Blog

  • LibreOffice Project's Check

    01.03.2015
    We invite you to read a new article about how we analyzed another well-known open-source project. This time it is the LibreOffice office suite that I have examined. The project is developed by more than 480 programmers. We have found that it is pretty high-quality and that it is regularly checked by the Coverity static analyzer. But, like in any other large project, we still managed to find previously undetected bugs and defects and in this article we are going to discuss them. Just for a change, this time we will be accompanied by cows instead of unicorns. Read more
  • Null Pointer Dereferencing Causes Undefined Behavior

    16.02.2015
    I have unintentionally raised a large debate recently concerning the question if it is legal in C/C++ to use the &P->m_foo expression with P being a null pointer. The programmers' community divided into two camps. The first claimed with confidence that it wasn't legal while the others were as sure saying that it was. Both parties gave various arguments and links, and it occurred to me at some point that I had to make things clear. For that purpose, I contacted Microsoft MVP experts and Visual C++ Microsoft development team communicating through a closed mailing list. They helped me to prepare this article and now everyone interested is welcome to read it. For those who can't wait to learn the answer: That code is NOT correct. Read more
  • PVS-Studio for Visual C++

    09.02.2015
    Many of our articles are concentrated on anything but the PVS-Studio analyzer itself. We tell our readers about projects we have checked, nuances of C++ language, creation of plugins in C#, running PVS-Studio from the command line... But PVS-Studio was first of all designed for Visual Studio users. We have done a lot to make their work with the tool as comfortable as possible. But this particular fact is very often left outside the frame. I've decided to improve the situation and tell you about the PVS-Studio plugin from scratch. If you work in Visual C++, this article is for you. Read more
  • PVS-Studio and Hostile Environment

    28.01.2015
    This is another story about programs having a hard time trying to interact with the external world. At first glance, a static analyzer should face no problems at all. It just gets files and some additional information at the input and generates a log-file out of it. But the Devil is, as usual, in the detail. Read more
  • Twitter for C++ Programmers (updated)

    23.01.2015
    This small post is for those programmers who use Twitter or are just about to start doing this. I'm sure developers will find some useful information here. Read more
  • Reflections on the Null Pointer Dereferencing Issue

    15.01.2015
    As I have recently found out, the question whether or not the code &((T*)(0)->x) is correct appears to be quite complicated. I decided to write a small post on this subject. Read more
  • PVS-Studio Probes into Linux' Innards (3.18.1)

    03.01.2015
    For the sake of advertisement, we decided to analyze the Linux kernel with our static code analyzer. The difficulty of this task makes it especially interesting. Linux' source codes have been checked and are still checked by numbers of different tools. So finding anything new was hardly probable. But if we succeeded, it would be a nice advertisement for the PVS-Studio analyzer's capabilities. Read more
  • Note about diagnostics fine-tuning

    15.12.2014
    Despite the fact that our analyzer is stated to be one of the simplest tools in installing and everyday usage (everything is working "out-of-the-box" and does not require any unintuitive tweaks), some users lacks flexibility of some of the diagnostic rules. Unfortunately, usability and flexibility is if not totally opposite, but sometimes those features conflict with each other. In this note, we shall be talking about additional mechanism of tuning some diagnostic rules, which can be useful for some of our valuable users. Read more
  • Why Students Need the CppCat Code Analyzer

    10.12.2014
    CppCat is a simple static code analyzer capable of detecting bugs in C/C++ programs. We started granting free academic licenses to all interested (students, teachers, and so on). For the sake of popularizing CppCat among students, I decided to write this post about errors that can be found in student lab work tasks posted at Pastebin.com. Read more
  • Miranda NG Project to Get the "Wild Pointers" Award (Part 2)

    28.11.2014
    In this article, we continue to discuss errors found in the Miranda NG project by the PVS-Studio static code analyzer. Last time we were talking about pointers and memory handling. This time we are going to talk about general errors most of which are due to programmers' inattentiveness and typos. Read more