A year after writing the article about checking Tizen, developers of the PVS-Studio static analyzer checked the quality of the operating system code again, this time demonstrating the abilities of their product to detect errors and potential security vulnerabilities in the Android code.

Despite the fact that the Android code is of high quality and is well tested, and its development includes at least the use of Coverity static analyzer, PVS-Studio still managed to find a lot of interesting defects. Some errors are classified as CWE (Common Weakness Enumeration), which for a certain coincidence of circumstances can be used as vulnerability (CVE). That is why, if you want to protect your code from security vulnerabilities, you should find as many bugs as described in CWE and eliminate them.

According to developers, PVS-Studio is a tool for static application security testing (SAST) and can detect many potential vulnerabilities before they caused harm. This article describes examples of errors by the following categories:

- Pointless comparisons
- Null pointer dereference
- Private data is not cleared in memory
- Unspecified/implementation-defined behavior
- Incorrect memory control
- Array index out of bounds
- Broken loops
and so on.

Thus, 490 CWE per 1855000 lines of code have been detected or more than 1 vulnerability per 4000 lines.

Development of large complex projects is impossible without the use of programming methodologies and tools to help monitor the quality of the code. First of all, this is a literate coding standard, code reviews, unit tests, static and dynamic code analyzers. All this helps to detect defects in code at the earliest stages of development. Use additional programs and methods to control the quality of your code and make your product secure!

Source - https://www.viva64.com/en/b/0579/
Kate Milovidova 3 august 2018, 13:59

image

PVS-Studio static analyzer team, which until recently was searching for bugs and potential vulnerabilities only in C, C++, and C# code, has prepared a new version of their tool for Java code as well. Despite the fact that in the Java world there is already a number of static analysis tools, developers believe that their analyzer can be powerful and will be a good competition.

One of developers wrote in his article about the way how PVS-Studio for Java was created. First of all, it was necessary to figure out the development process of a syntax tree and semantic model. As these elements are basic, static analyzer is built around them. In addition to them, the analyzer also requires data flow analysis, which enables you to calculate the possible values of variables and expressions in each point of the program and, thanks to that, find errors. Also the analyzer needs the annotation mechanism, diagnostic rules, integration, testing, and other techniques, explained in detail in the article.

Traditionally, the author gave examples of errors from different open source projects, that the Java analyzer has detected. The author also noted that in the future articles with a more detailed report on each project will be available. So far you can review errors from the Hibernate, Hive, JavaParser, Jenkins projects and several others.

Besides that, when the first alpha version of the Java analyzer is available, developers suggest participating in its testing for those who would like to. To do this, write to their support and they will contact you.

Full article - https://www.viva64.com/en/b/0572/
Kate Milovidova 21 june 2018, 14:33

If you are a software developer working in the video game industry and wondering what else you could do to improve the quality of your product or make the development process easier and you don’t use static analysis – it’s just the right time to start doing so. You doubt that? OK, I’ll try to convince you. And if you are just looking to see what coding mistakes are common with video-game and game-engine developers, then you’re, again, at the right place: I have picked the most interesting ones for you.

image

One of the best ways to prove that static analysis is a useful method is probably through examples showing it in action. That’s what the PVS-Studio team does while checking open-source projects. After publishing of various articles, we compiled our top-10 mistakes from the program code in the video-game industry, and now we suggest you read this article - https://www.viva64.com/en/b/0570/

List of projects considered in the article:
  • X-Ray Engine
  • CryEngine V
  • Space Engineers
  • Quake III Arena GPL
  • Unity
  • Godot
  • Doom 3
  • Xenko
  • Unreal Engine 4

Although video-game development includes a lot of steps, coding remains one of the basic ones. Even if you don’t write thousands of code lines, you have to use various tools whose quality determines how comfortable the process is and what the ultimate result will be. Static analysis is a very useful tool when developing, and one more option to help you improve the quality of your code (and thus of the final product).
Kate Milovidova 4 may 2018, 13:35

Software bugs can lead not only to material losses, but also can damage human's health. For example, actors on the stage of a theatre can get injured if suddenly one of the scenery begins to go down on the stage at the wrong time. However, the connection between the errors in code and the health damage of medical software is more obvious. Let's talk about this topic.

