Pull to refresh

Open source *

Open source software

Show first
  • New
  • Top
Rating limit
  • All
  • ≥0
  • ≥10
  • ≥25
  • ≥50
  • ≥100

The story of how PVS-Studio found an error in the library used in… PVS-Studio

PVS-Studio corporate blog Open source *.NET *C# *Development for Windows *

Picture 1

This is a short story about how PVS-Studio helped us find an error in the source code of the library used in PVS-Studio. And it was not a theoretical error but an actual one — the error appeared in practice when using the library in the analyzer.
Read more →
Total votes 27: ↑24 and ↓3 +21
Views 930
Comments 0

PVS-Studio Looked into the Red Dead Redemption's Bullet Engine

PVS-Studio corporate blog Open source *C++ *Game development *
Picture 4

Nowadays there is no need to implement the physics of objects from scratch for game development because there are a lot of libraries for this purpose. Bullet was actively used in many AAA games, virtual reality projects, various simulations and machine learning. And it is still used, being, for example, one of the Red Dead Redemption and Red Dead Redemption 2 engines. So why not check the Bullet with PVS-Studio to see what errors static analysis can detect in such a large-scale physics simulation project.
Read more →
Total votes 34: ↑31 and ↓3 +28
Views 4.2K
Comments 0

Almost Perfect Libraries by Electronic Arts

PVS-Studio corporate blog Open source *C++ *Game development *C *
Our attention was recently attracted by the Electronic Arts repository on GitHub. It's tiny, and of the twenty-three projects available there, only a few C++ libraries seemed interesting: EASTL, EAStdC, EABase, EAThread, EATest, EAMain, and EAAssert. The projects themselves are tiny too (about 10 files each), so bugs were found only in the «largest» project of 20 files :D But we did find them, and they do look interesting! As I was writing this post, we were also having a lively discussion of EA games and the company's policy :D

Picture 1

Read more →
Total votes 24: ↑22 and ↓2 +20
Views 5.4K
Comments 0

Best Copy-Paste Algorithms for C and C++. Haiku OS Cookbook

PVS-Studio corporate blog Open source *C++ *C *
Numerous typos and Copy-Paste code became the main topic of the additional article about checking the Haiku code by the PVS-Studio analyzer. Yet this article mostly tells about errors related to thoughtlessness and failed refactoring, rather than to typos. The errors found demonstrate how strong the human factor is in software development.

Picture 1
Read more →
Total votes 16: ↑13 and ↓3 +10
Views 894
Comments 0

How to shoot yourself in the foot in C and C++. Haiku OS Cookbook

PVS-Studio corporate blog Open source *C++ *C *
The story of how the PVS-Studio static analyzer and the Haiku OS code met goes back to the year 2015. It was an exciting experiment and useful experience for teams of both projects. Why the experiment? At that moment, we didn't have the analyzer for Linux and we wouldn't have it for another year and a half. Anyway, efforts of enthusiasts from our team have been rewarded: we got acquainted with Haiku developers and increased the code quality, widened our error base with rare bugs made by developers and refined the analyzer. Now you can check the Haiku code for errors easily and quickly.
Picture 1

Read more →
Total votes 18: ↑17 and ↓1 +16
Views 2.4K
Comments 1

A declarative data-processing pipeline on top of actors? Why not?

Open source *Programming *C++ *

Some time ago, in a discussion on one of SObjectizer's releases, we were asked: "Is it possible to make a DSL to describe a data-processing pipeline?" In other words, is it possible to write something like that:

A | B | C | D

and get a working pipeline where messages are going from A to B, and then to C, and then to D. With control that B receives exactly that type that A returns. And C receives exactly that type that B returns. And so on.

It was an interesting task with a surprisingly simple solution. For example, that's how the creation of a pipeline can look like:

auto pipeline = make_pipeline(env, stage(A) | stage(B) | stage(C) | stage(D));

Or, in a more complex case (that will be discussed below):

auto pipeline = make_pipeline( sobj.environment(),
        stage(validation) | stage(conversion) | broadcast(
            stage(range_checking) | stage(alarm_detector{}) | broadcast(
                stage( []( const alarm_detected & v ) {
                        alarm_distribution( cerr, v );
                    } )
            ) );

In this article, we'll speak about the implementation of such pipeline DSL. We'll discuss mostly parts related to stage(), broadcast() and operator|() functions with several examples of usage of C++ templates. So I hope it will be interesting even for readers who don't know about SObjectizer (if you never heard of SObjectizer here is an overview of this tool).

Read more →
Total votes 12: ↑11 and ↓1 +10
Views 2.1K
Comments 2

Why LLVM may call a never called function?

Open source *Programming *C++ *Compilers *
I don’t care what your dragon’s said, it’s a lie. Dragons lie. You don’t know what’s waiting for you on the other side.

