The PVS-Studio team is increasing the number of diagnostics with each new release. Besides, we are improving the analyzer's infrastructure. This time we added the plugin for JetBrains CLion. Moreover, we introduced intermodular analysis of C++ projects and speeded up the C# analyzer core.
We introduced a user-friendly plugin, which helps to use PVS-Studio in JetBrains CLion. Check out our blog to learn more about difficulties that we encountered when developing the CLion plugin. Here you can view the list of JetBrains IDEs which PVS-Studio already supports.
As we release the plugin for CLion for the first time, you may encounter some inconveniences or errors while using the plugin. In this case, please do not hesitate to write us. We'll try to help, give some advice, or fix defects. Thanks in advance.
Now, the PVS-Studio C++ analyzer supports intermodular analysis. In this mode, when parsing the code, the analyzer considers the results of method calls declared in other translation units. We also have intermodular analysis in the C# analyzer (at the project level) and in the Java analyzer (at the package level). In the C++ analyzer, this mode is disabled by default because it can slow down the speed of analysis. Learn more about intermodular analysis and its implementation features in our blog.
Now, the C# analyzer checks large projects (more than 10,000 source files) two times faster. Furthermore, the C# analyzer uses multi-core processors much more efficiently. Check out our blog to see techniques that we used to speed up the C# analyzer. These techniques may be applied for other classes of .NET applications:
As the list below shows, most of the diagnostics that we currently implement are based on the MISRA C standard. We focused on the MISRA C support, and now PVS-Studio covers 60% of the standard. Soon, we plan to cover at least 80%. We also want to introduce the support of coding standards from the MISRA C Compliance.
In addition, we continue to improve the analyzer capabilities in identifying potential vulnerabilities. Now, PVS-Studio covers 6 out of 10 categories in OWASP Top 10 – the list of the most common and dangerous security threats for Web applications. In this release, we added diagnostics for A5 Broken Access Control, A7 Cross-Site Scripting (XSS), and A8 Insecure Deserialization categories. In future releases this year, we plan to increase the coverage to 9 categories.
The PVS-Studio plugin for SonarQube supports SonarQube 8.9 LTS.
Now, in the PVS-Studio C++ analyzer, you can disable diagnostic rules for a given range of lines in the source file. See the section "How to enable and disable certain diagnostics for a block of code" in the Suppression of false alarms documentation.
One of our users wrote an article about integrating the PVS-Studio analyzer into uVision Keil. PVS-Studio does not provide such an option out of the box. But if you want something, we'll do our best to implement it :). The story turned out to be entertaining. Do take a look, even if you don't use uVision Keil: Integrating PVS-Studio into uVision Keil. Here is a quote from the article:
I've been using this scenario until one day I spent 3 days debugging a very unpleasant bug. The bug appearances were random and bewildering. It turned out to be a banal null pointer dereference (which on microcontrollers usually does not result in any instantaneous errors like Access Violation). I quickly realized that PVS-Studio detects this bug. That was the final nail in the coffin of my patience! – and I started integrating PVS-Studio into Keil.
0