SlideShare a Scribd company logo

PVS-Studio for Visual C++

Andrey Karpov
Andrey Karpov

At some moment, long ago, we somehow started to cover in our articles any subject but the PVS-Studio tool itself. We told you about the projects we checked and the C++ language's subtle details; we told you how to create plugins in C# or how to launch PVS-Studio from the command line... But PVS-Studio is first of all meant for developers working in Visual Studio. We've done quite a lot to make it easier and more comfortable for them to use our tool. Yet this particular aspect usually stays off screen. Now I decided to improve that and tell you about the PVS-Studio plugin from scratch. If you are a Visual C++ user, this article is for you.

Software
1 of 12
Download to read offline
PVS-Studio for Visual C++ Author: Andrey Karpov Date: 29.10.2013 At some moment, long ago, we somehow started to cover in our articles any subject but the PVS-Studio tool itself. We told you about the projects we checked and the C++ language's subtle details; we told you how to create plugins in C# or how to launch PVS-Studio from the command line... But PVS-Studio is first of all meant for developers working in Visual Studio. We've done quite a lot to make it easier and more comfortable for them to use our tool. Yet this particular aspect usually stays off screen. Now I decided to improve that and tell you about the PVS-Studio plugin from scratch. If you are a Visual C++ user, this article is for you. What static code analysis is and why we need it Static code analysis is the process of detecting software errors and defects in the source code of computer programs. Think of static analysis as an automated code review technique. Joint code review as such is a wonderful method, but it has one crucial drawback - a high cost. It's expensive because you have to gather together several programmers regularly so that they could review a new code or re-review a modified code. On the one hand, one wants code review to be done regularly; on the other hand, one can't afford it. Static code analysis tools are a compromise solution. They can check tons of source codes without getting tired and give recommendations to the programmer about which code fragments should be given special consideration. Static analyzers will certainly never replace a good code review performed by a team of programmers, but the high ratio usefulness/price makes static analysis a very helpful methodology adopted by many companies. There are many commercial and free static code analyzers. A large list of them can be found on Wikipedia: List of tools for static code analysis. The number of languages supported by static analyzers is also very big (C, C++, C#, Java, Ada, Fortran, Perl, Ruby, ...). In this article we are going to discuss the PVS-Studio analyzer, of course. What makes static analysis so valuable is that it can significantly reduce the cost of eliminating defects from the program code. The earlier a bug was found, the cheaper it is to fix it. According to the book "Code
Complete" by S. McConnell, fixing an error at the testing stage is ten times more expensive than at the code writing stage: Figure 1. An average cost of error fixing depending on the time the error was added into the code and the time it was detected (the figures for this table are taken from the book "Code Complete" by S. McConnell). Click on the picture to enlarge it. Static analysis tools allow one to reveal many errors that appear at the code writing stage, which makes the development of the whole project much cheaper. For example, the PVS-Studio analyzer can run in the background right after compilation and report any potential bug to the programmer. I'll tell you about this mode in detail a bit later. The subjects of code review and static analysis are discussed in detail in the articles found by the links in the References section [1, 2, 3]. The PVS-Studio static code analyzer PVS-Studio is a static analyzer for detecting bugs in the source code of applications written in C, C++, C++11, C++/CX. First of all, it is designed for Visual Studio users (see the product page for details about supporting other IDEs). The analyzer integrates firm and smooth into any version of the environment within the range VS2005 - VS2012. We're also adding support for VS2013 soon. Once the tool has been integrated, users will
see a new item "PVS-Studio" in the main menu and a window where to handle diagnostic messages generated by the analyzer (see Figure 2). Figure 2. The main elements added by the PVS-Studio analyzer plugin after integration into Visual Studio. Click on the picture to enlarge it.
Initial settings The analyzer is ready for work right after installation. In most cases it won't require you to customize anything before the first run. The only option you may need in the very beginning is that of excluding third-party libraries from analysis: you won't change anything in the source codes of the jpeg library anyway - so, no need to check it. Besides, excluding some folders from analysis will reduce the analysis time. To specify the folders you want to exclude from analysis, go to the following settings window: Options->Dont't Check Files->PathMasks (see Figure 3).
Figure 3. Editing the list of folders you don't want to be checked. Click on the picture to enlarge it. If the full file path contains one of the specified names, analysis won't run for them. By default the list includes the names of certain folders. However, the folder containing the ZLib library may have a different name in your project - for example "zip_lib" instead of "zlib". That's why you may need to edit this list first. To start editing click on the button with three dots. These are examples of legal masks for the PathMasks list: • c:Libs — all the files of the current project which are stored in the specified folder and its subfolders will be excluded. • Libs or *Libs* — all the files stored in the folders whose paths contain the "Libs" subfolder will be excluded. If the "*" characters are missing, they will be added automatically, so both the ways of specifying this mask are legal. • Libs or *Libs* — all the files will be excluded whose paths contain the subfolder which has 'Libs' as its name or part of its name. Also, in this case, all the files will be excluded whose names have the word Libs, for example c:projectmylibs.cpp. To avoid confusion, we recommend that you always use slashes. Besides excluding entire folders, you may specify masks for excluding individual files. This is done through the FileNameMasks option. To learn more about how to handle exclusion lists, see the documentation: Settings: Don't Check Files.
Checking the project Once you're done with the preliminary customization, you can start the analysis of your project. I suggest that you try checking the entire solution at once. To do that, select PVS-Studio->Check->Solution (see Figure 4). Figure 4. Checking a solution with the PVS-Studio analyzer. If any troubles occur when trying to run the analysis, see the section "Troubleshooting FAQ" at our website for useful tips. Those are not stupid recommendations of the "make sure the plug is plugged into a wall outlet" kind; no, this section describes typical issues encountered by users and suggests certain algorithms of actions to solve them. Handling the list of diagnostic messages Once the analysis is complete, all the diagnostic messages will be displayed inside a special window. This has a number of control items, all of them designed for filtering the messages in various ways to make navigation among them more convenient. However, you may find the layout of the window too complicated at first, so let's examine all the control items closer (see Figure 5).
