Using PVS-Studio with JetBrains Rider and CLion
- Watch, don't read (YouTube)
- Installing the plugin from the official JetBrains repository
- Installing the plugin from the PVS-Studio repository
- Installing the PVS-Studio analyzer
- Entering a license
- Plugin settings
- Checking code with PVS-Studio from Rider
- Checking code from CLion with PVS-Studio
- Managing analysis results
PVS-Studio analyzer can be used with JetBrains Rider IDE and CLion IDE as a plugin providing a convenient GUI for analyzing projects and individual files as well as managing diagnostic messages.
PVS-Studio plugins for Rider and CLion can be installed from the official JetBrains plugin repository or from the repository on our website. Another way to install it is by using the PVS-Studio installer for Windows, which is available on our download page.
Watch, don't read (YouTube)
Installing the plugin from the official JetBrains repository
To install PVS-Studio plugin from the official JetBrains repository, open the settings window by clicking 'File -> Settings -> Plugins', choose the Marketplace tab, and enter 'PVS-Studio' in the search bar. The PVS-Studio plugin will appear in the search results:
Installing the plugin in Rider:
Installing the plugin in CLion:
Click 'Install' next to the plugin name. Once the installation is finished, click Restart IDE.
After restarting the IDE, you can use PVS-Studio plugin to analyze your code. The next step is to install the PVS-Studio analyzer.
Installing the plugin from the PVS-Studio repository
In addition to the official JetBrains repository, PVS-Studio plugin is also available from PVS-Studio's own repository. To install the plug-in from there, you first need to add this repository to IDE. To do this, click on the 'File -> Settings -> Plugins' command to open the plugin installation window.
In that window, click the gear icon in the top-right corner and select 'Manage Plugin Repositories' in the drop-down menu.
In the opened window, add:
- the http://files.pvs-studio.com/java/pvsstudio-rider-plugins/updatePlugins.xml path for Rider;
- the http://files.pvs-studio.com/java/pvsstudio-clion-plugins/updatePlugins.xml for CLion,
and click OK.
The final installation step is the same as in the previous scenario of installing the plugin from the official repository: open the Marketplace tab and enter "PVS-Studio" in the search box. Select the plugin 'PVS-Studio for Rider' or 'PVS-Studio for CLion' in the search results, click 'Install', and restart the IDE.
Installing the PVS-Studio analyzer
To be able to use PVS-Studio in the Rider IDE and CLion IDE, you will also need to install the kernel of the analyzer and its dependencies in addition to the plugin itself.
If you have installed the plugin using the PVS-Studio installer for Windows, then all the required components have been already installed on your system, so you can skip this step.
If you have installed the plugin separately (by adding the repository or from the official JetBrains repository), you fist need to download and install the PVS-Studio C++ or C# analyzer core for the relevant platform from here.
Entering a license
To enter your PVS-Studio license, open any project in IDE and then open the plugin settings window: 'Tools -> PVS-Studio -> Settings':
Choose the Registration tab.
Fill in the 'User Name' and 'Serial Number' fields with the corresponding values from your license.
If the license you have entered is correct, the 'Invalid License' label will be replaced with 'Valid License' and the license expiration date will appear in the 'Expires' field. Click 'Save' or 'OK' to confirm and save the license.
The Settings window of the PVS-Studio plugin comprises several tabs. Let's discuss each in detail.
Settings – settings of the PVS-Studio analyzer core. Hover the mouse pointer over the option name to see a pop-up tooltip for that option.
Intermodular Analysis – Enabling this setting allows the analyzer to consider information not only from the analyzed file, but also from files that relate to the analyzed file. This allows for deeper and more qualitative analysis. However, it takes extra time to collect the necessary information, which will affect the time you analyze your project.
Warnings – a list of all the diagnostic rules supported by the analyzer. Unchecking a diagnostic rule prevents all warnings associated with it from being displayed in the analyzer's output window.
Excludes – contains masks for filenames and paths to be excluded from analysis.
Registration – contains information about the current license.
Checking code with PVS-Studio from Rider
JetBrains Rider can open projects in two modes: the project itself, or the project's source folder. When opening a project, Rider can open both individual 'csproj' files, and a solution file containing one or more project files.
