Pull to refresh
104.45
PVS-Studio
Статический анализ кода для C, C++, C# и Java
Show first

What's the Use of Dynamic Analysis When You Have Static Analysis?

Reading time6 min
Views2.9K
In order to verify the quality of software, you have to use a lot of different tools, including static and dynamic analyzers. In this article, we'll try to figure out why only one type of analysis, whether static or dynamic, may not be enough for comprehensive software analysis and why it's preferable to use both.

Рисунок 1

Read more →

Errors that static code analysis does not find because it is not used

Reading time5 min
Views1.9K
Readers of our articles occasionally note that the PVS-Studio static code analyzer detects a large number of errors that are insignificant and don't affect the application. It is really so. For the most part, important bugs have already been fixed due to manual testing, user feedback, and other expensive methods. At the same time, many of these errors could have been found at the code writing stage and corrected with minimal loss of time, reputation and money. This article will provide several examples of real errors, which could have been immediately fixed, if project authors had used static code analysis.

Read more →

PVS-Studio wanted but couldn't find bugs in robots.txt

Reading time3 min
Views2.2K
Picture 1

The other day Google revealed the sources of the robots.txt parser. Why not give a run for the already far and wide checked project using PVS-Studio and possibly find a bug. So said so done. But I wish we could find something meaningful. Well, then let it be just a reason to give full marks for Google developers.

robots.txt — is an index file that contains rules for search robots. It works for https, http and FTP protocols. Google made the parser of the robots.txt file available for everyone. Read more about this news here: Google opens the source code of the robots.txt parser
Read more →

PVS-Studio for Visual Studio

Reading time10 min
Views1.1K


Many of our articles are focused on anything, but not the PVS-Studio tool itself. Whereas we do a lot to make its usage convenient for developers. Nevertheless, our efforts are often concealed behind the scenes. I decided to remedy this situation and tell you about the PVS-Studio plugin for Visual Studio. If you use Visual Studio, this article is for you.
Read more →

The dangers of using multi-character constants

Reading time2 min
Views1.4K

Picture 1

During code analysis, PVS-Studio analyzes the data flow and operates variable values. Values are taken from constants or derived from conditional expressions. We call them virtual values. Recently, we have refined them in order to work with multi-character constants and this has become the reason to create a new diagnostic rule.

Introduction


Multi-character-literals are implementation-defined, so different compilers can encode them in different ways. For example, GCC and Clang set a value, based on the order of the symbols in the literal, while MSVC moves them depending on the symbol's type (regular or escape).
Read more →

How to quickly check out interesting warnings given by the PVS-Studio analyzer for C and C++ code?

Reading time5 min
Views1K

Once in a while, programmers who start getting acquainted with the PVS-Studio code analyzer ask me: «Is there a list of warnings that accurately indicate errors?» There is no such list because uninteresting (false) warnings in one project are very important and useful in another one. However, one can definitely start digging into the analyzer from the most exciting warnings. Let's take a closer look at this topic.
Read more →

PVS-Studio Graph of Diagnostic Abilities Development

Reading time2 min
Views812
Maturation

More than 8 years have passed since the PVS-Studio product was released, and all this time we've been implementing new diagnostic rules in it. Moreover, we are not going to stop. If you care about whether we have lost our vivacity over the years, and whether PVS-Studio stops developing, the graph given in the article will take this issue off the table. The analyzer is actively developing, and the speed of development only increases over the years.
Read more →

Nullable Reference types in C# 8.0 and static analysis

Reading time12 min
Views3.7K

Picture 9


It's not a secret that Microsoft has been working on the 8-th version of C# language for quite a while. The new language version (C# 8.0) is already available in the recent release of Visual Studio 2019, but it's still in beta. This new version is going to have a few features implemented in a somewhat non-obvious, or rather unexpected, way. Nullable Reference types are one of them. This feature is announced as a means to fight Null Reference Exceptions (NRE).
Read more →

Support of Visual Studio 2019 in PVS-Studio

Reading time19 min
Views1.1K


Support of Visual Studio 2019 in PVS-Studio affected a number of components: the plugin itself, the command-line analyzer, the cores of the C++ and C# analyzers, and a few utilities. In this article, I will briefly explain what problems we encountered when implementing support of the IDE and how we addressed them.
Read more →

IntelliJ IDEA, ReSharper, SonarLint and SonarQube find the same errors, as PVS-Studio — so why do we need PVS-Studio?

Reading time2 min
Views2K
Sometimes people ask the question, which addresses a certain topic but is actually about another thing. As the saying goes, a competently asked question contains half the answer.

