pvs-studio

PVS-Studio is now in Compiler Explorer!

Now you can quickly and easily analyze the code for errors right on the godbolt.org site (Compiler Explorer). This feature opens up a large number of new possibilities – from quenching curiosity about the analyzer's abilities to being able to quickly share check results with a friend. Caution – GIFs!

PVS-Studio is now in Compiler Explorer

by George Gribkov

From the article:

If you want to see the output of your program, you can open the execution window by clicking "Add new... - > Execution only" in the code editor (not in the compiler window). In the gif below, you can see the output of the lab work taken from our page about free usage of PVS-Studio by students and teachers.

ModernCppStarter & PVS-Studio Static Code Analyzer

One of the ways to improve software quality is to check source code with static analysis tools. This section explains how to use the PVS-Studio analyzer to check projects built on ModernCppStarter. We provide a free license for open-source projects.

ModernCppStarter & PVS-Studio Static Code Analyzer

by PVS-Studio Team

From the article:

plog-converter will convert the report into the errorfile format (similar to GCC's messages), which can be conveniently viewed in a terminal window and the IDE. You can also have the report converted to an HTML file by using the -t fullhtml flag. Use the flags -a and -d to filter diagnostics. Run the plog-converter --help command to view the full list of available options.

 

A Note of Caution about Using PVS-Studio on godbolt.org (Compiler Explorer)

We have added an option allowing you to experiment with the PVS-Studio static analyzer on the godbolt.org (Compiler Explorer) website. It supports analysis of C and C++ code.

A Note of Caution about Using PVS-Studio on godbolt.org (Compiler Explorer)

by Andrey Karpov

From the article:

This may be promising from the perspective of satisfying one's curiosity, writing articles, and so on. But there's a downside to it too: rather than using synthetic examples to explore or try out the tool, people may start relying on them to evaluate and compare it against other analyzers. And this is a very bad approach because the results will be unreliable and dependent on how the test examples are written.

PVS-Studio 7.07: Features Overview

The purpose of this article is to give a general overview of the features of the PVS-Studio static analyzer.

PVS-Studio 7.07: Features Overview

by Ekaterina Nikiforova

From the article:

The next command I'd like to talk about is called "Display CWE Codes in Output Window". PVS-Studio is a static application security testing (SAST) tool, which means its warnings can be classified according to the Common Weakness Enumeration (CWE).
 

PVS-Studio 7.07

The PVS-Studio team is now working remotely and continuing to actively develop the product by adding new features and diagnostics. We write articles, for example, about the GCC 10 check or the DeepCode review. Sure, we continue pushing out releases.

PVS-Studio 7.07

by Svyatoslav Razmyslov

From the article:

In between the analyzer releases, Microsoft pushed out several updates for the Visual C++ compiler, which comprised initial support of the C++20 standard, for example, concepts. Unfortunately, when running the analyzer some users stumbled upon the error V003 - Unrecognized error found. We're glad to inform that this error is fixed in PVS-Studio 7.07. Concepts are supported.
 

 

PVS-Studio Integration in PlatformIO

Recently, the PlatformIO development environment of embedded systems has supported PVS-Studio. In this article, you'll find out how to check your code with the static analyzer on the example of open project.

PVS-Studio Integration in PlatformIO

by Alexey Govorov

From the article:

In the /arduino/AP_Utils/examples/ directory, there are several examples of programs for configuring and running the hexapod, we'll use servo_test.ino. Basically, the program for Arduino is created as sketches in the INO format, which in this case is not quite suitable. In order to make the correct .cpp file from it, it is usually enough to change the file extension, add the #include <Arduino.h> header at the beginning, and make sure that functions and global variables are declared before accessing them.

Top 10 Bugs Found in C++ Projects in 2019

Another year is drawing to an end, and it's a perfect time to make yourself a cup of coffee and reread the reviews of bugs collected across open-source projects over this year.

Top 10 Bugs Found in C++ Projects in 2019

by Maxim Zvyagintsev

From the article:

float yScale = 1.0 / tan((3.141592538 / 180.0) * fov / 2);

There's a tiny typo in the Pi number (3,141592653...): the number "6" is missing at the 7th decimal place.
 

For professors' note: use PVS-Studio to get students familiar with code analysis tools

We provide several options for free PVS-Studio licensing, including the ones for open projects. Specifically for educational purposes, in case if student's works aren't open, the best option is to add the following comment to the code.

For professors' note: use PVS-Studio to get students familiar with code analysis tools

by Andrey Karpov

From the article:

The PVS-Studio analyzer can be regarded as a fine example of a modern static code analysis tool. First, it's a great example to show the abilities of static analysis tools in detecting errors and security defects. Second, you can demonstrate its integration into the software development cycle to enable continuous code control. In its example, you can show integration with such systems as Jenkins, TeamCity, Azure DevOps, SonarQube, Travis CI and others.

Getting Started with the PVS-Studio Static Analyzer for C++ Development under Linux

There are different ways to install PVS-Studio under Linux, depending on your distro type. The most convenient and preferred method is to use the repository, since it allows auto-updating the analyzer upon releasing new versions.

Getting Started with the PVS-Studio Static Analyzer for C++ Development under Linux

by Yuri Minaev

From the article:

Besides strace, you can base the analysis on the compile_commands.json (JSON Compilation Database) file. Many build systems have built-in means of exporting compilation commands, or you could use the BEAR utility to do this. Here's the command to launch the analysis in this case: pvs-studio-analyzer analyze –f /path/to/compile_commands.json

 

PVS-Studio in the Clouds - Running the Analysis on Travis CI

At the moment, cloud CI systems are a highly-demanded service. In this article, we'll tell you how to integrate analysis of source code into a CI cloud platform with the tools that are already available in PVS-Studio. As an example we'll use the Travis CI service.

PVS-Studio in the Clouds - Running the Analysis on Travis CI

by Oleg Andreev

From the article:

Travis CI is a service for building and testing software that uses GitHub as a storage. Travis CI doesn't require changing of programming code for using the service. All settings are made in the file .travis.yml located in the root of the repository. We'll take LXC (Linux Containers) as a test project for PVS-Studio. It is a virtualization system at the operation system level for launching several instances of the Linux OS at one node. The project is small, but more than enough for demonstration.