Michael Swanwick, The Iron Dragon’s Daughter
This article is based on the post in the Krister Walfridsson’s blog, “Why undefined behavior may call a never called function?”.

The article draws a simple conclusion: undefined behavior in a compiler can do anything, even something absolutely unexpected. In this article, I examine the internal mechanism of this optimization works.
Read more →
Total votes 8: ↑7 and ↓1 +6
Views 5K
Comments 0

Just take a look at SObjectizer if you want to use Actors or CSP in your C++ project

Open source *Programming *C++ *

A few words about SObjectizer and its history

SObjectizer is a rather small C++ framework that simplifies the development of multithreaded applications. SObjectizer allows a developer to use approaches from Actor, Publish-Subscribe and Communicating Sequential Processes (CSP) models. It's an OpenSource project that is distributed under BSD-3-CLAUSE license.

SObjectizer has a long history. SObjectizer itself was born in 2002 as SObjectizer-4 project. But it was based on ideas from previous SCADA Objectizer that was developed between 1995 and 2000. SObjectizer-4 was open-sourced in 2006, but its evolution was stopped soon after that. A new version of SObjectizer with the name SObjectizer-5 was started in 2010 and was open-sourced in 2013. The evolution of SObjectizer-5 is still in progress and SObjectizer-5 has incorporated many new features since 2013.

SObjectizer is more or less known in the Russian segment of the Internet, but almost unknown outside of the exUSSR. It's because the SObjectizer was mainly used for local projects in exUSSR-countries and many articles, presentations, and talks about SObjectizer are in Russian.

A niche for SObjectizer and similar tools

Multithreading is used in Parallel computing as well as in Concurrent computing. But there is a big difference between Parallel and Concurrent computing. And, as a consequence, there are tools targeted Parallel computing, and there are tools for Concurrent computing, and they are different.

Read more →
Total votes 13: ↑11 and ↓2 +9
Views 2.3K
Comments 1

Dynamically generating robots.txt for ASP.NET Core sites based on environment

Microsoft corporate blog Open source *.NET *ASP *C# *

I'm putting part of older WebForms portions of my site that still run on bare metal to ASP.NET Core and Azure App Services, and while I'm doing that I realized that I want to make sure my staging sites don't get indexed by Google/Bing.

I already have a robots.txt, but I want one that's specific to production and others that are specific to development or staging. I thought about a number of ways to solve this. I could have a static robots.txt and another robots-staging.txt and conditionally copy one over the other during my Azure DevOps CI/CD pipeline.

Then I realized the simplest possible thing would be to just make robots.txt be dynamic. I thought about writing custom middleware but that sounded like a hassle and more code that needed. I wanted to see just how simple this could be.

Read more →
Total votes 9: ↑8 and ↓1 +7
Views 1.3K
Comments 0

How to speed up LZ4 decompression in ClickHouse?

Яндекс corporate blog High performance *Open source *C++ *Big Data *
When you run queries in ClickHouse, you might notice that the profiler often shows the LZ_decompress_fast function near the top. What is going on? This question had us wondering how to choose the best compression algorithm.

ClickHouse stores data in compressed form. When running queries, ClickHouse tries to do as little as possible, in order to conserve CPU resources. In many cases, all the potentially time-consuming computations are already well optimized, plus the user wrote a well thought-out query. Then all that's left to do is to perform decompression.

So why does LZ4 decompression becomes a bottleneck? LZ4 seems like an extremely light algorithm: the data decompression rate is usually from 1 to 3 GB/s per processor core, depending on the data. This is much faster than the typical disk subsystem. Moreover, we use all available CPU cores, and decompression scales linearly across all physical cores.
Read more →
Total votes 23: ↑21 and ↓2 +19
Views 8.2K
Comments 1

It's high time to become part of an open source project

Open source *Node.JS *Angular *ReactJS *VueJS *
JavaScript developers, I am working on an exciting opensource project pursuing two goals:

  1. Learning best practices in JavaScript/NodeJS
  2. Helping developers and myself to develop and launch MVPs to validate ideas quickly.

As developers, we have tons of ideas and would be awesome to have a simple tool to scaffold a secure project quickly, add a couple of forms, some project specific logic, and here you go — deploy and test your idea.
Read more →
Total votes 7: ↑6 and ↓1 +5
Views 666
Comments 0

A drawing bot for realizing everyday scenes and even stories

Microsoft corporate blog Open source *GitHub Machine learning *Artificial Intelligence

Drawing bot

If you were asked to draw a picture of several people in ski gear, standing in the snow, chances are you’d start with an outline of three or four people reasonably positioned in the center of the canvas, then sketch in the skis under their feet. Though it was not specified, you might decide to add a backpack to each of the skiers to jibe with expectations of what skiers would be sporting. Finally, you’d carefully fill in the details, perhaps painting their clothes blue, scarves pink, all against a white background, rendering these people more realistic and ensuring that their surroundings match the description. Finally, to make the scene more vivid, you might even sketch in some brown stones protruding through the snow to suggest that these skiers are in the mountains.

