Showing abilities of PVS-Studio analyzer by examples of Microsoft open-source projects

Andrey Karpov
Articles: 382

Microsoft gradually started to open the code of some projects. Our team is very happy about this. We support the view that Microsoft Company has really high-quality code. What's more, Microsoft developers are already using static code analyzers. That's why finding bugs in their code is a great way to demonstrate the abilities of the analyzer.

This article is out of date. An updatable list of articles about the projects we have checked is here.

Picture 1


Those, who already know, what PVS-Studio is, may just skip this part.

PVS-Studio is a tool for bug detection in the source code of programs, written in C, C++ and C#. PVS-Studio performs static code analysis and generates a report that helps a programmer find and fix bugs. PVS-Studio performs a wide range of code checks, it is especially useful to search for misprints and Copy-Paste errors.

The demo-version of the product is available at our site. It has a few of limitations that I have written about in the article. But there are ways to temporarily remove these restrictions.

Abilities demonstration

I am quite sure that there is no point in writing nice marketing catchwords about PVS-Studio. They are of no interest to programmers. I can easily relate to it, being a programmer myself. As Linus Torvalds said: "Talk is cheap. Show me the code." In our case it should be paraphrased: "Talk is cheap. Show me the bugs."

We have various examples that speak for themselves. Our team has checked a great number of open-source projects and found 9574 bugs. We find bugs in such projects as Clang, Wine, Qt, Chromium, Unreal Engine and so on. You can have a look at the error base yourself and see how powerful PVS-Studio is.

In this article I would like to set aside a special group of project checks that is related to Microsoft company. I believe that the Microsoft development process is of high level and their code has low density of errors. However, even highly qualified specialists are not immune from making mistakes. So I am really glad to show what PVS-Studio is capable of.

Our articles are sometimes viewed as indirect comparison with FxCop analyzer and the diagnostics built in Visual Studio. Since PVS-Studio finds bugs after the checks of these tools, it's worth embedding in your development process.

So, I suggest taking a look at the articles, showing the abilities of PVS-Studio by the examples of projects written in C++ and C#.




I hope the articles I've provided would be of interest to you, prompting to try PVS-Studio on your project. This is the best way to see the benefits that the static code analysis brings. There is also one thing to remember - one-time use of the analyzer isn't effective to fight bugs. The analyzer should be used on a regular basis to detect bugs in the newly written code right away.

But enough talking. See the analyzer in action:

Use PVS-Studio to search for bugs in C, C++, C# and Java

We offer you to check your project code with PVS-Studio. Just one bug found in the project will show you the benefits of the static code analysis methodology better than a dozen of the articles.

goto PVS-Studio;

Andrey Karpov
Articles: 382

Bugs Found

Checked Projects
Collected Errors
13 692