Supercharge Your C++ analysis with SonarLint for CLion

By philsquared | Oct 4, 2021 11:04 AM | Tags: None

SonarSource recently released the SonarLint plug-in for CLion - this article looks at some of the interesting rules (checks) this gives you, and how each tool enhances the other.

Supercharge your C++ analysis with SonarLint for CLion

by Phil Nash and Geoffray Adde

From the article:

In this post, we want to demonstrate the powerful capabilities of the C++ analyzer with SonarLint (a free, in-IDE static analysis plugin) and highlight some unique and interesting rules that you might find useful. Through that lens, we want to show how you can leverage them to elevate your CLion’s inbuilt static analysis capabilities.

CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?

By Andrey Karpov | Sep 29, 2021 01:23 PM | Tags: static analysis sast pvs-studio devtool cwetop25 cwe cvss common weakness enumeration

For the first time PVS-Studio provided support for the CWE classification in the 6.21 release. It took place on January 15, 2018. Years have passed since then and we would like to tell you about the improvements related to the support of this classification in the latest analyzer version.

CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?

by Mikhail Gelvih

From the article:

We have been using the CWE classification for PVS-Studio diagnostics for more than three years. Their number increases every year. In 2018, we covered only 94 points on the CWE list. Now it's almost 130. However, this article isn't about the total number of diagnostics. Let's talk about those that are included in the list of the most dangerous diagnostics in 2021. If you want to read the full list, you can get it in the "CWE compliance" section of our documentation.

Why do you need the MISRA Compliance report and how to generate one in PVS-Studio?

By Andrey Karpov | Sep 6, 2021 12:42 AM | Tags: sast misra compliance misra c++ misra c misra embedded devsecops

If you are strongly interested in MISRA and would like to understand whether your project meets one of the MISRA association's standards, there is a solution. It's name is MISRA Compliance.

Why do you need the MISRA Compliance report and how to generate one in PVS-Studio?

by Nikolay Mironov

From the article:

To make this simpler, let's take rule 1.1 that has the standard value of the category equal to Required. If you look at the table, you can see that acceptable compliance values for Required are Compliance or Deviations (I'll talk more about the meaning of these statuses later). This means that if your project complies with rule 1.1, or if it complies with this rule with some deviations - everything is fine and you can go to the next rule. If you get at least one hit in Violations or Disapplied, then the project does not comply with MISRA C 2012. If all rules have acceptable values only, congratulations! Your project complies with the MISRA C 2012 standard. If you have a hit in the red zone (the table above), you do not comply with the standard.

ReSharper C++ 2021.2 brings type conversion hints, immutability inspections, ... -- Elvira Mustafina

By Anastasia Kazakova | Aug 19, 2021 10:19 AM | Tags: None

ReSharper C++ 2021.2 is released!

ReSharper C++ 2021.2: Type Conversion Hints, Immutability Inspections, Inline Function

by Elvira Mustafina

From the article:

ReSharper C++ 2021.2 is now available for download! It brings new inlay hints to help you spot implicit type conversions, the Inline Function refactoring, and updates to Unreal Engine support. New modernizing inspections assist you with updating your code to modern C++, and improved immutability analyses keep your code more readable and correct.

• New inlay hints that show implicit type conversions.
• Inline Function refactoring.
• Immutability inspections (and now Constants and immutability section of the C++ Core Guidelines is fully covered!).
• More inspections to help you modernize your code.
• Support for Unreal Engine 5 and other enhancements for game developers on UE.
• cppreference.com links in the Quick Documentation pop-ups.
• The bundled Clang-Tidy has been updated to Clang 12, adding new checks from the latest LLVM release.

PVS-Studio 7.14: CLion, intermodular analysis, MISRA

By Andrey Karpov | Aug 17, 2021 02:06 AM | Tags: sast pvs-studio misra jetbrains clion intermodular analysis clion autosar

The PVS-Studio team is increasing the number of diagnostics with each new release. Besides, we are improving the analyzer's infrastructure. This time we added the plugin for JetBrains CLion. Moreover, we introduced intermodular analysis of C++ projects and speeded up the C# analyzer core.

PVS-Studio 7.14: intermodular analysis in C++ and plugin for JetBrains CLion

by Andrey Karpov

From the article:

As the list below shows, most of the diagnostics that we currently implement are based on the MISRA C standard. We focused on the MISRA C support, and now PVS-Studio covers 60% of the standard. Soon, we plan to cover at least 80%. We also want to introduce the support of coding standards from the MISRA C Compliance.

Boost Version 1.77.0 released

By Adrien Hamelin | Aug 16, 2021 11:30 AM | Tags: community

Are you going to update?

Boost Version 1.77.0 released

From the release:

New Libraries
A C++14 reflection library, from Peter Dimov. Provides macros for describing enumerators and struct/class members, and primitives for querying this information.
Lambda2:
A C++14, dependency-free, single header lambda library, from Peter Dimov. Allows simple function objects to be constructed via expressions such as _1 + 5, _1 % 2 == 0, _1 > _2, or _1 == ' ' || _1 == '\t'...

HPX V1.7.1 released -- STE||AR Group

By Hartmut Kaiser | Aug 13, 2021 08:49 AM | Tags: performance parallelism heterogeneous computing distributed computing concurrency c++20 c++17 c++14 c++11

The STE||AR Group has released V1.7.1 of HPX -- A C++ Standard library for parallelism and concurrency.

HPX V1.7.1 Released

The newest version of HPX (V1.7.1) is now available for download! This release fixes minor problems found after the version 1.7.0. It fixes a bug in the internals of actions, adds a version check to the new Asio dependency, and slightly improves the performance of spinlocks among other minor changes. Importantly, the experimental hpx::execution::simdpar execution policy introduced in 1.7.0 was renamed to hpx::execution::par_simd for consistency with the standard parallel execution policies. While this is a breaking change in a patch release, we felt it was important to make this adaptation as soon as possible. The full list of improvements, fixes, and breaking changes can be found in the release notes.

    HPX is a general purpose parallel C++ runtime system for applications of any scale. It implements all of the related facilities as defined by the C++ Standard. As of this writing, HPX provides one of the only widely available open-source implementation of the new C++17 parallel algorithms. Additionally, HPX implements functionalities proposed as part of the ongoing C++ standardization process, such as large parts of the features related parallelism and concurrency as specified by the upcoming C++20 Standard, the C++ Concurrency TS, Parallelism TS V2, data-parallel algorithms, executors, senders/receivers and many more. It also extends the existing C++ Standard APIs to the distributed case (e.g. compute clusters) and for heterogeneous systems (e.g. GPUs).

    HPX seamlessly enables a new Asynchronous C++ Standard Programming Model that tends to improve the parallel efficiency of our applications and helps reducing complexities usually associated with parallelism and concurrency.

PVS-Studio for JetBrains CLion: ad astra per aspera

By Andrey Karpov | Aug 11, 2021 01:29 AM | Tags: static code analysis sast pvs-studio plugin jetbrains devtool clion bugs

The PVS-Studio analyzer already has plugins for such IDEs from JetBrains as Rider, IntelliJ IDEA and Android Studio. Somehow we missed another IDE - CLion. The time has come to make amends!

PVS-Studio for JetBrains CLion: ad astra per aspera

by Evgeniy Ovsyannikov, Sergey Vasiliev

From the article:

Here's an answer to the question that we are discussing - PVS-Studio and CLion collaboration will let us detect more errors at the writing code stage. CLion highlights the errors on the fly, but at the same time is limited in the analysis capabilities. PVS-Studio doesn't highlight errors immediately, but it can perform deeper analysis. Note that PVS-Studio has an incremental analysis – the mode that checks only the changed files.

Intermodular analysis of C++ projects in PVS-Studio

By Andrey Karpov | Aug 10, 2021 02:17 AM | Tags: pvs-studio intermodular analysis data flow code analysis

Recently PVS-Studio has implemented a major feature—we supported intermodular analysis of C++ projects. This article covers our and other tools' implementations. You'll also find out how to try this feature and what we managed to detect using it.

Intermodular analysis of C++ projects in PVS-Studio

by Oleg Lisiy, Sergey Larin

From the article:

We can't apply the approach above to the PVS-Studio tool. Our analyzer's main difference from compilers is that it doesn't form intermediate representation that is abstracted from the language context. Therefore, to read a symbol from another module, the tool has to translate it again and represent a program as in-memory data structures (parse tree, control flow graph, etc). Data flow analysis may also require parsing the entire dependency graph by symbols in different modules. Such a task may take a long time. So, we collect information about symbols (in particular in data flow analysis) using semantic analysis. We need to somehow save this data separately beforehand. Such information is a set of facts for a particular symbol. We developed the below approach based on this idea.

Integrating PVS-Studio into uVision Keil

By Andrey Karpov | Aug 3, 2021 07:43 AM | Tags: uvision static analyzer sast pvs-studio null pointer dereference keil embedded devops bugs

I've been using this scenario until one day I spent 3 days debugging a very unpleasant bug. The bug kept savagely appearing from time to time. It turned out to be a banal null pointer dereference. I quickly realized that PVS-Studio detects this bug. That was the final nail in the coffin of my patience! – and started integrating PVS-Studio into Keil.

Integrating PVS-Studio into uVision Keil

by Amomum

From the article:

Keil provides a weird feature – creating a project batch file. I still don't know the purpose of this feature. This batch file contains all the necessary information for PVS-Studio, and it's enabled with a single check mark! Unfortunately, this check mark also breaks the incremental build. That is, any compilation becomes a complete recompilation. It affects the build time, so, unfortunately, it's not an option for us.