bugs

PVS-Studio for JetBrains CLion: ad astra per aspera

The PVS-Studio analyzer already has plugins for such IDEs from JetBrains as Rider, IntelliJ IDEA and Android Studio. Somehow we missed another IDE - CLion. The time has come to make amends!

PVS-Studio for JetBrains CLion: ad astra per aspera

by Evgeniy Ovsyannikov, Sergey Vasiliev

From the article:

Here's an answer to the question that we are discussing - PVS-Studio and CLion collaboration will let us detect more errors at the writing code stage. CLion highlights the errors on the fly, but at the same time is limited in the analysis capabilities. PVS-Studio doesn't highlight errors immediately, but it can perform deeper analysis. Note that PVS-Studio has an incremental analysis – the mode that checks only the changed files.

Integrating PVS-Studio into uVision Keil

I've been using this scenario until one day I spent 3 days debugging a very unpleasant bug. The bug kept savagely appearing from time to time. It turned out to be a banal null pointer dereference. I quickly realized that PVS-Studio detects this bug. That was the final nail in the coffin of my patience! – and started integrating PVS-Studio into Keil.

Integrating PVS-Studio into uVision Keil

by Amomum

From the article:

Keil provides a weird feature – creating a project batch file. I still don't know the purpose of this feature. This batch file contains all the necessary information for PVS-Studio, and it's enabled with a single check mark! Unfortunately, this check mark also breaks the incremental build. That is, any compilation becomes a complete recompilation. It affects the build time, so, unfortunately, it's not an option for us.

Example of How New Diagnostics Appear in PVS-Studio

Users sometimes ask how new diagnostics appear in the PVS-Studio static analyzer. We answer that we draw inspiration from a variety of sources: books, coding standards, our own mistakes, our users' emails, and others. Recently we came up with an interesting idea of a new diagnostic.

Example of How New Diagnostics Appear in PVS-Studio

by Andrey Karpov

From the article:

As for application software development, it doesn't make sense to enable them. The CovidSim project could do without them. Otherwise, a user will simply drown in a huge number of messages that are of little use in this case. For example, when experimenting with this set of diagnostics, we received more than a million warnings for some medium-sized open projects. Roughly speaking, every third line of code might be faulty in the view of MISRA. No one will scrape through all warnings, much less fix them. The project is either developed immediately taking into account MISRA recommendations, or this coding standard is irrelevant for it.
 

Why PVS-Studio Uses Data Flow Analysis: Based on Gripping Error in Open Asset Import Library

An essential part of any modern static code analyzer is data flow analysis. However, from an outside perspective, the use of data flow analysis and its benefit is unclear.

Why PVS-Studio Uses Data Flow Analysis: Based on Gripping Error in Open Asset Import Library

by Andrey Karpov

From the article:

It all started with checking the latest version of the Qt 6 library. There was a separate usual article on this, where I'd described 77 errors found. It turned out that at first, I decided to flip through the report, not excluding the third-party libraries' warnings. In other words, I didn't exclude the warnings related to \src\3rdparty in the settings. It so happened that I immediately ran up against a gripping error example in the Open Asset Import Library. So, I decided to write this extra little note about it.

Why PVS-Studio Doesn't Offer Automatic Fixes

Static analyzer PVS-Studio can detect bugs in pretty complex and intricate parts of code, and coming up with appropriate fixes for such bugs may be a tough task even for human developers. That's exactly the reason why we should avoid offering any options for automatic fixing at all. Here are a couple of examples.

Why PVS-Studio Doesn't Offer Automatic Fixes

by Andrey Karpov

From the article:

But it only simplifies the code, not fixes it! Somebody else noticed this and opened a discussion: os_thread_windows.c - get_rel_wait() will block if abstime is in the past. As you can see, even humans make mistakes when trying to come up with a fix. Machines are just hopeless in that respect.

Checking Clang 11 with PVS-Studio

It's no secret that compilers employ their own built-in static code analyzers, and those are developing as well. That's why we write articles every now and then to show that our static analyzer, PVS-Studio, can find bugs even inside compilers and that we are worth our salt.

Checking Clang 11 with PVS-Studio

by Andrey Karpov

From the article:

The programmer is using a modulo operation to get a random value of either 0 or 1. But the value 1 seems to confuse developers and make them write the classic anti-pattern in which the modulo operation is performed on 1 instead of 2. The X % 1 operation is meaningless as it always evaluates to 0.

A Note of Caution about Using PVS-Studio on godbolt.org (Compiler Explorer)

We have added an option allowing you to experiment with the PVS-Studio static analyzer on the godbolt.org (Compiler Explorer) website. It supports analysis of C and C++ code.

A Note of Caution about Using PVS-Studio on godbolt.org (Compiler Explorer)

by Andrey Karpov

From the article:

This may be promising from the perspective of satisfying one's curiosity, writing articles, and so on. But there's a downside to it too: rather than using synthetic examples to explore or try out the tool, people may start relying on them to evaluate and compare it against other analyzers. And this is a very bad approach because the results will be unreliable and dependent on how the test examples are written.

Zero, one, two, Freddy's coming for you

The article might be of interest for authors of books, articles, and C++ coding standards. Based on the given material, you can discuss questions of C++ code quality and ways how to reduce the likelihood of errors' occurence.

Zero, one, two, Freddy's coming for you

by Andrey Karpov

From the article:

This post continues the series of articles, which can well be called «horrors for developers». This time it will also touch upon a typical pattern of typos related to the usage of numbers 0, 1, 2. The language you're writing in doesn't really matter: it can be C, C++, C#, or Java. If you're using constants 0, 1, 2 or variables' names contain these numbers, most likely, Freddie will come to visit you at night. Go on, read and don't say we didn't warn you.

 

Top 10 Bugs Found in C++ Projects in 2019

Another year is drawing to an end, and it's a perfect time to make yourself a cup of coffee and reread the reviews of bugs collected across open-source projects over this year.

Top 10 Bugs Found in C++ Projects in 2019

by Maxim Zvyagintsev

From the article:

float yScale = 1.0 / tan((3.141592538 / 180.0) * fov / 2);

There's a tiny typo in the Pi number (3,141592653...): the number "6" is missing at the 7th decimal place.