Do you like GitLab and don't like bugs? Do you want to improve the quality of your source code? Then you've come to the right place. Today we will tell you how to configure the PVS-Studio C# analyzer for checking merge requests. Enjoy the reading and have a nice unicorn mood.
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsAndrey Karpov
We continue making the use of PVS-Studio more convenient. Our analyzer is now available in Chocolatey, the package manager for Windows. We believe this will make it easier to deploy PVS-Studio, particularly in cloud services. So right off the bat, we also checked the source code of the same Chocolatey. Azure DevOps took on the role of the CI system.
Recently the interest in concurrent programming has grown dramatically. Unfortunately, parallel programs do not always have reproducible behavior. Even when they are run with the same inputs, their results can be radically different. In this talk I’ll show how to debug concurrency programs in Go.
I’ll start from showing how you can debug your gorotines using delve and gdb debuggers. Then I’ll try to visualize goroutines using different scenarios, sometimes it helps to better understand how things work. Next part of the topic will be about dumping a goroutine stack trace of your application while it’s running and inspect what each goroutine is doing. And I’ll demonstrate how to debug leaking goroutines by tracing the process of how the scheduler runs goroutines on logical processors which are bound to a physical processor via the operating system thread that is attached.
As a bonus i’ll cover debugging tips on how to find deadlocks and how to avoid race conditions in your application.
You can now use PVS-Studio with Visual Studio absent; just give it the prepro...Andrey Karpov
The new version of the static code analyzer PVS-Studio 5.10 comes with a small utility PVS-Studio Standalone which you may even miss at first. I'd say that's one small step for mankind but one big leap for PVS-Studio :) You can use the current version of this utility in two (for now) ways:
1. View analysis results (the .plog file) saved on another computer without running the Visual Studio IDE.
2. Analyze preprocessed files (generated by any preprocessor beforehand) without a preprocessor and project files or makefiles.
When migrating, we often need to review old code and target only interesting issues. This session will connect the backward incompatibilities and new features to actual location in the code, relying on static analysis to process a large code base quickly. Based on the accumulated experience of the tools, we will review the issues, diagnose criticality, select the best fixes, and prioritize tasks. All tools used will be open source, and you can try them at home for more validation.
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsAndrey Karpov
We continue making the use of PVS-Studio more convenient. Our analyzer is now available in Chocolatey, the package manager for Windows. We believe this will make it easier to deploy PVS-Studio, particularly in cloud services. So right off the bat, we also checked the source code of the same Chocolatey. Azure DevOps took on the role of the CI system.
Recently the interest in concurrent programming has grown dramatically. Unfortunately, parallel programs do not always have reproducible behavior. Even when they are run with the same inputs, their results can be radically different. In this talk I’ll show how to debug concurrency programs in Go.
I’ll start from showing how you can debug your gorotines using delve and gdb debuggers. Then I’ll try to visualize goroutines using different scenarios, sometimes it helps to better understand how things work. Next part of the topic will be about dumping a goroutine stack trace of your application while it’s running and inspect what each goroutine is doing. And I’ll demonstrate how to debug leaking goroutines by tracing the process of how the scheduler runs goroutines on logical processors which are bound to a physical processor via the operating system thread that is attached.
As a bonus i’ll cover debugging tips on how to find deadlocks and how to avoid race conditions in your application.
You can now use PVS-Studio with Visual Studio absent; just give it the prepro...Andrey Karpov
The new version of the static code analyzer PVS-Studio 5.10 comes with a small utility PVS-Studio Standalone which you may even miss at first. I'd say that's one small step for mankind but one big leap for PVS-Studio :) You can use the current version of this utility in two (for now) ways:
1. View analysis results (the .plog file) saved on another computer without running the Visual Studio IDE.
2. Analyze preprocessed files (generated by any preprocessor beforehand) without a preprocessor and project files or makefiles.
