Today we released a new version of PVS-Studio 6.17 static analyzer. In this version there are improvements, which, in my opinion, deserve a small note. I suggest to get acquainted with them, and then download the latest version of the distribution package.
We continue to develop our analyzer in relation to Linux. In other words, the Linux version is overtaking Windows version of analyzer on its abilities. The next step was the implementation of a plugin for SonarQube quality control system and adding a mode of mass warnings suppression for Linux. More detailed information can be received from the documentation sections "Integration of PVS-Studio analysis results into SonarQube" and "How to run PVS-Studio on Linux".
In the command line module PVS-Studio_Cmd.exe a new incremental analysis mode "AppendScan" was added. The usage of this mode will let "accumulate" information about the files that need to be analyzed. Thus, more options of performing the analysis become available that will let you configure the analyzer in terms of the needs of the project. More details are given in the article "PVS-Studio's incremental analysis mode".
Several new diagnostics were added, but nothing remarkable:
A much more interesting feature is that a mechanism of virtual values was significantly redesigned in the kernel of C++ analyzer. For example, now the analyzer performs a double loop passage, which allows it to define the range of possible values of variables, changing in a loop, more accurately. So don't be surprised if the analyzer starts issuing many warnings for that code which used to seem correct for the analyzer. We definitely recommend to upgrade the analyzer version because this way you will be able to find new bugs.
Another interesting improvement is the ability to make C++ analyzer think that malloc function cannot return NULL. Some programmers don't want to deal with the situation when the malloc returns a null pointer. That is why, pointers are used without prior check and, as a consequence, PVS-Studio analyzer issues plenty of warnings. Developers consider them as false positives and they asked for the ability to modify the behavior of the analyzer. An example of such an approach is described in the article "Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries". To configure the behavior of the analyzer special comments are used that are described in the section "Additional diagnostics configuration".
Also a plugin has been added in the distribution package which allows displaying analysis results in a Jenkins continuous integration system (so far available on Windows). This will allow you a better monitoring of the amount of potentially dangerous places in the project. A using the plugin for Jenkins is described in more detail in the article "Integrating PVS-Studio into the Continuous Integration Process" in the section "PVS-Studio plugin for Jenkins".
Download and try the new version of the analyzer! Also, I'd like to take this opportunity to remind that we wrote a series of articles dedicated to a verification of a Tizen operating system code and hope they were interesting. If you missed the information about their publications, I suggest go over the links and get acquainted with these articles:
Unfortunately, we must make the PVS-Studio 4.00 static analyzer completely paid. We intended to make only the set of 64-bit rules paid while keeping the general analysis and OpenMP-software analysis free. But the world is stern and we've found no support.