Our website uses cookies to enhance your browsing experience.
The new year 2026 is already here, so it's high time to look back on the exciting work the PVS-Studio team did in 2025. Settle in comfortably—our evening of reminiscence begins.
Last year, Microsoft released a new version of its integrated development environment—Visual Studio 2026. Just as with previous IDE versions, PVS-Studio plugin is now available for this new release, enabling analysis of C, C++, and C# projects based on the MSBuild system.
You can read more about using PVS-Studio in Visual Studio in our documentation.
Over the past year, PVS-Studio plugin for Qt Creator gained support for four recent versions of the IDE. The plugin now works with Qt Creator 15, 16, 17, and 18.
However, we no longer support some older versions. We strive to maintain backward compatibility by supporting the latest plugin versions for all Qt Creator releases for two years after each one appears. So in 2025, we ended support for Qt Creator 9, 10, 11, and 12.
You can read more about PVS-Studio plugin for Qt Creator in our documentation.
Since 2025, PVS-Studio plugin for the Visual Studio Code can analyze projects using compilation monitoring.
In this mode, the plugin tracks processes corresponding to the target compiler and collects information about their environment. Once the plugin gathers all data, it can run project analysis.
Currently, this feature is only available on Windows, but we plan to add it for Linux as well.
Last year, we enhanced PVS-Studio interaction with various build systems.
It's now possible to use Kotlin DSL syntax when writing build scripts for the Gradle build system that uses PVS-Studio plugin. We added the corresponding instruction in the documentation.
For the MSBuild system, the analyzer can now analyze projects based on solution files in the .slnf and .slnx formats. We have previously written in our blog about the differences between .slnf and .slnx.
In 2024, we added support for custom code annotations in JSON format for the C and C++ analyzer. These annotations provide the analyzer with additional context about using of various entities, improving analysis quality.
In 2025, this feature was extended to PVS-Studio Java and C# analyzers.
We also continue working on the product documentation to ensure our users have no problems using PVS-Studio.
In 2025, the documentation on using the analyzer for Unreal Engine projects was expanded with a section on analysis using the Unreal Build Accelerator distributed build system.
In addition to updating the documentation with new features, we keep an eye on the older sections. Last year we completely revamped the documentation for using PVS-Studio plugin for the Visual Studio Code IDE.
Now let's check out the changes in PVS-Studio C and C++ analyzer.
The year 2025 was marked by enhanced technologies used in the C and C++ analyzer: we laid the groundwork for supporting new language standards and for advancing data flow and taint analysis.
Oleg Lisiy,
C++ Team Lead
In 2025, we finally released a new parser for C and C++ code, which our team had been developing for over a year. This is a major update. Although it may go unnoticed by most users, it serves as the foundation for future analyzer improvements.
During the extended testing period (EAP) in the spring, we achieved stable operation of the new parser on a large number of real projects. However, to ensure backward compatibility, we kept the option to switch back to the previous version.
If you encounter any issues while using the new parser, please don't hesitate to contact our support team. This will help us speed up final tweaks of this new tool.
Thanks to feedback from users, we have already made numerous refinements. As an example, we fixed critical crashes when analyzing Unreal Engine projects and enhanced the new parser's handling of templates.
Besides the improvements related to the new parser, there were others.
For instance, in C and C++ analyzer, we extended the taint analysis mechanism to diagnostic rules for finding other types of errors: division by zero, bitwise shift by an untrusted value, buffer overrun, signed integer overflow, and passing an untrusted value as an argument.
Other changes in the taint analysis mechanism include correct tracking of taint status with the % operator and enhanced handling of taint statuses in branches.
All these changes to the taint analysis mechanism ultimately increased the number of cases where the analyzer can detect potential vulnerabilities. You can read more about how taint analysis works in PVS-Studio in this article.
We also refined support for various language standards:
restrict and _Atomic qualifiers, _Atomic(T) and _Thread_local specifiers;thread_local specifier, constexpr and alignas keywords.Besides, we actively work with user feedback and fix flaws in the analyzer operation. Based on user reports, we fixed the internal annotations for the std::min, std::max, std::unique_ptr<T[]>::reset, and std::unique_ptr<T[]>::release functions.
Last year, we started covering the MISRA C 2023 standard with diagnostic rules in C and C++ analyzer.
You can read more about the classification of PVS-Studio warnings according to MISRA standards on this page. This page now also features a breakdown by standard version and displays the degree of the standard coverage by the analyzer diagnostic rules.
In 2025, we added support for generating the MISRA Compliance report, considering the newly supported standard versions. You can read more about this in our documentation.
By the February release of PVS-Studio 7.41, the MISRA C 2023 standard will be 80-85% covered.
Last year also brought changes to the .pvsconfig analysis configuration files.
We added a new flag, ‑‑apply-pvs-configs, to the pvs-studio-analyzer utility for cross-platform C/C++ project checking. This flag enables a mode for automatically searching and applying .pvsconfig analysis configuration files for the checked source files. You can search the configuration files in the directory of the source file and in all parent directories up to the project root folder, which is specified using the new ‑‑project-root.
We also added the mode for overriding higher-priority settings using the //V_OVERRIDE ON option. This option supports complex scenarios where certain project parts require different values for settings specified in .pvsconfig files with higher priority.
You can read more about .pvsconfig analysis configuration files in our documentation.
In 2025, we wrote 37 articles on C and C++. Here are some of them:
Now let's move on to the changes in PVS-Studio C# analyzer!
In 2025, we focused on creating diagnostic rules for working with Unity-based projects. At the moment, C# analyzer includes over 20 specialized diagnostic rules for detecting optimization issues and general analysis errors.
This year, we also enhanced some of the earliest diagnostic rules in the C# analyzer. And, of course, we added support for .NET 10 and C# 11.
Artem Rovenskii,
C# Team Lead
In the last release of the past year, we traditionally added support for analyzing projects on the fresh .NET 10.
In 2024, while supporting projects on .NET 9, we changed the analyzer system requirements on all platforms—after version 7.34, it became necessary to have .NET 9 SDK in the system.
In 2025, the change in system requirements only affected Linux and macOS: starting from PVS-Studio version 7.40, the .NET 10 SDK will be required to perform analysis of C# projects.
Last year, we also worked on improving analysis quality for C# projects.
For example, we revamped the very first diagnostic rules of C# analyzer. These rules now support new language constructs. Also, we enhanced PVS-Studio mechanisms for detecting code issues.
Thus, we reworked the V3001 diagnostic rule. Now it defines more correctly the cases when additional parentheses affect nothing. One bug found by the updated diagnostic rule is described in detail in this article.
We optimized the analysis of code blocks containing a large number of variable identifiers (500 or more). Previously, slowdowns were possible in such cases.
Also, the C# analyzer now considers tainted data when detecting an overflow, when the array index is out of bounds, and when potential division by 0 may occur.
Over the year, the C# team posted over 20 articles. Here are some of the most interesting ones:
And finally, it's the turn of Java analyzer!
Java analyzer now features a taint mechanism, enabling the creation of various diagnostic rules focused on security. We currently cover 9 out of 10 OWASP categories, and by the next February release, Java analyzer will have 40 security diagnostic rules.
Konstantin Volohovsky,
Java Team Lead
In 2024, Java analyzer gained a taint analysis mechanism. The first diagnostic rule, V5309, aimed at finding potential SQL injections, was also released at that time.
In 2025, it was high time to use this mechanism to its full potential!
We undertook significant work to cover OWASP Top 10 2021 security defect categories with Java analyzer. This involved releasing many new diagnostic rules designed to find potential vulnerabilities. Currently, Java analyzer diagnostic rules cover 9 out of 10 categories.
You can learn more about the classification of PVS-Studio diagnostic rules according to OWASP Top 10 on this page.
In 2025, we posted 37 articles on Java topic on our blog. Here are some of them:
We covered all major features in the analyzer for 2025, yet this is only a part. You can find the full list of changes on our release history page.
If you are interested in timely updates about the analyzer, subscribe to our digests.
2026 promises even more interesting developments—stay tuned for the news!
0
0
0
167
0
1000
0
1460
0
0