Pull to refresh
278.54

Open source *

Open source software

Show first
Rating limit
Level of difficulty

Multiple violations of policies in RMS open letter

Reading time 7 min
Views 3.7K

Author: Chris Punches (@cmpunches, Silo group). License: "Please feel free to share unmodified".

The following text is an unmodified copy of now removed issue #2250 on rms-open-letter.github.io repository. The text claims multiple violations of different policies, codes of conduct and other documents in creation, content and support of the "Open letter to remove Richard M. Stallman from all leadership positions". The issue has not been addressed.

Read more
Total votes 24: ↑20 and ↓4 +16
Comments 3

Faster ENUM

Reading time 9 min
Views 2.2K

tl;dr


github.com/QratorLabs/fastenum
pip install fast-enum

What are enums


(If you think you know that — scroll down to the “Enums in Standard Library” section).

Imagine that you need to describe a set of all possible states for the entities in your database model. You'll probably use a bunch of constants defined as module-level attributes:
# /path/to/package/static.py:
INITIAL = 0
PROCESSING = 1
PROCESSED = 2
DECLINED = 3
RETURNED = 4
...

...or as class-level attributes defined in their own class:
class MyModelStates:
  INITIAL = 0
  PROCESSING = 1
  PROCESSED = 2
  DECLINED = 3
  RETURNED = 4

That helps you refer to those states by their mnemonic names, while they persist in your storage as simple integers. By this, you get rid of magic numbers scattered through your code and make it more readable and self-descriptive.

But, both the module-level constant and the class with the static attributes suffer from the inherent nature of python objects: they are all mutable. You may accidentally assign a value to your constant at runtime, and that is a mess to debug and rollback your broken entities. So, you might want to make your set of constants immutable, which means both the number of constants declared and the values they are mapped to must not be modified at runtime.
Read more →
Total votes 28: ↑28 and ↓0 +28
Comments 0

Checking the Ark Compiler Recently Made Open-Source by Huawei

Reading time 6 min
Views 948
Picture 1

During the summer of 2019, Huawei gave a series of presentations announcing the Ark Compiler technology. The company claims that this open-source project will help developers make the Android system and third-party software much more fluent and responsive. By tradition, every new promising open-source project goes through PVS-Studio for us to evaluate the quality of its code.

Introduction


The Ark Compiler was first announced by Huawei at the launch of the new smartphone models P30 and P30 Pro. It is claimed that the Ark Compiler will improve the fluency of the Android system by 24% and response speed by 44%. Third-party Android applications will also gain a 60% speed-up after recompilation with the Ark Compiler. The open-source version of the project is called OpenArkCompiler; its source code is available on Gitee, a Chinese fork of GitHub.
Read more →
Total votes 24: ↑24 and ↓0 +24
Comments 0

On request of Embedded Developers: Detecting Errors in Amazon FreeRTOS

Reading time 15 min
Views 1.3K
Anyone who programs microcontrollers probably knows about FreeRTOS, or at least heard of this operating system. Amazon developers decided to enhance the abilities of this operating system to work with AWS Internet of Things services. This is how Amazon FreeRTOS appeared. We, developers of the PVS-Studio static code analyzer, were asked by mail and in comments to check these projects. Well, now get what you asked for. Keep reading to find out what came out of it.


Read more →
Total votes 27: ↑27 and ↓0 +27
Comments 0

Analyzing the Code of ROOT, Scientific Data Analysis Framework

Reading time 14 min
Views 2.4K
Picture 3
While Stockholm was holding the 118th Nobel Week, I was sitting in our office, where we develop the PVS-Studio static analyzer, working on an analysis review of the ROOT project, a big-data processing framework used in scientific research. This code wouldn't win a prize, of course, but the authors can definitely count on a detailed review of the most interesting defects plus a free license to thoroughly check the project on their own.

