• PVS-Studio for Visual Studio


      Many of our articles are focused on anything, but not the PVS-Studio tool itself. Whereas we do a lot to make its usage convenient for developers. Nevertheless, our efforts are often concealed behind the scenes. I decided to remedy this situation and tell you about the PVS-Studio plugin for Visual Studio. If you use Visual Studio, this article is for you.
      Read more →
    • The dangers of using multi-character constants

        Picture 1

        During code analysis, PVS-Studio analyzes the data flow and operates variable values. Values are taken from constants or derived from conditional expressions. We call them virtual values. Recently, we have refined them in order to work with multi-character constants and this has become the reason to create a new diagnostic rule.

        Introduction


        Multi-character-literals are implementation-defined, so different compilers can encode them in different ways. For example, GCC and Clang set a value, based on the order of the symbols in the literal, while MSVC moves them depending on the symbol's type (regular or escape).
        Read more →
      • How to quickly check out interesting warnings given by the PVS-Studio analyzer for C and C++ code?


          Once in a while, programmers who start getting acquainted with the PVS-Studio code analyzer ask me: «Is there a list of warnings that accurately indicate errors?» There is no such list because uninteresting (false) warnings in one project are very important and useful in another one. However, one can definitely start digging into the analyzer from the most exciting warnings. Let's take a closer look at this topic.
          Read more →
        • PVS-Studio Graph of Diagnostic Abilities Development

            Maturation

            More than 8 years have passed since the PVS-Studio product was released, and all this time we've been implementing new diagnostic rules in it. Moreover, we are not going to stop. If you care about whether we have lost our vivacity over the years, and whether PVS-Studio stops developing, the graph given in the article will take this issue off the table. The analyzer is actively developing, and the speed of development only increases over the years.
            Read more →
          • Nullable Reference types in C# 8.0 and static analysis

              Picture 9


              It's not a secret that Microsoft has been working on the 8-th version of C# language for quite a while. The new language version (C# 8.0) is already available in the recent release of Visual Studio 2019, but it's still in beta. This new version is going to have a few features implemented in a somewhat non-obvious, or rather unexpected, way. Nullable Reference types are one of them. This feature is announced as a means to fight Null Reference Exceptions (NRE).
              Read more →
            • Support of Visual Studio 2019 in PVS-Studio


                Support of Visual Studio 2019 in PVS-Studio affected a number of components: the plugin itself, the command-line analyzer, the cores of the C++ and C# analyzers, and a few utilities. In this article, I will briefly explain what problems we encountered when implementing support of the IDE and how we addressed them.
                Read more →
              • Cataclysm Dark Days Ahead: Static Analysis and Roguelike Games

                  Picture 5

                  You must have already guessed from the title that today's article will be focusing on bugs in software source code. But not only that. If you are not only interested in C++ and in reading about bugs in other developers' code but also dig unusual video games and wonder what «roguelikes» are and how you play them, then welcome to read on!
                  Read more →
                • IntelliJ IDEA, ReSharper, SonarLint and SonarQube find the same errors, as PVS-Studio — so why do we need PVS-Studio?

                    Sometimes people ask the question, which addresses a certain topic but is actually about another thing. As the saying goes, a competently asked question contains half the answer.

                    Recently I've returned from the JPoint conference, where we first presented our new PVS-Studio analyzer for Java. Interest in static analysis is growing strongly in the last few years, so the audience perceived PVS-Studio enthusiastically. In addition to the positive feedback, as it happens, we had to handle objections. The most frequent objection to the suggestion to try PVS-Studio sounds something like this: «C'mon, why do we try PVS-Studio? We use IntelliJ IDEA, ReSharper, SonarLint and SonarQube. We've run PVS-Studio recently and it found errors, already highlighted by IntelliJ IDEA!»

                    I just can't help but write a small reply note to this comment. I even have two responses to this objection. And yes, I intentionally stated ReSharper, as there are some questions to our C# analyzer as well. Well, here comes the answer.
                    Read more →
                  • Analyzing the Code of CUBA Platform with PVS-Studio


                      Java developers have access to a number of useful tools that help to write high-quality code such as the powerful IDE IntelliJ IDEA, free analyzers SpotBugs, PMD, and the like. The developers working on CUBA Platform have already been using all of these, and this review will show how the project can benefit even more from the use of the static code analyzer PVS-Studio.
                      Read more →
                    • Wireshark 3.x: code analysis under macOS and errors review

                        Picture 1

                        Wireshark Foundation released the final stable-version of the popular network traffic analyzer — Wireshark 3.0.0. The new release fixes several bugs, it is now possible to analyze the new protocols, apart from that the driver on Npcap WinPcap is replaced. Here is where quoting of the announcement ends and our note about bugs in the project starts off. The projects authors definitely haven't done their best in fixing bugs before the release.

                        Let's collect hotfixes right now to give a motive in doing a new release :).

