Product News

PVS-Studio and RPCS3: the best warnings in one click

Best Warnings — the analyzer's mode that displays 10 most interesting warnings in the output window. We invite you to take a look at the updated Best Warnings mode on the example of the RPCS3 project check.

PVS-Studio and RPCS3: the best warnings in one click

by Alexander Kurenev

From the article:

Best Warnings is a special mechanism for the first acquaintance with the PVS-Studio static analyzer. The full analyzer's log can contain thousands of warnings. Therefore, if you want to evaluate the work of the analyzer and not waste time and effort on viewing a large report that was issued by a not yet configured analyzer, use the Best Warnings mechanism. Open the analyzer's log in the PVS-Studio plugin for Visual Studio and enable Best Warnings.

FOSSA is announcing the GA of a security and license scanning capability for C and C++ projects

FOSSA was founded to provide the most relevant and real-time end-to-end governance for all third-party code. They now announce the general availability of C and C++ Security and License Scanning

Announcing the GA of C and C++ Security and License Scanning
By Gauthami Polasani

From the article:

Unlike other C/C++ scanning tools, FOSSA does not take a one-solution-fits-all approach to dependency identification in such a complex and layered ecosystem. FOSSA uses multi-pronged strategies (as described below) to accurately identify dependencies and surface security and license risks — regardless of how the code is included.).

Examples of errors that PVS-Studio found in LLVM 15.0

Compilers are evolving: they issue more and more warnings. Do developers still need to use static code analyzers like PVS-Studio? Yes, because analyzers are evolving too. In this article you'll see how PVS-Studio can find bugs even in a compiler.

Examples of errors that PVS-Studio found in LLVM 15.0

by Andrey Karpov

From the article:

It's a cool bug, although it's not scary. There is no semicolon after the return statement. As a result, the code does not work as it looks.

void FunctionLoweringInfo::ComputePHILiveOutRegInfo(const PHINode *PN) {
  ....
  Register DestReg = It->second;
  if (DestReg == 0)
    return
  assert(Register::isVirtualRegister(DestReg) &&
         "Expected a virtual reg");
  LiveOutRegInfo.grow(DestReg);
  ....
}

Improving copy and move elision - Bran Hagger

improving-copy-and-move-elision.pngFrom the MSVC team blog:

Improving copy and move elision

by Bran Hagger

From the article:

With Visual Studio 2022 version 17.4 Preview 3, we’ve significantly increased the number of situations where we do copy or move elision and given users more control over whether these transformations are enabled. ...

PVS-Studio 7.21: GitLab Code Quality, Unreal Engine

PVS-Studio 7.21 has been released. This short note describes the analyzer's main enhancements and lists our recent articles and quizzes.

PVS-Studio 7.21: GitLab Code Quality, Unreal Engine

by Sergey Vasiliev

From the article:

New C++ diagnostics:

  • V1090. The 'std::uncaught_exception' function is deprecated since C++17 and is removed in C++20. Consider replacing this function with 'std::uncaught_exceptions'.
  • V1091. The pointer is cast to an integer type of a larger size. Casting pointer to a type of a larger size is an implementation-defined behavior.
  • V1092. Recursive function call during the static/thread_local variable initialization might occur. This may lead to undefined behavior.

Enhance application security with FORTIFY_SOURCE -- Siddharth Sharma

Improving safety and security in GCC:

Enhance application security with FORTIFY_SOURCE

by Siddharth Sharma

From the article:

The FORTIFY_SOURCE macro provides lightweight support for detecting buffer overflows in various functions that perform operations on memory and strings. Not all types of buffer overflows can be detected with this macro, but it does provide an extra level of validation for some functions that are potentially a source of buffer overflow flaws. It protects both C and C++ code. ...

PVS-Studio 7.20: Unreal Engine, SAST, SCA

The bug related to Unreal Engine's inability to find PVS-Studio by the default path is finally fixed. Starting from Unreal Engine 5.0.3. you you can analyze projects without any workarounds. We've also enhanced the analysis of UE projects: you'll see more true warnings and fewer false ones.

PVS-Studio 7.20: Unreal Engine, SAST, SCA

by Sergey Vasiliev

From the article:

New diagnostics for C, C++:

  • V1086. Call of the 'Foo' function will lead to buffer underflow.
  • V1087. Upper bound of case range is less than its lower bound. This case may be unreachable.
  • V1088. No objects are passed to the 'std::scoped_lock' constructor. No locking will be performed. This can cause concurrency issues.
  • V1089. Waiting on condition variable without predicate. A thread can wait indefinitely or experience a spurious wake up.