pvs-studio

Beta-Testing of PVS-Studio Plugin for JetBrains CLion

To fully test the plugin, you'll need to install both the beta plugin version and the C++ core beta version of the analyzer. There are several ways to install the plugin: from the official repository, from the repository on our site, or using Windows PVS-Studio installer. Below we'll tell you in detail how to do this.

Beta-Testing of PVS-Studio Plugin for JetBrains CLion

by Evgeniy Ovsyannikov, Paul Eremeev

From the article:

We usually recommend running full analysis regularly, such as once a day, at night. In addition to nightly analysis, we highly recommend checking new code immediately after writing it. This way you'll get the best advantage of using the analyzer. To do this, use incremental analysis, which works as follows. A project was changed, a developer runs a build. After successful compilation only modified files will be analyzed. Modified files are the ones that have been changed since the previous analysis.

PVS-Studio Team: Switching to Clang Improved PVS-Studio C++ Analyzer's Performance

Although the project's preparation took a while, we were satisfied that the analyzer's performance grew by over 10%. We will use Clang to build future releases of PVS-Studio for Windows.

PVS-Studio Team: Switching to Clang Improved PVS-Studio C++ Analyzer's Performance

by Alexey Govorov and Sergey Larin

From the article:

From the earliest days, we used MSVC to compile the PVS-Studio C++ analyzer for Windows - then, in 2006, known as Viva64, version 1.00. With new releases, the analyzer's C++ core learned to work on Linux and macOS, and we modified the project's structure to support CMake. However, we kept using the MSVC compiler to build the analyzer's version for Windows. Then, in 2019, on April 29th, Visual Studio developers announced they had included the LLVM utilities and Clang compiler in the IDE.

 

PVS-Studio 7.13: Blame Notifier, MISRA

The list of diagnostics supported by MISRA and AUTOSAR continues to grow. We've expanded the Blame Notifier utility's capabilities. The analysis of Ninja projects on Windows has been enhanced and now involves the JSON Compilation Database.

PVS-Studio 7.13

by Andrey Karpov

From the article:

  • The C++ analyzer provides enhanced support of Ninja projects on Windows using JSON Compilation Database (compile_commands.json).
  • The C++ PVS-Studio analyzer spends 10% less time checking source files with the use of the Clang compiler.
  • To check C++ and C# Visual Studio PVS-Studio_Cmd.exe projects, you can pass the suppression file directly. Before this, you could add suppressed warnings only at the projects and solution level.

How to speed up building ang analyzing of your project with IncrediBuild?

"How much longer are you going to build it?" - a phrase that every developer has uttered at least once in the middle of the night. Yes, a build can be long and there is no escaping it. One does not simply redistribute the whole thing among 100+ cores, instead of some pathetic 8-12 ones. Or is it possible?

How to speed up building ang analyzing of your project with IncrediBuild?

by Maxim Zvyagintsev

From the article:

At the same time, the build completed successfully, but something really bad happened now. I had to dig into the logs, or rather, the compilation dump. That's where I found the problem. The point was that these macros are declared in the local precompiled header, whereas we only want to preprocess the file. However, the include header that was used to generate the precompiled header is different from the one that is included to the source file! The file that is used to generate the precompiled header is a 'wrapper' around the original header included into the source, and this wrapper contains all of the required macros.

PVS-Studio Learns What strlen is All About

Somehow, it so happens that we write about our diagnostics, but barely touch upon the subject of how we enhance the analyzer's internal mechanics. So, for a change, today we'll talk about a new useful upgrade for our data flow analysis.

PVS-Studio Learns What strlen is All About

by Andrey Karpov

From the article:

Can you see it? To be honest, we did not notice it immediately and our first thought was, "Oh no, we broke something!" Then we saw what was up and took a minute to appreciate the advantages of static analysis. PVS-Studio warned: V512 A call of the 'strcpy' function will lead to overflow of the buffer 'astr'. asm.cpp 21 Still don't see the error? Let's go through the code step by step.

