CppCat is a simple static code analyzer capable of detecting bugs in C/C++ programs. We started granting free academic licenses to all interested (students, teachers, and so on). For the sake of popularizing CppCat among students, I decided to write this post about errors that can be found in student lab work tasks posted at Pastebin.com.
Errors that static code analysis does not find because it is not usedAndrey Karpov
Readers of our articles occasionally note that the PVS-Studio static code analyzer detects a large number of errors that are insignificant and don't affect the application. It is really so. For the most part, important bugs have already been fixed due to manual testing, user feedback, and other expensive methods. At the same time, many of these errors could have been found at the code writing stage and corrected with minimal loss of time, reputation and money. This article will provide several examples of real errors, which could have been immediately fixed, if project authors had used static code analysis.
I regularly communicate with potential users who are worried about errors in C++ programs. Their worry is expressed in the following way: they try the PVS-Studio tool and start to write that it finds too few errors during tests. And although we feel that they find the tool interesting, still they their reaction is quite skeptical.
I regularly communicate with potential users who are worried about errors in C++ programs. Their worry is expressed in the following way: they try the PVS-Studio tool and start to write that it finds too few errors during tests. And although we feel that they find the tool interesting, still they their reaction is quite skeptical.
Bugs found in GCC with the help of PVS-StudioPVS-Studio
I regularly check various open-source projects to demonstrate the abilities of the PVS-Studio static code analyzer (C, C++, C#). Now it is time for the GCC compiler to get checked. Unquestionably, GCC is a very qualitative and well-tested project, that's why it's already a great achievement for a tool to find any errors in it. Fortunately, PVS-Studio coped with this task. No one is immune to typos or carelessness. This is why the PVS-Studio can become an additional line of defense for you, on the front of the endless war against bugs.
Finding bugs in the code of LLVM project with the help of PVS-StudioPVS-Studio
About two months ago I wrote an article about the analysis of GCC using PVS-Studio. The idea of the article was as follows: GCC warnings are great, but they're not enough. It is necessary to use specialized tools for code analysis, for example, PVS-Studio. As proof of my words I showed errors that PVS-Studio was able to find the GCC code. A number of readers have noticed that the quality of the GCC code, and its diagnosis, aren't really great; while Clang compiler is up to date, of high quality, and fresh. In general Clang is awesome! Well, apparently, it's time to check LLVM project with the help of PVS-Studio.
Yes, you've read it right. This time we are writing an "opposite" article: it's not about us checking some third-party project but about our own tool checked by another tool. We actually had performed such verifications before. For instance, we checked PVS-Studio with Cppcheck, Visual Studio static analyzer, inspected Intel C++ warnings. But there were no grounds for writing such an article: none of those tools found anything of interest. But Clang has managed to attract our attention with its diagnostic messages.
How to Improve Visual C++ 2017 Libraries Using PVS-StudioPVS-Studio
The title of this article is a hint for the Visual Studio developers that they could benefit from the use of PVS-Studio static code analyzer. The article discusses the analysis results of the libraries in the recent Visual C++ 2017 release and gives advice on how to improve them and eliminate the bugs found. Read on to find out how the developers of Visual C++ Libraries shoot themselves in the foot: it's going to be interesting and informative.
I just cannot pass by the source code of ICQ messenger. It is a kind of a cult project, and when I saw the source code on GitHub, it was just a matter of time, when we will check it with PVS-Studio. Of course, we have a lot of other interesting projects that are waiting to be checked. For example, we have recently checked GCC, GDB, Mono. Finally, it's the turn of ICQ.
Errors that static code analysis does not find because it is not usedAndrey Karpov
Readers of our articles occasionally note that the PVS-Studio static code analyzer detects a large number of errors that are insignificant and don't affect the application. It is really so. For the most part, important bugs have already been fixed due to manual testing, user feedback, and other expensive methods. At the same time, many of these errors could have been found at the code writing stage and corrected with minimal loss of time, reputation and money. This article will provide several examples of real errors, which could have been immediately fixed, if project authors had used static code analysis.
I regularly communicate with potential users who are worried about errors in C++ programs. Their worry is expressed in the following way: they try the PVS-Studio tool and start to write that it finds too few errors during tests. And although we feel that they find the tool interesting, still they their reaction is quite skeptical.
I regularly communicate with potential users who are worried about errors in C++ programs. Their worry is expressed in the following way: they try the PVS-Studio tool and start to write that it finds too few errors during tests. And although we feel that they find the tool interesting, still they their reaction is quite skeptical.
Bugs found in GCC with the help of PVS-StudioPVS-Studio
I regularly check various open-source projects to demonstrate the abilities of the PVS-Studio static code analyzer (C, C++, C#). Now it is time for the GCC compiler to get checked. Unquestionably, GCC is a very qualitative and well-tested project, that's why it's already a great achievement for a tool to find any errors in it. Fortunately, PVS-Studio coped with this task. No one is immune to typos or carelessness. This is why the PVS-Studio can become an additional line of defense for you, on the front of the endless war against bugs.
Finding bugs in the code of LLVM project with the help of PVS-StudioPVS-Studio
About two months ago I wrote an article about the analysis of GCC using PVS-Studio. The idea of the article was as follows: GCC warnings are great, but they're not enough. It is necessary to use specialized tools for code analysis, for example, PVS-Studio. As proof of my words I showed errors that PVS-Studio was able to find the GCC code. A number of readers have noticed that the quality of the GCC code, and its diagnosis, aren't really great; while Clang compiler is up to date, of high quality, and fresh. In general Clang is awesome! Well, apparently, it's time to check LLVM project with the help of PVS-Studio.
