An always up-to-date list of articles describing errors that we find in open source projects with PVS-Studio analyzer

• Operating systems
• Microsoft projects
• Web Browsers
• GameDev
• Compilers
• Programming languages
• Development
• Libraries
• Graphics
• Music Software
• Messengers
• Other projects

It contains articles describing the errors that were discovered by analyzing different open-source projects.

We are friendly to open-source projects. We do our best to let their authors know about defects we find and grant them temporary free licenses for our tool if necessary.

Below is a list of open-source C, C++ and C# projects for Windows and Linux we have analyzed by now with PVS-Studio:

Operating systems

• Apple XNU kernel analysis (March 2018)
• Tizen OS analysis: part 1, part 2, part 3 (July 2017)
• Linux kernel analysis (January 2015), second analysis (December 2016)
• FreeBSD analysis (February 2016), second analysis (April 2017)
• Haiku OS analysis: part 1, part 2 (April 2015)
• ReactOS analysis (September 2011), second analysis (April 2013)

Microsoft projects

• Azure Service Fabric analysis (April 2018)
• This one is not open-source, but still useful to everyone. Visual C++ libraries analysis (September 2012), second analysis (October 2014), third analysis (May 2017)
• Microsoft PowerShell analysis (November 2016)
• Microsoft Bot Builder SDK analysis (October 2016)
• MSBuild analysis (August 2016)
• Microsoft WPF Samples analysis (June 2016)
• Casablanca analysis (March 2013), second analysis (June 2016)
• Microsoft Cognitive Toolkit (CNTK) analysis (February 2016)
• ChakraCore analysis (January 2016)
• .NET Core Libraries (CoreFX) analysis (December 2015)
• .NET Compiler Platform ("Roslyn") analysis (December 2015)
• Microsoft Code Contracts analysis (December 2015)
• .NET Core Common Language Runtime (CoreCLR) analysis (March 2015)
• Microsoft Word 1.1a analysis (April 2014)
• Windows 8 Driver Samples analysis (April 2013)

Web Browsers

• Chromium analysis (May 2011), second analysis (October 2011), third analysis (August 2013), fourth analysis (December 2013), fifth analysis (October 2016), sixth analysis: introduction, part 1, part 2, part 3, part 4, part 5, part 6, part 7 (January 2018).
• Firefox analysis (December 2011), second analysis (June 2014)

GameDev

• Unity analysis (April 2018)
• Unreal Engine 4 analysis (April 2014), second analysis (June 2015), third analysis (June 2016)
• CryEngine V analysis (August 2016), second analysis (April 2017)
• CMaNGOS analysis (February 2017)
• Unity3D's Components analysis (August 2016)
• X-Ray Engine analysis (June 2016)
• Serious Engine analysis (March 2016)
• Xenko analysis (March 2016)
• Space Engineers analysis (February 2016)
• Godot Engine analysis (April 2015)
• Spring RTS analysis (December 2014)
• Cocos2d-x analysis (August 2014)
• OpenMW analysis (May 2014)
• CryEngine 3 SDK analysis (March 2014)
• Source SDK analysis (January 2014)
• Multi Theft Auto analysis (August 2013)
• TrinityCore analysis (February 2012)
• Quake III Arena GPL analysis (February 2012)
• Doom 3 analysis (November 2011)

Compilers

• LLVM (Clang) analysis (August 2011), second analysis (August 2012), third analysis (October 2016)
• Mono analysis (September 2016)
• GCC analysis (August 2016)

Programming languages

• Scilab analysis (March 2014), second analysis (June 2017)
• PascalABC.NET analysis (March 2017)
• CPython & Ruby analysis (July 2016)
• PHP analysis (September 2014), second analysis (April 2016)
• IronPython/IronRuby analysis (January 2016)
• GNU Octave analysis (August 2015)

Development

• CruiseControl.NET analysis (May 2017)
• Valgrind analysis (May 2017)
• SharpDevelop analysis (November 2015), second analysis (January 2017)
• CodeLite analysis (October 2016)
• GitExtensions analysis (October 2016)
• GDB analysis (September 2016)
• FlashDevelop analysis (July 2016)
• OpenJDK analysis (June 2016)
• Dolphin Smalltalk 7 analysis (January 2016)
• MonoDevelop analysis (December 2015)
• Doxygen analysis (August 2015)
• TortoiseGit analysis (May 2014)
• TortoiseSVN analysis (December 2010), second analysis (June 2013)

