Open source *

Open source software

ArticlesPostsNewsAuthors

Andrey2008 Oct 27 2020 at 14:36

Checking Clang 11 with PVS-Studio

10 min

755

PVS-Studio corporate blogCompilers*Information Security*Open source*C++*

Every now and then, we have to write articles about how we've checked another fresh version of some compiler. That's not really much fun. However, as practice shows, if we stop doing that for a while, folks start doubting whether PVS-Studio is worth its title of a good catcher of bugs and vulnerabilities. What if the new compiler can do that too? Sure, compilers evolve, but so does PVS-Studio – and it proves, again and again, its ability to catch bugs even in high-quality projects such as compilers.

Andrey2008 Oct 22 2020 at 11:39

Checking a Header-Only C++ Library Collection (awesome-hpp)

17 min

1.2K

PVS-Studio corporate blogC++*Open source*

Somehow, we've happened to check most of the libraries making up a collection called "Awesome hpp". These are small header-only projects in C++. Hopefully, the information about the bugs we've found will help make the libraries better. We'll also be happy to see the developers use PVS-Studio on a regular basis thanks to the free-license option we provide.

vkhanieva Oct 21 2020 at 10:08

Amnesia: The Dark Descent or How to Forget to Fix Copy Paste

14 min

797

PVS-Studio corporate blogGame development*Open source*C++*

Just before the release of the "Amnesia: Rebirth" game, the vendor "Fractional Games" opened the source code of the legendary "Amnesia: The Dark Descent" and its sequel "Amnesia: A Machine For Pigs". Why not use the static analysis tool to see what dreadful mistakes are hidden in the inside of these cult horror games?

basiliscos Oct 8 2020 at 14:31

What's new in rotor v0.09

8 min

Crazy Panda corporate blogC++*Open source*Programming*

From sandbox

actor system

rotor is a non-intrusive event loop friendly C++ actor micro framework, similar to its elder brothers like caf and sobjectizer. The new release came out under the flag of pluginization, which affects the entire lifetime of an actor.

+12

revusky Oct 1 2020 at 18:37

JavaCC 21 Parser Generator

4 min

2.6K

Java*Open source*

From sandbox

JavaCC 21 is a continuation of work on the venerable JavaCC parser generator, originally developed at Sun Microsystems in the 1990’s and released under a liberal open source license in 2003. It is currently the most advanced version of JavaCC. It has many feature enhancements (with more to come soon) and also generates much more modern, readable Java code. Also, certain key bugs have finally been fixed. (N.B. The “21” in JavaCC 21 is not a version number. It is simply part of the project name and means that this is a JavaCC for the 21st century!)

Andrey2008 Sep 24 2020 at 12:36

Why it is important to apply static analysis for open libraries that you add to your project

7 min

873

PVS-Studio corporate blogC++*Open source*Programming*Perfect code*

PVS-Studio and Awesome header-only C++ libraries

Modern applications are built from third-party libraries like a wall from bricks. Their usage is the only option to complete the project in a reasonable time, spending a sensible budget, so it's a usual practice. However, taking all the bricks indiscriminately may not be such a good idea. If there are several options, it is useful to take time to analyze open libraries in order to choose the best one.

-1

S0mbre Sep 21 2020 at 09:34

Crime, Race and Lethal Force in the USA — Part 3

24 min

1.7K

Big Data*Data Mining*Open source*Python*

Translation

This is the concluding part of my article devoted to a statistical analysis of police shootings and criminality among the white and the black population of the United States. In the first part, we talked about the research background, goals, assumptions, and source data; in the second part, we investigated the national use-of-force and crime data and tracked their connection with race.

S0mbre Sep 18 2020 at 05:00

Crime, Race and Lethal Force in the USA — Part 2

14 min

2.3K

Big Data*Data Mining*Open source*Python*

Translation

In the previous part of this article, I talked about the research background, goals, assumptions, source data, and used tools. Today, without further ado, let's say together…

S0mbre Sep 18 2020 at 05:00

Crime, Race and Lethal Force in the USA — Part 1

8 min

2.6K

Data Mining*Open source*Python*

Translation

Do the police in the US really shoot black people more often than white people? Is use of lethal force connected with race? How is crime related to race? What are the odds of getting shot by the police if you are white and if you are black? We're taking public data and python with pandas to shed some light on these questions, propaganda and politics set far aside.

eugeneovsyannikov Sep 4 2020 at 09:47

Checking QEMU using PVS-Studio

14 min

655

PVS-Studio corporate blogC*C++*Open source*Programming*

QEMU is a rather well-known application for emulation. Static analysis can help developers of complex projects such as QEMU catch errors at early stages and generally improve quality and reliability of a project. In this article, we will check the source code of the QEMU application for potential vulnerabilities and errors using the PVS-Studio static analysis tool.

stefanbuzz Aug 28 2020 at 16:13

Checking the Code of XMage, and Why You Won't Be Able to Get the Special Rare Cards of the Dragon's Maze Collection

13 min

672

PVS-Studio corporate blogGame development*Open source*Java*

XMage is a client-server application for playing Magic: The Gathering (MTG). XMage's development was started in early 2010. Since then, it has seen 182 releases, attracted an army of contributors, and it's still being actively developed even now. All that makes it a good reason for us to contribute to its development too! So, today the PVS-Studio unicorn is going to check the code base of XMage and maybe even get into a fight with some entities.

Andrey2008 Aug 19 2020 at 11:31

Static code analysis of the PMDK library collection by Intel and errors that are not actual errors

14 min

808

PVS-Studio corporate blogInformation Security*Open source*C++*C*

We were asked to check a collection of open source PMDK libraries for developing and debugging applications with NVRAM support by PVS-Studio. Well, why not? Moreover, this is a small project in C and C++ with a total code base size of about 170 KLOC without comments. Which means, the results review won't take much energy and time. Let's go.

Firensis Aug 13 2020 at 11:08

Unicorns break into RTS: analyzing the OpenRA source code

16 min

631

PVS-Studio corporate blogC#*Open source*Games and game consoles

This article is about the check of the OpenRA project using the static PVS-Studio analyzer. What is OpenRA? It is an open source game engine designed to create real-time strategies. The article describes the analysis process, project features, and warnings that PVS-Studio has issued. And, of course, here we will discuss some features of the analyzer that made the project checking process more comfortable.

SvyatoslavMC Jul 13 2020 at 09:30

The Code of the Command & Conquer Game: Bugs from the 90's. Volume two

13 min

3.5K

PVS-Studio corporate blogC*C++*Open source*Game development*

The American company Electronic Arts Inc (EA) has opened the source code of the games Command & Conquer: Tiberian Dawn and Command & Conquer: Red Alert publicly available. Several dozen errors were detected in the source code using the PVS-Studio analyzer, so, please, welcome the continuation of found defects review.

SvyatoslavMC Jun 18 2020 at 09:26

The Code of the Command & Conquer Game: Bugs From the 90's. Volume one

13 min

2.1K

PVS-Studio corporate blogC*C++*Open source*Game development*

The American company Electronic Arts Inc (EA) has made the source code of the games Command & Conquer: Tibetan Dawn and Command & Conquer: Red Alert publicly available. This code should help the game community to develop mods and maps, create custom units, and customize the gameplay logic. We all now have a unique opportunity to plunge into the history of development, which is very different from the modern one. Back then, there was no StackOverflow site, convenient code editors, or powerful compilers. Moreover, at that time, there were no static analyzers, and the first thing the community will face is hundreds of errors in the code. This is what the PVS-Studio team will help you with by pointing out the erroneous places.

NLazeba Jun 1 2020 at 11:41

NSA, Ghidra, and Unicorns

12 min

961

PVS-Studio corporate blogReverse engineering*Open source*Java*

This time, the PVS-Studio team's attention was attracted by Ghidra, a big bad reverse-engineering framework allowing developers to analyze binary files and do horrible things to them. The most remarkable fact about it is not even that it's free and easily extensible with plugins but that it was developed and uploaded to GitHub for public access by NSA. On the one hand, you bet NSA has enough resources for keeping their code base clean. On the other hand, new contributors, who are not well familiar with it, may have accidentally introduced bugs that could stay unnoticed. So, we decided to feed the project to our static analyzer and see if it has any code issues.

IchNikola May 28 2020 at 17:35

Single line code or check of Nethermind using PVS-Studio C# for Linux

14 min

882

PVS-Studio corporate blog.NET*C#*Open source*Development for Linux*

This article coincides with the beta testing start of PVS-Studio C# for Linux, as well as the plugin for Rider. For such a wonderful reason, we checked the source code of the Nethermind product using these tools. This article will cover some distinguished and, in some cases, funny errors.

Kostr May 14 2020 at 11:50

External Interrupts in the x86 system. Part 3. Interrupt routing setup in a chipset, with the example of coreboot

13 min

7.5K

C*Open source*System Programming*

Tutorial

We continue to investigate external device interrupt routing setup in the x86 system.

In Part 1 (Interrupt controller evolution) we looked at the theory behind interrupt controllers and all the necessary terminology. In Part 2 (Linux kernel boot options) we looked at how in practice the OS chooses between different interrupt controllers. In this part we will investigate how the BIOS sets IRQ to the interrupt controllers routing in a chipset.

None of the modern BIOS developer companies (AwardBIOS/AMIBIOS/Insyde) open their source code. But luсkily there is coreboot — a project aimed at replacing proprietary BIOS with free firmware code. In its source code we'll see what is needed to setup the interrupt routing in a chipset.

Boozlachu May 2 2020 at 17:20

Porting packages to buildroot using the Zabbix example

16 min

5.3K

*nix*Open source*Configuring Linux*Development for Linux*Software

Tutorial

The basics of porting

Originally, Buildroot offers a limited number of packages. It makes sense — there is everything you need, but any other packages can be added.

To add a package, create 2 description files, an optional checksum file, and add a link to the package in the general package list. There are hooks at different stages of the build. At the same time, Buildroot can recognize the needed type of packages:

Boozlachu Apr 23 2020 at 20:23

How I fix cups-printing in Buildroot

7 min

2.5K

Development for Linux*Configuring Linux*Open source**nix*

Intro

Like I said earlier in previos articles, Buildroot is a great system for embedded Linux development. But sometimes strange things can happen.

Once upon a workday, I got the following task: add printing system in firmware (Kraftway terminal Linux next generation). Ok, so I had to add cups + cups filter and to build firmware. I set a postscript-printer and got an error "Filter failed". Trivial tasks turned into serious work.

In this article, I wrote my own way of solving this problem. It may be useful for other developers and IT-specialist and, also, for a deeper understanding of the Buildroot.

If you are a Buildroot beginner, I recommend reading my previous articles.

Update 1 may 2020

Revisioned versions of this patches applied to master.

1 2 3

5 6 7 8