Introduction


Picture 1

ROOT is a modular scientific software toolkit. It provides all the functionalities needed to deal with big data processing, statistical analysis, visualisation and storage. It is mainly written in C++. ROOT was born at CERN, at the heart of the research on high-energy physics. Every day, thousands of physicists use ROOT applications to analyze their data or to perform simulations.
Read more →
Total votes 22: ↑22 and ↓0 +22
Comments 4

Checking Telegram Open Network with PVS-Studio

Reading time 7 min
Views 1.3K

Picture 3

Telegram Open Network (TON) is a platform by the same team that developed the Telegram messenger. In addition to the blockchain, TON provides a large set of services. The developers recently made the platform's code, which is written in C++, publicly available and uploaded it to GitHub. We decided to check the project before its official release.
Read more →
Total votes 30: ↑28 and ↓2 +26
Comments 0

Celestia: Bugs' Adventures in Space

Reading time 6 min
Views 967
Picture 1

Celestia is a three-dimensional space simulator. Simulation of the space allows exploring our universe in three dimensions. Celestia is available on Windows, Linux and macOS. The project is very small and PVS-Studio detected few defects in it. Despite this fact, we'd like to pay attention to it, as it's a popular educational project and it will be rather useful to somehow improve it. By the way, this program is used in popular films, series and programs for showing space. This fact, in turns, raises requirements to the code quality.
Read more →
Total votes 27: ↑25 and ↓2 +23
Comments 0

Dark theme of Thunderbird as a reason to run a code analyzer

Reading time 12 min
Views 2K
Picture 3
The adventures with the Mozilla Thunderbird mail client began with automatic update to version 68.0. More text in pop-up notifications and default dark theme are the notable features of this version. Occasionally I found an error that I immediately craved to detect with static analysis. This became the reason to go for another check of the project source code using PVS-Studio. It so happened that by the time of the analysis, the bug had already been fixed. However, since we've paid some attention to the project, there's no reason not to write about other found defects.

Introduction


The dark theme of the new Thunderbird version looks pretty. I like dark themes. I've already switched to them in messengers, Windows, macOS. Soon iPhone will be updated to iOS 13 with a dark theme. For this reason I even had to change my iPhone 5S for a newer model. In practice, it turned out that a dark theme requires more effort for developers to pick up the colors of the interface. Not everyone can handle it the first time.
Read more →
Total votes 28: ↑26 and ↓2 +24
Comments 0

Analysis of the Apache Dubbo RPC Framework by the PVS-Studio Static Code Analyzer

Reading time 9 min
Views 1.4K

Picture 2

Apache Dubbo is one of the most popular Java projects on GitHub. It's not surprising. It was created 8 years ago and is widely applied as a high-performance RPC environment. Of course, most of the bugs in its code have long been fixed and the quality of the code is maintained at a high level. However, there is no reason to opt out of checking such an interesting project using the PVS-Studio static code analyzer. Let's see how it turned out.
Read more →
Total votes 25: ↑24 and ↓1 +23
Comments 0

How to set up PVS-Studio in Travis CI using the example of PSP game console emulator

Reading time 11 min
Views 670

PPSSPP

Travis CI is a distributed web service for building and testing software that uses GitHub as a source code hosting service. In addition to the above scripts, you can add your own, thanks to the extensive configuration options. In this article we will set up Travis CI for working with PVS-Studio by the example of PPSSPP code.
Read more →
Total votes 26: ↑24 and ↓2 +22
Comments 0

An Easy Way to Make Money on Bug Bounty

Reading time 5 min
Views 5K

Рисунок 2


Surely you've heard the expression «bug hunting» many times. I dare to assume, you won't mind earning one or two hundred (or even thousand) dollars by finding a potential vulnerability in someone's program. In this article, I'll tell you about a trick that will help analyzing open source projects in order to find such vulnerabilities.
Read more →
Total votes 24: ↑20 and ↓4 +16
Comments 0

CMake: the Case when the Project's Quality is Unforgivable

Reading time 11 min
Views 2K

Picture 1

CMake is a cross-platform system for automating project builds. This system is much older than the PVS-Studio static code analyzer, but no one has tried to apply the analyzer on its code and review the errors. As it turned out, there are a lot of them. The CMake audience is huge. New projects start on it and old ones are ported. I shudder to think of how many developers could have had any given error.
Read more →
Total votes 25: ↑23 and ↓2 +21
Comments 0

