SlideShare a Scribd company logo

PVS-Studio features overview (2020)

Download as PPTX, PDF
Andrey Karpov
Andrey Karpov

PVS-Studio is a static code analyzer for C, C++, C#, and Java that detects bugs and vulnerabilities. It supports various compilers and IDE plugins. It uses data flow analysis, symbolic execution, pattern matching, and other techniques to detect bugs like buffer overflows, leaks, dead code, and undefined behavior. Over 700 diagnostics are implemented to date across the supported languages. The analyzer produces warnings classified by standard taxonomies. Users can exclude files, suppress warnings, and integrate it with continuous integration systems. Support and documentation is provided through online and PDF references.

Software
1 of 32
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
PVS-Studio features overview Windows, Linux, macOS C, C++, C#, Java Phillip Khandeliants khandeliants@viva64.com
Speaker  Lead C++/C# developer in PVS- Studio team  Have been working in the company since 2016  Popularizing modern C++
 Static code analyzers for C, C++, C++/CLI, C++/CX, C#, and Java on Windows, Linux and macOS;  Supported compilers (C/C++): MSVC, GCC, Clang, MingW, ARM GCC, ARM Clang, Keil ARM Compiler 5/6, IAR C/C++ Compiler for ARM, TI ARM CGT;  Plugins for Visual Studio 2010-2019, Rider, IntelliJ IDEA; PVS-Studio infrastructure
 Compilation monitoring utility for performing analysis independently of the IDE or build system (C/C++ only);  Suppress files: ability to view warnings only on newly written code;  Incremental analysis: automatic analysis of changed files PVS-Studio infrastructure
 Integration with TeamCity, Azure DevOps, Travis CI, CircleCI, GitLab CI/CD, Jenkins, SonarQube, etc.  PlogConverter utility to convert raw log to desirable format  BlameNotifier utility to distribute warnings by mail PVS-Studio infrastructure
 C, C++ diagnostics : 510  C# diagnostics : 153  Java diagnostics : 82 By July 2020 we’ve implemented in PVS-Studio:
 Copy-paste errors  Array index out of bounds  Buffer overrun  Memory/resource leaks  Invalid operator precedence  Dereferencing of nullable types  Dead/unreachable code  Use of uninitialized variables  Undefined/unspecified behavior  …. What can be detected?
Great attention is paid to analyzer warnings:  Warnings classification is supported according to:  Common Weakness Enumeration (CWE)  SEI CERT C Coding Standard  SEI CERT C++ Coding Standard  MISRA C, MISRA C++  Detailed documentation in Russian and English:  Online  PDF
Diagnostic capabilities of PVS-Studio
 This error demonstrates greatly how DataFlow analysis works in PVS-Studio  This error was found using PVS-Studio in Chromium project (Protocol Buffers)  The analyzer issues two warnings:  V547 Expression 'time.month <= kDaysInMonth[time.month] + 1' is always true. time.cc 83  V547 Expression 'time.month <= kDaysInMonth[time.month]' is always true. time.cc 85 Data Flow analysis
static const int kDaysInMonth[13] = { 0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; bool ValidateDateTime(const DateTime& time) { if (time.year < 1 || time.year > 9999 || time.month < 1 || time.month > 12 || time.day < 1 || time.day > 31 || time.hour < 0 || time.hour > 23 || time.minute < 0 || time.minute > 59 || time.second < 0 || time.second > 59) { return false; } if (time.month == 2 && IsLeapYear(time.year)) { return time.month <= kDaysInMonth[time.month] + 1; } else { return time.month <= kDaysInMonth[time.month]; } }
static const int kDaysInMonth[13] = { 0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; bool ValidateDateTime(const DateTime& time) { if (time.year < 1 || time.year > 9999 || time.month < 1 || time.month > 12 || time.day < 1 || time.day > 31 || time.hour < 0 || time.hour > 23 || time.minute < 0 || time.minute > 59 || time.second < 0 || time.second > 59) { return false; } if (time.month == 2 && IsLeapYear(time.year)) { return time.month <= kDaysInMonth[time.month] + 1; } else { return time.month <= kDaysInMonth[time.month]; } }
static const int kDaysInMonth[13] = { 0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; bool ValidateDateTime(const DateTime& time) { if (time.year < 1 || time.year > 9999 || time.month < 1 || time.month > 12 || time.day < 1 || time.day > 31 || time.hour < 0 || time.hour > 23 || time.minute < 0 || time.minute > 59 || time.second < 0 || time.second > 59) { return false; } if (time.month == 2 && IsLeapYear(time.year)) { return time.month <= kDaysInMonth[time.month] + 1; } else { return time.month <= kDaysInMonth[time.month]; } }
