October 2-6, Aurora, Colorado, USA
November 12-14, Berlin, Germany
November 16, Wrocław, Poland
By Andrey Karpov | Feb 14, 2022 09:34 AM | Tags: unreal engine texas instruments pvs-studio c6000-cgt
We are pleased to announce the first release of PVS-Studio in 2022.
PVS-Studio 7.17: Unreal Engine, ASP.NET Core, Texas Instruments
by Sergey Vasiliev
From the article:
The PVS-Studio analyzer for C and C++ now can check projects for C6000-CGT — the compiler for embedded systems developed by Texas Instruments.
By Andrey Karpov | Dec 31, 2021 08:06 AM | Tags: unreal engine pvs-studio misra clion
2021 is coming to an end, which means it's time to sum up the year! Today we'll tell you about the new features we added to PVS-Studio in the past year. Buckle up and let's go!
What's new in PVS-Studio in 2021?
by Maxim Stefanov, Oleg Lisiy, Sergey Vasiliev
From the article:
PVS-Studio has plugins for various JetBrains IDEs: Rider, IntelliJ IDEA. Somehow we missed another popular IDE — CLion. Our clients expressed an increasing interest in this feature. Moreover, the PVS-Studio plugin for CLion as a cross-platform IDE would make it possible to work comfortably with the C++ analyzer regardless of the environment in which the developer works: on Windows, Linux or macOS.
By Andrey Karpov | Dec 22, 2021 02:33 AM | Tags: sta pvs-studio open source bugs
It's freezing outside, everyone has already decorated the Christmas tree and bought tangerines. New Year is coming! So, it's time to meet the Top 10 interesting bugs found by the PVS-Studio C++ analyzer in 2021.
Top 10 bugs found in C++ projects in 2021
by Vladislav Stolyarov
From the article:
Let's talk about... HTML! PVS-Studio provides diagnostics that don't just check code – they also look for abnormalities in string literals. The code above triggered one of these diagnostics. Such cases are quite rare. That's why, this one is so intriguing. Someone intended to create one list but added two tags that open this list instead of one. This is clearly a typo. The first tag must open the list, and the second one must close it.
By Andrey Karpov | Dec 10, 2021 02:39 AM | Tags: vs2022 visual studio 2022 sast pvs-studio misra c misra
This is the latest release of PVS-Studio in 2021. With it, the PVS-Studio team accomplishes several important goals. Now, PVS-Studio supports Visual Studio 2022 (.NET 6, C# 10.0). We implemented all diagnostics categorized as Mandatory in MISRA C.
PVS-Studio 7.16, expanding the horizons: MISRA C, Visual Studio 2022, .NET 6
by Andrey Karpov
From the article:
PVS-Studio supports 80% of the MISRA C standard for safety and security. The tool fully covers the warnings categorized as Mandatory and most of the warnings from the Required category.
By Andrey Karpov | Oct 8, 2021 12:30 PM | Tags: typos static code analyzer pvs-studio llvm 13 llvm code analysis
Commercial static analyzers perform deeper and fuller code analysis compared to compilers. Let's see what PVS-Studio found in the source code of the LLVM 13.0.0 project.
Detecting errors in the LLVM release 13.0.0
by Andrey Karpov
From the article:
It makes no sense to write different values one by one to the same variable. This is exactly what the analyzer warns us about. The code author made a typo, forgetting to add '|'. This code should create one 64-bit value from two 32-bit values. The correct code looks as follows: ....
By Andrey Karpov | Sep 29, 2021 01:23 PM | Tags: static analysis sast pvs-studio devtool cwetop25 cwe cvss common weakness enumeration
For the first time PVS-Studio provided support for the CWE classification in the 6.21 release. It took place on January 15, 2018. Years have passed since then and we would like to tell you about the improvements related to the support of this classification in the latest analyzer version.
CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?
by Mikhail Gelvih
From the article:
We have been using the CWE classification for PVS-Studio diagnostics for more than three years. Their number increases every year. In 2018, we covered only 94 points on the CWE list. Now it's almost 130. However, this article isn't about the total number of diagnostics. Let's talk about those that are included in the list of the most dangerous diagnostics in 2021. If you want to read the full list, you can get it in the "CWE compliance" section of our documentation.
By Andrey Karpov | Aug 17, 2021 02:06 AM | Tags: sast pvs-studio misra jetbrains clion intermodular analysis clion autosar
The PVS-Studio team is increasing the number of diagnostics with each new release. Besides, we are improving the analyzer's infrastructure. This time we added the plugin for JetBrains CLion. Moreover, we introduced intermodular analysis of C++ projects and speeded up the C# analyzer core.
PVS-Studio 7.14: intermodular analysis in C++ and plugin for JetBrains CLion
by Andrey Karpov
From the article:
As the list below shows, most of the diagnostics that we currently implement are based on the MISRA C standard. We focused on the MISRA C support, and now PVS-Studio covers 60% of the standard. Soon, we plan to cover at least 80%. We also want to introduce the support of coding standards from the MISRA C Compliance.
By Andrey Karpov | Aug 11, 2021 01:29 AM | Tags: static code analysis sast pvs-studio plugin jetbrains devtool clion bugs
The PVS-Studio analyzer already has plugins for such IDEs from JetBrains as Rider, IntelliJ IDEA and Android Studio. Somehow we missed another IDE - CLion. The time has come to make amends!
PVS-Studio for JetBrains CLion: ad astra per aspera
by Evgeniy Ovsyannikov, Sergey Vasiliev
From the article:
Here's an answer to the question that we are discussing - PVS-Studio and CLion collaboration will let us detect more errors at the writing code stage. CLion highlights the errors on the fly, but at the same time is limited in the analysis capabilities. PVS-Studio doesn't highlight errors immediately, but it can perform deeper analysis. Note that PVS-Studio has an incremental analysis – the mode that checks only the changed files.
By Andrey Karpov | Aug 10, 2021 02:17 AM | Tags: pvs-studio intermodular analysis data flow code analysis
Recently PVS-Studio has implemented a major feature—we supported intermodular analysis of C++ projects. This article covers our and other tools' implementations. You'll also find out how to try this feature and what we managed to detect using it.
Intermodular analysis of C++ projects in PVS-Studio
by Oleg Lisiy, Sergey Larin
From the article:
We can't apply the approach above to the PVS-Studio tool. Our analyzer's main difference from compilers is that it doesn't form intermediate representation that is abstracted from the language context. Therefore, to read a symbol from another module, the tool has to translate it again and represent a program as in-memory data structures (parse tree, control flow graph, etc). Data flow analysis may also require parsing the entire dependency graph by symbols in different modules. Such a task may take a long time. So, we collect information about symbols (in particular in data flow analysis) using semantic analysis. We need to somehow save this data separately beforehand. Such information is a set of facts for a particular symbol. We developed the below approach based on this idea.
By Andrey Karpov | Aug 3, 2021 07:43 AM | Tags: uvision static analyzer sast pvs-studio null pointer dereference keil embedded devops bugs
I've been using this scenario until one day I spent 3 days debugging a very unpleasant bug. The bug kept savagely appearing from time to time. It turned out to be a banal null pointer dereference. I quickly realized that PVS-Studio detects this bug. That was the final nail in the coffin of my patience! – and started integrating PVS-Studio into Keil.
Integrating PVS-Studio into uVision Keil
by Amomum
From the article:
Keil provides a weird feature – creating a project batch file. I still don't know the purpose of this feature. This batch file contains all the necessary information for PVS-Studio, and it's enabled with a single check mark! Unfortunately, this check mark also breaks the incremental build. That is, any compilation becomes a complete recompilation. It affects the build time, so, unfortunately, it's not an option for us.