• Important Things to Know About Tensorflow 2.0

      Deep Learning applications have changed a lot of things. Some which give hope for a brighter future, and some which raise suspicions. However, for developers, the growth of deep learning applications has made them more perplexed about choosing the best among so many deep learning frameworks out there.

      TensorFlow is one of the deep learning frameworks that comes in mind. It is arguably the most popular deep learning framework out there. Nothing justifies the statement better than the fact that Tensorflow is used by the likes of Uber, Nvidia, Gmail among other big corporations for developing state-of-the-art deep learning applications.

      But right now, I am on a quest to find whether it indeed is the best deep learning framework. Or perhaps find what makes it the best out of all other frameworks it competes against.
      Read more →
    • Analysis of the Apache Dubbo RPC Framework by the PVS-Studio Static Code Analyzer

        Picture 2

        Apache Dubbo is one of the most popular Java projects on GitHub. It's not surprising. It was created 8 years ago and is widely applied as a high-performance RPC environment. Of course, most of the bugs in its code have long been fixed and the quality of the code is maintained at a high level. However, there is no reason to opt out of checking such an interesting project using the PVS-Studio static code analyzer. Let's see how it turned out.
        Read more →
      • How to set up PVS-Studio in Travis CI using the example of PSP game console emulator


          Travis CI is a distributed web service for building and testing software that uses GitHub as a source code hosting service. In addition to the above scripts, you can add your own, thanks to the extensive configuration options. In this article we will set up Travis CI for working with PVS-Studio by the example of PPSSPP code.
          Read more →
        • An Easy Way to Make Money on Bug Bounty

            Рисунок 2

            Surely you've heard the expression «bug hunting» many times. I dare to assume, you won't mind earning one or two hundred (or even thousand) dollars by finding a potential vulnerability in someone's program. In this article, I'll tell you about a trick that will help analyzing open source projects in order to find such vulnerabilities.
            Read more →
          • CMake: the Case when the Project's Quality is Unforgivable

              Picture 1

              CMake is a cross-platform system for automating project builds. This system is much older than the PVS-Studio static code analyzer, but no one has tried to apply the analyzer on its code and review the errors. As it turned out, there are a lot of them. The CMake audience is huge. New projects start on it and old ones are ported. I shudder to think of how many developers could have had any given error.
              Read more →
            • PVS-Studio Visits Apache Hive

                Рисунок 1

                For the past ten years, the open-source movement has been one of the key drivers of the IT industry's development, and its crucial component. The role of open-source projects is becoming more and more prominent not only in terms of quantity but also in terms of quality, which changes the very concept of how they are positioned on the IT market in general. Our courageous PVS-Studio team is not sitting idly and is taking an active part in strengthening the presence of open-source software by finding hidden bugs in the enormous depths of codebases and offering free license options to the authors of such projects. This article is just another piece of that activity! Today we are going to talk about Apache Hive. I've got the report — and there are things worth looking at.
                Read more →
              • AdBlock has stolen the banner, but banners are not teeth — they will be back

              • Checking the .NET Core Libraries Source Code by the PVS-Studio Static Analyzer

                  Picture 19

                  .NET Core libraries is one of the most popular C# projects on GitHub. It's hardly a surprise, since it's widely known and used. Owing to this, an attempt to reveal the dark corners of the source code is becoming more captivating. So this is what we'll try to do with the help of the PVS-Studio static analyzer. What do you think – will we eventually find something interesting?
                  Read more →
                • PVS-Studio Looked into the Red Dead Redemption's Bullet Engine

                    Picture 4

                    Nowadays there is no need to implement the physics of objects from scratch for game development because there are a lot of libraries for this purpose. Bullet was actively used in many AAA games, virtual reality projects, various simulations and machine learning. And it is still used, being, for example, one of the Red Dead Redemption and Red Dead Redemption 2 engines. So why not check the Bullet with PVS-Studio to see what errors static analysis can detect in such a large-scale physics simulation project.
                    Read more →
                  • Almost Perfect Libraries by Electronic Arts

