PVS-Studio is a static code analysis solution. It finds errors and potential vulnerabilities in C, C++, C#, and Java code. It works on Windows, macOS, and Linux.
The PVS-Studio 7.25 release came out in June 2023.
In this version, we implemented the support of Qt Creator 10 and Rider 2022.2.3 (and higher), updated the libraries used by the analyzer, enhanced the documentation — and that's not all! See the details in the presentation and in the official press-release article: https://pvs-studio.com/en/blog/posts/1055/
2. Supported Qt Creator 10 and Rider 2022.2.3+
Updated dependencies: MSBuild and Roslyn
Sped up analysis on the 12th gen Intel processors
Introduced new features
for the analysis and diagnostic configuration files (pvsconfig)
Documentation and diagnostics
A fun quiz on Java (C++ and C# quizzes are also available)
What we did in PVS-Studio 7.25
2
4. We are happy to announce that the PVS-Studio plugin for Qt Creator 10 is now
officially available!
You can read more about it here.
The PVS-Studio plugin for Rider also got an update: now you can use the
analyzer in Rider 2022.2.3 and higher.
Qt Creator and Rider
4
5. Usually, we update the analyzer dependencies after a new .NET version is
released. This approach makes it possible to analyze C# projects that use the
new SDK and the new language syntax. Another positive thing is the overall
improvement of the Roslyn and MSBuild libraries used by the analyzer.
This time we updated the dependencies in advance. This fixed the error occurring
in projects that use attributes for code generation:
“Can't get compilation for project: NameOfProject. You may have experienced an error
due to the use of attributes for automatic code generation. Please contact our support
team (https://pvs-studio.com/en/about-feedback).”
If you get this error, please download the new version of the analyzer.
MSBuild and Roslyn
5
6. When checking C++ projects that use MSBuild, PVS-Studio did not use the full
power of Intel's 12th generation processors (for example, i7-12700, i9-12900).
In the new version of PVS-Studio, the error has been fixed. Now the analyzer fully
loads the processors and works much faster.
Faster analysis on the 12th gen Intel processors
6
7. 7
New features for the analysis and diagnostic
configuration files (pvsconfig)
You can enable only specific diagnostic via pvsconfig files.
You can specify the loading priority of conflicting pvsconfig files: for example, you
can enable or disable individual diagnostics (C++ only).
You can ignore global settings from Settings.xml (only when working via Visual
Studio or PVS-Studio_Cmd.exe).
Find the details in the documentation.
9. Documentation
9
Document Status
Documentation on analysis in commit
and branch merge modes
(pull/merge requests)
Rewritten
AppVeyor documentation Got a new dedicated page
Buddy documentation Got a new dedicated page
Documentation for integrating
analysis results into SonarQube
Enhanced, includes new sections on
how to make the PVS-Studio C#
analyzer work with SonarQube on
Linux and macOS
10. C, C++
V837. The 'emplace' / 'insert' function does not guarantee that arguments will not be copied or
moved if there is no insertion. Consider using the 'try_emplace' function.
V1098. The 'emplace' / 'insert' function call contains potentially dangerous move operation. Moved
object can be destroyed even if there is no insertion.
V1099. Using the function of uninitialized derived class while initializing the base class will lead to
undefined behavior.
V2020. The loop body contains the 'break;' / 'continue;' statement. This may complicate the control
flow.
C#
V3190. Concurrent modification of a variable may lead to errors.
V4001. Unity Engine. Boxing inside a frequently called method may decrease performance.
Diagnostics
10
12. Spot an error in the Java code
12
In this release, the PVS-Studio
team has prepared for you a
new challenge on finding errors
in the code. This time it is
dedicated to Java. You can find
the challenge here. I'm sure you
will flawlessly complete it :).
By the way, similar challenges on C++ and C# are available here, and here
respectively. Dig in!
13. For C++ programmers:
60 terrible tips for a C++ developer
GPT-3 detected 213 Security Vulnerabilities... Or it
did not
For C# programmers:
XSS vulnerability in the ASP.NET application:
examining CVE-2023-24322 in mojoPortal CMS
RavenDB and PVS-Studio: win-win collaboration
BTCPay Server: top 10 bugs in Bitcoin payment
processor code
Top 10 C# conference talks 2019–2022
NullReferenceException in C#. What is it and how to
fix it?
Articles
13
Miscellaneous:
How static analysis works
Do developers dream of secure apps?
5 reasons why static analysis is important
for business
Can code review be automated?
SAST vs DAST
14. Download
14
You can download the latest version of PVS-Studio here.
If you'd like to receive press releases by email, subscribe to PVS-Studio
newsletter.
15. Thank you!
15
This presentation is a short overview of the new PVS-Studio 7.25 release.
For more information on the new features, please visit the PVS-Studio website for the
detailed press-release article.
pvs-studio.com