devops

PVS-Studio 7.13: Blame Notifier, MISRA

The list of diagnostics supported by MISRA and AUTOSAR continues to grow. We've expanded the Blame Notifier utility's capabilities. The analysis of Ninja projects on Windows has been enhanced and now involves the JSON Compilation Database.

PVS-Studio 7.13

by Andrey Karpov

From the article:

  • The C++ analyzer provides enhanced support of Ninja projects on Windows using JSON Compilation Database (compile_commands.json).
  • The C++ PVS-Studio analyzer spends 10% less time checking source files with the use of the Clang compiler.
  • To check C++ and C# Visual Studio PVS-Studio_Cmd.exe projects, you can pass the suppression file directly. Before this, you could add suppressed warnings only at the projects and solution level.

How to speed up building ang analyzing of your project with IncrediBuild?

"How much longer are you going to build it?" - a phrase that every developer has uttered at least once in the middle of the night. Yes, a build can be long and there is no escaping it. One does not simply redistribute the whole thing among 100+ cores, instead of some pathetic 8-12 ones. Or is it possible?

How to speed up building ang analyzing of your project with IncrediBuild?

by Maxim Zvyagintsev

From the article:

At the same time, the build completed successfully, but something really bad happened now. I had to dig into the logs, or rather, the compilation dump. That's where I found the problem. The point was that these macros are declared in the local precompiled header, whereas we only want to preprocess the file. However, the include header that was used to generate the precompiled header is different from the one that is included to the source file! The file that is used to generate the precompiled header is a 'wrapper' around the original header included into the source, and this wrapper contains all of the required macros.

PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents

Static code analysis is most effective when changing a project, as errors are always more difficult to fix in the future than at an early stage. We continue expanding the options for using PVS-Studio in continuous development systems. This time, we'll show you how to configure pull request analysis using self-hosted agents in Microsoft Azure DevOps, using the example of the Minetest game.

PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents

by Alexey Govorov

From the article:

The result is a build system based on MSBuild for C++, with Chocolatey for installing PVS-Studio, CMake, and Git. Vcpkg is built for convenient management of the libraries that the project depends on. Also, we have to download the latest version of the Azure Pipelines Agent. To initialize the agent from the ENTRYPOINT Docker file, the PowerShell script 'entrypoint.ps1' is called, to which you need to add the URL of the project's "organization", the token of the agent pool, and the PVS-Studio license parameters....


 

 

PVS-Studio 7.07: Features Overview

The purpose of this article is to give a general overview of the features of the PVS-Studio static analyzer.

PVS-Studio 7.07: Features Overview

by Ekaterina Nikiforova

From the article:

The next command I'd like to talk about is called "Display CWE Codes in Output Window". PVS-Studio is a static application security testing (SAST) tool, which means its warnings can be classified according to the Common Weakness Enumeration (CWE).
 

PVS-Studio 7.04

PVS-Studio is a tool designed to detect errors and potential vulnerabilities in the source code of programs, written in C, C++, C#, Java. It works in Windows, Linux, and macOS environment.

PVS-Studio 7.04

by Svyatoslav Razmyslov

From the article:

When working on a task developers take code from so many various places. A popular source of Copy-Paste code is the Stackoverflow website and similar ones. There are cases when a developer takes the code from an open source project and doesn't check license requirements. Thus, a closed source project may accidentally get a few files from an open source project with a Copyleft license, which obliges to make the entire project code open source. In companies with a large number of employees, it's difficult to keep track of this, whereas such actions might cause adverse risks and problems. So, PVS-Studio now has a diagnostic, which will help to find such files. It relates to all supported languages (C, C++, C#, Java). The diagnostic is looking for the following "virus" licenses: AGPL-3.0, GPL-2.0, GPL-3.0, LGPL-3.0.

Getting Started with the PVS-Studio Static Analyzer for C++ Development under Linux

There are different ways to install PVS-Studio under Linux, depending on your distro type. The most convenient and preferred method is to use the repository, since it allows auto-updating the analyzer upon releasing new versions.

Getting Started with the PVS-Studio Static Analyzer for C++ Development under Linux

by Yuri Minaev

From the article:

Besides strace, you can base the analysis on the compile_commands.json (JSON Compilation Database) file. Many build systems have built-in means of exporting compilation commands, or you could use the BEAR utility to do this. Here's the command to launch the analysis in this case: pvs-studio-analyzer analyze –f /path/to/compile_commands.json

 

PVS-Studio: Support of MISRA C and MISRA C++ Coding Standards

Starting with the version 6.27, the PVS-Studio static code analyzer can classify its warnings according to MISRA C and MISRA C++ standards. Due to support of these standards it has become possible to effectively use the analyzer to increase the level of security, portability and reliability of programs for embedded systems.

PVS-Studio: Support of MISRA C and MISRA C++ Coding Standards

by Andrey Karpov

From the article:

Such diagnosis can't be applied to already existing projects developed for Windows, Linux or macOS operating systems. For example, only one rule about curly brackets described above gives 1947 warnings of the V2507 diagnostic (MISRA C 15.6, MISRA C++ 6-4-1) for a WinMerge project. Still WinMerge is a small project! In total, only 250 000 lines of code in C and C# languages.

PVS-Studio 6.26 Released

This new release included many interesting improvements related to analysis of C and C++ code, about which we'd like to tell our users.

PVS-Studio 6.26 Released

by Andrey Karpov

From the article:

A developer believes that this is a bug in the compiler. Nevertheless, it is the author of the code who is wrong. The function does not work correctly due to the fact that undefined behavior occurs in it. The compiler follows that in the r variable a certain sum is calculated. Overflow of the r variable must not happen. Otherwise, it is undefined behavior, which doesn't have to be considered or taken into account by a compiler. So, the compiler thinks that since the value of r variable after ending the loop cannot be negative, then r & 0x7fffffff operation is not needed to reset the sigh bit and the compiler just returns the value of r variable from the function.

 

PVS-Studio 6.24 released

A new release of the PVS-Studio static code analyzer became available to download. This tool is designed to detect errors and potential vulnerabilities in the source code of programs, written in C, C++, and C#.

PVS-Studio 6.24 released

by Andrey Karpov

From the article:

Support for Texas Instruments Code Composer Studio, ARM compiler was added under Windows\Linux. 8 new diagnostics were introduced to detect errors in C and C++ code. In addition to the development of new diagnostics, we continue improving Data-Flow analysis that enables old diagnostics find more bugs. Thanks to these improvements, the analyzer finds more interesting errors, like the one we described in the article "February 31". Download and try PVS-Studio.

Static Code Analyzer PVS-Studio 6.22 Now Supports ARM Compilers (Keil, IAR)

Now our articles have every chance to become even more interesting because PVS-Studio can now check the code of embedded devices. We have added support for a few ARM compilers, which I talk about in detail below.

Static Code Analyzer PVS-Studio 6.22 Now Supports ARM Compilers (Keil, IAR)

by Andrey Karpov

From the article:

I find the RT-Thread operating system a perfect candidate to be the first embedded system checked with PVS-Studio. I glanced through the analysis report by PVS-Studio and picked 95 warnings that I thought to be the most interesting ones. Too see all those messages for yourself, download the rt-thread-html-log.zip archive with the full HTML report. We introduced this format not so long ago, and some users may not know about it. So, I'd like to use this opportunity to explain it once again.