

Pre-New-Year Check of PostgreSQL - AndreyKarpov
http://www.viva64.com/en/b/0227/

======
JoelJacobson
OK, so I've fixed three of the bugs, not sure about how/if to fix the others.

[http://www.postgresql.org/message-
id/CAASwCXe2rQX66Wzw10KMEh...](http://www.postgresql.org/message-
id/CAASwCXe2rQX66Wzw10KMEhGB1C+hZWFEAvvm-VpRik6PpFAUZA@mail.gmail.com)
[http://www.postgresql.org/message-
id/CAASwCXfgFsMt31c1srj=Fs...](http://www.postgresql.org/message-
id/CAASwCXfgFsMt31c1srj=FsZbz5CC3AHjCkFU3KZNxds7OGQuEA@mail.gmail.com)
[http://www.postgresql.org/message-
id/CAASwCXeKeVpJi03mjzdY6A...](http://www.postgresql.org/message-
id/CAASwCXeKeVpJi03mjzdY6AUO0X7qUewX5YzQhSnP7Gj1BAoshQ@mail.gmail.com)

------
facorreia
This was a very interesting article for me. I find it amazing how even in a
codebase such as PostgreSQL's, which is very mature and values reliability,
data integrity, and correctness, errors like these could be found by a static
code analysis tool.

Some of the rules seem brilliant, like successive assignment detection.

------
raverbashing
Interesting

About the memset bug, I wonder if this couldn't be solved by some kind of
compiler directive in the function signature saying "you can't remove this"
(or something to that effect)

~~~
mitchty
Thats why C11 has memset_s. [http://www.open-
std.org/jtc1/sc22/wg14/www/docs/n1381.pdf](http://www.open-
std.org/jtc1/sc22/wg14/www/docs/n1381.pdf)

~~~
raverbashing
This is a good writeup, thanks

------
seunosewa
I wish they would do a MySQL check so we can compare it with this one.

~~~
dous
[http://www.viva64.com/external-pictures/txt/mysql-
test.txt](http://www.viva64.com/external-pictures/txt/mysql-test.txt)

~~~
raverbashing
Interesting

Disclaimer: I didn't check the code

But maybe the sizeof(buf) is right? - if you want the size of the pointer
(maybe if you're using wide chars?)

Especially since it's an 'Error_message_buf' type

EDIT: probably not, I'm thinking of sizeof(buf[0]), sizeof(buf) makes even
less sense, it's a bug unless someone has a very good reason for it

Amazing that the tool detects collections of similar blocks, it's not wrong
per se, but it's a common source of copy-paste bugs.

------
systems
if they dont put the price online, it must be very expensive

~~~
LinaLauneBaer
I don't know this tool but I imagine they want to make very individual prices.
They probably want to know who is interested in buying this tool before they
tell you a price. Also they probably have lot's of (complicated) pricing
models in mind and it would be too complicated to describe all the
possibilities on the website.

I have worked in a similar project myself. We developed a very specialized
tool for developers. Our boss decided that he did not want to mention prices
on the website at first. Once we did some people complained publicly about the
price although we invested months of development and the tool was pretty
neat...

In general I think it makes more sense to tell the prices upfront and try to
come up with a simple price model even if it means making compromises. You can
always have something like this on your website: "If you think you do not fit
in any price tier please contact us to find an individual price. The prices
listed are meant to show what we have in mind for the general customers."

I would love to know the reason why some people think not having prices is a
good idea. Care to elaborate?

~~~
spacemanmatt
Nutshell: Some clients expect a product with service and support behind it,
and they expect to pay for it. In fact, if your price doesn't obviously
include support you will be overlooked for not charging enough. Too low is not
a plausible price. They will have to be charged more than a startup that wants
to apply the tool using their own manpower and but for serious bugs, will
provide most of their own tech support.

