PVS-Studio and open-source software
I've decided to write about the work our team is doing regarding open-source projects. I will give a list of open-source projects we have checked by now with the PVS-Studio analyzer. Then I'll tell you about our plans for the future.
We are friendly to open-source projects. But don't forget that the "open-source" status of some software doesn't necessarily mean that it is being developed solely by some enthusiasts for the common good. Many projects are developed by workers of large companies, and they are paid salaries for that. People sit in their offices, eat cookies, do programming, and write articles about advantages of open-source software.
I just want to set in order thoughts of those people who believe that we must feel obliged to open-source software's authors only because it is open-source - and therefore check their source code and give them a registration key for free. That's exactly what we usually do, and we are glad to be helpful. But the fact of some software product's being open-source only means that for some reasons the company finds this form of project development more convenient. At the same time, they can well afford purchasing PVS-Studio. Why should we refuse?
OK, enough of grumbling. It's just not fair, with us having checked all those projects and given a number of free keys, that we are reproached for being unkind to open-source projects. Here's the list of open-source projects analyzed with PVS-Studio by now:
- 64-bit Loki library check. (September, 2009)
- WinMerge check (October, 2010), second check (March, 2012)
- Notepad++ check (November, 2010), second check (February, 2012)
- Fennec Media Project check (November, 2010)
- qutIM check (November, 2010)
- TortoiseSVN check (December, 2010)
- Ultimate Toolbox check (December, 2010)
- Intel IPP Samples check (January, 2011), second check (October, 2011), third check (April, 2012)
- Miranda IM check (March, 2011)
- Chromium check (May, 2011), second check (October, 2011)
- QT check (July, 2011)
- Apache HTTP Server check (July, 2011)
- Intel Energy Checker SDK check (July, 2011)
- Clang check (August, 2011), second check (August, 2012)
- ReactOS check (September, 2011), second check (April, 2013)
- Doom 3 check (November, 2011)
- Firefox check (December, 2011)
- Quake III Arena GPL check (February, 2012)
- TrinityCore check (February, 2012)
- Dolphin-emu check (February, 2012)
- Blender check (April, 2012)
- MAME check (July, 2012)
- Trans-Proteomic Pipeline check (August, 2012)
- It's not open-source, but it's useful to everyone. Visual C++ libraries check (September, 2012)
- Tor check (November, 2012)
- OpenSSL check (December, 2012)
- Casablanca check (March, 2013)
- OpenCV check (March, 2013)
- Various small projects we didn't write about.
It's not entirely without any reward that our team carries out these project checks. The articles we publish about errors detected in open-source projects serve as advertisement for us. We make no secret of it. But I believe it's the best advertisement you've ever seen! PVS-Studio indeed helps the open-source community.
Perhaps you will notice that the cited articles are greatly different in size. There is an explanation. For example, when writing the first article about checking ReactOS, the analyzer possessed much fewer diagnostic rules than when performing the second check. Within the time passed between the two checks, the tool has learned to find several times more bugs. That's why our analysis-report articles will in time grow even larger. Now we have to omit many arguable bugs in order not to turn an article into a reference book.
We inform project developers about all the errors we've found. Of course, the list of bugs we provide to them contains much more fragments to be considered than described in articles. We also give them a free registration key for some time so that they can check the project more thoroughly. If you develop an open-source project, write to us. With some open-source projects we establish good relations: the authors inform us about PVS-Studio's flaws and suggest new rules to implement, while we provide them with registration keys. So we are not greedy - quite on the contrary. Just ask, but never demand.
We also provide keys to programmers who have the Microsoft MVP status. But no one has asked us as yet. So, I'm reminding you of it once again.
Indeed, please feel free to contact us. We are ready for various ways of cooperation. For instance, we could write an article in co-authorship or carry out some investigation. We are a small company and don't have bureaucracy yet.
Let's speak about our plans now. We intend to go on checking open-source projects and write articles about the checks. We'll try to extend our coverage. For instance, we can now analyze projects built with MinGW. By the way, you may contact us to suggest some projects that you think should be checked. The only restriction is that they must be built in Windows. For you to know the details, here's a list of IDEs we support at present:
- Visual Studio 2013 - C, C++, C++11, C++/CX (WinRT)
- Visual Studio 2012 - C, C++, C++11, C++/CX (WinRT)
- Visual Studio 2010 - C, C++, C++0x
- Visual Studio 2008 - C, C++
- Visual Studio 2005 - C, C++
- MinGW - C, C++, C++11
And the last thing. We keep a bug database on our website. I think many of you will find it interesting wandering through it. But the most interesting thing about it is that it can be used as a resource to work out coding standards and new recommendations for textbooks and articles on programming. It is now waiting for its McConnell to come and use it as soil to raise a book of the "50 Tips on How Not to Drop a Clanger" style.