static const int kDaysInMonth[13] = { 0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; bool ValidateDateTime(const DateTime& time) { if (time.year < 1 || time.year > 9999 || time.month < 1 || time.month > 12 || time.day < 1 || time.day > 31 || time.hour < 0 || time.hour > 23 || time.minute < 0 || time.minute > 59 || time.second < 0 || time.second > 59) { return false; } if (time.month == 2 && IsLeapYear(time.year)) { return time.month <= kDaysInMonth[time.month] + 1; } else { return time.month <= kDaysInMonth[time.month]; } } time.day
int x0 = ....; int x1 = ....; int y0 = ....; int y1 = ....; assert(x0 <= x1 && "...."); assert(y0 <= y1 && "...."); assert((x1 - x0) == (y1 - y0) && "...."); assert(x0 >= 0 && x0 < int(some_value) && "...."); assert(x1 >= 0 && x1 < int(some_value) && "...."); // x1 >= 0 assert(y0 >= 0 && y0 < int(some_value) && "...."); // y0 >= 0 assert(y1 >= 0 && y1 < int(some_value) && "...."); // y1 >= 0 Symbolic execution V560 A part of conditional expression is always true. V560 A part of conditional expression is always true. V560 A part of conditional expression is always true.
Method/class annotations Our team has annotated thousands of functions and classes, given in:  standard C library  standard С++ library  WinAPI  glibc (GNU C Library)  Qt  MFC  and so on
void EnableFloatExceptions(....) { .... CONTEXT ctx; memset(&ctx, sizeof(ctx), 0); .... } Method/class annotations V575 The 'memset' function processes '0' elements. Inspect the third argument. crythreadutil_win32.h 294 This error was found using PVS-Studio in CryEngine V project
static void FwdLockGlue_InitializeRoundKeys() { unsigned char keyEncryptionKey[KEY_SIZE]; .... memset(keyEncryptionKey, 0, KEY_SIZE); // Zero out key data. } Pattern-based matching analysis V597 CWE-14 The compiler could delete the 'memset' function call, which is used to flush 'keyEncryptionKey' buffer. The memset_s() function should be used to erase the private data. FwdLockGlue.c 102 This error was found using PVS-Studio in Android project
Start using PVS-Studio
 For VS2010-2019: just install plugin and check your solution!  For other cases you can capture compiler invocations and gather all needed information for the analysis Using PVS-Studio: quick start Windows:  C and C++ Compiler Monitoring UI tool Linux/macOS  pvs-studio-analyzer utility
Using PVS-Studio: mass suppression  It can be difficult to start using static analysis in a large project  It’s not clear what to do with warnings in old code  We suggest a decision: hiding messages using suppress files
Using PVS-Studio: suppressing of false positives  Various ways to suppress false positives in specific lines of code  Suppression of false positives in macros  Suppression of false positives using pvsconfig diagnostics configuration files
Using PVS-Studio: excluding from analysis  Possibility to exclude files from analysis by their name, directory or mask  Interactive filtration of analysis results (log) in PVS-Studio window:  by diagnostic code and warning level  by the file name  by including the word in the text of a diagnostic
 The most efficient way of fixing an error is to do it right after it appeared in code Using PVS-Studio: automatic analysis of files after their recompilation
Using PVS-Studio: scalability  Support of multicore and multiprocessor systems with configuration of the number of utilized cores  IncrediBuild support
 Running analysis from command line for checking the whole project  Saving and loading of analysis results  Using of relative paths in report files  Send mail notifications with BlameNotifier utility Using PVS-Studio: continuous integration
 Convenient online reference on all diagnostics Using PVS-Studio: documentation
 We developed a plugin for importing analysis results into SonarQube  Using of this plugin allows to add warnings found by PVS-Studio analyzer to the warnings base of SonarQube server Using PVS-Studio: SonarQube
Using PVS-Studio: SonarQube
Using PVS-Studio: SonarQube
Using PVS-Studio: HTML report
 Write to us: support@viva64.com  Subscribe:  Twitter: @Code_Analysis  RSS: http://feeds.feedburner.com/viva64-blog-en  Facebook: https://www.facebook.com/StaticCodeAnalyzer  Telegram: https://t.me/pvsstudio_en  Download PVS-Studio: https://www.viva64.com/download_cpp_on_sea/ Thank you for attention!