Figure 5. The window with diagnostic messages. Click on the picture to enlarge it. 1. The PVS-Studio window itself. 2. Show/hide messages of the "something gone wrong" kind; for example, some file wasn't processed correctly. 3. Show/hide messages belonging to different severity levels. On the screenshot, the messages of all the three levels are shown, 132 of them referring to the first level, 235 to the second, and 390 to the third. A message's severity level is shown as an emblem of a triangle with a number in the second left column. 4. Active sets of diagnostic rules. GA stands for the general analysis diagnostics, OP for microoptimizations, 64 for 64-bit diagnostics, MP for OpenMP-related diagnostics, and CS for custom diagnostics proposed by users. On the screenshot, displaying of the diagnostics from the sets GA and MP is enabled. 5. Show/hide messages marked as false positives. On the screenshot, this option is enabled. To learn more about it, see the documentation: Suppression of false alarms. 6. Search through the diagnostic messages. 7. Quick filters. For example, you can set them to show only messages with the code V501 for the project XYZ. 8. Move to the next/previous message. When a message is selected, the corresponding file is opened and the cursor is set at the line containing a potential bug. Also, you may in any time select a message from the list by double-clicking on it. 9. Open the settings window. The table with the diagnostic messages is made up of a number of columns: • Star. It doesn't mean anything special; the user is free to interpret it as he likes. For example, you may use it to mark the most interesting warnings you'd like to study closer later. It's something like marking letters with stars in the email clients like Thunderbird or Outlook. • Severity Level. The severity level the message refers to, the 1-st level including the most critical and possibly most dangerous issues, the 3-rd level including small, non-critical mistakes or warnings which are most likely false positives. • ID. A unique number assigned to every message. You may need this when dealing with a large list. For example, you may move to a particular message by its number (see the item "Navigate to ID..." of the drop-down menu). • Code. The code of the message. Clicking on it opens the description of the warning.
• Message. The text of the diagnostic message. • Project. The project name (you can hide this column through the drop-down menu). • File. The file name. • Line. The line number. Important! Note that there may be three dots after the line number for some messages, for example "123 (...)". Clicking on this number opens the list of all the code lines this message refers to, so you can navigate to each of them from the list. • The "False Alarm" mark. This is a mark showing that the warning is a false positive. Keep in mind that false positives are only shown if button 5 is pressed (see Figure 5). It all was tiresome to read, wasn't it? But I assure you that you'll get used to the tool very quickly once you start using it. And you will very rarely have to customize anything. The drop-down menu So, double-clicking on a message gets you to the corresponding code fragment, whereas right-clicking calls the drop-down menu. The menu is pretty simple and we don't want to overload the article with a detailed description of each menu item. If anything is not clear, refer to the documentation. However, I'd like to speak of one very useful feature in particular. Remember you can choose folders/files to be excluded from analysis (Figure 2)? Well, this operation can be done in a much easier way than it seems! Note the item "Don't check files and hide all messages from...". When clicking on it, you'll see a drop-down list of paths you can add into the exclusion list (see Figure 6). Figure 6. Excluding files from analysis. Click on the picture to enlarge it. You can choose both an individual file and an entire folder. On the screenshot, we're selecting the folder "E:[Build]VirualDubsrctest". It means that all the files in this folder and its subfolders will be excluded
from analysis. Besides, all the messages related to these files will be hidden in the message list at once. Convenient, isn't it? You don't have to relaunch analysis to hide all the warnings generated for tests (the "test" folder), for example. Incremental analysis mode This manual about getting started with PVS-Studio would be incomplete without the description of a very important and useful feature of the tool - incremental code analysis. We know that the earlier a bug is found, the cheaper it is to fix it. Ideally, bugs should be underlined right as the code is being written. But this is hard and resource-intensive to implement from the technical viewpoint. Instead, PVS-Studio starts in the background right after the modified code has been compiled. Thus, the tool is searching for bugs in the code that has been modified right now. The analysis running status is indicated by a tray icon. Whenever a bug is found, a pop-out message appears to warn you (see Figure 7) about a possible error. Figure 7. A pop-out message informing you that potential bugs have been found in the recently modified files. If you click on this message, the PVS-Studio window will open (see Figure 2) where you can examine the suspicious code fragments. You'd really better try this mode yourself - you'll understand it much easier that way than from my explanation. In short, it works in this way: you go on writing the code as usual, and the analyzer will bother you if necessary. Do try it! We always use this mode ourselves. Yes, we sometime make mistakes when writing code too, and being able to fix them right away makes it much easier and quicker to find the defect and figure out why the program behaves in a non-expected way. It's a pity when you waste 15-20 minutes on debugging just to find a typo in some index. Here's one of the latest examples when PVS-Studio found a bug inside itself right after it had been added into the code: if (in[0] == '' && in[1] == '.' && in[1] == '') { in += 2; continue; }
But that's just trifles, of course. PVS-Studio sometimes proves much more useful. For example, here's a comment by one of our users describing his experience of using the analyzer: "A User's Experience of Working with the Analyzer". The text sets you thinking, doesn't it? To sum it up: incremental analysis is surely a must-try. You'll get to like it once you've found a few bugs in your freshly written code. PVS-Studio's capabilities Now, let's be brief. It's impossible to describe in short all the diagnostics provided by PVS-Studio, so refer to the documentation for the complete list of diagnostic rules and their detailed descriptions: Error description. Here I will only paste a table showing the diagnostics grouped into categories. Some of the diagnostics are included into more than one group - because this division is actually quite relative. For example, a typo may cause using an uninitialized memory area. Some of the bugs, on the contrary, are not included into any category, for they are too peculiar. Nevertheless, the table is a good way for you to grasp the general idea about our static code analyzer's capabilities (see Figure 8).
Figure 8. PVS-Studio's capabilities. Click on the picture to enlarge it. As you can see, the analyzer is especially good at catching bugs caused by typos and using Copy-Paste. It is also good at detecting issues related to code security. For real-life examples demonstrating these diagnostics in action, see our bug database. We use it to collect all the bugs caught while checking various open-source projects.
Conclusion We haven't told you everything about our tool, of course, because the article would then turn into a complete documentation. The purpose of this paper was to show you how to easily and comfortably work with the tool within the Visual Studio environment. To learn about support of other environments and modes, see the documentation and other articles found at our website. In addition, you will also find many interesting materials for programmers there. So, welcome to our site - you'll surely spend a while there. I wish you bugless code and hope you'll like PVS-Studio. If you have any questions, we are always glad to help you. Contact us. References: 1. Code review. 2. Static code analysis. 3. Static code analysis tools. 4. Myths about static analysis. The second myth - expert developers do not make silly mistakes. 5. Download PVS-Studio and try it real-life. 6. Too few bugs found in my code. Why? Leo Tolstoy and static code analysis. 7. If you want to purchase PVS-Studio for your team, visit the page Buy PVS-Studio to discuss the price and ways of purchasing the tool. 8. FAQ for those who have read our articles and want to ask a question.