Recently I've returned from the JPoint conference, where we first presented our new PVS-Studio analyzer for Java. Interest in static analysis is growing strongly in the last few years, so the audience perceived PVS-Studio enthusiastically. In addition to the positive feedback, as it happens, we had to handle objections. The most frequent objection to the suggestion to try PVS-Studio sounds something like this: «C'mon, why do we try PVS-Studio? We use IntelliJ IDEA, ReSharper, SonarLint and SonarQube. We've run PVS-Studio recently and it found errors, already highlighted by IntelliJ IDEA!»

I just can't help but write a small reply note to this comment. I even have two responses to this objection. And yes, I intentionally stated ReSharper, as there are some questions to our C# analyzer as well. Well, here comes the answer.
Read more →

Analyzing the Code of CUBA Platform with PVS-Studio

Reading time14 min
Views1K

Java developers have access to a number of useful tools that help to write high-quality code such as the powerful IDE IntelliJ IDEA, free analyzers SpotBugs, PMD, and the like. The developers working on CUBA Platform have already been using all of these, and this review will show how the project can benefit even more from the use of the static code analyzer PVS-Studio.
Read more →

Wireshark 3.x: code analysis under macOS and errors review

Reading time9 min
Views1.9K

Picture 1

Wireshark Foundation released the final stable-version of the popular network traffic analyzer — Wireshark 3.0.0. The new release fixes several bugs, it is now possible to analyze the new protocols, apart from that the driver on Npcap WinPcap is replaced. Here is where quoting of the announcement ends and our note about bugs in the project starts off. The projects authors definitely haven't done their best in fixing bugs before the release.

Let's collect hotfixes right now to give a motive in doing a new release :).

Introduction


Wireshark is a well-known tool to capture and analyze network traffic. The program works with the vast majority of known protocols, has intuitive and logical graphical interface, an all-powerful system of filters. Wireshark is cross-platform, works in such OSs, as: Windows, Linux, macOS, Solaris, FreeBSD, NetBSD and many others.

To do the source code analysis, we used PVS-Studio static code analyzer. To analyze the source code, first we needed to compile the project in an OS. The choice was wide not only due to the cross platform nature of the project, but also because of that of the analyzer. I chose macOS for the analysis. You can also run the analyzer under Windows and Linux.
Read more →

Checking the Roslyn Source Code

Reading time21 min
Views1.6K
PVS-Studio vs Roslyn

Once in a while we go back to the projects that we have previously checked using PVS-Studio, which results in their descriptions in various articles. Two reasons make these comebacks exciting for us. Firstly, the opportunity to assess the progress of our analyzer. Secondly, monitoring the feedback of the project's authors to our article and the report of errors, which we usually provide them with. Of course, errors can be corrected without our participation. However, it is always nice when our efforts help to make a project better. Roslyn was no exception. The previous article about this project check dates back to December 23, 2015. It's quite a long time, in the view of the progress that our analyzer has made since that time. Since the C# core of the PVS-Studio analyzer is based on Roslyn, it gives us additional interest in this project. As a result, we're as keen as mustard about the code quality of this project. Now let's test it once again and find out some new and interesting issues (but let's hope that nothing significant) that PVS-Studio will be able to find.
Read more →

PVS-Studio for Java hits the road. Next stop is Elasticsearch

Reading time11 min
Views2.2K

Picture 1

The PVS-Studio team has been keeping the blog about the checks of open-source projects by the same-name static code analyzer for many years. To date, more than 300 projects have been checked, the base of errors contains more than 12000 cases. Initially the analyzer was implemented for checking C and C++ code, support of C# was added later. Therefore, from all checked projects the majority (> 80%) accounts for C and C++. Quite recently Java was added to the list of supported languages, which means that there is now a whole new open world for PVS-Studio, so it's time to complement the base with errors from Java projects.

The Java world is vast and varied, so one doesn't even know where to look first when choosing a project to test the new analyzer. Ultimately, the choice fell on the full-text search and analytical engine Elasticsearch. It is quite a successful project, and it's even especially pleasant to find errors in significant projects. So, what defects did PVS-Studio for Java manage to detect? Further talk will be right about the results of the check.
Read more →

How the CSS markup fragment broke the C++ compiler

Reading time2 min
Views1.8K

Picture 1

Static analysis methodology involves various technologies. One of them is preprocessing files right before analyzing them. Preprocessed files are created by the compiler that runs in a special working mode. Unfortunately, our long-standing experience of developing a static analyzer shows that this mode is not great for testing. In this note, I'll give the example of a fresh bug in the C++ compiler from Microsoft.
Read more →

Information

Website
pvs-studio.ru
Registered
Founded
2008
Employees
51–100 employees
Location
Россия
Representative
Андрей Карпов