Our Articles

• Static code analysis and the new language standard C++0x

  01.04.2010
  The article discusses the new capabilities of C++ language described in the standard C++0x and supported in Visual Studio 2010. By the example of PVS-Studio we will see how the changes in the language influence static code analysis tools. Read more

• The essence of the VivaCore code analysis library

  09.01.2008
  The article tells developers about VivaCore library, preconditions of its creation, its possibilities, structure and scope of use. This article was written simultaneously with the development of VivaCore library and that's why some of the details of the final realization may differ from the features described here. But this won't prevent the developers from getting acquainted with the general work principles of the library, mechanisms of analysis and processing of C and C++ source code. Read more

• 100 bugs in Open Source C/C++ projects

  16.03.2012
  This article demonstrates capabilities of the static code analysis methodology. The readers are offered to study the samples of one hundred errors found in open-source projects in C/C++. All the errors have been found with the PVS-Studio static code analyzer. Read more

• How to make fewer errors at the stage of code writing. Part N4

  14.12.2011
  This is the fourth post in which I want to share with you some useful observations on error patterns and the ways of fighting them. This time I will touch upon the subject of handling rare and emergency conditions in programs. While examining a number of applications, I came to a conclusion that the error handling code is one of the most unreliable parts in C/C++ programs' sources. What are the consequences of such defects? An application must generate the message "file X is not found" but instead it crashes and forces the user to make guesses about what he/she is doing wrong. A program handling a data base produces an incomprehensible message instead of telling the user that there is just a field filled in incorrectly. Let's try to fight against this type of errors that haunt our users. Read more

• PVS-Studio advertisement - static analysis of C/C++ code

  25.10.2011
  This document advertises the PVS-Studio static analyzer. It describes how using PVS-Studio reduces the number of errors in code of C/C++/C++11 projects and costs on code testing, debugging and maintenance. A lot of examples of errors are cited found by the analyzer in various Open-Source projects. The document describes PVS-Studio at the time of version 4.38 on October 12-th, 2011, and therefore does not describe the capabilities of the tool in the next versions. To learn about new capabilities, visit the product's site http://www.viva64.com or search for an updated version of this article. Read more

• PVS-Studio: analyzing ReactOS's code

  01.09.2011
  Having checked ReactOS's code I managed to fulfill three of my wishes at once. Firstly, I had wanted for a long time to write an article on a common project. It's not interesting to check the source code of projects like Chromium: its quality is too high and a lot of resources are spent to maintain it, which are unavailable to common projects. Secondly, it's a good example to demonstrate the necessity of static analysis in a large project, especially when it is developed by a diverse and distributed team. Thirdly, I've got a confirmation that PVS-Studio is becoming even better and more useful. Read more

• How to make fewer errors at the stage of code writing. Part N3

  07.07.2011
  This is the third article where I will tell you about a couple of new programming methods that can help you make your code simpler and safer. You may read the previous two posts here [1] and here [2]. This time we will take samples from the Qt project. Read more

• How we test the code analyzer

  05.07.2011
  The article describes the testing technologies used when developing PVS-Studio static code analyzer. The developers of the tool for programmers talk about the principles of testing their own program product which can be interesting for the developers of similar packages for processing text data or source code. Read more

• PVS-Studio vs Chromium

  23.05.2011
  Good has won this time. To be more exact, source codes of the Chromium project have won. Chromium is one of the best projects we have checked with PVS-Studio. Read more

• Difficulties of comparing code analyzers, or don't forget about usability

  31.03.2011
  Users' desire to compare different code analyzers is natural and understandable. However, it's not so easy to fulfill this desire as it may seem at first sight. The point is that you don't know what particular factors must be compared. Read more

• How to make fewer errors at the stage of code writing. Part N2

  29.03.2011
  This is the second article on avoiding certain errors at the early stage of code writing. In the previous post, we have already advised you to avoid a large number of calculations in one expression. However, we should investigate this question in detail. Let's see what's dangerous about complex expressions and how we can avoid many logical errors. Read more

• How to make fewer errors at the stage of code writing. Part N1

  09.03.2011
  I've arrived at the source code of a widely know instant messenger Miranda IM. Together with various plugins, this is a rather large project whose size is about 950 thousand code lines in C and C++. And like any other considerable project with a long development history, it has rather many errors and misprints. Read more

• Intel IPP Samples for Windows - error correction

  27.01.2011
  This is one of my posts on how PVS-Studio makes programs safer. That is where and what types of errors it detects. This time it is samples demonstrating handling of the IPP 7.0 library (Intel Performance Primitives Library) we are going to examine. Read more

• Consequences of using the Copy-Paste method in C++ programming and how to deal with it

  24.01.2011
  I create the PVS-Studio analyzer detecting errors in source code of C/C++/C++0x software. So I have to review a large amount of source code of various applications where we detected suspicious code fragments with the help of PVS-Studio. I have collected a lot of examples demonstrating that an error occurred because of copying and modifying a code fragment. Of course, it has been known for a long time that using Copy-Paste in programming is a bad thing. But let's try to investigate this problem closely instead of limiting ourselves to just saying "do not copy the code". Read more