Recommended

PVS-Studio features overview (2020)
PVS-Studio features overview (2020)PVS-Studio features overview (2020)
PVS-Studio features overview (2020)
Andrey Karpov
 
PVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced featuresPVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced features
Andrey Karpov
 
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
Andrey Karpov
 
PVS-Studio 5.00, a solution for developers of modern resource-intensive appl...
PVS-Studio 5.00, a solution for developers of modern resource-intensive appl...PVS-Studio 5.00, a solution for developers of modern resource-intensive appl...
PVS-Studio 5.00, a solution for developers of modern resource-intensive appl...
Andrey Karpov
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
Andrey Karpov
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
Andrey Karpov
 
How to Improve Visual C++ 2017 Libraries Using PVS-Studio
How to Improve Visual C++ 2017 Libraries Using PVS-StudioHow to Improve Visual C++ 2017 Libraries Using PVS-Studio
How to Improve Visual C++ 2017 Libraries Using PVS-Studio
PVS-Studio
 
Date Processing Attracts Bugs or 77 Defects in Qt 6
Date Processing Attracts Bugs or 77 Defects in Qt 6Date Processing Attracts Bugs or 77 Defects in Qt 6
Date Processing Attracts Bugs or 77 Defects in Qt 6
Andrey Karpov
 

Recommended

PVS-Studio features overview (2020)
PVS-Studio features overview (2020)PVS-Studio features overview (2020)
PVS-Studio features overview (2020)
Andrey Karpov
 
PVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced featuresPVS-Studio static analyzer: advanced features
PVS-Studio static analyzer: advanced features
Andrey Karpov
 
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
PVS-Studio, a static analyzer detecting errors in the source code of C/C++/C+...
Andrey Karpov
 
PVS-Studio 5.00, a solution for developers of modern resource-intensive appl...
PVS-Studio 5.00, a solution for developers of modern resource-intensive appl...PVS-Studio 5.00, a solution for developers of modern resource-intensive appl...
PVS-Studio 5.00, a solution for developers of modern resource-intensive appl...
Andrey Karpov
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
Andrey Karpov
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
Andrey Karpov
 
How to Improve Visual C++ 2017 Libraries Using PVS-Studio
How to Improve Visual C++ 2017 Libraries Using PVS-StudioHow to Improve Visual C++ 2017 Libraries Using PVS-Studio
How to Improve Visual C++ 2017 Libraries Using PVS-Studio
PVS-Studio
 
Date Processing Attracts Bugs or 77 Defects in Qt 6
Date Processing Attracts Bugs or 77 Defects in Qt 6Date Processing Attracts Bugs or 77 Defects in Qt 6
Date Processing Attracts Bugs or 77 Defects in Qt 6
Andrey Karpov
 
Checking the Qt 5 Framework
Checking the Qt 5 FrameworkChecking the Qt 5 Framework
Checking the Qt 5 Framework
Andrey Karpov
 
Checking Clang 11 with PVS-Studio
Checking Clang 11 with PVS-StudioChecking Clang 11 with PVS-Studio
Checking Clang 11 with PVS-Studio
Andrey Karpov
 
HPX and PVS-Studio
HPX and PVS-StudioHPX and PVS-Studio
HPX and PVS-Studio
PVS-Studio
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShell
PVS-Studio
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
Taeyeop Kim
 
Source code of WPF samples by Microsoft was checked
Source code of WPF samples by Microsoft was checkedSource code of WPF samples by Microsoft was checked
Source code of WPF samples by Microsoft was checked
PVS-Studio
 
The Little Unicorn That Could
The Little Unicorn That CouldThe Little Unicorn That Could
The Little Unicorn That Could
PVS-Studio
 
Comparing Functionalities of PVS-Studio and CppCat Static Code Analyzers
Comparing Functionalities of PVS-Studio and CppCat Static Code AnalyzersComparing Functionalities of PVS-Studio and CppCat Static Code Analyzers
Comparing Functionalities of PVS-Studio and CppCat Static Code Analyzers
Andrey Karpov
 
Rechecking TortoiseSVN with the PVS-Studio Code Analyzer
Rechecking TortoiseSVN with the PVS-Studio Code AnalyzerRechecking TortoiseSVN with the PVS-Studio Code Analyzer
Rechecking TortoiseSVN with the PVS-Studio Code Analyzer
Andrey Karpov
 
PVS-Studio in 2019
PVS-Studio in 2019PVS-Studio in 2019
PVS-Studio in 2019
Andrey Karpov
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal Engine
Andrey Karpov
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Andrey Karpov
 
The First C# Project Analyzed
The First C# Project AnalyzedThe First C# Project Analyzed
The First C# Project Analyzed
PVS-Studio
 
Why Windows 8 drivers are buggy
Why Windows 8 drivers are buggyWhy Windows 8 drivers are buggy
Why Windows 8 drivers are buggy
PVS-Studio
 
Checking OpenCV with PVS-Studio
Checking OpenCV with PVS-StudioChecking OpenCV with PVS-Studio
Checking OpenCV with PVS-Studio
PVS-Studio
 
A fresh eye on Oracle VM VirtualBox
A fresh eye on Oracle VM VirtualBoxA fresh eye on Oracle VM VirtualBox
A fresh eye on Oracle VM VirtualBox
PVS-Studio
 
Linux version of PVS-Studio couldn't help checking CodeLite
Linux version of PVS-Studio couldn't help checking CodeLiteLinux version of PVS-Studio couldn't help checking CodeLite
Linux version of PVS-Studio couldn't help checking CodeLite
PVS-Studio
 
Heading for a Record: Chromium, the 5th Check
Heading for a Record: Chromium, the 5th CheckHeading for a Record: Chromium, the 5th Check
Heading for a Record: Chromium, the 5th Check
PVS-Studio
 
Qtp not just for gui anymore
Qtp not just for gui anymoreQtp not just for gui anymore
Qtp not just for gui anymore
Pragya Rastogi
 
Errors that static code analysis does not find because it is not used
Errors that static code analysis does not find because it is not usedErrors that static code analysis does not find because it is not used
Errors that static code analysis does not find because it is not used
Andrey Karpov
 
Checking the Open-Source Multi Theft Auto Game
Checking the Open-Source Multi Theft Auto GameChecking the Open-Source Multi Theft Auto Game
Checking the Open-Source Multi Theft Auto Game
Andrey Karpov
 
PVS-Studio Now Supports Any Build System under Windows and Any Compiler. Easy...
PVS-Studio Now Supports Any Build System under Windows and Any Compiler. Easy...PVS-Studio Now Supports Any Build System under Windows and Any Compiler. Easy...
PVS-Studio Now Supports Any Build System under Windows and Any Compiler. Easy...
Andrey Karpov
 

More Related Content

What's hot

Checking the Qt 5 Framework
Checking the Qt 5 FrameworkChecking the Qt 5 Framework
Checking the Qt 5 Framework
Andrey Karpov
 
Checking Clang 11 with PVS-Studio
Checking Clang 11 with PVS-StudioChecking Clang 11 with PVS-Studio
Checking Clang 11 with PVS-Studio
Andrey Karpov
 
HPX and PVS-Studio
HPX and PVS-StudioHPX and PVS-Studio
HPX and PVS-Studio
PVS-Studio
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShell
PVS-Studio
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
Taeyeop Kim
 
Source code of WPF samples by Microsoft was checked
Source code of WPF samples by Microsoft was checkedSource code of WPF samples by Microsoft was checked
Source code of WPF samples by Microsoft was checked
PVS-Studio
 
The Little Unicorn That Could
The Little Unicorn That CouldThe Little Unicorn That Could
The Little Unicorn That Could
PVS-Studio
 
