To get a trial key
fill out the form below
Team License (standard version)
Enterprise License (extended version)
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
GBP
RUB
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
>
Getting Started with the PVS-Studio Sta…

Getting Started with the PVS-Studio Static Analyzer for C++ Development under Linux

Aug 06 2019
Author:

PVS-Studio supports analyzing projects developed in C, C++, C#, and Java. You can use the analyzer under Windows, Linux, and macOS. This small article will tell you the basics of analyzing C and C++ code in Linux environment.

0652_PVS-Studio-for-Linux/image1.png

Installation

There are different ways to install PVS-Studio under Linux, depending on your distro type. The most convenient and preferred method is to use the repository, since it allows auto-updating the analyzer upon releasing new versions. Another option is to use the installation package, which you can get here.

The installation commands differ depending on the Linux distro you are using. For instance, this is how installation from the repository under Debian-based systems looks like:

wget -q -O - https://files.viva64.com/etc/pubkey.txt | sudo apt-key add -

sudo wget -O /etc/apt/sources.list.d/viva64.list \
https://files.viva64.com/etc/viva64.list

sudo apt update
sudo apt install pvs-studio

To install PVS-Studio from the downloadable package, you can use the gdebi utility:

sudo gdebi pvs-studio-VERSION.deb

The installation process is described in greater detail in the "Installing and updating PVS-Studio on Linux" documentation section. You can also find information on non-Debian systems there.

Once PVS-Studio is installed, you need to enter license data. Here's the command for that:

pvs-studio-analyzer credentials NAME KEY [-o LIC-FILE]

NAME and KEY are the registered user name, and the license key respectively. The optional parameter –o allows you to specify the location, where a license file will be generated. By default, it will be stored in the ~/.config/PVS-Studio/ directory.

If you need a trial key, you can get it at the "Download and evaluate PVS-Studio" page.

Checking your project

Once you get the analyzer installed, you can start checking projects. There are two main ways to do this:

  • Compilation monitoring.
  • Running from build systems directly.

Let's talk about the first way. To launch the monitoring under Linux, you need the strace utility. PVS-Studio uses it to collect a list and parameters of processes, which were launched during the build.

Use the command below to initiate the build:

pvs-studio-analyzer trace -- make

Here, make is used, but any other command that you're running to build your project can be in its place. If needed, you can pass command-line parameters to it in the usual way.

After the build, strace will create a file, which the analyzer will then use to check the source code. To start the analysis, use the command below.

pvs-studio-analyzer analyze -o /path/to/project.log

As a result, an encoded log file will be generated, which you can convert to one of supported formats. We'll talk about working with reports later.

Besides strace, you can base the analysis on the compile_commands.json (JSON Compilation Database) file. Many build systems have built-in means of exporting compilation commands, or you could use the BEAR utility to do this. Here's the command to launch the analysis in this case:

pvs-studio-analyzer analyze –f /path/to/compile_commands.json

Note that the analyzer recognizes the compiler, used in the build process, by its executable name. If you get the "No compilation units were found" error whilst attempting to analyze your project, try explicitly specifying the name of your compiler via the –compiler or –C command-line key:

pvs-studio-analyzer analyze -C MyCompiler

You may need this if you're using cross-compilation, or if your compiler has a non-standard executable name.

Besides monitoring mode, you can integrate the analyzer directly into your build system or IDE. Our official GitHub repository provides example projects where the integration has already been configured:

To learn more on running the analyzer under Linux, see the documentation.

Working with reports

After checking a project, the analyzer creates an encoded report. To convert it to one of supported formats, you need to use the plog-converter utility, which comes with the PVS-Studio installation.

Here's a list of supported formats:

  • xml-a convenient format for further processing of the results of the analysis, which is supported supported by the plugin for SonarQube;
  • csv - file stores tabular data (numbers and text) in plain text;
  • errorfile is the output format of the gcc and clang;
  • tasklist - an error format that can be opened in QtCreator;
  • html - html report with a short description of the analysis results;
  • fullhtml - report with sorting of the analysis results according to the different parameters and navigation along the source code.

