Usually limitations have two purposes. The first - to show a potential user that a static analyzer is able to find bugs in the code. The second - to prompt the user to communicate with us via e-mail so that we could help use the tool correctly. I am convinced that this interrelation is not clear yet, that's why I've decided to write this little note.
In the beginning - brief facts about the existing limitations. First of all - a person can see only the warnings of high severity. Secondly - there is a limited number of jump-clicks to the code the person can do.
Now let's go through these restrictions and have a look at the reasons behind them. All the stories are based on true facts. These restrictions aren't made up by a market manager, they resulted from long communication with potential clients and observations of the way people get acquainted with PVS-Studio.
The most common wrong behavior pattern: a programmer turns on all the warning settings to the maximum. This is our biggest pain. They enable all types of warnings (general-purpose, 64-bit ones, optimizations), all levels of warnings; some people even manage to find our custom-built warnings and turn them on.
Programmers explain it saying that they want to see everything that the analyzer is capable of. And this is totally wrong. A right aim would be to see how the analyzer can be beneficial for the project. That is, first of all you should see that the analyzer can find real errors in the code. By turning all the warnings to the maximum, you have a chance to drown in the large amount of warnings. Having looked through 20-30 uninteresting warnings people lose interest. Most likely, the stage of familiarizing with the tool will end at this point. If we cut the number of warnings that the person can see, the probability to see really serious errors increases. Then the programmer will treat the tool differently. He will try to filter uninteresting warnings, customize the tool and learn about the ways to suppress false positives in macros and so on...
There is another point concerning a big amount of warnings. The programmer can be aware that he is looking at both high and low - severity warnings and he is ready to look through a big number of messages. The trouble is that he quickly takes one's eye off the ball. Roughly speaking, having looked at 10 warnings, he will most likely miss the eleventh one that will point to a real issue.
I hope the point about the level of warnings is clearer now. Now let's speak about the number of jump-clicks to the code.
When a user is run out of the "jump-clicks", the program will offer to fill in a small form with contact details that we use to find out if we can help with anything else. After that the user gets another portion of "clicks".
What's the point in contacting us? First of all, we can give a temporary key for a closer look at PVS-Studio. By this moment the programmer got used to the tool, found bugs in his code and now he is ready to see the warnings of other levels.
Secondly, what's important, that we want to help a person get familiar with PVS-Studio. You cannot even imagine, how big is the amount of ways to use this tool incorrectly. I'll bring some examples here.
Someone may have a "nasty macro" and the analyzer issues a lot of meaningless warnings. That's how the person loses his "clicks" going to the code fragments. After that, asking a question "Is everything fine?", we get something like:
It's awful. How in the world people use this analyzer. I am sick of looking at the warnings of the Vxxx number.
This is when we help telling the person about various ways to suppress the warnings in macros or that the person can just turn off this diagnostic, for a start.
Another person complains that the warnings issued for the third-party libraries really bother him.
Then we give a hint that such warnings can be disabled in two clicks. Really, it's just 2 clicks.
In both cases we helped to make the life easier. If there was no communication, those people would continue thinking how terrible the analyzer is. And most likely won't even consider getting the license fot the tool.
Here is what we can say to those who aren't new to the static analysis tools. It's all very simple. Contact us and we'll give you a temporary key to investigate the analyzer.
0