Comparing Functionalities of PVS-Studio and CppCat Static Code Analyzers
Comparing Functionalities of PVS-Studio and CppCat Static Code AnalyzersComparing Functionalities of PVS-Studio and CppCat Static Code Analyzers
Comparing Functionalities of PVS-Studio and CppCat Static Code Analyzers
Andrey Karpov
 
Rechecking TortoiseSVN with the PVS-Studio Code Analyzer
Rechecking TortoiseSVN with the PVS-Studio Code AnalyzerRechecking TortoiseSVN with the PVS-Studio Code Analyzer
Rechecking TortoiseSVN with the PVS-Studio Code Analyzer
Andrey Karpov
 
PVS-Studio in 2019
PVS-Studio in 2019PVS-Studio in 2019
PVS-Studio in 2019
Andrey Karpov
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal Engine
Andrey Karpov
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Andrey Karpov
 
The First C# Project Analyzed
The First C# Project AnalyzedThe First C# Project Analyzed
The First C# Project Analyzed
PVS-Studio
 
Why Windows 8 drivers are buggy
Why Windows 8 drivers are buggyWhy Windows 8 drivers are buggy
Why Windows 8 drivers are buggy
PVS-Studio
 
Checking OpenCV with PVS-Studio
Checking OpenCV with PVS-StudioChecking OpenCV with PVS-Studio
Checking OpenCV with PVS-Studio
PVS-Studio
 
A fresh eye on Oracle VM VirtualBox
A fresh eye on Oracle VM VirtualBoxA fresh eye on Oracle VM VirtualBox
A fresh eye on Oracle VM VirtualBox
PVS-Studio
 
Linux version of PVS-Studio couldn't help checking CodeLite
Linux version of PVS-Studio couldn't help checking CodeLiteLinux version of PVS-Studio couldn't help checking CodeLite
Linux version of PVS-Studio couldn't help checking CodeLite
PVS-Studio
 
Heading for a Record: Chromium, the 5th Check
Heading for a Record: Chromium, the 5th CheckHeading for a Record: Chromium, the 5th Check
Heading for a Record: Chromium, the 5th Check
PVS-Studio
 
Qtp not just for gui anymore
Qtp not just for gui anymoreQtp not just for gui anymore
Qtp not just for gui anymore
Pragya Rastogi
 
Errors that static code analysis does not find because it is not used
Errors that static code analysis does not find because it is not usedErrors that static code analysis does not find because it is not used
Errors that static code analysis does not find because it is not used
Andrey Karpov
 

What's hot (20)

Checking the Qt 5 Framework
Checking the Qt 5 FrameworkChecking the Qt 5 Framework
Checking the Qt 5 Framework
 
Checking Clang 11 with PVS-Studio
Checking Clang 11 with PVS-StudioChecking Clang 11 with PVS-Studio
Checking Clang 11 with PVS-Studio
 
HPX and PVS-Studio
HPX and PVS-StudioHPX and PVS-Studio
HPX and PVS-Studio
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShell
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
 
Source code of WPF samples by Microsoft was checked
Source code of WPF samples by Microsoft was checkedSource code of WPF samples by Microsoft was checked
Source code of WPF samples by Microsoft was checked
 
The Little Unicorn That Could
The Little Unicorn That CouldThe Little Unicorn That Could
The Little Unicorn That Could
 
Comparing Functionalities of PVS-Studio and CppCat Static Code Analyzers
Comparing Functionalities of PVS-Studio and CppCat Static Code AnalyzersComparing Functionalities of PVS-Studio and CppCat Static Code Analyzers
Comparing Functionalities of PVS-Studio and CppCat Static Code Analyzers
 
Rechecking TortoiseSVN with the PVS-Studio Code Analyzer
Rechecking TortoiseSVN with the PVS-Studio Code AnalyzerRechecking TortoiseSVN with the PVS-Studio Code Analyzer
Rechecking TortoiseSVN with the PVS-Studio Code Analyzer
 
PVS-Studio in 2019
PVS-Studio in 2019PVS-Studio in 2019
PVS-Studio in 2019
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal Engine
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
 
The First C# Project Analyzed
The First C# Project AnalyzedThe First C# Project Analyzed
The First C# Project Analyzed
 
Why Windows 8 drivers are buggy
Why Windows 8 drivers are buggyWhy Windows 8 drivers are buggy
Why Windows 8 drivers are buggy
 
Checking OpenCV with PVS-Studio
Checking OpenCV with PVS-StudioChecking OpenCV with PVS-Studio
Checking OpenCV with PVS-Studio
 
A fresh eye on Oracle VM VirtualBox
A fresh eye on Oracle VM VirtualBoxA fresh eye on Oracle VM VirtualBox
A fresh eye on Oracle VM VirtualBox
 
Linux version of PVS-Studio couldn't help checking CodeLite
Linux version of PVS-Studio couldn't help checking CodeLiteLinux version of PVS-Studio couldn't help checking CodeLite
Linux version of PVS-Studio couldn't help checking CodeLite
 
Heading for a Record: Chromium, the 5th Check
Heading for a Record: Chromium, the 5th CheckHeading for a Record: Chromium, the 5th Check
Heading for a Record: Chromium, the 5th Check
 
Qtp not just for gui anymore
Qtp not just for gui anymoreQtp not just for gui anymore
Qtp not just for gui anymore
 
Errors that static code analysis does not find because it is not used
Errors that static code analysis does not find because it is not usedErrors that static code analysis does not find because it is not used
Errors that static code analysis does not find because it is not used
 

Viewers also liked

Checking the Open-Source Multi Theft Auto Game
Checking the Open-Source Multi Theft Auto GameChecking the Open-Source Multi Theft Auto Game
Checking the Open-Source Multi Theft Auto Game
Andrey Karpov
 
PVS-Studio Now Supports Any Build System under Windows and Any Compiler. Easy...
PVS-Studio Now Supports Any Build System under Windows and Any Compiler. Easy...PVS-Studio Now Supports Any Build System under Windows and Any Compiler. Easy...
PVS-Studio Now Supports Any Build System under Windows and Any Compiler. Easy...
Andrey Karpov
 
Checking PVS-Studio with Clang
Checking PVS-Studio with ClangChecking PVS-Studio with Clang
Checking PVS-Studio with Clang
Andrey Karpov
 
The Price of Fixing One Bug in Our Programs, or Exotic Bugs in PVS-Studio and...
The Price of Fixing One Bug in Our Programs, or Exotic Bugs in PVS-Studio and...The Price of Fixing One Bug in Our Programs, or Exotic Bugs in PVS-Studio and...
The Price of Fixing One Bug in Our Programs, or Exotic Bugs in PVS-Studio and...
Andrey Karpov
 
Computer & Video Game Archive @MLibrary
Computer & Video Game Archive @MLibraryComputer & Video Game Archive @MLibrary
Computer & Video Game Archive @MLibrary
Dave Carter
 
