SourceCode

We have classified our blog posts in several topics. Speaking of which, I suggest reading these articles on code check automation with PVS-Studio. In other words, the posts on DevOps and DevSecOps.

Code reviews are definitely necessary and useful. It's a way to impart knowledge, educate, control a task, improve code quality and formatting, fix bugs. Moreover, you can notice high-level errors related to the architecture and algorithms used. So it's a must-have practice, except that people get tired quickly. Therefore, static analysis perfectly complements reviews and helps to detect a variety of inconspicuous errors and typos. Let's look at a decent example on this topic.

A Code Review tool automates the code audit process. They help in static code analysis which is essential to deliever a reliable software application. There are plethora of Code Review Tools in the market and selecting one for your project could be a challenge.

Following is a curated list of top code analysis tools and code review tools for java with popular features and latest download links. The list contains best code review tools including open-source as well as commercial.

Sometimes, tired of endless code review and debugging, you start wondering if there are ways to make your life easier. After some googling or merely by accident, you stumble upon the phrase, "static analysis". Let's find out what it is and how it can be used in your project.

Static code analysis is most effective when changing a project, as errors are always more difficult to fix in the future than at an early stage. We continue expanding the options for using PVS-Studio in continuous development systems. This time, we'll show you how to configure pull request analysis using self-hosted agents in Microsoft Azure DevOps, using the example of the Minetest game.

One of the most relevant scenarios for using the PVS-Studio analyzer is its integration into CI systems. Even though a project analysis by PVS-Studio can already be embedded with just a few commands into almost any continuous integration system, we continue to make this process even more convenient. PVS-Studio now supports converting the analyzer output to the TeamCity format-TeamCity Inspections Type. Let's see how it works.

2019 was a very busy year in terms of conferences. Our team could leave for whole weeks on business trips. As you know, the conference is perfect time to share knowledge. In addition to giving talks and telling many interesting things at our booth, we also learned a lot from communicating with conference participants and speakers. So at the Joker 2019 conference in fall, a talk from Dalia Abo Sheasha "Migrating beyond Java 8" inspired us to implement a new diagnostic rule that allows us to detect incompatibilities in the Java SE API between different versions of Java. This is what we will talk about.

It is easy to try a static code analyzer. But it requires skills to introduce it in the development of an old large project. If the approach is incorrect, the analyzer can add work, slow down development, and demotivate the team. Let's briefly discuss how to properly integrate static analysis into the development process and start using it as part of CI/CD.

Static code analysis is a way of debugging that automatically examines source code before it compiles or is run. It does this by comparing the code code to a set of rules or standards. It is a way of automating code reviews and can be used in conjuncture with peer reviews.

Yuri Minaev is working in the PVS-Studio company as one of developers of the C++ static analyzer. His primary responsibility is to keep low-level stuff in order and add new features to the core module. It’s been almost 2 years since he joined the team after about 12 years of IT experience. Apart from that, he periodically gives talks at various conferences – mainly on topics related to static analysis and C++.

PVS-Studio is cross platform, working on Windows, Linux and MacOS 64-bit environments. It can analyze code designed for 32-bit and 64-bit systems as well as embedded ARM platforms. It generates reports that help developers to find and fix bugs before they become a problem.

Keeping a codebase clean and detecting problems before they occur will make your life better as a developer. When you can avoid getting nailed by simple problems, you can think about your software at a higher level, vastly improving your effectiveness as a software developer. It’s not just about avoiding bugs, although that’s important, but about what you can do with the time, money, and attention you save.

The #line directive is added by the preprocessor and can then be used to help the developer understand which file and line a particular code fragment in the preprocessed file refers to. The #line directive tells code-processing tools to change the compiler's internally stored line number and filename to a given line number and filename. Subsequent lines will be numbered relative to that position. Explicit preprocessing is mostly used for debugging or by various generators. In any case, a bug breaking this functionality may have a variety of negative effects. One of our users was faced with such a problem in Visual Studio 2019.

The purpose of this article is to give a general overview of the features of the PVS-Studio static analyzer. The simplest and most informative way to do this is to show the tool in action. We'll be sharing examples demonstrating the analysis process using the Visual Studio plugin, the algorithm of running the analyzer under Linux, and analysis log import into SonarQube.

This post continues the series of articles, which can well be called "horrors for developers". This time it will also touch upon a typical pattern of typos related to the usage of numbers 0, 1, 2. The language you're writing in doesn't really matter: it can be C, C++, C#, or Java. If you're using constants 0, 1, 2 or variables' names contain these numbers, most likely, Freddie will come to visit you at night. Go on, read and don't say we didn't warn you.