More Related Content

What's hot (20)

PPTX
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Andrey Karpov
 
PDF
Checking Clang 11 with PVS-Studio
Andrey Karpov
 
PPTX
PVS-Studio is ready to improve the code of Tizen operating system
Andrey Karpov
 
PDF
Date Processing Attracts Bugs or 77 Defects in Qt 6
Andrey Karpov
 
PDF
Checking the Qt 5 Framework
Andrey Karpov
 
PDF
How to Improve Visual C++ 2017 Libraries Using PVS-Studio
PVS-Studio
 
PPTX
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
Taeyeop Kim
 
PDF
The Little Unicorn That Could
PVS-Studio
 
PDF
Rechecking TortoiseSVN with the PVS-Studio Code Analyzer
Andrey Karpov
 
PDF
A fresh eye on Oracle VM VirtualBox
PVS-Studio
 
PDF
Why Windows 8 drivers are buggy
PVS-Studio
 
PDF
The First C# Project Analyzed
PVS-Studio
 
PDF
Errors that static code analysis does not find because it is not used
Andrey Karpov
 
PDF
Checking OpenCV with PVS-Studio
PVS-Studio
 
PDF
We Continue Exploring Tizen: C# Components Proved to be of High Quality
PVS-Studio
 
PDF
Comparing Functionalities of PVS-Studio and CppCat Static Code Analyzers
Andrey Karpov
 
PDF
We continue checking Microsoft projects: analysis of PowerShell
PVS-Studio
 
PDF
Documenting Bugs in Doxygen
PVS-Studio
 
PDF
Waiting for the Linux-version: Checking the Code of Inkscape Graphics Editor
PVS-Studio
 
PDF
PVS-Studio and Continuous Integration: TeamCity. Analysis of the Open RollerC...
Andrey Karpov
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Andrey Karpov
 
Checking Clang 11 with PVS-Studio
Andrey Karpov
 
PVS-Studio is ready to improve the code of Tizen operating system
Andrey Karpov
 
Date Processing Attracts Bugs or 77 Defects in Qt 6
Andrey Karpov
 
Checking the Qt 5 Framework
Andrey Karpov
 
How to Improve Visual C++ 2017 Libraries Using PVS-Studio
PVS-Studio
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
Taeyeop Kim
 
The Little Unicorn That Could
PVS-Studio
 
Rechecking TortoiseSVN with the PVS-Studio Code Analyzer
Andrey Karpov
 
A fresh eye on Oracle VM VirtualBox
PVS-Studio
 
Why Windows 8 drivers are buggy
PVS-Studio
 
The First C# Project Analyzed
PVS-Studio
 
Errors that static code analysis does not find because it is not used
Andrey Karpov
 
Checking OpenCV with PVS-Studio
PVS-Studio
 
We Continue Exploring Tizen: C# Components Proved to be of High Quality
PVS-Studio
 
Comparing Functionalities of PVS-Studio and CppCat Static Code Analyzers
Andrey Karpov
 
We continue checking Microsoft projects: analysis of PowerShell
PVS-Studio
 
Documenting Bugs in Doxygen
PVS-Studio
 
Waiting for the Linux-version: Checking the Code of Inkscape Graphics Editor
PVS-Studio
 
PVS-Studio and Continuous Integration: TeamCity. Analysis of the Open RollerC...
Andrey Karpov
 

Similar to PVS-Studio features overview (2020) (20)

PPTX
PVS-Studio in 2019
Andrey Karpov
 
PPTX
SAST, fight against potential vulnerabilities
Andrey Karpov
 
PPTX
Story of static code analyzer development
Andrey Karpov
 
PPTX
Static code analysis: what? how? why?
Andrey Karpov
 
PPTX
Detection of errors and potential vulnerabilities in C and C++ code using the...
Andrey Karpov
 
PDF
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
Ievgenii Katsan
 
PPTX
The Great and Mighty C++
Andrey Karpov
 
PDF
PVS-Studio for Linux Went on a Tour Around Disney
PVS-Studio
 
PDF
How to instantiate any view controller for free
BenotCaron
 
PPTX
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
Andrey Karpov
 
PDF
Technologies used in the PVS-Studio code analyzer for finding bugs and potent...
Andrey Karpov
 