PVS-Studio Beta plugin for CLion (Win\Linux\macOS): It's less than a month away

PVS-Studio Beta plugin for CLion (Win\Linux\macOS). It's less than a month away. Want to be the first to try it? Just sign up here.

PVS-Studio Early Access Program

by PVS-Studio Team

Description:

PVS-Studio is a static analyzer that detects errors and potential vulnerabilities in the source code of programs written in C, C++, C#, and Java. In 2021 we are planning to release the PVS-Studio plugin for C++ IDE – CLion.

Example of How New Diagnostics Appear in PVS-Studio

Users sometimes ask how new diagnostics appear in the PVS-Studio static analyzer. We answer that we draw inspiration from a variety of sources: books, coding standards, our own mistakes, our users' emails, and others. Recently we came up with an interesting idea of a new diagnostic.

Example of How New Diagnostics Appear in PVS-Studio

by Andrey Karpov

From the article:

As for application software development, it doesn't make sense to enable them. The CovidSim project could do without them. Otherwise, a user will simply drown in a huge number of messages that are of little use in this case. For example, when experimenting with this set of diagnostics, we received more than a million warnings for some medium-sized open projects. Roughly speaking, every third line of code might be faulty in the view of MISRA. No one will scrape through all warnings, much less fix them. The project is either developed immediately taking into account MISRA recommendations, or this coding standard is irrelevant for it.
 

PVS-Studio 7.12 New Features for Finding Safety and Security Threats

At the moment, PVS-Studio is developing not only as a static analyzer searching for code quality defects (quality control solution) but also as a solution for searching for security and safety defects.

PVS-Studio 7.12 New Features for Finding Safety and Security Threats

by Nikolay Mironov, Paul Eremeev

From the article:

Well, to waste no time, let's point out the additions right away. So, here is what's new, safe, and cool in PVS-Studio:

  • New diagnostic groups OWASP ASVS and The AUTOSAR C++14 Coding Guidelines have been added to the analyzer. Previously, the compliance of PVS-Studio diagnostic rules with these standards was available only on our website. Now we have more than 50 new diagnostic rules!
  • Now the analyzer shows information about the compliance of the warnings with the SEI CERT Coding Standard. This information formerly was available only on the PVS-Studio website.
  • The interface of our plugins for Visual Studio, JetBrains Rider, and IntelliJ IDEA has been improved to ease the work with analyzer messages that have safety and security standards identifiers.
  • New diagnostic groups (OWASP, AUTOSAR) in PlogConverter are supported.
  • New diagnostics (OWASP, AUTOSAR) are supported in SonarQube at the tag level. We classified our diagnostic rules by OWASP Top 10.

Why PVS-Studio Uses Data Flow Analysis: Based on Gripping Error in Open Asset Import Library

An essential part of any modern static code analyzer is data flow analysis. However, from an outside perspective, the use of data flow analysis and its benefit is unclear.

Why PVS-Studio Uses Data Flow Analysis: Based on Gripping Error in Open Asset Import Library

by Andrey Karpov

From the article:

It all started with checking the latest version of the Qt 6 library. There was a separate usual article on this, where I'd described 77 errors found. It turned out that at first, I decided to flip through the report, not excluding the third-party libraries' warnings. In other words, I didn't exclude the warnings related to \src\3rdparty in the settings. It so happened that I immediately ran up against a gripping error example in the Open Asset Import Library. So, I decided to write this extra little note about it.

PVS-Studio Roadmap 2021

PVS-Studio can currently analyze programs written in C, C++, C#, and Java. It also supports some C++ language extensions, for example, C++/CLI and C++/CX. In 2021, we do not plan to implement support for new languages, but we plan to expand the analyzer. We want to support several new compilers (C, C++) for micro controllers and some development environments, such as CLion.

PVS-Studio Roadmap 2021

by Andrey Karpov

From the article:

We will continue to support the MISRA C and MISRA C++ coding standards. However, it's time to also support a more modern set of rules described in The AUTSAR C++14 Coding Guidelines. This document is the MISRA C++:2008 standard update, and is also based on leading code standards and research papers prepared by AUTOSAR.