To get a trial key
fill out the form below
Team License (standard version)
Enterprise License (extended version)
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
GBP
RUB
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
>
Using PVS-Studio Static Analyzer in C a…

Using PVS-Studio Static Analyzer in C and C++ Development for Embedded Systems

Aug 12 2019
Author:

This article will tell you how to launch analysis of an embedded project and how to work with the analyzer's report.

0655_PVS-Studio-for-Embedded/image1.png

The PVS-Studio analyzer supports a number of compilers for embedded systems. The current version allows checking projects built with one of the following compilers under Window, Linux, and macOS:

Installation

The installation procedure depends on the operating system you use in development. Under Linux, you can install the analyzer from either the repository, or the installation package.

For example, on a Debian-based system:

wget -q -O - https://files.viva64.com/etc/pubkey.txt | sudo apt-key add -

sudo wget -O /etc/apt/sources.list.d/viva64.list \
https://files.viva64.com/etc/viva64.list

sudo apt update
sudo apt install pvs-studio

or

sudo gdebi pvs-studio-VERSION.deb

Under macOS, you can use Homebrew for installation and updating:

brew install viva64/pvs-studio/pvs-studio
brew upgrade pvs-studio

Another option – installing from the dmg package, or unpacking from the archive manually.

Under Windows, you need to use the installer:

0655_PVS-Studio-for-Embedded/image2.png

You can download installation packages for each supported system, as well as request a trial key, should you need it, at the "Download and evaluate PVS-Studio" page.

Once the installation is done, you need to enter the license key. The "How to enter the PVS-Studio License and what's the next move" documentation article describes this process in detail in regards to different platforms.

Checking your Project

Checking projects built for embedded systems is similar to checking those developed for Windows, Linux, or macOS.

Options available in Linux are described in the "Getting Started with the PVS-Studio Static Analyzer for C++ Development under Linux" article. Keep in mind that embedded projects are cross-compiled, and your compiler can have a non-standard name. Due to this, you might need to specify it when launching the analysis, which you can do via the –compiler, or –c, command-line key.

pvs-studio-analyzer analyze -c MyCompiler

Using it is necessary if the analyzer can't detect the compiler type, that is, if it issues the "No compilation units found" error.

Since the target platform differs from the development one due to cross-compilation, you'll probably also need to specify the target platform via the --platform key, along with the preprocessor type (--preprocessor).

Supported platforms: win32, x64, linux32, linux64, macos, arm.

Supported prerocessors: gcc, clang, keil.

Under Linux, the linux64 platform and the gcc preprocessor are the defaults.

If you're using Windows, you can check your project in the compiler monitoring mode. To do so, use the "C and C++ Compiler Monitoring UI" utility, which comes with the analyzer. To start monitoring, go to the Tools menu and pick Analyze Your Files... This dialog will open:

0655_PVS-Studio-for-Embedded/image3.png

Click the "Start Monitoring" button and start building your project. When the build finishes, click the "Stop Monitoring" button in the dialog window located in the bottom-right corner of the screen:

0655_PVS-Studio-for-Embedded/image4.png

The main window of the "C and C++ Compiler Monitoring UI" utility allows you to view the analysis results.

Also, it is possible to start the analysis from the command line by using the CLMonitor utility. Here's the command which will initiate monitoring:

CLMonitor.exe monitor

After the build, start it again in analysis mode:

CLMonitor.exe analyze -l "<path>\out.plog"

The analyzer will check your project and save the results to the file specified via the -l key.

See also "Compiler Monitoring System in PVS-Studio".

Working with Reports

To view the report under Linux, you need to convert the log file, generated by the analyzer, into one of supported formats. Use the plog-converter utility to do this. For example, you can generate an HTML report, which allows you to view source code, with this command:

plog-converter -a GA:1,2 -t fullhtml /path/project.log -o /path/report_dir

Report conversion is described in more detail in the "Getting Started with the PVS-Studio Static Analyzer for C++ Development under Linux" article.

The Windows version also has a utility named PlogConverter, which is similar in usage to its Linux counterpart:

PlogConverter.exe <path>\out.plog --renderTypes= FullHtml --analyzer=GA:1,2

or

PlogConverter.exe D:\Projct\out.plog -t FullHtml -a GA:1,2

You can also view reports in plog format with the "C and C++ Compiler Monitoring UI" utility via the File->Open PVS-Studio Log... menu command.

