static code analyzer

Detecting errors in the LLVM release 13.0.0

Commercial static analyzers perform deeper and fuller code analysis compared to compilers. Let's see what PVS-Studio found in the source code of the LLVM 13.0.0 project.

Detecting errors in the LLVM release 13.0.0

by Andrey Karpov

From the article:

It makes no sense to write different values one by one to the same variable. This is exactly what the analyzer warns us about. The code author made a typo, forgetting to add '|'. This code should create one 64-bit value from two 32-bit values. The correct code looks as follows: ....

Beta-Testing of PVS-Studio Plugin for JetBrains CLion

To fully test the plugin, you'll need to install both the beta plugin version and the C++ core beta version of the analyzer. There are several ways to install the plugin: from the official repository, from the repository on our site, or using Windows PVS-Studio installer. Below we'll tell you in detail how to do this.

Beta-Testing of PVS-Studio Plugin for JetBrains CLion

by Evgeniy Ovsyannikov, Paul Eremeev

From the article:

We usually recommend running full analysis regularly, such as once a day, at night. In addition to nightly analysis, we highly recommend checking new code immediately after writing it. This way you'll get the best advantage of using the analyzer. To do this, use incremental analysis, which works as follows. A project was changed, a developer runs a build. After successful compilation only modified files will be analyzed. Modified files are the ones that have been changed since the previous analysis.

PVS-Studio 6.24 released

A new release of the PVS-Studio static code analyzer became available to download. This tool is designed to detect errors and potential vulnerabilities in the source code of programs, written in C, C++, and C#.

PVS-Studio 6.24 released

by Andrey Karpov

From the article:

Support for Texas Instruments Code Composer Studio, ARM compiler was added under Windows\Linux. 8 new diagnostics were introduced to detect errors in C and C++ code. In addition to the development of new diagnostics, we continue improving Data-Flow analysis that enables old diagnostics find more bugs. Thanks to these improvements, the analyzer finds more interesting errors, like the one we described in the article "February 31". Download and try PVS-Studio.

Static Code Analyzer PVS-Studio 6.22 Now Supports ARM Compilers (Keil, IAR)

Now our articles have every chance to become even more interesting because PVS-Studio can now check the code of embedded devices. We have added support for a few ARM compilers, which I talk about in detail below.

Static Code Analyzer PVS-Studio 6.22 Now Supports ARM Compilers (Keil, IAR)

by Andrey Karpov

From the article:

I find the RT-Thread operating system a perfect candidate to be the first embedded system checked with PVS-Studio. I glanced through the analysis report by PVS-Studio and picked 95 warnings that I thought to be the most interesting ones. Too see all those messages for yourself, download the rt-thread-html-log.zip archive with the full HTML report. We introduced this format not so long ago, and some users may not know about it. So, I'd like to use this opportunity to explain it once again.

Useful Improvements in the PVS-Studio 6.17 Release

In this version there are improvements, which, in my opinion, deserve a small note.

Useful Improvements in the PVS-Studio 6.17 Release

by Andrey Karpov

From the article:

A much more interesting feature is that a mechanism of virtual values was significantly redesigned in the kernel of C++ analyzer. For example, now the analyzer performs a double loop passage, which allows it to define the range of possible values of variables, changing in a loop, more accurately. So don't be surprised if the analyzer starts issuing many warnings for that code which used to seem correct for the analyzer.

PVS-Studio 6.16 released

PVS-Studio is a static code analyzer that detects errors and potential vulnerabilities in the source code of programs written in C/C++/C#. Version 6.16 has obtained 11 new general analysis diagnostics.

PVS-Studio 6.16 released

by Andrey Karpov

About the release:

In a sense, this is a milestone for us. The thing is that we cannot add more numbers of general analysis warnings, otherwise they will concur with the numbers of micro-optimization diagnostics. It seemed to us that the list of 300 diagnostics was endless, but now it is over and we got to the point of 800, where we have micro-optimization diagnostics. In the next release we plan to resume numbering the general-analysis warnings with V1000. Download and enjoy the new version of PVS-Studio now by clicking here.

P.S. How to use PVS-Studio for Free.

How to use PVS-Studio for free

We want to help the software world improve the quality of their code, and get to know static analysis tools better. We are giving the opportunity to use PVS-Studio static code analyzer for free, for educational purposes, so that individual developers and enthusiastic teams could also fully use it.

How to use PVS-Studio for free

by Andrey Karpov

From the article:

Some developers may say that they don't want to see two additional lines of code at the beginning of the file with the comments not related to the project itself. It is their right, and they may simply not use the tool. Or they can purchase a commercial license, and use it without any restrictions. We see these comments as a gratuity for the provided license, and also as an additional way to promote our product. I think it's a good, fair exchange.

Cppcheck

I wish to introduce the CppCheck tool to the beginner programmers. Cppcheck is a static analyzer for C and C++ code. It is open-source, free, cross-platform and easy-to-use.

Cppcheck

by Andrey Karpov

From the article:

One of the basic advantages of the Cppcheck analyzer is that it is easy-to-use. It is good to teach and study the static analysis methodology: for instance, you install Cppcheck on a Windows system and get a GUI interface allowing you to immediately start checking your projects.