Static code analysis of the PMDK

Posted August 20, 2020         « Previous post    

Introduction

In the PMDK team, we focus on the quality of our codebase. One of the standard practices in the software development is a static code analysis, which improves the overall project quality and fixes bugs in the early stage of development. Since there is no silver bullet for avoiding bugs, we already use two different static analysis tools and many runtime checkers e.g. valgrind. Improving static analysis effectiveness is a separate academic problem. What is worth mentioning is the fact that different tools take a various approach. With combined advantages of Open Source projects such as transparency and reliability, as well as a new static analysis tool, we get a new bag of tricks and a fresh look to an old problem :).

PVS-Studio

PVS-Studio is a static-analysis tool for detecting bugs and security weaknesses in the source code of programs. What distinguishes PVS-Studio is their comprehensive support for open-source projects. After a quick e-mail exchange, the PVS-Studio team agreed to perform an analysis of the PMDK project. The analysis is available in this post.

Summary

PVS-Studio managed to find a couple of issues, which were not previously detected; we analyzed detected bugs and addressed changes in the following Pull Request. From my experience, I highly recommend cooperating with the PVS-Studio team - excellent support and quick response time allows us to improve the PMDK project. See PVS-Studio yourself :)



Posted by @michalbiesek         « Previous post