Product News

Improved Null Pointer Dereference Detection in Visual Studio 2022 version 17.0...--Gabor Horvath

Give it a try!

Improved Null Pointer Dereference Detection in Visual Studio 2022 version 17.0 Preview 4

by Gabor Horvath

From the article:

The C++ static analysis team is committed to making your C++ coding experience as safe as possible. We are adding richer code safety checks and addressing high impact customer feedback bugs posted on the C++ Developer Community page. Thank you for engaging with us and giving us great feedback on the past releases and early previews leading to this point. Below is the detailed overview of a new experimental code analysis check that can detect null pointer dereference errors, along with a comparison to an existing check that has the same purpose...

PVS-Studio 7.15: MISRA, CWE, OWASP, Unreal Engine

We are actively developing the PVS-Studio static analysis tool towards detecting Safety and Security-related errors. To be more precise, we've expanded the coverage of the MISRA C:2012 and OWASP ASVS standards. We have supported the MISRA Compliance 2020 standard. One of the more extraordinary innovations is the Best Warnings display mode.

PVS-Studio 7.15: MISRA, CWE, OWASP, Unreal Engine

by Andrey Karpov

From the article:

We have introduced a new feature for the PVS-Studio plugin for Visual Studio. Now you can display the Best Warnings the analyzer issued for a project. In other words, these are the analyzer's most valuable warnings. They demonstrate the analyzer's capabilities for someone, who is just starting out with the analyzer. We call this feature Analyzer Best Warnings. PVS-Studio has always been grouping analyzer warnings by 3 certainty levels. We've been traditionally using these levels to prioritize showing the analysis results — all best warnings should be first-level warnings. For the new version of our analyzer, we have developed a more accurate mechanism to evaluate warnings. Now the mechanism uses many extra criteria in addition to levels — both static (the average diagnostic "value") and dynamic. The dynamic criteria are based on warnings the analyzer issues for a specific code base (for example, detection frequency).

Detecting errors in the LLVM release 13.0.0

Commercial static analyzers perform deeper and fuller code analysis compared to compilers. Let's see what PVS-Studio found in the source code of the LLVM 13.0.0 project.

Detecting errors in the LLVM release 13.0.0

by Andrey Karpov

From the article:

It makes no sense to write different values one by one to the same variable. This is exactly what the analyzer warns us about. The code author made a typo, forgetting to add '|'. This code should create one 64-bit value from two 32-bit values. The correct code looks as follows: ....

Supercharge Your C++ analysis with SonarLint for CLion

SonarSource recently released the SonarLint plug-in for CLion - this article looks at some of the interesting rules (checks) this gives you, and how each tool enhances the other.

Supercharge your C++ analysis with SonarLint for CLion

by Phil Nash and Geoffray Adde

From the article:

In this post, we want to demonstrate the powerful capabilities of the C++ analyzer with SonarLint (a free, in-IDE static analysis plugin) and highlight some unique and interesting rules that you might find useful. Through that lens, we want to show how you can leverage them to elevate your CLion’s inbuilt static analysis capabilities.

CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?

For the first time PVS-Studio provided support for the CWE classification in the 6.21 release. It took place on January 15, 2018. Years have passed since then and we would like to tell you about the improvements related to the support of this classification in the latest analyzer version.

CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?

by Mikhail Gelvih

From the article:

We have been using the CWE classification for PVS-Studio diagnostics for more than three years. Their number increases every year. In 2018, we covered only 94 points on the CWE list. Now it's almost 130. However, this article isn't about the total number of diagnostics. Let's talk about those that are included in the list of the most dangerous diagnostics in 2021. If you want to read the full list, you can get it in the "CWE compliance" section of our documentation.

Why do you need the MISRA Compliance report and how to generate one in PVS-Studio?

If you are strongly interested in MISRA and would like to understand whether your project meets one of the MISRA association's standards, there is a solution. It's name is MISRA Compliance.

