SlideShare une entreprise Scribd logo

PVS-Studio and open-source software

P
PVS-Studio

I've decided to write about the work our team is doing regarding open-source projects. I will give a list of open-source projects we have checked by now with the PVS-Studio analyzer. Then I'll tell you about our plans for the future.

Technologie
1  sur  3
Télécharger pour lire hors ligne
PVS-Studio and open-source software Author: Andrey Karpov Date: 09.04.2013 I've decided to write about the work our team is doing regarding open-source projects. I will give a list of open-source projects we have checked by now with the PVS-Studio analyzer. Then I'll tell you about our plans for the future. We are friendly to open-source projects. But don't forget that the "open-source" status of some software doesn't necessarily mean that it is being developed solely by some enthusiasts for the common good. Many projects are developed by workers of large companies, and they are paid salaries for that. People sit in their offices, eat cookies, do programming, and write articles about advantages of open- source software. I just want to set in order thoughts of those people who believe that we must feel obliged to open- source software's authors only because it is open-source - and therefore check their source code and give them a registration key for free. That's exactly what we usually do, and we are glad to be helpful. But the fact of some software product's being open-source only means that for some reasons the company finds this form of project development more convenient. At the same time, they can well afford purchasing PVS-Studio. Why should we refuse? OK, enough of grumbling. It's just not fair, with us having checked all those projects and given a number of free keys, that we are reproached for being unkind to open-source projects. Here's the list of open- source projects analyzed with PVS-Studio by now: • 64-bit Loki library check. (September, 2009) • WinMerge check (October, 2010), second check (March, 2012) • Notepad++ check (November, 2010), second check (February, 2012) • Fennec Media Project check (November, 2010) • qutIM check (November, 2010) • TortoiseSVN check (December, 2010) • Ultimate Toolbox check (December, 2010) • Intel IPP Samples check (January, 2011), second check (October, 2011), third check (April, 2012) • Miranda IM check (March, 2011) • Chromium check (May, 2011), second check (October, 2011) • QT check (July, 2011) • Apache HTTP Server check (July, 2011) • Intel Energy Checker SDK check (July, 2011) • Clang check (August, 2011), second check (August, 2012) • ReactOS check (September, 2011), second check (April, 2013) • Doom 3 check (November, 2011) • Firefox check (December, 2011) • Quake III Arena GPL check (February, 2012) • TrinityCore check (February, 2012) • Dolphin-emu check (February, 2012)
• Blender check (April, 2012) • MAME check (July, 2012) • Trans-Proteomic Pipeline check (August, 2012) • It's not open-source, but it's useful to everyone. Visual C++ libraries check (September, 2012) • Tor check (November, 2012) • OpenSSL check (December, 2012) • Casablanca check (March, 2013) • OpenCV check (March, 2013) • Various small projects we didn't write about. It's not entirely without any reward that our team carries out these project checks. The articles we publish about errors detected in open-source projects serve as advertisement for us. We make no secret of it. But I believe it's the best advertisement you've ever seen! PVS-Studio indeed helps the open- source community. Perhaps you will notice that the cited articles are greatly different in size. There is an explanation. For example, when writing the first article about checking ReactOS, the analyzer possessed much fewer diagnostic rules than when performing the second check. Within the time passed between the two checks, the tool has learned to find several times more bugs. That's why our analysis-report articles will in time grow even larger. Now we have to omit many arguable bugs in order not to turn an article into a reference book. We inform project developers about all the errors we've found. Of course, the list of bugs we provide to them contains much more fragments to be considered than described in articles. We also give them a free registration key for some time so that they can check the project more thoroughly. If you develop an open-source project, write to us. With some open-source projects we establish good relations: the authors inform us about PVS-Studio's flaws and suggest new rules to implement, while we provide them with registration keys. So we are not greedy - quite on the contrary. Just ask, but never demand. We also provide keys to programmers who have the Microsoft MVP status. But no one has asked us as yet. So, I'm reminding you of it once again. Indeed, please feel free to contact us. We are ready for various ways of cooperation. For instance, we could write an article in co-authorship or carry out some investigation. We are a small company and don't have bureaucracy yet. Let's speak about our plans now. We intend to go on checking open-source projects and write articles about the checks. We'll try to extend our coverage. For instance, we can now analyze projects built with Embarcadero RAD Studio (C++Builder) and MinGW. By the way, you may contact us to suggest some projects that you think should be checked. The only restriction is that they must be built in Windows. For you to know the details, here's a list of IDEs we support at present: • Visual Studio 2012 - C, C++, C++11, C++/CX (WinRT) • Visual Studio 2010 - C, C++, C++0x • Visual Studio 2008 - C, C++ • Visual Studio 2005 - C, C++ • Embarcadero RAD Studio XE3 - C, C++, C++11 • Embarcadero RAD Studio XE2 - C, C++, C++0x • Embarcadero RAD Studio XE - C, C++
• Embarcadero RAD Studio 2010 - C, C++ • Embarcadero RAD Studio 2009 - C, C++ • MinGW - C, C++, C++11 We are specifically interested in projects for Embarcadero RAD Studio. Does anybody have any? And the last thing. We keep a bug database on our website. I think many of you will find it interesting wandering through it. But the most interesting thing about it is that it can be used as a resource to work out coding standards and new recommendations for textbooks and articles on programming. It is now waiting for its McConnell to come and use it as soil to raise a book of the "50 Tips on How Not to Drop a Clanger" style.