PDF
"Ускорение сборки большого проекта на Objective-C + Swift" Иван Бондарь (Avito)
AvitoTech
 
PDF
Pragmatic Code Coverage
Alexandre (Shura) Iline
 
PDF
Portfolio2
Chris Worledge
 
PPTX
7++ Reasons to Move Your C++ Code to Visual Studio 2017
Microsoft Tech Community
 
PDF
Debug production server by counter
Roy Chung-Cheng Lou
 
PPTX
Azure SQL Database - Connectivity Best Practices
Jose Manuel Jurado Diaz
 
PDF
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
Andrey Karpov
 
PDF
Observability in a Dynamically Scheduled World
Sneha Inguva
 
PPTX
Shipping Code like a keptn: Continuous Delivery & Automated Operations on k8s
Andreas Grabner
 
PVS-Studio in 2019
Andrey Karpov
 
SAST, fight against potential vulnerabilities
Andrey Karpov
 
Story of static code analyzer development
Andrey Karpov
 
Static code analysis: what? how? why?
Andrey Karpov
 
Detection of errors and potential vulnerabilities in C and C++ code using the...
Andrey Karpov
 
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
Ievgenii Katsan
 
The Great and Mighty C++
Andrey Karpov
 
PVS-Studio for Linux Went on a Tour Around Disney
PVS-Studio
 
How to instantiate any view controller for free
BenotCaron
 
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
Andrey Karpov
 
Technologies used in the PVS-Studio code analyzer for finding bugs and potent...
Andrey Karpov
 
"Ускорение сборки большого проекта на Objective-C + Swift" Иван Бондарь (Avito)
AvitoTech
 
Pragmatic Code Coverage
Alexandre (Shura) Iline
 
Portfolio2
Chris Worledge
 
7++ Reasons to Move Your C++ Code to Visual Studio 2017
Microsoft Tech Community
 
Debug production server by counter
Roy Chung-Cheng Lou
 
Azure SQL Database - Connectivity Best Practices
Jose Manuel Jurado Diaz
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
Andrey Karpov
 
Observability in a Dynamically Scheduled World
Sneha Inguva
 
Shipping Code like a keptn: Continuous Delivery & Automated Operations on k8s
Andreas Grabner
 
Ad

More from Andrey Karpov (20)

PDF
60 антипаттернов для С++ программиста
Andrey Karpov
 
PDF
60 terrible tips for a C++ developer
Andrey Karpov
 
PPTX
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Andrey Karpov
 
PDF
PVS-Studio in 2021 - Error Examples
Andrey Karpov
 
PDF
PVS-Studio in 2021 - Feature Overview
Andrey Karpov
 
PDF
PVS-Studio в 2021 - Примеры ошибок
Andrey Karpov
 
PDF
PVS-Studio в 2021
Andrey Karpov
 
PPTX
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Andrey Karpov
 
PPTX
Best Bugs from Games: Fellow Programmers' Mistakes
Andrey Karpov
 
PPTX
Does static analysis need machine learning?
Andrey Karpov
 
PPTX
Typical errors in code on the example of C++, C#, and Java
Andrey Karpov
 
PPTX
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
Andrey Karpov
 
PPTX
Game Engine Code Quality: Is Everything Really That Bad?
Andrey Karpov
 
PPTX
C++ Code as Seen by a Hypercritical Reviewer
Andrey Karpov
 
PPTX
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
Andrey Karpov
 
PDF
Zero, one, two, Freddy's coming for you
Andrey Karpov
 
PDF
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
Andrey Karpov
 
PDF
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...
Andrey Karpov
 
PDF
PVS-Studio in the Clouds: CircleCI
Andrey Karpov
 
PDF
PVS-Studio in the Clouds: Azure DevOps
Andrey Karpov
 
60 антипаттернов для С++ программиста
Andrey Karpov
 
60 terrible tips for a C++ developer
Andrey Karpov
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Andrey Karpov
 
PVS-Studio in 2021 - Error Examples
Andrey Karpov
 
PVS-Studio in 2021 - Feature Overview
Andrey Karpov
 
PVS-Studio в 2021 - Примеры ошибок
Andrey Karpov
 
PVS-Studio в 2021
Andrey Karpov
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Andrey Karpov
 
Best Bugs from Games: Fellow Programmers' Mistakes
Andrey Karpov
 
Does static analysis need machine learning?
Andrey Karpov
 
Typical errors in code on the example of C++, C#, and Java
Andrey Karpov
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
Andrey Karpov
 