Comparison of static code analyzers: CppCat, Cppcheck, PVS-Studio and Visual ...
Comparison of static code analyzers: CppCat, Cppcheck, PVS-Studio and Visual ...Comparison of static code analyzers: CppCat, Cppcheck, PVS-Studio and Visual ...
Comparison of static code analyzers: CppCat, Cppcheck, PVS-Studio and Visual ...
Andrey Karpov
 
Still Comparing "this" Pointer to Null?
Still Comparing "this" Pointer to Null?Still Comparing "this" Pointer to Null?
Still Comparing "this" Pointer to Null?
Andrey Karpov
 
Checking the Source SDK Project
Checking the Source SDK ProjectChecking the Source SDK Project
Checking the Source SDK Project
Andrey Karpov
 
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
Andrey Karpov
 
What's the Difference Between Static Analysis and Compiler Warnings?
What's the Difference Between Static Analysis and Compiler Warnings?What's the Difference Between Static Analysis and Compiler Warnings?
What's the Difference Between Static Analysis and Compiler Warnings?
Andrey Karpov
 
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ BuilderA Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
Andrey Karpov
 
You can now use PVS-Studio with Visual Studio absent; just give it the prepro...
You can now use PVS-Studio with Visual Studio absent; just give it the prepro...You can now use PVS-Studio with Visual Studio absent; just give it the prepro...
You can now use PVS-Studio with Visual Studio absent; just give it the prepro...
Andrey Karpov
 
StdAfx.h for Novices
StdAfx.h for NovicesStdAfx.h for Novices
StdAfx.h for Novices
Andrey Karpov
 
A Long-Awaited Check of Unreal Engine 4
A Long-Awaited Check of Unreal Engine 4A Long-Awaited Check of Unreal Engine 4
A Long-Awaited Check of Unreal Engine 4
Andrey Karpov
 
Tesseract. Recognizing Errors in Recognition Software
Tesseract. Recognizing Errors in Recognition SoftwareTesseract. Recognizing Errors in Recognition Software
Tesseract. Recognizing Errors in Recognition Software
Andrey Karpov
 
Self Tester
Self TesterSelf Tester
Self Tester
Andrey Karpov
 
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Andrey Karpov
 

Viewers also liked (17)

Checking the Open-Source Multi Theft Auto Game
Checking the Open-Source Multi Theft Auto GameChecking the Open-Source Multi Theft Auto Game
Checking the Open-Source Multi Theft Auto Game
 
PVS-Studio Now Supports Any Build System under Windows and Any Compiler. Easy...
PVS-Studio Now Supports Any Build System under Windows and Any Compiler. Easy...PVS-Studio Now Supports Any Build System under Windows and Any Compiler. Easy...
PVS-Studio Now Supports Any Build System under Windows and Any Compiler. Easy...
 
Checking PVS-Studio with Clang
Checking PVS-Studio with ClangChecking PVS-Studio with Clang
Checking PVS-Studio with Clang
 
The Price of Fixing One Bug in Our Programs, or Exotic Bugs in PVS-Studio and...
The Price of Fixing One Bug in Our Programs, or Exotic Bugs in PVS-Studio and...The Price of Fixing One Bug in Our Programs, or Exotic Bugs in PVS-Studio and...
The Price of Fixing One Bug in Our Programs, or Exotic Bugs in PVS-Studio and...
 
Computer & Video Game Archive @MLibrary
Computer & Video Game Archive @MLibraryComputer & Video Game Archive @MLibrary
Computer & Video Game Archive @MLibrary
 
Comparison of static code analyzers: CppCat, Cppcheck, PVS-Studio and Visual ...
Comparison of static code analyzers: CppCat, Cppcheck, PVS-Studio and Visual ...Comparison of static code analyzers: CppCat, Cppcheck, PVS-Studio and Visual ...
Comparison of static code analyzers: CppCat, Cppcheck, PVS-Studio and Visual ...
 
Still Comparing "this" Pointer to Null?
Still Comparing "this" Pointer to Null?Still Comparing "this" Pointer to Null?
Still Comparing "this" Pointer to Null?
 
Checking the Source SDK Project
Checking the Source SDK ProjectChecking the Source SDK Project
Checking the Source SDK Project
 
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
 
What's the Difference Between Static Analysis and Compiler Warnings?
What's the Difference Between Static Analysis and Compiler Warnings?What's the Difference Between Static Analysis and Compiler Warnings?
What's the Difference Between Static Analysis and Compiler Warnings?
 
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ BuilderA Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
 
You can now use PVS-Studio with Visual Studio absent; just give it the prepro...
You can now use PVS-Studio with Visual Studio absent; just give it the prepro...You can now use PVS-Studio with Visual Studio absent; just give it the prepro...
You can now use PVS-Studio with Visual Studio absent; just give it the prepro...
 
StdAfx.h for Novices
StdAfx.h for NovicesStdAfx.h for Novices
StdAfx.h for Novices
 
A Long-Awaited Check of Unreal Engine 4
A Long-Awaited Check of Unreal Engine 4A Long-Awaited Check of Unreal Engine 4
A Long-Awaited Check of Unreal Engine 4
 
Tesseract. Recognizing Errors in Recognition Software
Tesseract. Recognizing Errors in Recognition SoftwareTesseract. Recognizing Errors in Recognition Software
Tesseract. Recognizing Errors in Recognition Software
 
Self Tester
Self TesterSelf Tester
Self Tester
 
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
Comparing the general static analysis in Visual Studio 2010 and PVS-Studio by...
 

Similar to PVS-Studio for Visual C++

PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++
PVS-Studio
 
Difficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usabilityDifficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usability
PVS-Studio
 
Difficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usabilityDifficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usability
Andrey Karpov
 
Difficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usabilityDifficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usability
PVS-Studio
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio
 
Static Analysis: From Getting Started to Integration
Static Analysis: From Getting Started to IntegrationStatic Analysis: From Getting Started to Integration
Static Analysis: From Getting Started to Integration
Andrey Karpov
 
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-StudioComparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
PVS-Studio
 
An Ideal Way to Integrate a Static Code Analyzer into a Project
An Ideal Way to Integrate a Static Code Analyzer into a ProjectAn Ideal Way to Integrate a Static Code Analyzer into a Project
An Ideal Way to Integrate a Static Code Analyzer into a Project
PVS-Studio
 
PVS-Studio Has Finally Got to Boost
PVS-Studio Has Finally Got to BoostPVS-Studio Has Finally Got to Boost
PVS-Studio Has Finally Got to Boost
Andrey Karpov
 
War of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlowWar of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlow
PVS-Studio
 
Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...
PVS-Studio
 
Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...
Andrey Karpov
 
PVS-Studio confesses its love for Linux
PVS-Studio confesses its love for LinuxPVS-Studio confesses its love for Linux
PVS-Studio confesses its love for Linux
PVS-Studio
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
PVS-Studio
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
PVS-Studio
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
Andrey Karpov
 
New Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynNew Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning Roslyn
PVS-Studio
 