Recommandé

Re-checking the ReactOS project - a large report
Re-checking the ReactOS project - a large reportRe-checking the ReactOS project - a large report
Re-checking the ReactOS project - a large reportPVS-Studio
 
What comments hide
What comments hideWhat comments hide
What comments hidePVS-Studio
 
How to make fewer errors at the stage of code writing. Part N1.
How to make fewer errors at the stage of code writing. Part N1.How to make fewer errors at the stage of code writing. Part N1.
How to make fewer errors at the stage of code writing. Part N1.PVS-Studio
 
Software diseases: memset
Software diseases: memsetSoftware diseases: memset
Software diseases: memsetPVS-Studio
 
Intel IPP Samples for Windows - error correction
Intel IPP Samples for Windows - error correctionIntel IPP Samples for Windows - error correction
Intel IPP Samples for Windows - error correctionPVS-Studio
 
Wade Not in Unknown Waters. Part Four.
Wade Not in Unknown Waters. Part Four.Wade Not in Unknown Waters. Part Four.
Wade Not in Unknown Waters. Part Four.PVS-Studio
 
Visual Studio tool windows
Visual Studio tool windowsVisual Studio tool windows
Visual Studio tool windowsPVS-Studio
 
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-StudioComparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-StudioPVS-Studio
 

Recommandé

Re-checking the ReactOS project - a large report
Re-checking the ReactOS project - a large reportRe-checking the ReactOS project - a large report
Re-checking the ReactOS project - a large reportPVS-Studio
 
What comments hide
What comments hideWhat comments hide
What comments hidePVS-Studio
 
How to make fewer errors at the stage of code writing. Part N1.
How to make fewer errors at the stage of code writing. Part N1.How to make fewer errors at the stage of code writing. Part N1.
How to make fewer errors at the stage of code writing. Part N1.PVS-Studio
 
Software diseases: memset
Software diseases: memsetSoftware diseases: memset
Software diseases: memsetPVS-Studio
 
Intel IPP Samples for Windows - error correction
Intel IPP Samples for Windows - error correctionIntel IPP Samples for Windows - error correction
Intel IPP Samples for Windows - error correctionPVS-Studio
 
Wade Not in Unknown Waters. Part Four.
Wade Not in Unknown Waters. Part Four.Wade Not in Unknown Waters. Part Four.
Wade Not in Unknown Waters. Part Four.PVS-Studio
 
Visual Studio tool windows
Visual Studio tool windowsVisual Studio tool windows
Visual Studio tool windowsPVS-Studio
 
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-StudioComparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-StudioPVS-Studio
 
Cppcheck
CppcheckCppcheck
CppcheckPVS-Studio
 
Creating, debugging and deploying extension packages for Microsoft Visual Stu...
Creating, debugging and deploying extension packages for Microsoft Visual Stu...Creating, debugging and deploying extension packages for Microsoft Visual Stu...
Creating, debugging and deploying extension packages for Microsoft Visual Stu...PVS-Studio
 
Static analysis should be used regularly
Static analysis should be used regularlyStatic analysis should be used regularly
Static analysis should be used regularlyPVS-Studio
 
What do static analysis and search engines have in common? A good "top"!
What do static analysis and search engines have in common? A good "top"!What do static analysis and search engines have in common? A good "top"!
What do static analysis and search engines have in common? A good "top"!PVS-Studio
 
Errors detected in C++Builder
Errors detected in C++BuilderErrors detected in C++Builder
Errors detected in C++BuilderPVS-Studio
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio
 
Visual C++ project model
Visual C++ project modelVisual C++ project model
Visual C++ project modelPVS-Studio
 
The D language comes to help
The D language comes to helpThe D language comes to help
The D language comes to helpPVS-Studio
 
Difficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usabilityDifficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usabilityPVS-Studio
 
100% code coverage by static analysis - is it that good?
100% code coverage by static analysis - is it that good?100% code coverage by static analysis - is it that good?
100% code coverage by static analysis - is it that good?PVS-Studio
 
