We develop, promote, and sell the PVS‑Studio static analyzer for C, C++, C#, and Java code.
Conferences. So far, we’ve attended over 175 conferences where we gave talks. You may have seen us at CoreHard, DevGAMM, SECR and others.
Our website. We process and post analysis results, we talk about integration experience etc.
Social media. We talk about the team and the company, discuss languages, and even teach.
Related resources. Authors talk about us on habr, Java Annotated Monthly, and other resources.
The idea to make an analyzer for the detection of errors during the migration of code to 64-bit systems. At that time 64-bit processors, 64-bit Windows operating systems, and the first 64-bit C++ compiler for Windows as a part of Visual Studio 2005 were emerging on the market. During that boom of 64-bit changes, we wanted to make a tool that would quickly become very popular, and make us rich. But we couldn't. The tool did not become very popular, and the real gain came many years later, after a long series of failures and successes.
The first public release of Viva64 1.00 on the web.
We created the analyzer's plugin for Visual Studio.
Founding of OOO Program Verification Systems.
Viva64 2.00 release.
The first beta version of VivaMP, an analyzer built for issues in multithreaded programs, built with the help of OpenMP technology. We did not manage to start up with 64-bit errors, but we saw that new computers with several kernels started appearing on the market. They would probably need software supporting parallel work. This was our chance!
VivaMP 1.00 release.
The release of PVS-Studio 3.00, in which Viva64 and VivaMP are combined as one product.
Started working on the C++11 standard support.
The release of PVS-Studio 4.00 beta-version, with a new set of general analysis diagnostic rules (General Analysis, V501-V545). Originally, the new diagnostics were free, and were created as a way to attract attention to the 64-bit and OpenMP code analyzers. We almost made a fatal mistake here.
PVS-Studio 4.00 release, in which the General Analysis diagnostics became paid. Still, we had not made our major mistake. Starting in 2011 we were coming to a real understanding of how our tool could be useful to people, how to make it, and the main thing - how to market it. In this version, we also made the first corporate licenses (Site License).
Incremental analysis in PVS-Studio 4.30 - The ability to run the analyzer automatically for files that have just been edited or recompiled. This allowed the use of PVS-Studio regularly on the local machines of the developers, and the fixing of bugs before they appear in the version control system.
With the release of PVS-Studio 4.32, we refused the use of a single-user license. This was one of the best business-solutions in the company's history.
PVS-Studio 4.50 starts using Clang, not only Visual C++ for preprocessing (and only for it!).
100 general analysis diagnostics (V501-V600) in PVS-Studio 4.53.
A new trial-mode in PVS-Studio 4.54 - Now the only limitation was clicks (jumps to the fragments with the errors), instead of a limitation of the error display.
A new set of diagnostics in PVS-Studio 4.60 - "Micro-optimizations" to search for fragments where performance loss could be detected by a static analyzer.
Integration into Embarcadero RAD Studio in PVS-Studio 5.00. We thought there were a lot of users of C++Builder. We were wrong. Or, perhaps we didn't manage to reach them.
PVS-Studio supported analysis of code in C++/CX.
A separate Standalone application in PVS-Studio 5.00.
Release of CppCat 1.00 - a cheap version of the analyzer, based on PVS-Studio. We called it a "PVS-Studio version for 250$". The idea was to make a high-quality, low cost analyzer. It was much cheaper. So that supposedly, more developers would buy and use our solutions. Perhaps we would discontinue developing PVS-Studio altogether, which we viewed as a large and heavy product having a long history, as opposed to an easy and young CppCat, where the simple interface was combined with the great abilities of a code analyzer.
PVS-Studio supported analysis of code in C++/CLI.
CLMonitoring function in PVS-Studio 5.18 - the interception of a compiler call.
The ability to perform mass suppression of uninteresting warnings in PVS-Studio 5.20. This feature significantly simplified the implementation process of the analyzer into the development process.
We grew mature enough to start removing code, not only writing it. We removed the support of Embarcadero RAD Studio and OpenMP diagnostics (the remains of VivaMP analyzer, which died long before it was "buried").
Started working on the C++14 standard support.
We closed down the CppCat project. The world didn't understand the value of our idea. We sold only a few licenses, and these were mainly to people who knew us because of PVS-Studio. De facto, we lost several of our PVS-Studio clients, whom we had to talk into going back to PVS-Studio later, which was a difficult thing to do. A low price, cool and simple interface, even the cat logo, didn't help. (Programmers are supposed to love cats, right?) Of course, we probably just cannot sell cheap tools. That was our one and a half year experiment, and we aren't going back to it.
Static code analysis for C# code in PVS-Studio 6.00 (more than 40 diagnostics).
We added the separate PVS-Studio command line version (PVS-Studio_Cmd), which supports vcxproj and csproj projects check (C++ and C#).
