Pull to refresh
978.89

Programming *

The art of creating computer programs

Show first
Rating limit
Level of difficulty

The Code Analyzer is wrong. Long live the Analyzer

Reading time6 min
Views715
Foo(std::move(buffer), line_buffer - buffer.get());

Combining many actions in a single C++ expression is a bad practice, as such code is hard to understand, maintain, and it is easy to make mistakes in it. For example, one can instill a bug by reconciling different actions when evaluating function arguments. We agree with the classic recommendation that code should be simple and clear. Now let's look at an interesting case where the PVS-Studio analyzer is technically wrong, but from a practical point of view, the code should still be changed.
Read more →

Spring Boot app with Apache Kafka in Docker container

Reading time4 min
Views31K

Privet, comrads!

In this article i’ll show how easy it is to setup Spring Java app with Kafka message brocker. We will use docker containers for kafka zookeeper/brocker apps and configure plaintext authorization for access from both local and external net.

Link to final project on github can be picked up at the end of the article.

Read more

Why PVS-Studio Doesn't Offer Automatic Fixes

Reading time4 min
Views769
Why PVS-Studio Doesn't Offer Automatic Fixes

Static analyzer PVS-Studio can detect bugs in pretty complex and intricate parts of code, and coming up with appropriate fixes for such bugs may be a tough task even for human developers. That's exactly the reason why we should avoid offering any options for automatic fixing at all. Here are a couple of examples.
Read more →

Checking the Code of DeepSpeech, or Why You Shouldn't Write in namespace std

Reading time13 min
Views582
DeepSpeech is an open-source speech recognition engine developed by Mozilla. It's pretty fast and ranks high, which makes its source code an interesting target for static analysis. In this article, I'll show you some of the bugs found in DeepSpeech's C++ code.

image1.png

Introduction


We have already scanned a few projects based on machine learning before, so there was nothing new about DeepSpeech to us in this respect. No wonder since the project is quite popular: as of this writing, it has 15k stars on GitHub.
Read more →

7 Best Practices Every Budding React.JS Developer Must Follow to Excel

Reading time4 min
Views6.3K
image

With the advancement in web technology, the entire globe is sliding towards the online tech sphere. The globe around us is going tech-centric day by day and thus the demand for front-end designers and developers also.

Whatever, be the purpose, people just google things and get their desired result. This is all because of the increase in the evolution of web and mobile app development. While we all know that to be a Web developer, you need to have basic skills of HTML, CSS, and JavaScript, but, with time React.js emerged into the technology stack of the web development field and outdated JavaScript.

A Report by JS reflects that 64.8% of the web developers prefer to use the React.JS framework and would love to use it again and again in the future. It has even beaten other categories of frameworks that are Vue.js with 28.8% votes and Angular with 23.9% votes. This is the reason why the demand for React.JS development companies is at an all-time high.

image

With React, it becomes painless to build an interactive user interface. It efficiently updates and renders the right components when changes are made.

Before you use React.js as web technology, let’s have a look at the practices that every React.js developer should follow to write better react codes for their application.
Read more →

Using Flex (Fast Lexical Analyzer Generator)

Reading time5 min
Views8.6K
Lexical analysis is the first stage of a compilation process. It's used for getting a token sequence from source code. It gets an input character sequence and finds out what the token is in the start position, whether it's a language keyword, an identifier, a constant (also called a literal), or, maybe, some error. A lexical analyzer (also known as tokenizer) sends a stream of tokens further, into a parser, which builds an AST (abstract syntax tree).

It's possible to write a lexer from scratch, but much more convenient to use any lexer generator. If we define some parsing rules, corresponding to an input language syntax, we get a complete lexical analyzer (tokenizer), which can extract tokens from an input program text and pass them to a parser.

One of such generators is Flex. In this article, we'll examine how it works in general, and observe some nontrivial nuances of developing a lexer with Flex.
Read more →

Why it is important to apply static analysis for open libraries that you add to your project

Reading time7 min
Views873
PVS-Studio and Awesome header-only C++ libraries

Modern applications are built from third-party libraries like a wall from bricks. Their usage is the only option to complete the project in a reasonable time, spending a sensible budget, so it's a usual practice. However, taking all the bricks indiscriminately may not be such a good idea. If there are several options, it is useful to take time to analyze open libraries in order to choose the best one.
Read more →