Wade not in unknown waters. Part one.
Wade not in unknown waters. Part one.Wade not in unknown waters. Part one.
Wade not in unknown waters. Part one.PVS-Studio
 
Farewell to #define private public
Farewell to #define private publicFarewell to #define private public
Farewell to #define private publicPVS-Studio
 
Lesson 7. The issues of detecting 64-bit errors
Lesson 7. The issues of detecting 64-bit errorsLesson 7. The issues of detecting 64-bit errors
Lesson 7. The issues of detecting 64-bit errorsPVS-Studio
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Contenu connexe

En vedette

Creating, debugging and deploying extension packages for Microsoft Visual Stu...
Creating, debugging and deploying extension packages for Microsoft Visual Stu...Creating, debugging and deploying extension packages for Microsoft Visual Stu...
Creating, debugging and deploying extension packages for Microsoft Visual Stu...PVS-Studio
 
Static analysis should be used regularly
Static analysis should be used regularlyStatic analysis should be used regularly
Static analysis should be used regularlyPVS-Studio
 
What do static analysis and search engines have in common? A good "top"!
What do static analysis and search engines have in common? A good "top"!What do static analysis and search engines have in common? A good "top"!
What do static analysis and search engines have in common? A good "top"!PVS-Studio
 
Errors detected in C++Builder
Errors detected in C++BuilderErrors detected in C++Builder
Errors detected in C++BuilderPVS-Studio
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio
 
Visual C++ project model
Visual C++ project modelVisual C++ project model
Visual C++ project modelPVS-Studio
 
The D language comes to help
The D language comes to helpThe D language comes to help
The D language comes to helpPVS-Studio
 
Difficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usabilityDifficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usabilityPVS-Studio
 
100% code coverage by static analysis - is it that good?
100% code coverage by static analysis - is it that good?100% code coverage by static analysis - is it that good?
100% code coverage by static analysis - is it that good?PVS-Studio
 
Wade not in unknown waters. Part one.
Wade not in unknown waters. Part one.Wade not in unknown waters. Part one.
Wade not in unknown waters. Part one.PVS-Studio
 
Farewell to #define private public
Farewell to #define private publicFarewell to #define private public
Farewell to #define private publicPVS-Studio
 
Lesson 7. The issues of detecting 64-bit errors
Lesson 7. The issues of detecting 64-bit errorsLesson 7. The issues of detecting 64-bit errors
Lesson 7. The issues of detecting 64-bit errorsPVS-Studio
 

En vedette (13)

Cppcheck
CppcheckCppcheck
Cppcheck
 
Creating, debugging and deploying extension packages for Microsoft Visual Stu...
Creating, debugging and deploying extension packages for Microsoft Visual Stu...Creating, debugging and deploying extension packages for Microsoft Visual Stu...
Creating, debugging and deploying extension packages for Microsoft Visual Stu...
 
Static analysis should be used regularly
Static analysis should be used regularlyStatic analysis should be used regularly
Static analysis should be used regularly
 
What do static analysis and search engines have in common? A good "top"!
What do static analysis and search engines have in common? A good "top"!What do static analysis and search engines have in common? A good "top"!
What do static analysis and search engines have in common? A good "top"!
 
Errors detected in C++Builder
Errors detected in C++BuilderErrors detected in C++Builder
Errors detected in C++Builder
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
 
Visual C++ project model
Visual C++ project modelVisual C++ project model
Visual C++ project model
 
The D language comes to help
The D language comes to helpThe D language comes to help
The D language comes to help
 
Difficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usabilityDifficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usability
 
100% code coverage by static analysis - is it that good?
100% code coverage by static analysis - is it that good?100% code coverage by static analysis - is it that good?
100% code coverage by static analysis - is it that good?
 
Wade not in unknown waters. Part one.
Wade not in unknown waters. Part one.Wade not in unknown waters. Part one.
Wade not in unknown waters. Part one.
 
Farewell to #define private public
Farewell to #define private publicFarewell to #define private public
Farewell to #define private public
 
Lesson 7. The issues of detecting 64-bit errors
Lesson 7. The issues of detecting 64-bit errorsLesson 7. The issues of detecting 64-bit errors
Lesson 7. The issues of detecting 64-bit errors
 

