Commercial static analyzers perform deeper and fuller code analysis compared to compilers. Let's see what PVS-Studio found in the source code of the LLVM 13.0.0 project.
Open source *
Open source software
- New
- Top
- All
- ≥0
- ≥10
- ≥25
- ≥50
- ≥100
Linux kernel turns 30: congratulations from PVS-Studio
On August 25th, 2021, the Linux kernel celebrated its 30th anniversary. Since then, it's changed a lot. We changed too. Nowadays, the Linux kernel is a huge project used by millions. We checked the kernel 5 years ago. So, we can't miss this event and want to look at the code of this epic project again.
Checking BitTorrent in honor of the 20th anniversary. Time == quality
Couple of weeks ago (or to be more precise, on July 2, 2021), the legendary BitTorrent protocol turned twenty years old. Created by Bram Cohen, the protocol has been developing rapidly since its inception, and has quickly become one of the most popular ways to exchange files. So why not check out a couple of long-lived related projects with the PVS-Studio analyzer for Linux?
MyBee — FreeBSD OS and hypervisor bhyve as private cloud
This article is aimed to describe FreeBSD OS as a platform to launch cloud guest OSes with simple API capabilities, using MyBee and DevOPS I really like!
AngouriMath 1.3 update
Four months of awesome work together with a few new contributors finally result in a new major release, which I'm happy to announce about.
Now we get completely new matrices, improved parser, a lot of new functions, almost rewritten interactive package (for working in Jupyter) and many more.
This article about a big update in a FOSS symbolic algebra library for .NET, I hope it may be interesting for someone!
MacOS Kernel, How Good Is This Apple?
At the very beginning of this year, Apple released the source code for macOS – Big Sur. It includes XNU, the kernel of the macOS operating system. A few years ago, PVS-Studio has already checked the kernel source code. It coincided with the analyzer release on macOS. It's been a while since then. The new kernel source code has been released. A second check? Why not?
Multiple violations of policies in RMS open letter
Author: Chris Punches (@cmpunches, Silo group). License: "Please feel free to share unmodified".
The following text is an unmodified copy of now removed issue #2250 on rms-open-letter.github.io repository. The text claims multiple violations of different policies, codes of conduct and other documents in creation, content and support of the "Open letter to remove Richard M. Stallman from all leadership positions". The issue has not been addressed.
Short-lived Music or MuseScore Code Analysis
Having only programming background, it is impossible to develop software in some areas. Take the difficulties of medical software development as an example. The same is with music software, which will be discussed in this article. Here you need an advice of subject matter experts. However, it's more expensive for software development. That is why developers sometimes save on code quality. The example of the MuseScore project check, described in the article, will show the importance of code quality expertise. Hopefully, programming and musical humor will brighten up the technical text.
PVS-Studio, Blender: Series of Notes on Advantages of Regular Static Analysis of Code
In our articles, we regularly repeat an important idea: a static analyzer should be used regularly. This helps detect and cheaply fix many errors at the earliest stage. It looks nice in theory. As we know, actions still speak louder than words. Let's look at some recent bugs in new code of the Blender project.
HDB++ TANGO Archiving System
What is HDB++?
This is a TANGO archiving system, allows you to save data received from devices in the TANGO system.
Working with Linux will be described here (TangoBox 9.3 on base Ubuntu 18.04), this is a ready-made system where everything is configured.
What is the article about?
- System architecture.
- How to set up archiving.
It took me ~ 2 weeks to understand the architecture and write my own scripts for python for this case.
What is it for?
Allows you to store the history of the readings of your equipment.
- You don't need to think about how to store data in the database.
- You just need to specify which attributes to archive from which equipment.
Free Heroes of Might and Magic II: Open-Source Project that You Want to Be Part of
Recently we found out that the new version of the fheroes2 project was released. In our company there are many fans of Heroes of Might and Magic game series. So, we couldn't pass it up and checked the project by PVS-Studio.
