Group items tagged

PVS-Studio is a static analyzer that detects errors in source code of C/C++/C++11 applications. The PVS-Studio tool integrates into the Visual Studio 2005/2008/2010 environment.

This post is about love. About the love of the static code analyzer PVS-Studio, for the great open source Linux operating system. This love is young, touching and fragile. It needs help and care. You will help greatly if you volunteer to help testing the beta-version of PVS-Studio for Linux.

The best way to advertise a static code analyzer is to find errors in open source projects and share them with the world. We have been using this method for a long time while promoting our tool PVS-Studio. If you have ever heard of PVS-Studio, it was most likely from our articles reporting on the checks of such projects as Chromium, WinMerge, TortoiseSVN, Apache HTTP Server, Qt, Clang and many others.

As an experiment, we have decided to offer everyone interested a PVS-Studio registration key for 5 days to study its 64-bit diagnostics more thoroughly. The PVS-Studio demo version is absolutely full-function. It is sufficient to study the tool and get familiar with its capabilities. The user has up to 200 clicks to navigate through code fragments the analyzer considers to be probably incorrect. We believe it's quite enough for the user to decide if he/she likes the tool or not. However, that might be insufficient in case you are searching for 64-bit errors. Many of the 64-bit warnings are false positives or are irrelevant to this program, as fragments they point to cannot cause errors. That's why the restriction of 200 messages you can click to navigate through the code may prevent you from forming a definite opinion of the tool. We have been watching an increasing interest towards development of 64-bit software lately. Perhaps this has to do with the release of Embarcadero RAD Studio XE3 Update 1 that has learned now to compile 64-bit applications. Or maybe it's just that the time has come.

PVS-Studio is a static analyzer that detects errors in source code of C/C++/C++11 applications. There are sets of rules included into PVS-Studio: General-purpose diagnosis Detection of possible optimizations Diagnosis of 64-bit errors (Viva64) Diagnosis of parallel errors (VivaMP)

PVS-Studio 5.00: support of Embarcadero C++Builder, Windows Store and Windows Phone 8 applications in Visual Studio, and several hundreds of diagnostic rules

The PVS-Studio team has analyzed over 200 open-source projects with their static code analyzer. Among them are such titles as Unreal Engine, Php, Haiku, Qt, and even Linux. In each of these projects, bugs of varying severity were detected. The team regularly reports the analysis results in their blog. Each post is a separate article of several pages, describing in detail each of the bugs found and giving recommendations on how to fix them. The PVS-Studio team decided to go further to create a service of tips and recommendations on C/C++ usage, CppHints.com, in addition to the practice of writing articles. Within the scope of this service, the team publishes 1 recommendation/tip per day. Each publication delivers concentrated information on C/C++ programming approaches and techniques used in various situations and includes examples of correct and incorrect language use from over 200 open-source projects.

Support has been implemented for several previous versions of C++Builder. Now PVS-Studio supports the following versions of C++Builder: XE3 Update 1, XE2, XE, 2010, 2009.

We regularly check various open-source projects with PVS-Studio and send analysis results to developers and usually describe them in our posts as well. Besides, we add them into our bug database. This database is posted below on this page. The bugs are grouped according to the number of the diagnostic rule that is used to detect them. This number is given in the left column. Click on it to see the diagnostic rule description in the documentation. The right column contains a link to the corresponding error samples. Some diagnostics haven't detected any bugs in open-source projects yet. The lower you are in the list, the more diagnostics with no error samples there will be. The reason is simple: the later a certain rule had been added, the fewer projects were analyzed with this rule included into the rule set and therefore the fewer chances for it to demonstrate its capabilities.

We have a practice of occasionally re-analyzing projects we have already checked with PVS-Studio. There are several reasons why we do so. For example, we want to know if we have managed to eliminate false positives for certain diagnostics. But the most interesting thing is to see how new diagnostic rules work and what errors they can find. It is very interesting to watch the tool catch more and more new defects in a project that seems to be cleaned out already. The next project we have re-checked is Clang.

For the purpose of testing our C/C++ analyzer PVS-Studio, we often check various open-source projects and publish reports about bugs we have found. It is obvious that we seek projects of large sizes (hundreds of thousands of code lines), as there is little to be tested and caught in just a few dozens of files. We already had opportunities to test large collections consisting of hundreds of small open-source projects, for example sets of test samples for various SDKs and Frameworks. We are especially interested in checking such collections to see how the analyzer supports various specific code constructs, Visual C++ project subtypes, and so on.

Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The author is Andrey Karpov - technical director of "Program Verification Systems", a team of developers, working on PVS-Studio static code analyzer. Having checked a large number of open source projects, we have seen a large variety of ways to shoot yourself in the foot; there is definitely much to share with the readers. Every recommendation is given with a practical example, which proves the currentness of this question. These tips are intended for C/C++ programmers, but usually they are universal, and may be of interest for developers using other languages.

We have checked the Windows 8 Driver Samples pack with our analyzer PVS-Studio and found various bugs in its samples. There is nothing horrible about it - bugs can be found everywhere, so the title of this article may sound a bit high-flown. But these particular errors may be really dangerous, as it is a usual practice for developers to use demo samples as a basis for their own projects or borrow code fragments from them.