Blog

  • Checking GIMP's Source Code with PVS-Studio

    15.08.2014
    To check GIMP, we should first find a way to get it compile successfully. This task is far from easy, that's why we had been constantly delaying the check. However, the project is too famous, and we were very interested to find out its quality. So we have conquered our laziness and completed the analysis. Read more
  • Can We Trust the Libraries We Use?

    11.08.2014
    Any large modern application consists of numerous third-party libraries, and I'd like to discuss the topic of our trust in these libraries. In books and articles, there are lots of debates about code quality, testing methods, development methodologies, and so on. But I don't remember anyone discussing the quality of bricks applications are built from. So let's talk about it today. For example, there is the Medicine Insight Segmentation and Registration Toolkit (ITK). I find it to be implemented pretty well. At least, I have noticed just a few bugs in its code. But I cannot say the same about the code of the third-party libraries used there. So the question is: how much can we trust such systems? Much food for thought. Read more
  • Checking PVS-Studio with Clang

    08.08.2014
    Yes, you've read it right. This time we are writing an "opposite" article: it's not about us checking some third-party project but about our own tool checked by another tool. We actually had performed such verifications before. For instance, we checked PVS-Studio with Cppcheck, Visual Studio static analyzer, inspected Intel C++ warnings. But there were no grounds for writing such an article: none of those tools found anything of interest. But Clang has managed to attract our attention with its diagnostic messages. Read more
  • Checking Bitcoin

    29.07.2014
    Don't expect anything epic from this article. We have checked the Bitcoin project's source code with PVS-Studio and found just a couple of suspicious fragments. Which is no wonder: I guess there are few programmers who haven't checked it already. But since we have done our check too, we need to write a small post about it, pro forma, so to say. Read more
  • stdafx.h for Novices

    25.06.2014
    This article is meant for those programmers who are only getting started with the Visual Studio environment and trying to compile their C++ projects under it. Everything looks strange and complicated in an unfamiliar environment, and novices are especially irritated by the stdafx.h file that causes strange errors during compilation. Pretty often it all ends in them diligently turning off all precompiled headers in every project. We wrote this article to help Visual Studio newcomers to figure it all out. Read more
  • PVS-Studio and CppCat Team Expanding Their Horizons Through Outsourcing

    23.06.2014
    As you know, our main activity is development of the code analyzers PVS-Studio and CppCat. Although we have been doing this for a long time now and - as we believe - quite successfully, an unusual idea struck us recently. You see, we do not use our own tools in exactly the same way our customers do. Well, we analyze the code of PVS-Studio by PVS-Studio of course, but, honestly, the PVS-Studio project is far from large. Also, the manner of working with PVS-Studio's code is different from that of working with Chromium's or LLVM's code, for example. Read more
  • Handling False Positives in PVS-Studio and CppCat

    20.06.2014
    It occurred to me recently to reanalyze the Newton Game Dynamics physics engine. The project's code is very high-quality, so there were almost no genuine bugs detected, but I did get a few dozens of false positives. Seems like there's nothing to write about, doesn't it? Well, I thought I should write about how to handle false positives and how to avoid them. I found the Newton Game Dynamics project a good example to demonstrate that on. Read more
  • Firefox Easily Analyzed by PVS-Studio Standalone

    15.06.2014
    We already checked Mozilla Firefox with the PVS-Studio analyzer three years ago. It was pretty inconvenient and troublesome at the time. You see, there is no Visual Studio project file for Firefox – the build is done with the help of makefiles. That's why you can't just take and check the project. We had to integrate PVS-Studio into the build system, which appeared a difficult task. If I remember it rightly, it all resulted in successfully analyzing only a part of the project. But everything is different now that we have PVS-Studio Standalone. We can now monitoring all compiler launches and easily check the project. Read more
  • 64-bit Errors Are Here at Last

    02.06.2014
    As a person not indifferent to 64-bit errors, I decided to write a small comment to the article "Buggy Security Guidance from Apple". Read more
  • The Last Line Effect

    31.05.2014
    I have studied numbers of errors caused by using the Copy-Paste method and can assure you that programmers most often tend to make mistakes in the last fragment of a homogeneous code block. I have never seen this phenomenon described in books on programming, so I decided to write about it myself. I called it the "last line effect". Read more