To get a trial key
fill out the form below
Team License (standard version)
Enterprise License (extended version)
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
GBP
RUB
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
>
Best Practices of using PVS-Studio. Now…

Best Practices of using PVS-Studio. Now with C# support

Dec 25 2015

This article is written for all novice users of PVS-Studio static code analyzer in Visual Studio environment. It describes typical workflow of using the analyzer. Once you've covered the material in this article, you can easily get started with the analyzer, and then deepen your knowledge with the help of PVS-Studio documentation if needed.

PVS-Studio with C# support

Starting from the new PVS-Studio 6.00 version, developers can run the analyzer not only on C/C++ code, but on C# as well. Licensing policy remains the same - you buy/renew the PVS-Studio license, but now you can use PVS-Studio for 3 programming languages C/C++/C#

Working with PVS-Studio

Usually, if the programmer runs a static code analyzer on the project for the first time, he has no idea what to do with that great deal bugs found by the analyzer. New project tasks are getting on his "to do" list, and there is no time to fix the issues that the analyzer detected. The developer wants to set the current warnings aside and start checking the newly written code fragments to get the analyzer's instant help. Another reasonable request for the analyzer is to have an ability to go back to the errors that were found in the "old" pieces of code. Let's see how this can be done using PVS-Studio on a C# project.

Step by step guidance for developers working with PVS-Studio

  • Project analysis.
  • Suppression of warnings with the possibility to return to them later.
  • Analysis of newly written code immediately after the building.
  • Warnings handling.
  • Reviewing the list of errors, found in the "old" code.

Let's have a look at the steps of work using Sharp Developer project as an example. We have already described the errors that the analyzer found in the scope of our previous article.

Project analysis

During the installation, PVS-Studio Analyzer integrates into the Visual Studio environment. Using the analyzer in Visual Studio is the easiest way to work with it.

If you are doing the analysis for the first time, we recommend running it on the entire project. Choose PVS-Studio>Check>Solution in the menu.

0364_Best_practices/image1.png

Figure 1. Checking the entire solution.

Within the frames of Sharp Developer project, the analyzer detected 20 warnings of high severity, 32 of medium severity and 182 low-severity warnings. By default, the programmer sees the warnings of high importance only. We recommend to start reviewing the code with high severity warnings and then move on to the warnings of low severity.

0364_Best_practices/image2.png

Figure 2. Error messages window (click on the image to enlarge).

If there is a situation when you have to start working on a new task and want to review all the warnings for your "old" code later, you may do the following:

1. Suppress current messages of the analyzer.

2. Set it up in such a way that it will do the analysis only for the new code.

Warning suppression with the possibility to return to them later

If you want to suppress the warnings temporarily, select "Suppress Messages" in the menu.

0364_Best_practices/image4.png

Figure 3. Mass marking of warnings as "uninteresting" for this period of time.

And then in the new window press "Suppress Current Messages".

All warnings from one project will be written in xml format and saved with the extension ".suppress" in the project folder. These warnings will not be displayed in the PVS-Studio window in Visual Studio, if you have not set it up.

The developer suppressed all the warnings, and he sees a window of PVS-Studio without any errors. The next step is to start getting the analyzer warnings only for new code.

Analysis of newly written code

By default, in order to see the new errors after the project build with the new code, we must restart the analyzer. But can be a redundant variant. A much more elegant solution is to use incremental analysis and check the new code with the help of PVS-Studio immediately after you have built the project. To do the incremental analysis choose "Analysis after Build" in the menu.

0364_Best_practices/image5.png

Figure 4. Enabling/disabling automatic file check after the compilation.

Let's see how it works. Suppose we wrote a simple class:

class TestAnalyzer
{
    public void Logging(DateTime dateTime)
    {
        System.IO.File.WriteAllText(
                        @"S:\path\to\file.log", 
                        String.Format("Logging time: {1}h {2}m", 
                        dateTime.Hour, 
                        dateTime.Minute));
    }

    private void OnLoad() 
    {
        Console.WriteLine("Event!");
        Logging(DateTime.Now);
    }

    private void OnClose()
    {
        Console.WriteLine("Event!");
        Logging(DateTime.Now);
    }
}

We compiled it and the analyzer issued two warnings.

0364_Best_practices/image6.png

Figure 5. An example of incremental analysis.

Let's see how you can work with these warnings.

