Providers of the Russian Federation, for the most part, use the systems of deep traffic analysis (DPI, Deep Packet Inspection) to block sites included in the register of banned. There is no single standard for DPI, there is a large number of implementations from different DPI providers that differ in the type of connection and type of work.
There are two common types of DPI connection: passive and active.
Passive DPIPassive DPI-DPI connected to the provider network in parallel (not in the section) either through a passive optical splitter or using the mirroring of user traffic. This connection does not slow down the speed of the network provider in the case of insufficient DPI performance, which is why it is used by large providers. DPI with this type of connection can technically only detect an attempt to query for prohibited content, but not to suppress it. To circumvent this restriction and block access to the denied site, DPI sends a specially crafted HTTP packet to the user requesting the blocked URL, redirecting to the stub page of the provider, as if the requested resource itself had been sent by the user (the IP address of the sender and the TCP sequence are forged). Because the DPI is physically located closer to the user than the requested site, the forged response reaches the user's device faster than the real response from the site.
The Unreal Engine project continues to develop - new code is added, and previously written code is changed. The inevitable consequence of the development in a project? The emergence of new bugs in the code that a programmer wants to identify as early as possible. One of the ways to reduce the number of errors is the use of the static analyzer, 'PVS-Studio'. If you care about code quality, this article is for you.
Although, we did it (https://www.unrealengine.com/blog/how-pvs-studio-team-improved-unreal-engines-code) two years ago, since that time we got more work to do regards code editing and improvement. It is always useful and interesting to look at the project code base after a two-year break. There are several reasons for this.
First, we were interested to look at false positives from the analyzer. This work helped us improve our tool as well, which would reduce the number of unnecessary messages. Fighting false positives is a constant task for any developer of code analyzers.
The codebase of Unreal Engine has significantly changed over the two years. Some fragments were added, some were removed, sometimes entire folders disappeared. That's why not all the parts of the code got sufficient attention, which means that there is some work for PVS-Studio.
The fact that the company uses static analysis tools shows the maturity of the project development cycle, and the care given to ensuring the reliability and safety of the code.
We won't be talking about all the errors that we found and fixed, We will highlight only those that deserve attention, to our mind.
Read more - https://www.unrealengine.com/en-US/blog/static-analysis-as-part-of-the-process
P.S. Those who are willing, may take a look at other errors in the pull request on Github. To access the source code, and a specified pull request, you must have access to the Unreal Engine repository on GitHub. To do this, you must have accounts on GitHub and EpicGames, which must be linked on the website unrealengine.com. After that, you need to accept the invitation to join the Epic Games community on GitHub.Instruction (https://www.unrealengine.com/ue4-on-github).
IT conferences and meetings on programming languages see a growing number of speakers talking about static code analysis. Although this field is quite specific, there is still a number of interesting discussions to be found here to help programmers understand the methods, ways of use, and specifics of static code analysis. In this article, we have collected a number of videos on static analysis whose easy style of presentation makes them useful and interesting to a wide audience of both skilled and novice programmers.
What is Static Analysis?
A development team, working on a static analyzer, has already checked a game engine under Windows. In this check we used a Linux version and the result showed that there were a large number of serious errors. The article covers only the general analysis warnings and only “High” level of severity (there are also Medium and Low levels).
In this article we'll look at the main features of SonarQube - a platform for continuous analysis and measurement of code quality, and we'll also discuss advantages of the methods for code quality evaluation based on the SonarQube metrics.
SonarQube is an open source platform, designed for continuous analysis and measurement of code quality. SonarQube provides the following capabilities:
One of the main problems with C++ is having a huge number of constructions whose behavior is undefined, or is just unexpected for a programmer. We often come across them when using our static analyzer on various projects. But, as we all know, the best thing is to detect errors at the compilation stage. Let's see which techniques in modern C++ help writing not only simple and clear code, but make it safer and more reliable.
What is Modern C++?
The term Modern C++ became very popular after the release of C++11. What does it mean? First of all, Modern C++ is a set of patterns and idioms that are designed to eliminate the downsides of good old "C with classes", that so many C++ programmers are used to, especially if they started programming in C. C++11 looks way more concise and understandable, which is very important.
The PVS-Studio team have written an interesting article about the ways in which you might shoot yourself in the foot working with serialization, code examples, where the main pitfalls are, and also about the way static code analyzer can help you avoid getting into trouble.
This article will be especially useful to those who are only starting to familiarize themselves with the serialization mechanism. More experienced programmers may also learn something interesting, or just be reassured that even professionals make mistakes.
However, it is assumed that the reader is already somewhat familiar with the serialization mechanism.
Roslyn is a platform which provides the developer with powerful tools to parse and analyze code. It's not enough just to have these tools, you should also understand what they are needed for.
The article can be divided into 2 logical parts:
General information about Roslyn. An overview of tools provided by Roslyn for parsing and analyzing the code. We provide a description of entities and interfaces, as well as the point of view of a static analyzer developer.
Peculiarities that should be taken into account during the development of static analyzers. Description of how to use Roslyn to develop products of this class; what should be considered when developing diagnostic rules; how to write them; an example of a diagnostic.
This article is intended to answer these questions. Besides this, you will find details about the static analyzer development which uses Roslyn API.
More: Introduction to Roslyn and its use in program development
Now everyone can post their articles!, just register and push "add"
Your welcome ;)
There are 3 types of lies: Lies, damned lies, and statisticsStatistics, infographics, data analysis and data science – who isn’t doing it right now. Everyone knows how to do it right, just left for someone to write how you SHOULDN’T do it. In the article we’ll try to fix it.
(Hazen Robert "Curve fitting". 1978, Science.)
- Sampling Bias
- Well-chosen average
- 10 more failed experiments of which we haven’t written yet
- Playing with scale
- Selecting 100%
- Hiding main numbers
- Visual metaphor
- Example of qualitative visualization
- Conclusion and what to read next