本文探讨了PVS-Studio与其他代码分析工具如IntelliJ IDEA、ReSharper、SonarLint和SonarQube的区别。尽管这些工具可能发现相似的错误,但PVS-Studio的独特之处在于它不仅发现错误,还促使开发者修复这些错误,提升代码质量。
Sometimes people ask the question, which addresses a certain topic but is actually about another thing. As the saying goes, a competently asked question contains half the answer. 有时人们会问这个问题,这个问题解决了某个主题,但实际上是关于另一件事。 俗话说,一个有能力的问题包含一半的答案。
Recently I've returned from the JPoint conference, where we first presented our new PVS-Studio analyzer for Java. Interest in static analysis is growing strongly in the last few years, so the audience perceived PVS-Studio enthusiastically. In addition to the positive feedback, as it happens, we had to handle objections. The most frequent objection to the suggestion to try PVS-Studio sounds something like this: «C'mon, why do we try PVS-Studio? We use IntelliJ IDEA, ReSharper, SonarLint and SonarQube. We've run PVS-Studio recently and it found errors, already highlighted by IntelliJ IDEA!»
最近,我从JPoint会议上回来了,在该会议上我们首先展示了用于Java的新型PVS-Studio分析器。 在最近几年中,对静态分析的兴趣Swift增长,因此观众对PVS-Studio充满热情。 除了积极的反馈,我们还必须处理异议。 对于尝试使用PVS-Studio的建议,最常见的异议是这样的:«来吧,为什么我们要尝试PVS-Studio? 我们使用IntelliJ IDEA,ReSharper,SonarLint和SonarQube。 我们最近运行了PVS-Studio,发现了错误,IntelliJ IDEA已突出显示该错误!»
I just can't help but write a small reply note to this comment. I even have two responses to this objection. And yes, I intentionally stated ReSharper, as there are some questions to our C# analyzer as well. Well, here comes the answer.
我不禁对此评论写一个简短的答复说明。 对于这个异议,我什至有两个回应。 是的,我故意对ReSharper说,因为我们的C#分析器也有一些问题。 好吧,答案来了。
Firstly, we DO NOT make PVS-Studio by copying diagnostics of competitors. Blind copying without understanding the point leads nowhere. The value of static code analysis, the value of its diagnostics is not where to issue a warning. It is where NOT to issue a warning. We have 10, 20 and even more exceptions for each diagnostic when it mustn't trigger. To copy diagnostics from other products just by their description in the documentation is the same as to construct a similar building by a photo. Will the Coliseum photo be of use if «gods make» you build the same one?
首先,我们不会通过复制竞争对手的诊断程序来制作PVS-Studio。 不了解要点而盲目复制无济于事。 静态代码分析的价值,其诊断价值不在发出警告的位置。 在这里不发出警告。 当每个诊断不能触发时,我们有10、20甚至更多的异常。 仅通过文档中的描述来复制其他产品的诊断,与通过照片构造类似的建筑物相同。 如果“神使”能造出相同的照片,大剧场的照片会有用吗?
So we never copy. «But you have similar diagnostics!» — you would say. Of course, we do. The concepts of many errors lie on the surface. It is absolutely obvious. But frequently, diagnostics with the same descriptions even behave differently.
因此,我们永远不会复制。 «但是您有类似的诊断!» -你会说。 当然可以。 表面上有许多错误的概念。 这是绝对显而易见的。 但通常,具有相同描述的诊断甚至表现不同。
In other words, if you use one of the these products in the header, you will most likely find a bunch of NEW errors when running PVS-Studio which haven't been detected by other products. Both our customers' feedback and our own experience of checking open source projects confirm this.
换句话说,如果您在标头中使用这些产品之一,则很可能会在运行PVS-Studio时发现一堆新错误,而其他产品尚未检测到这些错误。 客户的反馈和我们检查开源项目的经验都证实了这一点。
Secondly, even if you use IntelliJ IDEA, ReSharper, and SonarLint/SonarQube and they find the same errors as PVS-Studio in your code, I have bad news for you. You use tools that find errors, OK. Why does PVS-Studio find errors in your code which seem to be found by other tools? Why usage of tools, which will «detect everything the same as PVS-Studio will» still doesn't help to fix the errors? Maybe these tools just LET them stay without fixing?
其次,即使您使用IntelliJ IDEA,ReSharper和SonarLint / SonarQube并且它们在您的代码中发现与PVS-Studio相同的错误,但对您来说还是个坏消息。 您使用发现错误的工具,确定。 为什么PVS-Studio在您的代码中发现其他工具似乎发现的错误? 为什么使用“检测到与PVS-Studio相同的一切”工具仍然无法解决错误? 也许这些工具只是让它们停留而不修复?
IntelliJ IDEA, ReSharper, SonarLint and SonarQube are great tools without exceptions. Very highly skilled teams are making them. If you use them — you do the right thing. The higher the level of the the engineering culture — the better for business.
IntelliJ IDEA,ReSharper,SonarLint和SonarQube是出色的工具,无一例外。 高技能的团队正在使他们。 如果您使用它们-您做对了。 工程文化水平越高,对业务越好。
However, if all these tools find «the same errors as PVS-Studio», but errors are still in the code, you do something wrong. Introduce such practice as the regular usage of PVS-Studio in a team. This way, errors will be both found and fixed. Introduction of PVS-Studio WILL MAKE developers fix the bugs. But not just find them.
但是,如果所有这些工具都发现“与PVS-Studio相同的错误”,但是错误仍然存在于代码中,则说明您做错了什么。 介绍团队中常规使用PVS-Studio之类的做法。 这样,将发现并修复错误。 PVS-Studio的引入将使开发人员修复错误。 但不仅仅是找到他们。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
