Product News

PVS-Studio 7.12 New Features for Finding Safety and Security Threats

At the moment, PVS-Studio is developing not only as a static analyzer searching for code quality defects (quality control solution) but also as a solution for searching for security and safety defects.

PVS-Studio 7.12 New Features for Finding Safety and Security Threats

by Nikolay Mironov, Paul Eremeev

From the article:

Well, to waste no time, let's point out the additions right away. So, here is what's new, safe, and cool in PVS-Studio:

  • New diagnostic groups OWASP ASVS and The AUTOSAR C++14 Coding Guidelines have been added to the analyzer. Previously, the compliance of PVS-Studio diagnostic rules with these standards was available only on our website. Now we have more than 50 new diagnostic rules!
  • Now the analyzer shows information about the compliance of the warnings with the SEI CERT Coding Standard. This information formerly was available only on the PVS-Studio website.
  • The interface of our plugins for Visual Studio, JetBrains Rider, and IntelliJ IDEA has been improved to ease the work with analyzer messages that have safety and security standards identifiers.
  • New diagnostic groups (OWASP, AUTOSAR) in PlogConverter are supported.
  • New diagnostics (OWASP, AUTOSAR) are supported in SonarQube at the tag level. We classified our diagnostic rules by OWASP Top 10.

CLion 2021.1 EAP: Branch Coverage, New MISRA Checks, and Remote Makefile projects--Anastasia Kazakov


CLion 2021.1 EAP: Branch Coverage, New MISRA Checks, and Remote Makefile projects

by Anastasia Kazakova

From the article:

A new CLion 2021.1 EAP build (211.6305.15) is now available from our website, via the Toolbox App, or as a snap package (if you are using Ubuntu). Note that if you are on macOS, there is a separate build for Apple Silicon (M1 chip)...

Next steps for Clang Power Tools--Horatiu Prica

Were you using them?

Next steps for Clang Power Tools

by Horatiu Prica

From the article:

We are happy to announce that Clang Power Tools is now entirely free for everyone while keeping it open-source on GitHub. We had a blast these past two years, working full-time on making Clang Power Tools better and bringing to fruition its code modernization mission...

Registries: Bring your own libraries to vcpkg--Nicole Mazzuca

Are you using vcpkg?

Registries: Bring your own libraries to vcpkg

by Nicole Mazzuca

From the article:

Are you working on a C++ project with library dependencies? Are you tired of maintaining a custom-built package management workflow with duct tape and git submodules? Then you should consider trying out a package manager. Perhaps you have been side-eyeing vcpkg for a while, and it looks like the perfect solution for your team, but for one problem: not all your dependencies are open source! Your company has internal libraries that they expect everyone to use too...

Complete C++20 Modules Support with GCC--Boris Kolpackov

More of c++20 ready to be used.

Complete C++20 Modules Support with GCC

by Boris Kolpackov

From the article:

build2 now provides conforming and scalable support for all the major C++20 Modules features when used with GCC. This includes named modules, module partitions (both interface and implementation), header unit importation, and include translation. All of these features are also supported in libraries, including consumption of installed libraries with information about modules and importable headers conveyed in pkg-config files. As part of this effort we have also created a collection of examples that demonstrate C++20 Modules features that impact the build process...

Take control of your vcpkg dependencies with versioning support--Victor Romero

A new feature.

Take control of your vcpkg dependencies with versioning support

by Victor Romero

From the article:

We have an exciting new feature to announce in vcpkg: the long-awaited and highly requested package versioning! This feature makes it possible to install specific versions of dependencies and control installed versions over time. In order to use this feature, a vcpkg.json manifest file must be present in your repo to declare dependencies. Versioning is not currently available for libraries installed via the command line (i.e. vcpkg install library_name commands). The versioning feature is completely optional – you can choose not to specify library versions, and vcpkg will pick the most appropriate set of compatible versions for your dependencies from its baseline catalog. For now, we are considering this feature experimental. Please give us your feedback and let us know how we can improve...

Why PVS-Studio Uses Data Flow Analysis: Based on Gripping Error in Open Asset Import Library

An essential part of any modern static code analyzer is data flow analysis. However, from an outside perspective, the use of data flow analysis and its benefit is unclear.

Why PVS-Studio Uses Data Flow Analysis: Based on Gripping Error in Open Asset Import Library

by Andrey Karpov

From the article:

It all started with checking the latest version of the Qt 6 library. There was a separate usual article on this, where I'd described 77 errors found. It turned out that at first, I decided to flip through the report, not excluding the third-party libraries' warnings. In other words, I didn't exclude the warnings related to \src\3rdparty in the settings. It so happened that I immediately ran up against a gripping error example in the Open Asset Import Library. So, I decided to write this extra little note about it.

HPX V1.6.0 released -- STE||AR Group

The STE||AR Group has released V1.6.0 of HPX -- A C++ Standard library for parallelism and concurrency.

HPX V1.6.0 Released

The newest version of HPX (V1.6.0) is now available for download! This release continues the focus on C++20 conformance with multiple new algorithms adapted to be C++20 conformant and becoming customization point objects (CPOs). We have added experimental support for HIP, allowing existing CUDA features to now be compiled with hipcc and run on AMD GPUs as well. We have also continued improving the performance of the parallel executors, and added an experimental fork-join executor. The full list of improvements, fixes, and breaking changes can be found in the release notes.

    HPX is a general purpose parallel C++ runtime system for applications of any scale. It implements all of the related facilities as defined by the C++ Standard. As of this writing, HPX provides the only widely available open-source implementation of the new C++17 parallel algorithms. Additionally, HPX implements functionalities proposed as part of the ongoing C++ standardization process, such as large parts of the features related parallelism and concurrency as specified by the upcoming C++20 Standard, the C++ Concurrency TS, Parallelism TS V2, data-parallel algorithms, executors, and many more. It also extends the existing C++ Standard APIs to the distributed case (e.g. compute clusters) and for heterogeneous systems (e.g. GPUs).

    HPX seamlessly enables a new Asynchronous C++ Standard Programming Model that tends to improve the parallel efficiency of our applications and helps reducing complexities usually associated with parallelism and concurrency.


PVS-Studio Roadmap 2021

PVS-Studio can currently analyze programs written in C, C++, C#, and Java. It also supports some C++ language extensions, for example, C++/CLI and C++/CX. In 2021, we do not plan to implement support for new languages, but we plan to expand the analyzer. We want to support several new compilers (C, C++) for micro controllers and some development environments, such as CLion.

PVS-Studio Roadmap 2021

by Andrey Karpov

From the article:

We will continue to support the MISRA C and MISRA C++ coding standards. However, it's time to also support a more modern set of rules described in The AUTSAR C++14 Coding Guidelines. This document is the MISRA C++:2008 standard update, and is also based on leading code standards and research papers prepared by AUTOSAR.