Yes, you've read it right. This time we are writing an "opposite" article: it's not about us checking some third-party project but about our own tool checked by another tool. We actually had performed such verifications before. For instance, we checked PVS-Studio with Cppcheck, Visual Studio static analyzer, inspected Intel C++ warnings. But there were no grounds for writing such an article: none of those tools found anything of interest. But Clang has managed to attract our attention with its diagnostic messages.
How to Improve Visual C++ 2017 Libraries Using PVS-StudioPVS-Studio
The title of this article is a hint for the Visual Studio developers that they could benefit from the use of PVS-Studio static code analyzer. The article discusses the analysis results of the libraries in the recent Visual C++ 2017 release and gives advice on how to improve them and eliminate the bugs found. Read on to find out how the developers of Visual C++ Libraries shoot themselves in the foot: it's going to be interesting and informative.
I just cannot pass by the source code of ICQ messenger. It is a kind of a cult project, and when I saw the source code on GitHub, it was just a matter of time, when we will check it with PVS-Studio. Of course, we have a lot of other interesting projects that are waiting to be checked. For example, we have recently checked GCC, GDB, Mono. Finally, it's the turn of ICQ.
We thought of checking the Boost library long ago but were not sure if we would collect enough results to write an article. However, the wish remained. We tried to do that twice but gave up each time because we didn't know how to replace a compiler call with a PVS-Studio.exe call. Now we've got us new arms, and the third attempt has been successful. So, are there any bugs to be found in Boost?
War of the Machines: PVS-Studio vs. TensorFlowPVS-Studio
"I'll be back" (c). I think everybody knows this phrase. Although, today we aren't going to talk about the return of the terminator, the topic of the article is similar in some way. We'll discuss the analysis of the the machine learning library TensorFlow and will try to find out, if we can sleep peacefully or Skynet is already coming...
Comparing PVS-Studio for C# and a built-in Visual Studio analyzer, using the ...Ekaterina Milovidova
Recently I have done comparison of C# analyzers by PVS-Studio and SonarQube on the base of PascalABC.NET code. The research turned out to be pretty engaging, so I decided to continue working in this direction. This time I compared a C# analyzer of PVS-Studio with a static analyzer built into Visual Studio. In my opinion, this is a very worthy adversary. Despite the fact that the analyzer from the Visual Studio kit is primarily designed to improve the quality of the code, not to look for bugs, this does not mean that it cannot be used to detect real errors, although this may be not easy. Let's see which peculiarities in the work of the analyzers will be detected in the course of our investigation. Let's start!
I don't like it when people use artificial code examples to evaluate the diagnostic capabilities of static code analyzers. There is one particular example I'm going to discuss to explain my negative attitude to synthetic tests.
Having checked ReactOS's code I managed to fulfill three of my wishes at once. Firstly, I had wanted for a long time to write an article on a common project. It's not interesting to check the source code of projects like Chromium: its quality is too high and a lot of resources are spent to maintain it, which are unavailable to common projects. Secondly, it's a good example to demonstrate the necessity of static analysis in a large project, especially when it is developed by a diverse and distributed team. Thirdly, I've got a confirmation that PVS-Studio is becoming even better and more useful.
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-StudioPVS-Studio
In November 2016, we posted an article about the development and use of the PVS-Studio plugin for SonarQube. We received great feedback from our customers and interested users who requested testing the plugin on a real project. As the interest in this subject is not decreasing, we decided to test the plugin on a C# project PascalABC.NET. Also, it should be borne in mind, that SonarQube have their own static analyzer of C# code - SonarC#. To make the report more complete, we decided to test SonarC# as well. The objective of this work was not the comparison of the analyzers, but the demonstration of the main peculiarities of their interaction with the SonarQube service. Plain comparison of the analyzers would not be fair due to the fact that PVS-Studio is a specialized tool for bug detection and potential vulnerabilities, while SonarQube is a service for the assessment of the code quality by a large number of parameters: code duplication, compliance with the code standards, unit tests coverage, potential bugs in the code, density of comments in the code, technical debt and so on.
Since multi-core systems are spreading fast, the problem of parallel programming becomes more and more urgent. However, even the majority of experienced developers are new to this sphere. The existing compilers and code analyzers allow finding some bugs, which appear during parallel code development. However, many errors are not diagnosed. The article contains description of a number of errors, which lead to incorrect behavior of parallel programs created with OpenMP.
Errors detected in the Visual C++ 2012 librariesPVS-Studio
Static code analysis is one of the error detection methodologies. We are glad that this methodology is becoming more and more popular nowadays. Visual Studio which includes static analysis as one of its many features contributes to this process to a large extent. This feature is easy to try and start using regularly. When one understands one likes static code analysis, we are glad to offer a professional analyzer PVS-Studio for the languages C/C++/C++11.
PVS-Studio and CppCat: An Interview with Andrey Karpov, the Project CTO and D...Andrey Karpov
The developers of PVS-Studio analyzer regularly publish new articles about their tool (and sometimes about other analyzers as well) where they share the analysis results of various software projects produced by the analyzer and demonstrate code samples in which defects were found. Quite recently, a new product, CppCat, was released, which is a lightweight version of PVS-Studio at a low cost - compared to that of its heavier counterpart. You can find a brief description of the PVS-Studio project for Visual C++ here and here, and for a description of the new product see the article "An Alternative to PVS-Studio at $250".
Logical Expressions in C/C++. Mistakes Made by ProfessionalsPVS-Studio
In programming, a logical expression is a language construct that is evaluated as true or false. Many books that teach programming "from scratch" discuss possible operations on logical expressions familiar to every beginner. In this article, I won't be talking about the AND operator having higher precedence than OR. Instead, I will talk about common mistakes that programmers make in simple conditional expressions consisting of no more than three operators, and show how you can check your code using truth tables. Mistakes described here are the ones made by the developers of such well-known projects as FreeBSD, Microsoft ChakraCore, Mozilla Thunderbird, LibreOffice, and many others.
