Showing abilities of PVS-Studio analyzer by examples of Microsoft open-source projects

Andrey Karpov
Articles: 371



This article is out of date. An updatable list of articles about the projects we have checked is here.

Microsoft gradually started to open the code of some projects. Our team is very happy about this. We support the view that Microsoft Company has really high-quality code. What's more, Microsoft developers are already using static code analyzers. That's why finding bugs in their code is a great way to demonstrate the abilities of the analyzer.

Picture 1

PVS-Studio

Those, who already know, what PVS-Studio is, may just skip this part.

PVS-Studio is a tool for bug detection in the source code of programs, written in C, C++ and C#. PVS-Studio performs static code analysis and generates a report that helps a programmer find and fix bugs. PVS-Studio performs a wide range of code checks, it is especially useful to search for misprints and Copy-Paste errors.

The demo-version of the product is available at our site. It has a few of limitations that I have written about in the article. But there are ways to temporarily remove these restrictions.

Abilities demonstration

I am quite sure that there is no point in writing nice marketing catchwords about PVS-Studio. They are of no interest to programmers. I can easily relate to it, being a programmer myself. As Linus Torvalds said: "Talk is cheap. Show me the code." In our case it should be paraphrased: "Talk is cheap. Show me the bugs."

We have various examples that speak for themselves. Our team has checked a great number of open-source projects and found 9574 bugs. We find bugs in such projects as Clang, Wine, Qt, Chromium, Unreal Engine and so on. You can have a look at the error base yourself and see how powerful PVS-Studio is.

In this article I would like to set aside a special group of project checks that is related to Microsoft company. I believe that the Microsoft development process is of high level and their code has low density of errors. However, even highly qualified specialists are not immune from making mistakes. So I am really glad to show what PVS-Studio is capable of.

Our articles are sometimes viewed as indirect comparison with FxCop analyzer and the diagnostics built in Visual Studio. Since PVS-Studio finds bugs after the checks of these tools, it's worth embedding in your development process.

So, I suggest taking a look at the articles, showing the abilities of PVS-Studio by the examples of projects written in C++ and C#.

C++

C#

Conclusion

I hope the articles I've provided would be of interest to you, prompting to try PVS-Studio on your project. This is the best way to see the benefits that the static code analysis brings. There is also one thing to remember - one-time use of the analyzer isn't effective to fight bugs. The analyzer should be used on a regular basis to detect bugs in the newly written code right away.

But enough talking. See the analyzer in action: http://www.viva64.com/en/pvs-studio-download/.



Use PVS-Studio to search for bugs in C, C++, C# and Java

We offer you to check your project code with PVS-Studio. Just one bug found in the project will show you the benefits of the static code analysis methodology better than a dozen of the articles.

goto PVS-Studio;

Andrey Karpov
Articles: 371


Bugs Found

Checked Projects
344
Collected Errors
12 970