When migrating, we often need to review old code and target only interesting issues. This session will connect the backward incompatibilities and new features to actual location in the code, relying on static analysis to process a large code base quickly. Based on the accumulated experience of the tools, we will review the issues, diagnose criticality, select the best fixes, and prioritize tasks. All tools used will be open source, and you can try them at home for more validation.
With PHP 8.0 recently released and PHP 5.x still accounting for over 40% of all production environments, it's time to paint a clear picture on not just why everyone should move to 8.x, but on how to get code ready for the latest version of PHP. In this talk, we'll look at some handy tools and techniques to ease the migration.
With PHP 7.2 recently released and PHP 5.3 and 5.4 still accounting for over 40% of all production environments, it's time to paint a clear picture on not just why everyone should move to 7.0 (or preferably 7.1), but on how to get code ready for the latest version of PHP.
Using the version compatibility checker for PHP_CodeSniffer and a few simple step-by-step instructions, upgrading old code to make it compatible with the latest PHP versions becomes actually really easy. In this talk, we'll migrate an old piece of code and get rid of the demons of the past and ready for the present and future.
Everyone must migrate to PHP 7! Take advantage of exceptional performance improvements, cut your hardware use in half and enjoy the best of PHP. This workshop is for everyone that is still eyeing PHP 7 while still using PHP 5, and wants to review their 1 million LOC project before jumping to PHP 7. When migrating, we need to check old code and target only the interesting issues. This session will connect the backward incompatibilities and new features to their actual location in the code, relying on static analysis to quickly process a large code base. Based on our accumulated experience and tools, we'll review the issues, diagnose criticality, select the best fixes and prioritize the tasks. All tools are Open Source, and ready to be integrated into your project lifecycle.
Debugging in PHP can be tedious and prone to error when using var_dump and echo statements. Learn how to debug more effectively and get better insight into an application by using Xdebug. See how to setup PhpStorm, Xdebug, and the browser to enable debugging that will let you step into code and see variable values live. Extend those debugging capabilities into cli, APIs, and SOAP clients to increase the code that can be debugged with ease.
Trying to Sell PVS-Studio to Google, or New Bugs in ChromiumAndrey Karpov
Publishing articles about checks of various projects with our tool PVS-Studio usually brings us new customers. It's a fair business: programmers don't like ads but readily response to interesting materials which can be easily checked. That's why we prefer to demonstrate what our tool is capable of rather than directly advertise it. Nevertheless, despite that we checked Chromium three times already and found bugs in it each time, I still haven't received an email with an order request from google.com. I want to figure out what I am doing wrong and why Google would refuse to use PVS-Studio, so I decided to write one more article on this matter.
Automatic PHP 7 Compatibility Checking Using php7cc (and PHPCompatibility)Mark Niebergall
Running PHP 5 and ready to upgrade to PHP 7 but want to check your code for compatibility? Learn all about using php7cc to automatically check code for PHP 7 compatibility, including installation, syntax, options, and how to run the tool. Discuss the commonly seen incompatible code and see how to fix the code to be compatible with PHP 7. Leave with the tools and knowledge needed to upgrade any PHP 5 project to PHP 7.
A code kata in C# to help practice techniques for safely removing dependencies form legacy code and creating unit tests. Questions? Suggestions? Contact @dubmun.
Having trouble wrapping you mind around unit testing in legacy code? Practice this kata and you'll have a good understanding of some basics. Break dependencies, inject stubs, write meaningful tests. Refactor with confidence. Version 2 is a complete overhaul to make the kata more readable and usable.
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...Andrey Karpov
Starting from the version 7.04, the PVS-Studio analyzer for C and C++ languages on Linux and macOS provides the test feature of checking the list of specified files. Using the new mode, you can configure the analyzer to check commits and pull requests. This article covers setting up the check of certain modified files from a GitHub project in such popular CI (Continuous Integration) systems, as Travis CI, Buddy and AppVeyor.
At the moment, cloud CI systems are a highly-demanded service. In this article, we'll tell you how to integrate analysis of source code into a CI cloud platform with the tools that are already available in PVS-Studio. As an example we'll use the Travis CI service.