Microsoft opened the source code of Xamarin.Forms. We couldn't miss a chance ...PVS-Studio
You probably already know that the Microsoft Corporation bought the Xamarin Company. Even though Microsoft has started gradually opening the source code of some of its products, the Xamarin.Forms code was a big surprise. I couldn't give it the go-by, and decided to check the code using a static code analyzer.
PVS-Studio advertisement - static analysis of C/C++ codeAndrey Karpov
This document advertises the PVS-Studio static analyzer. It describes how using PVS-Studio reduces the number of errors in code of C/C++/C++11 projects and costs on code testing, debugging and maintenance. A lot of examples of errors are cited found by the analyzer in various Open-Source projects. The document describes PVS-Studio at the time of version 4.38 on October 12-th, 2011, and therefore does not describe the capabilities of the tool in the next versions. To learn about new capabilities, visit the product's site <a>http://www.viva64.com</a> or search for an updated version of this article.
This article is meant for those programmers who are only getting started with the Visual Studio environment and trying to compile their C++ projects under it. Everything looks strange and complicated in an unfamiliar environment, and novices are especially irritated by the stdafx.h file that causes strange errors during compilation. Pretty often it all ends in them diligently turning off all precompiled headers in every project. We wrote this article to help Visual Studio newcomers to figure it all out.
Vor dem hintergrund des dossiers der sahara entscheidet marokko sämtlichen ko...Tanja Seidemann
Die marokkanische Regierung hat die Entscheidung getroffen, sämtlichen Kontakt mit den europäischen Institutionen zu unterbrechen, ausgenommen die Austäusche betreffs des Rechtsmittels des Agrarabkommens, das zwischen dem Königreich Marokko und der Europäischen Union (EU) unterzeichnet ist.
We thought of checking the Boost library long ago but were not sure if we would collect enough results to write an article. However, the wish remained. We tried to do that twice but gave up each time because we didn't know how to replace a compiler call with a PVS-Studio.exe call. Now we've got us new arms, and the third attempt has been successful. So, are there any bugs to be found in Boost?
War of the Machines: PVS-Studio vs. TensorFlowPVS-Studio
"I'll be back" (c). I think everybody knows this phrase. Although, today we aren't going to talk about the return of the terminator, the topic of the article is similar in some way. We'll discuss the analysis of the the machine learning library TensorFlow and will try to find out, if we can sleep peacefully or Skynet is already coming...
Comparing PVS-Studio for C# and a built-in Visual Studio analyzer, using the ...Ekaterina Milovidova
Recently I have done comparison of C# analyzers by PVS-Studio and SonarQube on the base of PascalABC.NET code. The research turned out to be pretty engaging, so I decided to continue working in this direction. This time I compared a C# analyzer of PVS-Studio with a static analyzer built into Visual Studio. In my opinion, this is a very worthy adversary. Despite the fact that the analyzer from the Visual Studio kit is primarily designed to improve the quality of the code, not to look for bugs, this does not mean that it cannot be used to detect real errors, although this may be not easy. Let's see which peculiarities in the work of the analyzers will be detected in the course of our investigation. Let's start!
I don't like it when people use artificial code examples to evaluate the diagnostic capabilities of static code analyzers. There is one particular example I'm going to discuss to explain my negative attitude to synthetic tests.
Having checked ReactOS's code I managed to fulfill three of my wishes at once. Firstly, I had wanted for a long time to write an article on a common project. It's not interesting to check the source code of projects like Chromium: its quality is too high and a lot of resources are spent to maintain it, which are unavailable to common projects. Secondly, it's a good example to demonstrate the necessity of static analysis in a large project, especially when it is developed by a diverse and distributed team. Thirdly, I've got a confirmation that PVS-Studio is becoming even better and more useful.
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-StudioPVS-Studio
In November 2016, we posted an article about the development and use of the PVS-Studio plugin for SonarQube. We received great feedback from our customers and interested users who requested testing the plugin on a real project. As the interest in this subject is not decreasing, we decided to test the plugin on a C# project PascalABC.NET. Also, it should be borne in mind, that SonarQube have their own static analyzer of C# code - SonarC#. To make the report more complete, we decided to test SonarC# as well. The objective of this work was not the comparison of the analyzers, but the demonstration of the main peculiarities of their interaction with the SonarQube service. Plain comparison of the analyzers would not be fair due to the fact that PVS-Studio is a specialized tool for bug detection and potential vulnerabilities, while SonarQube is a service for the assessment of the code quality by a large number of parameters: code duplication, compliance with the code standards, unit tests coverage, potential bugs in the code, density of comments in the code, technical debt and so on.
Since multi-core systems are spreading fast, the problem of parallel programming becomes more and more urgent. However, even the majority of experienced developers are new to this sphere. The existing compilers and code analyzers allow finding some bugs, which appear during parallel code development. However, many errors are not diagnosed. The article contains description of a number of errors, which lead to incorrect behavior of parallel programs created with OpenMP.
Errors detected in the Visual C++ 2012 librariesPVS-Studio
Static code analysis is one of the error detection methodologies. We are glad that this methodology is becoming more and more popular nowadays. Visual Studio which includes static analysis as one of its many features contributes to this process to a large extent. This feature is easy to try and start using regularly. When one understands one likes static code analysis, we are glad to offer a professional analyzer PVS-Studio for the languages C/C++/C++11.
PVS-Studio and CppCat: An Interview with Andrey Karpov, the Project CTO and D...Andrey Karpov
The developers of PVS-Studio analyzer regularly publish new articles about their tool (and sometimes about other analyzers as well) where they share the analysis results of various software projects produced by the analyzer and demonstrate code samples in which defects were found. Quite recently, a new product, CppCat, was released, which is a lightweight version of PVS-Studio at a low cost - compared to that of its heavier counterpart. You can find a brief description of the PVS-Studio project for Visual C++ here and here, and for a description of the new product see the article "An Alternative to PVS-Studio at $250".
