IntelliJ IDEA, ReSharper, SonarLint and SonarQube find the same errors as PVS-Studio - well, why do we need PVS-Studio?

    Picture 1Sometimes people ask a question that, at first glance, is about one thing, but actually about another. As they say, a well-posed question contains half the answer.

    The other day, I returned from the JPoint conference , at which our new PVS-Studio analyzer for Java was first introduced. Interest in static analysis has been growing rapidly in the past few years, so the audience took PVS-Studio with a bang. In addition to positive feedback, of course, I had to work with objections. The most common objection to the offer to try PVS-Studio is: “Come on, why should we try PVS-Studio? We use IntelliJ IDEA, ReSharper, SonarLint and SonarQube. So we recently launched PVS-Studio, and he found errors that IntelliJ IDEA highlights already! ”

    I just can not help but write a small note-response to this comment. More precisely, I even have two answers to this objection. And yes, I specifically pointed out ReSharper here, since such questions also apply to our analyzer for C #. Well, I’ll answer with pleasure.

    Firstly, we DO NOT do PVS-Studio by copying competitor diagnostics. Blind copying without understanding the essence leads nowhere. The value of static code analysis, the value of its diagnostics is not where to throw an error. And where it is NOT to give out. For each of our diagnostics, we have 10, 20, or even more exceptions, when it is not necessary to trigger. Copying diagnostics from other products only according to their description in the documentation is like trying to build the same building using one photograph. Strongly the photo of the Coliseum will help you if all of a sudden the “gods make” you build the same?

    Therefore, we never copy. “But you have the same diagnostics!” - you say. Of course have. The ideas of many mistakes lie on the surface. This is absolutely obvious. But often diagnostics with the same description even behave differently.

    In other words, if you use any of the products indicated in the header, then when starting PVS-Studio it may very well be that you will find a bunch of NEW errors that were not detected by other products. The experience of our customers and the experience of checking open projects confirms this.

    Secondly, even if you use IntelliJ IDEA, ReSharper and SonarLint / SonarQube, and they find the same errors in your code as PVS-Studio, then I have bad news for you. You use tools that find errors, OK. But why does PVS-Studio find bugs in your code that seem to be found by all these tools? Why when using tools that "just like PVS-Studio will find everything", the errors are not fixed? Maybe these tools ALLOW them not to be edited?

    Both IntelliJ IDEA, ReSharper and SonarLint with SonarQube are very good tools. They are made by highly qualified teams. And if you use them, you are doing everything right. The higher the level of engineering culture on the project, the better for the business.

    But if all these tools “find the same errors as PVS-Studio” and the errors are still in the code, then you are doing something wrong. Implement a team practice such as regular use of PVS-Studio. And then the errors will not only be found, but also corrected. Implementation of PVS-Studio will FORCES developers to correct errors. And not just find them.



    If you want to share this article with an English-speaking audience, then please use the link to the translation: Evgeniy Ryzhkov. IntelliJ IDEA, ReSharper, SonarLint and SonarQube find the same errors, as PVS-Studio - so why do we need PVS-Studio?

    Also popular now: