Blog

  • Analyzing Vim by PVS-Studio in GNU/Linux

    19.03.2015
    You have probably thought that it's going to be another article about how we checked one more open-source project. But this article is actually not as much about the check itself as it is about the practice of using the PVS-Studio analyzer in the fully GNU/Linux environment. It's not by chance that we chose the Vim project for the check, for it had also contributed to the fulfillment of this task. Read more
  • PVS-Studio: 25 Suspicious Code Fragments in CoreCLR

    17.03.2015
    The Microsoft corporation has recently published for free access the source code of the CoreCLR engine which is a key component of .NET Core. We couldn't but pay attention to this event. The wider a project's audience is, the worse defects found in the code will seem, won't they? Despite Microsoft themselves being the authors of the product, there are still some issues to examine and think over in their code - just like in any other large project. Read more
  • Integrating Static Analysis into a Project with over 10 Mbytes of Source Code

    08.03.2015
    So, you're a developer working on a project containing a lot of (perhaps way lot of) source code - say, over 10 Mbytes. Read more
  • LibreOffice Project's Check

    01.03.2015
    We invite you to read a new article about how we analyzed another well-known open-source project. This time it is the LibreOffice office suite that I have examined. The project is developed by more than 480 programmers. We have found that it is pretty high-quality and that it is regularly checked by the Coverity static analyzer. But, like in any other large project, we still managed to find previously undetected bugs and defects and in this article we are going to discuss them. Just for a change, this time we will be accompanied by cows instead of unicorns. Read more
  • Bugs Found by LibreOffice in PVS-Studio

    24.02.2015
    Usually we check various projects by PVS-Studio. This time, it's been vice versa: We have checked PVS-Studio by LibreOffice :-). And then managed to do the opposite check as well. Read more
  • Null Pointer Dereferencing Causes Undefined Behavior

    16.02.2015
    I have unintentionally raised a large debate recently concerning the question if it is legal in C/C++ to use the &P->m_foo expression with P being a null pointer. The programmers' community divided into two camps. The first claimed with confidence that it wasn't legal while the others were as sure saying that it was. Both parties gave various arguments and links, and it occurred to me at some point that I had to make things clear. For that purpose, I contacted Microsoft MVP experts and Visual C++ Microsoft development team communicating through a closed mailing list. They helped me to prepare this article and now everyone interested is welcome to read it. For those who can't wait to learn the answer: That code is NOT correct. Read more
  • PVS-Studio for Visual C++

    09.02.2015
    Many of our articles are concentrated on anything but the PVS-Studio analyzer itself. We tell our readers about projects we have checked, nuances of C++ language, creation of plugins in C#, running PVS-Studio from the command line... But PVS-Studio was first of all designed for Visual Studio users. We have done a lot to make their work with the tool as comfortable as possible. But this particular fact is very often left outside the frame. I've decided to improve the situation and tell you about the PVS-Studio plugin from scratch. If you work in Visual C++, this article is for you. Read more
  • Checking MatrixSSL with PVS-Studio and Cppcheck

    02.02.2015
    In this article, I'm going to tell you about a check of the MatrixSSL project done with the static analyzers for C/C++ code PVS-Studio and Cppcheck. Read more
  • PVS-Studio and Hostile Environment

    28.01.2015
    This is another story about programs having a hard time trying to interact with the external world. At first glance, a static analyzer should face no problems at all. It just gets files and some additional information at the input and generates a log-file out of it. But the Devil is, as usual, in the detail. Read more
  • Twitter for C++ Programmers (updated)

    23.01.2015
    This small post is for those programmers who use Twitter or are just about to start doing this. I'm sure developers will find some useful information here. Read more