• Checking the Roslyn Source Code

      PVS-Studio vs Roslyn

      Once in a while we go back to the projects that we have previously checked using PVS-Studio, which results in their descriptions in various articles. Two reasons make these comebacks exciting for us. Firstly, the opportunity to assess the progress of our analyzer. Secondly, monitoring the feedback of the project's authors to our article and the report of errors, which we usually provide them with. Of course, errors can be corrected without our participation. However, it is always nice when our efforts help to make a project better. Roslyn was no exception. The previous article about this project check dates back to December 23, 2015. It's quite a long time, in the view of the progress that our analyzer has made since that time. Since the C# core of the PVS-Studio analyzer is based on Roslyn, it gives us additional interest in this project. As a result, we're as keen as mustard about the code quality of this project. Now let's test it once again and find out some new and interesting issues (but let's hope that nothing significant) that PVS-Studio will be able to find.
      Read more →
    • PVS-Studio for Java hits the road. Next stop is Elasticsearch

        Picture 1

        The PVS-Studio team has been keeping the blog about the checks of open-source projects by the same-name static code analyzer for many years. To date, more than 300 projects have been checked, the base of errors contains more than 12000 cases. Initially the analyzer was implemented for checking C and C++ code, support of C# was added later. Therefore, from all checked projects the majority (> 80%) accounts for C and C++. Quite recently Java was added to the list of supported languages, which means that there is now a whole new open world for PVS-Studio, so it's time to complement the base with errors from Java projects.

        The Java world is vast and varied, so one doesn't even know where to look first when choosing a project to test the new analyzer. Ultimately, the choice fell on the full-text search and analytical engine Elasticsearch. It is quite a successful project, and it's even especially pleasant to find errors in significant projects. So, what defects did PVS-Studio for Java manage to detect? Further talk will be right about the results of the check.
        Read more →
      • How the CSS markup fragment broke the C++ compiler

          Picture 1

          Static analysis methodology involves various technologies. One of them is preprocessing files right before analyzing them. Preprocessed files are created by the compiler that runs in a special working mode. Unfortunately, our long-standing experience of developing a static analyzer shows that this mode is not great for testing. In this note, I'll give the example of a fresh bug in the C++ compiler from Microsoft.
          Read more →
        • Top 10 bugs of C++ projects found in 2018

            It has been three months since 2018 had ended. For many, it has just flew by, but for us, PVS-Studio developers, it was quite an eventful year. We were working up a sweat, fearlessly competing for spreading the word about static analysis and were searching for errors in open source projects, written in C, C++, C#, and Java languages. In this article, we gathered the top 10 most interesting of them right for you!

            Read more →
          • Following in the Footsteps of Calculators: SpeedCrunch

              Picture 4

              Here we are, continuing to explore the code of calculators! Today we are going to take a look at the project called SpeedCrunch, the second most popular free calculator.

              Introduction


              SpeedCrunch is a high-precision scientific calculator featuring a fast, keyboard-driven user interface. It is free and open-source software, licensed under the GPL and running on Windows, Linux, and macOS.

              The source code is available on BitBucket. I was somewhat disappointed by the build documentation, which could be more detailed. It says that you need «Qt 5.2 or later» to build the project, but it actually required a few specific packages, which wasn't easy to figure out from the CMake log. By the way, it is considered a good practice nowadays to include a Dockerfile into the project to make it easier for the user to set up the development environment.
              Read more →
            • Checking FreeRDP with PVS-Studio

                Picture 2

                FreeRDP is an open-source implementation of the Remote Desktop Protocol (RDP), a proprietary protocol by Microsoft. The project supports multiple platforms, including Windows, Linux, macOS, and even iOS and Android. We chose it to be the first project analyzed with the static code analyzer PVS-Studio for a series of articles about the checks of RDP-clients.
                Read more →
              • Following in the Footsteps of Calculators: Qalculate


                  Previously we did code reviews of large mathematical packages, for example, Scilab and Octave, whereby calculators remained aloof as small utilities, in which it is difficult to make errors due to their small codebase. We were wrong that we haven't paid attention to them. The case with posting the source code of the Windows calculator showed that actually everyone was interested in discussing types of errors hiding in it. Moreover, the number of errors there was more than enough to write an article about that. My colleagues and I, we decided to explore the code of a number of popular calculators, and it turned out that the code of the Windows calculator was not that bad (spoiler).
                  Read more →
                • Counting Bugs in Windows Calculator