Why code reviews are good, but not enough

Reading time3 min
Views944
image1.png

Code reviews are definitely necessary and useful. It's a way to impart knowledge, educate, control a task, improve code quality and formatting, fix bugs. Moreover, you can notice high-level errors related to the architecture and algorithms used. So it's a must-have practice, except that people get tired quickly. Therefore, static analysis perfectly complements reviews and helps to detect a variety of inconspicuous errors and typos. Let's look at a decent example on this topic.
Read more →

Checking QEMU using PVS-Studio

Reading time14 min
Views655
image1.png

QEMU is a rather well-known application for emulation. Static analysis can help developers of complex projects such as QEMU catch errors at early stages and generally improve quality and reliability of a project. In this article, we will check the source code of the QEMU application for potential vulnerabilities and errors using the PVS-Studio static analysis tool.
Read more →

Dark code-style academy: line breaks, spacing, and indentation

Reading time4 min
Views2.5K

Hey guys! Let me walk you through the next part of our dark-style code academy. In this post, we will discover some other ways how to slow down the reading speed of your code. The next approaches will help you to decrease maintenance and increase a chance to get a bug in your code. Ready? Let's get started.

Read more

Dark code-style academy: spoil if statement

Reading time3 min
Views2.2K

image


Do you want to raise your salary? Do you want always to be in demand? Do you want to have your job as long as you want? It is absolutely real! You just need to change the way you write your code. Basically, you need to increase your job security. You have to write code which will be almost impossible to maintain for everyone except you. And in these series of articles, I will tell you how to achieve it. Welcome under the cut.

Read more →

Static Analysis: From Getting Started to Integration

Reading time9 min
Views1.3K
Sometimes, tired of endless code review and debugging, you start wondering if there are ways to make your life easier. After some googling or merely by accident, you stumble upon the phrase, "static analysis". Let's find out what it is and how it can be used in your project.

Read more →

Static Analysis: baseline VS diff

Reading time6 min
Views1.3K
If you use static analyzers, you will have, sooner or later, to address the task of making their integration into existing projects easier, where fixing all warnings on legacy code is unfeasible.

The purpose of this article is not to help with integration but rather to elaborate on the technicalities of the process: the exact implementations of warning suppression mechanisms and pros and cons of each approach.

image1.png

Read more →

Spring transaction management. Isolation and propagation

Reading time3 min
Views29K

Introduction


In my opinion transaction management is a really important topic for each backend developer. In general, people don’t pay attention to it while using Spring framework.


But I think, it is important to know how to use transactions properly. Because sometimes can happen that there was an exception thrown inside your method, but transaction was not rolled back and it is not clear why? Or some other “strange” cases.

Read more →

The Testcontainers’ MongoDB Module and Spring Data MongoDB Reactive in Action

Reading time19 min
Views5.6K

1. Introduction


How can I easily test my MongoDB multi-document transaction code without setting up MongoDB on my device? One might argue that they have to set it up first because in order to carry out such a transaction it needs a session which requires a replica set. Thankfully, there is no need to create a 3-node replica set and we can run these transactions only against a single database instance.

Read more →

C2x: the future C standard

Reading time8 min
Views17K

image


I strain to make the far-off echo yield
A cue to the events that may come in my day.
(‘Doctor Zhivago’, Boris Pasternak)

I’ll be honest: I don’t write in pure C that often anymore and I haven’t been following the language’s development for a long time. However, two unexpected things happened recently: С won back the title of the most popular programming language according to TIOBE, and the first truly interesting book in years on this language was published. So, I decided to spend a few evenings studying material on C2x, the future version of C.


Here I will share with you what I consider to be its most interesting new features.

Read more →

Small things that pollute your code

Reading time4 min
Views2.4K
I'm not going to discuss global things like design patterns and so on, as there's enough literature on that topic. Instead, I'd like to attract your attention to some small things that still affect lucidity and maintainability of a code.

Polluting code with 'test-only' methods or access modifiers


First of all, if you give access to something that shouldn't be used in production code, it gets used sooner or later. Just because it exist. The argument that it's an internal stuff doesn't work as it absolutely shouldn't be matter, writing you a library or isolated project! Treat people who will add anything to your internal codebase the same way as if they use your existing code as a different library.

Thus, if for some reason in test, you need to call something that should not be called on prod — use reflection or whatever else but do not expose it in production code! And there's no reason to afraid of reflection for test proposes, at the end, you using Mockito, shouldn't it be bad in that case as well?
Read more →

Authors' contribution