Modern applications have lots of code. And the C++ language doesn't get easier. Nowadays, code reviews are not enough to fully analyze program code. Here's where static code analysis comes in.
C++ *
General-purpose programming language. It has imperative, object-oriented and generic programming features, while also providing facilities for low-level memory manipulation
- New
- Top
- All
- ≥0
- ≥10
- ≥25
- ≥50
- ≥100
Detecting errors in the LLVM release 13.0.0
Commercial static analyzers perform deeper and fuller code analysis compared to compilers. Let's see what PVS-Studio found in the source code of the LLVM 13.0.0 project.
Millions of orders per second matching engine testing
I had some experience in the matching engine development for cryptocurrency exchange some time ago. That was an interesting and challenging experience. I developed it in clear C++ from scratch. The testing of it is also quite a challenging task. You need to get data for testing, perform testing, collect some statistics, and at last, analyze collected data to find weak points and bottlenecks. I want to focus on testing the C++ matching engine and show how testing can give insights for optimizations even without the need to change the code. The matching engine I developed can do more than 1’000’000 TPS (transactions per second) and is 10x times faster than the matching engine of the Binance cryptocurrency exchange (see one post on Binance Blog).
CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?
For the first time PVS-Studio provided support for the CWE classification in the 6.21 release. It took place on January 15, 2018. Years have passed since then and we would like to tell you about the improvements related to the support of this classification in the latest analyzer version.
Why we need dynamic code analysis: the example of the PVS-Studio project
In May 2021, CppCast recorded a podcast called ABI stability (CppCast #300). In this podcast, Marshall Clow and the hosts discussed rather old news — Visual Studio compilers support the AddressSantitzer tool. We have already integrated ASan into our testing system a long time ago. Now we want to tell you about a couple of interesting errors it found.
MISRA C: struggle for code quality and security
A couple of years ago the PVS-Studio analyzer got its first diagnostic rules to check program code compliance with the MISRA C and MISRA C++ standards. We collected feedback and saw that our clients were interested in using the analyzer to check their projects for MISRA compliance. So, we decided to further develop the analyzer in this direction. The article covers the MISRA C/C++ standard and the MISRA Compliance report. It also shows what we already managed to do and what we plan to achieve by the end of the year.
Why do you need the MISRA Compliance report and how to generate one in PVS-Studio?
If you are strongly interested in MISRA and would like to understand whether your project meets one of the MISRA association's standards, there is a solution. It's name is MISRA Compliance. PVS-Studio has recently learned how to generate the MISRA Compliance report. This article describes how you can use this feature. This can make somebody's life better.
Linux kernel turns 30: congratulations from PVS-Studio
On August 25th, 2021, the Linux kernel celebrated its 30th anniversary. Since then, it's changed a lot. We changed too. Nowadays, the Linux kernel is a huge project used by millions. We checked the kernel 5 years ago. So, we can't miss this event and want to look at the code of this epic project again.
Intermodular analysis of C++ projects in PVS-Studio
Recently PVS-Studio has implemented a major feature—we supported intermodular analysis of C++ projects. This article covers our and other tools' implementations. You'll also find out how to try this feature and what we managed to detect using it.
PVS-Studio for JetBrains CLion: ad astra per aspera
The PVS-Studio analyzer already has plugins for such IDEs from JetBrains as Rider, IntelliJ IDEA and Android Studio. Somehow we missed another IDE - CLion. The time has come to make amends! But why would you need PVS-Studio if CLion already has the code analyzer? What problems appeared during development? Keep reading to find answers to these questions.
Checking BitTorrent in honor of the 20th anniversary. Time == quality
Couple of weeks ago (or to be more precise, on July 2, 2021), the legendary BitTorrent protocol turned twenty years old. Created by Bram Cohen, the protocol has been developing rapidly since its inception, and has quickly become one of the most popular ways to exchange files. So why not check out a couple of long-lived related projects with the PVS-Studio analyzer for Linux?