How we test the code analyzer
How we test the code analyzerHow we test the code analyzer
How we test the code analyzer
PVS-Studio
 
PVS-Studio's New Message Suppression Mechanism
PVS-Studio's New Message Suppression MechanismPVS-Studio's New Message Suppression Mechanism
PVS-Studio's New Message Suppression Mechanism
Andrey Karpov
 
Diving into VS 2015 Day2
Diving into VS 2015 Day2Diving into VS 2015 Day2
Diving into VS 2015 Day2
Akhil Mittal
 

Similar to PVS-Studio for Visual C++ (20)

PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++
 
Difficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usabilityDifficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usability
 
Difficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usabilityDifficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usability
 
Difficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usabilityDifficulties of comparing code analyzers, or don't forget about usability
Difficulties of comparing code analyzers, or don't forget about usability
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
 
Static Analysis: From Getting Started to Integration
Static Analysis: From Getting Started to IntegrationStatic Analysis: From Getting Started to Integration
Static Analysis: From Getting Started to Integration
 
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-StudioComparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-Studio
 
An Ideal Way to Integrate a Static Code Analyzer into a Project
An Ideal Way to Integrate a Static Code Analyzer into a ProjectAn Ideal Way to Integrate a Static Code Analyzer into a Project
An Ideal Way to Integrate a Static Code Analyzer into a Project
 
PVS-Studio Has Finally Got to Boost
PVS-Studio Has Finally Got to BoostPVS-Studio Has Finally Got to Boost
PVS-Studio Has Finally Got to Boost
 
War of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlowWar of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlow
 
Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...
 
Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...
 
PVS-Studio confesses its love for Linux
PVS-Studio confesses its love for LinuxPVS-Studio confesses its love for Linux
PVS-Studio confesses its love for Linux
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
 
New Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynNew Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning Roslyn
 
How we test the code analyzer
How we test the code analyzerHow we test the code analyzer
How we test the code analyzer
 
PVS-Studio's New Message Suppression Mechanism
PVS-Studio's New Message Suppression MechanismPVS-Studio's New Message Suppression Mechanism
PVS-Studio's New Message Suppression Mechanism
 
Diving into VS 2015 Day2
Diving into VS 2015 Day2Diving into VS 2015 Day2
Diving into VS 2015 Day2
 

More from Andrey Karpov

60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста
Andrey Karpov
 
60 terrible tips for a C++ developer
60 terrible tips for a C++ developer60 terrible tips for a C++ developer
60 terrible tips for a C++ developer
Andrey Karpov
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Andrey Karpov
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error Examples
Andrey Karpov
 
PVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewPVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature Overview
Andrey Karpov
 
PVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокPVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибок
Andrey Karpov
 
PVS-Studio в 2021
PVS-Studio в 2021PVS-Studio в 2021
PVS-Studio в 2021
Andrey Karpov
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Andrey Karpov
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' Mistakes
Andrey Karpov
 
Does static analysis need machine learning?
Does static analysis need machine learning?Does static analysis need machine learning?
Does static analysis need machine learning?
Andrey Karpov
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and Java
Andrey Karpov
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
Andrey Karpov
 
Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?
Andrey Karpov
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical Reviewer
Andrey Karpov
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
Andrey Karpov
 
The Great and Mighty C++
The Great and Mighty C++The Great and Mighty C++
The Great and Mighty C++
Andrey Karpov
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?
Andrey Karpov
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for you
Andrey Karpov
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
Andrey Karpov
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
Andrey Karpov
 

More from Andrey Karpov (20)

60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста
 
60 terrible tips for a C++ developer
60 terrible tips for a C++ developer60 terrible tips for a C++ developer
60 terrible tips for a C++ developer
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error Examples
 
PVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewPVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature Overview
 
PVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокPVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибок
 
PVS-Studio в 2021
PVS-Studio в 2021PVS-Studio в 2021
PVS-Studio в 2021
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' Mistakes
 
Does static analysis need machine learning?
Does static analysis need machine learning?Does static analysis need machine learning?
Does static analysis need machine learning?
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and Java
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
 
Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical Reviewer
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
 
The Great and Mighty C++
The Great and Mighty C++The Great and Mighty C++
The Great and Mighty C++
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for you
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
 

Recently uploaded

DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISDECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
Tier1 app
 
ACE - Team 24 Wrapup event at ahmedabad.
ACE - Team 24 Wrapup event at ahmedabad.ACE - Team 24 Wrapup event at ahmedabad.
ACE - Team 24 Wrapup event at ahmedabad.
Maitrey Patel
 
DevOps Consulting Company | Hire DevOps Services
DevOps Consulting Company | Hire DevOps ServicesDevOps Consulting Company | Hire DevOps Services
DevOps Consulting Company | Hire DevOps Services
seospiralmantra
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
sjcobrien
 
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio, Inc.
 
ppt on the brain chip neuralink.pptx
ppt on the brain chip neuralink.pptxppt on the brain chip neuralink.pptx
ppt on the brain chip neuralink.pptx
Reetu63
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
ShulagnaSarkar2
 
Kubernetes at Scale: Going Multi-Cluster with Istio
Kubernetes at Scale: Going Multi-Cluster with IstioKubernetes at Scale: Going Multi-Cluster with Istio
Kubernetes at Scale: Going Multi-Cluster with Istio
Severalnines
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
safelyiotech
 
Upturn India Technologies - Web development company in Nashik
Upturn India Technologies - Web development company in NashikUpturn India Technologies - Web development company in Nashik
Upturn India Technologies - Web development company in Nashik
Upturn India Technologies
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
Bert Jan Schrijver
 
Liberarsi dai framework con i Web Component.pptx
Liberarsi dai framework con i Web Component.pptxLiberarsi dai framework con i Web Component.pptx
Liberarsi dai framework con i Web Component.pptx
Massimo Artizzu
 
The Rising Future of CPaaS in the Middle East 2024
The Rising Future of CPaaS in the Middle East 2024The Rising Future of CPaaS in the Middle East 2024
The Rising Future of CPaaS in the Middle East 2024
Yara Milbes
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
gapen1
 
Boost Your Savings with These Money Management Apps
Boost Your Savings with These Money Management AppsBoost Your Savings with These Money Management Apps
Boost Your Savings with These Money Management Apps
Jhone kinadey
 
Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)
alowpalsadig
 
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid
 
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
kalichargn70th171
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
dakas1
 

Recently uploaded (20)

DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISDECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
 
ACE - Team 24 Wrapup event at ahmedabad.
ACE - Team 24 Wrapup event at ahmedabad.ACE - Team 24 Wrapup event at ahmedabad.
ACE - Team 24 Wrapup event at ahmedabad.
 