Handling the warnings

A real bug

Warning V3025 detected a real bug. Let's see what's there. The developer tries to address the dateTime.Minute parameter, using index 2, but the argument numeration is different. dateTime.Hour - index 0, dateTime.Minute- index 1, that's why indexes 0 and 1 must be used when addressing the parameters. Let's fix it by replacing:

System.IO.File.WriteAllText(
                @"S:\path\to\file.log", 
                String.Format("Logging time: {1}h {2}m", 
                dateTime.Hour, 
                dateTime.Minute));

with the string:

System.IO.File.WriteAllText(
                @"S:\path\to\file.log", 
                String.Format("Logging time: {0}h {1}m", 
                dateTime.Hour,                
                dateTime.Minute));

A false positive

In the second case the analyzer judges the code too critically and thinks that there can not be the same logic in the event handler OnLoad and OnClose. We understand that in our case it is normal, and decide that this is a false positive. To mark the warning as a false positive just click on it with the right mouse button and choose "Mark selected messages as False Alarms"

0364_Best_practices/image7.png

Figure 6. Suppression of a warning by adding a special commentary to the code.

After it the analyzer will add a commentary "//-V3013" to the string, for which the warning was issued. It will no longer issue a V3013 warning for this code string. More details about the false positives and handling them: "Suppression of false alarms"

It should be noted that in the analyzer we use an advanced algorithm of new code detection. If you don't create a new class, but change something in the old code, the analyzer will see a necessity to recheck such a file. More about this can be found in the documentation.

Going back to the warnings, issued for the old code

So the developer finally has some time to work on the warnings issued for the old code. It's really simple to review "old" warnings. Choose "Suppress Messages" in the menu, and then choose the project that you want to work on. We have ICSSharpCode.SharpDevelop as an example.

0364_Best_practices/image8.png

Figure 7. Removing a project from the list.

Then click "Delete Selected Files". NameOfTheProject.suppress file will be physically deleted from the project folder and the analyzer will no longer hide the warnings found in the project. To see the warnings, run the analyzer for the project, where you cancelled the warning suppression.

0364_Best_practices/image9.png

Figure 8. Checking a single project.

After running the analyzer on the current project you'll see the warnings, so you can start working on them.

Conclusions and recommendations

The article describes the work with the analyzer from the point of a view of a single developer. We recommend following these steps. Another tip is to run the analyzer on the source code on the server. A developer can skip the analyzer's message or forget to work on it. You can read more about this in the documentation in the article:

We hope we managed to answer some questions about using the analyzer. If you still have any, please contact us support@viva64.com, we will be glad to help.

Popular related articles
Technologies used in the PVS-Studio code analyzer for finding bugs and potential vulnerabilities

Date: Nov 21 2018

Author: Andrey Karpov

A brief description of technologies used in the PVS-Studio tool, which let us effectively detect a large number of error patterns and potential vulnerabilities. The article describes the implementati…
Appreciate Static Code Analysis!

Date: Oct 16 2017

Author: Andrey Karpov

I am really astonished by the capabilities of static code analysis even though I am one of the developers of PVS-Studio analyzer myself. The tool surprised me the other day as it turned out to be sma…
The way static analyzers fight against false positives, and why they do it

Date: Mar 20 2017

Author: Andrey Karpov

In my previous article I wrote that I don't like the approach of evaluating the efficiency of static analyzers with the help of synthetic tests. In that article, I give the example of a code fragment…
Free PVS-Studio for those who develops open source projects

Date: Dec 22 2018

Author: Andrey Karpov

On the New 2019 year's eve, a PVS-Studio team decided to make a nice gift for all contributors of open-source projects hosted on GitHub, GitLab or Bitbucket. They are given free usage of PVS-Studio s…
Static analysis as part of the development process in Unreal Engine

Date: Jun 27 2017

Author: Andrey Karpov

Unreal Engine continues to develop as new code is added and previously written code is changed. What is the inevitable consequence of ongoing development in a project? The emergence of new bugs in th…
The Ultimate Question of Programming, Refactoring, and Everything

Date: Apr 14 2016

Author: Andrey Karpov

Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The au…
PVS-Studio ROI

Date: Jan 30 2019

Author: Andrey Karpov

Occasionally, we're asked a question, what monetary value the company will receive from using PVS-Studio. We decided to draw up a response in the form of an article and provide tables, which will sho…
The Last Line Effect

Date: May 31 2014

Author: Andrey Karpov

I have studied many errors caused by the use of the Copy-Paste method, and can assure you that programmers most often tend to make mistakes in the last fragment of a homogeneous code block. I have ne…
How PVS-Studio Proved to Be More Attentive Than Three and a Half Programmers

Date: Oct 22 2018

Author: Andrey Karpov

Just like other static analyzers, PVS-Studio often produces false positives. What you are about to read is a short story where I'll tell you how PVS-Studio proved, just one more time, to be more atte…
PVS-Studio for Java

Date: Jan 17 2019

Author: Andrey Karpov

In the seventh version of the PVS-Studio static analyzer, we added support of the Java language. It's time for a brief story of how we've started making support of the Java language, how far we've co…

Comments (0)

Next comments

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept