If you feel like the New Year just came, and you missed the first half of January, then all this time you've been busy looking for tricky bugs in the code you maintain. It also means that our article is what you need. PVS-Studio has checked the ELKI open source project to show you errors that may occur in the code, how cunningly they can hide there, and how you can deal with them.
What Kind of Library Is ELKI?
The abbreviation ELKI stands for Environment for DeveLoping KDD-Applications Supported by Index-Structures. This project is written in Java and is designed for data mining. Most users of this library are students, researchers, data scientists, and software engineers. No wonder, since this library was developed for research only.
Beginner’s Guide to JavaScript Static Code Analysis
Do you suffer from poorly written code? Is your codebase riddled with inconsistencies? Do you experience anxiety every time your code is being reviewed? If you answered 'yes' to any of these questions, static code analysis could help.
Static code analysis is the process of analyzing code before it is executed. It provides numerous advantages to developers, and integrating static code analyzers can supercharge your developer workflow.
Top 7 Static Code Analysis Tools
What Is a Static Code Analysis?
Static code analysis or Source code analysis is a method performed on the ‘static’ (non-running) source code of the software with static code analysis tools that attempt to highlight potential vulnerabilities. Static code analyzers check source code for specific vulnerabilities as well as for compliance with various coding standards.
Why Use Static Analysis?
- Get code insights before execution
- Executes quickly compared with dynamic analysis
- Code quality maintenance can be automated
- Search for bugs can be automated at early stages (although not all)
- Finding security problems can be automated at an early stage
- You already use static analyzers if you use any IDE that already has static analyzers (like Pycharm uses pep8).
Now that we are aware of static code analysis, we must know the tools that are already leading the market. Without further ado, let's have a look at the tools that are popular for static code analysis:
Setup Static Code Analysis for Python
Static code analysis is the technique of approximating the runtime behavior of a program. In other words, it is the process of predicting the output of a program without actually executing it. That’s what DeepSource does, statically analyzing your project and reporting to you the potential code quality issues which can be solved within no time.
This is what we will be doing here in this blog. We will try to integrate DeepSource over a forked repo, specifically on a Python project, and run analysis over it. We will further fix some of the issues with the auto-fix tool and let transformers fix some of the styling issues for our project.
PVS-Studio: Analyzing Pull Requests In Azure DevOps Using Self-Hosted Agents
Static code analysis is most effective when changing a project, as errors are always more difficult to fix in the future than at an early stage. We continue expanding the options for using PVS-Studio in continuous development systems. This time, we'll show you how to configure pull request analysis using self-hosted agents in Microsoft Azure DevOps, using the example of the Minetest game.
Briefly About What We Are Dealing With
Minetest is an open-source cross-platform game engine containing about 200,000 lines of code in C, C++, and Lua. It allows you to create different game modes in voxel space. Supports multiplayer, and a lot of mods from community. The project repository is located here: https://github.com/minetest/minetest.
PVS-Studio in the Clouds: CircleCI
This is a new piece of our series of articles about using the PVS-Studio static analyzer with cloud CI systems. Today we are going to look at another service, CircleCI. We'll take the Kodi media player application as a test project and see if we can find any interesting bugs in its source code.
Note. The previous articles on integrating PVS-Studio with cloud CI systems:
Commits and Pull Requests in Travis CI, Buddy, and AppVeyor Using PVS-Studio
Starting from version 7.04, the PVS-Studio analyzer for C and C++ languages on Linux and macOS provides a test feature that can check the list of specified files. Using this new mode, you can configure the analyzer to check commits and pull requests.
This article covers setting up the check of certain modified files from a GitHub project in popular CI systems, such as Travis CI, Buddy, and AppVeyor.
Analyzing the Code of ROOT, Scientific Data Analysis Framework
While Stockholm was holding the 118th Nobel Week, I was sitting in our office, where we develop the PVS-Studio static analyzer, working on an analysis review of the ROOT project, a big-data processing framework used in scientific research. This code wouldn't win a prize, of course, but the authors can definitely count on a detailed review of the most interesting defects plus a free license to thoroughly check the project on their own.
Introduction
ROOT is a modular scientific software toolkit. It provides all the functionalities needed to deal with big data processing, statistical analysis, visualisation, and storage. It is mainly written in C++. ROOT was born at CERN, at the heart of the research on high-energy physics. Every day, thousands of physicists use ROOT applications to analyze their data or to perform simulations.
PVS-Studio Visits Apache Hive
For the past ten years, the open-source movement has been one of the key drivers of the IT industry's development. The role of open source projects is becoming more and more prominent, not only in terms of quantity but also in terms of quality. This changes the very concept of how open source software is positioned on the IT market in general. Today, we are going to talk about Apache Hive.
About Apache Hive
Apache Hadoop is currently thought to be one of the pioneering Big Data technologies. Its primary tasks are storing, processing, and managing large amounts of data. The main components comprising the framework are Hadoop Common, HDFS, Hadoop MapReduce, and Hadoop YARN. Over time, a large ecosystem of related projects and technologies has developed around Hadoop — many of which originally started as part of the project and then budded off to become independent. Apache Hive is one of them.