One Day in the Life of PVS-Studio Developer, or How I Debugged Diagnostic That Surpassed Three Programmers
Static analyzers' primary aim is to search for errors missed by developers. Recently, the PVS-Studio team again found an interesting example proving the power of static analysis.
Yo, Ho, Ho, And a Bottle of Rum — Or How We Analyzed Storm Engine's Bugs
PVS-Studio is a static analysis tool that helps find errors in software source code. This time PVS-Studio looked for bugs in Storm Engine's source code.
PVS-Studio Team: Switching to Clang Improved PVS-Studio C++ Analyzer's Performance
From the earliest days, we used MSVC to compile the PVS-Studio C++ analyzer for Windows - then, in 2006, known as Viva64, version 1.00. With new releases, the analyzer's C++ core learned to work on Linux and macOS, and we modified the project's structure to support CMake. However, we kept using the MSVC compiler to build the analyzer's version for Windows. Then, in 2019, on April 29th, Visual Studio developers announced they had included the LLVM utilities and Clang compiler in the IDE. And just recently we've gotten around to try it.
Breadth/Depth First Search
A graph is a kind of data structure that includes a set of vertices and edges. Graph traversing means a visit to each vertex of the graph precisely. The graph traversing is used to determine the order in which vertices are being visited throughout the search process. A graph traversing searches for the edges that will be used in the search operation without establishing loops. This means that using graph traversal, we will go to all the vertices of the graph without going into a looping path.
There are two kinds of graph traversal methods.
Stack And Queue
Stack
Stack is a linear data structure. In stack, data access is limited. It follows the rule of insertion and deletion of data. Stack is a collection of only similar data types. Elements in the stack are arranged sequentially. It follows the LIFO principle which is the last-in and first-out rule.
Example
To understand this concept, let us take an example of arranging coins. If we start placing coins one after the other in such a way that the first coin will be placed first at the bottom and the next coin will come on above the first coin and so on. Now if we want to remove coins, then the topmost coin which is the third coin will be removed first. So in this way, the last coin will be removed first according to the LIFO principle.
Making Grenades in Unreal Engine, Part 2: Attributes, Gameplay Effects, Replication
Link to Part 1.
A SimpleGAS is a set of tutorials for entry-level Unreal Engine enthusiasts who wants to leverage the power of the Gameplay Ability System in their prototypes. While there are great tutorials and GitHub repositories which cover the topic of GAS in more depth, this tutorial is requiring a minimum C++ setup and showcases working examples built entirely using Blueprints. This tutorial is for those who are new to Unreal Engine gameplay/multiplayer development or simply need an easy headstart before diving into more sophisticated GAS-related content.
Today we finish what we started in Part 1 and make replicated grenade projectiles using Gameplay Ability System...
IncrediBuild: How to Speed up Your Project's Build and Analysis
"How much longer are you going to build it?" - a phrase that every developer has uttered at least once in the middle of the night. Yes, a build can be long and there is no escaping it. One does not simply redistribute the whole thing among 100+ cores, instead of some pathetic 8-12 ones. Or is it possible?
PVS-Studio Learns What strlen is All About
Somehow, it so happens that we write about our diagnostics, but barely touch upon the subject of how we enhance the analyzer's internal mechanics. So, for a change, today we'll talk about a new useful upgrade for our data flow analysis.
MacOS Kernel, How Good Is This Apple?
At the very beginning of this year, Apple released the source code for macOS – Big Sur. It includes XNU, the kernel of the macOS operating system. A few years ago, PVS-Studio has already checked the kernel source code. It coincided with the analyzer release on macOS. It's been a while since then. The new kernel source code has been released. A second check? Why not?
Authors' contribution
-
Andrey2008 6260.0 -
tangro 2409.0 -
SvyatoslavMC 2388.0 -
antoshkka 1404.0 -
haqreu 1366.0 -
olegchir 968.2 -
khizmax 945.4 -
eao197 833.0 -
0xd34df00d 726.0 -
anastasiak2512 725.0