The fullhtml format is the most convenient one for viewing the report, since it allows jumping to the line of code, corresponding to the warning you're interested in. The following command allows you to convert the report to this format:

plog-converter -a GA:1,2 -t fullhtml /path/project.log -o /path/report_dir

When you launch it, a newly created directory named /path/report_dir will contain all the report files.

Pay attention to the -a parameter. It allows you to specify, which warnings should appear in the resulting report. It is convenient if you need to filter the analyzer's output. The above command will create a report, which will contain only general analysis messages of the first and second certainty levels (High and Medium).

An example report:

0652_PVS-Studio-for-Linux/image2.png

By clicking within a message's Location cell, you can jump to the corresponding line of code:

0652_PVS-Studio-for-Linux/image3.png

By clicking the diagnostic code in the Code column, you can open documentation on this diagnostic.

Suppressing analyzer warnings

When using any static analyzer to check source code, you might get false positives, or simply undesirable noise warnings. PVS-Studio has means of suppressing such messages. To target individual warnings, you can use one of the methods described in the "Suppression of false alarms" documentation article.

Also, when checking old code you might want to suppress all warnings. As a rule, you may need this if you only want to check new code that you add to an existing codebase. To do this, use the suppress parameter of the pvs-studio-analyzer utility.

You can mass-suppress warnings in a report by using this command:

pvs-studio-analyzer suppress /path/to/report.log

Information on suppressed warnings is stored in a file named suppress_base.json, which is located next to the project. Such messages are excluded from reports on subsequent checks.

This mechanism is described in detail here.

Conclusion

This was a brief introduction into using PVS-Studio under Linux. I hope it was useful and managed to answer the most frequent questions. If you need more information on the topic of this article, refer to documentation here.

Popular related articles
PVS-Studio ROI

Date: Jan 30 2019

Author: Andrey Karpov

Occasionally, we're asked a question, what monetary value the company will receive from using PVS-Studio. We decided to draw up a response in the form of an article and provide tables, which will sho…
The Evil within the Comparison Functions

Date: May 19 2017

Author: Andrey Karpov

Perhaps, readers remember my article titled "Last line effect". It describes a pattern I've once noticed: in most cases programmers make an error in the last line of similar text blocks. Now I want t…
Technologies used in the PVS-Studio code analyzer for finding bugs and potential vulnerabilities

Date: Nov 21 2018

Author: Andrey Karpov

A brief description of technologies used in the PVS-Studio tool, which let us effectively detect a large number of error patterns and potential vulnerabilities. The article describes the implementati…
Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, 10-15% of False Positives

Date: Jul 31 2017

Author: Andrey Karpov

After I wrote quite a big article about the analysis of the Tizen OS code, I received a large number of questions concerning the percentage of false positives and the density of errors (how many erro…
The way static analyzers fight against false positives, and why they do it

Date: Mar 20 2017

Author: Andrey Karpov

In my previous article I wrote that I don't like the approach of evaluating the efficiency of static analyzers with the help of synthetic tests. In that article, I give the example of a code fragment…
The Last Line Effect

Date: May 31 2014

Author: Andrey Karpov

I have studied many errors caused by the use of the Copy-Paste method, and can assure you that programmers most often tend to make mistakes in the last fragment of a homogeneous code block. I have ne…
PVS-Studio for Java

Date: Jan 17 2019

Author: Andrey Karpov

In the seventh version of the PVS-Studio static analyzer, we added support of the Java language. It's time for a brief story of how we've started making support of the Java language, how far we've co…
Appreciate Static Code Analysis!

Date: Oct 16 2017

Author: Andrey Karpov

I am really astonished by the capabilities of static code analysis even though I am one of the developers of PVS-Studio analyzer myself. The tool surprised me the other day as it turned out to be sma…
Static analysis as part of the development process in Unreal Engine

Date: Jun 27 2017

Author: Andrey Karpov

Unreal Engine continues to develop as new code is added and previously written code is changed. What is the inevitable consequence of ongoing development in a project? The emergence of new bugs in th…
The Ultimate Question of Programming, Refactoring, and Everything

Date: Apr 14 2016

Author: Andrey Karpov

Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The au…

Comments (0)

Next comments

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept