>
>
PVS-Studio 7.30: enhanced integration w…

Gleb Aslamov
Articles: 14

PVS-Studio 7.30: enhanced integration with Unreal Engine, new C++ analyzer features, and more

PVS-Studio 7.30 has been released. We're glad to introduce new features, user annotations and various enhancements for the PVS-Studio integration with Unreal Engine, and even more! Here's a post with release details for you.

You can download the latest PVS-Studio version here.

User annotations for PVS-Studio C++ analyzer

The PVS-Studio C++ analyzer now has a mechanism for user annotations. It allows you to mark up types and functions in JSON format in order to provide the analyzer with additional information.

This mode enables developers to mark a function as unsafe to use, define its own type as nullable, etc. Thus, the information helps the analyzer detect more errors in code.

You can explore more about the mode in the documentation.

Enhanced Unreal Engine integration

In this release, we've aimed to enhance the experience of using PVS-Studio with Unreal Engine. Many enhancements have been added. They're available for projects starting with UE version 5.4:

  • An implementation of multi-file navigation on warnings included in the analyzer report.
  • A fix for a bug that causes the analysis to fail in Unreal Engine 5.3 when analyzing via the -StaticAnalyzer=PVSStudio compilation flag.
  • A support for disabling the standard warning output of the Unreal Build Tool to the console during the analysis. It can significantly reduce the analyzer report post-processing time in projects with many warnings.
  • An analysis of auto-generated files (.gen.cpp) is now disabled by default. You can use a special setting to enable it again.
  • A setting to run the analyzer only on project source files (skipping the Unreal Engine core module) is available. This enables you to significantly speed up the analysis process.

New C++ analyzer features

  • We've introduced the C, C++ analysis for the standard bool type that has appeared in the C23 standard of the C language. This enhancement has included support for the MISRA Essential Type Model and diagnostic rules based on it.
  • For the C++ analyzer, we've enhanced the handling of the standard C++ library and supported more compiler intrinsics, such as __add_lvalue_reference, __add_pointer, __add_rvalue_reference, and others.
  • Now the C++ analyzer supports the GNU RISC-V GCC Toolchain for the RISC-V platform.

Enhanced analysis mode for individual files

We've extended the system of analyzing individual files by using the ‑‑sourceFiles flag and re-generating the project dependency cache.

Now this mode is more robust to scenarios where the dependency cache is in a state that doesn't match the project structure. For example, it can happen if multiple branches are used in a version control system.

Moreover, we've added the option to run the analysis with a full cache update. It enables developers to analyze a project with a fully correct cache of dependencies in case there is no way to keep it up to date.

You can learn more about this mode in the documentation.

New diagnostic rules

C, C++

  • V1105. Suspicious string modification using the 'operator+='. The right operand is implicitly converted to a character type.
  • V1106. Qt. Class inherited from 'QObject' does not contain a constructor that accepts a pointer to 'QObject'.
  • V1107. Function was declared as accepting unspecified number of parameters. Consider explicitly specifying the function parameters list.

C#

  • V3196. Parameter is not utilized inside the method body, but an identifier with a similar name is used inside the same method.
  • V3197. The compared value inside the 'Object.Equals' override is converted to a different type that does not contain the override.
  • V3198. The variable is assigned the same value that it already holds.

Java

  • V6110. Using an environment variable could be unsafe or unreliable. Consider using trusted system property instead.
  • V6111. Potentially negative value is used as the size of an array.
  • V6112. Calling the 'getClass' method repeatedly or on the value of the '.class' literal will always return the instance of the 'Class' type.

Articles

For C++ programmers:

For C# programmers:

For Java programmers:

Articles on general topics:

Do you want to check your project with PVS-Studio? Then start from this page.

If you'd like to get news on latest releases, subscribe to the PVS-Studio newsletter here.