This article focuses on the teams of developers who create the programs for a medical equipment. I hope they will not stay indifferent and will check their code. Let's recall two famous cases where errors in programs, related to medicine, became the reason for bad news.

image

Firstly, it is a series of tragic events caused by the errors in the Therac-25 device of radiation therapy. This device has caused at least six overdoses of radiation within the period from June 1985 to January 1987, some patients received doses of tens of thousands of rad. At least two people died directly from the radiation overdoses. Software bugs of the device were the reason of the tragedies and the main problem was the incorrect security strategy.
Kate Milovidova 21 march 2018, 7:28

PVS-Studio is a static code analyzer detecting errors and potential vulnerabilities in the code of applications written in C, C++, and C#. We've been entertaining the readers of our blog for a long time by checking various open-source projects and commenting on the bugs found. Now our articles have every chance to become even more interesting because PVS-Studio can now check the code of embedded devices. We have added support for a few ARM compilers, which I talk about in detail below. Bugs in embedded devices and robots could be more of a spectacle than bugs in regular applications. When showing up in such devices, bugs don't simply cause a program to crash or hang, or display an image incorrectly; they make Wi-Fi kettles go mad and boil the water until it's all gone and the thermostat trips. That is, bugs tend to be more interesting and creepy in the world of embedded systems.

image
Kate Milovidova 5 march 2018, 7:42

Many programmers know firsthand that C and C++ program builds very long. Someone solves this problem by sword-fighting at build time, someone is going to the kitchen to "grab some coffee". This article is for those who are tired of this, and who decided it is time to do something about it. In this article, various ways of speeding up compilation time of a project are regarded, as well as treatment of a disease "fixed one header - a half of a project was rebuilt."

image
Kate Milovidova 25 december 2017, 14:07

image

Firebird, MySQL, and PostgreSQL are probably the most famous representatives of DBMS. Naturally, these projects often are compared with each other - by functionality, usability, etc. We have decided to perform our own code quality comparison of these projects.

The article gives a review of bugs, detected using PVS-Studio static code analyzer. A 'direct' approach of comparing by the number of warnings in this case is badly applicable, so you have to find other ways to compare. For example, you can analyze projects for potential vulnerabilities, as well as to see which of the most interesting errors will be found. By undertaking such a review, you can estimate, which code is better, and find out who will emerge victorious from this battle.

Read more - https://www.viva64.com/en/b/0542/
Kate Milovidova 30 november 2017, 13:10

C++ language is constantly evolving, and for us, as for developers of a static analyzer, it is important to track all its changes, in order to support all new features of the language. In this review article, I would like to share with the reader the most interesting innovations introduced in C++17, and demonstrate them with examples.

image

Now, developers of compilers are actively adding support for the new standard.

Fold expressions

I would like to start with a few words about what a fold is (also known as reduce or accumulate).
Fold is a function that applies the assigned combining function to sequential pairs of elements in a list, and returns a result. The simplest example is the summing up of elements in the list using a fold:

Example from C++:


std::vector<int> lst = { 1, 3, 5, 7 };
int res = std::accumulate(lst.begin(), lst.end(), 0,
[](int a, int b) { return a + b; });
std::cout << res << '\n'; // 16

If the combining function is applied to the first item in a list and to the result of the recursive processing of the tail of a list, then the fold is called 'right'. In our example, we will get:

1 + (3 + (5 + (7 + 0)))
If the combining function is applied to the result of the recursive processing at the top of the list (the entire list without the last element) and to the last element, then a folding is called 'left'. In our example, we will get:

(((0 + 1) + 3) + 5) + 7
Thus, the fold type determines the order of evaluation.