Now there’s a bot that can do all that.

Read more →
Total votes 5: ↑4 and ↓1 +3
Views 1K
Comments 0

Rebuilding an icon: a call for the sharing of open data to help restore Notre-Dame

Microsoft corporate blog Open source *

Since its completion more than 675 years ago, the medieval cathedral of Notre-Dame has captivated millions of people with its incomparable beauty. From its legendary stained glass rose window to its towering spire, it’s widely regarded as one of the most stunning examples of medieval architecture in history.

Read more →
Total votes 10: ↑8 and ↓2 +6
Views 483
Comments 0

Long journey to Tox-rs. Part 1

Decentralized networks Information Security *Instant Messaging *Open source *Rust *
Tox logo

Hi everyone!

I like Tox and respect the participants of this project and their work. In an effort to help Tox developers and users, I looked into the code and noticed potential problems that could lead to a false sense of security. Since I originally published this article in 2016 (in Russian), many improvements have been made to Tox, and I lead a team that re-wrote secure Tox software from scratch using the Rust programming language (check out Tox-rs). I DO recommend using tox in 2019. Let's take a look what actually made us rewrite Tox in Rust.

Original article of 2016

There is an unhealthy tendency to overestimate the security of E2E systems only on the basis that they are E2E. I will present objective facts supplemented with my own comments for you to draw your own conclusions.

Spoiler: The Tox developers agree with my points and my source code pull request was accepted.

Here go facts:
Total votes 25: ↑23 and ↓2 +21
Views 2.9K
Comments 1

How to make possible micro-payments in your app

Decentralized networks Open source *Payment systems *Programming *Cryptocurrencies

This week I spent coding my very first public pet-app based on Telegram chat bot which acts as a Bitcoin wallet and allows to send and receive tips between Telegram users and other so-called “Lightning Apps”. I assume that you are familiar with Bitcoin & Telegram in general, i’ll try to post short and without deep jump into details. More resources about Bitcoin can be found here and Telegram is simply an instant messenger that allows you to create your custom apps (chat-bots) using their platform.

What are the key points of such app?

  • Allows to rate other users ideas and answers with real value instead of
    ‘virtual likes’. This brings online conversation to completely new level
  • Real example of working micro-payment app which can act with other entities
    over internet using open protocol
  • All the modules are open-source projects and can be easy re-used and adjusted
    for your own project. App does not relay on third-party commercial services.
    Even it falls under e-commerce field, which is currently almost closed, the app
    is based on open solutions.

What are the use-cases?

something like this…

Read more →
Total votes 12: ↑11 and ↓1 +10
Views 3.5K
Comments 0

Cataclysm Dark Days Ahead: Static Analysis and Roguelike Games

PVS-Studio corporate blog Open source *C++ *Game development *C *
Picture 5

You must have already guessed from the title that today's article will be focusing on bugs in software source code. But not only that. If you are not only interested in C++ and in reading about bugs in other developers' code but also dig unusual video games and wonder what «roguelikes» are and how you play them, then welcome to read on!
Read more →
Total votes 25: ↑25 and ↓0 +25
Views 3.9K
Comments 0

Free Wireguard VPN service on AWS

Information Security *Open source *System administration *IT Infrastructure *Network technologies *

Free Wireguard VPN service on AWS

The reasoning

The increase of Internet censorship by authoritarian regimes expands the blockage of useful internet resources making impossible the use of the WEB and in essence violates the fundamental right to freedom of opinion and expression enshrined in the Universal Declaration of Human Rights.

Article 19
Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.

The following is the detailed 6 steps instruction for non-IT people to deploy free* VPN service upon Wireguard technology in Amazon Web Services (AWS) cloud infrastructure, using a 12 months free account, on an Instance (virtual machine) run by Ubuntu Server 18.04 LTS.

I tried to make this walkthrough as friendly as possible to people far from IT. The only thing required is assiduity in repeating the steps described below.

Read more →
Total votes 3: ↑3 and ↓0 +3
Views 43K
Comments 0

Analyzing the Code of CUBA Platform with PVS-Studio

PVS-Studio corporate blog Open source *Programming *Java *

Java developers have access to a number of useful tools that help to write high-quality code such as the powerful IDE IntelliJ IDEA, free analyzers SpotBugs, PMD, and the like. The developers working on CUBA Platform have already been using all of these, and this review will show how the project can benefit even more from the use of the static code analyzer PVS-Studio.
Read more →
Total votes 22: ↑22 and ↓0 +22
Views 828
Comments 0

Authors' contribution