D
Mithun Hunsur
 
PPTX
Static analysis works for mission-critical systems, why not yours?
Rogue Wave Software
 
PPTX
Code instrumentation
Bryan Reinero
 
PDF
Fuzzing - Part 2
UTD Computer Security Group
 
PDF
What’s eating python performance
Piotr Przymus
 
PPT
01SoftwEng.pptInnovation technology pptInnovation technology ppt
sultanahimed3
 
PPTX
SE2023 0401 Software Coding and Testing.pptx
Bharat Chawda
 
PPTX
Physics lab ppt for btech students in engineetin
sunkaraasharani
 
PPTX
Static code analysis: what? how? why?
Andrey Karpov
 
PDF
Online Machine Learning: introduction and examples
Felipe
 
PPSX
Ds03 part i algorithms by jyoti lakhani
jyoti_lakhani
 
PPT
5.Black Box Testing and Levels of Testing.ppt
SyedAhmad732853
 
PDF
More about PHP
Jonathan Francis Roscoe
 
PPT
ch01-basic-java-programs.ppt
Mahyuddin8
 
Does static analysis need machine learning?
Andrey Karpov
 
CS2006Ch02A.ppt dfxgbfdcgbhfcdhbfdcbfdcgfdg
RahithAhsan1
 
The operation principles of PVS-Studio static code analyzer
Andrey Karpov
 
PVS-Studio and static code analysis technique
Andrey Karpov
 
Reducing Redundancies in Multi-Revision Code Analysis
Sebastiano Panichella
 
Introduction to White box testing
Aliaa Monier Ismaail
 
Skiron - Experiments in CPU Design in D
Mithun Hunsur
 
Static analysis works for mission-critical systems, why not yours?
Rogue Wave Software
 
Code instrumentation
Bryan Reinero
 
Fuzzing - Part 2
UTD Computer Security Group
 
What’s eating python performance
Piotr Przymus
 
01SoftwEng.pptInnovation technology pptInnovation technology ppt
sultanahimed3
 
SE2023 0401 Software Coding and Testing.pptx
Bharat Chawda
 
Physics lab ppt for btech students in engineetin
sunkaraasharani
 
Static code analysis: what? how? why?
Andrey Karpov
 
Online Machine Learning: introduction and examples
Felipe
 
Ds03 part i algorithms by jyoti lakhani
jyoti_lakhani
 
5.Black Box Testing and Levels of Testing.ppt
SyedAhmad732853
 
More about PHP
Jonathan Francis Roscoe
 
ch01-basic-java-programs.ppt
Mahyuddin8
 
Ad

More from Andrey Karpov (20)

PDF
60 антипаттернов для С++ программиста
Andrey Karpov
 
PDF
60 terrible tips for a C++ developer
Andrey Karpov
 
PPTX
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Andrey Karpov
 
PDF
PVS-Studio in 2021 - Error Examples
Andrey Karpov
 
PDF
PVS-Studio in 2021 - Feature Overview
Andrey Karpov
 
PDF
PVS-Studio в 2021 - Примеры ошибок
Andrey Karpov
 
PDF
PVS-Studio в 2021
Andrey Karpov
 
PPTX
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Andrey Karpov
 
PPTX
Best Bugs from Games: Fellow Programmers' Mistakes
Andrey Karpov
 
PPTX
Typical errors in code on the example of C++, C#, and Java
Andrey Karpov
 
PPTX
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
Andrey Karpov
 
PPTX
Game Engine Code Quality: Is Everything Really That Bad?
Andrey Karpov
 
PPTX
C++ Code as Seen by a Hypercritical Reviewer
Andrey Karpov
 
PPTX
Static Code Analysis for Projects, Built on Unreal Engine
Andrey Karpov
 
PPTX
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Andrey Karpov
 
PPTX
The Great and Mighty C++
Andrey Karpov
 
PDF
Zero, one, two, Freddy's coming for you
Andrey Karpov
 
PDF
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
Andrey Karpov
 
PDF
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
Andrey Karpov
 
PDF
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...
Andrey Karpov
 
60 антипаттернов для С++ программиста
Andrey Karpov
 
60 terrible tips for a C++ developer
Andrey Karpov
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Andrey Karpov
 