Dernier

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 

Dernier (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 

PVS-Studio and open-source software

  • 1. PVS-Studio and open-source software Author: Andrey Karpov Date: 09.04.2013 I've decided to write about the work our team is doing regarding open-source projects. I will give a list of open-source projects we have checked by now with the PVS-Studio analyzer. Then I'll tell you about our plans for the future. We are friendly to open-source projects. But don't forget that the "open-source" status of some software doesn't necessarily mean that it is being developed solely by some enthusiasts for the common good. Many projects are developed by workers of large companies, and they are paid salaries for that. People sit in their offices, eat cookies, do programming, and write articles about advantages of open- source software. I just want to set in order thoughts of those people who believe that we must feel obliged to open- source software's authors only because it is open-source - and therefore check their source code and give them a registration key for free. That's exactly what we usually do, and we are glad to be helpful. But the fact of some software product's being open-source only means that for some reasons the company finds this form of project development more convenient. At the same time, they can well afford purchasing PVS-Studio. Why should we refuse? OK, enough of grumbling. It's just not fair, with us having checked all those projects and given a number of free keys, that we are reproached for being unkind to open-source projects. Here's the list of open- source projects analyzed with PVS-Studio by now: • 64-bit Loki library check. (September, 2009) • WinMerge check (October, 2010), second check (March, 2012) • Notepad++ check (November, 2010), second check (February, 2012) • Fennec Media Project check (November, 2010) • qutIM check (November, 2010) • TortoiseSVN check (December, 2010) • Ultimate Toolbox check (December, 2010) • Intel IPP Samples check (January, 2011), second check (October, 2011), third check (April, 2012) • Miranda IM check (March, 2011) • Chromium check (May, 2011), second check (October, 2011) • QT check (July, 2011) • Apache HTTP Server check (July, 2011) • Intel Energy Checker SDK check (July, 2011) • Clang check (August, 2011), second check (August, 2012) • ReactOS check (September, 2011), second check (April, 2013) • Doom 3 check (November, 2011) • Firefox check (December, 2011) • Quake III Arena GPL check (February, 2012) • TrinityCore check (February, 2012) • Dolphin-emu check (February, 2012)
  • 2. • Blender check (April, 2012) • MAME check (July, 2012) • Trans-Proteomic Pipeline check (August, 2012) • It's not open-source, but it's useful to everyone. Visual C++ libraries check (September, 2012) • Tor check (November, 2012) • OpenSSL check (December, 2012) • Casablanca check (March, 2013) • OpenCV check (March, 2013) • Various small projects we didn't write about. It's not entirely without any reward that our team carries out these project checks. The articles we publish about errors detected in open-source projects serve as advertisement for us. We make no secret of it. But I believe it's the best advertisement you've ever seen! PVS-Studio indeed helps the open- source community. Perhaps you will notice that the cited articles are greatly different in size. There is an explanation. For example, when writing the first article about checking ReactOS, the analyzer possessed much fewer diagnostic rules than when performing the second check. Within the time passed between the two checks, the tool has learned to find several times more bugs. That's why our analysis-report articles will in time grow even larger. Now we have to omit many arguable bugs in order not to turn an article into a reference book. We inform project developers about all the errors we've found. Of course, the list of bugs we provide to them contains much more fragments to be considered than described in articles. We also give them a free registration key for some time so that they can check the project more thoroughly. If you develop an open-source project, write to us. With some open-source projects we establish good relations: the authors inform us about PVS-Studio's flaws and suggest new rules to implement, while we provide them with registration keys. So we are not greedy - quite on the contrary. Just ask, but never demand. We also provide keys to programmers who have the Microsoft MVP status. But no one has asked us as yet. So, I'm reminding you of it once again. Indeed, please feel free to contact us. We are ready for various ways of cooperation. For instance, we could write an article in co-authorship or carry out some investigation. We are a small company and don't have bureaucracy yet. Let's speak about our plans now. We intend to go on checking open-source projects and write articles about the checks. We'll try to extend our coverage. For instance, we can now analyze projects built with Embarcadero RAD Studio (C++Builder) and MinGW. By the way, you may contact us to suggest some projects that you think should be checked. The only restriction is that they must be built in Windows. For you to know the details, here's a list of IDEs we support at present: • Visual Studio 2012 - C, C++, C++11, C++/CX (WinRT) • Visual Studio 2010 - C, C++, C++0x • Visual Studio 2008 - C, C++ • Visual Studio 2005 - C, C++ • Embarcadero RAD Studio XE3 - C, C++, C++11 • Embarcadero RAD Studio XE2 - C, C++, C++0x • Embarcadero RAD Studio XE - C, C++
  • 3. • Embarcadero RAD Studio 2010 - C, C++ • Embarcadero RAD Studio 2009 - C, C++ • MinGW - C, C++, C++11 We are specifically interested in projects for Embarcadero RAD Studio. Does anybody have any? And the last thing. We keep a bug database on our website. I think many of you will find it interesting wandering through it. But the most interesting thing about it is that it can be used as a resource to work out coding standards and new recommendations for textbooks and articles on programming. It is now waiting for its McConnell to come and use it as soil to raise a book of the "50 Tips on How Not to Drop a Clanger" style.