Logical Expressions in C/C++. Mistakes Made by ProfessionalsPVS-Studio
In programming, a logical expression is a language construct that is evaluated as true or false. Many books that teach programming "from scratch" discuss possible operations on logical expressions familiar to every beginner. In this article, I won't be talking about the AND operator having higher precedence than OR. Instead, I will talk about common mistakes that programmers make in simple conditional expressions consisting of no more than three operators, and show how you can check your code using truth tables. Mistakes described here are the ones made by the developers of such well-known projects as FreeBSD, Microsoft ChakraCore, Mozilla Thunderbird, LibreOffice, and many others.
Microsoft opened the source code of Xamarin.Forms. We couldn't miss a chance ...PVS-Studio
You probably already know that the Microsoft Corporation bought the Xamarin Company. Even though Microsoft has started gradually opening the source code of some of its products, the Xamarin.Forms code was a big surprise. I couldn't give it the go-by, and decided to check the code using a static code analyzer.
PVS-Studio advertisement - static analysis of C/C++ codeAndrey Karpov
This document advertises the PVS-Studio static analyzer. It describes how using PVS-Studio reduces the number of errors in code of C/C++/C++11 projects and costs on code testing, debugging and maintenance. A lot of examples of errors are cited found by the analyzer in various Open-Source projects. The document describes PVS-Studio at the time of version 4.38 on October 12-th, 2011, and therefore does not describe the capabilities of the tool in the next versions. To learn about new capabilities, visit the product's site <a>http://www.viva64.com</a> or search for an updated version of this article.
This article is meant for those programmers who are only getting started with the Visual Studio environment and trying to compile their C++ projects under it. Everything looks strange and complicated in an unfamiliar environment, and novices are especially irritated by the stdafx.h file that causes strange errors during compilation. Pretty often it all ends in them diligently turning off all precompiled headers in every project. We wrote this article to help Visual Studio newcomers to figure it all out.
Vor dem hintergrund des dossiers der sahara entscheidet marokko sämtlichen ko...Tanja Seidemann
Die marokkanische Regierung hat die Entscheidung getroffen, sämtlichen Kontakt mit den europäischen Institutionen zu unterbrechen, ausgenommen die Austäusche betreffs des Rechtsmittels des Agrarabkommens, das zwischen dem Königreich Marokko und der Europäischen Union (EU) unterzeichnet ist.
Estudiosos de las metodologías para el diseño de proyectos de desarrollo local y comunitario afirman que existen una serie de elementos que son esenciales para la elaboración de los mismos. Entre ellos destacan, por su importancia la cadena de las nueve preguntas.
MANUFACTURE OF INTERLOCKING CONCRETE PAVING BLOCKS WITH FLY ASH AND GLASS POWDERIAEME Publication
Problems associated with construction site have been known for many years. Construction industry has to support a world of continuing population growth and economic development.
Interlocking concrete paving blocks are ideal materials on the footpaths, parking areas, gardens, etc. for easy laying, better look and finish. But now being adopted extensively in different uses where the conventional construction of pavement using hot bituminous mix or cement concrete technology is
not feasible or desirable. The rising costs of construction materials and the need to adhere to sustainability, alternative construction techniques and materials are being sought.
Virtual machines are important tools in the arsenal of a software developer. Being an active user of VirtualBox, and checking various open source projects with the help of it, I was personally interested in checking its source code. We did the first check of this project in 2014, and the description of 50 errors barely fit into two articles. With the release of Windows 10 and VirtualBox 5.0.XX the stability of the program got significantly worse, in my humble opinion. So, I decided to check the project again.
A new static analysis tool for C++ code CppCat was presented just recently. You probably heard a lot about the previous product (PVS-Studio) by the same authors. I was pretty doubtful about it then: on the one hand, static analysis is definitely a must-have methodology - things go better with than without it; on the other hand, PVS-Studio may scare users off with its hugeness, an enterprise-like character and the price, of course. I could imagine a project team of 50 developers buying it but wasn't sure about single developers or small teams of 5 developers. I remember suggesting to the PVS-Studio authors deploying "PVS as a cloud service" and sell access to it by time. But they chose to go their own way and created an abridged version at a relatively small price (which any company or even a single developer can afford).
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...Andrey Karpov
About a week ago, I published the "Three Interviews About Static Code Analyzers" article at Habrahabr.
This article presents opinions of three experienced programmers from the companies Acronis,
AlternativaPlatform and Echelon Company concerning software development methodologies as well as
some of their ideas about using static code analyzers.
Since the article was sponsored by the OOO "Program Verification Systems" company, developer of the
PVS-Studio static analyzer, I asked Andrey Karpov (CTO) to answer some questions too. In particular, I
asked him to comment upon the most interesting aspects and ideas of all the three interviews and say a
few words for colleagues and readers, too. Here's what we've got - one more interesting interview.
The PVS-Studio team is now actively developing a static analyzer for C# code. The first version is expected by the end of 2015. And for now my task is to write a few articles to attract C# programmers' attention to our tool in advance. I've got an updated installer today, so we can now install PVS-Studio with C#-support enabled and even analyze some source code. Without further hesitation, I decided to scan whichever program I had at hand. This happened to be the Umbraco project. Of course we can't expect too much of the current version of the analyzer, but its functionality has been enough to allow me to write this small article.
The Ultimate Question of Programming, Refactoring, and EverythingAndrey Karpov
Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The author is Andrey Karpov - technical director of "Program Verification Systems", a team of developers, working on PVS-Studio static code analyzer. Having checked a large number of open source projects, we have seen a large variety of ways to shoot yourself in the foot; there is definitely much to share with the readers. Every recommendation is given with a practical example, which proves the currentness of this question. These tips are intended for C/C++ programmers, but usually they are universal, and may be of interest for developers using other languages.