Game Engine Code Quality: Is Everything Really That Bad?
Andrey Karpov
 
C++ Code as Seen by a Hypercritical Reviewer
Andrey Karpov
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
Andrey Karpov
 
Zero, one, two, Freddy's coming for you
Andrey Karpov
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
Andrey Karpov
 
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...
Andrey Karpov
 
PVS-Studio in the Clouds: CircleCI
Andrey Karpov
 
PVS-Studio in the Clouds: Azure DevOps
Andrey Karpov
 
Ad

Recently uploaded (20)

PDF
Wondershare PDFelement Pro Crack for MacOS New Version Latest 2025
bashirkhan333g
 
PDF
Digger Solo: Semantic search and maps for your local files
seanpedersen96
 
PDF
HiHelloHR – Simplify HR Operations for Modern Workplaces
HiHelloHR
 
PDF
SAP Firmaya İade ABAB Kodları - ABAB ile yazılmıl hazır kod örneği
Salih Küçük
 
PPTX
In From the Cold: Open Source as Part of Mainstream Software Asset Management
Shane Coughlan
 
PPTX
Tally software_Introduction_Presentation
AditiBansal54083
 
PDF
The 5 Reasons for IT Maintenance - Arna Softech
Arna Softech
 
PPTX
Homogeneity of Variance Test Options IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
PDF
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
PPTX
Tally_Basic_Operations_Presentation.pptx
AditiBansal54083
 
PPTX
Migrating Millions of Users with Debezium, Apache Kafka, and an Acyclic Synch...
MD Sayem Ahmed
 
PDF
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
PDF
4K Video Downloader Plus Pro Crack for MacOS New Download 2025
bashirkhan333g
 
PDF
Generic or Specific? Making sensible software design decisions
Bert Jan Schrijver
 
PDF
Thread In Android-Mastering Concurrency for Responsive Apps.pdf
Nabin Dhakal
 
PDF
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
PDF
vMix Pro 28.0.0.42 Download vMix Registration key Bundle
kulindacore
 
PDF
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pdf
Varsha Nayak
 
PDF
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
PPTX
Change Common Properties in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
Wondershare PDFelement Pro Crack for MacOS New Version Latest 2025
bashirkhan333g
 
Digger Solo: Semantic search and maps for your local files
seanpedersen96
 
HiHelloHR – Simplify HR Operations for Modern Workplaces
HiHelloHR
 
SAP Firmaya İade ABAB Kodları - ABAB ile yazılmıl hazır kod örneği
Salih Küçük
 
In From the Cold: Open Source as Part of Mainstream Software Asset Management
Shane Coughlan
 
Tally software_Introduction_Presentation
AditiBansal54083
 
The 5 Reasons for IT Maintenance - Arna Softech
Arna Softech
 
Homogeneity of Variance Test Options IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
Tally_Basic_Operations_Presentation.pptx
AditiBansal54083
 
Migrating Millions of Users with Debezium, Apache Kafka, and an Acyclic Synch...
MD Sayem Ahmed
 
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
4K Video Downloader Plus Pro Crack for MacOS New Download 2025
bashirkhan333g
 
Generic or Specific? Making sensible software design decisions
Bert Jan Schrijver
 
Thread In Android-Mastering Concurrency for Responsive Apps.pdf
Nabin Dhakal
 
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
vMix Pro 28.0.0.42 Download vMix Registration key Bundle
kulindacore
 
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pdf
Varsha Nayak
 
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
Change Common Properties in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 

PVS-Studio features overview (2020)

