PVS-Studio static analyzer team, which until recently was searching for bugs and potential vulnerabilities only in C, C++, and C# code, has prepared a new version of their tool for Java code as well. Despite the fact that in the Java world there is already a number of static analysis tools, developers believe that their analyzer can be powerful and will be a good competition.
One of developers wrote in his article about the way how PVS-Studio for Java was created. First of all, it was necessary to figure out the development process of a syntax tree and semantic model. As these elements are basic, static analyzer is built around them. In addition to them, the analyzer also requires data flow analysis, which enables you to calculate the possible values of variables and expressions in each point of the program and, thanks to that, find errors. Also the analyzer needs the annotation mechanism, diagnostic rules, integration, testing, and other techniques, explained in detail in the article.
Traditionally, the author gave examples of errors from different open source projects, that the Java analyzer has detected. The author also noted that in the future articles with a more detailed report on each project will be available. So far you can review errors from the Hibernate, Hive, JavaParser, Jenkins projects and several others.
Besides that, when the first alpha version of the Java analyzer is available, developers suggest participating in its testing for those who would like to. To do this, write to their support and they will contact you.
Full article - https://www.viva64.com/en/b/0572/
If you are a software developer working in the video game industry and wondering what else you could do to improve the quality of your product or make the development process easier and you don’t use static analysis – it’s just the right time to start doing so. You doubt that? OK, I’ll try to convince you. And if you are just looking to see what coding mistakes are common with video-game and game-engine developers, then you’re, again, at the right place: I have picked the most interesting ones for you.
One of the best ways to prove that static analysis is a useful method is probably through examples showing it in action. That’s what the PVS-Studio team does while checking open-source projects. After publishing of various articles, we compiled our top-10 mistakes from the program code in the video-game industry, and now we suggest you read this article - https://www.viva64.com/en/b/0570/
List of projects considered in the article:
- X-Ray Engine
- CryEngine V
- Space Engineers
- Quake III Arena GPL
- Doom 3
- Unreal Engine 4
Although video-game development includes a lot of steps, coding remains one of the basic ones. Even if you don’t write thousands of code lines, you have to use various tools whose quality determines how comfortable the process is and what the ultimate result will be. Static analysis is a very useful tool when developing, and one more option to help you improve the quality of your code (and thus of the final product).
Software bugs can lead not only to material losses, but also can damage human's health. For example, actors on the stage of a theatre can get injured if suddenly one of the scenery begins to go down on the stage at the wrong time. However, the connection between the errors in code and the health damage of medical software is more obvious. Let's talk about this topic.
This article focuses on the teams of developers who create the programs for a medical equipment. I hope they will not stay indifferent and will check their code. Let's recall two famous cases where errors in programs, related to medicine, became the reason for bad news.
Firstly, it is a series of tragic events caused by the errors in the Therac-25 device of radiation therapy. This device has caused at least six overdoses of radiation within the period from June 1985 to January 1987, some patients received doses of tens of thousands of rad. At least two people died directly from the radiation overdoses. Software bugs of the device were the reason of the tragedies and the main problem was the incorrect security strategy.
Firebird, MySQL, and PostgreSQL are probably the most famous representatives of DBMS. Naturally, these projects often are compared with each other - by functionality, usability, etc. We have decided to perform our own code quality comparison of these projects.
The article gives a review of bugs, detected using PVS-Studio static code analyzer. A 'direct' approach of comparing by the number of warnings in this case is badly applicable, so you have to find other ways to compare. For example, you can analyze projects for potential vulnerabilities, as well as to see which of the most interesting errors will be found. By undertaking such a review, you can estimate, which code is better, and find out who will emerge victorious from this battle.
Read more - https://www.viva64.com/en/b/0542/
Honestly I warn: take this text with a certain amount of skepticism. I just recently started to get acquainted with the internals of PHP, but I would like to tell you about what is happening behind the scenes bug # 75237 .
Is the rabbit hole deep?
How many minutes do you need to understand what the chip is?
Francis Bacon in 1620 divided the sources of human error in the way of cognition into four groups, which he called "ghosts" or "idols" (Latin idola).
"Ghosts of the genus" stem from human nature itself, they do not depend on either culture or individuality of a person. "The human mind is like an uneven mirror, which, mixing the nature of things, reflects things in a distorted and disfigured form."
The inspiration for writing this article was obtained after reading a similar publication for the x86 architecture .
This material will help those who want to understand how the programs are built from the inside, what happens before entering the main and why all this is done. Also I'll show you how to use some of the features of the glibc library. And in the end, as in the original article , the traversed path will be visually represented. Most of the article is a parsing of the glibc library.
So, let's start our trip. We will use Linux x86-64, and as a debugging tool - lldb. Also sometimes we will disassemble the program with objdump.
The source text is normal Hello, world (hello.cpp):
std::cout << "Hello, world!" << std::endl;
Something is happening. People are unhappy. The specter of civil unrest is pursued by our programming communities.
For the first time a significant number of web developers openly question the web platform. Here is a typical article and discussion of . I could list more, but if you are sufficiently interested in programming to read this article, you probably already read this year at least one pompous recitation about the current state of web development. This article is not one of those. I can not compete in bullying the existing status quo with people who have to deal with web development every day. This is another article.
It's you, the front end hacker
Slightly less than the fastest, portable, 64-bit hash function, with decent quality.
Yes, in the air and in the king, about like that. Read on?
Instead of Disclaimer We drop the definition of hash functions along with a detailed listing of properties and requirements for their cryptographic application, assuming that the reader either owns the necessary knowledge minimums, or will make up for them . Also we agree that here and further we mean non-cryptographic (cryptographically non-persistent) hash functions, unless otherwise specified.
In fact, it's been two days already, but no one has yet written an article on Habr, so I will have to eliminate this omission, which I do with pleasure.
So, what's new in this version of PostgreSQL?
First, the versioning itself has changed. Prior to the "dozens", we observed a lot of minor versions of 9.x that came out about once a year and at the same time introduced serious, far from minor changes. Therefore, since version 10, it has been decided to number 10, 11, 12, etc. By the way, MySQL seems to have gone the same way, jumped from 5.7 to 8.0
Okay, it's all trivia, let's move on to the essence of the question