Product News

FOSSA is announcing the GA of a security and license scanning capability for C and C++ projects

FOSSA was founded to provide the most relevant and real-time end-to-end governance for all third-party code. They now announce the general availability of C and C++ Security and License Scanning

Announcing the GA of C and C++ Security and License Scanning
By Gauthami Polasani

From the article:

Unlike other C/C++ scanning tools, FOSSA does not take a one-solution-fits-all approach to dependency identification in such a complex and layered ecosystem. FOSSA uses multi-pronged strategies (as described below) to accurately identify dependencies and surface security and license risks — regardless of how the code is included.).

Examples of errors that PVS-Studio found in LLVM 15.0

Compilers are evolving: they issue more and more warnings. Do developers still need to use static code analyzers like PVS-Studio? Yes, because analyzers are evolving too. In this article you'll see how PVS-Studio can find bugs even in a compiler.

Examples of errors that PVS-Studio found in LLVM 15.0

by Andrey Karpov

From the article:

It's a cool bug, although it's not scary. There is no semicolon after the return statement. As a result, the code does not work as it looks.

void FunctionLoweringInfo::ComputePHILiveOutRegInfo(const PHINode *PN) {
  Register DestReg = It->second;
  if (DestReg == 0)
  assert(Register::isVirtualRegister(DestReg) &&
         "Expected a virtual reg");

Improving copy and move elision - Bran Hagger

improving-copy-and-move-elision.pngFrom the MSVC team blog:

Improving copy and move elision

by Bran Hagger

From the article:

With Visual Studio 2022 version 17.4 Preview 3, we’ve significantly increased the number of situations where we do copy or move elision and given users more control over whether these transformations are enabled. ...

PVS-Studio 7.21: GitLab Code Quality, Unreal Engine

PVS-Studio 7.21 has been released. This short note describes the analyzer's main enhancements and lists our recent articles and quizzes.

PVS-Studio 7.21: GitLab Code Quality, Unreal Engine

by Sergey Vasiliev

From the article:

New C++ diagnostics:

  • V1090. The 'std::uncaught_exception' function is deprecated since C++17 and is removed in C++20. Consider replacing this function with 'std::uncaught_exceptions'.
  • V1091. The pointer is cast to an integer type of a larger size. Casting pointer to a type of a larger size is an implementation-defined behavior.
  • V1092. Recursive function call during the static/thread_local variable initialization might occur. This may lead to undefined behavior.

Enhance application security with FORTIFY_SOURCE -- Siddharth Sharma

Improving safety and security in GCC:

Enhance application security with FORTIFY_SOURCE

by Siddharth Sharma

From the article:

The FORTIFY_SOURCE macro provides lightweight support for detecting buffer overflows in various functions that perform operations on memory and strings. Not all types of buffer overflows can be detected with this macro, but it does provide an extra level of validation for some functions that are potentially a source of buffer overflow flaws. It protects both C and C++ code. ...

PVS-Studio 7.20: Unreal Engine, SAST, SCA

The bug related to Unreal Engine's inability to find PVS-Studio by the default path is finally fixed. Starting from Unreal Engine 5.0.3. you you can analyze projects without any workarounds. We've also enhanced the analysis of UE projects: you'll see more true warnings and fewer false ones.

PVS-Studio 7.20: Unreal Engine, SAST, SCA

by Sergey Vasiliev

From the article:

New diagnostics for C, C++:

  • V1086. Call of the 'Foo' function will lead to buffer underflow.
  • V1087. Upper bound of case range is less than its lower bound. This case may be unreachable.
  • V1088. No objects are passed to the 'std::scoped_lock' constructor. No locking will be performed. This can cause concurrency issues.
  • V1089. Waiting on condition variable without predicate. A thread can wait indefinitely or experience a spurious wake up.

HPX V1.8.1 released -- STE||AR Group

The STE||AR Group has released V1.8.1 of HPX -- A C++ Standard library for Concurrency and Parallelism.

HPX V1.8.1 Released

We have released HPX 1.8.1 that adds a number of small new features and fixes a handful of problems discovered since the last 1.8.0 release, in particular: a lot of work has been done to improve vectorization support for our parallel algorithms. HPX now supports using EVE – the Expressive Vector Engine as a vectorization backend. More work was done towards full compatibility with the sender/receiver proposal P2300. We have fixed all collective operations to properly avoid overlapping consecutive operations on the same communicator. We also fixed a dangling reference problem while serializing non-default constructible types. We have added support for static linking on Windows (using MSVC) and have added support for M1/MacOS based architectures. A full list of changes can be found in the release notes.

If you have any questions, comments, or exploits to report you can reach us on IRC or Matrix (#ste||ar on or email us at hpx-users. We depend on your input!

You can download the release from our releases page or check out the 1.8.1 tag using git. A full list of changes can be found in the release notes.

HPX is a general-purpose parallel C++ runtime system for applications of any scale. It implements all of the related facilities as defined by the C++20 Standard. As of this writing, HPX provides the only widely available open-source implementation of the new C++17 and C++20 parallel algorithms, including a full set of parallel range-based algorithms. Additionally, HPX implements functionalities proposed as part of the ongoing C++ standardization process, such as large parts of the features related parallelism and concurrency as specified by the upcoming C++23 Standard, the C++ Concurrency TS, Parallelism TS V2, data-parallel algorithms, executors, and many more. It also extends the existing C++ Standard APIs to the distributed case (e.g., compute clusters) and for heterogeneous systems (e.g., GPUs).

HPX seamlessly enables a new Asynchronous C++ Standard Programming Model that tends to improve the parallel efficiency of our applications and helps reducing complexities usually associated with parallelism and concurrency.