  • 1. PVS-Studio features overview Windows, Linux, macOS C, C++, C#, Java Phillip Khandeliants [email protected]
  • 2. Speaker  Lead C++/C# developer in PVS- Studio team  Have been working in the company since 2016  Popularizing modern C++
  • 3.  Static code analyzers for C, C++, C++/CLI, C++/CX, C#, and Java on Windows, Linux and macOS;  Supported compilers (C/C++): MSVC, GCC, Clang, MingW, ARM GCC, ARM Clang, Keil ARM Compiler 5/6, IAR C/C++ Compiler for ARM, TI ARM CGT;  Plugins for Visual Studio 2010-2019, Rider, IntelliJ IDEA; PVS-Studio infrastructure
  • 4.  Compilation monitoring utility for performing analysis independently of the IDE or build system (C/C++ only);  Suppress files: ability to view warnings only on newly written code;  Incremental analysis: automatic analysis of changed files PVS-Studio infrastructure
  • 5.  Integration with TeamCity, Azure DevOps, Travis CI, CircleCI, GitLab CI/CD, Jenkins, SonarQube, etc.  PlogConverter utility to convert raw log to desirable format  BlameNotifier utility to distribute warnings by mail PVS-Studio infrastructure
  • 6.  C, C++ diagnostics : 510  C# diagnostics : 153  Java diagnostics : 82 By July 2020 we’ve implemented in PVS-Studio:
  • 7.  Copy-paste errors  Array index out of bounds  Buffer overrun  Memory/resource leaks  Invalid operator precedence  Dereferencing of nullable types  Dead/unreachable code  Use of uninitialized variables  Undefined/unspecified behavior  …. What can be detected?
  • 8. Great attention is paid to analyzer warnings:  Warnings classification is supported according to:  Common Weakness Enumeration (CWE)  SEI CERT C Coding Standard  SEI CERT C++ Coding Standard  MISRA C, MISRA C++  Detailed documentation in Russian and English:  Online  PDF
  • 10.  This error demonstrates greatly how DataFlow analysis works in PVS-Studio  This error was found using PVS-Studio in Chromium project (Protocol Buffers)  The analyzer issues two warnings:  V547 Expression 'time.month <= kDaysInMonth[time.month] + 1' is always true. time.cc 83  V547 Expression 'time.month <= kDaysInMonth[time.month]' is always true. time.cc 85 Data Flow analysis
  • 11. static const int kDaysInMonth[13] = { 0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; bool ValidateDateTime(const DateTime& time) { if (time.year < 1 || time.year > 9999 || time.month < 1 || time.month > 12 || time.day < 1 || time.day > 31 || time.hour < 0 || time.hour > 23 || time.minute < 0 || time.minute > 59 || time.second < 0 || time.second > 59) { return false; } if (time.month == 2 && IsLeapYear(time.year)) { return time.month <= kDaysInMonth[time.month] + 1; } else { return time.month <= kDaysInMonth[time.month]; } }
  • 12. static const int kDaysInMonth[13] = { 0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; bool ValidateDateTime(const DateTime& time) { if (time.year < 1 || time.year > 9999 || time.month < 1 || time.month > 12 || time.day < 1 || time.day > 31 || time.hour < 0 || time.hour > 23 || time.minute < 0 || time.minute > 59 || time.second < 0 || time.second > 59) { return false; } if (time.month == 2 && IsLeapYear(time.year)) { return time.month <= kDaysInMonth[time.month] + 1; } else { return time.month <= kDaysInMonth[time.month]; } }
  • 13. static const int kDaysInMonth[13] = { 0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; bool ValidateDateTime(const DateTime& time) { if (time.year < 1 || time.year > 9999 || time.month < 1 || time.month > 12 || time.day < 1 || time.day > 31 || time.hour < 0 || time.hour > 23 || time.minute < 0 || time.minute > 59 || time.second < 0 || time.second > 59) { return false; } if (time.month == 2 && IsLeapYear(time.year)) { return time.month <= kDaysInMonth[time.month] + 1; } else { return time.month <= kDaysInMonth[time.month]; } }
  • 14. static const int kDaysInMonth[13] = { 0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; bool ValidateDateTime(const DateTime& time) { if (time.year < 1 || time.year > 9999 || time.month < 1 || time.month > 12 || time.day < 1 || time.day > 31 || time.hour < 0 || time.hour > 23 || time.minute < 0 || time.minute > 59 || time.second < 0 || time.second > 59) { return false; } if (time.month == 2 && IsLeapYear(time.year)) { return time.month <= kDaysInMonth[time.month] + 1; } else { return time.month <= kDaysInMonth[time.month]; } } time.day