PVS-Studio in 2021 - Error Examples
Andrey Karpov
 
PVS-Studio in 2021 - Feature Overview
Andrey Karpov
 
PVS-Studio в 2021 - Примеры ошибок
Andrey Karpov
 
PVS-Studio в 2021
Andrey Karpov
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Andrey Karpov
 
Best Bugs from Games: Fellow Programmers' Mistakes
Andrey Karpov
 
Typical errors in code on the example of C++, C#, and Java
Andrey Karpov
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
Andrey Karpov
 
Game Engine Code Quality: Is Everything Really That Bad?
Andrey Karpov
 
C++ Code as Seen by a Hypercritical Reviewer
Andrey Karpov
 
Static Code Analysis for Projects, Built on Unreal Engine
Andrey Karpov
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Andrey Karpov
 
The Great and Mighty C++
Andrey Karpov
 
Zero, one, two, Freddy's coming for you
Andrey Karpov
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
Andrey Karpov
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
Andrey Karpov
 
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...
Andrey Karpov
 

Recently uploaded (20)

PPTX
Nursing Management of Patients with Disorders of Ear, Nose, and Throat (ENT) ...
RAKESH SAJJAN
 
PPTX
How to Manage Starshipit in Odoo 18 - Odoo Slides
Celine George
 
PPTX
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PPTX
Open Quiz Monsoon Mind Game Final Set.pptx
Sourav Kr Podder
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
The Final Stretch: How to Release a Game and Not Die in the Process.
Marta Fijak
 
PPTX
Introduction and Scope of Bichemistry.pptx
shantiyogi
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
Module 3: Health Systems Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PPTX
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
PDF
Piense y hagase Rico - Napoleon Hill Ccesa007.pdf
Demetrio Ccesa Rayme
 
PPTX
Open Quiz Monsoon Mind Game Prelims.pptx
Sourav Kr Podder
 
PPTX
Cardiovascular Pharmacology for pharmacy students.pptx
TumwineRobert
 
PDF
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
PDF
Open folder Downloads.pdf yes yes ges yes
JaybeeMacadangdang
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PDF
PSYCHOLOGY IN EDUCATION.pdf ( nice pdf ...)
shekedeganizani2
 
Nursing Management of Patients with Disorders of Ear, Nose, and Throat (ENT) ...
RAKESH SAJJAN
 
How to Manage Starshipit in Odoo 18 - Odoo Slides
Celine George
 
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Open Quiz Monsoon Mind Game Final Set.pptx
Sourav Kr Podder
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
The Final Stretch: How to Release a Game and Not Die in the Process.
Marta Fijak
 
Introduction and Scope of Bichemistry.pptx
shantiyogi
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
Module 3: Health Systems Tutorial Slides S2 2025
Jonathan Hallett
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
Piense y hagase Rico - Napoleon Hill Ccesa007.pdf
Demetrio Ccesa Rayme
 
Open Quiz Monsoon Mind Game Prelims.pptx
Sourav Kr Podder
 
Cardiovascular Pharmacology for pharmacy students.pptx
TumwineRobert
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
Open folder Downloads.pdf yes yes ges yes
JaybeeMacadangdang
 