With PHP 8.0 recently released and PHP 5.x still accounting for over 40% of all production environments, it's time to paint a clear picture on not just why everyone should move to 8.x, but on how to get code ready for the latest version of PHP. In this talk, we'll look at some handy tools and techniques to ease the migration.
With PHP 7.2 recently released and PHP 5.3 and 5.4 still accounting for over 40% of all production environments, it's time to paint a clear picture on not just why everyone should move to 7.0 (or preferably 7.1), but on how to get code ready for the latest version of PHP.
Using the version compatibility checker for PHP_CodeSniffer and a few simple step-by-step instructions, upgrading old code to make it compatible with the latest PHP versions becomes actually really easy. In this talk, we'll migrate an old piece of code and get rid of the demons of the past and ready for the present and future.
Everyone must migrate to PHP 7! Take advantage of exceptional performance improvements, cut your hardware use in half and enjoy the best of PHP. This workshop is for everyone that is still eyeing PHP 7 while still using PHP 5, and wants to review their 1 million LOC project before jumping to PHP 7. When migrating, we need to check old code and target only the interesting issues. This session will connect the backward incompatibilities and new features to their actual location in the code, relying on static analysis to quickly process a large code base. Based on our accumulated experience and tools, we'll review the issues, diagnose criticality, select the best fixes and prioritize the tasks. All tools are Open Source, and ready to be integrated into your project lifecycle.
Debugging in PHP can be tedious and prone to error when using var_dump and echo statements. Learn how to debug more effectively and get better insight into an application by using Xdebug. See how to setup PhpStorm, Xdebug, and the browser to enable debugging that will let you step into code and see variable values live. Extend those debugging capabilities into cli, APIs, and SOAP clients to increase the code that can be debugged with ease.
Trying to Sell PVS-Studio to Google, or New Bugs in ChromiumAndrey Karpov
Publishing articles about checks of various projects with our tool PVS-Studio usually brings us new customers. It's a fair business: programmers don't like ads but readily response to interesting materials which can be easily checked. That's why we prefer to demonstrate what our tool is capable of rather than directly advertise it. Nevertheless, despite that we checked Chromium three times already and found bugs in it each time, I still haven't received an email with an order request from google.com. I want to figure out what I am doing wrong and why Google would refuse to use PVS-Studio, so I decided to write one more article on this matter.
Automatic PHP 7 Compatibility Checking Using php7cc (and PHPCompatibility)Mark Niebergall
Running PHP 5 and ready to upgrade to PHP 7 but want to check your code for compatibility? Learn all about using php7cc to automatically check code for PHP 7 compatibility, including installation, syntax, options, and how to run the tool. Discuss the commonly seen incompatible code and see how to fix the code to be compatible with PHP 7. Leave with the tools and knowledge needed to upgrade any PHP 5 project to PHP 7.
A code kata in C# to help practice techniques for safely removing dependencies form legacy code and creating unit tests. Questions? Suggestions? Contact @dubmun.
Having trouble wrapping you mind around unit testing in legacy code? Practice this kata and you'll have a good understanding of some basics. Break dependencies, inject stubs, write meaningful tests. Refactor with confidence. Version 2 is a complete overhaul to make the kata more readable and usable.
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...Andrey Karpov
Starting from the version 7.04, the PVS-Studio analyzer for C and C++ languages on Linux and macOS provides the test feature of checking the list of specified files. Using the new mode, you can configure the analyzer to check commits and pull requests. This article covers setting up the check of certain modified files from a GitHub project in such popular CI (Continuous Integration) systems, as Travis CI, Buddy and AppVeyor.
At the moment, cloud CI systems are a highly-demanded service. In this article, we'll tell you how to integrate analysis of source code into a CI cloud platform with the tools that are already available in PVS-Studio. As an example we'll use the Travis CI service.
This is a second article, which focuses on usage of the PVS-Studio analyzer in cloud CI-systems. This time we'll consider the platform Azure DevOps - a cloud CI\CD solution from Microsoft. We'll be analyzing the ShareX project.
