To get a trial key
fill out the form below
Team License (standard version)
Enterprise License (extended version)
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
GBP
RUB
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
News from PVS-Studio Developers' Secret…

News from PVS-Studio Developers' Secret Basement Lab...

Aug 16 2013

From time to time we tell you news about our internal researches and developments conducted by the developer team of the PVS-Studio static analyzer for C/C++. Today I'm going to tell you about a new solution we are currently working on within the framework of our main product.

C++ Builder support in PVS-Studio had been dropped after version 5.20. If you have any questions, feel free to contact our support. Analysis based on pre-generated preprocessed files is no longer supported too. Please consider using the Compiler Monitoring mode instead. This mode allows a generation and analysis of preprocessed files automatically during regular build process.

Those who follow the news about our project (or even use it) know that our analyzer was initially a plugin for Visual Studio only. Then we added a feature allowing using it as a console application integrated into Makefile (ask me if you don't know how to do that). After that, in the beginning of this year, we added C++Builder integration. By the way, we have quite few C++Builder users currently and we can't figure out why. Finally, it has recently occurred to us that it would be nice to create a standalone version.

Now, how do users see an ideal static code analyzer (be it a spherical analyzer in vacuum or not)? Relying on my experience in this field, I've worked out the following image. A user downloads the utility, specifies a folder with his source code, and clicks on a large green button "Find All Bugs!" No customization, no "project integration". Users don't need that, do they? No, they don't. However, the analyzer does. It at least needs information about #include's and #define's, if you work in C++. This information is necessary for the task of code preprocessing.

And here we face a necessity to choose among the following ways:

  • The tool must extract this information from the project file on its own (this is the way our Visual C++ and C++Builder plugins do).
  • The tool can get this information from Makefile (the way our command line version works).
  • The tool forces the user to undergo a painful process of specifying all the #include folders and #define parameters, which is almost impossible, as it's quite a difficult task for the user.
  • Find some alternative way.

We took the fourth path and tried the following thing. It occurred to us: what if the analyzer gets as the source information already preprocessed files instead of common source .cpp-files? That is, it gets files already processed by the preprocessor. It will free us from the necessity of calling the preprocessor and therefore keeping track of all those #include's and #define's.

This image is not quite the same as the above description of an ideal analyzer of course, yet it allows you to use PVS-Studio for almost any C/C++ project regardless of IDE it's being developed under.

So, the tool being developed in our secret lab looks something like this:

0206_Secret_Devs/image1.png

Figure 1 - The dialogue of launching analysis for preprocessed files.

First, we specify a folder with preprocessed .i-files - it is them that the tool will analyze.

Second, we specify a folder with source codes. It is necessary for more precise error detection. Besides, it will be more convenient (from now on) to navigate through user .cpp-files instead of .i-files which don't look very comprehensible to a human.

Third, we specify a folder with system include-files - the most basic ones like <string> or <stream>. What for? For the analyzer to know that this folder contains files for which it shouldn't generate any diagnostic messages.

So, we can "feed" the preprocessed files to this utility and then run analysis on them. It is in this way that we are currently checking the Boost project. By the way, we'll post a report about Boost check soon - subscribe to our blog not to miss it. Once analysis is done, we get a list of diagnostic messages which looks like this:

0206_Secret_Devs/image2.png

Figure 2 - The list of diagnostic messages displayed after checking .i-files.

Note that you are not looking at Visual Studio or RAD Studio. This is an independent utility that mimics (or rather exploits) the PVS-Studio window. Like PVS-Studio, It has an integrated code editor (Scintilla from Notepad++) to provide you with enough functionality for bug handling:

0206_Secret_Devs/image3.png

Figure 3 - A full-blown code editor.

This post cannot pretend to be a complete description of our secret utility of course, yet we already can answer some of your questions.

Who does NOT need this utility? Those who don't have any troubles checking their projects with PVS-Studio plugin for Visual Studio and C++Builder. Who NEEDS this utility? Those who want to check their source codes with PVS-Studio using other IDE's and/or project files our command line version cannot integrate into.

What would you like our application to look like? Do you find the concept of checking preprocessed files convenient? Do you think the utility lacks any capabilities? Should we continue working on it or drop it if most users appear to find our Microsoft/Embarcadero integration quite enough?

P.S. By the way, we have updated the design of our bug database where we store error samples found in open source projects.

Popular related articles
PVS-Studio ROI

Date: Jan 30 2019

Author: Andrey Karpov

Occasionally, we're asked a question, what monetary value the company will receive from using PVS-Studio. We decided to draw up a response in the form of an article and provide tables, which will sho…
How PVS-Studio Proved to Be More Attentive Than Three and a Half Programmers

Date: Oct 22 2018

Author: Andrey Karpov

Just like other static analyzers, PVS-Studio often produces false positives. What you are about to read is a short story where I'll tell you how PVS-Studio proved, just one more time, to be more atte…
The Last Line Effect

Date: May 31 2014

Author: Andrey Karpov

I have studied many errors caused by the use of the Copy-Paste method, and can assure you that programmers most often tend to make mistakes in the last fragment of a homogeneous code block. I have ne…
PVS-Studio for Java

Date: Jan 17 2019

Author: Andrey Karpov

In the seventh version of the PVS-Studio static analyzer, we added support of the Java language. It's time for a brief story of how we've started making support of the Java language, how far we've co…
Technologies used in the PVS-Studio code analyzer for finding bugs and potential vulnerabilities

Date: Nov 21 2018

Author: Andrey Karpov

A brief description of technologies used in the PVS-Studio tool, which let us effectively detect a large number of error patterns and potential vulnerabilities. The article describes the implementati…
Static analysis as part of the development process in Unreal Engine

Date: Jun 27 2017

Author: Andrey Karpov

Unreal Engine continues to develop as new code is added and previously written code is changed. What is the inevitable consequence of ongoing development in a project? The emergence of new bugs in th…
Free PVS-Studio for those who develops open source projects

Date: Dec 22 2018

Author: Andrey Karpov

On the New 2019 year's eve, a PVS-Studio team decided to make a nice gift for all contributors of open-source projects hosted on GitHub, GitLab or Bitbucket. They are given free usage of PVS-Studio s…
The way static analyzers fight against false positives, and why they do it

Date: Mar 20 2017

Author: Andrey Karpov

In my previous article I wrote that I don't like the approach of evaluating the efficiency of static analyzers with the help of synthetic tests. In that article, I give the example of a code fragment…
Appreciate Static Code Analysis!

Date: Oct 16 2017

Author: Andrey Karpov

I am really astonished by the capabilities of static code analysis even though I am one of the developers of PVS-Studio analyzer myself. The tool surprised me the other day as it turned out to be sma…
The Evil within the Comparison Functions

Date: May 19 2017

Author: Andrey Karpov

Perhaps, readers remember my article titled "Last line effect". It describes a pattern I've once noticed: in most cases programmers make an error in the last line of similar text blocks. Now I want t…

Comments (0)

Next comments

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept