Posted on

GPT-3 Detected 213 Security Vulnerabilities… Or It Did Not

For a better grasp of the subject under discussion, it would be preferable if you could first read Chris Koch's article: I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase. I had already written a lengthy comment to it. Then I decided to write another one. This time, I chose to put my thoughts into a complete post.

I don't share the author's enthusiasm. Our trials with ChatGPT yielded far more modest and dubious findings, and you may read about them in the article: Is ChatGPT good enough at spotting bugs in code?

Posted on

Virtual Function Calls in Constructors and Destructors (C++)

In different programming languages, the behavior of virtual functions differs when it comes to constructors and destructors. Incorrect use of virtual functions is a classic mistake. Developers often use virtual functions incorrectly. In this article, we"ll discuss some of these classic mistakes.

Theory    

I suppose the reader is familiar with virtual functions in C++. Let's get straight to the point. When we call a virtual function in a constructor, the function is overridden only within a base class or a currently created class. Constructors in the derived classes have not yet been called. Therefore, the virtual functions implemented in them will not be called.

Posted on

Static Analysis Protects Your Code From Time Bombs

Static code analysis allows you to identify and eliminate many defects at an early stage. Moreover, it's possible to detect dormant errors that don't show themselves when they appear. They can cause many problems in the future and it requires many hours of debugging to detect them. Let's look at an example of such a dormant error.

To show the advantage of regular use of the PVS-Studio static analyzer, we regularly check the Blender project. My colleague wrote more about this idea here.

Posted on

COVID-19 Research and Uninitialized Variable

There is an open project, COVID-19 CovidSim Model, written in C++. There is also a PVS-Studio static code analyzer that detects errors very well. One day they met. Let's embrace the fragility of mathematical modeling algorithms and why you need to make every effort to enhance code quality.

This little story begins with an ordinary search on GitHub. While looking through the search results, I accidentally came across the COVID-19 CovidSim Model project. Without thinking twice, I decided to check it out using the PVS-Studio analyzer.