It is common to take a sort of smug satisfaction in reports of colossal failures of automatic systems, but for every failure of automation, the failures of humans are legion. Exhortations to “write better code” plans for more code reviews, pair programming, and so on just don’t cut it, especially in an environment with dozens of programmers under a lot of time pressure. The value in catching even the small subset of errors that are tractable to static analysis every single time is huge.
I noticed that each time PVS-Studio was updated, it found something in our codebase with the new rules. This seems to imply that if you have a large enough codebase, any class of error that is syntactically legal probably exists there. In a large project, code quality is every bit as statistical as physical material properties – flaws exist all over the place, you can only hope to minimize the impact they have on your users.
In case you were wondering, static code analysis is what you can find out about what's wrong without running the program.
Fair warning: as is sometimes the case, I'm posting this because it sounds interesting and reasonable, not because I'm able to evaluate the technical details.
Link thanks to andrewducker.
This entry was posted at http://nancylebov.dreamwidth.org/519941.html. Comments are welcome here or there. comments so far on that entry.