PVS-Studio 7.19: what's new?
- New diagnostics
- What to read and what to... play
- Try PVS-Studio 7.19
Recently, we have released a new PVS-Studio version — 7.19. In this note, we'll tell you about new features in the analyzer, the enhanced documentation, as well as what to read and... what to play.
PVS-Studio supports Unreal Engine 5
Now, you can use PVS-Studio to analyze projects on Unreal Engine 5. For the most part, projects on UE 5 are analyzed in the same way as projects on UE 4. The difference is described in the documentation.
Unreal Engine 5 bug: Unable to find PVS-Studio
Unreal Engine 5 has a bug that doesn't let Unreal Build Tool find PVS-Studio by the default installation path. A pull request is made to fix this issue. The fix will be included in one of the next versions of the engine.
As of now, there's a temporary workaround. You can read about it in the documentation.
The C++ analyzer now works better with QNX compilers
We have enhanced the work of the C++ analyzer with the QNX compilers:
- the analyzer better recognizes the target platform of the QNX Momentics QCC compilers. Thanks to this, we reduced the number of false positives issued on code under QNX;
- we supported the latest versions of the QNX compiler.
The PVS-Studio plugin for SonarQube
The PVS-Studio plugin for SonarQube now supports JSON reports. Since PVS-Studio reports in the JSON format are available for all platforms, this simplifies cross-platform work scenarios.
Developer notification utility (blame-notifier)
The blame-notifier utility is used to notify developers and managers about code errors found by the analyzer. The notifications are sent via emails containing analyzer warnings.
Now you can attach files to such emails (for example, the full analyzer report) and change the subject of the email.
You can find the documentation for the blame-notifier utility here.
Analyzer reports and conversion utilities
You can convert PVS-Studio analysis results to various formats using special utilities (PlogConverter.exe, plog-converter). To browse various formats, you can read the document which describes:
- formats into which reports can be converted, and the purpose of these formats;
- report conversion utilities and startup flags;
- examples of conversion commands.
You can find the information here.
We have updated the documentation on using Unreal Engine and PVS-Studio. It describes:
- how to check projects from the IDE and from the command line;
- how to embed the analyzer in a project and not to see warnings on legacy code;
- how to exclude files and directories from analysis;
- features of using the analyzer with different engine versions.
The documentation is available here.
- V834. Incorrect type of a loop variable. This leads to the variable binding to a temporary object instead of a range element.
- V835. Passing cheap-to-copy argument by reference may lead to decreased performance.
- V1083. Signed integer overflow in arithmetic expression. This leads to undefined behavior.
- V1084. The expression is always true/false. The value is out of range of enum values.
- V1085. Negative value is implicitly converted to unsigned integer type in arithmetic expression.
- V3175. Locking operations must be performed on the same thread. Using 'await' in a critical section may lead to a lock being released on a different thread.
- V3176. The '&'= or '|=' operator is redundant because the right operand is always true/false.
- V5622. OWASP. Possible XPath injection. Potentially tainted data is used in the XPath expression.
- V5623. OWASP. Possible open redirect vulnerability. Potentially tainted data is used in the URL.
What to read and what to... play
What to read
We not only improve the analyzer, but also tell you what we are doing, how and why. You can read about it in the following articles:
- PVS-Studio evolution: data flow analysis for related variables
- Unreal baselining: PVS-Studio's enhancements for Unreal Engine projects
- How PVS-Studio for Windows got new monitoring mode
We continue to check the quality of the Open Source projects code. What errors did we find there? Read in these articles:
- Are you sure your passwords protected? The Bitwarden project check
- Why should Unity game developers use static analysis?
- How PVS-Studio prevents rash code changes, example N5
- Why use static analysis? Exploring an error from Akka.NET
What to play
We've made a quiz where you can test your skills and find errors in code fragments. So far, the quiz has only the C++ version. Do you want this quiz to be for C# too? Leave a comment. :)
You can play this game here.