• Regular use of static code analysis in team development

  09.08.2010
  Static code analysis technologies are used in companies with mature software development processes. However, there might be different levels of using and introducing code analysis tools into a development process: from manual launch of an analyzer "from time to time" or when searching for hard-to-find errors to everyday automatic launch or launch of a tool when adding new source code into the version control system. Read more

• Interview with Issam Lahlali, one of the CppDepend tool creators

  06.06.2010
  The article presents answers to the questions asked to Issam Lahlali that concern the developer tool CppDepend. Read more

• Changes in programmer tools' infrastructure

  26.04.2010
  The article describes some observations concerning changes in the infrastructure of tools used by programmers in everyday work. First of all, these changes are related to the release of Visual Studio 2010. Read more

• VivaCore FAQ

  09.12.2009
  This paper contains some questions and answers about VivaCore C/C++ code analysis library by OOO "Program Verification Systems". Read more

• Software code metrics

  20.07.2009
  The article describes 7 types of metrics and more than 50 their representatives, provides a detailed description and calculation algorithms used. It also touches upon the role of metrics in software development. Read more

• Interview with Dmitriy Vyukov - the author of Relacy Race Detector (RRD)

  06.04.2009
  This is an interview with Dmitriy Vyukov - the author of Relacy Race Detector (RRD) tool intended for verifying parallel applications. In this article you will learn about the history of creating RRD, its basic abilities and also about some other similar tools and the way they differ from RRD. Read more

• Development of a static code analyzer for detecting errors of porting programs on 64-bit systems

  26.03.2009
  The article concerns the task of developing a program tool called static analyzer. The tool being developed is used for diagnosing potentially unsafe syntactic structures of C++ from the viewpoint of porting program code on 64-bit systems. Here we focus not on the problems of porting occurring in programs, but on the peculiarities of creating a specialized code analyzer. The analyzer is intended for working with the code of C/C++ programs. Read more

• Konstantin Knizhnik: static analysis, a view from aside

  10.01.2009
  The article is an interview with Konstantin Knizhnik taken by Andrey Karpov, "Program Verification Systems" company's worker. In this interview the issues of static code analysis, relevance of solutions made in this sphere and prospects of using static analysis while developing applications are discussed. Read more

• Installation of PC-Lint and its using in Visual Studio 2005

  23.12.2008
  The article is devoted to the first acquaintance with the PC-Lint 8.0 static analyzer of C++ code. The process of the tool installation and its initial setting is described. Read more

• How VivaCore library appeared

  10.08.2008
  The article describes the main preconditions and stages of development of open VivaCore library intended for code analysis and creation of metaprogramming systems. VivaCore project is a development of OpenC++ library in which support of C and C++ language peculiarities specific for Visual Studio 2005/2008 is implemented. Read more

• Detection of vulnerabilities in programs with the help of code analyzers

  10.08.2008
  At present there are a lot of tools intended for automating search of program vulnerabilities. This article describes some of them. Read more

• Description of VivaVisualCode

  02.07.2008
  This article concerns the program VivaVisualCode, showing how to use VivaCore library. VivaVisualCode represents in a graphic form the parse tree of the input source code in C++. Read more

• Building of systems of automatic C/C++ code logging

  13.05.2008
  Sometimes logging of an application's events is the only debugging method. The logging method's disadvantage is the large size of the code which you have to write manually to save the whole necessary information. The article touches upon the method allowing you to build a system of automatic logging of C/C++ code. Read more

• VivaCore - Quick Start

  20.04.2008
  The document familiarizes developers with VivaCore library giving general information about the library, the scope of use, license agreements. It describes also the process of the library's deployment and an example of how to use it. Read more

• Using Static Analysis in Program Development

  31.01.2008
  Static analysis allows checking program code before the tested program is executed. The static analysis process consists of three steps. First, the analyzed program code is split into tokens, i.e. constants, identifiers, reserved symbols, etc. This operation is performed by lexer. Second, the tokens are passed to parser, which builds an abstract syntax tree (AST) based on the tokens. Finally, the static analysis is performed over the AST. This article describes three static analysis techniques: AST walker analysis, data flow analysis and path-sensitive data flow analysis. Read more

• Brief description of the VivaCore code analysis library

  12.01.2008
  While investigating the sphere of static analysis and working on the creation of the Viva64 tool our team came to a conclusion that the most part of the developed structures and algorithms can be united into a library and used by third-party developers for creating new software products. This library has been named VivaCore. Read more

• The use of the code analysis library OpenC++: modifications, improvements, error corrections

  12.01.2008
  The article may be interesting for developers who use or plan to use OpenC++ library (OpenCxx). The author tells about his experience of improving OpenC++ library and modifying the library for solving special tasks. Read more