• Cataclysm Dark Days Ahead: Static Analysis and Roguelike Games

      Picture 5

      You must have already guessed from the title that today's article will be focusing on bugs in software source code. But not only that. If you are not only interested in C++ and in reading about bugs in other developers' code but also dig unusual video games and wonder what «roguelikes» are and how you play them, then welcome to read on!
      Read more →
    • Wireshark 3.x: code analysis under macOS and errors review

        Picture 1

        Wireshark Foundation released the final stable-version of the popular network traffic analyzer — Wireshark 3.0.0. The new release fixes several bugs, it is now possible to analyze the new protocols, apart from that the driver on Npcap WinPcap is replaced. Here is where quoting of the announcement ends and our note about bugs in the project starts off. The projects authors definitely haven't done their best in fixing bugs before the release.

        Let's collect hotfixes right now to give a motive in doing a new release :).


        Wireshark is a well-known tool to capture and analyze network traffic. The program works with the vast majority of known protocols, has intuitive and logical graphical interface, an all-powerful system of filters. Wireshark is cross-platform, works in such OSs, as: Windows, Linux, macOS, Solaris, FreeBSD, NetBSD and many others.

        To do the source code analysis, we used PVS-Studio static code analyzer. To analyze the source code, first we needed to compile the project in an OS. The choice was wide not only due to the cross platform nature of the project, but also because of that of the analyzer. I chose macOS for the analysis. You can also run the analyzer under Windows and Linux.
        Read more →
      • How the CSS markup fragment broke the C++ compiler

          Picture 1

          Static analysis methodology involves various technologies. One of them is preprocessing files right before analyzing them. Preprocessed files are created by the compiler that runs in a special working mode. Unfortunately, our long-standing experience of developing a static analyzer shows that this mode is not great for testing. In this note, I'll give the example of a fresh bug in the C++ compiler from Microsoft.
          Read more →
        • Top 10 bugs of C++ projects found in 2018

            It has been three months since 2018 had ended. For many, it has just flew by, but for us, PVS-Studio developers, it was quite an eventful year. We were working up a sweat, fearlessly competing for spreading the word about static analysis and were searching for errors in open source projects, written in C, C++, C#, and Java languages. In this article, we gathered the top 10 most interesting of them right for you!

            Read more →
          • Following in the Footsteps of Calculators: SpeedCrunch

              Picture 4

              Here we are, continuing to explore the code of calculators! Today we are going to take a look at the project called SpeedCrunch, the second most popular free calculator.


              SpeedCrunch is a high-precision scientific calculator featuring a fast, keyboard-driven user interface. It is free and open-source software, licensed under the GPL and running on Windows, Linux, and macOS.

              The source code is available on BitBucket. I was somewhat disappointed by the build documentation, which could be more detailed. It says that you need «Qt 5.2 or later» to build the project, but it actually required a few specific packages, which wasn't easy to figure out from the CMake log. By the way, it is considered a good practice nowadays to include a Dockerfile into the project to make it easier for the user to set up the development environment.
              Read more →
            • Checking FreeRDP with PVS-Studio

                Picture 2

                FreeRDP is an open-source implementation of the Remote Desktop Protocol (RDP), a proprietary protocol by Microsoft. The project supports multiple platforms, including Windows, Linux, macOS, and even iOS and Android. We chose it to be the first project analyzed with the static code analyzer PVS-Studio for a series of articles about the checks of RDP-clients.
                Read more →
              • Following in the Footsteps of Calculators: Qalculate

                  Previously we did code reviews of large mathematical packages, for example, Scilab and Octave, whereby calculators remained aloof as small utilities, in which it is difficult to make errors due to their small codebase. We were wrong that we haven't paid attention to them. The case with posting the source code of the Windows calculator showed that actually everyone was interested in discussing types of errors hiding in it. Moreover, the number of errors there was more than enough to write an article about that. My colleagues and I, we decided to explore the code of a number of popular calculators, and it turned out that the code of the Windows calculator was not that bad (spoiler).
                  Read more →
                • Another way to write cross-platform apps: Neutralinojs internals and comparison with Electron and NW.js

                  I am Shalitha Suranga from Sri Lanka. I started Neutralinojs project with other two members as our research project at university.

                  Cross-platform application development is extremely useful among software development organizations because a large end-user audience can be targeted. Earlier there were several approaches, such as writing multiple codebases per each platform, writing a single codebase using conditionals for platform selection, or using a programming language which has a cross-platform virtual machine at run-time. There were drawbacks of each like complexity of design, limited low-level accessibility and slow learning rate. Cross-platform application development with web technologies came [1] after. Electron and NW.js are most popular frameworks which allow developers to make cross-platform applications using Javascript. Basically, these popular frameworks combine embedded chromium browser and node run-time [2], [3].

                  These frameworks are being used to create numerous cross-platform applications. Whereas the community pointed out several unseen drawbacks of these frameworks. Large bundled application size, high memory consumption and long development workflow are the key things which were criticized through internet forums and websites [4], [5], [6], [7], [8]. Table 1.1 shows the advantages and disadvantages of Electron/NW.js.

                  Table 1.1: Advantages and Disadvantages of Electron/NW,js

                  Advantages of Electron and NW.js Disadvantages of Electron and NW.js
                  Development is very easy since Javascript is used Application bundle is considered as bloatware (High disk space usage)
                  Access native functions via node runtimeSingle codebase for all supported platforms Linux, Windows and macOS High memory consumption and slowness
                  Many Node modules need to be installed
                  Read more →