Blog

  • A Slipshod Check of the Visual C++ 2013 Library (update 3)

    13.10.2014
    Someone suggested to me recently that I check the libraries from Visual Studio 2013. I haven't found anything of much interest, just a few small errors and slip-ups. They wouldn't make an interesting, attractive article, but I've still decided to describe all those defects. I just hope it will help make the libraries a bit better and stimulate the authors to carry out a more thorough analysis. I don't have the project files necessary to build the libraries, so my analysis had to be superficial and I could have missed a lot. Read more
  • Virtual Method Table and accident prevention

    10.10.2014
    As a small warm-up before the article, I would like readers to ask themselves: does a photographer need to know how camera works in order to make qualitative photos? Well, does he need to know the term "diaphragm" at least? "Signal-to-noise ratio"? "Depth of field"? Practice shows that even with a knowledge of such difficult terms photos shot by the most "gifted ones" may be just a little bit better that photos shot by cell phone camera through 0.3 MP "hole". Alternatively, good quality photos may be shot due to the outstanding experience and intuition without any knowledge whatsoever (but usually it is an exception to the rules). Nevertheless, it is unlikely that there is somebody who can argue with me in the fact that professionals who want to get every single possibility from their camera (not only MP in a square millimeter on an image sensor) are required to know these terms, or else they cannot be called professionals at all. That is true not only in digital photography, but in almost every other industry as well. Read more
  • Analyzing the Network Security Services Library

    08.10.2014
    Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It implements cryptographic functions in the Firefox and Chrome browsers, and after a recently found certificate signature verification vulnerability, I decided to take a look at this project too. Read more
  • A Bonus to the "Three Interviews About Static Analyzers" Article, or Interview Four

    07.10.2014
    About a week ago, I published the "Three Interviews About Static Code Analyzers" article at Habrahabr. This article presents opinions of three experienced programmers from the companies Acronis, AlternativaPlatform and Echelon Company concerning software development methodologies as well as some of their ideas about using static code analyzers. Read more
  • The Unicorn Getting Interested in KDE

    29.09.2014
    KDE (abbreviation for K Desktop Environment) is a desktop environment primarily for Linux and other UNIX-like operating systems. To put it simple, it's the thing which is responsible for the entire graphic design. The environment is based on the cross-platform user interface development toolkit Qt. The development is done by several hundreds of programmers throughout the world devoted to the idea of free software. KDE offers a complete set of user environment applications that allows one to interact with the operating system within the framework of a modern graphic interface. So let's see what KDE has under the hood. Read more
  • Three Interviews About Static Code Analyzers

    26.09.2014
    Hello, dear readers!. Read more
  • Checking Oracle VM VirtualBox. Part 2

    22.09.2014
    Virtual machines are used for very different tasks. Personally I have been using VirtualBox for many years to test software and simply study various Linux distributions. And now, after years of using the tool and encountering undefined behavior every now and then, I've decided to make use of my experience in analysis of open-source projects and check the source code of Oracle VM Virtual Box.In this article, I will continue describing the numerous suspicious fragments found in the project. Read more
  • Checking Oracle VM VirtualBox. Part 1

    19.09.2014
    Virtual machines are used for very different tasks. Personally I have been using VirtualBox for many years to test software and simply study various Linux distributions. And now, after years of using the tool and encountering unexpected behavior every now and then, I've decided to make use of my experience in analysis of open-source projects and check the source code of Oracle VM Virtual Box. Read more
  • Let's Play a Game

    18.09.2014
    The authors of the PVS-Studio analyzer invite you to test your attentiveness. Read more
  • Overlapping Between PVS-Studio and Cppcheck

    15.09.2014
    We have been asked many times about the degree of overlapping between diagnostics of our PVS-Studio analyzer and the Cppcheck analyzer. I've decided to write a small article about it to refer to as a quick answer in future. To put it brief, the overlapping is very little – only 6% of the total number of errors is detected by both analyzers. In this article, I will tell you how we got this figure. Read more