  • 15. int x0 = ....; int x1 = ....; int y0 = ....; int y1 = ....; assert(x0 <= x1 && "...."); assert(y0 <= y1 && "...."); assert((x1 - x0) == (y1 - y0) && "...."); assert(x0 >= 0 && x0 < int(some_value) && "...."); assert(x1 >= 0 && x1 < int(some_value) && "...."); // x1 >= 0 assert(y0 >= 0 && y0 < int(some_value) && "...."); // y0 >= 0 assert(y1 >= 0 && y1 < int(some_value) && "...."); // y1 >= 0 Symbolic execution V560 A part of conditional expression is always true. V560 A part of conditional expression is always true. V560 A part of conditional expression is always true.
  • 16. Method/class annotations Our team has annotated thousands of functions and classes, given in:  standard C library  standard С++ library  WinAPI  glibc (GNU C Library)  Qt  MFC  and so on
  • 17. void EnableFloatExceptions(....) { .... CONTEXT ctx; memset(&ctx, sizeof(ctx), 0); .... } Method/class annotations V575 The 'memset' function processes '0' elements. Inspect the third argument. crythreadutil_win32.h 294 This error was found using PVS-Studio in CryEngine V project
  • 18. static void FwdLockGlue_InitializeRoundKeys() { unsigned char keyEncryptionKey[KEY_SIZE]; .... memset(keyEncryptionKey, 0, KEY_SIZE); // Zero out key data. } Pattern-based matching analysis V597 CWE-14 The compiler could delete the 'memset' function call, which is used to flush 'keyEncryptionKey' buffer. The memset_s() function should be used to erase the private data. FwdLockGlue.c 102 This error was found using PVS-Studio in Android project
  • 20.  For VS2010-2019: just install plugin and check your solution!  For other cases you can capture compiler invocations and gather all needed information for the analysis Using PVS-Studio: quick start Windows:  C and C++ Compiler Monitoring UI tool Linux/macOS  pvs-studio-analyzer utility
  • 21. Using PVS-Studio: mass suppression  It can be difficult to start using static analysis in a large project  It’s not clear what to do with warnings in old code  We suggest a decision: hiding messages using suppress files
  • 22. Using PVS-Studio: suppressing of false positives  Various ways to suppress false positives in specific lines of code  Suppression of false positives in macros  Suppression of false positives using pvsconfig diagnostics configuration files
  • 23. Using PVS-Studio: excluding from analysis  Possibility to exclude files from analysis by their name, directory or mask  Interactive filtration of analysis results (log) in PVS-Studio window:  by diagnostic code and warning level  by the file name  by including the word in the text of a diagnostic
  • 24.  The most efficient way of fixing an error is to do it right after it appeared in code Using PVS-Studio: automatic analysis of files after their recompilation
  • 25. Using PVS-Studio: scalability  Support of multicore and multiprocessor systems with configuration of the number of utilized cores  IncrediBuild support
  • 26.  Running analysis from command line for checking the whole project  Saving and loading of analysis results  Using of relative paths in report files  Send mail notifications with BlameNotifier utility Using PVS-Studio: continuous integration
  • 27.  Convenient online reference on all diagnostics Using PVS-Studio: documentation
  • 28.  We developed a plugin for importing analysis results into SonarQube  Using of this plugin allows to add warnings found by PVS-Studio analyzer to the warnings base of SonarQube server Using PVS-Studio: SonarQube
  • 32.  Write to us: [email protected]  Subscribe:  Twitter: @Code_Analysis  RSS: http://feeds.feedburner.com/viva64-blog-en  Facebook: https://www.facebook.com/StaticCodeAnalyzer  Telegram: https://t.me/pvsstudio_en  Download PVS-Studio: https://www.viva64.com/download_cpp_on_sea/ Thank you for attention!

