Home » Blog » Categories » Product News

Product News

PVS-Studio: Top 10 bugs found in C++ projects in 2021

By Andrey Karpov | Dec 22, 2021 02:33 AM | Tags: sta pvs-studio open source bugs

It's freezing outside, everyone has already decorated the Christmas tree and bought tangerines. New Year is coming! So, it's time to meet the Top 10 interesting bugs found by the PVS-Studio C++ analyzer in 2021.

Top 10 bugs found in C++ projects in 2021

by Vladislav Stolyarov

From the article:

Let's talk about... HTML! PVS-Studio provides diagnostics that don't just check code – they also look for abnormalities in string literals. The code above triggered one of these diagnostics. Such cases are quite rare. That's why, this one is so intriguing. Someone intended to create one list but added two tags that open this list instead of one. This is clearly a typo. The first tag must open the list, and the second one must close it.

Introducing Trunk - A New Meta-Linter for C/C++ (and Dozens of Other Languages) -- David Apirian

By dapirian | Dec 13, 2021 12:43 PM | Tags: None

Trunk launched its public beta! Trunk combines 30+ linters, static analyzers, and formatters covering dozens of languages to create a one-stop-shop for checking your code.

Trunk Check - Code Quality Solved

by David Apirian

From the article:

Modern repositories include many technologies, each with its own set of linters. With 30+ linters and counting, Trunk makes it dead-simple to identify, install, configure, and run the right linters, static analyzers, and formatters for all your repos. Use the beta for free today.

Itself written in C++, Trunk makes it dead simple to run C++ linters like clang-tidy, adding intelligent caching, easy setup, and a language server for IDE support. Overall, Trunk makes it dead-simple to identify, install, configure, and run the right linters, static analyzers, and formatters for all your repos across multiple languages. Available as a clivscode extension, and github action.

PVS-Studio 7.16, expanding the horizons: MISRA C, Visual Studio 2022, .NET 6

By Andrey Karpov | Dec 10, 2021 02:39 AM | Tags: vs2022 visual studio 2022 sast pvs-studio misra c misra

This is the latest release of PVS-Studio in 2021. With it, the PVS-Studio team accomplishes several important goals. Now, PVS-Studio supports Visual Studio 2022 (.NET 6, C# 10.0). We implemented all diagnostics categorized as Mandatory in MISRA C.

PVS-Studio 7.16, expanding the horizons: MISRA C, Visual Studio 2022, .NET 6

by Andrey Karpov

From the article:

PVS-Studio supports 80% of the MISRA C standard for safety and security. The tool fully covers the warnings categorized as Mandatory and most of the warnings from the Required category.

ReSharper C++ 2021.3 release helps upgrade your code to modern C++ -- Elvira Mustafina

By Anastasia Kazakova | Dec 8, 2021 10:52 AM | Tags: None

ReSharper C++ 2021.3 is now available!

ReSharper C++ 2021.3: Support for Visual Studio 2022, Unreal Engine File Templates, New C++20 and C Features

by Elvira Mustafina

From the article:

Check out the highlights and read the post for more details.

  • Support for Visual Studio 2022. You will enjoy the same rich feature set as in other Visual Studio versions, but since Visual Studio 2022 is an x64 process, all ReSharper C++ features work faster.
  • New C++20 features: auto-completion of designated initializers for aggregate initialization and modernizing inspections to help you adopt new library functions.
  • File templates for Unreal Engine classes.
  • Improved C support: C11 _Generic expressions and the typeof GNU extension.
  • Navigation in goto statements and inactive code.
  • Evaluation results for constant expressions in the Quick Info tooltip.
  • Change Signature lets you control the C++17 [[nodiscard]] attribute.
  • New inspections with quick-fixes, and an update for Clang-Tidy with new checks from Clang 13.

SonarLint now supports Visual Studio 2022 for your C and C++ projects -- Marco Comi

By Kirti Joshi | Dec 2, 2021 01:51 PM | Tags: None

The latest release of SonarLint supports Visual Studio 2022 and enables users to detect and fix coding issues in their C and C++ code. Enjoy the best-in-class capabilities of Visual Studio and SonarLint for your modern code development. SonarLint is a free static analysis extension and directly installable for VS 2022 from the Marketplace.

SonarLint for Visual Studio: v5.0

By Marco Comi

From the article:

The new Visual Studio version brings many new features and improvements. Starting from version 5.0 of SonarLint you are able to use our plugin in Visual Studio 2022 for all the languages we already support. The VS Marketplace page for the new version is here.