In PVS-Studio 6.05, we reached the number of 100 diagnostics for C# much faster - 10 months of development instead of 19 months for C++. However, the C# team was considerably larger and we were using Roslyn (its Code Analysis Framework, to be precise). I feel like writing: "There used be great programmers indeed!" But at that time we couldn't estimate the complexity of the product and its support and much more.
PVS-Studio no longer supports 32-bit operating systems.
Integration with SonarQube is now available in PVS-Studio.
PVS-Studio 6.10 gets a Linux version. Although we tried to avoid it for so many years...
Unreal Engine 4.17 supported PVS-Studio. Starting from this engine version, you can run the analysis from Unreal Build Tool.
We added the integration with Jenkins.
You can save analysis results in the HTML format with full navigation along the code. This enables working with PVS-Studio reports on computers without full deployment of the entire codebase.
Started working on the C++17 standard support.
Added support for CWE (Common Weakness Enumeration) and SEI CERT. From this moment on, PVS-Studio is a complete SAST solution.
In PVS-Studio 6.22, we added compilers' support for embedded systems. Developers who used Keil and IAR, could be the first to try the analyzer on their projects. We also released support of GNU Arm Embedded Toolchain and Texas Instruments Code Composer Studio.
In 2018 the PVS-Studio static code analyzer has become able to classify its warnings according to MISRA C and MISRA C++ standards. Due to support of these standards it has become possible to effectively use the analyzer to increase the level of security, portability and reliability of programs for embedded systems.
In PVS-Studio 7.00, the analyzer for Java has appeared. The first version already included 66 diagnostics. The analyzer was designed not from scratch. We've taken the logic of the C++ analyzer and formed it into a separate library. After that we used it with the Java parser. Thus the first version of the analyzer adopted the best practices of more that ten years of experience of developing static code analyzers. We made plugins for Maven, Gradle, IntelliJ IDEA and SonarQube for users. You can run the analyzer on three platforms: Windows, Linux and macOS.
2018 year has became the year of conferences for us. During this year, there were about 23 of them which is a record for us so far. We had talks, meetups and workshops on some of them or had booths and just listened to someone's talks during the other ones. Some conferences required doing all of this. Sure, we had participated in various activities of different levels before, but not that actively, as we do now. Here is the link to our review article with the list of conferences and videos of talks.
On all platforms, we moved to the same trial option: a request of a one-week key from the site. Without the key the program is not fully functional. At the conferences we provide temporary keys for a month. In addition to a couple program runs, within one month a person can introduce the tool into the development process to see how the product performs in daily use.
Started working on the C++20 standard support.
In PVS-Studio 7.08 it is now possible to run the C# analyzer on Linux and macOS. Another significant feature in this release is the PVS-Studio plugin for JetBrains Rider. It will allow C# developers to conveniently use the analyzer on all basic platforms.
PVS-Studio is included into the "Now Tech: Static Application Security Testing, Q3 2020" report as a SAST-specialized tool. Forrester Research is a leader in researching how innovative technologies affect business. The research report is available for purchase to Forrester Research subscribers and clients.
We continue to develop PVS-Studio as a SAST (Static Application Security Testing) tool. As a new step in this direction, we started working towards supporting the following standards: OWASP ASVS and AUTOSAR C++14 Coding Guidelines . Our website lists rules that correspond to OWASP ASVS and AUTOSAR C++14 Coding Guidelines.
PVS-Studio now provides mapping for its diagnostic rules to the list of most common security threats OWASP Top 10 Web Application Security Risks. This list is based on the general opinion of security experts from around the world. This rating helps developers and security experts find and eliminate security risks in their applications.
We implemented taint analysis of C# code. Thanks to this, the analyzer can detect SQL injections, XSS, XXE, and other weaknesses related to external data processing.
We created a PVS-Studio plugin for JetBrains CLion. Now you can use the analyzer in this IDE.
The C++ analyzer learned to perform intermodular analysis. In this mode, PVS-Studio can detect calls of methods from other translation units and thus can find potential errors more effectively.
PVS-Studio covered 80% of the MISRA C standard: now the analyzer has warnings for all rules from the Mandatory and most of the Required categories.
Our team found more than 15 000 errors in Open Source projects.
PVS-Studio can check Unreal Engine 5 projects.
From now on, the C# analyzer performs software composition analysis (SCA). It helps the tool to search for dependencies with known vulnerabilities.
PVS-Studio covers all OWASP Top 10 2021 categories. The tool provides at least one diagnostic rule for each of them.
We released plugins for Visual Studio Code and Qt Creator.
Date: Mar 16 2023
Author: Andrey Karpov
Date: Jan 26 2023
Author: Sergey Vasiliev
Date: Aug 08 2022
Author: Artem Rovenskii
Date: Aug 02 2022
Author: Sergey Vasiliev
Date: Jul 14 2022
Author: Oleg Lisiy