PVS-Studio Visits Apache Hive

Reading time 12 min
Views 1.2K
Рисунок 1

For the past ten years, the open-source movement has been one of the key drivers of the IT industry's development, and its crucial component. The role of open-source projects is becoming more and more prominent not only in terms of quantity but also in terms of quality, which changes the very concept of how they are positioned on the IT market in general. Our courageous PVS-Studio team is not sitting idly and is taking an active part in strengthening the presence of open-source software by finding hidden bugs in the enormous depths of codebases and offering free license options to the authors of such projects. This article is just another piece of that activity! Today we are going to talk about Apache Hive. I've got the report — and there are things worth looking at.
Read more →
Total votes 23: ↑20 and ↓3 +17
Comments 0

Checking the .NET Core Libraries Source Code by the PVS-Studio Static Analyzer

Reading time 59 min
Views 1.7K

Picture 19

.NET Core libraries is one of the most popular C# projects on GitHub. It's hardly a surprise, since it's widely known and used. Owing to this, an attempt to reveal the dark corners of the source code is becoming more captivating. So this is what we'll try to do with the help of the PVS-Studio static analyzer. What do you think – will we eventually find something interesting?
Read more →
Total votes 28: ↑25 and ↓3 +22
Comments 1

The story of how PVS-Studio found an error in the library used in… PVS-Studio

Reading time 3 min
Views 1.2K

Picture 1

This is a short story about how PVS-Studio helped us find an error in the source code of the library used in PVS-Studio. And it was not a theoretical error but an actual one — the error appeared in practice when using the library in the analyzer.
Read more →
Total votes 27: ↑24 and ↓3 +21
Comments 0

PVS-Studio Looked into the Red Dead Redemption's Bullet Engine

Reading time 10 min
Views 4.5K
Picture 4

Nowadays there is no need to implement the physics of objects from scratch for game development because there are a lot of libraries for this purpose. Bullet was actively used in many AAA games, virtual reality projects, various simulations and machine learning. And it is still used, being, for example, one of the Red Dead Redemption and Red Dead Redemption 2 engines. So why not check the Bullet with PVS-Studio to see what errors static analysis can detect in such a large-scale physics simulation project.
Read more →
Total votes 34: ↑31 and ↓3 +28
Comments 0

Almost Perfect Libraries by Electronic Arts

Reading time 4 min
Views 5.6K
Our attention was recently attracted by the Electronic Arts repository on GitHub. It's tiny, and of the twenty-three projects available there, only a few C++ libraries seemed interesting: EASTL, EAStdC, EABase, EAThread, EATest, EAMain, and EAAssert. The projects themselves are tiny too (about 10 files each), so bugs were found only in the «largest» project of 20 files :D But we did find them, and they do look interesting! As I was writing this post, we were also having a lively discussion of EA games and the company's policy :D

Picture 1

Read more →
Total votes 24: ↑22 and ↓2 +20
Comments 0

Best Copy-Paste Algorithms for C and C++. Haiku OS Cookbook

Reading time 14 min
Views 1.1K
Numerous typos and Copy-Paste code became the main topic of the additional article about checking the Haiku code by the PVS-Studio analyzer. Yet this article mostly tells about errors related to thoughtlessness and failed refactoring, rather than to typos. The errors found demonstrate how strong the human factor is in software development.

Picture 1
Read more →
Total votes 16: ↑13 and ↓3 +10
Comments 0

How to shoot yourself in the foot in C and C++. Haiku OS Cookbook

Reading time 20 min
Views 2.9K
The story of how the PVS-Studio static analyzer and the Haiku OS code met goes back to the year 2015. It was an exciting experiment and useful experience for teams of both projects. Why the experiment? At that moment, we didn't have the analyzer for Linux and we wouldn't have it for another year and a half. Anyway, efforts of enthusiasts from our team have been rewarded: we got acquainted with Haiku developers and increased the code quality, widened our error base with rare bugs made by developers and refined the analyzer. Now you can check the Haiku code for errors easily and quickly.
Picture 1

Read more →
Total votes 18: ↑17 and ↓1 +16
Comments 1

Authors' contribution