                    A few days ago, Microsoft made the source code of their Windows Calculator publicly available. Calculator is an application that has traditionally shipped with every Windows version. A number of Microsoft projects went open-source over the recent years, but this time the news was covered even by non-IT media on the very first day. Well, it's a popular yet tiny program in C++. Despite its size, we still managed to find a number of suspicious fragments in its code using the PVS-Studio static analyzer.
                    Read more →
                    • +38
                    • 40.3k
                    • 2
                  • Ways to Get a Free PVS-Studio License

                      PVS-Studio Free

                      There are several ways to get a free license of the PVS-Studio static code analyzer, which is meant for searching for errors and potential vulnerabilities. Open source projects, small closed projects, public security specialists and owners of the Microsoft MVP status can use the license for free. The article briefly describes each of these options.

                      PVS-Studio is a tool designed to detect errors and potential vulnerabilities in the source code of programs, written in C, C++, C# and Java. It works in Windows, Linux and macOS environments.
                      Read more →
                    • False Positives in PVS-Studio: How Deep the Rabbit Hole Goes

                        Единорог PVS-Studio и GetNamedSecurityInfo

                        Our team provides quick and effective customer support. User requests are handled solely by programmers since our clients are programmers themselves and they often ask tricky questions. Today I'm going to tell you about a recent request concerning one false positive that even forced me to carry out a small investigation to solve the problem.
                        Read more →
                      • The story of how we changed the PVS-Studio icon



                          The 7.0 release marked a new milestone in the history of the PVS-Studio analyzer — the analysis is now available not only for the code, written in C, C++, C#, but also in Java. In addition to this global improvement, some existing mechanisms for the analysis are refined and improved, diagnostic rules are added. There was another significant change that you could hardly missed. We changed the icon.

                          Note. In the article, you will not find cunning tricks or tips on designing icons. The purpose of the article is a bit different this time — it is to tell a story, and, if possible, make it interesting.
                          Read more →
                        • Wanna Play a Detective? Find the Bug in a Function from Midnight Commander

                            bug

                            In this article, we invite you to try to find a bug in a very simple function from the GNU Midnight Commander project. Why? For no particular reason. Just for fun. Well, okay, it's a lie. We actually wanted to show you yet another bug that a human reviewer has a hard time finding and the static code analyzer PVS-Studio can catch without effort.
                            Read more →
                          • Sixth Chromium Check, Afterword

                              severe unicorn

                              At the beginning of 2018 our blog was complemented with a series of articles on the sixth check of the source code of the Chromium project. The series includes 8 articles on errors and recommendations for their prevention. Two articles sparked heated discussion, and l still occasionally get comments by mail about topics covered in them. Perhaps, I should give additional explanations and as they say, set the record straight.
                              Read more →
                            • PVS-Studio ROI

                                PVS-Studio ROI

                                Occasionally, we're asked a question, what monetary value the company will receive from using PVS-Studio. We decided to draw up a response in the form of an article and provide tables, which will show how the analyzer can be useful. We cannot prove absolute accuracy of all calculations in the article, but we suppose the reader will agree with our thoughts, and it will help to make a decision in the matter of getting the license.
                                Read more →
                              • Searching for errors in the Amazon Web Services SDK source code for .NET

                                  Picture 1


                                  Welcome to all fans of trashing someone else's code. :) Today in our laboratory, we have a new material for a research — the source code of the AWS SDK for .NET project. At the time, we wrote an article about checking AWS SDK for C++. Then there was not anything particularly interesting. Let's see what .NET of the AWS SDK version is worth. Once again, it is a great opportunity to demonstrate the abilities of the PVS-Studio analyzer and make the world a bit better.
                                  Read more →
                                • PVS-Studio 7.00

                                    PVS-Studio C#\Java\C++Today is an important day — after 28 releases of the sixth version we present our PVS-Studio 7.00, in which the key innovation is the support of the Java language. However, during 2018 we have acquired many other important changes related to C++, C#, infrastructure and support of coding standards. Therefore, we bring to your attention a note that sums up the major changes that have happened in PVS-Studio for the last time.
                                    Читать дальше →