PVS-Studio 7.29: Java code check in VS Code, Boost smart pointers, and plugin for Qt Creator on macOS

by Gleb Aslamov

The C++ analyzer now supports smart pointers from the Boost library: boost::unique_ptr and boost::shared_ptr. Now the PVS-Studio analyzer is able to detect errors such as null pointer dereferences when these classes are used.

Top 10 errors in C and C++ projects in 2023

by Alexey Gorshkov

In this case, the developers wanted to fill the keyEventList array with zeros. Pay attention to the third parameter — the number of bytes the developers wanted to fill with zeros. In this case, sizeof(keyEventList) evaluates the pointer size instead of the array size. It depends on the target platform, but most often it's 4 or 8 bytes. However, the size of the structure is clearly larger than 4 or 8 bytes.

PVS-Studio 7.28: support for ARM, .NET 8, analysis of Unreal Engine projects without Unity Build, and more

by Gleb Aslamov

When analyzing Unreal Engine projects with PVS-Studio, we often encounter issues with high memory usage and analysis slowdown. They usually arise when individual translation units are combined into a single file (the Unity Build system). Although the merging of translation units may have a positive impact on the compilation time, the large file size may increase the resource requirements for analysis.

PVS-Studio 7.26: running analysis in VS Code and Qt Creator, integration with DefectDojo, and more

by Sergey Vasiliev

Now the PVS-Studio plugins for Visual Studio Code and Qt Creator support the analysis of C and C++ projects. Moreover, the plugins support mass suppression of analyzer warnings (with the help of suppress files). This mechanism enables you to hide warnings for legacy code and work only with new warnings. In this way, the integration of the analyzer into the project will be much easier.

PVS-Studio 7.25: support for latest versions of Qt Creator, Rider, and more

by Nikita Lipilin

When checking C++ projects that use MSBuild, PVS-Studio did not use the full power of Intel's 12th generation processors (for example, i7-12700, i9-12900). Apparently, the analysis processes were running only on energy-saving cores, while the rest remained idle. In the new version of PVS-Studio, the error has been fixed. Now the analyzer fully loads the processors and works much faster.

PVS-Studio in 2022

by Polina Alekseeva

Speaking of cross-platform. As of now, the analyzer runs on Windows, Linux, and macOS on the x86_64 architecture. It is currently impossible to run the analyzer natively on the same operating systems under ARM (except for C and C++ analyzer on ARM-based macOS: you can run it via Rosetta). We're wondering if there are many people among our readers who want to natively use the analyzer on ARM. How critical is the build and analysis of projects on the ARM architecture for you?

Top 10 bugs found in C++ projects in 2022

by Vladislav Stolyarov

Here the analyzer detected that a function, marked as noexcept, calls a function that throws an exception. If an exception arises from the nothrow function's body, the nothrow function calls std::terminate, and the program crashes. It could make sense to wrap the setName function in the function-try-block and process the exceptional situation there — or one could use something else instead of generating the exception.

PVS-Studio 7.22: Visual Studio Code, Qt Creator, .NET 7

by Sergey Vasiliev

New plugins provide even more options for cross-platform work. Now you can use them to work with logs: view warnings, filter them, sort them in a grid, etc. You can't run the analysis yet — we plan to add this feature in future releases.

PVS-Studio and RPCS3: the best warnings in one click

by Alexander Kurenev

Best Warnings is a special mechanism for the first acquaintance with the PVS-Studio static analyzer. The full analyzer's log can contain thousands of warnings. Therefore, if you want to evaluate the work of the analyzer and not waste time and effort on viewing a large report that was issued by a not yet configured analyzer, use the Best Warnings mechanism. Open the analyzer's log in the PVS-Studio plugin for Visual Studio and enable Best Warnings.

Examples of errors that PVS-Studio found in LLVM 15.0

by Andrey Karpov

It's a cool bug, although it's not scary. There is no semicolon after the return statement. As a result, the code does not work as it looks.

void FunctionLoweringInfo::ComputePHILiveOutRegInfo(const PHINode *PN) {
  ....
  Register DestReg = It->second;
  if (DestReg == 0)
    return
  assert(Register::isVirtualRegister(DestReg) &&
         "Expected a virtual reg");
  LiveOutRegInfo.grow(DestReg);
  ....
}