Often people ask questions - which programming language is easier, which is the most popular, which one to start learning and so on. In this article we will compare two languages Python and Ruby; their reference implementations CPython and MRI, to be exact.

We took the latest versions of the source code from the repositories (Ruby, Python) for the analysis. There weren’t many glaring errors in these projects. Most of them are related to the usage of macros, although this code is quite innocent from the point of view of the developer. But at the same time, such suspicious fragments that occurred because of copy paste, comparing SOCKET type with null, undefined behavior, storing values to the variables that are already used or null pointer dereferencing are really worth reviewing.

Having analyzed all the warnings of general analysis diagnostics and removed all the false positives, we have come to the following conclusion concerning the error density:

image

More details about the code fragments where these suspicious code fragments were found:
http://bit.ly/2a2lLZR

It’s worth saying that despite these flaws, the code is still of high quality. We should also take such factors into account as the size of the codebase , or the fact that some fragments are erroneous only from the point of view of C++ language and they don’t affect the program in any way. That’s why this analysis may be rather subjective, because previously we haven’t evaluated the error density of these projects. We’ll try to do that in the future, so that we can later compare the result of the checks.
Kate Milovidova 22 july 2016, 12:36

The PVS-Studio team have written an interesting article about the ways in which you might shoot yourself in the foot working with serialization, code examples, where the main pitfalls are, and also about the way static code analyzer can help you avoid getting into trouble.

This article will be especially useful to those who are only starting to familiarize themselves with the serialization mechanism. More experienced programmers may also learn something interesting, or just be reassured that even professionals make mistakes.

However, it is assumed that the reader is already somewhat familiar with the serialization mechanism.

We should understand that the statements described in the article are relevant for some serializers, for example — BinaryFormatter and SoapFormatter; for others, which are manually written serializers, the behavior can be different. For example, the absence of the attribute [Serializable] for the class may not prevent serialization and deserialize it with a custom serializer.

Briefly summarizing all the information, we can formulate several tips and rules:

- Annotate the types, implementing the ISerializable interface with the [Serializable] attribute.
- Make sure that all members annotated by the [Serializable] attribute get correctly serialized;
- Implementing the ISerializable interface, don't forget to implement the serialization constructor (Ctor(SerializationInfo, StreamingContext));
- In the sealed types, set the access modifier private for a serialization constructor, in the unsealed — protected;
- In the unsealed types implementing the ISerializable interface, make the GetObjectData method virtual;
- Check that in the GetObjectData all the necessary members get serialized, including members of the base class if there are such.

We hope you will learn something new from this article, and will become a expert in the sphere of serialization. Sticking to the rules and following the tips that we have given above, you will save time debugging the program, and make life easier for yourself, and other developers working with your classes. PVS-Studio analyzer will also be of great help, allowing you to detect such errors right after they appear in your code.

Read more article you can find the link: http://www.viva64.com/en/b/0409/
Kate Milovidova 5 july 2016, 7:57

Nowadays a lot of projects are opening their source code and letting those who are interested in the development of it edit the code. OpenJDK is no exception, programmers PVS-Studio have found a lot of interesting errors that are worth paying attention to.

OpenJDK (Open Java Development Kit) - a project for the creation and implementation of Java (Java SE) platform, which is now free and open source. The project was started in 2006, by the Sun company. The project uses multiple languages- C, C++, and Java. We are interested in the source code written in C and C++. Let's take the 9th version of OpenJDK. The code of this implementation of Java platform is available at the Mercurial repository.

During verification, the analyzer found different errors in the project including: copy-paste, bugs in the operation precedence, errors in logical expressions and in pointer handling and other bugs, which are described in detail in this article.

It's always amusing to check a project which is used and maintained by a large number of people. The better and more accurate the code is, the more safely and effectively the program will work. Those bugs we found, are another proof of the usefulness of an analyzer, as it allows the detection of such errors which would otherwise be hard to detect doing simple code review.
Kate Milovidova 17 june 2016, 9:00

Roslyn is a platform which provides the developer with powerful tools to parse and analyze code. It's not enough just to have these tools, you should also understand what they are needed for.

The article can be divided into 2 logical parts:

General information about Roslyn. An overview of tools provided by Roslyn for parsing and analyzing the code. We provide a description of entities and interfaces, as well as the point of view of a static analyzer developer.

Peculiarities that should be taken into account during the development of static analyzers. Description of how to use Roslyn to develop products of this class; what should be considered when developing diagnostic rules; how to write them; an example of a diagnostic.

This article is intended to answer these questions. Besides this, you will find details about the static analyzer development which uses Roslyn API.

More: Introduction to Roslyn and its use in program development
Kate Milovidova 19 may 2016, 12:59

Here is a small e-Book for your attention: The Ultimate Question of Programming, Refactoring, and Everything. This book is intended for C/C++ programmers, but it could be of interest for developers using other languages as well.

