static analysis

Why it is important to apply static analysis for open libraries that you add to your project

If there are several options, it is useful to take time to analyze open libraries in order to choose the best one.

Why it is important to apply static analysis for open libraries that you add to your project

by Andrey Karpov

From the article:

Because of a typo, the original vector is returned, not the new scaledVector container. The same error occurs in the division operator. Facepalm. Again, these errors don't mean anything separately. Although, this is a hint that this library isn't used much and there is highly likely that there are other serious undetected errors in it.

Why Static Analysis Can Improve a Complex C++ Codebase

Gradually and imperceptibly we get the situation when C++ projects’ complexity becomes extreme. Unfortunately, now a C++ programmer can’t be on his own.

Why Static Analysis Can Improve a Complex C++ Codebase

by Andrey Karpov

From the article:

Analyzers know more than even professional developers. It has become too difficult to take into account and remember all the nuances when writing code. For instance, if you haven’t specifically read about it, you’ll never guess that calls to memset function for clearing private data sometimes disappear, as from a compiler’s point of view, a call to memset function is redundant. Meanwhile, it is a serious security defect CWE-14 that is detected literally everywhere.