How to become an author
Search
Write a publication
Pull to refresh
129.2
Rating
PVS-Studio
Статический анализ кода для C, C++, C# и Java
ProfileArticles257Subscribers93KEmployees25
Show first

Unicorns on Guard for Your Safety: Exploring the Bouncy Castle Code

Reading time7 min
Views972
PVS-Studio corporate blogInformation Security*Development Management*
image1.png

Would you like to see a new batch of errors found by the PVS-Studio static analyzer for Java? Then keep reading the article! This time the Bouncy Castle project is to be checked. The most interesting code snippets, as usual, are waiting for you below.
Read more →
Total votes 1: ↑0 and ↓1-1
Comments0

Online Almighty

Reading time7 min
Views803
PVS-Studio corporate blogConferences

2020 broke in brazenly and audaciously with its rights to our quiet and measured everyday life. It seems like the whole world has gone online, making life easier for millions of people including event managers. But not so fast...

In this article, I will tell you how our PVS-Studio team started its year in the field of business events, conferences, what experience we gained and what mistakes we want to protect our readers from. Whether you are a CEO, a hoster of business meetings, a developer, a teamlead, or etc, our experience will be useful to everyone in case you somehow relate to conferences.

Читать далее
Rating0
Comments0

Check how you remember nullable value types. Let's peek under the hood

Reading time10 min
Views939
PVS-Studio corporate blog.NET*C#*
image1.png

Recently nullable reference types have become trendy. Meanwhile, the good old nullable value types are still here and actively used. How well do you remember the nuances of working with them? Let's jog your memory or test your knowledge by reading this article. Examples of C# and IL code, references to the CLI specification, and CoreCLR code are provided. Let's start with an interesting case.
Read more →
Rating0
Comments0

Checking Clang 11 with PVS-Studio

Reading time10 min
Views755
PVS-Studio corporate blogC++*Open source*Information Security*Compilers*
PVS-Studio: I'm still worthy

Every now and then, we have to write articles about how we've checked another fresh version of some compiler. That's not really much fun. However, as practice shows, if we stop doing that for a while, folks start doubting whether PVS-Studio is worth its title of a good catcher of bugs and vulnerabilities. What if the new compiler can do that too? Sure, compilers evolve, but so does PVS-Studio – and it proves, again and again, its ability to catch bugs even in high-quality projects such as compilers.
Read more →
Total votes 3: ↑2 and ↓1+1
Comments0

Checking a Header-Only C++ Library Collection (awesome-hpp)

Reading time17 min
Views1.2K
PVS-Studio corporate blogC++*Open source*
PVS-Studio and Awesome hpp

Somehow, we've happened to check most of the libraries making up a collection called "Awesome hpp". These are small header-only projects in C++. Hopefully, the information about the bugs we've found will help make the libraries better. We'll also be happy to see the developers use PVS-Studio on a regular basis thanks to the free-license option we provide.
Read more →
Rating0
Comments0

Amnesia: The Dark Descent or How to Forget to Fix Copy Paste

Reading time14 min
Views797
PVS-Studio corporate blogC++*Open source*Game development*
image1.png

Just before the release of the "Amnesia: Rebirth" game, the vendor "Fractional Games" opened the source code of the legendary "Amnesia: The Dark Descent" and its sequel "Amnesia: A Machine For Pigs". Why not use the static analysis tool to see what dreadful mistakes are hidden in the inside of these cult horror games?
Read more →
Rating0
Comments0

Checking the Code of DeepSpeech, or Why You Shouldn't Write in namespace std

Reading time13 min
Views582
PVS-Studio corporate blogC++*Programming*
DeepSpeech is an open-source speech recognition engine developed by Mozilla. It's pretty fast and ranks high, which makes its source code an interesting target for static analysis. In this article, I'll show you some of the bugs found in DeepSpeech's C++ code.

image1.png

Introduction


We have already scanned a few projects based on machine learning before, so there was nothing new about DeepSpeech to us in this respect. No wonder since the project is quite popular: as of this writing, it has 15k stars on GitHub.
Read more →
Total votes 2: ↑1 and ↓10
Comments0

Part 2: Upsetting Opinions about Static Analyzers

Reading time4 min
Views1.1K
PVS-Studio corporate blogC*C++*Perfect code*
Единорог грустит

By writing the article "Upsetting Opinions about Static Analyzers" we were supposed to get it off our chest and peacefully let it all go. However, the article unexpectedly triggered robust feedback. Unfortunately, the discussion went in the wrong direction, and now we will make a second attempt to explain our view of this situation.
Read more →
Total votes 3: ↑2 and ↓1+5
Comments0

Organizing Content on Our Blog with Tags

Reading time3 min
Views543
PVS-Studio corporate blog

As you know, we regularly post new content on programming and various interesting events from our company's life on our blog. The range of topics is expanding, and the number of articles is growing, so at some point, we started to attach tags to our posts so that you could quickly find content on topics you're interested in. Just click the appropriate tag and – presto! – a sorted list of related articles appears.

Read more
Rating0
Comments0

Upsetting Opinions about Static Analyzers

Reading time2 min
Views1.4K
PVS-Studio corporate blogC*C++*
Static analysis tools have advanced far over the time they've been around. They no longer resemble the "linters" that were in active use 20 years ago. But some programmers still view them as extremely primitive tools. And that's very sad. It hurts to see the static analysis methodology in general and our PVS-Studio analyzer in particular treated that way.