With a project or solution opened, you can choose to check:
- The current project/solution.
- Items selected in the 'Explorer' window.
- file currently opened in the code editor.
To analyze the current project or solution, choose the 'Tools -> PVS-Studio -> Check Current Solution/Project' menu item.
To analyze an opened file, choose the 'Tools -> PVS-Studio -> Check Open File' command.
You can also select several items in the 'Explorer' window using the CTRL/SHIFT + mouse Left Click and then choose 'Tools -> PVS-Studio -> Check Selected Items' command:
Another way to do this is to open the drop-down menu by right-clicking in the 'Explorer' window and selecting 'Check Selected Items' menu item:
In the examples above, all of the *.cs and *.csproj files from the folders Core and Controllers, as well as the Startup.cs file will be analyzed.
When a project folder is opened in Rider, PVS-Studio doesn't know which project, file, or solution exactly should be analyzed, so the 'Check Current Solution/Project' and 'Check Open File' menu items are inactive. The only available option is to check the solution through the 'Tools -> PVS-Studio -> Check Selected Items' command:
Another way to achieve this is to open the drop-down menu by right-clicking in the 'Explorer' window and selecting 'Check Selected Items' menu item.
Checking code from CLion with PVS-Studio
JetBrains CLion allows to open CMake projects.
You can check:
- The current project.
- Items selected in the 'Explorer' window.
- The file currently opened in the code editor.
To analyze the current project, choose the Tools -> PVS-Studio -> Check Project menu item.
To analyze an opened file, choose the Tools -> PVS-Studio -> Check Current File command.
You can also select several items in the 'Explorer' window using the CTRL/SHIFT + mouse Left Click and then by right-clicking choose -> Analyze with PVS-Studio:
In the examples above, all the *.cpp files from '3rdparty', 'parallel' folders, as well as the samples.cpp file will be analyzed.
Managing analysis results
The analysis results produced by PVS-Studio analyzer will appear in the table inside the 'PVS-Studio' window, for Rider:
The table is made up of 7 columns (from left to right: Favorite, Code, CWE, Message, Position, Projects, False Alarms). The analyzer messages can be sorted by any column. To change the sorting order, click on the column heading. The leftmost column (Favorite) can be used to bookmark warnings for quick search among marked messages by sorting the messages by the Favorite column.
When clicking on a warning code in the Code / CWE columns, a webpage will open in your browser providing a detailed description of the warning or potential vulnerability. The Message column provides brief descriptions of the warnings. The Position column contains a list of files the warning refers to. The Projects column is a list of projects containing the file the warning refers to. The rightmost column, False Alarms, contains warnings marked as false positives. Managing false positives will be described in detail further, in the corresponding section.
Double clicking on a table row opens a file at the line the warning was triggered at:
There are also two arrow buttons above the table – these can be used to move between the warnings and open the associated files in the source code editor. To the right of the arrow buttons, a number of filter buttons are available, which allow you to sort the warnings by severity level: High, Medium, Low, and Fails (failures of the analyzer itself).
When clicking the search icon, an additional panel opens with text fields for searching across the Code, CWE, Message, and Position columns. Each field is a string filter allowing you to filter the messages by the text you have entered.
The button with three horizontal lines across it can be found in the top-left corner above the table. Clicking it opens an additional settings panel:
Clicking the gear icon opens the plugin's settings main window, which is also available at 'Tools -> PVS-Studio -> Settings'.
View the analyzer's most interesting warnings
If you are new to the static analysis tool and would like to know what it can do, you can use the Best Warnings mechanism. This mechanism will show you the most important and reliable warnings.
To check out the analyzer's most interesting warnings, click on the 'Best' button, as shown in the screenshot below:
After that, the table with the results of the analysis will show maximum of ten of the most critical warnings of the analyzer.
Managing false positives
Sometimes you may get a warning pointing out some spot in your code, but you know that there is no error in that spot. Such a warning is called a false positive.
PVS-Studio plugin allows you to mark the analyzer's messages as false positives to prevent them from appearing in future checks.