Pre independence Education in Inndia.pdf
goofy5603
 
PSYCHOLOGY IN EDUCATION.pdf ( nice pdf ...)
shekedeganizani2
 

The Use of Static Code Analysis When Teaching or Developing Open-Source Software

  • 1. The Use of Static Code Analysis When Teaching or Developing Open-Source Software Presenter: George Gribkov
  • 2. 1. Static analysis: short overview 2. Use of static analysis at colleges and universities 3. Use of static analysis in student and open projects Contents 2
  • 4.  Write correct code  Unit tests  Regression testing  Code review  …is there some other way?  Yes! For example – tools for automated analysis. How to Improve Code Quality 4
  • 5.  Static analysis tools: check code when it’s not executed  Dynamic analysis tools: check code when it’s being executed Automated Code Analysis Tools 5  Both approaches compliment each other very well.
  • 6. Cost to Fix a Bug 6
  • 7.  Issues false positives  Difficulties with multithreading  Does not eliminate the need for code review Static Analysis Disadvantages 7
  • 8.  Covers the entire code  Significantly faster than dynamic code analysis  More convenient for large projects Static Analysis Advantages 8
  • 9.  Can check code style or whether the code complies with a coding standard (MISRA, AUTOSAR C++)  Easy to use  Helps developers learn and teach Static Analysis Advantages 9
  • 10. Use of Static Analysis at Colleges and Universitites 10
  • 11.  Helps check homework  Helps check final projects  Saves instructors’ time For Instructors 11
  • 12.  Provides a chance to learn a new approach  Helps with self-study and problem solving  Facilitates development  Shows and helps study error patterns For Students 12
  • 13. Pattern Examples (Vangers) 13 void aciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1]; .... delete p; delete p1; }
  • 14. Pattern Examples (Vangers) 14 void aciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1]; .... delete p; // <= delete p1; // <= }
  • 15. Pattern Examples (Vangers) 15 void aciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1]; .... delete [] p; delete [] p1; }
  • 16. Pattern Examples (Apache HTTP Server) 16 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset(x, 0, sizeof(x)); }
  • 17. Pattern Examples (Apache HTTP Server) 17 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset(x, 0, sizeof(x)); // <= }
  • 18. Pattern Examples (Apache HTTP Server) 18 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset_s(x, 0, sizeof(x)); } *Or use the following flag: -fno-builtin-memset!
  • 19.  Provides a chance to learn a new approach  Helps with self-study and problem solving  Facilitates development  Shows and helps study error patterns For Students 19
  • 20. Use of Static Analysis in Student and Open Projects 20
  • 21.  Static analysis provides its maximum benefit only when used regularly! Regular Use is the Main Thing 21
  • 22. Regular Use is the Main Thing 22
  • 23. Efficient Static Analyzers 23 • PVS-Studio • Clang Static Analyzer • Cppcheck • Infer • IntelliJ IDEA • FindBugs • ... • A detailed list of static analyzers:
  • 24. 1. A classic development scenario (in office) 2. Developing student and open-source projects Introducing Analysis 24
  • 25.  Locally on developers’ computer (plugins for IDE, compilation monitoring system) A Typical Scenario 25
  • 26.  Continuous integration systems (command-line utilities, plugins for CI systems, monitoring systems) A Typical Scenario 26
  • 28. What’s the difference? Student and Open-Source Projects 28
  • 30. Student and Open-Source Projects 30
  • 31. Student and Open-Source Projects 31
  • 32. Student and Open-Source Projects 32
  • 33. Student and Open-Source Projects 33
  • 34. Using an Analyzer on Open-Source Projects 34
  • 35. Using an Analyzer on Open-Source Projects 35
  • 36. How to Analyze Community Contribution? 36
  • 37. What to Do After the First Check? 37
  • 38. Using an Analyzer on Open-Source Projects 38
  • 39. Using an Analyzer on Open-Source Projects 39
  • 41. How to Analyze Community Contribution? 41
  • 42.  Suppress bases are a mass suppression tool for the analyzer’s warnings. After the First Check 42
  • 43.  Suppress bases are a mass suppression tool for the analyzer’s warnings. After the First Check 43
  • 44.  Hide old errors – keep up the normal pace  See only the latest warnings starting from this moment  Get immediate benefits from the analyzer  Do not forget about the old errors! Come back and fix them one-by-one. The Purpose of Suppress Bases 44
  • 45.  A very convenient approach: the “ratcheting” method  The number of errors in the base is committed to the repository.  Changes are allowed only when they do not increase the total number of errors. How to Work with Suppress Base 45
  • 46. How to Work with Suppress Base 46
  • 49.  Static analysis helps study programming  It’s important to use static analysis regularly  It’s okay to use static analysis in open-source projects! Recap 49
  • 50. A Free PVS-Studio License for Open-Source Project Developers 50