devops

PVS-Studio: Support of MISRA C and MISRA C++ Coding Standards

Starting with the version 6.27, the PVS-Studio static code analyzer can classify its warnings according to MISRA C and MISRA C++ standards. Due to support of these standards it has become possible to effectively use the analyzer to increase the level of security, portability and reliability of programs for embedded systems.

PVS-Studio: Support of MISRA C and MISRA C++ Coding Standards

by Andrey Karpov

From the article:

Such diagnosis can't be applied to already existing projects developed for Windows, Linux or macOS operating systems. For example, only one rule about curly brackets described above gives 1947 warnings of the V2507 diagnostic (MISRA C 15.6, MISRA C++ 6-4-1) for a WinMerge project. Still WinMerge is a small project! In total, only 250 000 lines of code in C and C# languages.

PVS-Studio 6.26 Released

This new release included many interesting improvements related to analysis of C and C++ code, about which we'd like to tell our users.

PVS-Studio 6.26 Released

by Andrey Karpov

From the article:

A developer believes that this is a bug in the compiler. Nevertheless, it is the author of the code who is wrong. The function does not work correctly due to the fact that undefined behavior occurs in it. The compiler follows that in the r variable a certain sum is calculated. Overflow of the r variable must not happen. Otherwise, it is undefined behavior, which doesn't have to be considered or taken into account by a compiler. So, the compiler thinks that since the value of r variable after ending the loop cannot be negative, then r & 0x7fffffff operation is not needed to reset the sigh bit and the compiler just returns the value of r variable from the function.

 

PVS-Studio 6.24 released

A new release of the PVS-Studio static code analyzer became available to download. This tool is designed to detect errors and potential vulnerabilities in the source code of programs, written in C, C++, and C#.

PVS-Studio 6.24 released

by Andrey Karpov

From the article:

Support for Texas Instruments Code Composer Studio, ARM compiler was added under Windows\Linux. 8 new diagnostics were introduced to detect errors in C and C++ code. In addition to the development of new diagnostics, we continue improving Data-Flow analysis that enables old diagnostics find more bugs. Thanks to these improvements, the analyzer finds more interesting errors, like the one we described in the article "February 31". Download and try PVS-Studio.

Static Code Analyzer PVS-Studio 6.22 Now Supports ARM Compilers (Keil, IAR)

Now our articles have every chance to become even more interesting because PVS-Studio can now check the code of embedded devices. We have added support for a few ARM compilers, which I talk about in detail below.

Static Code Analyzer PVS-Studio 6.22 Now Supports ARM Compilers (Keil, IAR)

by Andrey Karpov

From the article:

I find the RT-Thread operating system a perfect candidate to be the first embedded system checked with PVS-Studio. I glanced through the analysis report by PVS-Studio and picked 95 warnings that I thought to be the most interesting ones. Too see all those messages for yourself, download the rt-thread-html-log.zip archive with the full HTML report. We introduced this format not so long ago, and some users may not know about it. So, I'd like to use this opportunity to explain it once again.

PVS-Studio 6.21 release: support for CWE (Common Weakness Enumeration) was added

PVS-Studio is a tool for bug detection in the source code of programs, written in C, C++, and C#. It works in Windows and Linux environment.

PVS-Studio 6.21 Release

by PVS-Studio Team

What's new:

  • Support for CWE (Common Weakness Enumeration) was added to C/C++/C# analyzers.
  • HTML log with source code navigation can now be saved from Visual Studio plug-ins and the Standalone tool.
  • WDK (Windows Driver Kit) projects for Visual Studio 2017 are now supported.
  • PVS-Studio plug-in for SonarQube was updated for the latest LTS version 6.7.
  • V1007. The value from the uninitialized optional is used. Probably it is a mistake.

Speeding up the Build of C and C++ Projects

Many programmers know firsthand that C and C++ program builds very long. Someone solves this problem by sword-fighting at build time, someone is going to the kitchen to "grab some coffee". This article is for those who are tired of this, and who decided it is time to do something about it.

Speeding up the Build of C and C++ Projects

by Phillip Khandeliants

From the article:

If your operating system uses ELF format object files (Unix-like systems), you can replace the GNU ld linker with GNU gold. GNU gold comes with binutils starting from the version 2.19, and is activated by the flag -fuse-ld=gold. In CMake it can be activated, for example, by the following code.

 

PVS-Studio Reports Now in Html

FullHtml is a full-fledged report format for viewing analysis results.

PVS-Studio Reports Now in Html

by Svyatoslav Razmyslov

From the article:

It allows you to search for and sort messages by type, file, level, code, and warning text. What makes it special is that it allows you to navigate faulty fragments in the source files pointed out by the analyzer. The reported source files themselves are copied to Html and become part of the report. To see how FullHtml really looks like, I converted in this format one of the latest reports, which I've used when writing the article about the MuseScore project: MuseScoreHtml.7z.

Useful Improvements in the PVS-Studio 6.17 Release

In this version there are improvements, which, in my opinion, deserve a small note.

Useful Improvements in the PVS-Studio 6.17 Release

by Andrey Karpov

From the article:

A much more interesting feature is that a mechanism of virtual values was significantly redesigned in the kernel of C++ analyzer. For example, now the analyzer performs a double loop passage, which allows it to define the range of possible values of variables, changing in a loop, more accurately. So don't be surprised if the analyzer starts issuing many warnings for that code which used to seem correct for the analyzer.

PVS-Studio 6.16 released

PVS-Studio is a static code analyzer that detects errors and potential vulnerabilities in the source code of programs written in C/C++/C#. Version 6.16 has obtained 11 new general analysis diagnostics.

PVS-Studio 6.16 released

by Andrey Karpov

About the release:

In a sense, this is a milestone for us. The thing is that we cannot add more numbers of general analysis warnings, otherwise they will concur with the numbers of micro-optimization diagnostics. It seemed to us that the list of 300 diagnostics was endless, but now it is over and we got to the point of 800, where we have micro-optimization diagnostics. In the next release we plan to resume numbering the general-analysis warnings with V1000. Download and enjoy the new version of PVS-Studio now by clicking here.

P.S. How to use PVS-Studio for Free.

How to use PVS-Studio for free

We want to help the software world improve the quality of their code, and get to know static analysis tools better. We are giving the opportunity to use PVS-Studio static code analyzer for free, for educational purposes, so that individual developers and enthusiastic teams could also fully use it.

How to use PVS-Studio for free

by Andrey Karpov

From the article:

Some developers may say that they don't want to see two additional lines of code at the beginning of the file with the comments not related to the project itself. It is their right, and they may simply not use the tool. Or they can purchase a commercial license, and use it without any restrictions. We see these comments as a gratuity for the provided license, and also as an additional way to promote our product. I think it's a good, fair exchange.