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agentsAndrey Karpov
Static code analysis is most effective when changing a project, as errors are always more difficult to fix in the future than at an early stage. We continue expanding the options for using PVS-Studio in continuous development systems. This time, we'll show you how to configure pull request analysis using self-hosted agents in Microsoft Azure DevOps, using the example of the Minetest game.
We continue checking Microsoft projects: analysis of PowerShellPVS-Studio
It has become a "good tradition" for Microsoft to make their products open-source: CoreFX, .Net Compiler Platform (Roslyn), Code Contracts, MSBuild, and other projects. For us, the developers of PVS-Studio analyzer, it's an opportunity to check well-known projects, tell people (including the project authors themselves) about the bugs we find, and additionally test our analyzer. Today we are going to talk about the errors found in another project by Microsoft, PowerShell.
Heading for a Record: Chromium, the 5th CheckPVS-Studio
We checked Chromium more than once before, and those who follow our blog could reasonably ask, "Why another check? Weren't there enough of them?" Sure, Chromium's source code is particularly clean, which was shown by each of the previous checks, but new errors inevitably continue to appear. Repeated checks prove that the more often you use static analysis, the better. A good practice is to use the analyzer every day. An even better practice is to analyze the new code right after you finish writing it (automatic analysis of recently modified code).
This post is about love. About the love of the static code analyzer PVS-Studio, for the great open source Linux operating system. This love is young, touching and fragile. It needs help and care. You will help greatly if you volunteer to help testing the beta-version of PVS-Studio for Linux.
Comparing Functionalities of PVS-Studio and CppCat Static Code AnalyzersAndrey Karpov
Our company develops two code analyzers to check C/C++ projects: PVS-Studio and CppCat. In this article, we are going to tell you about the functional differences between these two tools.
Static Analysis: From Getting Started to IntegrationAndrey Karpov
Sometimes, tired of endless code review and debugging, you start wondering if there are ways to make your life easier. After some googling or merely by accident, you stumble upon the phrase, "static analysis". Let's find out what it is and how it can be used in your project.
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio
This document advertises the PVS-Studio static analyzer. It describes how using PVS-Studio reduces the number of errors in code of C/C++/C++11 projects and costs on code testing, debugging and maintenance. A lot of examples of errors are cited found by the analyzer in various Open-Source projects. The document describes PVS-Studio at the time of version 4.38 on October 12-th, 2011, and therefore does not describe the capabilities of the tool in the next versions. To learn about new capabilities, visit the product's site http://www.viva64.com or search for an updated version of this article.
We thought of checking the Boost library long ago but were not sure if we would collect enough results to write an article. However, the wish remained. We tried to do that twice but gave up each time because we didn't know how to replace a compiler call with a PVS-Studio.exe call. Now we've got us new arms, and the third attempt has been successful. So, are there any bugs to be found in Boost?
PVS-Studio and Continuous Integration: TeamCity. Analysis of the Open RollerC...Andrey Karpov
One of the most relevant scenarios for using the PVS-Studio analyzer is its integration into CI systems. Even though a project analysis by PVS-Studio can already be embedded with just a few commands into almost any continuous integration system, we continue to make this process even more convenient. PVS-Studio now supports converting the analyzer output to the TeamCity format-TeamCity Inspections Type. Let's see how it works.
We have used a trial version of PVS-Studio for HPX previously, but I vaguely remembered it as being very verbose in its diagnostics. I have read a lot about the tool lately, and since it was a long time since we used it, we contacted the developers at Viva64 asking whether they would be willing to support our open source project. We were positively surprised that they agreed to provide us with a free license for one year in exchange for a blog post about our experience with the tool.
Similar to Analysis of merge requests in GitLab using PVS-Studio for C# (20)
Здесь вы найдёте 60 вредных советов для программистов и пояснение, почему они вредные. Всё будет одновременно в шутку и серьёзно. Как бы глупо ни смотрелся вредный совет, он не выдуман, а подсмотрен в реальном мире программирования.