What makes the book peculiar is the descriptions of real, not theoretical cases at the base of it. Each chapter starts with a code fragment taken from a real application, and then the author gives various tips of how this bug could be avoided. The questions touched upon in this book can help the readers improve the personal coding style and the coding standards used in the team.

The book covers 42 topics. In spite of the simple titles of the chapters, the bugs found are really various and non-standard. In addition to that, the text provides a lot of links to interesting materials that give more details on topics. To make more use of this book, please don’t hurry and go to the links provided.
Content:

1. Don't do the compiler's job
2. Larger than 0 does not mean 1
3. Copy once, check twice
4. Beware of the ?: operator and enclose it in parentheses
5. Use available tools to analyze your code
6. Check all the fragments where a pointer is explicitly cast to integer types
7. Do not call the alloca() function inside loops
8. Remember that an exception in the destructor is dangerous.
9. Use the '\0' literal for the terminal null character
10. Avoid using multiple small #ifdef blocks
11. Don't try to squeeze as many operations as possible in one line
12. When using Copy-Paste, be especially careful with the last lines
13. Table-style formatting
14. A good compiler and coding style aren't always enough
15. Start using enum class in your code, if possible
16. "Look what I can do!" - Unacceptable in programming
17. Use dedicated functions to clear private data
18. The knowledge you have, working with one language isn't always applicable to another language
19. How to properly call one constructor from another
20. The End-of-file (EOF) check may not be enough
21. Check that the end-of-file character is reached correctly (EOF)
22. Do not use #pragma warning(default:X)
23. Evaluate the string literal length automatically
24. Override and final identifiers should become your new friends.
25. Do not compare 'this' to nullptr anymore
26. Insidious VARIANT_BOOL
27. Guileful BSTR strings
28. Avoid using a macro if you can use a simple function
29. Use a prefix increment operator (++i) in iterators instead of a postfix (i++) operator
30. Visual C++ and wprintf() function
31. In C and C++ arrays are not passed by value
32. Dangerous printf
33. Never dereference null pointers
34. Undefined behavior is closer than you think
35. Adding a new constant to enum don't forget to correct switch operators
36. If something strange is happening to your PC, check its memory.
37. Beware of the 'continue' operator inside do {...} while (...)
38. Use nullptr instead of NULL from now on
39. Why incorrect code works
40. Start using static code analysis
41. Avoid adding a new library to the project.
42. Don't use function names with "empty"

For those, who find reading PDF format more convenient: https://yadi.sk/i/zKHIOS84r87nk
Kate Milovidova 11 may 2016, 6:52

Now everyone can post their articles!, just register and push "add"
Your welcome ;)
Tags: articles
kleop 4 april 2016, 15:52

Microsoft Dynamics CRM – An Overview

Microsoft Dynamics CRM is a complete CRM software suite that covers all areas of customer service including sales and marketing. MS-Officeand Outlook are some of the commonly used office applications for word processing and emailing.

With MS Dynamics CRM software, customer data can easily be pulled in these office applications and you can even work within the familiar background of Microsoft Office or Outlook. The support for mobile devices and data access on the go, make life easier for sales and marketing executives.

The flexibility and comprehensiveness of Microsoft Dynamics CRM suite make it a popular CRM application development framework worldwide. Minimal configuration, familiar application environment, rich functionality, and a variety of deployment options are some of the features that ensure great ease of use and customization.
ethanmillar 4 april 2016, 7:41

When you bought the Windows Phone then your expectations are very high from it. It is a very different platform from android and iOS. Working on windows phone is very exciting for every new user.

But it is very disappointing if you don’t know how to use the windows phone. Using windows phone is much different from android and iOS. Functioning of Windows phone is very different.

Every user wants to take snapshot from their phone. Camera is available in the phone but it is used to take picture of outside activities. If you want to take picture of things inside your phone or wants to take picture of layouts inside your phone then snapshot is the only and easy way.
Pooja Solanki 8 december 2015, 10:07

CppCat is a static code analyzer integrating into the Visual Studio 2010-2013 environment. The analyzer is designed for regular use and allows detecting a large number of various errors and typos in programs written in C and C++. For the purpose of popularizing it, we've decided to launch a student-support program granting free licenses to every higher school student who will contact and ask us about that. You just need to send us a photo of your student card or transcript.
Andrey2008 21 november 2014, 14:24



The authors of the PVS-Studio analyzer invite you to test your attentiveness.

Code analyzers never get tired and can find errors a human's eye cannot easily notice. We have picked a few code fragments with errors revealed by PVS-Studio, all the fragments taken from well-known open-source projects.

We invite you to take part in a competition against code analyzers to test your agility by trying to find the errors by yourself. You will be offered 15 randomly selected tasks. Every correct answer earns you one score if you give it within 60 seconds. The code fragments are short and 60 seconds is a fair limit.

Let's examine a couple of examples with errors for you to understand how to give the answer.

Andrey2008 18 september 2014, 16:15
1 2 3 4 5 ...