A few more words about the PVS-Studio V751 diagnostic (parameter is not used inside function’s body)

After we posted a small note, “Everybody makes mistakes when writing comparison functions”, we got an active discussion at the Hacker News website. Unfortunately, in the original note, I did not talk about how the diagnostic, that detected the error in OpenSSL, worked.

So I want to add an explanation. As I see from the comments, many of you thought that the PVS-Studio analyzer warns about a function’s unused argument. That’s not quite so. Or, to be precise, this is so, but the analyzer processes this case smarter than most linters or compilers.

It’s a bad idea to program an analyzer so that it just issues a warning to unused arguments. Such analyzer would produce many false positives, which is why many developers don’t look at (or disable) these warnings in their compilers/analyzers.

The PVS-Studio analyzer implements sort of empirical “magic”. PVS-Studio relies on the fact that there are arguments of the same type and some of them are not used, while the other ones are used several times. At the same time, there are a number of exceptions to the rule. For example, the diagnostic is not triggered if the number of unused arguments exceeds two.

All this allows the V751 diagnostic to issue few false positives, which makes the tool surpass its competitors. To be exact, when developing PVS-Studio, we do not implement rules if we cannot make them better than those of the compilers. Thanks to the diagnostic I described above, one can find interesting errors — like this one.

P.S. The PVS-Studio analyzer also provides a “stupid” version of this diagnostic — V2537. It was developed to check code against MISRA C and MISRA C++ standards. But the case above was special and by default this diagnostic was disabled — same as the other ones related to MISRA.