The Ultimate Question of Programming, Refactoring, and EverythingPVS-Studio
Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The author is Andrey Karpov - technical director of "Program Verification Systems", a team of developers, working on PVS-Studio static code analyzer. Having checked a large number of open source projects, we have seen a large variety of ways to shoot yourself in the foot; there is definitely much to share with the readers. Every recommendation is given with a practical example, which proves the currentness of this question. These tips are intended for C/C++ programmers, but usually they are universal, and may be of interest for developers using other languages.
One of the main problems with C++ is having a huge number of constructions whose behavior is undefined, or is just unexpected for a programmer. We often come across them when using our static analyzer on various projects. But, as we all know, the best thing is to detect errors at the compilation stage. Let's see which techniques in modern C++ help writing not only simple and clear code, but make it safer and more reliable.
Having checked ReactOS's code I managed to fulfill three of my wishes at once. Firstly, I had wanted for a long time to write an article on a common project. It's not interesting to check the source code of projects like Chromium: its quality is too high and a lot of resources are spent to maintain it, which are unavailable to common projects. Secondly, it's a good example to demonstrate the necessity of static analysis in a large project, especially when it is developed by a diverse and distributed team. Thirdly, I've got a confirmation that PVS-Studio is becoming even better and more useful.
How PVS-Studio does the bug search: methods and technologiesPVS-Studio
PVS-Studio is a static code analyzer, that searches for errors and vulnerabilities in programs written in C, C++ and C#. In this article, I am going to uncover the technologies that we use in PVS-Studio analyzer. In addition to the general theoretical information, I will show practical examples of how certain technology allows the detection of bugs.
OpenCV is a library of computer vision algorithms, picture processing algorithms, and general-purpose numerical algorithms. The library is written in C/C++ and is free both for academic and commercial use, as it is distributed under the BSD license. The time has come to check this library with the PVS-Studio code analyzer.
Searching for bugs in Mono: there are hundreds of them!PVS-Studio
It's very interesting to check large projects. As a rule, we do manage to find unusual and peculiar errors, and tell people about them. Also, it's a great way to test our analyzer and improve all its different aspects. I've long been waiting to check 'Mono'; and finally, I got the opportunity. I should say that this check really proved its worth as I was able to find a lot of entertaining things. This article is about the bugs we found, and several nuances which arose during the check.
My name is Andrey Karpov. I develop software for developers, and I'm fond of writing articles on code quality issues. In this connection, I have met the wonderful man Walter Bright who has created the D language. In the form of an interview, I will try to learn from him how the D language helps programmers get rid of errors we all make when writing code.
Tesseract. Recognizing Errors in Recognition SoftwareAndrey Karpov
Tesseract is a free software program for text recognition developed by Google. According to the project description, "Tesseract is probably the most accurate open source OCR engine available". And what if we try to catch some bugs there with the help of the CppCat analyzer?
Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, ...PVS-Studio
After I wrote quite a big article about the analysis of the Tizen OS code, I received a large number of questions concerning the percentage of false positives and the density of errors (how many errors PVS-Studio detects per 1000 lines of code). Apparently, my reasoning that it strongly depends on the project to be analyzed and the settings of the analyzer didn't seem sufficient enough. Therefore, I decided to provide specific figures by doing a more thorough investigation of one of the project of the Tizen OS. I decided that it would be quite interesting to take EFL Core Libraries, because one of the developers, Carsten Haitzler, took an active part in the discussion of my articles. I hope this article would prove to Carsten that PVS-Studio is a worthy tool.
How to complement TDD with static analysisPVS-Studio
TDD is one of the most popular software development techniques. I like this technology in general, and we employ it to some extent. The main thing is not to run to extremes when using it. One shouldn't fully rely on it alone forgetting other methods of software quality enhancement. In this article, I will show you how the static code analysis methodology can be used by programmers using TDD to additionally secure themselves against errors.
The Source SDK is a software development kit compiled by Valve Corporation that is used to create games or mods for the Source engine. I downloaded and checked the project's source codes at the end of 2013 already and intended to write an article about it during the New Year holidays. But laziness prevailed over the craving for creativity, and I sat down to writing the article only on getting back to work. However, I doubt that the source codes have changed during this time. Now you are welcome to have a look at the suspicious code fragments found in the project code by the PVS-Studio code analyzer.
In February 2014, the Argentinian studio OKAM made public the source code of their multi-platform game engine Godot Engine and not so long ago, version 1.0 was released. As you have already guessed, in this article we will talk about the analysis of this project's source code and its results. Analysis was done with the PVS-Studio static code analyzer. Besides the introductory purpose, this article also pursues some practical aims: the readers can learn something new while the project developers can fix errors and bottlenecks. But first things first.
Headache from using mathematical softwarePVS-Studio
It so happened that during some period of time I was discussing on the Internet, one would think, different topics: free alternatives of Matlab for universities and students, and finding errors in algorithms with the help of static code analysis. All these discussions were brought together by the terrible quality of the code of modern programs. In particular, it is about quality of software for mathematicians and scientists. Immediately there arises the question of the credibility to the calculations and studies conducted with the help of such programs. We will try to reflect on this topic and look for the errors.
Analyzing the Blender project with PVS-StudioPVS-Studio
We go on analyzing open source projects and making the software world better. This time we have checked the Blender 2.62 package intended for creating 3D computer graphics.
Analysis of the Trans-Proteomic Pipeline (TPP) projectPVS-Studio
To be honest, I don't know what the TPP project is intended for. As far as I understand, this is a set of tools to assist in research of proteins and their interaction in living organisms. However, that's not so much important. What is important is that their source codes are open. It means that I can check them with the PVS-Studio static analyzer. Which I'm very much fond of.
