If you regularly use a static code analyzer, you can save time on guessing why the new code doesn't work as planned. Let's look at another interesting error — the function broke during refa…

This is the second part in a series of articles checking the MuditaOS operating system. In this article, we cover the bottlenecks of the project that are worth refactoring. The PVS-Studio s…

Millions of people use web applications based on ASP.NET Core. This is why we enhanced the mechanics of how PVS-Studio analyzes such projects. How does PVS-Studio work now? Let′s see! We ch…

Developers like graphics engines because they are easy to work with. The PVS-Studio team likes graphics engines because we often find interesting code fragments. One of our readers asked us…

Some believe that experienced developers do not make silly errors. Comparison errors? Dereferencing null references? Bet you think: No, it's definitely not about me... ;) By the way, what a…

GUI frameworks are becoming increasingly popular: new ones appear, and old ones get a new life. At PVS-Studio, we are watching this trend very closely. Today we′ll examine suspicious code fragments...

Videos that analyze errors in software projects are an excellent opportunity to practice coding and learn from other people's mistakes. This time we'll analyze the .NET 6 source code.

00:00 Intro
00:36 A few words about the check
01:25 Missed interpolation…

Barotrauma is an indie game where you can steer a submarine, hide from monsters, and even play the accordion to save your ship from going down. The Barotrauma project is developed by Undert…

In this video, you'll learn how to install and set up the PVS-Studio plugin for JetBrains Rider and how to run the analysis.

00:00 Intro
00:32 Why do you need PVS-Studio if Rider provides static code analysis?
01:02 Installing the Rider plugin
01:31 Installing…

Toyota ITC Benchmark is a synthetic test set for C and C++. It consists of approximately 650 examples, and it's designed for testing code analyzers. This article is an answer to the questio…

Unity is one of the most popular game engines. It helps create many excellent cross-platform projects. It's been 4 years since the last time we checked Unity's source code. Time has come ag…

Researchers from the University of Cambridge described a technique that allows inserting invisible adversarial code in the reviewed source texts. The attack (CVE-2021-42574) is called Trojan Source...

Meet the latest PVS-Studio release — 7.18. This article will tell you about how we improved the analysis of modern C++, the search of security defects from the OWASP Top 10 list, and a new …

We present a new type of attack in which source code is maliciously encoded so that it appears different to a compiler and to the human eye. This attack exploits subtleties in text-encoding…

The PVS-Studio static analyzer encompasses the symbolic execution mechanism. And today we have a great opportunity to demonstrate how this feature helps find errors.

Vulnerabilities produce enormous reputational and financial risks. That′s why many companies are fascinated by security and desire to build a secure development life cycle (SSDLC). So, toda…

Some developers may be dismissive of checks: they deliberately do not check whether the malloc function allocated memory or not. Their reasoning is simple — they think that there will be enough...

Use static analysis regularly, not just before releases... The earlier you find errors, the cheaper they are to fix... You probably heard this a hundred times. Today we'll answer the Why? q…

The PVS-Studio static analyzer is constantly evolving. We enhance various mechanisms, integrate the analyzer with game engines, IDEs, CI/CD instruments, and other systems and services. A fe…

Related variables are one of the main problems of static analysis. This article covers this topic and describes how PVS-Studio developers are fighting false positives caused by different re…