pvs-stdio ue4_如何快速检查出PVS-Studio分析仪针对C和C ++代码给出的有趣警告？

pvs-stdio ue4

Once in a while, programmers who start getting acquainted with the PVS-Studio code analyzer ask me: «Is there a list of warnings that accurately indicate errors?» There is no such list because uninteresting (false) warnings in one project are very important and useful in another one. However, one can definitely start digging into the analyzer from the most exciting warnings. Let's take a closer look at this topic.

偶尔，开始熟悉PVS-Studio代码分析器的程序员会问我：“是否有准确显示错误的警告列表？” 没有这样的列表，因为在一个项目中无趣的(错误)警告在另一个项目中非常重要且有用。 但是，绝对可以从最令人兴奋的警告中开始深入分析仪。 让我们仔细看一下这个主题。

Trouble is, as a rule, at first runs a programmer drowns in a huge number of warnings that he gets. Naturally, he wants to start reviewing the most interesting warnings in order to understand whether he should spend his time sorting out all this. Good, so here are three simple steps that will let him check out the most exciting warnings.

通常，一开始，问题是程序员在运行时淹没了他得到的大量警告。 自然，他想开始回顾最有趣的警告，以了解他是否应该花时间整理所有这些信息。 很好，所以这是三个简单的步骤，这些步骤使他可以检查出最令人兴奋的警告。

第1步 (Step 1)

Disable all types of warnings except general ones (GA). A common mistake is to enable all types of warnings. Inexperienced users think that the more to enable, the better. That's not the case. There are diagnostic sets, such as 64-bit checks and MISRA rules, that should only be used when one clearly knows what are they and how to work with them. For example, enabling MISRA diagnostics for an ordinary application program, you will drown in tens, thousands or hundreds of thousands of warnings such as:

禁用除常规警告(GA)以外的所有警告类型。 一个常见的错误是启用所有类型的警告。 没有经验的用户认为，启用的越多越好。 事实并非如此。 有一些诊断集，例如64位检查和MISRA规则，仅在清楚地知道它们是什么以及如何使用它们时才应使用。 例如，为普通的应用程序启用MISRA诊断，您将淹没在成千上万的警告中，例如：

• V2506. MISRA. A function should have a single point of exit at the end.

  V2506 。 MISRA。 函数的末尾应该有一个出口。

• V2507. MISRA. The body of a loop\conditional statement should be enclosed in braces.

  V2507 。 MISRA。 循环\条件语句的主体应放在花括号中。

• V2523. MISRA. All integer constants of unsigned type should have 'u' or 'U' suffix.

  V2523 。 MISRA。 所有无符号类型的整数常量都应带有“ u”或“ U”后缀。

Most MISRA warnings indicate not errors, but code smells. Naturally, a programmer begins to ask questions. How do you find something interesting in the pile of all these warnings? What numbers should he watch? These are the wrong questions. You just need to disable the MISRA set. This is the standard for writing quality code for embedded devices. The point of the standard is to make the code extremely simple and understandable. Don't try to apply it where it's inappropriate.

大多数MISRA警告不是指出错误，而是代码味道。 自然，程序员开始提出问题。 您如何在所有这些警告中找到有趣的东西？ 他应该看什么数字？ 这些是错误的问题。 您只需要禁用MISRA集。 这是为嵌入式设备编写质量代码的标准。 该标准的重点是使代码极其简单易懂。 不要尝试在不合适的地方应用它。

Note. Yes, MISRA has rules designed to identify real bugs. Example: V2538 — The value of uninitialized variable should not be used. But don't be afraid to disable the MISRA standard. You're not going to lose anything. The real errors will still be found as part of the General Diagnostics (GA). For example, an uninitialized variable will be found by the V614 diagnostic.

注意。 是的，MISRA具有旨在识别实际错误的规则。 示例： V2538 —不应使用未初始化的变量的值。 但是不要害怕禁用MISRA标准。 您不会失去任何东西。 实际错误仍将在常规诊断(GA)中找到。 例如， V614诊断程序将找到未初始化的变量。

第2步 (Step 2)

Any static analyzer issues false positives at the first runs and requires some configuring. Nothing can be done about it, but it's not as scary as it may seem. Even a simple quick setting allows you to remove most false positives and start viewing a quite relevant report. I won't talk more about it, as I have written about it many times, for example, in this article: "Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, 10-15% of False Positives".

