Blog

  • Unicorn in Space: Analyzing the Source Code of 'Space Engineers'

    12.02.2016
    As you've already figured out from the title, in this article we are going to discuss suspicious fragments found in the source code of the 'Space Engineers' project. The format of this article, however, is not quite the same as the rest of our articles. This time, in addition to the project description, review of selected bugs and suspicious fragments, and ways to fix them, I've included a small section where I talk about how to use a static analyzer in a proper way. I strongly recommend reading this section because many developers don't know or simply have never pondered how to use this type of tools right - the result is that static analysis tools are used ten times less effectively than they could. Read more
  • Analyzing source code of WPF examples by the Infragistics Company

    10.02.2016
    We continue analyzing various C# projects in order to show the abilities of the static code analyzer, PVS-Studio. In this article, we are providing analysis results of WPF examples by the Infragistics Company. Infragistics is a major software vendor, founded in 1989. It gained popularity mainly through the development of enterprise-ready user interface toolsets for developers, which are run on all platforms, including .NET. Read more
  • Undefined behavior is closer than you think

    05.02.2016
    Some people think that undefined behavior is caused only by gross errors (accessing outside the bounds of the array, for instance) or inadequate constructions (i = i++ + ++i, for example). That's why it is quite surprising when a programmer sees undefined behavior in the code that used to work correctly, without arousing any suspicion. One should never let his guard down, programming in C/C++. Because hell is closer than you may think. Read more
  • C#, PVS-Studio, ReSharper

    03.02.2016
    There is one question that we constantly get asked: "Does it make sense to use PVS-Studio static code analyzer, if we already have ReSharper?". Programmers probably expect to see an article with the comparison of these tools, according to their ability to find bugs in programs. But we reckon that such an article won't clarify the situation; and we'll explain why. However, the question is raised so often that it should be answered. The answer is yes, it makes sense. I should warn you that you won't find a comparison of these tools here. However, if you take just 10 minutes to read this article to its end, you will understand the way we see the situation. Read more
  • "Why is there no artificial intelligence yet?" Or, analysis of CNTK tool kit from Microsoft Research

    02.02.2016
    Microsoft have given open access to the source code of a tool kit that is used in the company to speed up the development of artificial intelligence: Computational Network Toolkit is now available at Github. The developers had to create their own custom solution, because the existing tools did not work fast enough. Let's have a look at the analysis results of the source code of this project, as done by our static code analyzer. Read more
  • Sony C#/.NET component set analysis

    27.01.2016
    Some of you may know that we have recently released version 6.00 of our analyzer, that now has C# support. The ability to scan C# projects increases the number of open-source projects we can analyze. This article is about one such check. This time it is a project, developed by Sony Computer Entertainment (SCEI). Read more
  • ChakraCore: analysis of JavaScript-engine for Microsoft Edge

    22.01.2016
    On the JSConf US conference in December 2015 the developers announced that they were planning to make open the source code of Chakra key components, a JavaScript-engine, operating in Microsoft Edge. Recently the ChackraCore source code became available under the MIT license in the corresponding repository on GitHub. In this article you will find interesting code fragments that were detected with the help of PVS-Studio code analyzer. Read more
  • Avoid adding a new library to the project

    15.01.2016
    Suppose, you need to implement an X functionality in your project. Theorists of software development will say that you have to take the already existing library Y, and use it to implement the things you need. Suppose, you need to implement an X functionality in your project. Theorists of software development will say that you have to take the already existing library Y, and use it to implement the things you need. In fact, it is a classic approach in the software development - reusing your own or others' previously created libraries (third-party libraries). And most of the programmers go this way. Read more
  • A Tribute to Opening Up Dolphin Smalltalk 7's Source Code

    12.01.2016
    A few days ago, the ObjectArts company made their source code and the Dolphin Smalltalk IDE open, making it available under the MIT license! Of course, I couldn't miss the chance to try our PVS-Studio code analyzer on the project. Right off, my congratulations go to the developers: they really managed to create high-quality code which has no critical bugs. However, some bugs and smelling code are always to be found in any project, and I hope this article will help make the code a bit better. Read more
  • Analyzing IronPython and IronRuby with PVS-Studio

    11.01.2016
    Just a while ago, we released a new version of our analyzer PVS-Studio with support of C#-code analysis. With the development paused for the time of the release, I took this opportunity to test the analyzer. For my experiments, I picked projects IronPython and IronRuby. After I scanned them, I thought I could tell you about the analysis results in this small article. Read more