Upsetting Opinions about Static Analyzers

by Andrey Karpov

Of course, any modern static analyzer tracks the changes of variables' values. If a variable doesn't change, a warning is issued. If it does, no warning is issued. To ensure that, analyzers rely on data stream analysis. And that's exactly how PVS-Studio works. Let's take a look at the following synthetic example.

PVS-Studio 7.09

by Andrey Karpov

New general analysis diagnostics:

•     V1059. Macro name overrides a keyword/reserved name. This may lead to undefined behavior.
•     V1060. Passing 'BSTR ' to the 'SysAllocString' function may lead to incorrect object creation.
•     V1061. Extending 'std' or 'posix' namespace may result in undefined behavior.
•     V1062. Class defines a custom new or delete operator. The opposite operator must also be defined.
•     V1063. The modulo by 1 operation is meaningless. The result will always be zero.

PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents

by Alexey Govorov

The result is a build system based on MSBuild for C++, with Chocolatey for installing PVS-Studio, CMake, and Git. Vcpkg is built for convenient management of the libraries that the project depends on. Also, we have to download the latest version of the Azure Pipelines Agent. To initialize the agent from the ENTRYPOINT Docker file, the PowerShell script 'entrypoint.ps1' is called, to which you need to add the URL of the project's "organization", the token of the agent pool, and the PVS-Studio license parameters....

PVS-Studio is now in Compiler Explorer

by George Gribkov

If you want to see the output of your program, you can open the execution window by clicking "Add new... - > Execution only" in the code editor (not in the compiler window). In the gif below, you can see the output of the lab work taken from our page about free usage of PVS-Studio by students and teachers.

ModernCppStarter & PVS-Studio Static Code Analyzer

by PVS-Studio Team

plog-converter will convert the report into the errorfile format (similar to GCC's messages), which can be conveniently viewed in a terminal window and the IDE. You can also have the report converted to an HTML file by using the -t fullhtml flag. Use the flags -a and -d to filter diagnostics. Run the plog-converter --help command to view the full list of available options.

A Note of Caution about Using PVS-Studio on godbolt.org (Compiler Explorer)

by Andrey Karpov

This may be promising from the perspective of satisfying one's curiosity, writing articles, and so on. But there's a downside to it too: rather than using synthetic examples to explore or try out the tool, people may start relying on them to evaluate and compare it against other analyzers. And this is a very bad approach because the results will be unreliable and dependent on how the test examples are written.

PVS-Studio 7.07: Features Overview

by Ekaterina Nikiforova

The next command I'd like to talk about is called "Display CWE Codes in Output Window". PVS-Studio is a static application security testing (SAST) tool, which means its warnings can be classified according to the Common Weakness Enumeration (CWE).
 

PVS-Studio 7.07

by Svyatoslav Razmyslov

In between the analyzer releases, Microsoft pushed out several updates for the Visual C++ compiler, which comprised initial support of the C++20 standard, for example, concepts. Unfortunately, when running the analyzer some users stumbled upon the error V003 - Unrecognized error found. We're glad to inform that this error is fixed in PVS-Studio 7.07. Concepts are supported.
 

PVS-Studio Integration in PlatformIO

by Alexey Govorov

In the /arduino/AP_Utils/examples/ directory, there are several examples of programs for configuring and running the hexapod, we'll use servo_test.ino. Basically, the program for Arduino is created as sketches in the INO format, which in this case is not quite suitable. In order to make the correct .cpp file from it, it is usually enough to change the file extension, add the #include <Arduino.h> header at the beginning, and make sure that functions and global variables are declared before accessing them.

Top 10 Bugs Found in C++ Projects in 2019

by Maxim Zvyagintsev

float yScale = 1.0 / tan((3.141592538 / 180.0) * fov / 2);

There's a tiny typo in the Pi number (3,141592653...): the number "6" is missing at the 7th decimal place.