Similar to Why Students Need the CppCat Code Analyzer (20)
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Why Students Need the CppCat Code Analyzer
1. Why Students Need the CppCat Code
Analyzer
Author: Andrey Karpov
Date: 10.12.2014
Unfortunately, we are no longer developing or supporting the CppCat static code analyzer. Please read
here for details.
CppCat is a simple static code analyzer capable of detecting bugs in C/C++ programs. We started
granting free academic licenses to all interested (students, teachers, and so on). For the sake of
popularizing CppCat among students, I decided to write this post about errors that can be found in
student lab work tasks posted at Pastebin.com.
Just a few words about CppCat
CppCat is a static code analyzer integrating into the Visual Studio environment and allowing the user to
detect a variety of typos and other errors as early as at the coding stage already. The analyzer can
launch automatically after compilation and check freshly written code. The tool supports the languages
C, C++, C++/CLI, C++/CX.
To find out how to get a free CppCat license, see the following article: Free CppCat for Students. I'd just
like to add that we grant licenses not only to students, but postgraduates, teachers, etc. as well.
Many are upset by the fact that CppCat cannot integrate into the free environment Visual Studio
Express. Unfortunately, we can't help it because Express-versions of Visual Studio don't support plugins.
But it's not a problem. Keep in mind that students have access to Microsoft DreamSpark and therefore
can get access to Visual Studio Professional.
Attracting students
My original appeal to students was meant to sound something like this:
Even a student can benefit from static analysis. Why spend time and nerves on hunting a bug in your
program when there's CppCat out there to help you? It will not only find the bug quicker but also help
you learn more about how you shouldn't write your code. The documentation on CppCat provides a
detailed description for each diagnostic and a wide variety of bug examples with tips on how to fix them.
2. Then I saw it was somewhat forced, exaggerated. Students don't really face serious bugs, do they? After
all, there's nothing bad about manually debugging a loop of 10 iterations. It's even useful if we treat it
from the viewpoint of training one's practical skills. That's why I decided to paraphrase my appeal to
students for trying CppCat in the following way:
When applying for a job, your employer will appreciate not only your skill of programming and creating
tricky algorithms but your ability to handle the basic toolkit, which is no less important.
Your algorithm is worth nothing, after all, if you lose it because you don't know what a version control
system is and the best thing you did was to save a copy of your source codes to a flash drive.
That's why it is crucial not only to study programming languages and development environments but
auxiliary toolkit as well.
I don't presume to give you a complete list of all the must-have tools, but you certainly should know at
least one version control system, why WinMerge may be needed, what a profiler is, how to create a
distribution package and so on.
One of the technologies I recommend you to study and mention in your resume is static code analysis.
CppCat is an excellent tool to get started with this methodology. It will serve a good bonus to your
knowledge and a sign for your employer that you do know something about code quality.
Now what we have gathered here for
The boring part is over. I think you've already guessed that we are going to search for errors in students'
lab work tasks.
This time, there's no need to say most code fragments we are going to discuss are poor. It's clear by
itself that students' lab work tasks contain piles of various bugs. So the goal I set was not to find as many
bugs as possible - it's just not interesting. Instead, I tried to distinguish certain bug patterns most
common among students. Well, for now I have managed to single out only three such patterns. But we'll
speak of that a bit later.
You probably want to know where I took the lab work tasks from. Here's the answer.
There is the Pastebin.com site with a convenient service for developers to share their code fragments.
Students use this site very actively. Almost every code sample with the C++ tag is a lab work task or an
excerpt from it.
We have written a program to monitor the Pastebin.com site and download fresh files with the "C++
code" tag from there. Having collected over two thousand files, I made a Visual Studio project of them
and checked it. Of course, more than half of the project was impossible to check because many files
contained only code fragments or text not commented out or some headers were missing, and the like.
But my goal was not to check as much code published at Pastebin.com as possible anyway. What I did
manage to check is quite enough for this article. We keep collecting files, so perhaps there will be
another article on this topic.
C++ students' typical mistakes
The number of errors I examined in the lab work tasks was not that great. So there are only 3 patterns
that I can distinguish so far.
I won't cite all the examples as they all are alike and uninteresting. So I will give you just a few examples
from each pattern. But please take my word for it that if I'm saying a certain error is very common, then
it's really so.
3. P.S. Many of mentioned examples were posted with an expiration time limit and are not available any
longer. That's why I won't give links to such pages.
Pattern 1. Third place. Confusing similar conditions
Many programming tasks imply checking numbers of conditions and students may easily get confused or
make typos while implementing them. Here's a typical example:
int main()
{
int n,a,b,c;
cin >> n;
for(int i=0;i<n;i++)
{
cin >> a >> b >> c;
if((a % 2==0 && b % 2 ==0 && c % 2!=0)||
(a % 2==0 && b % 2!=0 && c % 2==0)||
(a % 2!=0 && b % 2==0 && c % 2==0)||
(a % 2!=0 && b % 2 !=0 && c % 2==0)||
(a % 2==0 && b % 2!=0 && c % 2!=0)|| <<<---
(a % 2==0 && b % 2!=0 && c % 2!=0)) <<<---
{
cout << "1";
}
else
cout << "2";
}
cout << endl;
return 0;
}
CppCat's diagnostic message: V501 There are identical sub-expressions '(a % 2 == 0 && b % 2 != 0 && c
% 2 != 0)' to the left and to the right of the '||' operator. jtzrihcg.cpp 14
The programmer has to make some tricky checks of the values of three declared variables. It looks like
the code was being copy-pasted and was not edited right in some lines. As a result, the last line and the
one before it in the condition are the same.
Another example:
int main() {
....
