Static Analysis in C++

Well maybe it has been 4 years since this video has been uploaded, so its prob outdated ady. However, you could mention a teensy bit more on how to actually make pvs studio run on windows, cause personally i had to do quite a bit of research before even getting to the code part, well its just my opinion so yeah, the video is still helpful, thanks

pvs is free for students and teachers

If only it were free software...

Thank you. Can you demo any interesting find by PVS-Studio in a multithreaded C/C++ app?

Jesus, 5 mins of nonsense speaking before going to a code

Well, yeah it spotted a typo in the copy-pasted loop with y++, but wow, it couldn't even detect an obvious memory leak!

So I used PVS-Studio extension in MVS, and it suggested that I replace my std::vector<std::pair<int, float>> with an std::array instead as the size was known at compile time.
I said, alright, let me do just that... Switching over to use std::array<std::pair<int, float>, 21> now instead gives me an error: "incomplete type is not allowed"... Looking up solutions for similar issues with using an array and pair only says to add more curly brackets, but this doesn't seem to help... Any pointers?

Nested for loop bugs... I learned how to use gdb's hardware breakpoints because of a nested for loop bug in the quake source code (a month or two after id released the source code). Specifically, it was in the updating of beams (lightning gun). It took me a few days to figure everything out (programming in Linux was still new to me, gdb very new, and quake was pretty big (I now know it like the back of my hand))

Gotta say; damn these are enjoyable.

A tip to avoid the classic copy and paste and forgetting the old variable name error... You can just select the lasted portion of code and search and replace text only within the selected portion of text in Visual Studio, or VSCode... And probably many other editors.
Just press Ctrl+F and there is a little button to enable it (probably with a shortcut that I don't remember), it will only highlight the matches inside the selected text so you can be sure... Pretty useful seems like a lot of people don't know about it tho

PVS Studio do not sell single-user licenses,

Le frère caché d'Antoine Daniel

where can i get a 5000 line single file c++ code? i need it for static and dynamic analysis practice.

I can tell you have a very clear and organized mind.

With how cheap compute is, I think you should be running a spell check and logical analyser. Spelling matters esp for public member functions that you’re defining. I’ve seen this a few times where someone spells the member wrong and this causes issues in dependencies.

Sometimes listening to some "cpp talks", they are always saying "Static Analysis" to be used quite often, I thought it's a programming technique but now some misplaced memories in my brain will find the right places. Thank you!

Not C++, but I would never ever write a bash script without shellcheck anymore. It's soooo good.

please also list what are the disadvantages when using PVS tudio

There are many free tools but not so many great tools for VS integration.
I mean, VS has it's own rules for static analysis but I feel it lacks interactive feeling with the user.

Clang tidy and C++ Check are free tools to use as well. (I like C++ Check, it's awesome).

Hold on... Do actual native-speaking adults use spellcheckers? Is that not a meme?

Summary: You need static analysis tool for your program as much as you need spell checker for your document. Here are some example usage of PBS (static analysis tool) for your program.

26 video cuts in first 5 minutes

Less bugs? How about unit tests? :)

I am seriously surprised to learn that in the Visual Studio world this is not taken for granted. I'm coming from JetBrains IDEs and they have all of those nice features built-in without question. And a very sophisticated and granular approach to warning levels as well; you can basically customize everything. To see that Visual Studio is only able to do all this nice stuff only by depending on 2 (paid) extensions (Visual Assist and PVS) while at the same time being the most buggy and unstable software I ever had on a computer is pretty sad. Especially considering its age and development time advantage. You'd expect it to be mature, but it is not. At work I am forced to use it and it gets in my way wherever possible. Only after you learn to ignore like 70% of all IntelliSense errors since they are false-positives, your programming experience gets bearable.

Charno The GOAT!!!

I wish you had shown how to install PVS Studio. I cannot get it to work because it keeps stating the license is not valid (or has not be activated?).

angenommen ich nutze VS 2017, was diesen Extension Button im Menü nicht besitzt. Wie starte ich PVS-Studio in Visual Studio nach der Installation. Das Ausführen der exe lässt ja nur ein kleines Infofenster aufgehen. Ist PVS ohne Visual Studio 2019 nutzbar?

Little advice for static analyzer users: they complement each other (e.g., I use Resharper C++ and PVS-Studio together). Also, dynamic analysis is quite critical too! For example, PVS-Studio and Resharper C++ can't detect every memory leak, so you have to do some dynamic analysis to catch them. For example, in Visual Studio, you can expose memory leaks easily using a simple function (_CrtSetDbgFlag ( _CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF );
There exist static analyzers that can discover every bug: they are called "sound" static analyzers. Polyspace (by Mathworks) uses abstract interpretation to "prove the absence of certain run-time errors in source code for C/C++, and Ada," but it is computationally very expensive

Lol, that y was burning my eyes the moment he left it untouched... ><

What about buffer overflow inside 'for loops' : buffer[x+y*width] where buffer size = width*height.
Can it detect this one?

Visual Studio comes with built-in static analysis tools: Analyze, Run Code Analysis, On Solution. It would be nice if you make a video comparing them.

Cherno, huge thanks for this video, not only was it informative, but more importantly it managed to knock my 4 year old out for the night.
Great stuff 👍🏾

It doesn't detect the memory leaks. You can avoid the first error by stop copying code. If you copy because it's too much to type it should probably be refactored instead of copied. The second one can be solved by not using c functions and using string_view/std::string instead. That said, their blog is useful and it's embarrassing how many errors they can find :)

I want video end full music theme...

Strings are automatically null-terminated, so no need to explicitly add it at the end.

This was probably the first brand deal ever that offered something I am actually really interested in. Good job.

Can this be used as part of Continuous Integration? (as in, a server runs static analysis?) Because a static analyzer I’m trying out now (cppcheck) is taking a very long time. ‘Seems like a good candidate for CI, no?

I'm a little disappointed that you didn't mention clang-tidy, or clangd (which includes clang-tidy) in this video. I get that this was a sponsored video, but I think you should be fair and mention the free and open-source tools here.

Good advertisement for PVS studio. Instead you can use clang-static -analyzer

how i didn't know u befor e wtf just thx

1st 4 minutes were so interesting.. so informative 😇

isnt using "new" in c++ meant to be frowned upon ?

Hey Cherno! Can you make video about cache misses optimisation?

I'm looking for a tool that will better help with syntax errors. Any suggestions?

Truly love your cpp series. Could you make some video about cmake?

PVS studio doesn't seem to have a single user license. Doesn't matter, I never buy anything if I can't see the price right away.

All jetbrains products to that out of the box. They also automatically highlight such mistakes, which saved me lots of headaches in the past years

Cherno could you explain clang-tigy usage ?