Blog

  • Undefined behavior is closer than you think

    05.02.2016
    Some people think that undefined behavior is caused only by gross errors (accessing outside the bounds of the array, for instance) or inadequate constructions (i = i++ + ++i, for example). That's why it is quite surprising when a programmer sees undefined behavior in the code that used to work correctly, without arousing any suspicion. One should never let his guard down, programming in C/C++. Because hell is closer than you may think. Read more
  • C#, PVS-Studio, ReSharper

    03.02.2016
    There is one question that we constantly get asked: "Does it make sense to use PVS-Studio static code analyzer, if we already have ReSharper?". Programmers probably expect to see an article with the comparison of these tools, according to their ability to find bugs in programs. But we reckon that such an article won't clarify the situation; and we'll explain why. However, the question is raised so often that it should be answered. The answer is yes, it makes sense. I should warn you that you won't find a comparison of these tools here. However, if you take just 10 minutes to read this article to its end, you will understand the way we see the situation. Read more
  • Avoid adding a new library to the project

    15.01.2016
    Suppose, you need to implement an X functionality in your project. Theorists of software development will say that you have to take the already existing library Y, and use it to implement the things you need. Suppose, you need to implement an X functionality in your project. Theorists of software development will say that you have to take the already existing library Y, and use it to implement the things you need. In fact, it is a classic approach in the software development - reusing your own or others' previously created libraries (third-party libraries). And most of the programmers go this way. Read more
  • New Year PVS-Studio 6.00 Release: Scanning Roslyn

    23.12.2015
    The long wait is finally over. We have released a static code analyzer PVS-Studio 6.00 that supports the analysis of C# projects. It can now analyze projects written in languages C, C++, C++/CLI, C++/CX, and C#. For this release, we have prepared a report based on the analysis of open-source project Roslyn. It is thanks to Roslyn that we were able to add the C# support to PVS-Studio, and we are very grateful to Microsoft for this project. Read more
  • The most dangerous function in the C/C++ world

    03.12.2015
    After checking hundreds of various C/C++ projects I can claim: memset() is the most inefficient and dangerous function. Most errors that I see in the projects are related to the usage of this particular memset() function. I understand that my conclusion is probably neither a revolutional one, nor an extremely useful one, but I think our readers would be interested to find out why I have come to it. Read more
  • Experimental version of PVS-Studio with C# support

    30.11.2015
    Our team is working on an experimental version of the PVS-Studio analyzer that from now on can analyze C# projects. This is neither a Release, nor even a Beta version. It's just a current build of PVS-Studio. We would like to start getting feedback from our users or potential users regarding C# support as soon as possible. Therefore we offer C# enthusiasts to try running a new version of PVS-Studio on your C# projects, and share with us the results. Your opinion on advantages/faults and recommendations about PVS-Studio for C++/C# will be highly appreciated. And of course in this article we are going to tell about another project check - this time SharpDevelop. Read more
  • The Empire Strikes Back

    13.11.2015
    Recently there appeared an article "Hackathon 2: Time lapse analysis of Unreal Engine 4", which describes how you can find a great number of bugs in Unreal Engine 4 using Klocwork. I just can't help commenting on this article. The thing is that, once we fixed all the bugs that PVS-Studio analyzer found, we haven't necessarily worked on all bugs existing in the project - only on those that were detected by our analyzer. However, the article creates an impression that the PVS-Studio analyzer skipped too many bugs. Well, I guess now it's my turn to say something. I have also rechecked Unreal Engine 4 and found plenty of another bugs. So I can claim that PVS-Studio can find new bugs in Unreal Engine 4. It's a draw. Read more
  • The First C# Project Analyzed

    13.11.2015
    The PVS-Studio team is now actively developing a static analyzer for C# code. The first version is expected by the end of 2015. And for now my task is to write a few articles to attract C# programmers' attention to our tool in advance. I've got an updated installer today, so we can now install PVS-Studio with C#-support enabled and even analyze some source code. Without further hesitation, I decided to scan whichever program I had at hand. This happened to be the Umbraco project. Of course we can't expect too much of the current version of the analyzer, but its functionality has been enough to allow me to write this small article. Read more
  • Celebrating 30-th anniversary of the first C++ compiler: let's find bugs in it

    05.11.2015
    Cfront is a C++ compiler which came into existence in 1983 and was developed by Bjarne Stroustrup. At that time it was known as "C with Classes". Cfront had a complete parser, symbol tables, and built a tree for each class, function, etc. Cfront was based on CPre. Cfront defined the language until circa 1990. Many of the obscure corner cases in C++ are related to the Cfront implementation limitations. The reason is that Cfront performed translation from C++ to C. In short, Cfront is a sacred artifact for a C++ programmer. So I just couldn't help checking such a project. Read more
  • In search of uninitialized class members

    27.10.2015
    We've already got several requests from our clients (including potential ones) to implement diagnostics that could help search for uninitialized class members. We were quite reluctant to do that as we were aware of the difficulty of the task, but finally we gave in. As a result we've come up with V730 diagnostics. I should say right away, that it's not perfect and I already foresee a number of letters directed to us with complaints about something working incorrectly. That's why I've decided to write a note about technical complexity of this task. I hope this information will give answers to the questions of PVS-Studio users and in general will be beneficial to our readership. Read more