To mark false positives, select one or more warnings in the 'PVS-Studio' table, right-click on any row to open the drop-down menu, and select the 'Mark selected messages as False Alarms' command:
The analyzer will add a special comment of the '\\-Vxxx' pattern to the line the warning has been triggered by, where xxx is the PVS-Studio's diagnostic number. You can also add such comments manually.
To have previously marked false warnings displayed in the table, enable the 'Show False Alarms' option at 'Tools -> PVS-Studio -> Settings', for Rider:
Use the 'Remove False Alarm marks from selected messages' drop-down menu item to unmark selected warnings as false positives.
To learn more about suppressing warnings generated by the analyzer and other ways of suppressing warnings with configuration files (.pvsconfig) added to the project, see the Suppression of False Alarms documentation section.
Suppressing analyzer warnings in legacy code
Getting started with static analysis and using it regularly may be difficult due to multiple warnings triggered by legacy code. Such code is typically well tested and stable, so fixing every warning in it isn't necessary – all the more so because if the code base is large, fixing it may take a long time. What's more, warnings issued on legacy code prevent you from focusing on warnings issued on newly written code still in development.
To solve this problem and start using static analysis regularly without delay, PVS-Studio allows you to "turn off" warnings in the legacy code. To do that, select 'Tools -> PVS-Studio -> Suppress All Messages' command or click the 'Suppress All Messages' button on the PVS-Studio window toolbar. After that, all messages will be added to special *.suppress files, which is what the suppression mechanism is based on. The next time you run the analysis, the warnings added to these *.suppress files will be excluded from the analyzer's report. This suppression mechanism is quite flexible and is able to "track" suppressed messages even after you modify or move the involved code fragments.
In Rider the *.suppress files are created at the project level, in the same location where the project file is stored, but you can also add them to any project or solution (for example, if you want to use one suppress file for several projects or an entire solution). To get those warnings back in the report, delete the suppress files associated with the affected projects and restart the analysis.
In CLion suppressed messages are added in the suppress_file.suppress.json file, which is written in the .PVS-Studio directory, in the root directory of project opened in CLion. To get those warnings back in the analyzer report, delete this file and run the analysis again.
To learn more about warning suppression and to see the guide on handling *.suppress files, see the Mass suppression of analyzer warnings documentation section.
You can also read the "How to introduce a static code analyzer in a legacy project and not to discourage the team" article.
Dropdown menu of the warnings table
Right-clicking on a warning in the PVS-Studio window table opens a drop-down menu, which contains additional items for managing selected warnings.
Clicking the 'Mark selected messages as False Alarms / Remove false alarm masks' item marks selected warnings as false positives by adding a special comment to the lines of code they refer to (see the section above on managing false positives).
The 'Exclude from analysis' item is used to add the full or partial pathname of the file containing a warning to the list of folders excluded from analysis. Every file whose pathname matches the filter will be excluded from the analysis.
Saving and loading analysis results
Analysis results can be saved or loaded using the items of the 'Tools -> PVS-Studio' submenu:
The 'Open Report' command opens the .json report file and loads its contents into the table in the 'PVS-Studio' output window.
The 'Recent Reports' submenu contains a list of recently opened reports. Clicking an item on this list opens that file (given that it still exists at that location) and loads its contents into the table in the 'PVS-Studio' window.
Selecting the 'Save Report' item saves all the messages from the table (even the filtered ones) to a .json report file. If the current list of messages has never been saved before, you will be prompted for a name and location to store the report file to.
Similarly, the 'Save Report As' item is used to save all the warnings from the table (even the filtered ones) to a .json file and always prompts you to specify the location to store the report file to.
Keyboard shortcuts in the PVS-Studio plugins for Rider and CLion
The PVS-Studio plugins for Rider and CLion have the analysis result window. This window has a dropdown menu that appears when you right-click on the analysis result window:
Some of these actions have keyboard shortcuts. Thus, you can perform them without using a mouse.
The arrow keys for navigating the analyzer's warnings also have shortcuts:
- move to the next message: Alt + [;
- move to the previous message: Alt + ].
Using shortcuts is helpful, since they speed up the analysis result processing. You can set and customize the shortcuts in settings: File -> Settings -> Keymap. To find shortcuts faster, enter 'PVS-Studio' in the search field of the Keymap window.