In the New year 2019, a PVS-Studio team decided to make a nice gift for all contributors of open-source projects hosted on GitHub or Bitbucket. They are given free usage of PVS-Studio static analyzer for development of open source projects.
Tips and tricks
Pointers are more abstract than you might expect in C
By Stefan Schulze Frielinghaus
A pointer references a location in memory and dereferencing a pointer refers to the lookup of the value of the memory location the pointer references. The value of a pointer is a memory address. The C standard does not define the representation of a memory address. This is crucial since not every architecture makes use of the same memory addressing paradigm. Most modern architectures make use of a linear address space or something similar. Still, even this is not precise enough since you might want to talk about physical or virtual addresses. Some architectures make even use of non-numeric addresses. For example, the Symbolics Lisp Machine makes use of tuples of the form (object, offset) as addresses.
PVS-Studio: the Additional Insurance of the Medical Software
Software bugs can lead not only to material losses, but also can damage human’s health. For example, actors on the stage of a theatre can get injured if suddenly one of the scenery begins to go down on the stage at the wrong time. However, the connection between the errors in code and the health damage of medical software is more obvious. Let’s talk about this topic.
A first look at RPG: turns out it’s not only Role-Playing Games
Many of you have heard about one of the oldest programming languages, COBOL, and you have also heard that COBOL programmers are much asked for nowadays to maintain old legacy code. There’s another old-timer which few know about and which is still in use and will be in use for quite a while for applications in various specific fields (i.e. finance, banking, etc.). Its name is IBM RPG.
Search for Bugs in Code at the Early Stage
Every developer knows about a debugger, version control system or, for example, unit-tests. Nevertheless, not all developers are familiar with the methodology of static code analysis. Meanwhile, the technology becomes an integral part of the development cycle of programs. I would like to suggest a small introductory course for anyone interested in modern development trends.
If doctors were like coders
Myths about static analysis. The fifth myth – a small test program is enough to evaluate a tool
This is how this statement looks in discussions on forums (this is a collective image):
I’ve written a special program, its size is 100 code lines. But the analyzer doesn’t generate anything although all the warning levels are enabled. This [tool of yours] / [static analysis] in general is just rubbish.
Hire Dedicated Developers: Skills and Factors to Consider
Hiring new people is always a challenge. No matter whether those are your own employees or outsourced workers. However, hiring dedicated developers or team there are certain skills and factors which need to be considered. And that’s where our advices will come in handy for you.
Myths about static analysis. The fourth myth – programmers want to add their own rules into a static analyzer
No, they don’t. They actually want to solve some tasks of searching for particular language constructs. It is not the same thing as creating diagnostic rules.
Myths about static analysis. The third myth – dynamic analysis is better than static analysis
The statement is rather strange. Dynamic and static analyses are just two different methodologies which supplement each other. Programmers seem to understand it, but I hear it again and again that dynamic analysis is better than static analysis.
Let me list advantages of static code analysis.
