A couple of years ago the PVS-Studio analyzer got its first diagnostic rules to check program code compliance with the MISRA C and MISRA C++ standards. We collected feedback and saw that our clients were interested in using the analyzer to check their projects for MISRA compliance. So, we decided to further develop the analyzer in this direction. The article covers the MISRA C/C++ standard and the MISRA Compliance report. It also shows what we already managed to do and what we plan to achieve by the end of the year.

How it started

Our company started working on a static code analyzer…


If you are strongly interested in MISRA and would like to understand whether your project meets one of the MISRA association’s standards, there is a solution. Its name is MISRA Compliance. PVS-Studio has recently learned how to generate the MISRA Compliance report. This article describes how you can use this feature. This can make somebody’s life better.

What is MISRA Compliance?

MISRA Compliance is a standard that allows you to understand whether your project conforms to the MISRA C/C++ standards, its deviations, and re-categorizations. …


Not everyone enjoys working in support. Many people who work there experience burnout. So maybe companies shouldn’t have any support at all? How do they benefit from it? Is there a way to prevent burnout while working in support? Let’s try to find the answers.

First, a few words about me. Currently, I’m working as a C# programmer at PVS-Studio — a company that develops the PVS-Studio static analyzer. By the way, I managed to have a hand in it. I wrote diagnostic rules and broke enhanced the kernel. …


On August 25th, 2021, the Linux kernel celebrated its 30th anniversary. Since then, it’s changed a lot. We changed too. Nowadays, the Linux kernel is a huge project used by millions. We checked the kernel 5 years ago. So, we can’t miss this event and want to look at the code of this epic project again.

Introduction

Last time we found 7 peculiar errors. It’s noteworthy that this time we’ve found fewer errors!

It seems strange. The kernel size has increased. The PVS-Studio analyzer now has dozens of new diagnostic rules. We’ve improved internal mechanisms and data flow analysis. Moreover, we…


XSS — or cross-site scripting — is one of the most common vulnerabilities in web applications. It has been on the OWASP Top 10 list (the list of the most critical security risks to web applications) for a while now. So let’s figure out together how your browser can acquire and execute a script from a third-party website, and what this may lead to (spoiler: your cookies could get stolen, for example). And while we’re at it, we’ll talk about ways you can protect yourself from XSS.

What is XSS?

Cross-site scripting (XSS) is a way to attack web systems. An intruder embeds…


PHP is widely known as an interpreted programming language used mainly for website development. However, few people know that PHP also has a compiler to .NET — PeachPie. But how well is it made? Will the static analyzer be able to find actual bugs in this compiler? Let’s find out!

It’s been a while since we posted articles on the C# projects check using PVS-Studio… And we still have to make the 2021 Top list of bugs (by the way, 2020 Top 10 bugs, you can find here)! Well, we need to mend our ways. …


The PVS-Studio team is increasing the number of diagnostics with each new release. Besides, we are improving the analyzer’s infrastructure. This time we added the plugin for JetBrains CLion. Moreover, we introduced intermodular analysis of C++ projects and speeded up the C# analyzer core.

Integrating PVS-Studio into JetBrains CLion


Hello everyone! Welcome to the second part of the PVS-Studio Team’s Kanban Board story. This time we’ll talk about YouTrack. You’ll learn why we chose and implemented this task tracker and what challenges we encountered. We don’t want to advertise or criticize YouTrack. Nevertheless, our team thinks JetBrains has done (and keeps doing) a great job.

I discussed how we integrated kanban, and why we decided to switch from Bitbucket to a new task tracker in the previous article, “PVS-Studio Team’s Kanban Board. Part 1: Agile”. Do take a look if you haven’t already — this will help you understand…


Recently PVS-Studio has implemented a major feature — we supported intermodular analysis of C++ projects. This article covers our and other tools’ implementations. You’ll also find out how to try this feature and what we managed to detect using it.

Why would we need intermodular analysis? How does the analyzer benefit from it? Normally, our tool is checking only one source file at a time. The analyzer doesn’t know about the contents of other project files. Intermodular analysis allows us to provide the analyzer with information about the entire project structure. This way, the analysis becomes more accurate and qualitative…


People increasingly start optimizing the process of finding code errors using static analyzers. Nowadays, we can choose from a variety of products to view analysis results. This post covers the ways how to view an analyzer report in the most stylish and feature-rich IDE among multifunctional ones — VSCode. The SARIF format and a special plugin for it allow us to perform our task. Keep reading to find out about this. Let’s get going!

I wrote this article at the request of our reader who left a comment on the previous article about SARIF. These posts form some kind of…

Unicorn Developer

The developer, the debugger, the unicorn. I know all about static analysis and how to find bugs and errors in C++, C#, and Java source code.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store