MuditaOS analysis: part 1 (February 2022), part 2 (February 2022).The following links lead to articles with detailed description of defects we found in projects. Here is a list of projects that we checked so far. This list shows what kind of defects were detected in projects.ĭo you want to offer us a project for analysis? Create a pull request on GitHub. We keep all the errors found and add them into our bug list. we show the PVS-Studio analyzer's capabilities with practical examples.Learning from other people's mistakes helps avoid our own failures - forewarned is forearmed Let's not forget about the educational aspect here. readers of the articles find out about the quality of software they use.Bug fixing may enhance the project's code quality projects' authors get the analysis results from us and learn about the errors.Here are the pros of finding bugs in various projects: LightScopeHelperClasses.The PVS-Studio team finds errors in open-source projects and describes them in articles. V3001 There are identical sub-expressions 'SK = SymKind.field' to the left and to the right of the '||' operator. It's hard to say how to fix this error, since the TypeFactory class has a lot of fields. I think it's quite difficult for a person to notice problems in such code. In the original version the if expression was written in one line. Here the developer compares the same value with the TypeFactory.ObjectType value. & (piled_type = TypeFactory.ObjectType || NETGenerator.cs 8518 private void AssignToDereferenceNode(.) V3001 There are identical sub-expressions 'piled_type = TypeFactory.ObjectType' to the left and to the right of the '||' operator. In the original version the entire return expression is written in one line. Note that the code was formatted for readability. If we look at the declaration of the PlatformTarget enumeration, we can assume that the code should look like this: bool IsDotnet5()Ĭ5macos In this code fragment the developer re-compares the IsDotnet5() method with the value of enumeration 5linux. Public enum PlatformTarget Ĭ5win ||Ĭ5linux ||Ĭ5linux NETGenerator.cs 461 public class CompilerOptions V3001 There are identical sub-expressions to the left and to the right of the '||' operator. People don't always have it due to fatigue and other reasons. Besides, such errors show an important advantage of static analysis tools: constant attention to detail. This means PVS-Studio will definitely have a job to do. Unbelievable, but developers make such errors over and over again. Let's start with classic - copy-paste errors. Despite this, when re-checking the project, we managed to find some new and interesting errors. This was an additional problem, since I had to exclude old errors from the report. However, only developers can fix those errors. After publishing an article, we always send bug reports to the developers. Unfortunately, many errors found in 2017 were never fixed. This is important when you work with such large projects. Don't forget about our new feature " Best Warnings" which immediately shows the most interesting errors. By the way, you can easily request the PVS-Studio trial version. Please take this fact into account if you're going to check the source of PascalABC.NET yourself. Note that while I was writing the article the code may have changed. A developing project means that old errors are fixed, and the new ones appear.įor analysis, I took the source code from GitHub from. This was an additional motivation to write this article. Good news - it's no point in re-checking the "abandoned" project. The latest version 3.8.1 was released in August 2021. You can visit the project's website to read the description and see that the project is developing. PascalABC.NET is a modern implementation of the Pascal language on. ![]() After that I was considering the idea of re-checking the project, but I didn't have time for that. Of course, we never planned that, it was a coincidence. It looked like we did it on purpose: wrote an article about errors found in their project and went to the conference to discuss those errors with the developers. Right after we published " Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio", we accidentally crossed paths with the developers at one conference. I have an interesting story about PascalABC.NET. Let's see what errors we can find today, especially when our analyzer has become more advanced and got new features: it can find more exquisite errors and potential vulnerabilities. Today, we analyze this project with the latest version of the PVS-Studio analyzer for C#. We used two static analysis tools (more precisely, plugins for SonarQube): SonarC# and PVS-Studio. In 2017, we already found errors in this project. Welcome all fans of clean code! Today we analyze the PascalABC.NET project.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |