PVS-Studio 7.26: running analysis in VS Code and Qt Creator, integration with DefectDojo, and more
PVS-Studio 7.26 has been released. Now you can run the analysis in plugins for VS Code and Qt Creator; upload the analysis results to DefectDojo, and more. In this note, we'll take a closer look at these and other enhancements.
You can download the latest version of PVS‑Studio here.
Visual Studio Code and Qt Creator: running analysis and suppressing warnings
Now the PVS-Studio plugins for Visual Studio Code and Qt Creator support the analysis of C and C++ projects. Moreover, the plugins support mass suppression of analyzer warnings (with the help of suppress files). This mechanism enables you to hide warnings for legacy code and work only with new warnings. In this way, the integration of the analyzer into the project will be much easier. You can read more about it in the article: "How to introduce a static code analyzer in a legacy project and not to discourage the team".
Now you can analyze the projects that use the following build systems:
- Visual Studio Code: CMake
- Qt Creator: CMake, QMake, Qbs
You can find more detailed information in the documentation:
Integration with DefectDojo
Now PVS-Studio has integration with DefectDojo, the DevSecOps platform that helps teams manage the entire security workflow. Find out more details in the documentation.
Support for JDK 20 projects
The Java analyzer now supports projects that use JDK 20 and Java 20. It also maintains backward compatibility with all previous versions.
New features for C and C++ function annotations
Function annotations give PVS-Studio more data for analysis.
The C++ analyzer received an enhanced user annotation mechanism. Now you can write annotations for functions at any nesting level. Moreover, now it's possible to use the function name without specifying the class and namespace when annotating.
Here you can find the guidelines for user annotations.
- V838. Temporary object is constructed during lookup in ordered associative container. Consider using a container with heterogeneous lookup to avoid construction of temporary objects.
- V1100. Unreal Engine. Declaring a pointer to a type derived from 'UObject' in a class that is not derived from 'UObject' is dangerous. The pointer may start pointing to an invalid object after garbage collection.
- V1101. Changing the default value of a virtual function parameter in a derived class may result in unexpected behavior.
- V3191. Iteration through collection makes no sense because it is always empty.
- V4002. Unity Engine. Avoid storing consecutive concatenations inside a single string in performance-sensitive context. Consider using StringBuilder to improve performance.
- V4003. Unity Engine. Avoid capturing variable in performance-sensitive context. This can lead to decreased performance.
For those who code in C#:
- Does C# always have boxing with string concatenation and interpolation?
- Ryujinx: re-checking the Nintendo Switch emulator using PVS-Studio
- Examining suspicious code fragments in AWS SDK for .NET
- Top 3 open-source games written in C#: searching for bugs
For those who code in C++:
For more articles, you can visit our blog.
Do you need to check a project with PVS-Studio? Then start from this page.