PVS-Studio 7.32: enhanced analysis, new plugins and more

Unicorn Developer
PVS-Studio
Published in
4 min readAug 16, 2024

PVS-Studio 7.32 has been released. Discover enhanced C++ analysis optimization, new plugins and features, and a host of other updates! See more details in this note.

You can download the latest PVS-Studio version here.

Optimization of template instantiation analysis

In the latest PVS-Studio version, we’ve optimized the memory consumption for the C++ analyzer during template instantiation analysis.

However, we’ve retained the option to disable the analysis of their instantiation in a few ways:

Precedence of sourceTreeRoot flag

In the PVS-Studio_Cmd.exe utility, we’ve changed the precedence of the — sourceTreeRoot flag that sets the path root to convert paths from absolute to relative.

The flag now takes precedence over the following settings:

New analysis features for MSBuild build system

For the MSBuild build system, we’ve introduced an option to exclude the project from the analysis via the .pvsconfig configuration files.

You can do it by enabling the V_EXCLUDE_PROJECT flag in the .pvsconfig configuration file of diagnostic rules.

JetBrains CLion and .pvsconfig

The PVS-Studio plugin for JetBrains CLion IDE now enables you to use the .pvsconfig configuration file of diagnostic rules.

Here you can learn more about using PVS-Studio JetBrains Rider and CLion.

Updated PVS-Studio plugin for SonarQube

With API changes introduced in SonarQube 10.1, we’ve updated the plugin for integrating PVS-Studio into the SonarQube platform.

Now, to use PVS-Studio in new SonarQube versions, users need to install a new plugin. We continue to support and update the PVS-Studio plugin for previous SonarQube versions.

Learn more on how to use PVS-Studio in SonarQube.

Changes to user annotation syntax

The user annotation syntax in JSON format for the PVS-Studio C++ analyzer has been changed:

  • the nullable_initialized and nullable_uninitialized attributes are now deprecated;
  • the not_null, maybe_null, and always_null return object attributes have been introduced instead.

Support for taint data markup

PVS-Studio for C++ now supports marking sources and sinks in taint data analysis.

The feature implemented through the user annotation mechanism in JSON format.

Support for new build systems in C++ analyzer

The PVS-Studio analyzer now supports integration with Bazel and Scons build systems for C++ projects.

Support for new Qt Creator version

The PVS-Studio plugin is now available for Qt Creator 14.x.

The plugin for Qt Creator 8.x is no longer supported. We aim to ensure backward compatibility between the latest plugin versions and all Qt Creator versions released in the past two years.

New diagnostic rules:

C, C++

  • V1111. The index was used without check after it was checked in previous lines.
  • V1112. Comparing expressions with different signedness can lead to unexpected results.
  • V2021. Using assertions may cause the abnormal program termination in undesirable contexts.

C#

  • V3201. Return value is not always used. Consider inspecting the ‘foo’ method.
  • V3202. Unreachable code detected. The ‘case’ value is out of the range of the match expression.
  • V3203. Method parameter is not used.

Java

  • V6115. Not all Closeable members are released inside the ‘close’ method.
  • V6116. The class does not implement the Closeable interface, but it contains the ‘close’ method that releases resources.
  • V6117. Possible overflow. The expression will be evaluated before casting. Consider casting one of the operands instead.

Articles

For those, who code in C++:

For those, who code in C#:

For those, who code in Java:

Other articles:

Conference talks

Modern Static Code Analysis the Example of PVS-Studio

How can you detect potential errors yet at the development stage? The technology of static analysis helps to answer this question. We will explore what it is and how it works using the example of a modern code analyzer, PVS-Studio. We will consider practical examples of errors you can detect in C++ applications using static analysis tools. We will also address questions about integrating the analyzer into existing projects, discuss possible use scenarios for analyzers, and talk about integration into development pipelines.

Do you want to check a project with PVS-Studio? Then start from this page.

--

--

Unicorn Developer
PVS-Studio

The developer, the debugger, the unicorn. I know all about static analysis and how to find bugs and errors in C, C++, C#, and Java source code.