Read more →
Total votes 3: ↑3 and ↓0+3
Comments0

Checking WildFly, a JavaEE Application Server

Reading time9 min
Views682
PVS-Studio corporate blogJava*
image1.png

WildFly (formerly known as JBoss Application Server) is an open-source JavaEE application server developed and first released by JBoss in February, 2008. The primary goal of the project is to provide a set of tools usually required for enterprise Java applications. And since the server is used for developing enterprise applications, it is especially important to minimize the number of bugs and potential vulnerabilities in its code. Today, WildFly is being developed by the large company Red Hat, and they keep the code quality at a pretty high level. That said, our analyzer was still able to find a number of programming mistakes in the project.
Read more →
Total votes 2: ↑1 and ↓1+2
Comments1

Why it is important to apply static analysis for open libraries that you add to your project

Reading time7 min
Views873
PVS-Studio corporate blogC++*Open source*Programming*Perfect code*
PVS-Studio and Awesome header-only C++ libraries

Modern applications are built from third-party libraries like a wall from bricks. Their usage is the only option to complete the project in a reasonable time, spending a sensible budget, so it's a usual practice. However, taking all the bricks indiscriminately may not be such a good idea. If there are several options, it is useful to take time to analyze open libraries in order to choose the best one.
Read more →
Total votes 1: ↑0 and ↓1-1
Comments1

Why code reviews are good, but not enough

Reading time3 min
Views944
PVS-Studio corporate blogC++*Information Security*Programming*
image1.png

Code reviews are definitely necessary and useful. It's a way to impart knowledge, educate, control a task, improve code quality and formatting, fix bugs. Moreover, you can notice high-level errors related to the architecture and algorithms used. So it's a must-have practice, except that people get tired quickly. Therefore, static analysis perfectly complements reviews and helps to detect a variety of inconspicuous errors and typos. Let's look at a decent example on this topic.
Read more →
Rating0
Comments0

Checking QEMU using PVS-Studio

Reading time14 min
Views655
PVS-Studio corporate blogC*C++*Open source*Programming*
image1.png

QEMU is a rather well-known application for emulation. Static analysis can help developers of complex projects such as QEMU catch errors at early stages and generally improve quality and reliability of a project. In this article, we will check the source code of the QEMU application for potential vulnerabilities and errors using the PVS-Studio static analysis tool.
Read more →
Total votes 3: ↑3 and ↓0+3
Comments0

Checking the Code of XMage, and Why You Won't Be Able to Get the Special Rare Cards of the Dragon's Maze Collection

Reading time13 min
Views672
PVS-Studio corporate blogJava*Open source*Game development*
image1.png

XMage is a client-server application for playing Magic: The Gathering (MTG). XMage's development was started in early 2010. Since then, it has seen 182 releases, attracted an army of contributors, and it's still being actively developed even now. All that makes it a good reason for us to contribute to its development too! So, today the PVS-Studio unicorn is going to check the code base of XMage and maybe even get into a fight with some entities.
Read more →
Rating0
Comments0

Static code analysis of the PMDK library collection by Intel and errors that are not actual errors

Reading time14 min
Views808
PVS-Studio corporate blogC*C++*Open source*Information Security*
PVS-Studio, PMDK

We were asked to check a collection of open source PMDK libraries for developing and debugging applications with NVRAM support by PVS-Studio. Well, why not? Moreover, this is a small project in C and C++ with a total code base size of about 170 KLOC without comments. Which means, the results review won't take much energy and time. Let's go.
Read more →
Total votes 2: ↑2 and ↓0+2
Comments1

Unicorns break into RTS: analyzing the OpenRA source code

Reading time16 min
Views631
PVS-Studio corporate blogC#*Open source*Games and game consoles
image1.png

This article is about the check of the OpenRA project using the static PVS-Studio analyzer. What is OpenRA? It is an open source game engine designed to create real-time strategies. The article describes the analysis process, project features, and warnings that PVS-Studio has issued. And, of course, here we will discuss some features of the analyzer that made the project checking process more comfortable.
Read more →
Rating0
Comments0

Static Analysis: From Getting Started to Integration

Reading time9 min
Views1.2K
PVS-Studio corporate blogDevOps*Programming*Product Management*Development Management*
Sometimes, tired of endless code review and debugging, you start wondering if there are ways to make your life easier. After some googling or merely by accident, you stumble upon the phrase, "static analysis". Let's find out what it is and how it can be used in your project.

Read more →
Total votes 2: ↑1 and ↓1+2
Comments0

Under the Hood of PVS-Studio for Java: How We Develop Diagnostics

Reading time8 min
Views461
PVS-Studio corporate blogJava*

To keep it interesting, this time I'd like to tell about our approach to developing and polishing diagnostic rules for PVS-Studio Java. You will learn how we keep existing warnings consistent across releases and why the new ones aren't too weird. I'll also share a bit of inside information on what plans we, the Java team, have for the future, and show you a few interesting (and a few plain) bugs we found using the diagnostics from the upcoming release.
Read more →
Total votes 2: ↑1 and ↓1+1
Comments0
12 ...
56
7
89 ...
1213

Information

Website
pvs-studio.ru
Registered
Founded
2008
Employees
51–100 employees
Location
Россия
Representative
Андрей Карпов

Your account

Sections

Information

Services

Support
© 2006–2025, Habr