4. } else if(gesucht < geraten) {
puts("Ein bisschen zu klein");
} else if (gesucht < geraten) {
puts("Ein bisschen zu gross");
}
....
}
V517 The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error
presence. Check lines: 41, 43. wrgkuuzr.cpp 40
The (gesucht < geraten) check is executed twice although different strings should be output.
By the way, the error is found in the last line in both examples. Again we have come across the "last line
effect".
Pattern 2. Second place. Array overrun by 1 item
The fact that array items in C++ are numbered starting with 0 makes it very difficult to study the
language. That is, it's not something difficult to understand, but you have to train yourself to keep that
in mind all the time and never get outside the array boundaries. If you need the 10-th item of the array,
you just can't help writing A[10]. For example:
int main()
{
....
int rodnecs[10];
....
VelPol1 = rodnecs[1] + rodnecs[3] + rodnecs[5] +
rodnecs[8] + rodnecs[10];
....
}
CppCat's diagnostic message: V557 Array overrun is possible. The '10' index is pointing beyond array
bound. 0z3x9b3i.cpp 38
Another one:
void main()
{
....
double pop[3][3];
....
for (int i = 0; i<3; i++)
{
5. calc_y[i] = F(pop[i][1], pop[i][2], pop[i][3], x[i]);
}
....
}
CppCat's diagnostic message: V557 Array overrun is possible. The '3' index is pointing beyond array
bound. 1uj9v9xs.cpp 48
There are plenty of incorrect comparisons in loop conditions:
int main()
{
int i,pinakas[20],temp,temp2,max,min,sum=0;
for (i=1;i<=20;i++)
{
pinakas[i]=rand();
......
}
CppCat's diagnostic message: V557 Array overrun is possible. The value of 'i' index could reach 20.
287ep6c0.cpp 20
Just numbers of them:
int main()
{
const int arraySize = 10;
int a[arraySize];
int key,index,to_do = arraySize - 1;
bool did_swap = true;
srand(time(NULL));
for (int i = 0; i <= arraySize; i++)
{
//generating random number between 1 - 100
a[i] = rand() % 100 + 1;
}
....
}
CppCat's diagnostic message: V557 Array overrun is possible. The value of 'i' index could reach 10.
wgk1lx3u.cpp 18
6. All the rest errors are similar to those cited above, so let's stop here.
Pattern 3. First place. Uninitialized variables
Hey! I think I've finally got it why everyone calls "uninitialized variables" the most common and
dangerous error in C/C++ programming although I don't see it that often when checking projects with
PVS-Studio.
Why? Probably because people suffer too much from this mistake when studying the language and
therefore learn to be careful and gradually stop making it. But the memory still remains, so if you ask
them what they are most afraid of, they'll say, "uninitialized variables".
Here's a very simple case:
int main()
{
....
int n,k=0, liczba=n, i=1;
....
}
CppCat's diagnostic message: V614 Uninitialized variable 'n' used. 1hvefw6r.cpp 92
Also, there's a risk of handling a list incorrectly:
void erase(List * Lista){
List* pom;
pom->next = Lista->next;
Lista->next= pom;
delete pom;
}
CppCat's diagnostic message: V614 Uninitialized pointer 'pom' used. 6gpsgjuy.cpp 54
You may also make a loop with a random number of iterations by mistake:
void main()
{
int i,n;
imie* ime[20];
string nazwa;
string kobieta="Kobiece imina: ";
wpr_dane();
for (i = 1; i < n; i++)
{
....
7. }
CppCat's diagnostic message: V614 Uninitialized variable 'n' used. 8kns8hyn.cpp 63
Another way is to use a variable first and only then set it:
int main() {
int n1;
int n2;
std::vector<int> vec1(n1);
std::vector<int> vec2(n2);
std::cin >> n1;
for (int i = 0; i < n1; i++) {
std::cin >> vec1[i];
}
std::cin >> n2;
for (int j = 0; j < n2; j++) {
std::cin >> vec2[j];
}
....
}
CppCat's diagnostic messages:
V614 Uninitialized variable 'n1' used. 9r9zdkp6.cpp 25
V614 Uninitialized variable 'n2' used. 9r9zdkp6.cpp 26
I don't think it will make any sense citing any more examples. But please believe me, students do tend to
shoot themselves in the foot with uninitialized variables in a variety of ways.
Other mistakes
Of course, I've come across a number of other very diverse mistakes in students' lab work tasks. But I
cannot distinguish any other groups of bugs as large as the ones described above. There are a few quite
noticeable though: incorrect array size calculation, an issue with a semicolon, pre-term loop
termination, incorrect array handling, WTF.
Incorrect array size calculation
Many novice programmers have a hard time learning to understand that a pointer and an array are two
different entities in C/C++. As a result, you may often see code like this:
int arrayLen(int p[])
{
return(sizeof(p)/sizeof(*p));
}
8. CppCat's diagnostic message: V511 The sizeof() operator returns size of the pointer, and not of the
array, in 'sizeof (p)' expression. seprcjvw.cpp 147
The arrayLen() function is not used anywhere though. Probably because it doesn't work. :)
Another example:
bool compare_mas(int * mas, int * mas2){
//calculating number of items of first array
const auto mas_size = sizeof(mas) / sizeof(mas[0]);
//calculating number of times of second array
const auto mas2_size = sizeof(mas2) / sizeof(mas2[0]);
....
}
CppCat's diagnostic messages:
V514 Dividing sizeof a pointer 'sizeof (mas)' by another value. There is a probability of logical
error presence. 0mxbjwbg.cpp 2
V514 Dividing sizeof a pointer 'sizeof (mas2)' by another value. There is a probability of logical
error presence. 0mxbjwbg.cpp 3
A semicolon ';' put in a wrong place
Mistakes of this kind are not as common as I expected. There are some but I won't call it a widely spread
mistake in students' lab work tasks.
A typical example:
vector sum(vector m[],int N){
vector sum,tmp;
for (int i=0;i<N;i++);
{
tmp.a=m[i].a;
tmp.b=m[i].b;
tmp.c=m[i].c;
sum.a+=tmp.a;
sum.b+=tmp.b;
sum.c+=tmp.c;
}
return sum.a,sum.b,sum.c;
}
CppCat's diagnostic message: V529 Odd semicolon ';' after 'for' operator. knadcqde.cpp 122
9. Pre-term loop termination
There are a few examples where a loop is accidentally terminated earlier than it should:
int main()
{
....
for (long long j = sled.size()-1; j > i; j --)
{
sled[j] = '0';
des = 1;
break;
}
....
}
CppCat's diagnostic message: V612 An unconditional 'break' within a loop. XHPquVXs.cpp 31
Incorrect array handling
In a few tasks, I came across examples of Pascal-style array handling, i.e. when a comma is used, which
obviously leads to incorrect execution even though the code still compiles:
void build_maze(){
// tablica przechowujaca informacje o odwiedzonych polach
bool ** tablica = new bool *[n];
....
if (tablica[aktualny.x - 1, aktualny.y] == false){
....
}
CppCat's diagnostic message: V520 The comma operator ',' in array index expression '[aktualny.x - 1,
aktualny.y]'. qqxjufye.cpp 125
Or, students sometimes forget that memory for returned arrays should be allocated in a special way:
int *mul3(int *a)
{
int mem = 0;
int b[1001];
for (int i = 100; i >= 0; i--)
{
int x = a[i] * 3 + mem;
mem = x / 10;
10. b[i] = x % 10;
}
return b;
}
CppCat's diagnostic message: V558 Function returns the pointer to temporary local object: b.
hqvgtwvr.cpp 89
WTF
There are code fragments I can't call other than WTF. Perhaps someone asked a classmate to explain
where a mistake in his or her program was. But, what I find more likely, it was to study that very array
overrun issue that the task was about. Unfortunately, I don't know the comment says.
Here is one full example:
#include <iostream>
using namespace std;
int main()
{
int a[10];
for(int i=0; i<50; i++)
cout << a[i] << endl;
//ovoj loop ili kje krashne ili kje ti nedefinirani vrednost
//(ne mora da bidat 0)
//ako namesto 50 stavis 500000, skoro sigurno kje krashne
int b[10];
for(int i=0; i<50; i++)
{
b[i] = i;
cout << b[i] << endl;
}
//ovoj loop nekogas kje raboti, nekogas ne. problemot so
//out-of-bounds index errori e sto nekogas rabotat kako
//sto treba, pa greskata tesko se naogja
}
What else wasn't included into the article
Quite a lot! For instance, examples of incorrect use of the printf() function. But these are just so trivial I
don't even feel like discussing them.
However, there were some quite exotic kinds of errors:
11. void zmienne1()
{
....
int a,b,c,d;
cin >> a >> b >> c >> d;
if(a == b == c == d)
....
}
CppCat's diagnostic message: V709 Suspicious comparison found: 'a == b == c'. Remember that 'a == b
== c' is not e qual to 'a == b && b == c'. b5lt64hj.cpp 284
Here's one more example of a rare kind (if you don't look at the compiler warnings of course):
const long AVG_PSYCHO = 0.8;
const long AVG_GRAD = 1.2;
CppCat's diagnostic messages:
V674 The '0.8' literal of the 'double' type is assigned to a variable of the 'long' type. Consider
inspecting the '= 0.8' expression. 2k2bmnpz.cpp 21
V674 The '1.2' literal of the 'double' type is assigned to a variable of the 'long' type. Consider
inspecting the '= 1.2' expression. 2k2bmnpz.cpp 22
But we have to stop, I'm afraid. I hope you enjoyed reading this article and I managed to persuade some
of you to try CppCat.
Why we don't intend to make some online-analyzer
I can foresee a possible question, "Why don't you make some online code analysis system? There's one
form out there where you can paste your code and click "Analyze" to have it checked. Or, since you are
monitoring the pastebin.com site, why not upload analysis results somewhere?"
I'm sure there's no need for that. I can name three reasons why, so please don't start any debates on
this topic.
The reasons are:
1) Neither we nor users need this. For us, it means an additional bulk of work, while users won't
get anything new. They can simply download and install PVS-Studio or CppCat and carry out all
the experiments they wish. A demo version will be more than enough for this purpose. "Paste
and check your code" forms are usually used by those companies you cannot easily download a
demo version from. From us, you can. Moreover, our demo version doesn't have any
functionality limitations. Also, someone may complain they don't have Windows but really want
to try our tool. But since they don't have Windows, they are not our customers anyway.
2) This system greatly distorts the estimate of the static analyzer's capabilities. Here's an article
about that: Myths about static analysis. The fifth myth - a small test program is enough to
evaluate a tool. We want people to try the analyzer on their real-life projects, not synthetic
samples.
3) As I've already said, we don't feel like checking synthetic samples. But a full-blown analysis of a
large project is too difficult to implement from the viewpoint of infrastructure. To learn more
12. about it, see this interview. To put it brief, we would have to create a complex system to upload
source files and libraries to it and set up build parameters, and so on. Otherwise, you won't get
a full-blown analysis. So it turns out that downloading and installing the analyzer and checking
your project by yourself is a much easier way.
Conclusion
Dear students and teachers! We will be glad to see you as our users. I wish students to become highly
skilled professionals and persuade their future co-workers to purchase PVS-Studio for teamwork.
References:
1. PVS-Studio for Visual C++.
2. An Alternative to PVS-Studio at $250.
3. Comparing Functionalities of PVS-Studio and CppCat Static Code Analyzers.
4. Free CppCat for Students.