PVS-Studio 7.29: Java code check in VS Code, Boost smart pointers, and plugin for Qt Creator on macOS

by Gleb Aslamov

The C++ analyzer now supports smart pointers from the Boost library: boost::unique_ptr and boost::shared_ptr. Now the PVS-Studio analyzer is able to detect errors such as null pointer dereferences when these classes are used.

PVS-Studio 7.25: support for latest versions of Qt Creator, Rider, and more

by Nikita Lipilin

When checking C++ projects that use MSBuild, PVS-Studio did not use the full power of Intel's 12th generation processors (for example, i7-12700, i9-12900). Apparently, the analysis processes were running only on energy-saving cores, while the rest remained idle. In the new version of PVS-Studio, the error has been fixed. Now the analyzer fully loads the processors and works much faster.

What's new in PVS-Studio in 2021?

by Maxim Stefanov, Oleg Lisiy, Sergey Vasiliev

PVS-Studio has plugins for various JetBrains IDEs: Rider, IntelliJ IDEA. Somehow we missed another popular IDE — CLion. Our clients expressed an increasing interest in this feature. Moreover, the PVS-Studio plugin for CLion as a cross-platform IDE would make it possible to work comfortably with the C++ analyzer regardless of the environment in which the developer works: on Windows, Linux or macOS.

PVS-Studio 7.16, expanding the horizons: MISRA C, Visual Studio 2022, .NET 6

by Andrey Karpov

PVS-Studio supports 80% of the MISRA C standard for safety and security. The tool fully covers the warnings categorized as Mandatory and most of the warnings from the Required category.

PVS-Studio 7.15: MISRA, CWE, OWASP, Unreal Engine

by Andrey Karpov

We have introduced a new feature for the PVS-Studio plugin for Visual Studio. Now you can display the Best Warnings the analyzer issued for a project. In other words, these are the analyzer's most valuable warnings. They demonstrate the analyzer's capabilities for someone, who is just starting out with the analyzer. We call this feature Analyzer Best Warnings. PVS-Studio has always been grouping analyzer warnings by 3 certainty levels. We've been traditionally using these levels to prioritize showing the analysis results — all best warnings should be first-level warnings. For the new version of our analyzer, we have developed a more accurate mechanism to evaluate warnings. Now the mechanism uses many extra criteria in addition to levels — both static (the average diagnostic "value") and dynamic. The dynamic criteria are based on warnings the analyzer issues for a specific code base (for example, detection frequency).

Why do you need the MISRA Compliance report and how to generate one in PVS-Studio?

by Nikolay Mironov

To make this simpler, let's take rule 1.1 that has the standard value of the category equal to Required. If you look at the table, you can see that acceptable compliance values for Required are Compliance or Deviations (I'll talk more about the meaning of these statuses later). This means that if your project complies with rule 1.1, or if it complies with this rule with some deviations - everything is fine and you can go to the next rule. If you get at least one hit in Violations or Disapplied, then the project does not comply with MISRA C 2012. If all rules have acceptable values only, congratulations! Your project complies with the MISRA C 2012 standard. If you have a hit in the red zone (the table above), you do not comply with the standard.

PVS-Studio 7.14: intermodular analysis in C++ and plugin for JetBrains CLion

by Andrey Karpov

As the list below shows, most of the diagnostics that we currently implement are based on the MISRA C standard. We focused on the MISRA C support, and now PVS-Studio covers 60% of the standard. Soon, we plan to cover at least 80%. We also want to introduce the support of coding standards from the MISRA C Compliance.

PVS-Studio 7.13

by Andrey Karpov

• The C++ analyzer provides enhanced support of Ninja projects on Windows using JSON Compilation Database (compile_commands.json).
• The C++ PVS-Studio analyzer spends 10% less time checking source files with the use of the Clang compiler.
• To check C++ and C# Visual Studio PVS-Studio_Cmd.exe projects, you can pass the suppression file directly. Before this, you could add suppressed warnings only at the projects and solution level.

Example of How New Diagnostics Appear in PVS-Studio

by Andrey Karpov

As for application software development, it doesn't make sense to enable them. The CovidSim project could do without them. Otherwise, a user will simply drown in a huge number of messages that are of little use in this case. For example, when experimenting with this set of diagnostics, we received more than a million warnings for some medium-sized open projects. Roughly speaking, every third line of code might be faulty in the view of MISRA. No one will scrape through all warnings, much less fix them. The project is either developed immediately taking into account MISRA recommendations, or this coding standard is irrelevant for it.
 

PVS-Studio 7.12 New Features for Finding Safety and Security Threats

by Nikolay Mironov, Paul Eremeev

Well, to waste no time, let's point out the additions right away. So, here is what's new, safe, and cool in PVS-Studio:

• New diagnostic groups OWASP ASVS and The AUTOSAR C++14 Coding Guidelines have been added to the analyzer. Previously, the compliance of PVS-Studio diagnostic rules with these standards was available only on our website. Now we have more than 50 new diagnostic rules!
• Now the analyzer shows information about the compliance of the warnings with the SEI CERT Coding Standard. This information formerly was available only on the PVS-Studio website.
• The interface of our plugins for Visual Studio, JetBrains Rider, and IntelliJ IDEA has been improved to ease the work with analyzer messages that have safety and security standards identifiers.
• New diagnostic groups (OWASP, AUTOSAR) in PlogConverter are supported.
• New diagnostics (OWASP, AUTOSAR) are supported in SonarQube at the tag level. We classified our diagnostic rules by OWASP Top 10.