Firebird, MySQL 与 PostgreSQL 代码质量对比

Posted 2021-05-01 PostgreSQL中文社区

    今天看到一篇文章 - “Firebird, mysql 与 PostgreSQL 代码质量对比”-  关于三个开源 RDBMS 的静态分析比较。

    主要内容

• A few words about the projects

• Firebird

• MySQL

• PostgreSQL

• PVS-Studio

• Comparison criteria

• Why "head-on" comparison is not a good idea

• An alternative way

• Review of bugs

• Total analysis results

• Troubles with clearing private data

• No check for the pointer returned by malloc and other similar functions

• The use of a potential null pointer

• Potentially unsafe use of formatted-output functions

• Other warnings mentioned in the article on vulnerabilities

• Suspicious use of enumeration elements

• Incorrect determination of memory-block size

• Missing 'throw' keyword

• Calling the wrong memory-deallocation operator

• Summing it all up

    最终比较结果

    Summing up the demerit points, we get the following:

• Firebird: 1 + 1 + 2 = 4 points.

• MySQL: 3 + 1 + 2 + 2 + 2 + 2 = 12 points.

• PostgreSQL: 3 points.

    Remember: the fewer points, the better.And if you ask me (a person with a wicked taste), I'd prefer... MySQL! It has the most interesting bugs and it's the leader, which makes it a perfect choice for analysis!

    Firebird and PostgreSQL are trickier. On the one hand, even a one-point margin counts; on the other hand, it's quite a small difference, especially because that point was given for a V768 warning of the medium-certainty level... But then again, the codebase of PostgreSQL is way larger, yet it issued four hundred warnings at its automatically generated code...

    Anyway, to figure out which of the two projects, Firebird or PostgreSQL, is better, we'd have to do a more thorough comparison. For now, I put them on one podium place so no one is offended. Maybe one day we'll compare them again more carefully, but it will be quite a different story...

So, the code-quality rankings are as follows:

• 1 place - Firebird and PostgreSQL.

• 2 place - MySQL.

  
  

  
  

    Please remember that any review or comparison, including this one, is subjective. Different approaches may produce different results (though it is mostly true for Firebird and PostgreSQL, but not for MySQL).

    So what about static analysis? I hope you are convinced now that it is useful for detecting defects of various types. Want to find out if your codebase has any of those bugs? Then it's the right time to try PVS-Studio! You write perfectly clean code? Then why not check your colleagues' code? ;)