                      Our attention was recently attracted by the Electronic Arts repository on GitHub. It's tiny, and of the twenty-three projects available there, only a few C++ libraries seemed interesting: EASTL, EAStdC, EABase, EAThread, EATest, EAMain, and EAAssert. The projects themselves are tiny too (about 10 files each), so bugs were found only in the «largest» project of 20 files :D But we did find them, and they do look interesting! As I was writing this post, we were also having a lively discussion of EA games and the company's policy :D

                      Picture 1

                      Read more →
                    • Best Copy-Paste Algorithms for C and C++. Haiku OS Cookbook

                        Numerous typos and Copy-Paste code became the main topic of the additional article about checking the Haiku code by the PVS-Studio analyzer. Yet this article mostly tells about errors related to thoughtlessness and failed refactoring, rather than to typos. The errors found demonstrate how strong the human factor is in software development.

                        Picture 1
                        Read more →
                      • How to shoot yourself in the foot in C and C++. Haiku OS Cookbook

                          The story of how the PVS-Studio static analyzer and the Haiku OS code met goes back to the year 2015. It was an exciting experiment and useful experience for teams of both projects. Why the experiment? At that moment, we didn't have the analyzer for Linux and we wouldn't have it for another year and a half. Anyway, efforts of enthusiasts from our team have been rewarded: we got acquainted with Haiku developers and increased the code quality, widened our error base with rare bugs made by developers and refined the analyzer. Now you can check the Haiku code for errors easily and quickly.
                          Picture 1

                          Read more →
                        • A declarative data-processing pipeline on top of actors? Why not?

                            Some time ago, in a discussion on one of SObjectizer's releases, we were asked: "Is it possible to make a DSL to describe a data-processing pipeline?" In other words, is it possible to write something like that:

                            A | B | C | D

                            and get a working pipeline where messages are going from A to B, and then to C, and then to D. With control that B receives exactly that type that A returns. And C receives exactly that type that B returns. And so on.

                            It was an interesting task with a surprisingly simple solution. For example, that's how the creation of a pipeline can look like:

                            auto pipeline = make_pipeline(env, stage(A) | stage(B) | stage(C) | stage(D));

                            Or, in a more complex case (that will be discussed below):

                            auto pipeline = make_pipeline( sobj.environment(),
                                    stage(validation) | stage(conversion) | broadcast(
                                        stage(range_checking) | stage(alarm_detector{}) | broadcast(
                                            stage( []( const alarm_detected & v ) {
                                                    alarm_distribution( cerr, v );
                                                } )
                                        ) );

                            In this article, we'll speak about the implementation of such pipeline DSL. We'll discuss mostly parts related to stage(), broadcast() and operator|() functions with several examples of usage of C++ templates. So I hope it will be interesting even for readers who don't know about SObjectizer (if you never heard of SObjectizer here is an overview of this tool).

                            Read more →
                          • Why LLVM may call a never called function?

                              I don’t care what your dragon’s said, it’s a lie. Dragons lie. You don’t know what’s waiting for you on the other side.

                              Michael Swanwick, The Iron Dragon’s Daughter
                              This article is based on the post in the Krister Walfridsson’s blog, “Why undefined behavior may call a never called function?”.

                              The article draws a simple conclusion: undefined behavior in a compiler can do anything, even something absolutely unexpected. In this article, I examine the internal mechanism of this optimization works.
                              Read more →
                            • Just take a look at SObjectizer if you want to use Actors or CSP in your C++ project

                                A few words about SObjectizer and its history

                                SObjectizer is a rather small C++ framework that simplifies the development of multithreaded applications. SObjectizer allows a developer to use approaches from Actor, Publish-Subscribe and Communicating Sequential Processes (CSP) models. It's an OpenSource project that is distributed under BSD-3-CLAUSE license.

