PVS-Studio 7.16, expanding the horizons: MISRA C, Visual Studio 2022, .NET 6

• The Visual Studio 2022 support
• .NET 6 and C# 10.0 support
• MISRA C
• Different enhancements
• New diagnostics
• Latest articles in our blog
• Feedback

This is the latest release of PVS-Studio in 2021. With it, the PVS-Studio team accomplishes several important goals. Now, PVS-Studio supports Visual Studio 2022, the .NET 6 platform and C# 10.0. We implemented all diagnostics categorized as Mandatory in MISRA C.

The Visual Studio 2022 support

Now, PVS-Studio supports Visual Studio 2022. You can use the analyzer to check C++ and C# projects. PVS-Studio supports projects built with new versions of C++ and .NET standard libraries.

From the user's point of view, the analyzer interface, and the way the tool works have not changed a lot. We have to update our "PVS-Studio for Visual Studio" article of 2019, but in general, the information in the article is relevant.

.NET 6 and C# 10.0 support

Now, the PVS-Studio C# analyzer supports the .NET 6 platform for Windows, Linux, and macOS. We also added the support of C# 10.0. Besides, the C# analyzer for Linux and macOS now works for .NET 6.

Taking the opportunity, we invite you to read the following article: "What's new in C# 10: overview".

MISRA C

PVS-Studio supports 80% of the MISRA C standard for safety and security. The tool fully covers the warnings categorized as Mandatory and most of the warnings from the Required category.

See also:

• What is MISRA and how to cook it;
• Why do you need the MISRA Compliance report and how to generate one in PVS-Studio?
• Classification of PVS-Studio warnings according to the standards: MISRA C, MISRA C++.

Different enhancements

The mechanism to suppress warnings for existing code (baseline, suppression of warnings) now can work with Unreal Engine projects. In this release, the baseline mechanism is available only for UE projects in the command-line version of the PVS-Studio analyzer. The next version of PVS-Studio will support the suppression of warnings for UE projects directly from Visual Studio and JetBrains Rider.

Note. To learn more about the disabling of warnings for existing code, read the following article: "How to introduce a static code analyzer in a legacy project and not to discourage the team".

Also, we have a new documentation section explaining how to use PVS-Studio to check projects whose build model is represented in the JSON Compilation Database format. This method is available for projects based on CMake, QBS, Ninja, etc.

Now, in the PVS-Studio plugins for JetBrains IDEA, Rider and CLion, you can customize shortcuts for the most frequently used actions for checking projects and working with analysis results.

New diagnostics

• V833. Using 'std::move' function with const object disables move semantics.
• V1076. Code contains invisible characters that may alter its logic. Consider enabling the display of invisible characters in the code editor.
• V2615. MISRA. A compatible declaration should be visible when an object or function with external linkage is defined.
• V2616. MISRA. All conditional inclusion preprocessor directives should reside in the same file as the conditional inclusion directive to which they are related.
• V2617. MISRA. Object should not be assigned or copied to an overlapping object.
• V2618. MISRA. Identifiers declared in the same scope and name space should be distinct.
• V2619. MISRA. Typedef names should be unique across all name spaces.
• V2620. MISRA. Value of a composite expression should not be cast to a different essential type category or a wider essential type.
• V2621. MISRA. Tag names should be unique across all name spaces.
• V2622. MISRA. External object or function should be declared once in one and only one file.
• V5616. OWASP. Possible command injection. Potentially tainted data is used to create OS command.

Latest articles in our blog

• C++ tools evolution: static code analyzers.
• How a PVS-Studio developer defended a bug in a checked project.
• All hail bug reports: how we reduced the analysis time of the user's project from 80 to 4 hours.
• How the Carla car simulator helped us level up the static analysis of Unreal Engine 4 projects.
• A variety of errors in C# code by the example of CMS DotNetNuke: 40 questions about the quality.
• Thanks, Mario, but the code needs fixing — checking TheXTech.
• OWASP Top Ten and Software Composition Analysis (SCA).
• Virtual function calls in constructors and destructors (C++).

Feedback

Thank you for your attention and interest in our product. If you have any questions or suggestions, we are always ready to discuss them. We'd also appreciate if you give us feedback on the new features of the analyzer.