C# has low barriers to entry and forgives a lot. Seriously, you may not understand how things work under the hood but still write code and remain easy-going about this. Though you still have to deal with different nuances over time. Today, we’ll look at one of such subtle aspects — handling enumerations.

Rarely do we get the chance to find a developer who hasn’t encountered enumerations. However, anyone can make an error when using them. It is more likely if:

  • it is not an error, but an optimization issue in the application. …

Do you like the ?. operator? Well, who doesn’t? Many people like these concise null checks. However, today’s article shows that the ?. operator may be tricky sometimes. That is, it can create an illusion of safety when used in the foreach loop.

Let’s start with a small task. Take a look at the following code:

void ForeachTest(IEnumerable<String> collection)
{
// #1
foreach (var item in collection.NotNullItems())
Console.WriteLine(item);
// #2
foreach (var item in collection?.NotNullItems())
Console.WriteLine(item);
}

Suppose the collection is null. Have you got any ideas on how each of the loops will run? Case #2 with ?. seems…


We continue to develop PVS-Studio as a SAST solution. Thus, one of our major goals is expanding OWASP coverage. You might ask, what’s the use when there’s no taint analysis? That’s exactly what we thought — and decided to implement taint analysis in the C# analyzer. Curious about what we accomplished? Read on!

Note. This article briefly touches upon the topics of SQL injections and working with SQL in C#. This theory serves as context. For in-depth information on these topics, do additional research.

What is Taint Analysis All About?

Taint analysis helps track data that a program receives from an external source (taint source). Though…


Surely every C# developer has used out-parameters. It seems that everything is extremely simple and clear with them. But is it really so? For a kickoff, let’s start with a self-test task.

Let me remind you that out parameters must be initialized by the called method before exiting it.

Now look at the following code snippet and see if it compiles.

void CheckYourself(out MyStruct obj)
{
// Do nothing
}

MyStruct — a value type:

public struct MyStruct
{ .... }

If you confidently answered “yes” or “no” — I invite you to keep reading, since everything is not so…


Recently nullable reference types have become trendy. Meanwhile, the good old nullable value types are still here and actively used. How well do you remember the nuances of working with them? Let’s jog your memory or test your knowledge by reading this article. Examples of C# and IL code, references to the CLI specification, and CoreCLR code are provided. Let’s start with an interesting case.

Note. If you are interested in nullable reference types, you can read several articles by my colleagues: “Nullable Reference types in C# 8.0 …


Due to a series of different events, the beginning of beta testing of the plugin for the Rider and C# analyzer for Linux / macOS was a little delayed. However, we are pleased to announce that this day has come — today we are launching the beta test.

A small note for those who missed the previous news: at the moment we are developing the plugin for the IDE Rider, as well as porting our C# analyzer to .NET Core to be able to analyze projects under Linux and macOS. PVS-Studio C# for Windows for now will continue to work…


More and more users of the PVS-Studio C# analyzer get interested in the possibility to utilize it for checking C# code on Linux and macOS. Today we have some good news.

Since the end of the last year, we’ve been actively working on porting our C# analyzer to the .NET Core platform, as well as ensuring its performance on Unix-like operating systems. Our plans are to release PVS-Studio C# for .NET Core on Linux and macOS platforms in late April — first half of May.

On Windows, the analyzer will continue to work under the .NET Framework so far, since…


.NET Core libraries is one of the most popular C# projects on GitHub. It’s hardly a surprise, since it’s widely known and used. Owing to this, an attempt to reveal the dark corners of the source code is becoming more captivating. So this is what we’ll try to do with the help of the PVS-Studio static analyzer. What do you think — did I manage to eventually find something interesting?

I’ve been making my way toward this article for over a year and a half. At some point, I had an idea settled in my head that the .NET Core…


This is a short story about how PVS-Studio helped us find an error in the source code of the library used in PVS-Studio. And it was not a theoretical error but an actual one — the error appeared in practice when using the library in the analyzer.

In PVS-Studio_Cmd (as well as some other utilities) we use a special library for parsing command line arguments — CommandLine.

Today I supported the new mode in PVS-Studio_Cmd and it so happened that I had to use this library for parsing command line arguments. …


Support of Visual Studio 2019 in PVS-Studio affected a number of components: the plugin itself, the command-line analyzer, the cores of the C++ and C# analyzers, and a few utilities. In this article, I will briefly explain what problems we encountered when implementing support of the IDE and how we addressed them.

Before we start, I’d like to take a look back at the history of supporting the previous versions of Visual Studio in PVS-Studio so you better understand our vision of the task and solutions that we came up with in every single situation.

Since the first version of…

Sergey Vasiliev

C# Analyzer Team Leader at PVS-Studio LinkedIn: https://www.linkedin.com/in/fotoshooter/ Photos: http://vk.com/vasilievphoto

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store