Today is an important day — after 28 releases of the sixth version we present our PVS-Studio 7.00, in which the key innovation is the support of the Java language. However, during 2018 we have acquired many other important changes related to C++, C#, infrastructure and support of coding standards. Therefore, we bring to your attention a note that sums up the major changes that have happened in PVS-Studio for the last time.
PVS-Studio
Static Code Analysis for C, C++, C# and Java
Show first
The best is the enemy of the good
11 min
1.2KThis article is the story how we once decided to improve our internal SelfTester tool that we apply to test the quality of the PVS-Studio analyzer. The improvement was simple and seemed to be useful, but got us into some troubles. Later it turned out that we'd better gave up the idea.
+39
Counting Bugs in Windows Calculator
11 min
42KA few days ago, Microsoft made the source code of their Windows Calculator publicly available. Calculator is an application that has traditionally shipped with every Windows version. A number of Microsoft projects went open-source over the recent years, but this time the news was covered even by non-IT media on the very first day. Well, it's a popular yet tiny program in C++. Despite its size, we still managed to find a number of suspicious fragments in its code using the PVS-Studio static analyzer.
+38
Checking the Roslyn Source Code
21 min
1.6KOnce in a while we go back to the projects that we have previously checked using PVS-Studio, which results in their descriptions in various articles. Two reasons make these comebacks exciting for us. Firstly, the opportunity to assess the progress of our analyzer. Secondly, monitoring the feedback of the project's authors to our article and the report of errors, which we usually provide them with. Of course, errors can be corrected without our participation. However, it is always nice when our efforts help to make a project better. Roslyn was no exception. The previous article about this project check dates back to December 23, 2015. It's quite a long time, in the view of the progress that our analyzer has made since that time. Since the C# core of the PVS-Studio analyzer is based on Roslyn, it gives us additional interest in this project. As a result, we're as keen as mustard about the code quality of this project. Now let's test it once again and find out some new and interesting issues (but let's hope that nothing significant) that PVS-Studio will be able to find.
+34
Searching for errors in the Amazon Web Services SDK source code for .NET
17 min
1.5KWelcome to all fans of trashing someone else's code. :) Today in our laboratory, we have a new material for a research — the source code of the AWS SDK for .NET project. At the time, we wrote an article about checking AWS SDK for C++. Then there was not anything particularly interesting. Let's see what .NET of the AWS SDK version is worth. Once again, it is a great opportunity to demonstrate the abilities of the PVS-Studio analyzer and make the world a bit better.
+34
MacOS 10.15 no longer supports 32-bit apps. What can you do?
2 min
1.8KOn October 7, 2019, Apple released a new version of its Mac operating system, macOS Catalina. Version 10.15 contains many changes and improvements. One of the significant is the complete phasing out of 32-bit applications. As a developer of such macOS apps, what can you do? That's right, port the app to the 64-bit platform. Will the application work properly from the first attempt? Perhaps, it's possible. Depends on the complexity and amount of the code. But most likely, developers will face a lot of non-obvious errors, which can previously detected using PVS-Studio.
+33
Scanning the code of Orchard CMS for Bugs
12 min
1KThis article reviews the results of a second check of the Orchard project with the PVS-Studio static analyzer. Orchard is an open-source content manager system delivered as part of the ASP.NET Open Source Gallery under the non-profit Outercurve Foundation. Today's check is especially interesting because both the project and the analyzer have come a long way since the first check, and this time we'll be looking at new diagnostic messages and some nice bugs.
+32
Configuration of the Warnings Next Generation plugin for integration with PVS-Studio
3 min
1.7KThe PVS-Studio 7.04 release coincided with the release of the Warnings Next Generation 6.0.0 plugin for Jenkins. Right in this release Warnings NG Plugin added support of the PVS-Studio static code analyzer. This plugin visualizes data related to compiler warnings or other analysis tools in Jenkins. This article will cover in detail how to install and configure this plugin to use it with PVS-Studio, and will describe most of its features.
+32
Handling Objections: Static Analysis Will Take up Part of Working Time
5 min
1KTalking to people at conferences and in comments to articles, we face the following objection: static analysis reduces the time to detect errors, but takes up programmers' time, which negates the benefits of using it and even slows down the development process. Let's get this objection straightened out and try to show that it's groundless.
