PVS-Studio 7.32: enhanced analysis, new plugins and more
PVS-Studio 7.32 has been released. Discover enhanced C++ analysis optimization, new plugins and features, and a host of other updates! See more details in this note.
You can download the latest PVS-Studio version here.
Optimization of template instantiation analysis
In the latest PVS-Studio version, we’ve optimized the memory consumption for the C++ analyzer during template instantiation analysis.
However, we’ve retained the option to disable the analysis of their instantiation in a few ways:
- use the DisableTemplateInstantiationCpp in the PVS-Studio plugin for Visual Studio;
- use the //V_DISABLE_TEMPLATE_INSTANTIATION setting in the .pvsconfig configuration files in cases when the analyzer memory consumption is still excessively high.
Precedence of sourceTreeRoot flag
In the PVS-Studio_Cmd.exe utility, we’ve changed the precedence of the — sourceTreeRoot flag that sets the path root to convert paths from absolute to relative.
The flag now takes precedence over the following settings:
- UseSolutionDirAsSourceTreeRoot in the Settings.xml configuration file;
- //V_SOLUTION_DIR_AS_SOURCE_TREE_ROOT in the .pvsconfig configuration file of diagnostic rules.
New analysis features for MSBuild build system
For the MSBuild build system, we’ve introduced an option to exclude the project from the analysis via the .pvsconfig configuration files.
You can do it by enabling the V_EXCLUDE_PROJECT flag in the .pvsconfig configuration file of diagnostic rules.
JetBrains CLion and .pvsconfig
The PVS-Studio plugin for JetBrains CLion IDE now enables you to use the .pvsconfig configuration file of diagnostic rules.
Here you can learn more about using PVS-Studio JetBrains Rider and CLion.
Updated PVS-Studio plugin for SonarQube
With API changes introduced in SonarQube 10.1, we’ve updated the plugin for integrating PVS-Studio into the SonarQube platform.
Now, to use PVS-Studio in new SonarQube versions, users need to install a new plugin. We continue to support and update the PVS-Studio plugin for previous SonarQube versions.
Learn more on how to use PVS-Studio in SonarQube.
Changes to user annotation syntax
The user annotation syntax in JSON format for the PVS-Studio C++ analyzer has been changed:
- the nullable_initialized and nullable_uninitialized attributes are now deprecated;
- the not_null, maybe_null, and always_null return object attributes have been introduced instead.
Support for taint data markup
PVS-Studio for C++ now supports marking sources and sinks in taint data analysis.
The feature implemented through the user annotation mechanism in JSON format.
Support for new build systems in C++ analyzer
The PVS-Studio analyzer now supports integration with Bazel and Scons build systems for C++ projects.
Support for new Qt Creator version
The PVS-Studio plugin is now available for Qt Creator 14.x.
The plugin for Qt Creator 8.x is no longer supported. We aim to ensure backward compatibility between the latest plugin versions and all Qt Creator versions released in the past two years.
New diagnostic rules:
C, C++
- V1111. The index was used without check after it was checked in previous lines.
- V1112. Comparing expressions with different signedness can lead to unexpected results.
- V2021. Using assertions may cause the abnormal program termination in undesirable contexts.
C#
- V3201. Return value is not always used. Consider inspecting the ‘foo’ method.
- V3202. Unreachable code detected. The ‘case’ value is out of the range of the match expression.
- V3203. Method parameter is not used.
Java
- V6115. Not all Closeable members are released inside the ‘close’ method.
- V6116. The class does not implement the Closeable interface, but it contains the ‘close’ method that releases resources.
- V6117. Possible overflow. The expression will be evaluated before casting. Consider casting one of the operands instead.
Articles
For those, who code in C++:
- I _____ hate arrays in C++!
- An insect is sitting in your compiler and doesn’t want to leave for 13 years
- How to find job for Rescue Rangers: analyzing Godot Engine
- Debugging bugs in x64dbg debugger. No debugger
- C++ programmer’s guide to undefined behavior: part 3 of 11
- C++ programmer’s guide to undefined behavior: part 2 of 11
- 12 moments of typos and copy-paste, or why AI hallucinates: checking OpenVINO
- Fixing bugs in your AI: let’s analyze bugs in OpenVINO
For those, who code in C#:
- .NET Digest #1
- .NET Digest #2
- Flax Engine. Exploring game engine & analyzing its source code
- Compilation of C# conference talks from 2023–2024
For those, who code in Java:
- How to develop code analyzer in 48 hours
- Bitwise operators in Java: unpacking ambiguities
- Even great mathematicians make mistakes
- Authorization pitfalls: what does Keycloak cloak?
- Search query for bugs in Apache Solr
Other articles:
- Get me two! PVS-Studio plugin update for SonarQube
- Code whisperers and rubber duck sorcery: do developers have superstitions?
- Cursed fire, or magic of C preprocessor
- How to train your cat to code: bizarre learning approaches
Conference talks
Modern Static Code Analysis the Example of PVS-Studio
How can you detect potential errors yet at the development stage? The technology of static analysis helps to answer this question. We will explore what it is and how it works using the example of a modern code analyzer, PVS-Studio. We will consider practical examples of errors you can detect in C++ applications using static analysis tools. We will also address questions about integrating the analyzer into existing projects, discuss possible use scenarios for analyzers, and talk about integration into development pipelines.
Do you want to check a project with PVS-Studio? Then start from this page.