Product News

Introducing Trunk - A New Meta-Linter for C/C++ (and Dozens of Other Languages) -- David Apirian

Trunk launched its public beta! Trunk combines 30+ linters, static analyzers, and formatters covering dozens of languages to create a one-stop-shop for checking your code.

Trunk Check - Code Quality Solved

by David Apirian

From the article:

Modern repositories include many technologies, each with its own set of linters. With 30+ linters and counting, Trunk makes it dead-simple to identify, install, configure, and run the right linters, static analyzers, and formatters for all your repos. Use the beta for free today.

Itself written in C++, Trunk makes it dead simple to run C++ linters like clang-tidy, adding intelligent caching, easy setup, and a language server for IDE support. Overall, Trunk makes it dead-simple to identify, install, configure, and run the right linters, static analyzers, and formatters for all your repos across multiple languages. Available as a clivscode extension, and github action.

PVS-Studio 7.16, expanding the horizons: MISRA C, Visual Studio 2022, .NET 6

This is the latest release of PVS-Studio in 2021. With it, the PVS-Studio team accomplishes several important goals. Now, PVS-Studio supports Visual Studio 2022 (.NET 6, C# 10.0). We implemented all diagnostics categorized as Mandatory in MISRA C.

PVS-Studio 7.16, expanding the horizons: MISRA C, Visual Studio 2022, .NET 6

by Andrey Karpov

From the article:

PVS-Studio supports 80% of the MISRA C standard for safety and security. The tool fully covers the warnings categorized as Mandatory and most of the warnings from the Required category.

ReSharper C++ 2021.3 release helps upgrade your code to modern C++ -- Elvira Mustafina

ReSharper C++ 2021.3 is now available!

ReSharper C++ 2021.3: Support for Visual Studio 2022, Unreal Engine File Templates, New C++20 and C Features

by Elvira Mustafina

From the article:

Check out the highlights and read the post for more details.

  • Support for Visual Studio 2022. You will enjoy the same rich feature set as in other Visual Studio versions, but since Visual Studio 2022 is an x64 process, all ReSharper C++ features work faster.
  • New C++20 features: auto-completion of designated initializers for aggregate initialization and modernizing inspections to help you adopt new library functions.
  • File templates for Unreal Engine classes.
  • Improved C support: C11 _Generic expressions and the typeof GNU extension.
  • Navigation in goto statements and inactive code.
  • Evaluation results for constant expressions in the Quick Info tooltip.
  • Change Signature lets you control the C++17 [[nodiscard]] attribute.
  • New inspections with quick-fixes, and an update for Clang-Tidy with new checks from Clang 13.

SonarLint now supports Visual Studio 2022 for your C and C++ projects -- Marco Comi

The latest release of SonarLint supports Visual Studio 2022 and enables users to detect and fix coding issues in their C and C++ code. Enjoy the best-in-class capabilities of Visual Studio and SonarLint for your modern code development. SonarLint is a free static analysis extension and directly installable for VS 2022 from the Marketplace.

SonarLint for Visual Studio: v5.0

By Marco Comi

From the article:

The new Visual Studio version brings many new features and improvements. Starting from version 5.0 of SonarLint you are able to use our plugin in Visual Studio 2022 for all the languages we already support. The VS Marketplace page for the new version is here.

 

 

Introducing CLion 2021.3 -- Anastasia Kazakova

CLion 2021.3 has become an even easier-to-use, more customizable, and more comprehensive IDE for unleashing the power of C and C++.

CLion 2021.3: New Remote Development, Better Data Views in Debugger, Docker Toolchain, Custom Compiler, Type Hints, and More

by Anastasia Kazakova

From the article:

CLion 2021.3 release is here! Check out the highlights and read the post for more details.

  • New remote development mode (headless remote machine and thin local client)
  • Debugger:
    • Better data views in debugger
    • RTOS thread views
  • Toolchain updates
    • Docker toolchain
    • Custom compiler
    • Environment script
    • Windows-specific enhancements
    • Ninja as the default CMake generator
  • Type hints in the editor
  • More powerful and accurate code analysis

Improved Null Pointer Dereference Detection in Visual Studio 2022 version 17.0...--Gabor Horvath

Give it a try!

Improved Null Pointer Dereference Detection in Visual Studio 2022 version 17.0 Preview 4

by Gabor Horvath

From the article:

The C++ static analysis team is committed to making your C++ coding experience as safe as possible. We are adding richer code safety checks and addressing high impact customer feedback bugs posted on the C++ Developer Community page. Thank you for engaging with us and giving us great feedback on the past releases and early previews leading to this point. Below is the detailed overview of a new experimental code analysis check that can detect null pointer dereference errors, along with a comparison to an existing check that has the same purpose...

PVS-Studio 7.15: MISRA, CWE, OWASP, Unreal Engine

We are actively developing the PVS-Studio static analysis tool towards detecting Safety and Security-related errors. To be more precise, we've expanded the coverage of the MISRA C:2012 and OWASP ASVS standards. We have supported the MISRA Compliance 2020 standard. One of the more extraordinary innovations is the Best Warnings display mode.

PVS-Studio 7.15: MISRA, CWE, OWASP, Unreal Engine

by Andrey Karpov

From the article:

We have introduced a new feature for the PVS-Studio plugin for Visual Studio. Now you can display the Best Warnings the analyzer issued for a project. In other words, these are the analyzer's most valuable warnings. They demonstrate the analyzer's capabilities for someone, who is just starting out with the analyzer. We call this feature Analyzer Best Warnings. PVS-Studio has always been grouping analyzer warnings by 3 certainty levels. We've been traditionally using these levels to prioritize showing the analysis results — all best warnings should be first-level warnings. For the new version of our analyzer, we have developed a more accurate mechanism to evaluate warnings. Now the mechanism uses many extra criteria in addition to levels — both static (the average diagnostic "value") and dynamic. The dynamic criteria are based on warnings the analyzer issues for a specific code base (for example, detection frequency).

Detecting errors in the LLVM release 13.0.0

Commercial static analyzers perform deeper and fuller code analysis compared to compilers. Let's see what PVS-Studio found in the source code of the LLVM 13.0.0 project.

Detecting errors in the LLVM release 13.0.0

by Andrey Karpov

From the article:

It makes no sense to write different values one by one to the same variable. This is exactly what the analyzer warns us about. The code author made a typo, forgetting to add '|'. This code should create one 64-bit value from two 32-bit values. The correct code looks as follows: ....

Supercharge Your C++ analysis with SonarLint for CLion

SonarSource recently released the SonarLint plug-in for CLion - this article looks at some of the interesting rules (checks) this gives you, and how each tool enhances the other.

Supercharge your C++ analysis with SonarLint for CLion

by Phil Nash and Geoffray Adde

From the article:

In this post, we want to demonstrate the powerful capabilities of the C++ analyzer with SonarLint (a free, in-IDE static analysis plugin) and highlight some unique and interesting rules that you might find useful. Through that lens, we want to show how you can leverage them to elevate your CLion’s inbuilt static analysis capabilities.

CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?

For the first time PVS-Studio provided support for the CWE classification in the 6.21 release. It took place on January 15, 2018. Years have passed since then and we would like to tell you about the improvements related to the support of this classification in the latest analyzer version.

CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?

by Mikhail Gelvih

From the article:

We have been using the CWE classification for PVS-Studio diagnostics for more than three years. Their number increases every year. In 2018, we covered only 94 points on the CWE list. Now it's almost 130. However, this article isn't about the total number of diagnostics. Let's talk about those that are included in the list of the most dangerous diagnostics in 2021. If you want to read the full list, you can get it in the "CWE compliance" section of our documentation.