PVS-Studio 7.34 has been released. Discover the latest features, including support for Apple Silicon processors with ARM64 architecture, .NET 9 project compatibility, the introduction of the taint analysis mechanism in the Java analyzer, and more! Explore more details in our press release.
You can download the latest PVS-Studio version here.
PVS-Studio on Apple Silicon ARM64
PVS-Studio analyzers for macOS now support Apple Silicon processors with ARM64 architecture, which has broken new ground for macOS users. With version 7.34, we've introduced native builds that let you harness the full potential of this platform.
PVS-Studio C# analyzer introduces support for .NET 9 projects
Now, users can analyze C# code with all new .NET 9 features.
Therefore, the requirements for the C# analyzer on Windows have changed (details under the Breaking Changes heading).
Taint analysis implementation in PVS-Studio Java analyzer
In the latest update of PVS-Studio Java analyzer, our team has introduced the taint analysis mechanism. We've created the first diagnostic rule based on this mechanism, V5309. It can help detect SQL injection vulnerabilities.
Next year, our Java team will focus on SAST, expand coverage of the OWASP Top 10 list of the most common potential vulnerabilities, and add more diagnostic rules for taint analysis.
Modified file analysis mode
We've updated the PVS-Studio_Cmd
and pvs-studio-dotnet
command lines. Now they include a modified file analysis mode that auto-detects source files changed between analysis runs. This mode is an alternative to incremental analysis, and you can use it to check pull requests.
For more details on this mode, please consult the documentation.
Viewing analysis results in the CodeChecker web interface
Starting with the CodeChecker 6.25.0 release, users can upload PVS-Studio reports directly into the web interface for a streamlined review of code analysis results. For more details on this integration, please consult the documentation.
Flexible include files in the analysis
You can now more easily include or exclude source files and configuration files from the analysis in the .pvsconfig
analyzer configuration files. You can use this mechanism to check Unreal Engine projects with UnrealBuildTool, starting with version 5.5.2. Learn more about it in the documentation.
Breaking Changes
The latest release introduces changes that break backward compatibility with previous analyzer versions. You may need to alter the way you use the analyzer.
The C# analyzer requirements on Windows (updated):
In the pvs-studio-analyzer
command line utility, the behavior of the ‑‑sourcecetree-root (-r)
flag has changed. Now, when a path is replaced in the generated report, the existence of the base directory path is checked.
New diagnostic rules
C, C++:
C#:
Java:
Articles
For those, who code in C++:
For those, who code in C#:
For those, who code in Java:
Other articles:
Webinars
C++ Semantics
In the webinar on C++ semantics, we explored symbols and name resolution. We discussed various types of lookups, scope importing, and overload resolution, along with the specifics of templates.
Evaluation
In that talk, we touched upon the topic of compile-time evaluation. We saw how we could use the AST to calculate values and why this approach could be difficult at times. Also, we looked at intermediate representation (IR) and saw how it could help us.
Do you want to check a project with PVS-Studio? Then start from this page.
If you'd like to get news on the latest releases, subscribe to the PVS-Studio newsletter here.
0