任何静态分析仪在首次运行时都会发出误报，并且需要进行一些配置。 它无能为力，但没有看起来那么可怕。 即使是简单的快速设置，也可以消除大多数误报并开始查看非常相关的报告。 我将不做更多讨论，例如，在本文中，我已经写过很多篇文章：“ 以EFL核心库为例，PVS-Studio Analyzer的特征，误报的10-15％ ”。

Spend a little time disabling obviously irrelevant warnings and fighting against false positives related to macros. Generally speaking, macros are the main reason of false positives, as a warning appears in all cases when a poorly implemented macro is used. To suppress warnings in macros, you can write comments of a special type next to their declaration. The more of comments format is covered in the documentation.

花一点时间禁用明显不相关的警告，并与宏相关的误报作斗争。 一般而言，宏是误报的主要原因，因为在使用错误实现的宏的所有情况下都会出现警告。 要禁止在宏中显示警告，您可以在其声明旁边编写特殊类型的注释。 文档中包含更多注释格式。

Yes, the initial setting will take a little time, but will drastically improve the perception of the report by eliminating the distracting noise. Take some time to do it. If there are any difficulties or questions, we are always ready to help and tell you how to set up the analyzer in the best way. Feel free to write and ask us questions.

是的，初始设置将花费一些时间，但是会消除干扰性，从而极大地改善报告的感知度。 花一些时间来做。 如果有任何困难或疑问，我们将随时为您提供帮助，并告诉您如何以最佳方式设置分析仪。 随时写信和问我们问题。

第三步 (Step 3)

Start viewing warnings from Level 1. Only after it watch 2 and 3. Warning levels are nothing more than the veracity of a warning. Warnings of the Level 1 are more likely to indicate an actual error than warnings of the Level 2.

从级别1开始查看警告。只有在看到级别2和3之后，警告级别仅是警告的准确性。 级别1的警告比级别2的警告更有可能指示实际错误。

You can say, when you choose to «watch Level 1,» you press the «watch the most interesting errors» button.

您可以说，当您选择“观看1级”时，您按下了“观看最有趣的错误”按钮。

In more detail, the classification of PVS-Studio warnings by levels is described in the article "The way static analyzers fight against false positives, and why they do it".

在文章“ 静态分析器对抗误报的方式以及为什么这样做的原因 ”一文中，对PVS-Studio警告进行了更详细的分类。

那么为什么没有列表呢？ (So why isn't there a list?)

However, the idea of having a list of the most useful warnings may still seem reasonable. Let me show you in a practical example that the usefulness of a diagnostic is relative and depends on the project.

但是，列出最有用的警告的想法似乎仍然合理。 让我在一个实际示例中向您展示诊断的有用性是相对的，并且取决于项目。

Let's consider the V550 warning. The warning detects a potential error related to the fact that in order to compare numbers with a floating-point the operators == or != are used.

让我们考虑一下V550警告。 该警告检测到与以下事实有关的潜在错误：为了将数字与浮点数进行比较，使用了运算符==或！=。

Most of the developers I've talked to, think that this diagnostic is useless and they disable it because all its triggerings for their project are false. That's why this diagnostic has low level of certainty and relates to the Level 3.

我与之交谈过的大多数开发人员都认为该诊断是无用的，因此他们将其禁用，因为其对项目的所有触发都是错误的。 这就是为什么此诊断的确定性较低且与级别3相关的原因。

Indeed, in most applications, float/double types are used in very simple algorithms. Often the comparison with the constant is used solely to check if a certain value is set by default, or whether it has changed. In this case, the exact check is quite appropriate. I'll explain it with pseudo-code.

实际上，在大多数应用中，浮点/双精度类型用于非常简单的算法中。 通常，与常数的比较仅用于检查默认情况下是否设置了某个值，或者该值是否已更改。 在这种情况下，确切的检查是非常适当的。 我将用伪代码解释它。

float value = 1.0f;
if (IsUserInputNewValue())
  value = GetUserValue();
if (value == 1.0f)
  DefaultBehavior();
else
  Foo(value);

Here the comparison (value of 1.0f) is correct and safe.