In this article, you're going to find 60 terrible coding tips — and explanations of why they are terrible. It's a fun and serious piece at the same time. No matter how terrible these tips look, they aren't fiction, they are real: we saw them all in the real programming world.
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Andrey Karpov
Есть ошибки, которые легко прячутся от программистов на обзорах кода. Чаще всего они связаны с опечатками или недостаточным знанием тонких нюансах языка/библиотеки. Давайте посмотрим интересные примеры таких ошибок и как их можно выявить с помощью статического анализа. При этом анализаторы не конкурируют с обзорами кода или, например, юнит-тестами. Они отлично дополняют другие методологии борьбы с ошибками.
When should you start using PVS-Studio? What can PVS-Studio detect? Supported standards: MISRA, CWE, CERT, OWASP, AUTOSAR. What about analysis options? What about legacy code?
Двойное освобождение ресурсов. Недостижимый код. Некорректные операции сдвига. Неправильная работа с типами. Опечатки и copy-paste. Проблемы безопасности. Путаница с приоритетом операций.
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Andrey Karpov
What is static analysis and what is it for? How does static analysis work? (Unreal Engine 4). How to introduce static analysis in your project: best practices.
Does static analysis need machine learning?Andrey Karpov
Introduction to static analysis. Existing solutions and approaches they implement. Problems and pitfalls when creating an analyzer. When learning «manually». When learning on a real large code base. Most promising approaches.
Typical errors in code on the example of C++, C#, and JavaAndrey Karpov
Objectives of this webinar
How we detected error patterns
Patterns themselves and how to avoid them:
3.1 Copy-paste and last line effect
3.2 if (A) {...} else if (A)
3.3 Errors in checks
3.4 Array index out of bounds
3.5 Operator precedence
3.6 Typos that are hard to spot
How to use static analysis properly
Conclusion
Q&A
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)Andrey Karpov
How to fight bugs in legacy code?
Should you do it at all?
What to do if there are hundreds or even thousands of errors?(that’s usually the case)
How to avoid spending a plethora of man-hours on this?
And still, how did you work with Unreal Engine?
C++ Code as Seen by a Hypercritical ReviewerAndrey Karpov
We all do code reviews. Who doesn't admit this – does it twice as often. C++ code reviewers look like a sapper. .. except that they can make a mistake more than once. But sometimes the consequences are painful . Brave code review world.
Static Code Analysis for Projects, Built on Unreal EngineAndrey Karpov
Why Do You Need Static Analysis? Detect errors early in the program development process. Get recommendations on code formatting. Check your spelling. Calculate various software metrics.
Are С and C++ Alive? Even More, IBM RPG Is! C and C++ Are Not Just for Old Systems. Are С and C++ Alive? Summary for C, C++. Embedded: C and С++ Are on the Rise.
Zero, one, two, Freddy's coming for youAndrey Karpov
This post continues the series of articles, which can well be called "horrors for developers". This time it will also touch upon a typical pattern of typos related to the usage of numbers 0, 1, 2. The language you're writing in doesn't really matter: it can be C, C++, C#, or Java. If you're using constants 0, 1, 2 or variables' names contain these numbers, most likely, Freddy will come to visit you at night. Go on, read and don't say we didn't warn you.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Analysis of merge requests in GitLab using PVS-Studio for C#
1. Analysis of merge requests in GitLab using
PVS-Studio for C#
Author: Nikolay Mironov
Date: 24.07.2020
Tags: DevOps
Do you like GitLab and don't like bugs? Do you want to improve the quality of your source code? Then
you've come to the right place. Today we will tell you how to configure the PVS-Studio C# analyzer for
checking merge requests. Enjoy the reading and have a nice unicorn mood.
PVS-Studio is a tool designed to detect errors and potential vulnerabilities in the source code of
programs, written in C, C++, C#, and Java. Works in 64-bit systems on Windows, Linux and macOS. Can
analyze the code meant for 32-bit, 64-bit and embedded ARM platforms.
