pvs-studio

PVS-Studio 7.09

Therefore, most likely, now each release will be followed by a special note so that users don't miss changes that may be useful to them. What's interesting is that from now on we won't just list everything that was added or improved. Rather, now on the contrary, the purpose is to highlight the most important features in the news to avoid having just a boring list of changes.

PVS-Studio 7.09

by Andrey Karpov

From the article:

New general analysis diagnostics:

  •     V1059. Macro name overrides a keyword/reserved name. This may lead to undefined behavior.
  •     V1060. Passing 'BSTR ' to the 'SysAllocString' function may lead to incorrect object creation.
  •     V1061. Extending 'std' or 'posix' namespace may result in undefined behavior.
  •     V1062. Class defines a custom new or delete operator. The opposite operator must also be defined.
  •     V1063. The modulo by 1 operation is meaningless. The result will always be zero.

PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents

Static code analysis is most effective when changing a project, as errors are always more difficult to fix in the future than at an early stage. We continue expanding the options for using PVS-Studio in continuous development systems. This time, we'll show you how to configure pull request analysis using self-hosted agents in Microsoft Azure DevOps, using the example of the Minetest game.

PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents

by Alexey Govorov

From the article:

The result is a build system based on MSBuild for C++, with Chocolatey for installing PVS-Studio, CMake, and Git. Vcpkg is built for convenient management of the libraries that the project depends on. Also, we have to download the latest version of the Azure Pipelines Agent. To initialize the agent from the ENTRYPOINT Docker file, the PowerShell script 'entrypoint.ps1' is called, to which you need to add the URL of the project's "organization", the token of the agent pool, and the PVS-Studio license parameters....


 

 

PVS-Studio is now in Compiler Explorer!

Now you can quickly and easily analyze the code for errors right on the godbolt.org site (Compiler Explorer). This feature opens up a large number of new possibilities – from quenching curiosity about the analyzer's abilities to being able to quickly share check results with a friend. Caution – GIFs!

PVS-Studio is now in Compiler Explorer

by George Gribkov

From the article:

If you want to see the output of your program, you can open the execution window by clicking "Add new... - > Execution only" in the code editor (not in the compiler window). In the gif below, you can see the output of the lab work taken from our page about free usage of PVS-Studio by students and teachers.

ModernCppStarter & PVS-Studio Static Code Analyzer

One of the ways to improve software quality is to check source code with static analysis tools. This section explains how to use the PVS-Studio analyzer to check projects built on ModernCppStarter. We provide a free license for open-source projects.

ModernCppStarter & PVS-Studio Static Code Analyzer

by PVS-Studio Team

From the article:

plog-converter will convert the report into the errorfile format (similar to GCC's messages), which can be conveniently viewed in a terminal window and the IDE. You can also have the report converted to an HTML file by using the -t fullhtml flag. Use the flags -a and -d to filter diagnostics. Run the plog-converter --help command to view the full list of available options.

 

A Note of Caution about Using PVS-Studio on godbolt.org (Compiler Explorer)

We have added an option allowing you to experiment with the PVS-Studio static analyzer on the godbolt.org (Compiler Explorer) website. It supports analysis of C and C++ code.

A Note of Caution about Using PVS-Studio on godbolt.org (Compiler Explorer)

by Andrey Karpov

From the article:

This may be promising from the perspective of satisfying one's curiosity, writing articles, and so on. But there's a downside to it too: rather than using synthetic examples to explore or try out the tool, people may start relying on them to evaluate and compare it against other analyzers. And this is a very bad approach because the results will be unreliable and dependent on how the test examples are written.

PVS-Studio 7.07: Features Overview

The purpose of this article is to give a general overview of the features of the PVS-Studio static analyzer.

PVS-Studio 7.07: Features Overview

by Ekaterina Nikiforova

From the article:

The next command I'd like to talk about is called "Display CWE Codes in Output Window". PVS-Studio is a static application security testing (SAST) tool, which means its warnings can be classified according to the Common Weakness Enumeration (CWE).
 

PVS-Studio 7.07

The PVS-Studio team is now working remotely and continuing to actively develop the product by adding new features and diagnostics. We write articles, for example, about the GCC 10 check or the DeepCode review. Sure, we continue pushing out releases.

PVS-Studio 7.07

by Svyatoslav Razmyslov

From the article:

In between the analyzer releases, Microsoft pushed out several updates for the Visual C++ compiler, which comprised initial support of the C++20 standard, for example, concepts. Unfortunately, when running the analyzer some users stumbled upon the error V003 - Unrecognized error found. We're glad to inform that this error is fixed in PVS-Studio 7.07. Concepts are supported.
 

 

PVS-Studio Integration in PlatformIO

Recently, the PlatformIO development environment of embedded systems has supported PVS-Studio. In this article, you'll find out how to check your code with the static analyzer on the example of open project.

PVS-Studio Integration in PlatformIO

by Alexey Govorov

From the article:

In the /arduino/AP_Utils/examples/ directory, there are several examples of programs for configuring and running the hexapod, we'll use servo_test.ino. Basically, the program for Arduino is created as sketches in the INO format, which in this case is not quite suitable. In order to make the correct .cpp file from it, it is usually enough to change the file extension, add the #include <Arduino.h> header at the beginning, and make sure that functions and global variables are declared before accessing them.

Top 10 Bugs Found in C++ Projects in 2019

Another year is drawing to an end, and it's a perfect time to make yourself a cup of coffee and reread the reviews of bugs collected across open-source projects over this year.

Top 10 Bugs Found in C++ Projects in 2019

by Maxim Zvyagintsev

From the article:

float yScale = 1.0 / tan((3.141592538 / 180.0) * fov / 2);

There's a tiny typo in the Pi number (3,141592653...): the number "6" is missing at the 7th decimal place.
 

For professors' note: use PVS-Studio to get students familiar with code analysis tools

We provide several options for free PVS-Studio licensing, including the ones for open projects. Specifically for educational purposes, in case if student's works aren't open, the best option is to add the following comment to the code.

For professors' note: use PVS-Studio to get students familiar with code analysis tools

by Andrey Karpov

From the article:

The PVS-Studio analyzer can be regarded as a fine example of a modern static code analysis tool. First, it's a great example to show the abilities of static analysis tools in detecting errors and security defects. Second, you can demonstrate its integration into the software development cycle to enable continuous code control. In its example, you can show integration with such systems as Jenkins, TeamCity, Azure DevOps, SonarQube, Travis CI and others.