                                SObjectizer has a long history. SObjectizer itself was born in 2002 as SObjectizer-4 project. But it was based on ideas from previous SCADA Objectizer that was developed between 1995 and 2000. SObjectizer-4 was open-sourced in 2006, but its evolution was stopped soon after that. A new version of SObjectizer with the name SObjectizer-5 was started in 2010 and was open-sourced in 2013. The evolution of SObjectizer-5 is still in progress and SObjectizer-5 has incorporated many new features since 2013.

                                SObjectizer is more or less known in the Russian segment of the Internet, but almost unknown outside of the exUSSR. It's because the SObjectizer was mainly used for local projects in exUSSR-countries and many articles, presentations, and talks about SObjectizer are in Russian.

                                A niche for SObjectizer and similar tools

                                Multithreading is used in Parallel computing as well as in Concurrent computing. But there is a big difference between Parallel and Concurrent computing. And, as a consequence, there are tools targeted Parallel computing, and there are tools for Concurrent computing, and they are different.

                                Read more →
                              • Dynamically generating robots.txt for ASP.NET Core sites based on environment

                                  I'm putting part of older WebForms portions of my site that still run on bare metal to ASP.NET Core and Azure App Services, and while I'm doing that I realized that I want to make sure my staging sites don't get indexed by Google/Bing.

                                  I already have a robots.txt, but I want one that's specific to production and others that are specific to development or staging. I thought about a number of ways to solve this. I could have a static robots.txt and another robots-staging.txt and conditionally copy one over the other during my Azure DevOps CI/CD pipeline.

                                  Then I realized the simplest possible thing would be to just make robots.txt be dynamic. I thought about writing custom middleware but that sounded like a hassle and more code that needed. I wanted to see just how simple this could be.

                                  Read more →
                                • How to speed up LZ4 decompression in ClickHouse?

                                    When you run queries in ClickHouse, you might notice that the profiler often shows the LZ_decompress_fast function near the top. What is going on? This question had us wondering how to choose the best compression algorithm.

                                    ClickHouse stores data in compressed form. When running queries, ClickHouse tries to do as little as possible, in order to conserve CPU resources. In many cases, all the potentially time-consuming computations are already well optimized, plus the user wrote a well thought-out query. Then all that's left to do is to perform decompression.

                                    So why does LZ4 decompression becomes a bottleneck? LZ4 seems like an extremely light algorithm: the data decompression rate is usually from 1 to 3 GB/s per processor core, depending on the data. This is much faster than the typical disk subsystem. Moreover, we use all available CPU cores, and decompression scales linearly across all physical cores.
                                    Read more →
                                  • It's high time to become part of an open source project

                                      JavaScript developers, I am working on an exciting opensource project pursuing two goals:

                                      1. Learning best practices in JavaScript/NodeJS
                                      2. Helping developers and myself to develop and launch MVPs to validate ideas quickly.

                                      As developers, we have tons of ideas and would be awesome to have a simple tool to scaffold a secure project quickly, add a couple of forms, some project specific logic, and here you go — deploy and test your idea.
                                      Read more →
                                    • A drawing bot for realizing everyday scenes and even stories

                                        Drawing bot

                                        If you were asked to draw a picture of several people in ski gear, standing in the snow, chances are you’d start with an outline of three or four people reasonably positioned in the center of the canvas, then sketch in the skis under their feet. Though it was not specified, you might decide to add a backpack to each of the skiers to jibe with expectations of what skiers would be sporting. Finally, you’d carefully fill in the details, perhaps painting their clothes blue, scarves pink, all against a white background, rendering these people more realistic and ensuring that their surroundings match the description. Finally, to make the scene more vivid, you might even sketch in some brown stones protruding through the snow to suggest that these skiers are in the mountains.

                                        Now there’s a bot that can do all that.

                                        Read more →