By the way, we've released PVS-Studio 7.08, which was full of new sapid features. For example:
• C# analyzer under Linux and macOS;
• plugin for Rider;
• new mode for checking a list of files.
Mode of checking a list of files
Previously, in order to check certain files, one had to pass .xml to the analyzer with a list of files. But
since this is not very convenient, we have added the ability to pass .txt, which makes life much simpler.
2. To check certain files, specify the --sourceFiles (-f) flag and pass .txt with the list of files. It looks like this:
pvs-studio-dotnet -t path/to/solution.sln -f fileList.txt -o project.json
If you are interested in configuring checks of commits or pull requests, you can also do this using this
mode. The difference will be in getting a list of files for analysis and will depend on which systems you
are using.
Principle of checking merge requests
The main point of checking is to make sure that problems detected by the analyzer do not make it into
the master branch when merging. We also don't want to analyze the entire project every time.
Moreover, when merging branches, we have a list of changed files. Therefore, I suggest adding a merge
request check.
This is how a merge request looks like before introducing a static analyzer:
In other words, all errors in the changes branch will get to the master branch. Since we wouldn't like
this, we add the analysis, and now the scheme looks as follows:
We analyze changes2 and, if there are no errors, we accept the merge request, otherwise reject it.
3. By the way, if you are interested in analyzing commits and pull requests for C/C++, you are welcome to
read about it here.
GitLab
GitLab is an open source DevOps lifecycle web tool that provides a code repository management system
for Git with its own wiki, bug tracking system, CI/CD pipeline, and other features.
Before you start implementing the merge request analysis, you need to register and upload your
project. If you do not know how to do this, then I suggest an article by my colleague.
Note. One of the possible ways to configure the environment is described below. The point is to show
the steps for configuring the environment needed for analyzing and running the analyzer. In your case, it
may be better to separate the stages of environment preparation (adding repositories, installing the
analyzer) and analysis. For example, preparing Docker instances with the necessary environment and
their usage, or some other method.
In order to get a better understanding of what is going to happen next, I suggest taking a look at the
following scheme:
4. The analyzer needs .NET Core SDK 3 for proper operation from which the necessary dependencies for
the analyzer will be installed. Adding Microsoft repositories for various Linux distributions is described in
the relevant document.
To install PVS-Studio via the package manager, you will also need to add PVS-Studio repositories. Adding
repositories for various distributions is described in more detail in the relevant section of the
documentation.
The analyzer needs a license key to operate. You can get a trial license on the analyzer download page.
5. Note. Please note that the described operating mode (merge requests analysis) requires an Enterprise
license. Therefore, if you would like to try this mode of operation, don't forget to specify that you need
an Enterprise license in the "Message" field.
If a merge request occurs, we only need to analyze the list of changed files, otherwise we analyze all
files. After the analysis, we need to convert the logs to the format we need.
Now, with the algorithm in front of your eyes, you can proceed to writing the script. To do this, we need
to change the .gitlab-ci.yml file or, if there is no such file, create one. To create it, click on the name of
your project -> Set up CI/CD.
Now we are ready to write the script. Let's first write the code that will install the analyzer and enter the
license:
before_script:
- apt-get update && apt-get -y install wget gnupg
- apt-get -y install git
- wget https://packages.microsoft.com/config/debian/10/
packages-microsoft-prod.deb -O packages-microsoft-prod.deb
- dpkg -i packages-microsoft-prod.deb
- apt-get update
- apt-get install apt-transport-https
- apt-get update
- wget -q -O - https://files.viva64.com/etc/pubkey.txt | apt-key add -
- wget -O /etc/apt/sources.list.d/viva64.list
https://files.viva64.com/etc/viva64.list
- apt-get update
- apt-get -y install pvs-studio-dotnet
- pvs-studio-analyzer credentials $PVS_NAME $PVS_KEY
- dotnet restore "$CI_PROJECT_DIR"/Test/Test.sln
Since installation and activation must occur before all other scripts, we use a special before_script label.
Let me be clear on this fragment.
