Showing abilities of PVS-Studio analyzer by examples of Microsoft open-source projects
Microsoft gradually started to open the code of some projects. Our team is very happy about this. We support the view that Microsoft Company has really high-quality code. What's more, Microsoft developers are already using static code analyzers. That's why finding bugs in their code is a great way to demonstrate the abilities of the analyzer.
This article is out of date. An updatable list of articles about the projects we have checked is here.
Those, who already know, what PVS-Studio is, may just skip this part.
PVS-Studio is a tool for bug detection in the source code of programs, written in C, C++ and C#. PVS-Studio performs static code analysis and generates a report that helps a programmer find and fix bugs. PVS-Studio performs a wide range of code checks, it is especially useful to search for misprints and Copy-Paste errors.
I am quite sure that there is no point in writing nice marketing catchwords about PVS-Studio. They are of no interest to programmers. I can easily relate to it, being a programmer myself. As Linus Torvalds said: "Talk is cheap. Show me the code." In our case it should be paraphrased: "Talk is cheap. Show me the bugs."
We have various examples that speak for themselves. Our team has checked a great number of open-source projects and found 9574 bugs. We find bugs in such projects as Clang, Wine, Qt, Chromium, Unreal Engine and so on. You can have a look at the error base yourself and see how powerful PVS-Studio is.
In this article I would like to set aside a special group of project checks that is related to Microsoft company. I believe that the Microsoft development process is of high level and their code has low density of errors. However, even highly qualified specialists are not immune from making mistakes. So I am really glad to show what PVS-Studio is capable of.
Our articles are sometimes viewed as indirect comparison with FxCop analyzer and the diagnostics built in Visual Studio. Since PVS-Studio finds bugs after the checks of these tools, it's worth embedding in your development process.
So, I suggest taking a look at the articles, showing the abilities of PVS-Studio by the examples of projects written in C++ and C#.
- Analysis of CNTK tool kit from Microsoft Research
- Analysis of CoreCLR project
- Windows 8 Driver Samples check.
- Archeology for Entertainment. Microsoft Word 1.1a check.
- I have also found bugs in Visual C++ libraries: 1, 2
- However, we are not always able to write an article about errors after checking Microsoft projects. Microsoft is known for a reason for their responsible approach to creating software and qualitative code. For example, in Casablanca project we found nothing.
- Analysis of .NET Core Libraries (CoreFX)
- Analysis of .NET Compiler Platform (Roslyn) on the occasion of PVS-Studio with C# support release .
- Analysis of Microsoft Code Contracts
I hope the articles I've provided would be of interest to you, prompting to try PVS-Studio on your project. This is the best way to see the benefits that the static code analysis brings. There is also one thing to remember - one-time use of the analyzer isn't effective to fight bugs. The analyzer should be used on a regular basis to detect bugs in the newly written code right away.
But enough talking. See the analyzer in action: http://www.viva64.com/en/pvs-studio/download/.