Wednesday, August 1, 2018

Digest for comp.lang.c++@googlegroups.com - 25 updates in 6 topics

Andrey Karpov <karpov2007@gmail.com>: Aug 01 10:17AM -0700

Development of large complex projects is impossible without the use of programming techniques and tools helping to monitor the quality of the code. First, it requires a literate coding standard, code reviews, unit tests, static and dynamic code analyzers. All this helps to detect defects in code at the earliest stages of development. This article demonstrates the abilities of a PVS-Studio static analyzer in detecting bugs and security weaknesses in code of the Android operating system. We hope that the article will attract readers' attention to the methodology of static code analysis, and they will be willing to embed it in the process of developing their own projects.
 
Article: https://www.viva64.com/en/b/0579/
"Rick C. Hodgin" <rick.c.hodgin@gmail.com>: Aug 01 01:24PM -0400

On 8/1/2018 1:17 PM, Andrey Karpov wrote:
> Development of large complex projects is impossible without the use of programming techniques and tools helping to monitor the quality of the code. First, it requires a literate coding standard, code reviews, unit tests, static and dynamic code analyzers. All this helps to detect defects in code at the earliest stages of development. This article demonstrates the abilities of a PVS-Studio static analyzer in detecting bugs and security weaknesses in code of the Android operating system. We hope that the article will attract readers' attention to the methodology of static code analysis, and they will be willing to embed it in the process of developing their own projects.
 
> Article: https://www.viva64.com/en/b/0579/
 
I was very critical of your coming to comp.lang.c++ initially because
I viewed it as little more than an attempt to make money off your
product. However, since that time I've downloaded the trial version
and tried it out on my own software and was pleased beyond words with
how effective it is.
 
I give your product full props, would recommend it to everyone, and
would use it if I had the funds to do so.
 
My only complaint remains: PVS-Studio is too expensive for small
open-source project developers like me to easily obtain. And, there
are many of us on many projects. Our software is also important to
be bug free, but your decision to exclude us by your high starting
price is a barrier, and is the negative aspect of your product...
This is all in my personal opinion.
 
--
Rick C. Hodgin
Paavo Helde <myfirstname@osa.pri.ee>: Aug 02 12:02AM +0300

On 1.08.2018 20:17, Andrey Karpov wrote:
> Development of large complex projects is impossible without the use of programming techniques and tools helping to monitor the quality of the code. First, it requires a literate coding standard, code reviews, unit tests, static and dynamic code analyzers. All this helps to detect defects in code at the earliest stages of development. This article demonstrates the abilities of a PVS-Studio static analyzer in detecting bugs and security weaknesses in code of the Android operating system. We hope that the article will attract readers' attention to the methodology of static code analysis, and they will be willing to embed it in the process of developing their own projects.
 
> Article: https://www.viva64.com/en/b/0579/
 
In the article I see you admit there are a lot of false positives, and
yet you claim there is nothing wrong with that and the software is OK.
In practice, the false positives are a huge deterrent for a user, if 99%
of diagnostics are false positives then the tool basically becomes
unusable (been there, done that, spending a full day analyzing
avalanches of diagnostics from a multithread-safety checker tool, only
to eventually figure out they were 100% false positives because the tool
didn't recognize boost::mutex as a mutex).
 
Quoting the article:
 
#if GENERIC_TARGET
const char alternative_config_path[] = "/data/nfc/";
#else
const char alternative_config_path[] = "";
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)