Blog

  • Analysis of PHP7

    28.04.2016
    Sometimes checking a project one more time can be quite amusing. It helps to see which errors were fixed, and which ones got into the code since the time it was last checked. My colleague has already written an article about PHP analysis. As there was a new version released, I decided to check the source code of the interpreter once again, and I wasn't disappointed - the project had a lot of interesting fragments to look at. Read more
  • The Ultimate Question of Programming, Refactoring, and Everything

    14.04.2016
    Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The author is Andrey Karpov - technical director of "Program Verification Systems", a team of developers, working on PVS-Studio static code analyzer. Having checked a large number of open source projects, we have seen a large variety of ways to shoot yourself in the foot; there is definitely much to share with the readers. Every recommendation is given with a practical example, which proves the currentness of this question. These tips are intended for C/C++ programmers, but usually they are universal, and may be of interest for developers using other languages. Read more
  • Logical Expressions in C/C++. Mistakes Made by Professionals

    11.04.2016
    In programming, a logical expression is a language construct that is evaluated as true or false. Many books that teach programming "from scratch" discuss possible operations on logical expressions familiar to every beginner. In this article, I won't be talking about the AND operator having higher precedence than OR. Instead, I will talk about common mistakes that programmers make in simple conditional expressions consisting of no more than three operators, and show how you can check your code using truth tables. Mistakes described here are the ones made by the developers of such well-known projects as FreeBSD, Microsoft ChakraCore, Mozilla Thunderbird, LibreOffice, and many others. Read more
  • Toonz code leaves much to be desired

    07.04.2016
    Recently the world got to know that Digital Video, the makers of TOONZ, and DWANGO, a Japanese publisher, have signed an agreement for the acquisition by Dwango of Toonz, an animation software which was independently developed by Digital Video (Rome, Italy). Read more
  • Safe Clearing of Private Data

    06.04.2016
    We often need to store private data in programs, for example passwords, secret keys, and their derivatives, and we usually need to clear their traces in the memory after using them so that a potential intruder can't gain access to these data. In this article we will discuss why you can't clear private data using memset() function. Read more
  • Analyzing Samba with PVS-Studio on Linux

    04.04.2016
    If you have followed the last developement in C/C++ static analysis tools you must have heard of PVS-Studio. I heard of them through the articles they publish on their site where they analyze open source projects. They have analyzed quite big projects including the Linux kernel, Qt, Unreal, ... and they have always managed to find crazy bugs that have been siting there for some time, undetected. Typos, bad copy-paste, undefined behaviours, non-sense code, syntax error that miraculously stills compile... As John Carmack said: "Everything that is syntactically legal that the compiler will accept will eventually wind up in your codebase".. Read more
  • Type Conversion in C++ and C# Arithmetic Expressions

    29.03.2016
    In arithmetic expressions, the types of operands can be converted to a common type. Such conversions are described in the language standard, and in C# they are much simpler than in C++. However, I'm not sure that many programmers know all the details. Read more
  • Detecting Overflows of 32-Bit Variables in Long Loops in 64-Bit Programs

    22.03.2016
    One of the problems that 64-bit software developers have to face is overflows of 32-bit variables in very long loops. PVS-Studio code analyzer is very good at catching issues of this type (see the Viva64 diagnostic set). A lot of questions concerning variable overflows are asked at StackOverflow.com. But since my answers may be treated as pure advertisement, rather than useful reference information, I decided to write an article where I could talk about PVS-Studio's capabilities. Read more
  • Serious Sam shooter anniversary - finding bugs in the code of the Serious Engine v.1.10

    21.03.2016
    The first-person shooter 'Serious Sam' celebrated its release anniversary on March, 2016. In honor of this, the game developers form the Croatian company Croteam decided to open the source code for the game engine, Serious Engine 1 v.1.10. It provoked the interest of a large number of developers, who got an opportunity to have a look at the code and improve it. I have also decided to participate in the code improvement, and wrote an article reviewing the bugs that were found by PVS-Studio analyzer. Read more
  • Analyzing the GTK+ Cross-Platform Widget Toolkit with PVS-Studio

    18.03.2016
    Widget toolkits are used to make the process of application GUI development easier, and GTK+ is one of them. It is this project that I picked for my first article about the PVS-Studio analyzer. I scanned the code of GTK+ with PVS-Studio for possible bugs and got quite a lot of messages about errors and suspicious fragments. Some of them are pretty critical. The total number of bugs is too big for an article, so I will talk only about some of them, which are the most typical. Read more