+31
The story of how we changed the PVS-Studio icon
5 min
1.2KThe 7.0 release marked a new milestone in the history of the PVS-Studio analyzer — the analysis is now available not only for the code, written in C, C++, C#, but also in Java. In addition to this global improvement, some existing mechanisms for the analysis are refined and improved, diagnostic rules are added. There was another significant change that you could hardly missed. We changed the icon.
Note. In the article, you will not find cunning tricks or tips on designing icons. The purpose of the article is a bit different this time — it is to tell a story, and, if possible, make it interesting.
+31
Wanna Play a Detective? Find the Bug in a Function from Midnight Commander
5 min
6.5KIn this article, we invite you to try to find a bug in a very simple function from the GNU Midnight Commander project. Why? For no particular reason. Just for fun. Well, okay, it's a lie. We actually wanted to show you yet another bug that a human reviewer has a hard time finding and the static code analyzer PVS-Studio can catch without effort.
+31
PVS-Studio ROI
6 min
1.1KOccasionally, we're asked a question, what monetary value the company will receive from using PVS-Studio. We decided to draw up a response in the form of an article and provide tables, which will show how the analyzer can be useful. We cannot prove absolute accuracy of all calculations in the article, but we suppose the reader will agree with our thoughts, and it will help to make a decision in the matter of getting the license.
+31
PVS-Studio for Java
12 min
2.6KIn the seventh version of the PVS-Studio static analyzer, we added support of the Java language. It's time for a brief story of how we've started making support of the Java language, how far we've come, and what is in our further plans. Of course, this article will list first analyzer trials on open source projects.
+31
Support of Visual Studio 2019 in PVS-Studio
19 min
1.1KSupport of Visual Studio 2019 in PVS-Studio affected a number of components: the plugin itself, the command-line analyzer, the cores of the C++ and C# analyzers, and a few utilities. In this article, I will briefly explain what problems we encountered when implementing support of the IDE and how we addressed them.
+29
PVS-Studio in the Clouds: GitLab CI/CD
10 min
1.1KThis article continues the series of publications on usage of PVS-Studio in cloud systems. This time we'll look at the way the analyzer works along with GitLab CI, which is a product made by GitLab Inc. Static analyzer integration in a CI system allows detecting bugs right after the project build and is a highly effective way to reduce the cost of finding bugs.
+28
PVS-Studio Looked into the Red Dead Redemption's Bullet Engine
10 min
4.5KNowadays there is no need to implement the physics of objects from scratch for game development because there are a lot of libraries for this purpose. Bullet was actively used in many AAA games, virtual reality projects, various simulations and machine learning. And it is still used, being, for example, one of the Red Dead Redemption and Red Dead Redemption 2 engines. So why not check the Bullet with PVS-Studio to see what errors static analysis can detect in such a large-scale physics simulation project.
+28
Sixth Chromium Check, Afterword
6 min
2.2KAt the beginning of 2018 our blog was complemented with a series of articles on the sixth check of the source code of the Chromium project. The series includes 8 articles on errors and recommendations for their prevention. Two articles sparked heated discussion, and l still occasionally get comments by mail about topics covered in them. Perhaps, I should give additional explanations and as they say, set the record straight.
+28
On request of Embedded Developers: Detecting Errors in Amazon FreeRTOS
15 min
1.3KAnyone who programs microcontrollers probably knows about FreeRTOS, or at least heard of this operating system. Amazon developers decided to enhance the abilities of this operating system to work with AWS Internet of Things services. This is how Amazon FreeRTOS appeared. We, developers of the PVS-Studio static code analyzer, were asked by mail and in comments to check these projects. Well, now get what you asked for. Keep reading to find out what came out of it.
+27
Azure PowerShell: Mostly Harmless
17 min
826Hello, everyone. Today we have another Microsoft project on the check. By the title of this article, you can guess that this time developers didn't «please» us with a large number of errors. We hope the project's authors won't be offended by the title. After all, a small number of errors is great, isn't it? However, we still managed to find something intriguing in the Azure PowerShell code. We suggest getting to know the features of this project and checking out errors, found using the PVS-Studio C# analyzer.
+27
How the CSS markup fragment broke the C++ compiler
2 min
1.8KStatic analysis methodology involves various technologies. One of them is preprocessing files right before analyzing them. Preprocessed files are created by the compiler that runs in a special working mode. Unfortunately, our long-standing experience of developing a static analyzer shows that this mode is not great for testing. In this note, I'll give the example of a fresh bug in the C++ compiler from Microsoft.
+27