                        Introduction


                        Wireshark is a well-known tool to capture and analyze network traffic. The program works with the vast majority of known protocols, has intuitive and logical graphical interface, an all-powerful system of filters. Wireshark is cross-platform, works in such OSs, as: Windows, Linux, macOS, Solaris, FreeBSD, NetBSD and many others.

                        To do the source code analysis, we used PVS-Studio static code analyzer. To analyze the source code, first we needed to compile the project in an OS. The choice was wide not only due to the cross platform nature of the project, but also because of that of the analyzer. I chose macOS for the analysis. You can also run the analyzer under Windows and Linux.
                        Read more →
                      • Checking the Roslyn Source Code

                          PVS-Studio vs Roslyn

                          Once in a while we go back to the projects that we have previously checked using PVS-Studio, which results in their descriptions in various articles. Two reasons make these comebacks exciting for us. Firstly, the opportunity to assess the progress of our analyzer. Secondly, monitoring the feedback of the project's authors to our article and the report of errors, which we usually provide them with. Of course, errors can be corrected without our participation. However, it is always nice when our efforts help to make a project better. Roslyn was no exception. The previous article about this project check dates back to December 23, 2015. It's quite a long time, in the view of the progress that our analyzer has made since that time. Since the C# core of the PVS-Studio analyzer is based on Roslyn, it gives us additional interest in this project. As a result, we're as keen as mustard about the code quality of this project. Now let's test it once again and find out some new and interesting issues (but let's hope that nothing significant) that PVS-Studio will be able to find.
                          Read more →
                        • PVS-Studio for Java hits the road. Next stop is Elasticsearch

                            Picture 1

                            The PVS-Studio team has been keeping the blog about the checks of open-source projects by the same-name static code analyzer for many years. To date, more than 300 projects have been checked, the base of errors contains more than 12000 cases. Initially the analyzer was implemented for checking C and C++ code, support of C# was added later. Therefore, from all checked projects the majority (> 80%) accounts for C and C++. Quite recently Java was added to the list of supported languages, which means that there is now a whole new open world for PVS-Studio, so it's time to complement the base with errors from Java projects.

                            The Java world is vast and varied, so one doesn't even know where to look first when choosing a project to test the new analyzer. Ultimately, the choice fell on the full-text search and analytical engine Elasticsearch. It is quite a successful project, and it's even especially pleasant to find errors in significant projects. So, what defects did PVS-Studio for Java manage to detect? Further talk will be right about the results of the check.
                            Read more →
                          • How the CSS markup fragment broke the C++ compiler

                              Picture 1

                              Static analysis methodology involves various technologies. One of them is preprocessing files right before analyzing them. Preprocessed files are created by the compiler that runs in a special working mode. Unfortunately, our long-standing experience of developing a static analyzer shows that this mode is not great for testing. In this note, I'll give the example of a fresh bug in the C++ compiler from Microsoft.
                              Read more →
                            • Top 10 bugs of C++ projects found in 2018

                                It has been three months since 2018 had ended. For many, it has just flew by, but for us, PVS-Studio developers, it was quite an eventful year. We were working up a sweat, fearlessly competing for spreading the word about static analysis and were searching for errors in open source projects, written in C, C++, C#, and Java languages. In this article, we gathered the top 10 most interesting of them right for you!

                                Read more →
                              • Following in the Footsteps of Calculators: SpeedCrunch

                                  Picture 4

                                  Here we are, continuing to explore the code of calculators! Today we are going to take a look at the project called SpeedCrunch, the second most popular free calculator.

                                  Introduction


                                  SpeedCrunch is a high-precision scientific calculator featuring a fast, keyboard-driven user interface. It is free and open-source software, licensed under the GPL and running on Windows, Linux, and macOS.

                                  The source code is available on BitBucket. I was somewhat disappointed by the build documentation, which could be more detailed. It says that you need «Qt 5.2 or later» to build the project, but it actually required a few specific packages, which wasn't easy to figure out from the CMake log. By the way, it is considered a good practice nowadays to include a Dockerfile into the project to make it easier for the user to set up the development environment.
                                  Read more →
                                • Checking FreeRDP with PVS-Studio

                                    Picture 2

                                    FreeRDP is an open-source implementation of the Remote Desktop Protocol (RDP), a proprietary protocol by Microsoft. The project supports multiple platforms, including Windows, Linux, macOS, and even iOS and Android. We chose it to be the first project analyzed with the static code analyzer PVS-Studio for a series of articles about the checks of RDP-clients.
                                    Read more →
                                  • Following in the Footsteps of Calculators: Qalculate


                                      Previously we did code reviews of large mathematical packages, for example, Scilab and Octave, whereby calculators remained aloof as small utilities, in which it is difficult to make errors due to their small codebase. We were wrong that we haven't paid attention to them. The case with posting the source code of the Windows calculator showed that actually everyone was interested in discussing types of errors hiding in it. Moreover, the number of errors there was more than enough to write an article about that. My colleagues and I, we decided to explore the code of a number of popular calculators, and it turned out that the code of the Windows calculator was not that bad (spoiler).
                                      Read more →