>
>
Overview of the PVS-Studio plugin for V…

Andrey Moskalev
Articles: 11

Overview of the PVS-Studio plugin for Visual Studio Code

Now you can take advantage of static analysis when working with the Visual Studio Code editor due to the new PVS-Studio extension. In this article, we will explore the use of the plugin, from installation to handling the analysis results. Let's get started!

PVS-Studio is a static code analyzer for C, C++, C#, and Java projects. In December 2022, the PVS-Studio team released extensions for Visual Studio Code and Qt Creator. At the moment, both plugins can be used to work with the analysis results. It is not yet possible to run the analysis directly from the extensions, but we're going to add this feature in upcoming releases. Currently, you can run the analysis in plugins for Rider and Visual Studio, or run the analyzer from the command line.

But let's go back to the chief topic of this article. I would like to introduce you to the new PVS-Studio extension for Visual Studio Code and show how you could use it in your project.

Installing the PVS-Studio analyzer and VS Code plugin

First of all, we need to install PVS-Studio. You can download the installation file of the analyzer from the official website.

Installing the analyzer on Windows

You shouldn't have any difficulties when installing the analyzer. However, you can always consult the PVS-Studio installation guide for Windows.

Note. In the 'Select Components' installation step, you can select 'Integration with Visual Studio Code'. As a result, the VS Code plugin is installed along with the analyzer.

Installing the analyzer on Linux and macOS

You can find out how to install the PVS-Studio analyzer on Linux and macOS in the following documentation sections:

Installing the VS Code plugin

If the extension has not been installed along with the analyzer, you can install it separately. To install the PVS-Studio extension, open Visual Studio Code and click the 'Extensions' tab, then type 'PVS-Studio' into the search box and click the 'Install' button:

Running the analysis

Let's try the new plugin and the analyzer on a real project. In this article, we used the open-source project to show how the analyzer works.

Running the analysis directly from VS Code is not supported yet, this feature will be added in future releases. For now, you can use the command line instead.

I used the following command to analyze a C#-application on a Linux operating system:

pvs-studio-dotnet -t Solution.sln -o PVS-Studio_Result.json -r

The following parameters are used in this command:

  • -t [project/sln] is a required parameter, the path to the project/solution file;
  • -o [outputPath] is a path to be used to generate the report with the analysis results. Two report formats are available: 'plog' and 'json'. The format of the report is determined by the specified file extension. The default format may vary depending on the OS or the analyzer version used. Note that the PVS-Studio extension for VS Code currently supports reports in the json format only, so it's better to specify this setting explicitly.
  • -r is a parameter that enables the detailed logging mode in the terminal to track the progress of the analysis.

Note. Running the analysis from the command line may vary depending on the operating system and the programming language of the project being analyzed. You can consult the PVS-Studio documentation for guidelines on how to run an analysis specifically for your case.

Handling the analysis results

Let's switch back to VS Code and go to the 'PVS-Studio' tab. Click the 'Open report' button here:

Select the report file in the dialog box. Please note that the VS Code extension now only supports reports in the json format. If you are running PVS-Studio on Windows, the report may have been generated in the 'plog' format. In this case you may need to convert the report into the json format beforehand. You can do it with the help of the 'PlogConverter' utility that is included into the PVS-Studio distribution kit. For more information about the utility, see the documentation section on how to view and convert analyzer's results.

The interface of the plugin can be divided into five areas:

  • Filters by warning's code, messages and file names.
  • Filters by warning levels.
  • Filters by diagnostic groups.
  • Features for saving and loading the analysis report, plugin settings.
  • The list of warnings provided as a table.

We will discuss some of the plugin's features below. In case you would like to find out more information about the VS Code extension, you can consult its documentation section.

Take a look at the interface area number 2:

In this area you can enable/disable warnings of a certain level. The analyzer divides all warnings into 3 levels, which denote how likely a warning indicates an actual error.

As you can see on the screenshot, each level also displays the number of warnings issued.

Now why don't we find some bug in the project using the analyzer report?

The analyzer reports that an anonymous function is used to unsubscribe from the event. Double-click on the warning line to see the code fragment:

Indeed, an anonymous function is declared here and used to unsubscribe from the CollectionChanged event. The developer did not pay attention to the fact that all anonymous functions are unique objects. That's why this anonymous function has nothing to do with any of the handlers, which means no handlers will be unsubscribed.

The future of the VS Code plugin

Now the VS Code extension provides the basic functionality for handling PVS-Studio reports. Soon you will be able to run the analysis directly from the plugin, which will make it even more handy. We're going to implement this feature step-by-step: first, the analysis of C and C++ projects will be supported, and then the analysis of C# projects.

Conclusion

In this article, we have examined how the code analyzer works together with the new PVS-Studio plugin for Visual Studio Code.

If you haven't tried the analyzer yet, you can download it here.

I hope you enjoyed reading this article :)

Good luck and clean code to you! Thank you and see you soon!