Overview of recent changes in rotor (v0.10… v0.14)
rotor is a non-intrusive event loop friendly C++ actor micro framework with hierarchical supervising, similar to its elder brothers like caf and sobjectizer. There is a bulk of important changes since the last release announcement v0.09
Why PVS-Studio Uses Data Flow Analysis: Based on Gripping Error in Open Asset Import Library
An essential part of any modern static code analyzer is data flow analysis. However, from an outside perspective, the use of data flow analysis and its benefit is unclear. Some people still consider static analysis a tool searching for something in code according to a certain pattern. Thus, we occasionally write blog posts to show how this or that technology, used in the PVS-Studio analyzer, helps to identify another interesting error. Today, we have such an article about the bug found in the Base64, one of the encoding standard implementations of binary data.
Just for Fun: PVS-Studio Team Came Up With Monitoring Quality of Some Open Source Projects
Static code analysis is a crucial component of all modern projects. Its proper application is even more important. We decided to set up a regular check of some open source projects to see the effect of the analyzer's frequent running. We use the PVS-Studio analyzer to check projects. As for viewing the outcome, the choice fell on SonarQube. As a result, our subscribers will learn about new interesting bugs in the newly written code. We hope you'll have fun.
COVID-19 Research and Uninitialized Variable
There is an open project COVID-19 CovidSim Model, written in C++. There is also a PVS-Studio static code analyzer that detects errors very well. One day they met. Embrace the fragility of mathematical modeling algorithms and why you need to make every effort to enhance the code quality.
Finding Typos in the GTK 4 Project by PVS-Studio
You may have already read a recent article about the first PVS-Studio run and filtration of warnings. We used the GTK 4 project as an example. It's about time we worked with the received report in more detail. Our regular readers may have already guessed that this article will be a description of errors found in the code.
How PVS-Studio Checked ELKI in January
If you feel like the New Year just came, and you missed the first half of January, then all this time you've been busy looking for tricky bugs in the code you maintain. It also means that our article is what you need. PVS-Studio has checked the ELKI open source project to show you errors that may occur in the code, how cunningly they can hide there, and how you can deal with them.
Modern Portable Voice Activity Detector Released
Currently, there are hardly any high quality / modern / free / public voice activity detectors except for WebRTC Voice Activity Detector (link). WebRTC though starts to show its age and it suffers from many false positives.
Also in some cases it is crucial to be able to anonymize large-scale spoken corpora (i.e. remove personal data). Typically personal data is considered to be private / sensitive if it contains (i) a name (ii) some private ID. Name recognition is a highly subjective matter and it depends on locale and business case, but Voice Activity and Number Detection are quite general tasks.
Key features:
- Modern, portable;
- Low memory footprint;
- Superior metrics to WebRTC;
- Trained on huge spoken corpora and noise / sound libraries;
- Slower than WebRTC, but fast enough for IOT / edge / mobile applications;
- Unlike WebRTC (which mostly tells silence from voice), our VAD can tell voice from noise / music / silence;
- PyTorch (JIT) and ONNX checkpoints;
Typical use cases:
- Spoken corpora anonymization;
- Can be used together with WebRTC;
- Voice activity detection for IOT / edge / mobile use cases;
- Data cleaning and preparation, number and voice detection in general;
- PyTorch and ONNX can be used with a wide variety of deployment options and backends in mind;
Top-10 Bugs in Java Projects in 2020
The New Year is steadily approaching, therefore it's time to sum everything up. Continuing the tradition, we thought back to our articles about checking Java projects from the open-source world for this year and rated the top 10 most exciting bugs.
ONLYOFFICE Community Server: how bugs contribute to the emergence of security problems
Server-side network applications rarely get the chance to join the ranks of our reviews of errors found in open source software. This is probably due to their popularity. After all, we try to pay attention to the projects that readers themselves offer us. At the same time, servers often perform very important functions, but their performance and benefits remain invisible to most users. So, by chance, the code of ONLYOFFICE Community Server was checked. It turned out to be a very fun review.
Authors' contribution
-
alizar 10433.6 -
Jeditobe 5045.8 -
SvyatoslavMC 2203.0 -
Andrey2008 1906.0 -
m1rko 1437.2 -
ilya42 1397.0 -
Seleditor 1187.2 -
shurup 1113.2 -
dalerank 882.0 -
Gim6626 876.6