In our articles, we regularly repeat an important idea: a static analyzer should be used regularly. This helps detect and cheaply fix many errors at the earliest stage. It looks nice in theory. As we know, actions still speak louder than words. Let’s look at some recent bugs in new code of the Blender project.

Image for post
Image for post

Recently, we set up a regular check of the Blender project, as my colleague described in the article “Just for Fun: PVS-Studio Team Came Up With Monitoring Quality of Some Open Source Projects”. In the future, we plan to start monitoring some more interesting projects.


The recent Qt 6 release compelled us to recheck the framework with PVS-Studio. In this article, we reviewed various interesting errors we found, for example, those related to processing dates. The errors we discovered prove that developers can greatly benefit from regularly checking their projects with tools like PVS-Studio.

Image for post
Image for post

This is a standard article that reports the results of an open-source project check. This article will add to our “evidence base” that demonstrates how useful and effective PVS-Studio is in code quality control. Though we have already checked the Qt project in the past (in 2011, 2014, and 2018), rechecking…


Recently we found out that the new version of the fheroes2 project was released. In our company there are many fans of Heroes of Might and Magic game series. So, we couldn’t pass it up and checked the project by PVS-Studio.

Image for post
Image for post

Introduction to the project

Free Heroes of Might and Magic II is an open source implementation of the Heroes of Might and Magic II game engine. To play the updated version, you need the original Heroes of Might and Magic II or at least its demo version. The latter is available by the script distributed with the source code. …


Let’s say you use GitHub, write code, and do other fun stuff. You also use a static analyzer to enhance your work quality and optimize the timing. Once you come up with an idea — why not view the errors that the analyzer gave right in GitHub? Yeah, and also it would be great if it looked nice. So, what should you do? The answer is very simple. SARIF is right for you. This article will cover what SARIF is and how to set it up. Enjoy the reading!

Image for post
Image for post

What is SARIF?

SARIF (Static Analysis Results Interchange Format) is a JSON-based format for…


There is an open project COVID-19 CovidSim Model, written in C++. There is also a PVS-Studio static code analyzer that detects errors very well. One day they met. Embrace the fragility of mathematical modeling algorithms and why you need to make every effort to enhance the code quality.

Image for post
Image for post

This little story begins with my ordinary search on GitHub. While looking through the search results, I accidentally came across the COVID-19 CovidSim Model project. Without thinking twice, I decided to check it using the PVS-Studio analyzer.

The project turned out to be tiny. It contains only 13,000 lines of code, not…


In PVS-Studio, we often check various compilers’ code and post the results in our blog. Decompiler programs, however, seem to be a bit neglected. To restore justice in this world, we analyzed the ILSpy decompiler’s source code. Let’s take a look at the peculiar things PVS-Studio found.

Image for post
Image for post

Introduction

Probably almost every programmer used a decompiler at least once. The reasons could vary: to see how a method is implemented, to check if there is an error inside a library used, or to satisfy curiosity and look up some source code. At the mention of a decompiler, most .NET programmers will think…


You may have already read a recent article about the first PVS-Studio run and filtration of warnings. We used the GTK 4 project as an example. It’s about time we worked with the received report in more detail. Our regular readers may have already guessed that this article will be a description of errors found in the code.

Image for post
Image for post

GTK 4 project code is decent

Rarely do I tend to stuff many errors in an article. It was the case with a recent post “Espressif IoT Development Framework: 71 Shots in the Foot”. This time I’ll limit myself to 21 mistakes in honor of 2021:). …


The PVS-Studio analyzer is regularly updated with new diagnostic rules. Curiously enough, diagnostics often detect suspicious code fragments before the end of the work. For example, such a situation may happen while testing on open-source projects. So, let’s take a look at one of these interesting findings.

Image for post
Image for post

As mentioned earlier, one of the stages of diagnostic rule testing is to check its operation on a real codebase. To that end, we have a set of selected open-source projects that we use for the analysis. The obvious advantage of this approach is the ability to see the diagnostic rule behavior in…


If you feel like the New Year just came, and you missed the first half of January, then all this time you’ve been busy looking for tricky bugs in the code you maintain. It also means that our article is what you need. PVS-Studio has checked the ELKI open source project to show you errors that may occur in the code, how cunningly they can hide there, and how you can deal with them.

Image for post
Image for post

What kind of library is ELKI?

The abbreviation ELKI stands for Environment for Developing KDD-Applications Supported by Index-Structures. This project is written in Java and is designed for data mining. Most users…


One of our readers recommended paying heed to the Espressif IoT Development Framework. He found an error in the project code and asked if the PVS-Studio static analyzer could find it. The analyzer can’t detect this specific error so far, but it managed to spot many others. Based on this story and the errors found, we decided to write a classic article about checking an open source project. Enjoy exploring what IoT devices can do to shoot you in the foot.

Image for post
Image for post

Software and hardware systems

The father of the C++ language, Bjarne Stroustrup, once said:

“C” makes it very easy to shoot yourself in…

Unicorn Developer

The developer, the debugger, the unicorn. I know all about static analysis and how to find bugs and errors in C++, C#, and Java source code.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store