DevOps Consulting Company | Hire DevOps Services
DevOps Consulting Company | Hire DevOps ServicesDevOps Consulting Company | Hire DevOps Services
DevOps Consulting Company | Hire DevOps Services
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
 
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
 
ppt on the brain chip neuralink.pptx
ppt on the brain chip neuralink.pptxppt on the brain chip neuralink.pptx
ppt on the brain chip neuralink.pptx
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
 
Kubernetes at Scale: Going Multi-Cluster with Istio
Kubernetes at Scale: Going Multi-Cluster with IstioKubernetes at Scale: Going Multi-Cluster with Istio
Kubernetes at Scale: Going Multi-Cluster with Istio
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
 
Upturn India Technologies - Web development company in Nashik
Upturn India Technologies - Web development company in NashikUpturn India Technologies - Web development company in Nashik
Upturn India Technologies - Web development company in Nashik
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
 
Liberarsi dai framework con i Web Component.pptx
Liberarsi dai framework con i Web Component.pptxLiberarsi dai framework con i Web Component.pptx
Liberarsi dai framework con i Web Component.pptx
 
The Rising Future of CPaaS in the Middle East 2024
The Rising Future of CPaaS in the Middle East 2024The Rising Future of CPaaS in the Middle East 2024
The Rising Future of CPaaS in the Middle East 2024
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
 
Boost Your Savings with These Money Management Apps
Boost Your Savings with These Money Management AppsBoost Your Savings with These Money Management Apps
Boost Your Savings with These Money Management Apps
 
Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)
 
