Home
>
Posts
>
PVS-Studio 7.21: GitLab Code Quality, U…

Sergey Vasiliev
Articles: 96

PVS-Studio 7.21: GitLab Code Quality, Unreal Engine

PVS-Studio 7.21 has been released. This short note describes the analyzer's main enhancements and lists our recent articles and quizzes.

You can download PVS-Studio 7.21 here. If you don't have a license key, you can get a trial key here.

So, what's new?

GitLab Code Quality reports

The PVS-Studio analyzer's results now can be converted into reports compatible with GitLab Code Quality. This will help monitor the quality of the project within the GitLab ecosystem.

The documentation on using PVS-Studio in GitLab CI/CD describes how to get a report of this type.

Closer integration with Unreal Engine

We keep enhancing support of Unreal Engine projects. And we have 3 news to share with you:

  • We taught the analyzer to understand more types specific to Unreal Engine projects. Fewer false positives, more accurate warnings.
  • We described how to check Unreal Engine projects with PVS-Studio on Linux.
  • Moreover, we made a pull request that allows to use more of the analyzer's settings in UE projects' analysis. For example, you can specify a timeout for file analysis. The changes have already been committed to the engine's code. The new features will be available in the next version of Unreal Engine.

Improving cross-platform scenarios

The PVS-Studio plugin for Visual Studio now supports JSON suppress files. This format was previously supported only in utilities on Linux and macOS. This simplifies the use of suppress files in cross-platform scenarios. It is also now easier to integrate PVS-Studio in the development process of cross-platform projects that contain legacy code.

New warning suppression features

Now you can automatically filter analyzer warnings whose messages contain the specified text. The feature allows you to suppress specific diagnostics' warnings that match a template — without disabling the diagnostics completely. You can create a filter of this kind in .pvsconfig files (C++, C#) or directly in code (C++ only).

Let's take a look at the following example. The V3022 diagnostic of PVS-Studio for C# is triggered if the expression in code is always true or false.

Here's the code fragment:

static void ProcessStr(String str)
{
  if (str == "temp")
  {
    if (str.Length != 0) // V3022 (expression is always true)
      ....
    
    if (str.Length == 0) // V3022 (expression is always false)
      ....
  }
}

Let's say we are not going to disable the V3022 diagnostic completely, but we only want to see warnings for conditions that are always false. So, we just need to create the following filter in the .pvsconfig file:

//-V::3022::{always true}

PVS-Studio will filter out V3022 warnings that contain the "always true" text. If you use this filter for the code fragment above, the first warning will be gone, while the second one will remain.

Diagnostic configuration files (.pvsconfig) documentation

Diagnostic configuration files allow to configure the analyzer to fit your needs, for example:

  • change the diagnostic level;
  • exclude warnings that match a certain pattern from the analysis results;
  • change the warning message, etc.

The new documentation section describes all features of .pvsconfig files and how to use these files in different environments.

New diagnostics

C, C++

  • V1090. The 'std::uncaught_exception' function is deprecated since C++17 and is removed in C++20. Consider replacing this function with 'std::uncaught_exceptions'.
  • V1091. The pointer is cast to an integer type of a larger size. Casting pointer to a type of a larger size is an implementation-defined behavior.
  • V1092. Recursive function call during the static/thread_local variable initialization might occur. This may lead to undefined behavior.

C#

  • V3178. Calling method or accessing property of potentially disposed object may result in exception.
  • V3179. Calling element access method for potentially empty collection may result in exception.
  • V3180. The 'HasFlag' method always returns 'true' because the value '0' is passed as its argument.
  • V3181. The result of '&' operator is '0' because one of the operands is '0'.
  • V3182. The result of '&' operator is always '0'.

Quizzes

We made a quiz on "Who you are in C#". You can try it here.

By the way, leave a comment if you managed to get a different result than "You are a garbage collector". Because I don't know if it's me being so unlucky or if we're all being trolled by our C# team... :)

If you missed other activities, here they are:

  • quiz "Who you are in C++";
  • challenge "Can you spot an error in C# code?";
  • challenge "Can you spot an error in C++ code?".

Articles

For those who code in C++:

  • Top 10 C++ conference talks 2019—2022 (link);
  • Is there life without RTTI or How we wrote our own dynamic_cast (link);
  • Reworking C and C++ front-end — or how we deal with 16-year legacy code in PVS-Studio (link);
  • A talk with Jason Turner: the history of CppCast, and why it was shut down (link).

For those who code in C#:

  • Sorting in C#: OrderBy.OrderBy or OrderBy.ThenBy? What's more effective and why? (link);
  • List in C#: implementation and features (link);
  • The risks of using vulnerable dependencies in your project, and how SCA helps manage them (link);
  • Do you plan to take on .NET MAUI? Get ready for an adventure with NullReferenceException (link).

Checking projects for bugs:

  • Stride game engine (C#): link;
  • ML.NET — the machine learning framework (C#): link;
  • MSBuild build platform (C#): link;
  • Orchard Core — the framework and CMS (C#): link;
  • Rhino JavaScript engine (Java): link.