static code analysis

How PVS-Studio does the bug search: methods and technologies

PVS-Studio is a static code analyzer, that searches for errors and vulnerabilities in programs written in C, C++ and C#. In this article, I am going to uncover the technologies that we use in PVS-Studio analyzer. In addition to the general theoretical information, I will show practical examples of how certain technology allows the detection of bugs.

How PVS-Studio does the bug search: methods and technologies

by Andrey Karpov

From the article:

The definition of the pattern looks quite simple, but in practice the implementation of the diagnostic is quite complicated. It's not enough just to analyze only "#define RShift(a) a >> 3". If warnings are issued for all strings of this kind, there will be too many of them. We should have a look at the way the macro expands in every particular case, and try to define the situations where it was done intentionally, and when the brackets are really missing.

 

PVS-Studio C/C++ static code analyzer for Linux

We released the first version of PVS-Studio analyzer for Linux. Now Linux developers are getting a new powerful tool to fight bugs in the code.

PVS-Studio for Linux

From the news:

Starting with the 6.10 version, PVS-Studio analyzer supports not only Windows, but the Linux too.

PVS-Studio performs static code analysis and generates a report that helps a programmer find and fix bugs. PVS-Studio performs a wide range of code checks, it is also useful to search for misprints and Copy-Paste errors. Demonstrative examples of such errors: V501, V517, V522, V523, V571, V611.

The new Linux version (.deb, .rpm, .tgz) is available for download on the page: http://www.viva64.com/en/pvs-studio-download-linux/

Bugs found in GCC with the help of PVS-Studio

I regularly check various open-source projects to demonstrate the abilities of the PVS-Studio static code analyzer (C, C++, C#). Now it is time for the GCC compiler to get checked.

Bugs found in GCC with the help of PVS-Studio

by Andrey Karpov

From the article:

This part could also be called "Example number one thousand, why macros are bad". I really don't like macros and always urge people to avoid using them if possible. Macros make it difficult to read the code, provoke errors, and make the work of static analyzers harder. As best I can tell, from a brief interaction with the GCC code, the authors are big fans of macros. I was really tired looking at what the macros are expanded to, and perhaps missed quite a number of interesting errors. I should confess that I was lazy at times. But still, I will demonstrate a couple of errors, connected with macros.