What is yield and how does it work in C#?

C# capabilities keep expanding from year to year. New features enrich software development. However, their advantages may not always be so obvious. For example, the good old yield. To some developers, especially beginners, it’s like magic – inexplicable, but intriguing. This article shows how yield works and what this peculiar word hides. Have fun reading!

Continue reading

CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?

For the first time PVS-Studio provided support for the CWE classification in the 6.21 release. It took place on January 15, 2018. Years have passed since then and we would like to tell you about the improvements related to the support of this classification in the latest analyzer version.

Continue reading

How to Hide the Analyzer False Positives?

If you’re using a static analyzer, most likely you stumble upon cases when it gets something wrong and gives false positives đź‘Ž So, somehow you need to tell it about an incorrect case and let a false warning go to long rest đź’¤ The good news is that we have a special mechanism for this that we’ll tell you about today.

Have a good watch and clean code 🙂

Date processing attracts bugs or 77 defects in Qt 6

The recent Qt 6 release compelled us to recheck the framework with PVS-Studio. In this article, we reviewed various interesting errors we found, for example, those related to processing dates. The errors we discovered prove that developers can greatly benefit from regularly checking their projects with tools like PVS-Studio.

Continue reading

How to get nice error reports using SARIF in GitHub

Let’s say you use GitHub, write code, and do other fun stuff. You also use a static analyzer to enhance your work quality and optimize the timing. Once you come up with an idea – why not view the errors that the analyzer gave right in GitHub? Yeah, and also it would be great if it looked nice. So, what should you do? The answer is very simple. SARIF is right for you. This article will cover what SARIF is and how to set it up. Enjoy the reading!

Continue reading

MISRA C: struggle for code quality and security

A couple of years ago the PVS-Studio analyzer got its first diagnostic rules to check program code compliance with the MISRA C and MISRA C++ standards. We collected feedback and saw that our clients were interested in using the analyzer to check their projects for MISRA compliance. So, we decided to further develop the analyzer in this direction. The article covers the MISRA C/C++ standard and the MISRA Compliance report. It also shows what we already managed to do and what we plan to achieve by the end of the year.

Continue reading

How to Exclude Unnecessary Files From Static Analysis? [Excluding Files] 

Few projects can do without outside libraries and other useful ready-made solutions. However, analyzers can see the whole code and check it with abandon. 🔎 That’s why sometimes it’s worth pointing out the spots where they should stop and analyze nothing. In this video, we’ll tell you how to do it and why it is actually useful.

Enjoy the video and have clean code 🙂

Did it have to take so long to find a bug?

Have you ever wondered which type of project demonstrates higher code quality – open-source or proprietary? Our blog posts may seem to suggest that bugs tend to concentrate in open-source projects. But that’s not quite true. Bugs can be found in any project, no matter the manner of storage. As for the code quality, it tends to be higher in those projects where developers care about and work on it. In this small post, you will learn about a bug that took two years to fix, although it could have been done in just five minutes.

Continue reading