pvs-stdio ue4
A PVS-Studio team and our product make a great contribution to upgrading of software quality. Moreover, in addition to detecting errors in closed and open source projects, there is an indirect contribution to the development of compilers and other tools of code analysis. We are pleased that in some cases we are trendsetters and we decided to dedicate a small note to this in our blog.
PVS-Studio团队和我们的产品为提升软件质量做出了巨大贡献。 此外,除了检测封闭和开源项目中的错误外,对编译器和其他代码分析工具的开发也有间接的贡献。 我们很高兴在某些情况下可以成为潮流引领者,因此我们决定在博客中对此做些说明。
PVS-Studio is a static code analyzer for detecting errors and potential vulnerabilities in source code of programs, written in C, C ++, C# and Java.
PVS-Studio是一款静态代码分析器,用于检测用C,C ++,C#和Java编写的程序源代码中的错误和潜在漏洞。
To popularize the methodology of static code analysis and our tool, we write articles on checks of various open projects. In addition, we check various compilers once in a while. For example, we've tested and found bugs in projects such as: GCC, LLVM, PascalABC.NET, Roslyn.
为了普及静态代码分析的方法和我们的工具,我们撰写了有关各种开放项目检查的文章。 此外,我们会不时检查各种编译器。 例如,我们已经测试并发现了GCC,LLVM,PascalABC.NET,Roslyn等项目中的错误。
More than once we've come across an interesting fact. As soon as we check, let's say, LLVM or GCC, a couple of new diagnostics appear in these compilers in the next or in the next but one release. And they detect errors that PVS-Studio managed to find in their code :). Unfortunately, we haven't noted the dates and links to corresponding improvements, so you'll have to take our word for it. Various C++ compilers borrow some of our diagnostics and we think it's perfectly normal, right and useful!
我们不止一次遇到一个有趣的事实。 假设我们检查LLVM或GCC,就会在下一个或下一个发行版中的这些编译器中出现几个新的诊断程序。 他们检测到PVS-Studio设法在其代码中找到的错误:)。 不幸的是,我们没有注明日期和相应改进的链接,因此您必须信守承诺。 各种C ++编译器借用了我们的一些诊断信息,我们认为这是完全正常,正确和有用的!
In addition to C++ compilers, C# analyzers have also started adopting ideas of our diagnostics. Which means, the C# analyzer, implemented in PVS-Studio, has become another lodestar! It's nice and cool to be aware of it.
除了C ++编译器之外,C#分析器也已开始采用我们的诊断思想。 这意味着,在PVS-Studio中实现的C#分析器已经成为另一位传奇人物! 意识到这一点很高兴也很酷。
In this case, I can track how it happened, let's say, in real time. On August 13, 2019 we posted a large article on the check of .NET Core Libraries (CoreFX). Among other things, this article describes an error pattern related to usage of interpolated strings (see the V3138 diagnostic). CoreFX developers took an interest in our publication and began to correct the errors we found. And on August 14, they got to the errors we found related to these very interpolated strings: Fix a few missing $s for string interpolation in tracing.
在这种情况下,我可以实时跟踪它的发生情况。 在2019年8月13日,我们在.NET Core库(CoreFX)的支票上发布了一篇大文章 。 除其他外,本文描述了与插值字符串的使用有关的错误模式(请参阅V3138诊断)。 CoreFX开发人员对我们的出版物很感兴趣,并开始纠正发现的错误。 并且在8月14日,他们发现了我们发现的与这些非常内插的字符串有关的错误: 修复了在跟踪中用于字符串内插的一些缺失的$ s 。
Here starts the most interesting part. In that very day, a new task appeared in the Roslyn Analyzers project on implementing a new diagnostic "New rule: Interpolated strings that are missing the $ special character #2767", related right to errors, fixed in CoreFX. We're so glad that our efforts turned out to be useful for CoreFX developers and our diagnostics have become a role model for Roslyn Analyzers developers. It is a bit unfortunate that the PVS-Studio tool isn't mentioned anywhere in the discussion. It seems as if they found those errors and came up with the idea to make diagnostics themselves. Of course, we would be flattered, if we were mentioned as the original source. Well, that's fine.
从这里开始最有趣的部分。 那天,Roslyn Analyzers项目中出现了一项新任务,该任务是实施新的诊断“ 新规则:缺少$特殊字符#2767的插值字符串”,该字符串与错误相关,已在CoreFX中修复。 我们很高兴我们的努力对CoreFX开发人员有用,而我们的诊断已成为Roslyn Analyzers开发人员的榜样。 不幸的是,讨论中没有提到PVS-Studio工具。 似乎他们发现了这些错误并提出了自己进行诊断的想法。 当然,如果我们被提及为原始来源,我们将感到受宠若惊。 好吧,那很好。
Why did we decide to write about all this? We are very pleased and we are even a bit proud of ourselves! By studying our experience, other compilers implement new diagnostics, it improves the quality of developed software as a whole. I understand that we aren't the only one who influence the development of compiler's error-finding capabilities. However, we are pleased to know that we are contributing to this process.
我们为什么决定写所有这一切? 我们感到非常高兴,甚至为自己感到骄傲! 通过学习我们的经验,其他编译器可以实施新的诊断程序,从而提高了整体开发软件的质量。 我知道我们并不是唯一一个影响编译器错误查找功能开发的人。 但是,我们很高兴知道我们正在为这一过程做出贡献。
Are we concerned that other tools are gradually learning to find the same bugs as PVS-Studio? No. Our tool exists and is sold right for the reason that we are always ahead of compilers' capabilities. Our purpose is to always stay ahead. The awareness that someone is constantly making up for us doesn't leave us the right to relax, and it benefits everyone. In addition, it should be understood that PVS-Studio is not only warnings, but also:
我们是否担心其他工具正在逐步学习发现与PVS-Studio相同的错误? 不会。我们的工具存在且销售正确是因为我们始终领先于编译器的功能。 我们的宗旨是始终保持领先。 有人不断为我们补偿,这一认识并不能使我们享有放松的权利,它会使所有人受益。 另外,应该理解,PVS-Studio不仅是警告,而且:
- Fast high-quality support (only programmers respond to mail); 快速的高质量支持(仅程序员响应邮件);
- Integration with Visual Studio, IntelliJ IDEA, SonarQube, Jenkins, IncrediBuild; 与Visual Studio,IntelliJ IDEA,SonarQube,Jenkins,IncrediBuild集成;
- The ability to use the tool both locally and in the cloud (Docker, Travis CI); 具有在本地和云中使用该工具的能力(Docker,Travis CI);
- Tools to integrate analysis into big old projects (Mass Suppression); 将分析整合到大型旧项目中的工具(质量抑制);
- Detailed documentation with examples for each error pattern; 详细的文档以及每种错误模式的示例;
- The mechanism for sending mails to developers (BlameNotifier); 向开发人员发送邮件的机制(BlameNotifier);
- Compiler runs monitoring (Compiler Monitoring); 编译器运行监视(Compiler Monitoring);
- And so on. 等等。
Thank you for your attention. Hopefully, you share our joy for PVS-Studio. Try our analyzer for continuous code quality control of your projects.
感谢您的关注。 希望您与我们分享PVS-Studio的喜悦。 尝试使用我们的分析器对您的项目进行连续的代码质量控制。
Additional links:
附加链接:
Technologies used in the PVS-Studio code analyzer for finding bugs and potential vulnerabilities.
pvs-stdio ue4
扫一扫
719
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