Libraries

• EFL Core Libraries analysis (July 2017)
• TensorFlow analysis (April 2017)
• ADO.NET Entity Framework analysis (March 2017)
• NUnit Framework analysis (August 2016)
• Nana C++ Library analysis (July 2016)
• Accord.Net analysis (July 2016)
• Xamarin.Forms analysis (May 2016)
• GTK+ analysis (March 2016)
• Lucene.Net analysis (March 2016)
• Amason Web Services SDK analysis (March 2016)
• WPF examples by the Infragistics Company analysis (February 2016)
• Sony C#/.NET Components analysis (January 2016)
• MatrixSSL analysis (February 2015)
• NSS analysis (October 2014)
• Qt analysis (July 2011), second analysis (April 2014)
• OpenSSL analysis (December 2012), second analysis (April 2014)
• glibc analysis (February 2014)
• LibRaw analysis (February 2014)
• Boost analysis (August 2013)
• This one is not open-source, but still useful to everyone. C++Builder header files analysis (May 2013)
• OpenCV analysis (March 2013)
• Intel IPP Samples analysis (January 2011), second analysis (October 2011), third analysis (April 2012)
• Intel Energy Analysiser SDK analysis (July 2011)

Graphics

• Disney Software analysis (November 2016)
• Inkscape analysis (August 2016)
• Blender analysis (April 2012), second analysis (July 2016)
• OpenToonz analysis (April 2016)
• Appleseed analysis (September 2015)
• FreeCAD analysis (April 2015)
• Powder Toy analysis (December 2014)
• GIMP analysis (August 2014)
• VirtualDub analysis (October 2013)

Music Software

• Steinberg SDKs analysis (November 2017)
• Ardour analysis (November 2017)
• Rosegarden analysis (October 2017)
• Audacity analysis (October 2017)
• MuseScore analysis (September 2017)

Messengers

• ICQ analysis (October 2016)
• Miranda IM analysis (March 2011), second analysis (May 2016)
• Telegram analysis (September 2015)
• Miranda NG analysis: part 1, part 2 (November 2014)
• qutIM analysis (November 2010)

Other projects

• Subtitle Edit analysis (Match 2018)
• ClickHouse analysis (September 2017)
• Notepad++ analysis (November 2010), second analysis (February 2012), third analysis (June 2017)
• MediaPortal analysis (March 2017)
• Far Manager for Linux analysis (February 2017)
• Umbraco analysis (November 2015), second analysis (December 2016)
• Orchard CMS analysis (November 2016)
• Grub analysis (September 2016)
• Apache HTTP Server analysis (July 2011), second analysis (September 2016)
• ReOpenLDAP analysis (August 2016)
• NASA World Wind analysis (C#) (August 2016)
• Geant4 analysis (November 2013), second analysis (July 2016)
• 7-Zip analysis (June 2016)
• Firebird analysis (February 2014), second analysis (May 2016)
• Samba analysis (April 2016)
• PVS-Studio Plugin analysis (March 2016)
• Oracle VM VirtualBox analysis: part 1, part 2 (September 2014), second analysis (March 2016)
• Wine analysis (August 2014), second analysis (October 2015)
• FreeSWITCH analysis (October 2015)
• Mozilla Thunderbird analysis (September 2015)
• Intel Galileo UEFI analysis (May 2015)
• Vim analysis (March 2015)
• LibreOffice analysis (March 2015)
• KDE analysis (September 2014)
• Oracle VM VirtualBox analysis: part 1, part 2 (September 2014)
• Asterisk analysis (August 2014)
• Bitcoin analysis (July 2014)
• Tesseract analysis (May 2014)
• WinSCP analysis (April 2014)
• μManager analysis (March 2014)
• PostgreSQL analysis (December 2013)
• OpenMS analysis (September 2013)
• Trans-Proteomic Pipeline analysis (August 2012), second analysis (September 2013)
• NetXMS analysis (May 2013)
• Tor analysis (November 2012)
• MAME analysis (July 2012)
• WinMerge analysis (October 2010), second analysis (March 2012)
• Dolphin-emu analysis (February 2012)
• Ultimate Toolbox analysis (December 2010)
• Fennec Media Project analysis (November 2010)
• Various small projects we didn't write about.

It's not entirely without any reward that we analysis all these projects. The reports we publish serve as an advertisement for our tools and our company. We make no secret of it. But I believe it's the best advertisement you've ever seen! PVS-Studio does help the open-source community.

You may notice that the above mentioned articles are very different in size. Well, there is an explanation to that. For example, when writing the first article about ReactOS, our analyzer had much fewer diagnostic rules than at the time of the second analysis. Within the time period between the two analysiss, the tool has learned to find several times more bugs. Because of that, our articles reporting analysis results will only grow larger in time. Now we have to skip numerous bugs that don't look too impressive and convincing in order not to turn an article into a reference book.

We also keep a bug database at our website. I think many of you will find it interesting wandering about it. But what's most interesting, you can use it as a resource to work out coding standards and new recommendations for textbooks and articles on programming. It is now waiting for its McConnell to come and use it as soil to raise a book of the "50 Tips on How Not to Drop a Clanger" style.