这里的比较(值为1.0f)是正确和安全的。

Does this mean that the V550 diagnostic is uninteresting? No. It all depends on the project. Let me quote a snippet from the article "How We Tried Static Analysis on Our X-Ray Endovascular Surgery Training Simulator Project", written by our user.

这是否意味着V550诊断程序没有兴趣？ 否。这完全取决于项目。 让我引用用户写的文章“ 我们如何尝试对X射线血管内外科手术训练模拟器项目进行静态分析 ”的摘录。

So, what our static analyzer pays attention to here:

因此，我们的静态分析仪要注意的是：

V550 An odd precise comparison: t != 0. It's probably better to use a comparison with defined precision: fabs(A — B) > Epsilon. objectextractpart.cpp 3401

V550一个奇怪的精确比较：t！=0。最好使用定义精度的比较：fabs(A — B)> Epsilon。 objectextractpart.cpp 3401

D3DXVECTOR3 N = VectorMultiplication(
VectorMultiplication(V-VP, VN), VN);
float t = Qsqrt(Scalar(N, N));
if (t!=0)
{
  N/=t;
  V = V - N * DistPointToSurface(V, VP, N);
}

Errors of such type repeat quite often in this library. I can't say it came as a surprise to me. Previously, I've met incorrect handling of numbers with a floating point in this project. However, there were no resources to systematically verify the sources. As a result of the check, it became clear that it was necessary to give the developer something to broaden his horizons in terms of working with floating point numbers. He's been linked to a couple of good articles. We'll see how things turn out. It is difficult to say for sure whether this error causes real disruptions in the program. The current solution exposes a number of requirements for the original polygonal mesh of arteries, which simulates the spread of X-ray contrast matter. If the requirements are not met, the program may fall, or the work is clearly incorrect. Some of these requirements are obtained analytically, and some — empirically. It is possible that this empirical bunch of the requirements is growing just because of incorrect handling of numbers with a floating point. It should be noted that not all found cases of using precise comparison of numbers with a floating point were an error.

这种类型的错误在该库中经常重复出现。 我不能说这让我感到惊讶。 以前，我在此项目中遇到了对带有浮点数的数字的错误处理。 但是，没有资源可以系统地验证来源。 作为检查的结果，很明显，有必要为开发人员提供一些在使用浮点数方面扩大视野的方法。 他与几篇好文章相关。 我们将看看结果如何。 很难确定该错误是否会导致程序真正中断。 当前的解决方案对原始的多边形动脉网提出了许多要求，这些要求模拟了X射线造影剂的扩散。 如果不满足要求，则程序可能会失败，或者工作显然不正确。 这些要求中有一些是通过分析获得的，而另一些是凭经验获得的。 正是由于对浮点数的不正确处理，这种经验性的要求增长了。 应该注意的是，并非所有发现的使用浮点数精确比较的案例都是错误的。

As you can see, what is not interesting in some projects is of interest in others. This makes it impossible to create a list of the «most interesting» ones.

如您所见，在某些项目中不感兴趣的是在其他项目中感兴趣的。 这样就不可能创建“最有趣的”列表。

Note. You can also set the level of warnings using settings. For example, if you think that the V550 diagnostic deserves close attention, you can move it from Level 3 to the 1 one. This type of settings is described in the documentation (see «How to Set Your Level for Specific Diagnostics»).

注意。 您也可以使用设置来设置警告级别。 例如，如果您认为应该密切关注V550诊断，则可以将其从3级移到1级。 文档中介绍了这种类型的设置(请参见《如何设置特定诊断的水平》)。

结论 (Conclusion)

Now you know how to start studying analyzer warnings by looking at the most interesting ones. And don't forget to look into the documentation to get a detailed description of warnings. Sometimes it happens that behind a nondescript, at first glance, warning lies hell. An example of such diagnostics: V597, V1026. Thank you for your attention.

现在您知道如何通过查看最有趣的警告来开始研究分析仪警告。 并且不要忘记查看文档以获得警告的详细描述。 有时，乍一看，警告是在地狱后面。 此类诊断的示例： V597 ， V1026 。 感谢您的关注。

翻译自: https://habr.com/en/company/pvs-studio/blog/457330/

pvs-stdio ue4