Why do you need the MISRA Compliance report and how to generate one in PVS-Studio?

by Nikolay Mironov

From the article:

To make this simpler, let's take rule 1.1 that has the standard value of the category equal to Required. If you look at the table, you can see that acceptable compliance values for Required are Compliance or Deviations (I'll talk more about the meaning of these statuses later). This means that if your project complies with rule 1.1, or if it complies with this rule with some deviations - everything is fine and you can go to the next rule. If you get at least one hit in Violations or Disapplied, then the project does not comply with MISRA C 2012. If all rules have acceptable values only, congratulations! Your project complies with the MISRA C 2012 standard. If you have a hit in the red zone (the table above), you do not comply with the standard.

ReSharper C++ 2021.2 brings type conversion hints, immutability inspections, ... -- Elvira Mustafina

ReSharper C++ 2021.2 is released!

ReSharper C++ 2021.2: Type Conversion Hints, Immutability Inspections, Inline Function

by Elvira Mustafina

From the article:

ReSharper C++ 2021.2 is now available for download! It brings new inlay hints to help you spot implicit type conversions, the Inline Function refactoring, and updates to Unreal Engine support. New modernizing inspections assist you with updating your code to modern C++, and improved immutability analyses keep your code more readable and correct.

  • New inlay hints that show implicit type conversions.
  • Inline Function refactoring.
  • Immutability inspections (and now Constants and immutability section of the C++ Core Guidelines is fully covered!).
  • More inspections to help you modernize your code.
  • Support for Unreal Engine 5 and other enhancements for game developers on UE.
  • cppreference.com links in the Quick Documentation pop-ups.
  • The bundled Clang-Tidy has been updated to Clang 12, adding new checks from the latest LLVM release.

PVS-Studio 7.14: CLion, intermodular analysis, MISRA

The PVS-Studio team is increasing the number of diagnostics with each new release. Besides, we are improving the analyzer's infrastructure. This time we added the plugin for JetBrains CLion. Moreover, we introduced intermodular analysis of C++ projects and speeded up the C# analyzer core.

PVS-Studio 7.14: intermodular analysis in C++ and plugin for JetBrains CLion

by Andrey Karpov

From the article:

As the list below shows, most of the diagnostics that we currently implement are based on the MISRA C standard. We focused on the MISRA C support, and now PVS-Studio covers 60% of the standard. Soon, we plan to cover at least 80%. We also want to introduce the support of coding standards from the MISRA C Compliance.

Boost Version 1.77.0 released

Are you going to update?

Boost Version 1.77.0 released

From the release:

New Libraries
A C++14 reflection library, from Peter Dimov. Provides macros for describing enumerators and struct/class members, and primitives for querying this information.
Lambda2:
A C++14, dependency-free, single header lambda library, from Peter Dimov. Allows simple function objects to be constructed via expressions such as _1 + 5, _1 % 2 == 0, _1 > _2, or _1 == ' ' || _1 == '\t'...

HPX V1.7.1 released -- STE||AR Group

The STE||AR Group has released V1.7.1 of HPX -- A C++ Standard library for parallelism and concurrency.

HPX V1.7.1 Released

The newest version of HPX (V1.7.1) is now available for download! This release fixes minor problems found after the version 1.7.0. It fixes a bug in the internals of actions, adds a version check to the new Asio dependency, and slightly improves the performance of spinlocks among other minor changes. Importantly, the experimental hpx::execution::simdpar execution policy introduced in 1.7.0 was renamed to hpx::execution::par_simd for consistency with the standard parallel execution policies. While this is a breaking change in a patch release, we felt it was important to make this adaptation as soon as possible. The full list of improvements, fixes, and breaking changes can be found in the release notes.

    HPX is a general purpose parallel C++ runtime system for applications of any scale. It implements all of the related facilities as defined by the C++ Standard. As of this writing, HPX provides one of the only widely available open-source implementation of the new C++17 parallel algorithms. Additionally, HPX implements functionalities proposed as part of the ongoing C++ standardization process, such as large parts of the features related parallelism and concurrency as specified by the upcoming C++20 Standard, the C++ Concurrency TS, Parallelism TS V2, data-parallel algorithms, executors, senders/receivers and many more. It also extends the existing C++ Standard APIs to the distributed case (e.g. compute clusters) and for heterogeneous systems (e.g. GPUs).

    HPX seamlessly enables a new Asynchronous C++ Standard Programming Model that tends to improve the parallel efficiency of our applications and helps reducing complexities usually associated with parallelism and concurrency.