pvs-studio

Detecting errors in the LLVM release 13.0.0

Commercial static analyzers perform deeper and fuller code analysis compared to compilers. Let's see what PVS-Studio found in the source code of the LLVM 13.0.0 project.

Detecting errors in the LLVM release 13.0.0

by Andrey Karpov

From the article:

It makes no sense to write different values one by one to the same variable. This is exactly what the analyzer warns us about. The code author made a typo, forgetting to add '|'. This code should create one 64-bit value from two 32-bit values. The correct code looks as follows: ....

CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?

For the first time PVS-Studio provided support for the CWE classification in the 6.21 release. It took place on January 15, 2018. Years have passed since then and we would like to tell you about the improvements related to the support of this classification in the latest analyzer version.

CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?

by Mikhail Gelvih

From the article:

We have been using the CWE classification for PVS-Studio diagnostics for more than three years. Their number increases every year. In 2018, we covered only 94 points on the CWE list. Now it's almost 130. However, this article isn't about the total number of diagnostics. Let's talk about those that are included in the list of the most dangerous diagnostics in 2021. If you want to read the full list, you can get it in the "CWE compliance" section of our documentation.

PVS-Studio 7.14: CLion, intermodular analysis, MISRA

The PVS-Studio team is increasing the number of diagnostics with each new release. Besides, we are improving the analyzer's infrastructure. This time we added the plugin for JetBrains CLion. Moreover, we introduced intermodular analysis of C++ projects and speeded up the C# analyzer core.

PVS-Studio 7.14: intermodular analysis in C++ and plugin for JetBrains CLion

by Andrey Karpov

From the article:

As the list below shows, most of the diagnostics that we currently implement are based on the MISRA C standard. We focused on the MISRA C support, and now PVS-Studio covers 60% of the standard. Soon, we plan to cover at least 80%. We also want to introduce the support of coding standards from the MISRA C Compliance.

PVS-Studio for JetBrains CLion: ad astra per aspera

The PVS-Studio analyzer already has plugins for such IDEs from JetBrains as Rider, IntelliJ IDEA and Android Studio. Somehow we missed another IDE - CLion. The time has come to make amends!

PVS-Studio for JetBrains CLion: ad astra per aspera

by Evgeniy Ovsyannikov, Sergey Vasiliev

From the article:

Here's an answer to the question that we are discussing - PVS-Studio and CLion collaboration will let us detect more errors at the writing code stage. CLion highlights the errors on the fly, but at the same time is limited in the analysis capabilities. PVS-Studio doesn't highlight errors immediately, but it can perform deeper analysis. Note that PVS-Studio has an incremental analysis – the mode that checks only the changed files.

Intermodular analysis of C++ projects in PVS-Studio

Recently PVS-Studio has implemented a major feature—we supported intermodular analysis of C++ projects. This article covers our and other tools' implementations. You'll also find out how to try this feature and what we managed to detect using it.

Intermodular analysis of C++ projects in PVS-Studio

by Oleg Lisiy, Sergey Larin

From the article:

We can't apply the approach above to the PVS-Studio tool. Our analyzer's main difference from compilers is that it doesn't form intermediate representation that is abstracted from the language context. Therefore, to read a symbol from another module, the tool has to translate it again and represent a program as in-memory data structures (parse tree, control flow graph, etc). Data flow analysis may also require parsing the entire dependency graph by symbols in different modules. Such a task may take a long time. So, we collect information about symbols (in particular in data flow analysis) using semantic analysis. We need to somehow save this data separately beforehand. Such information is a set of facts for a particular symbol. We developed the below approach based on this idea.

Integrating PVS-Studio into uVision Keil

I've been using this scenario until one day I spent 3 days debugging a very unpleasant bug. The bug kept savagely appearing from time to time. It turned out to be a banal null pointer dereference. I quickly realized that PVS-Studio detects this bug. That was the final nail in the coffin of my patience! – and started integrating PVS-Studio into Keil.

Integrating PVS-Studio into uVision Keil

by Amomum

From the article:

Keil provides a weird feature – creating a project batch file. I still don't know the purpose of this feature. This batch file contains all the necessary information for PVS-Studio, and it's enabled with a single check mark! Unfortunately, this check mark also breaks the incremental build. That is, any compilation becomes a complete recompilation. It affects the build time, so, unfortunately, it's not an option for us.

Beta-Testing of PVS-Studio Plugin for JetBrains CLion

To fully test the plugin, you'll need to install both the beta plugin version and the C++ core beta version of the analyzer. There are several ways to install the plugin: from the official repository, from the repository on our site, or using Windows PVS-Studio installer. Below we'll tell you in detail how to do this.

Beta-Testing of PVS-Studio Plugin for JetBrains CLion

by Evgeniy Ovsyannikov, Paul Eremeev

From the article:

We usually recommend running full analysis regularly, such as once a day, at night. In addition to nightly analysis, we highly recommend checking new code immediately after writing it. This way you'll get the best advantage of using the analyzer. To do this, use incremental analysis, which works as follows. A project was changed, a developer runs a build. After successful compilation only modified files will be analyzed. Modified files are the ones that have been changed since the previous analysis.

PVS-Studio Team: Switching to Clang Improved PVS-Studio C++ Analyzer's Performance

Although the project's preparation took a while, we were satisfied that the analyzer's performance grew by over 10%. We will use Clang to build future releases of PVS-Studio for Windows.

PVS-Studio Team: Switching to Clang Improved PVS-Studio C++ Analyzer's Performance

by Alexey Govorov and Sergey Larin

From the article:

From the earliest days, we used MSVC to compile the PVS-Studio C++ analyzer for Windows - then, in 2006, known as Viva64, version 1.00. With new releases, the analyzer's C++ core learned to work on Linux and macOS, and we modified the project's structure to support CMake. However, we kept using the MSVC compiler to build the analyzer's version for Windows. Then, in 2019, on April 29th, Visual Studio developers announced they had included the LLVM utilities and Clang compiler in the IDE.

 

PVS-Studio 7.13: Blame Notifier, MISRA

The list of diagnostics supported by MISRA and AUTOSAR continues to grow. We've expanded the Blame Notifier utility's capabilities. The analysis of Ninja projects on Windows has been enhanced and now involves the JSON Compilation Database.

PVS-Studio 7.13

by Andrey Karpov

From the article:

  • The C++ analyzer provides enhanced support of Ninja projects on Windows using JSON Compilation Database (compile_commands.json).
  • The C++ PVS-Studio analyzer spends 10% less time checking source files with the use of the Clang compiler.
  • To check C++ and C# Visual Studio PVS-Studio_Cmd.exe projects, you can pass the suppression file directly. Before this, you could add suppressed warnings only at the projects and solution level.

How to speed up building ang analyzing of your project with IncrediBuild?

"How much longer are you going to build it?" - a phrase that every developer has uttered at least once in the middle of the night. Yes, a build can be long and there is no escaping it. One does not simply redistribute the whole thing among 100+ cores, instead of some pathetic 8-12 ones. Or is it possible?

How to speed up building ang analyzing of your project with IncrediBuild?

by Maxim Zvyagintsev

From the article:

At the same time, the build completed successfully, but something really bad happened now. I had to dig into the logs, or rather, the compilation dump. That's where I found the problem. The point was that these macros are declared in the local precompiled header, whereas we only want to preprocess the file. However, the include header that was used to generate the precompiled header is different from the one that is included to the source file! The file that is used to generate the precompiled header is a 'wrapper' around the original header included into the source, and this wrapper contains all of the required macros.