sast

Beta-Testing of PVS-Studio Plugin for JetBrains CLion

To fully test the plugin, you'll need to install both the beta plugin version and the C++ core beta version of the analyzer. There are several ways to install the plugin: from the official repository, from the repository on our site, or using Windows PVS-Studio installer. Below we'll tell you in detail how to do this.

Beta-Testing of PVS-Studio Plugin for JetBrains CLion

by Evgeniy Ovsyannikov, Paul Eremeev

From the article:

We usually recommend running full analysis regularly, such as once a day, at night. In addition to nightly analysis, we highly recommend checking new code immediately after writing it. This way you'll get the best advantage of using the analyzer. To do this, use incremental analysis, which works as follows. A project was changed, a developer runs a build. After successful compilation only modified files will be analyzed. Modified files are the ones that have been changed since the previous analysis.

PVS-Studio 7.13: Blame Notifier, MISRA

The list of diagnostics supported by MISRA and AUTOSAR continues to grow. We've expanded the Blame Notifier utility's capabilities. The analysis of Ninja projects on Windows has been enhanced and now involves the JSON Compilation Database.

PVS-Studio 7.13

by Andrey Karpov

From the article:

  • The C++ analyzer provides enhanced support of Ninja projects on Windows using JSON Compilation Database (compile_commands.json).
  • The C++ PVS-Studio analyzer spends 10% less time checking source files with the use of the Clang compiler.
  • To check C++ and C# Visual Studio PVS-Studio_Cmd.exe projects, you can pass the suppression file directly. Before this, you could add suppressed warnings only at the projects and solution level.

PVS-Studio Beta plugin for CLion (Win\Linux\macOS): It's less than a month away

PVS-Studio Beta plugin for CLion (Win\Linux\macOS). It's less than a month away. Want to be the first to try it? Just sign up here.

PVS-Studio Early Access Program

by PVS-Studio Team

Description:

PVS-Studio is a static analyzer that detects errors and potential vulnerabilities in the source code of programs written in C, C++, C#, and Java. In 2021 we are planning to release the PVS-Studio plugin for C++ IDE – CLion.

PVS-Studio 7.12 New Features for Finding Safety and Security Threats

At the moment, PVS-Studio is developing not only as a static analyzer searching for code quality defects (quality control solution) but also as a solution for searching for security and safety defects.

PVS-Studio 7.12 New Features for Finding Safety and Security Threats

by Nikolay Mironov, Paul Eremeev

From the article:

Well, to waste no time, let's point out the additions right away. So, here is what's new, safe, and cool in PVS-Studio:

  • New diagnostic groups OWASP ASVS and The AUTOSAR C++14 Coding Guidelines have been added to the analyzer. Previously, the compliance of PVS-Studio diagnostic rules with these standards was available only on our website. Now we have more than 50 new diagnostic rules!
  • Now the analyzer shows information about the compliance of the warnings with the SEI CERT Coding Standard. This information formerly was available only on the PVS-Studio website.
  • The interface of our plugins for Visual Studio, JetBrains Rider, and IntelliJ IDEA has been improved to ease the work with analyzer messages that have safety and security standards identifiers.
  • New diagnostic groups (OWASP, AUTOSAR) in PlogConverter are supported.
  • New diagnostics (OWASP, AUTOSAR) are supported in SonarQube at the tag level. We classified our diagnostic rules by OWASP Top 10.

PVS-Studio Roadmap 2021

PVS-Studio can currently analyze programs written in C, C++, C#, and Java. It also supports some C++ language extensions, for example, C++/CLI and C++/CX. In 2021, we do not plan to implement support for new languages, but we plan to expand the analyzer. We want to support several new compilers (C, C++) for micro controllers and some development environments, such as CLion.

PVS-Studio Roadmap 2021

by Andrey Karpov

From the article:

We will continue to support the MISRA C and MISRA C++ coding standards. However, it's time to also support a more modern set of rules described in The AUTSAR C++14 Coding Guidelines. This document is the MISRA C++:2008 standard update, and is also based on leading code standards and research papers prepared by AUTOSAR.

PVS-Studio 7.11 Release: IAR Arm, Diagnostics, FREE-FREE-FREE-FREE

This is the press release of the New Year's version of the PVS-Studio 7.11 analyzer. Since the new version includes only a few enhancements, let's take this opportunity to recall the options for free PVS-Studio use.

PVS-Studio 7.11 Release: IAR Arm, Diagnostics, FREE-FREE-FREE-FREE

by Andrey Karpov

From the article:

Support of the IAR Arm compilers is now available in the pvs-studio-analyzer utility. This family of compilers was previously supported only in the CLMonitor.exe utility on Windows. Now users of PVS-Studio for Linux can check the code written for these compilers as well. We added interception of compiler calls via ld-linux to the pvs-studio-analyzer utility.

Checking Clang 11 with PVS-Studio

It's no secret that compilers employ their own built-in static code analyzers, and those are developing as well. That's why we write articles every now and then to show that our static analyzer, PVS-Studio, can find bugs even inside compilers and that we are worth our salt.

Checking Clang 11 with PVS-Studio

by Andrey Karpov

From the article:

The programmer is using a modulo operation to get a random value of either 0 or 1. But the value 1 seems to confuse developers and make them write the classic anti-pattern in which the modulo operation is performed on 1 instead of 2. The X % 1 operation is meaningless as it always evaluates to 0.

Checking a Header-Only C++ Library Collection (awesome-hpp)

Somehow, we've happened to check most of the libraries making up a collection called "Awesome hpp". These are small header-only projects in C++. Hopefully, the information about the bugs we've found will help make the libraries better.

Checking a Header-Only C++ Library Collection (awesome-hpp)

by Andrey Karpov

From the article:

A note for library developers. You can use PVS-Studio to check open-source projects for free. To get a free license to use with your open-source project, please fill in this form.

PVS-Studio 7.09

Therefore, most likely, now each release will be followed by a special note so that users don't miss changes that may be useful to them. What's interesting is that from now on we won't just list everything that was added or improved. Rather, now on the contrary, the purpose is to highlight the most important features in the news to avoid having just a boring list of changes.

PVS-Studio 7.09

by Andrey Karpov

From the article:

New general analysis diagnostics:

  •     V1059. Macro name overrides a keyword/reserved name. This may lead to undefined behavior.
  •     V1060. Passing 'BSTR ' to the 'SysAllocString' function may lead to incorrect object creation.
  •     V1061. Extending 'std' or 'posix' namespace may result in undefined behavior.
  •     V1062. Class defines a custom new or delete operator. The opposite operator must also be defined.
  •     V1063. The modulo by 1 operation is meaningless. The result will always be zero.

PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents

Static code analysis is most effective when changing a project, as errors are always more difficult to fix in the future than at an early stage. We continue expanding the options for using PVS-Studio in continuous development systems. This time, we'll show you how to configure pull request analysis using self-hosted agents in Microsoft Azure DevOps, using the example of the Minetest game.

PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agents

by Alexey Govorov

From the article:

The result is a build system based on MSBuild for C++, with Chocolatey for installing PVS-Studio, CMake, and Git. Vcpkg is built for convenient management of the libraries that the project depends on. Also, we have to download the latest version of the Azure Pipelines Agent. To initialize the agent from the ENTRYPOINT Docker file, the PowerShell script 'entrypoint.ps1' is called, to which you need to add the URL of the project's "organization", the token of the agent pool, and the PVS-Studio license parameters....