A couple of years ago the PVS-Studio analyzer got its first diagnostic rules to check program code compliance with the MISRA C and MISRA C++ standards. We collected feedback and saw that our clients were interested in using the analyzer to check their projects for MISRA compliance. So, we decided to further develop the analyzer in this direction. The article covers the MISRA C/C++ standard and the MISRA Compliance report. It also shows what we already managed to do and what we plan to achieve by the end of the year.
- New
- Top
How Visual Studio 2022 ate up 100 GB of memory and what XML bombs had to do with it
In April 2021 Microsoft announced a new version of its IDE – Visual Studio 2022 – while also announcing that the IDE would be 64-bit. We've been waiting for this for so long – no more 4 GB memory limitations! However, as it turned out, it's not all that simple...
Why do you need the MISRA Compliance report and how to generate one in PVS-Studio?
If you are strongly interested in MISRA and would like to understand whether your project meets one of the MISRA association's standards, there is a solution. It's name is MISRA Compliance. PVS-Studio has recently learned how to generate the MISRA Compliance report. This article describes how you can use this feature. This can make somebody's life better.
Technical support: what it's for and how to avoid burnout?
Not everyone enjoys working in support. Many people who work there experience burnout. So maybe companies shouldn't have any support at all? How do they benefit from it? Is there a way to prevent burnout while working in support? Let's try to find the answers.
Linux kernel turns 30: congratulations from PVS-Studio
On August 25th, 2021, the Linux kernel celebrated its 30th anniversary. Since then, it's changed a lot. We changed too. Nowadays, the Linux kernel is a huge project used by millions. We checked the kernel 5 years ago. So, we can't miss this event and want to look at the code of this epic project again.
XSS: attack, defense — and C# programming
XSS - or cross-site scripting - is one of the most common vulnerabilities in web applications. It has been on the OWASP Top 10 list (the list of the most critical security risks to web applications) for a while now. So let's figure out together how your browser can acquire and execute a script from a third-party website, and what this may lead to (spoiler: your cookies could get stolen, for example). And while we're at it, we'll talk about ways you can protect yourself from XSS.
Tutorial: how to port a project from Interop Word API to Open XML SDK
With the .NET5 release further development of some projects was questionable due to the complexity of porting. One can abandon small outdated libraries or find a replacement. But it's hard to throw away Microsoft.Office.Interop.Word.dll. Microsoft doesn't plan to add compatibility with .NET Core/5+, so in this article we focus on creating Word files with Open XML SDK.
Is PHP compilable?! PVS-Studio searches for errors in PeachPie
PHP is widely known as an interpreted programming language used mainly for website development. However, few people know that PHP also has a compiler to .NET – PeachPie. But how well is it made? Will the static analyzer be able to find actual bugs in this compiler? Let's find out!
PVS-Studio 7.14: intermodular analysis in C++ and plugin for JetBrains CLion
The PVS-Studio team is increasing the number of diagnostics with each new release. Besides, we are improving the analyzer's infrastructure. This time we added the plugin for JetBrains CLion. Moreover, we introduced intermodular analysis of C++ projects and speeded up the C# analyzer core.
PVS-Studio team's kanban board. Part 2: YouTrack
Hello everyone! Welcome to the second part of the PVS-Studio Team's Kanban Board story. This time we'll talk about YouTrack. You'll learn why we chose and implemented this task tracker and what challenges we encountered. We don't want to advertise or criticize YouTrack. Nevertheless, our team thinks JetBrains has done (and keeps doing) a great job.
Optimization of .NET applications: a big result of small edits
Today we're going to discuss how small optimizations in the right places of the application can improve its performance. Imagine: we remove the creation of an extra iterator in one place, get rid of boxing in the other. As a result, we get drastic improvements because of such small edits.
Intermodular analysis of C++ projects in PVS-Studio
Recently PVS-Studio has implemented a major feature—we supported intermodular analysis of C++ projects. This article covers our and other tools' implementations. You'll also find out how to try this feature and what we managed to detect using it.
VSCode: how to view reports of static analyzers that support SARIF
People increasingly start optimizing the process of finding code errors using static analyzers. Nowadays, we can choose from a variety of products to view analysis results. This post covers the ways how to view an analyzer report in the most stylish and feature-rich IDE among multifunctional ones – VSCode. The SARIF format and a special plugin for it allow us to perform our task. Keep reading to find out about this. Let's get going!
PVS-Studio for JetBrains CLion: ad astra per aspera
The PVS-Studio analyzer already has plugins for such IDEs from JetBrains as Rider, IntelliJ IDEA and Android Studio. Somehow we missed another IDE - CLion. The time has come to make amends! But why would you need PVS-Studio if CLion already has the code analyzer? What problems appeared during development? Keep reading to find answers to these questions.
Static analysis protects your code from time bombs
Static code analysis allows you to identify and eliminate many defects at an early stage. Moreover, it's possible to detect dormant errors that don't show themselves when they appear. They can cause many problems in the future and it requires many hours of debugging to detect them. Let's look at an example of such a dormant error.
Checking BitTorrent in honor of the 20th anniversary. Time == quality
Couple of weeks ago (or to be more precise, on July 2, 2021), the legendary BitTorrent protocol turned twenty years old. Created by Bram Cohen, the protocol has been developing rapidly since its inception, and has quickly become one of the most popular ways to exchange files. So why not check out a couple of long-lived related projects with the PVS-Studio analyzer for Linux?
A Beautiful Error in the Implementation of the String Concatenation Function
We, the PVS-Studio static code analyzer developers, have a peculiar view on beauty. On the beauty of bugs. We like to find grace in errors, examine them, try to guess how they appeared. Today we have an interesting case when the concepts of length and size got mixed up in the code.
Enums in C#: Hidden Pitfalls
C# has low barriers to entry and forgives a lot. Seriously, you may not understand how things work under the hood but still write code and remain easy-going about this. Though you still have to deal with different nuances over time. Today, we'll look at one of such subtle aspects — handling enumerations.
An Unexpected Article About Our Unicorn: Who Is the PVS-Studio Mascot?
PVS-Studio has a mascot that became inseparable from the brand - a unicorn. Lately we've been getting many questions about our magic steed: why the unicorn, why has he changed so much, does he have hooves, how come he doesn't wear pants, and how do we draw him. The answers are finally here, in this very article.
Attention: there will be a lot of pictures. And I mean A LOT.
One Day in the Life of PVS-Studio Developer, or How I Debugged Diagnostic That Surpassed Three Programmers
Static analyzers' primary aim is to search for errors missed by developers. Recently, the PVS-Studio team again found an interesting example proving the power of static analysis.