In C++17 there is also folding support for a template parameters list. It has the following syntax:
(pack op ...) A unary right associative fold
(... op pack) A unary left associative fold
(pack op ... op init) A binary right associative fold
(init op ... op pack) A binary left associative fold

op is one of the following binary operators:


+ - * / % ^ & | ~ = < > << >> += -= *= /= %=
^= &= |= <<= >>= == != <= >= && || , .* ->*

pack is an expression containing an undisclosed parameter pack

init - initial value

For example, here's a template function that takes a variable number of parameters and
calculates their sum:


// C++17
#include <iostream>

template<typename... Args>
auto Sum(Args... args)
{
return (args + ...);
}

int main()
{
std::cout << Sum(1, 2, 3, 4, 5) << '\n'; // 15
return 0;
}

Note: In this example, the Sum function could be also declared as constexpr.
If we want to specify an initial value, we can use binary fold:


// C++17
#include <iostream>

template<typename... Args>
auto Func(Args... args)
{
return (args + ... + 100);
}

int main()
{
std::cout << Func(1, 2, 3, 4, 5) << '\n'; //115
return 0;
}

Before C++17, to implement a similar function, you would have to explicitly specify the rules for recursion:


// C++14
#include <iostream>

auto Sum()
{
return 0;
}

template<typename Arg, typename... Args>
auto Sum(Arg first, Args... rest)
{
return first + Sum(rest...);
}

int main()
{
std::cout << Sum(1, 2, 3, 4); // 10
return 0;
}

It is worth highlighting the operator ',' (comma), which will expand the pack into a sequence of actions separated by commas. Example:


// C++17
#include <iostream>

template<typename T, typename... Args>
void PushToVector(std::vector<T>& v, Args&&... args)
{
(v.push_back(std::forward<Args>(args)), ...);

//This code is expanded into a sequence of expressions
//separated by commas as follows:
//v.push_back(std::forward<Args_1>(arg1)),
//v.push_back(std::forward<Args_2>(arg2)),
//....
}

int main()
{
std::vector<int> vct;
PushToVector(vct, 1, 4, 5, 8);
return 0;
}

Thus, folding greatly simplifies work with variadic templates.
Kate Milovidova 13 october 2017, 14:23

The Unreal Engine project continues to develop - new code is added, and previously written code is changed. The inevitable consequence of the development in a project? The emergence of new bugs in the code that a programmer wants to identify as early as possible. One of the ways to reduce the number of errors is the use of the static analyzer, 'PVS-Studio'. If you care about code quality, this article is for you.

image

Although, we did it (https://www.unrealengine.com/blog/how-pvs-studio-team-improved-unreal-engines-code) two years ago, since that time we got more work to do regards code editing and improvement. It is always useful and interesting to look at the project code base after a two-year break. There are several reasons for this.

First, we were interested to look at false positives from the analyzer. This work helped us improve our tool as well, which would reduce the number of unnecessary messages. Fighting false positives is a constant task for any developer of code analyzers.

The codebase of Unreal Engine has significantly changed over the two years. Some fragments were added, some were removed, sometimes entire folders disappeared. That's why not all the parts of the code got sufficient attention, which means that there is some work for PVS-Studio.

The fact that the company uses static analysis tools shows the maturity of the project development cycle, and the care given to ensuring the reliability and safety of the code.

We won't be talking about all the errors that we found and fixed, We will highlight only those that deserve attention, to our mind.

Read more - https://www.unrealengine.com/en-US/blog/static-analysis-as-part-of-the-process

P.S. Those who are willing, may take a look at other errors in the pull request on Github. To access the source code, and a specified pull request, you must have access to the Unreal Engine repository on GitHub. To do this, you must have accounts on GitHub and EpicGames, which must be linked on the website unrealengine.com. After that, you need to accept the invitation to join the Epic Games community on GitHub.Instruction (https://www.unrealengine.com/ue4-on-github).
Kate Milovidova 27 june 2017, 12:50

IT conferences and meetings on programming languages see a growing number of speakers talking about static code analysis. Although this field is quite specific, there is still a number of interesting discussions to be found here to help programmers understand the methods, ways of use, and specifics of static code analysis. In this article, we have collected a number of videos on static analysis whose easy style of presentation makes them useful and interesting to a wide audience of both skilled and novice programmers.

What is Static Analysis?
image
Kate Milovidova 26 april 2017, 8:24
1 2