Preparation for the analyzer installation:
- wget https://packages.microsoft.com/config/debian/10/
packages-microsoft-prod.deb -O packages-microsoft-prod.deb
- dpkg -i packages-microsoft-prod.deb
- apt-get update
- apt-get install apt-transport-https
6. - apt-get update
Adding PVS-Studio repositories and the analyzer:
- wget -q -O - https://files.viva64.com/etc/pubkey.txt | apt-key add -
- wget -O /etc/apt/sources.list.d/viva64.list
https://files.viva64.com/etc/viva64.list
- apt-get update
- apt-get -y install pvs-studio-dotnet
License activation:
- pvs-studio-analyzer credentials $PVS_NAME $PVS_KEY
$PVS_NAME - user name.
$PVS_KEY - product key.
Restoration of project dependencies, where $CI_PROJECT_DIR is the full path to the project directory:
- dotnet restore "$CI_PROJECT_DIR"/Path/To/Solution.sln
For correct analysis, the project must be successfully built, and its dependencies must be restored (for
example, the necessary NuGet packages must be loaded).
You can set environment variables containing license information by clicking on Setting, and then on CI /
CD.
In the opening window, find the item Variables, click Expand on the right and add variables. The result
should be the following:
7. Now we can proceed to the analysis. First, we will add a script for full analysis. In the -t flag, we pass the
path to solution, and in the -o flag, we write the path to the file where the analysis results will be
written. Also the return code is of interest for us here. In this case, we'd like the analysis to continue
when an exit code signals that warnings were issued during the analysis. Here's how this fragment looks
like:
job:
script:
- exit_code=0
- pvs-studio-dotnet -t "$CI_PROJECT_DIR"/Test/Test.sln -o
PVS-Studio.json || exit_code=$?
- exit_code=$((($exit_code & 8)/8))
- if [[ $exit_code == 1 ]]; then exit 1; else exit 0; fi
Exit codes work as bit masks. For example, if warnings were issued as a result of the analysis, the exit
code will be equal to 8. If the license expires within a month, the exit code will be 4. If errors were found
during the analysis, and the license expires within a month, both values will be written to the exit code:
the numbers add up and we get the final exit code - 8+4=12. Thus, by checking the corresponding bits,
you can get information about various states during analysis. Exit codes are described in more detail in
the section "Pvs-studio-dotnet exit codes (Linux / macOS)"of the document "Analyzing Visual Studio /
MSBuild / .NET Core projects from the command line using PVS-Studio".
In this case, we are interested in all exit codes where 8 appears.
- exit_code=$((($exit_code & 8)/8))
We get 1 when the exit code has the bit we are interested in set, otherwise we get 0.
Now it is time to add the analysis of the merge request. Before doing this, let's get some space for the
script. We want it to be executed only when a merge request occurs. This looks as follows:
merge:
script:
only:
- merge_requests
8. Let's move on to the script itself. I stumbled upon the issue that the virtual machine knows nothing
about origin/master. So we'll lend it a hand:
- git fetch origin
Now we get the difference between branches and save the result to a txt file:
- git diff --name-only origin/master $CI_COMMIT_SHA > pvs-fl.txt
Where $CI_COMMIT_SHA is the hash of the last commit.
Next, we run analysis of the list of files by using the -f flag. We pass the previously received .txt file to it.
By analogy with the full analysis, we check out the exit codes:
- exit_code=0
- pvs-studio-dotnet -t "$CI_PROJECT_DIR"/Test/Test.sln -f
pvs-fl.txt -o PVS-Studio.json || exit_code=$?
- exit_code=$((($exit_code & 8)/8))
- if [[ $exit_code == 1 ]]; then exit 1; else exit 0; fi
Full script for checking merge request will look like this:
merge:
script:
- git fetch origin
- git diff --name-only origin/master $CI_COMMIT_SHA > pvs-fl.txt
- exit_code=0
- pvs-studio-dotnet -t "$CI_PROJECT_DIR"/Test/Test.sln -f
pvs-fl.txt -o PVS-Studio.json || exit_code=$?
