Blog

  • Checking the Qt 5 Framework

    18.04.2014
    Static code analysis tools can help developers eliminate numbers of bugs as early as at the coding stage. With their help you can, for example, quickly catch and fix any typos. Well, some programmers are sincerely sure they never make typos and silly mistakes. But they are wrong; everyone makes mistakes. This article is a good evidence of that. Typos can be found even in high-quality and well tested projects such as Qt. Read more
  • A Boring Article About a Check of the OpenSSL Project

    16.04.2014
    Some time ago, a vulnerability was revealed in OpenSSL, and I guess there's no programmer who hasn't been talking about it since then. I knew that PVS-Studio could not catch the bug leading to this particular vulnerability, so I saw no reason for writing about OpenSSL. Besides, quite a lot of articles have been published on the subject recently. However, I received a pile of e-mails, people wanting to know if PVS-Studio could detect that bug. So I had to give in and write this article. Read more
  • A Long-Awaited Check of Unreal Engine 4

    14.04.2014
    On March 19, 2014, Unreal Engine 4 was made public available. Subscription costs only $19 per month. The source codes have also been published at the github repository. Since that moment, we have received quite a number of e-mails, twitter messages, etc., people asking to check this game engine. So we are fulfilling our readers' request in this article; let's see what interesting bugs the PVS-Studio static code analyzer has found in the project's source code. Read more
  • Static and Dynamic Code Analysis

    13.04.2014
    As a PVS-Studio's developer, I am often asked to implement various new diagnostics in our tool. Many of these requests are based on users' experience of working with dynamic code analyzers, for example Valgrind. Unfortunately, it is usually impossible or hardly possible for us to implement such diagnostics. In this article, I'm going to explain briefly why static code analyzers cannot do what dynamic analyzers can and vice versa. Each of these analysis methodologies has its own pros and cons; and one cannot replace the other, but they do complement each other very well. Read more
  • The Shortest Article about a Check of nginx

    07.04.2014
    Our readers asked us many times to check the nginx project. We already did it about a year ago and found nothing of interest. We have rechecked this project recently and again haven't found anything. Since people keep asking about this project, I decided to write a small post about that check. Read more
  • Archeology for Entertainment, or Checking Microsoft Word 1.1a with PVS-Studio

    02.04.2014
    The Microsoft company has recently made a present to all programmers eager to dig into some interesting stuff: they revealed the source codes of MS-DOS v 1.1, v 2.0 and Word for Windows 1.1a. The MS-DOS operating system is written in assembler, so the analyzer cannot be applied to it. But Word is written in C. Word 1.1a's source codes are almost 25 years old, but we still managed to analyze it. There's no practical use of it, of course. Just for fun. Read more
  • Mathematicians: Trust, but Verify

    30.03.2014
    I sometimes feel quite embarrassed when examining bugs in software projects. Many of these bugs inhabit the code for many years, and you just can't help wondering how the program still manages to run at all with a hundred mistakes and defects. And it does work somehow. And people do manage to use it. It holds true not only for code drawing a video game pockemon, but for math libraries too. Your guess is right - we'll speak about the math library Scilab and its analysis results in this article. Read more
  • The Unicorn's Travel to the Microcosm

    18.03.2014
    This time it was the microcosm that brought us a few interesting bugs. We have checked the open-source project μManager with our analyzer PVS-Studio. This project is a software package for automated microscope image acquisition. Read more
  • Comparison of static code analyzers: CppCat, Cppcheck, PVS-Studio and Visual Studio

    12.03.2014
    We have carried out a thorough comparison of four analyzers for C/C++ code: CppCat, Cppcheck, PVS-Studio and Visual Studio's built-in analyzer. It is a serious, large investigation that we had spent about 170 man-hours on and which, in our opinion, gives a good idea of the general state of things in static analysis nowadays. Read more
  • A Spin-off: CryEngine 3 SDK Checked with CppCat

    10.03.2014
    We have finished a large comparison of the static code analyzers CppCat, Cppcheck, PVS-Studio and Visual Studio 2013's built-in analyzer. In the course of this investigation, we checked over 10 open-source projects. Some of them do deserve to be discussed specially. In today's article, I'll tell you about the results of the check of the CryEngine 3 SDK project. Read more