 

 

Introducing CLion 2021.3 -- Anastasia Kazakova

By Anastasia Kazakova | Dec 1, 2021 11:08 AM | Tags: None

CLion 2021.3 has become an even easier-to-use, more customizable, and more comprehensive IDE for unleashing the power of C and C++.

CLion 2021.3: New Remote Development, Better Data Views in Debugger, Docker Toolchain, Custom Compiler, Type Hints, and More

by Anastasia Kazakova

From the article:

CLion 2021.3 release is here! Check out the highlights and read the post for more details.

  • New remote development mode (headless remote machine and thin local client)
  • Debugger:
    • Better data views in debugger
    • RTOS thread views
  • Toolchain updates
    • Docker toolchain
    • Custom compiler
    • Environment script
    • Windows-specific enhancements
    • Ninja as the default CMake generator
  • Type hints in the editor
  • More powerful and accurate code analysis

Improved Null Pointer Dereference Detection in Visual Studio 2022 version 17.0...--Gabor Horvath

By Adrien Hamelin | Oct 11, 2021 12:47 PM | Tags: community

Give it a try!

Improved Null Pointer Dereference Detection in Visual Studio 2022 version 17.0 Preview 4

by Gabor Horvath

From the article:

The C++ static analysis team is committed to making your C++ coding experience as safe as possible. We are adding richer code safety checks and addressing high impact customer feedback bugs posted on the C++ Developer Community page. Thank you for engaging with us and giving us great feedback on the past releases and early previews leading to this point. Below is the detailed overview of a new experimental code analysis check that can detect null pointer dereference errors, along with a comparison to an existing check that has the same purpose...

PVS-Studio 7.15: MISRA, CWE, OWASP, Unreal Engine

By Andrey Karpov | Oct 11, 2021 01:08 AM | Tags: static code analysis static analysis tool misra compliance misra c misra cwe top 25 cwe

We are actively developing the PVS-Studio static analysis tool towards detecting Safety and Security-related errors. To be more precise, we've expanded the coverage of the MISRA C:2012 and OWASP ASVS standards. We have supported the MISRA Compliance 2020 standard. One of the more extraordinary innovations is the Best Warnings display mode.

PVS-Studio 7.15: MISRA, CWE, OWASP, Unreal Engine

by Andrey Karpov

From the article:

We have introduced a new feature for the PVS-Studio plugin for Visual Studio. Now you can display the Best Warnings the analyzer issued for a project. In other words, these are the analyzer's most valuable warnings. They demonstrate the analyzer's capabilities for someone, who is just starting out with the analyzer. We call this feature Analyzer Best Warnings. PVS-Studio has always been grouping analyzer warnings by 3 certainty levels. We've been traditionally using these levels to prioritize showing the analysis results — all best warnings should be first-level warnings. For the new version of our analyzer, we have developed a more accurate mechanism to evaluate warnings. Now the mechanism uses many extra criteria in addition to levels — both static (the average diagnostic "value") and dynamic. The dynamic criteria are based on warnings the analyzer issues for a specific code base (for example, detection frequency).

Detecting errors in the LLVM release 13.0.0

By Andrey Karpov | Oct 8, 2021 12:30 PM | Tags: typos static code analyzer pvs-studio llvm 13 llvm code analysis

Commercial static analyzers perform deeper and fuller code analysis compared to compilers. Let's see what PVS-Studio found in the source code of the LLVM 13.0.0 project.

Detecting errors in the LLVM release 13.0.0

by Andrey Karpov

From the article:

It makes no sense to write different values one by one to the same variable. This is exactly what the analyzer warns us about. The code author made a typo, forgetting to add '|'. This code should create one 64-bit value from two 32-bit values. The correct code looks as follows: ....

Supercharge Your C++ analysis with SonarLint for CLion

By philsquared | Oct 4, 2021 11:04 AM | Tags: None

SonarSource recently released the SonarLint plug-in for CLion - this article looks at some of the interesting rules (checks) this gives you, and how each tool enhances the other.

Supercharge your C++ analysis with SonarLint for CLion

by Phil Nash and Geoffray Adde

From the article:

In this post, we want to demonstrate the powerful capabilities of the C++ analyzer with SonarLint (a free, in-IDE static analysis plugin) and highlight some unique and interesting rules that you might find useful. Through that lens, we want to show how you can leverage them to elevate your CLion’s inbuilt static analysis capabilities.