- exit_code=$((($exit_code & 8)/8))
- if [[ $exit_code == 1 ]]; then exit 1; else exit 0; fi
only:
- merge_requests
It only remains to add the log conversion after all the scripts have worked. We use the after_script label
and the plog-converter utility:
after_script:
- plog-converter -t html -o eLog ./PVS-Studio.json
The plog-converter utility is an open source project that is used to convert the analyzer error report into
various forms, such as HTML. For a more detailed description of the utility, see the section "Plog
Converter Utility" in the relevant documentation section.
By the way, if you'd like to conveniently work with a .json report locally from the IDE, then I recommend
our plugin for IDE Rider. For more information about its use, see the special document.
For convenience, here is the entire.gitlab-ci.yml:
image: debian
before_script:
- apt-get update && apt-get -y install wget gnupg
- apt-get -y install git
- wget https://packages.microsoft.com/config/debian/10/
packages-microsoft-prod.deb -O packages-microsoft-prod.deb
- dpkg -i packages-microsoft-prod.deb
9. - apt-get update
- apt-get install apt-transport-https
- apt-get update
- wget -q -O - https://files.viva64.com/etc/pubkey.txt | apt-key add -
- wget -O /etc/apt/sources.list.d/viva64.list
https://files.viva64.com/etc/viva64.list
- apt-get update
- apt-get -y install pvs-studio-dotnet
- pvs-studio-analyzer credentials $PVS_NAME $PVS_KEY
- dotnet restore "$CI_PROJECT_DIR"/Test/Test.sln
merge:
script:
- git fetch origin
- git diff --name-only origin/master $CI_COMMIT_SHA > pvs-fl.txt
- exit_code=0
- pvs-studio-dotnet -t "$CI_PROJECT_DIR"/Test/Test.sln -f
pvs-fl.txt -o PVS-Studio.json || exit_code=$?
- exit_code=$((($exit_code & 8)/8))
- if [[ $exit_code == 1 ]]; then exit 1; else exit 0; fi
only:
- merge_requests
job:
script:
- exit_code=0
- pvs-studio-dotnet -t "$CI_PROJECT_DIR"/Test/Test.sln -o
PVS-Studio.json || exit_code=$?
- exit_code=$((($exit_code & 8)/8))
- if [[ $exit_code == 1 ]]; then exit 1; else exit 0; fi
after_script:
- plog-converter -t html -o eLog ./PVS-Studio.json
As soon as we've added everything to the file, click on Commit changes. To make sure that everything is
correct, go to CI/CD - > Pipelines -> Running. It opens the virtual machine window at the end of which
should be the following:
Once you get Job succeeded - it's ok, profit. Now you can test what you've done.
Examples of working
As an example, we will create a simple project (in master) that will contain several files. After that, we
will change only one file in another branch and try to make a merge request.
Let's look at two cases: when the modified file contains an error, and when it doesn't. First, we'll
consider an example with an error.
10. Let's say there is a Program.cs file in the master branch that doesn't contain errors, and in another
branch the developer added erroneous code and wants to make a merge request. What kind of mistake
they made is not so important, the main thing is that it is there. For example, they forgot the throw
operator (yes, people make such mistakes):
void MyAwesomeMethod(String name)
{
if (name == null)
new ArgumentNullException(....);
// do something
....
}
Let's look at the analysis result for the example with an error. Also, to make sure that only one file was
analyzed, I added the -r flag to the pvs-studio-dotnet command line:
As we can see, the analyzer found an error and didn't allow merging branches.
Now let's check the example without an error. Fixed code:
void MyAwesomeMethod(String name)
{
if (name == null)
throw new ArgumentNullException(....);
// do something
....
11. }
Analysis results of merge request:
As we can see, no errors were found, and the task was completed successfully, which is what we wanted
to check.
Conclusion
Filtering out bad code before merging branches is very convenient and pleasant. So if you are using
CI/CD, try embedding a static analyzer to check it. Especially since it can be done very simply.
Thank you for your attention.