Example:

0655_PVS-Studio-for-Embedded/image5.png

If you need to, you can export the report to one of supported formats via the utility's File menu.

MISRA coding standard

PVS-Studio classifies its warnings according to CWE and SEI CERT, which works quite well for static security testing (SAST) of regular apps. However, embedded systems have different security requirements, covered by a specially developed MISRA standard. The current PVS-Studio version partially supports MISRA C and MISRA C++. You can see the regularly expanding list of supported rules here.

Using MISRA rules when checking non-embedded projects is usually a bad idea, due to the standard's specifics. In most cases, if the code wasn't initially MISRA-oriented, the check would result in many false positives and generally noise warnings. Thus, MISRA rules are off by default.

To enable MISRA under Linux, run the analysis with the -a key and pass a numeric parameter, according to the desired mode. This parameter is a combination of bit fields:

-a [MODE], --analysis-mode [MODE]
        MODE defines the type of warnings:
        1 - 64-bit errors;
        2 - reserved;
        4 - General Analysis;
        8 - Micro-optimizations;
        16 - Customers Specific Requests;
        32 - MISRA.
        Modes can be combined by adding the values
        Default: 4

Example (with GA and MISRA rules enabled):

pvs-studio-analyzer analyze -a 36 -o /path/report.log

Also, you need to tell plog-converter to include MISRA warnings in the resulting report:

plog-converter -a MISRA:1,2,3 -m misra ....

Under Windows, you can use the "C and C++ Compiler Monitoring UI" utility's settings:

0655_PVS-Studio-for-Embedded/image6.png

See the "PVS-Studio: Support of MISRA C and MISRA C++ Coding Standards" article to learn more about MISRA support.

Conclusion

In this article, we've briefly discussed the PVS-Studio analyzer's features for checking embedded-targeted projects. If you need more information on using the analyzer, I recommend that you refer to the following articles:

Popular related articles
Free PVS-Studio for those who develops open source projects

Date: Dec 22 2018

Author: Andrey Karpov

On the New 2019 year's eve, a PVS-Studio team decided to make a nice gift for all contributors of open-source projects hosted on GitHub, GitLab or Bitbucket. They are given free usage of PVS-Studio s…
The Ultimate Question of Programming, Refactoring, and Everything

Date: Apr 14 2016

Author: Andrey Karpov

Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The au…
Appreciate Static Code Analysis!

Date: Oct 16 2017

Author: Andrey Karpov

I am really astonished by the capabilities of static code analysis even though I am one of the developers of PVS-Studio analyzer myself. The tool surprised me the other day as it turned out to be sma…
Technologies used in the PVS-Studio code analyzer for finding bugs and potential vulnerabilities

Date: Nov 21 2018

Author: Andrey Karpov

A brief description of technologies used in the PVS-Studio tool, which let us effectively detect a large number of error patterns and potential vulnerabilities. The article describes the implementati…
How PVS-Studio Proved to Be More Attentive Than Three and a Half Programmers

Date: Oct 22 2018

Author: Andrey Karpov

Just like other static analyzers, PVS-Studio often produces false positives. What you are about to read is a short story where I'll tell you how PVS-Studio proved, just one more time, to be more atte…
The Evil within the Comparison Functions

Date: May 19 2017

Author: Andrey Karpov

Perhaps, readers remember my article titled "Last line effect". It describes a pattern I've once noticed: in most cases programmers make an error in the last line of similar text blocks. Now I want t…
PVS-Studio for Java

Date: Jan 17 2019

Author: Andrey Karpov

In the seventh version of the PVS-Studio static analyzer, we added support of the Java language. It's time for a brief story of how we've started making support of the Java language, how far we've co…
Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, 10-15% of False Positives

Date: Jul 31 2017

Author: Andrey Karpov

After I wrote quite a big article about the analysis of the Tizen OS code, I received a large number of questions concerning the percentage of false positives and the density of errors (how many erro…
The way static analyzers fight against false positives, and why they do it

Date: Mar 20 2017

Author: Andrey Karpov

In my previous article I wrote that I don't like the approach of evaluating the efficiency of static analyzers with the help of synthetic tests. In that article, I give the example of a code fragment…
Static analysis as part of the development process in Unreal Engine

Date: Jun 27 2017

Author: Andrey Karpov

Unreal Engine continues to develop as new code is added and previously written code is changed. What is the inevitable consequence of ongoing development in a project? The emergence of new bugs in th…

Comments (0)

Next comments

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept