Top 10 bugs found in C++ projects in 2022

by Vladislav Stolyarov

Here the analyzer detected that a function, marked as noexcept, calls a function that throws an exception. If an exception arises from the nothrow function's body, the nothrow function calls std::terminate, and the program crashes. It could make sense to wrap the setName function in the function-try-block and process the exceptional situation there — or one could use something else instead of generating the exception.

Top 10 bugs found in C++ projects in 2021

by Vladislav Stolyarov

Let's talk about... HTML! PVS-Studio provides diagnostics that don't just check code – they also look for abnormalities in string literals. The code above triggered one of these diagnostics. Such cases are quite rare. That's why, this one is so intriguing. Someone intended to create one list but added two tags that open this list instead of one. This is clearly a typo. The first tag must open the list, and the second one must close it.

Example of How New Diagnostics Appear in PVS-Studio

by Andrey Karpov

As for application software development, it doesn't make sense to enable them. The CovidSim project could do without them. Otherwise, a user will simply drown in a huge number of messages that are of little use in this case. For example, when experimenting with this set of diagnostics, we received more than a million warnings for some medium-sized open projects. Roughly speaking, every third line of code might be faulty in the view of MISRA. No one will scrape through all warnings, much less fix them. The project is either developed immediately taking into account MISRA recommendations, or this coding standard is irrelevant for it.
 

Checking Clang 11 with PVS-Studio

by Andrey Karpov

The programmer is using a modulo operation to get a random value of either 0 or 1. But the value 1 seems to confuse developers and make them write the classic anti-pattern in which the modulo operation is performed on 1 instead of 2. The X % 1 operation is meaningless as it always evaluates to 0.

Checking a Header-Only C++ Library Collection (awesome-hpp)

by Andrey Karpov

A note for library developers. You can use PVS-Studio to check open-source projects for free. To get a free license to use with your open-source project, please fill in this form.

Why it is important to apply static analysis for open libraries that you add to your project

by Andrey Karpov

Because of a typo, the original vector is returned, not the new scaledVector container. The same error occurs in the division operator. Facepalm. Again, these errors don't mean anything separately. Although, this is a hint that this library isn't used much and there is highly likely that there are other serious undetected errors in it.

Top 10 Bugs Found in C++ Projects in 2019

by Maxim Zvyagintsev

float yScale = 1.0 / tan((3.141592538 / 180.0) * fov / 2);

There's a tiny typo in the Pi number (3,141592653...): the number "6" is missing at the 7th decimal place.
 

Finding bugs in the code of LLVM project with the help of PVS-Studio

by Andrey Karpov

LLVM developers, of course, will be able to understand if there is a bug here or not. I have to play detective. Looking at the code, I was thinking in the following direction: The function should read the opening bracket '<', then it reads the identifiers and commas in the loop. If there is no comma, we expected a closing bracket. If something goes wrong, then the function returns an error code. I reckon there was supposed to be the following algorithm of the function work (pseudocode).