search

accord-net / framework

Machine learning, computer vision, statistics and general scientific computing for .NET
http://accord-framework.net
GNU Lesser General Public License v2.1
4.46k stars 2k forks source link

Analysis of 'Accord.Net' source code by PVS-Studio static code analyzer #264

Open VasilievSerg opened 7 years ago

VasilievSerg commented 7 years ago

Developers of PVS-Studio C/C++/C# static analyzer present their check report of the source code of 'Accord.Net' in the article, containing the review of the most suspicious code fragments they discovered.

You can read article at the official site: http://www.viva64.com/en/b/0410/

cesarsouza commented 7 years ago

Hey, thanks InkViziT0r. The report is informative, I am just unsure why the authors chose a particular mocking tone to show those problems in the framework. The truth is that the framework has been composed from the work of many people coming from the most varying backgrounds and with the most varying objectives across more than 7 years; even including a merge of two large codebases developed almost independently by distinct authors and teams. It is hard to keep track of every aspect of code quality under those circumstances, especially when most contributors have only a limited (free) time to work on everything.

Thanks a lot for sharing the link, I will keep this issue open to track the progress on solving their reporter issues!

Regards, Cesar

VasilievSerg commented 7 years ago

I am the author of the article and I apologize if the style of text seemed to be mocking in any way, I really didin’t mean anything like that. My aim was just to present the bugs found in this project.

I understand the peculiarities of this codebase. Static analysis tools are exactly those tools that allow tracking the code quality. The main thing – to use them regularly and correctly integrate into the analysis process (more details can be found by this link http://www.viva64.com/en/b/0309/).

Also, I would advise using PVS-Studio for fixing the errors, as a minimum, but the best is to use it on a regular basis (this scenario brings the most benefit from the analyzer). You can download the trial version (http://www.viva64.com/en/pvs-studio-download/) or e-mail us regarding a temporary key for it (support@viva64.com).

Best regards, Vasiliev Sergey

cesarsouza commented 7 years ago

Well then thank you again for bringing up all those issues and for all the effort in analyzing the project! Actually I was truly impressed by the kinds of bugs it could catch. PVS-Studio seems like an amazingly useful tool and I will surely give it a try.

In the meantime, I will leave this issue open until I work on the issues reported on the article, or at least finish importing them in the issue tracker.

Thanks! Cesar