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
 
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
 

PVS-Studio for Visual C++

  • 1. PVS-Studio for Visual C++ Author: Andrey Karpov Date: 29.10.2013 At some moment, long ago, we somehow started to cover in our articles any subject but the PVS-Studio tool itself. We told you about the projects we checked and the C++ language's subtle details; we told you how to create plugins in C# or how to launch PVS-Studio from the command line... But PVS-Studio is first of all meant for developers working in Visual Studio. We've done quite a lot to make it easier and more comfortable for them to use our tool. Yet this particular aspect usually stays off screen. Now I decided to improve that and tell you about the PVS-Studio plugin from scratch. If you are a Visual C++ user, this article is for you. What static code analysis is and why we need it Static code analysis is the process of detecting software errors and defects in the source code of computer programs. Think of static analysis as an automated code review technique. Joint code review as such is a wonderful method, but it has one crucial drawback - a high cost. It's expensive because you have to gather together several programmers regularly so that they could review a new code or re-review a modified code. On the one hand, one wants code review to be done regularly; on the other hand, one can't afford it. Static code analysis tools are a compromise solution. They can check tons of source codes without getting tired and give recommendations to the programmer about which code fragments should be given special consideration. Static analyzers will certainly never replace a good code review performed by a team of programmers, but the high ratio usefulness/price makes static analysis a very helpful methodology adopted by many companies. There are many commercial and free static code analyzers. A large list of them can be found on Wikipedia: List of tools for static code analysis. The number of languages supported by static analyzers is also very big (C, C++, C#, Java, Ada, Fortran, Perl, Ruby, ...). In this article we are going to discuss the PVS-Studio analyzer, of course. What makes static analysis so valuable is that it can significantly reduce the cost of eliminating defects from the program code. The earlier a bug was found, the cheaper it is to fix it. According to the book "Code
  • 2. Complete" by S. McConnell, fixing an error at the testing stage is ten times more expensive than at the code writing stage: Figure 1. An average cost of error fixing depending on the time the error was added into the code and the time it was detected (the figures for this table are taken from the book "Code Complete" by S. McConnell). Click on the picture to enlarge it. Static analysis tools allow one to reveal many errors that appear at the code writing stage, which makes the development of the whole project much cheaper. For example, the PVS-Studio analyzer can run in the background right after compilation and report any potential bug to the programmer. I'll tell you about this mode in detail a bit later. The subjects of code review and static analysis are discussed in detail in the articles found by the links in the References section [1, 2, 3]. The PVS-Studio static code analyzer PVS-Studio is a static analyzer for detecting bugs in the source code of applications written in C, C++, C++11, C++/CX. First of all, it is designed for Visual Studio users (see the product page for details about supporting other IDEs). The analyzer integrates firm and smooth into any version of the environment within the range VS2005 - VS2012. We're also adding support for VS2013 soon. Once the tool has been integrated, users will
  • 3. see a new item "PVS-Studio" in the main menu and a window where to handle diagnostic messages generated by the analyzer (see Figure 2). Figure 2. The main elements added by the PVS-Studio analyzer plugin after integration into Visual Studio. Click on the picture to enlarge it.
  • 4. Initial settings The analyzer is ready for work right after installation. In most cases it won't require you to customize anything before the first run. The only option you may need in the very beginning is that of excluding third-party libraries from analysis: you won't change anything in the source codes of the jpeg library anyway - so, no need to check it. Besides, excluding some folders from analysis will reduce the analysis time. To specify the folders you want to exclude from analysis, go to the following settings window: Options->Dont't Check Files->PathMasks (see Figure 3).
  • 5. Figure 3. Editing the list of folders you don't want to be checked. Click on the picture to enlarge it. If the full file path contains one of the specified names, analysis won't run for them. By default the list includes the names of certain folders. However, the folder containing the ZLib library may have a different name in your project - for example "zip_lib" instead of "zlib". That's why you may need to edit this list first. To start editing click on the button with three dots. These are examples of legal masks for the PathMasks list: • c:Libs — all the files of the current project which are stored in the specified folder and its subfolders will be excluded. • Libs or *Libs* — all the files stored in the folders whose paths contain the "Libs" subfolder will be excluded. If the "*" characters are missing, they will be added automatically, so both the ways of specifying this mask are legal. • Libs or *Libs* — all the files will be excluded whose paths contain the subfolder which has 'Libs' as its name or part of its name. Also, in this case, all the files will be excluded whose names have the word Libs, for example c:projectmylibs.cpp. To avoid confusion, we recommend that you always use slashes. Besides excluding entire folders, you may specify masks for excluding individual files. This is done through the FileNameMasks option. To learn more about how to handle exclusion lists, see the documentation: Settings: Don't Check Files.
  • 6. Checking the project Once you're done with the preliminary customization, you can start the analysis of your project. I suggest that you try checking the entire solution at once. To do that, select PVS-Studio->Check->Solution (see Figure 4). Figure 4. Checking a solution with the PVS-Studio analyzer. If any troubles occur when trying to run the analysis, see the section "Troubleshooting FAQ" at our website for useful tips. Those are not stupid recommendations of the "make sure the plug is plugged into a wall outlet" kind; no, this section describes typical issues encountered by users and suggests certain algorithms of actions to solve them. Handling the list of diagnostic messages Once the analysis is complete, all the diagnostic messages will be displayed inside a special window. This has a number of control items, all of them designed for filtering the messages in various ways to make navigation among them more convenient. However, you may find the layout of the window too complicated at first, so let's examine all the control items closer (see Figure 5).
  • 7. Figure 5. The window with diagnostic messages. Click on the picture to enlarge it. 1. The PVS-Studio window itself. 2. Show/hide messages of the "something gone wrong" kind; for example, some file wasn't processed correctly. 3. Show/hide messages belonging to different severity levels. On the screenshot, the messages of all the three levels are shown, 132 of them referring to the first level, 235 to the second, and 390 to the third. A message's severity level is shown as an emblem of a triangle with a number in the second left column. 4. Active sets of diagnostic rules. GA stands for the general analysis diagnostics, OP for microoptimizations, 64 for 64-bit diagnostics, MP for OpenMP-related diagnostics, and CS for custom diagnostics proposed by users. On the screenshot, displaying of the diagnostics from the sets GA and MP is enabled. 5. Show/hide messages marked as false positives. On the screenshot, this option is enabled. To learn more about it, see the documentation: Suppression of false alarms. 6. Search through the diagnostic messages. 7. Quick filters. For example, you can set them to show only messages with the code V501 for the project XYZ. 8. Move to the next/previous message. When a message is selected, the corresponding file is opened and the cursor is set at the line containing a potential bug. Also, you may in any time select a message from the list by double-clicking on it. 9. Open the settings window. The table with the diagnostic messages is made up of a number of columns: • Star. It doesn't mean anything special; the user is free to interpret it as he likes. For example, you may use it to mark the most interesting warnings you'd like to study closer later. It's something like marking letters with stars in the email clients like Thunderbird or Outlook. • Severity Level. The severity level the message refers to, the 1-st level including the most critical and possibly most dangerous issues, the 3-rd level including small, non-critical mistakes or warnings which are most likely false positives. • ID. A unique number assigned to every message. You may need this when dealing with a large list. For example, you may move to a particular message by its number (see the item "Navigate to ID..." of the drop-down menu). • Code. The code of the message. Clicking on it opens the description of the warning.
  • 8. • Message. The text of the diagnostic message. • Project. The project name (you can hide this column through the drop-down menu). • File. The file name. • Line. The line number. Important! Note that there may be three dots after the line number for some messages, for example "123 (...)". Clicking on this number opens the list of all the code lines this message refers to, so you can navigate to each of them from the list. • The "False Alarm" mark. This is a mark showing that the warning is a false positive. Keep in mind that false positives are only shown if button 5 is pressed (see Figure 5). It all was tiresome to read, wasn't it? But I assure you that you'll get used to the tool very quickly once you start using it. And you will very rarely have to customize anything. The drop-down menu So, double-clicking on a message gets you to the corresponding code fragment, whereas right-clicking calls the drop-down menu. The menu is pretty simple and we don't want to overload the article with a detailed description of each menu item. If anything is not clear, refer to the documentation. However, I'd like to speak of one very useful feature in particular. Remember you can choose folders/files to be excluded from analysis (Figure 2)? Well, this operation can be done in a much easier way than it seems! Note the item "Don't check files and hide all messages from...". When clicking on it, you'll see a drop-down list of paths you can add into the exclusion list (see Figure 6). Figure 6. Excluding files from analysis. Click on the picture to enlarge it. You can choose both an individual file and an entire folder. On the screenshot, we're selecting the folder "E:[Build]VirualDubsrctest". It means that all the files in this folder and its subfolders will be excluded
  • 9. from analysis. Besides, all the messages related to these files will be hidden in the message list at once. Convenient, isn't it? You don't have to relaunch analysis to hide all the warnings generated for tests (the "test" folder), for example. Incremental analysis mode This manual about getting started with PVS-Studio would be incomplete without the description of a very important and useful feature of the tool - incremental code analysis. We know that the earlier a bug is found, the cheaper it is to fix it. Ideally, bugs should be underlined right as the code is being written. But this is hard and resource-intensive to implement from the technical viewpoint. Instead, PVS-Studio starts in the background right after the modified code has been compiled. Thus, the tool is searching for bugs in the code that has been modified right now. The analysis running status is indicated by a tray icon. Whenever a bug is found, a pop-out message appears to warn you (see Figure 7) about a possible error. Figure 7. A pop-out message informing you that potential bugs have been found in the recently modified files. If you click on this message, the PVS-Studio window will open (see Figure 2) where you can examine the suspicious code fragments. You'd really better try this mode yourself - you'll understand it much easier that way than from my explanation. In short, it works in this way: you go on writing the code as usual, and the analyzer will bother you if necessary. Do try it! We always use this mode ourselves. Yes, we sometime make mistakes when writing code too, and being able to fix them right away makes it much easier and quicker to find the defect and figure out why the program behaves in a non-expected way. It's a pity when you waste 15-20 minutes on debugging just to find a typo in some index. Here's one of the latest examples when PVS-Studio found a bug inside itself right after it had been added into the code: if (in[0] == '' && in[1] == '.' && in[1] == '') { in += 2; continue; }
  • 10. But that's just trifles, of course. PVS-Studio sometimes proves much more useful. For example, here's a comment by one of our users describing his experience of using the analyzer: "A User's Experience of Working with the Analyzer". The text sets you thinking, doesn't it? To sum it up: incremental analysis is surely a must-try. You'll get to like it once you've found a few bugs in your freshly written code. PVS-Studio's capabilities Now, let's be brief. It's impossible to describe in short all the diagnostics provided by PVS-Studio, so refer to the documentation for the complete list of diagnostic rules and their detailed descriptions: Error description. Here I will only paste a table showing the diagnostics grouped into categories. Some of the diagnostics are included into more than one group - because this division is actually quite relative. For example, a typo may cause using an uninitialized memory area. Some of the bugs, on the contrary, are not included into any category, for they are too peculiar. Nevertheless, the table is a good way for you to grasp the general idea about our static code analyzer's capabilities (see Figure 8).
  • 11. Figure 8. PVS-Studio's capabilities. Click on the picture to enlarge it. As you can see, the analyzer is especially good at catching bugs caused by typos and using Copy-Paste. It is also good at detecting issues related to code security. For real-life examples demonstrating these diagnostics in action, see our bug database. We use it to collect all the bugs caught while checking various open-source projects.
  • 12. Conclusion We haven't told you everything about our tool, of course, because the article would then turn into a complete documentation. The purpose of this paper was to show you how to easily and comfortably work with the tool within the Visual Studio environment. To learn about support of other environments and modes, see the documentation and other articles found at our website. In addition, you will also find many interesting materials for programmers there. So, welcome to our site - you'll surely spend a while there. I wish you bugless code and hope you'll like PVS-Studio. If you have any questions, we are always glad to help you. Contact us. References: 1. Code review. 2. Static code analysis. 3. Static code analysis tools. 4. Myths about static analysis. The second myth - expert developers do not make silly mistakes. 5. Download PVS-Studio and try it real-life. 6. Too few bugs found in my code. Why? Leo Tolstoy and static code analysis. 7. If you want to purchase PVS-Studio for your team, visit the page Buy PVS-Studio to discuss the price and ways of purchasing the tool. 8. FAQ for those who have read our articles and want to ask a question.