Home » Blog » Categories » Product News

Product News

PVS-Studio 7.11 Release: IAR Arm, Diagnostics, FREE-FREE-FREE-FREE

By Andrey Karpov | Dec 18, 2020 07:18 AM | Tags: static code analysis sast pvs-studio ld-linux iar devsecops arm

This is the press release of the New Year's version of the PVS-Studio 7.11 analyzer. Since the new version includes only a few enhancements, let's take this opportunity to recall the options for free PVS-Studio use.

PVS-Studio 7.11 Release: IAR Arm, Diagnostics, FREE-FREE-FREE-FREE

by Andrey Karpov

From the article:

Support of the IAR Arm compilers is now available in the pvs-studio-analyzer utility. This family of compilers was previously supported only in the CLMonitor.exe utility on Windows. Now users of PVS-Studio for Linux can check the code written for these compilers as well. We added interception of compiler calls via ld-linux to the pvs-studio-analyzer utility.

C and C++ analysers detect cryptography-related security issues -- Alexandre Gigleux

By ganncamp | Dec 14, 2020 02:29 PM | Tags: None

Recent improvements to SonarCloud C++ analysis (coming soon in SonarQube 8.6!) bring new rules related to cryptography.

C and C++ analyzers detect cryptography-related security issues

by Alexandre Gigleux

From the article:

Communications should be encrypted to protect users’s privacy, but when it comes to really implement it, it’s not that easy due to the complexity of the area.

With SonarCloud, you are no longer alone thanks to these 7 new security rules focusing on detecting cryptography-related security issues

C++20 Comparisons in ReSharper C++ 2020.3 -- Igor Akhmetov

By Anastasia Kazakova | Dec 10, 2020 12:11 PM | Tags: c++20

ReSharper C++ 2020.3 brings full support for C++20’s changes to comparison semantics.

C++20 Comparisons in ReSharper C++ 2020.3

by Igor Akhmetov

This blog post briefly goes over the language updates to comparisons in C++20 and takes a look at how ReSharper C++ can help you use the new language features.

The post discusses:

  • The complexity of pre-C++20 comparisons
  • Three-way comparison operator, what is it for
  • Operator rewriting rules
  • Defaulted comparison operators
  • Implicitly generated operator==
  • Creating new operators from usage

CLion 2020.3 release: Improve the way you develop in C++! -- Anastasia Kazakova

By Anastasia Kazakova | Dec 9, 2020 12:05 PM | Tags: None

CLion 2020.3 is released!

CLion 2020.3: Core Dumps Debug and Debug as Root, CTest Support, MISRA Guideline Integration, and a Better Qt Project Experience

by Anastasia Kazakova

CLion 2020.3 brings significant improvements to key parts of the development process – code analysis, running and debugging applications, and unit testing.

  • Run and Debug:
    • Run/Debug with Root privileges
    • Debug core dumps
    • Move the execution point while debugging to an arbitrary line of code in the editor
  • Project models
    • For Makefile: support for projects using libtool, dolt and ccache
    • For CMake: enable/disable CMake Profile
  • Unit testing: CTest support and test runner improvements for Google Test
  • Code analysis and refactorings updates, including initial support for MISRA C 2012 and MISRA C++ 2008 guidelines
  • Better Qt projects support
  • Clang completion snippets
  • An early preview for Code With Me, a new service from JetBrains for collaborative development and pair programming.

The Code Analyzer is wrong. Long live the Analyzer!

By Andrey Karpov | Dec 1, 2020 10:53 AM | Tags: unspecified behavior undefined behavior std::move static code analys pvs-studio code review

Combining many actions in a single C++ expression is a bad practice, as such code is hard to understand, maintain, and it is easy to make mistakes in it. For example, one can instill a bug by reconciling different actions when evaluating function arguments. We agree with the classic recommendation that code should be simple and clear. Now let's look at an interesting case where the PVS-Studio analyzer is technically wrong, but from a practical point of view, the code should still be changed.

The Code Analyzer is wrong. Long live the Analyzer!

by Andrey Karpov

From the article:

As you can see, once upon a time std::make_pair was taking arguments by value. If std::unique_ptr had existed at that time, then the code above would have been indeed incorrect. Whether this code would work or not would be a matter of luck. In practice, of course, this situation would never have occurred, since std::unique_ptr appeared in C++11 as a replacement for std::auto_ptr. Let's go back to our time. Starting with C++11, the constructor started to use move semantics.

Why PVS-Studio Doesn't Offer Automatic Fixes

By Andrey Karpov | Nov 19, 2020 01:13 AM | Tags: static code analysis pvs-studio bugs

Static analyzer PVS-Studio can detect bugs in pretty complex and intricate parts of code, and coming up with appropriate fixes for such bugs may be a tough task even for human developers. That's exactly the reason why we should avoid offering any options for automatic fixing at all. Here are a couple of examples.

Why PVS-Studio Doesn't Offer Automatic Fixes

by Andrey Karpov

From the article:

But it only simplifies the code, not fixes it! Somebody else noticed this and opened a discussion: os_thread_windows.c - get_rel_wait() will block if abstime is in the past. As you can see, even humans make mistakes when trying to come up with a fix. Machines are just hopeless in that respect.

PVS-Studio 7.10 Release: OWASP, AUTOSAR, SARIF

By Andrey Karpov | Nov 11, 2020 10:59 AM | Tags: sarif pvs-studio owasp devsecops autosar

We develop PVS-Studio not only as a classic code analyzer, but also in the direction of Security and Safety. In this regard, we've started working on the support of the OWASP and AUTOSAR C++14 standards. To facilitate PVS-Studio integration into other code quality control tools, we supported analyzer results conversion to the SARIF format.

PVS-Studio 7.10 Release: OWASP, AUTOSAR, SARIF

by Andrey Karpov

From the article:

Utilities for converting PVS-Studio analysis results (PlogConverter.exe for Windows and plog-converter for Linux\macOS) now support conversion to SARIF (Static Analysis Results Interchange Format). SARIF is a universal open format for presenting the results of tools that search for errors, safety and security defects. This format is supported by many static analyzers and allows you to combine various code quality control tools in a single ecosystem.

CLion 2020.3 EAP: Postmortem Debug With a Core File--Anastasia Kazakova

By Adrien Hamelin | Nov 9, 2020 12:39 PM | Tags: community

Are you using it?

CLion 2020.3 EAP: Postmortem Debug With a Core File

by Anastasia Kazakova

From the article:

In the previous 2020.3 EAP build we were focused on giving run/debug configurations and CMake profiles more flexibility in CLion, and at the same time we introduced a bundled tool for collaborative development and pair programming. In this EAP update we are adding one of the most long-awaited features in debugger – postmortem debug with a core file!

C++20 Modules Compiler Code Under Review, Could Still Land For GCC 11--Michael Larabel

By Adrien Hamelin | Nov 9, 2020 12:36 PM | Tags: c++20

Are you waiting for it?

C++20 Modules Compiler Code Under Review, Could Still Land For GCC 11

by Michael Larabel

From the article:

With C++20 one of the major features added is that of modules as a modern alternative to that of conventional C++ header files for packages. The C++20 modules code for the GNU Compiler Collection that has been in the works for several years is now under review and could potentially still land for the GCC 11 release next year...