PVS-Studio 7.28: support for ARM, .NET 8, analysis of Unreal Engine projects without Unity Build, and more

by Gleb Aslamov

When analyzing Unreal Engine projects with PVS-Studio, we often encounter issues with high memory usage and analysis slowdown. They usually arise when individual translation units are combined into a single file (the Unity Build system). Although the merging of translation units may have a positive impact on the compilation time, the large file size may increase the resource requirements for analysis.

PVS-Studio 7.25: support for latest versions of Qt Creator, Rider, and more

by Nikita Lipilin

When checking C++ projects that use MSBuild, PVS-Studio did not use the full power of Intel's 12th generation processors (for example, i7-12700, i9-12900). Apparently, the analysis processes were running only on energy-saving cores, while the rest remained idle. In the new version of PVS-Studio, the error has been fixed. Now the analyzer fully loads the processors and works much faster.

PVS-Studio in 2022

by Polina Alekseeva

Speaking of cross-platform. As of now, the analyzer runs on Windows, Linux, and macOS on the x86_64 architecture. It is currently impossible to run the analyzer natively on the same operating systems under ARM (except for C and C++ analyzer on ARM-based macOS: you can run it via Rosetta). We're wondering if there are many people among our readers who want to natively use the analyzer on ARM. How critical is the build and analysis of projects on the ARM architecture for you?

PVS-Studio 7.20: Unreal Engine, SAST, SCA

by Sergey Vasiliev

New diagnostics for C, C++:

• V1086. Call of the 'Foo' function will lead to buffer underflow.
• V1087. Upper bound of case range is less than its lower bound. This case may be unreachable.
• V1088. No objects are passed to the 'std::scoped_lock' constructor. No locking will be performed. This can cause concurrency issues.
• V1089. Waiting on condition variable without predicate. A thread can wait indefinitely or experience a spurious wake up.

CWE Top 25 2022. Review of changes

by Mikhail Gelvih

Below is a table of correspondence between the CWE Top 25 2022 list and the PVS-Studio diagnostic rules, divided by programming languages. You can always check the most up-to-date table with CWE Top 25 coverage on our website.

PVS-Studio 7.19: what's new?

by Sergey Vasiliev

Now, you can use PVS-Studio to analyze projects on Unreal Engine 5. For the most part, projects on UE 5 are analyzed in the same way as projects on UE 4. The difference is described in the documentation.

PVS-Studio 7.16, expanding the horizons: MISRA C, Visual Studio 2022, .NET 6

by Andrey Karpov

PVS-Studio supports 80% of the MISRA C standard for safety and security. The tool fully covers the warnings categorized as Mandatory and most of the warnings from the Required category.

CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?

by Mikhail Gelvih

We have been using the CWE classification for PVS-Studio diagnostics for more than three years. Their number increases every year. In 2018, we covered only 94 points on the CWE list. Now it's almost 130. However, this article isn't about the total number of diagnostics. Let's talk about those that are included in the list of the most dangerous diagnostics in 2021. If you want to read the full list, you can get it in the "CWE compliance" section of our documentation.

Why do you need the MISRA Compliance report and how to generate one in PVS-Studio?

by Nikolay Mironov

To make this simpler, let's take rule 1.1 that has the standard value of the category equal to Required. If you look at the table, you can see that acceptable compliance values for Required are Compliance or Deviations (I'll talk more about the meaning of these statuses later). This means that if your project complies with rule 1.1, or if it complies with this rule with some deviations - everything is fine and you can go to the next rule. If you get at least one hit in Violations or Disapplied, then the project does not comply with MISRA C 2012. If all rules have acceptable values only, congratulations! Your project complies with the MISRA C 2012 standard. If you have a hit in the red zone (the table above), you do not comply with the standard.

PVS-Studio 7.14: intermodular analysis in C++ and plugin for JetBrains CLion

by Andrey Karpov

As the list below shows, most of the diagnostics that we currently implement are based on the MISRA C standard. We focused on the MISRA C support, and now PVS-Studio covers 60% of the standard. Soon, we plan to cover at least 80%. We also want to introduce the support of coding standards from the MISRA C Compliance.