Editor's Notes

  • #2: Hello everybody, today I’d like to present you some feature overview of PVS-Studio static code analyzer
  • #3: My name is Phillip, I’m a lead C++/C# developer in PVS-Studio team and I’ve been working in the company since 2016
  • #4: So, what is PVS-Studio? PVS-Studio is a ecosystem that provides you static code analyzer for C, C++, C# and Java programming languages and utilities to make life with static code analyzer easier. PVS-Studio works on Windows, Linux and macOS platforms. I’ll focus more on C/C++ features. So, we support modern and famous compilers such as: MSVC, GCC, Clang - and several compiler for Embedded systems: ARM GCC/Clang, Keil, IAR, TI. We also have several plugins for modern IDEs for convenient work: Visual Studio 2010-2019, JetBrains Rider and IntelliJ IDEA.
  • #5: Compilation monitoring. We provide a tool that may help you to check your project with “exotic” build system (e.g. SCons, Bazel, etc). Suppress files. After you’ve checked your project, you may get tons of warnings on your legacy code. There is a solution – you push all your warnings in some file called suppress base, and in the next run you’ll get 0 warnings. Incremental analysis. If you modify some files in your project, you want only them to be checked as the compiler recompiles them. We have scenery for that. We call it incremental analysis.
  • #6: I think everybody would want to automate such process, like how we’re doing it with compilation, testing, etc. Of course, you can directly integrate PVS-Studio in CI-servers, such as Jenkins, TeamCity, etc. After analysis you get raw log and probably you want it to some format that suits you. E.g., HTML, QtCreator tasklist, errorlist (format of compilers output), etc. PlogConverter may help you with this. And finally BlameNotifier. If you get warnings after you’ve checked your project after commit, you may want to notify developers who made a mistake about this. BlameNotifier send mails corresponding to your VCS.
  • #7: By July 2020 we’ve implemented 510 diagnostic for C/C++, 153 for C# and 82 for Java. We’re continuously adding new rules.
  • #8: What type of errors can be detected? Here is a short list what our analyzer can detect: copy-paste errors, dereferencing of nullable types, undefined or unspecified behavior and so on. You can find full information about detectable errors from this QR-code.
  • #9: We pay great attention while implementing diagnostic rules. Many of them is classified according to Common Weakness Enumeration and CERT C/C++ Coding Standard. We’ve also implemented rules for MISRA C/C++ compliance. For each rule we provide detailed documentation from website or download a pdf. By the way, you can access docs from VS plugin too.
  • #10: We use several technologies to find bugs in source code.
  • #11: First is the data flow analysis. Let’s see how it can help to find bugs on a following code snippet from protobuf. PVS-Studio warns about two expressions that they’re always true.
  • #12: Here we have ValidateDateTime function that check for incorrect DateTime and static const array ‘kDaysInMonth’ that contains the number of days per month. The first element is extra element for convenient access to array: we’ll use indexes [1..12]. Let’s look at the first if statement.
  • #13: Data flow analysis knows if ‘time.month’ field isn’t in the range [1..12], execution of the function will stop.
  • #14: Now let’s look at the second ‘if’ statement. If ‘time.month’ is two (it’s February) and the year is leap, we return the result of comparison ‘time.month <= kDaysInMonth[time.month] + 1’. ‘2 <= 29’ – this is always true. If you look at ‘else’ branch, expression in return statement is always true too, now we compare two range: lhs – [1..12] and rhs – [28..31].
  • #15: It’s needed to compare ‘time.day’ field.
  • #16: Next technology is Symbolic execution. It helps when we don’t know we exact value of variables. Look at this example. Here PVS-Studio tells that 3 lash subconditions is always true. Let’s find out why/ First two asserts set relation between pairs of variables [x0, x1] and [y0; y1]. So, we know that x1 may be equal to or greater than x0, absolutely the same with y0 and y1. Third assert sets that differences between pairs of values are equal. And now fourth assert. If x0 is non-negative, then x1 is non-negative too because of the first assert. So, the part of condition in the fifth assert is always true. If x0 and x1 are both non-negative, their subtraction is non-negative too. This means that y0 and y1 are non-negative too. So, parts of the last two assert are always true.
  • #17: Next technology is method/class annotations. We know a behavior of many functions from different libraries and this helps to find interesting bugs.
  • #18: For example, in CryEngine V we have function EnableFloatExceptions. We want to zeroize the ‘ctx’ variable. But the second and the third function parameters were mixed up, and now memset will do nothing.
  • #19: And the last thing we use in our analyzer is ‘pattern-based’ matching. We’re looking for code patterns that lead to bugs in the parse tree. This isn’t regular expression search. For example, there is a errorneous pattern when we want to zeroize some private data in an array. Most often this is done by calling the ‘memset’ function. But modern compilers can optimize this call out. We can fix that by calling safe methods, such as memset_s from C11.
  • #20: So, how to start using PVS-Studio in your project?
  • #21: As I mentioned earlier, if you have VS project, you can install plugin and easily check your project in one click. If you have project that isn’t VS- or Cmake-based, you can check it with C and C++ Compiler Monitoring UI or pvs-studio-analyzer tools. It captures compiler invocations to get information about your project and then start analysis on files that were compiled. If you want to get more information – you can follow the link in QR codes.
  • #22: Ok, but your project is too old and you have legacy. When you’ve checked your project, you get tons of warnings and you want to get rid of them. We have a solution – suppress base: you push all your warnings to some files and in the next run of the analysis you will get 0 warnings. This makes possible to integrate a static code analyzer into a project of any size. You will get warnings only on fresh code. You can return to your technical debt later and fix these warnings. Follow the link in QR code to get more information.
  • #23: There are several ways to mark some warnings that false positive for you. For example, static code analyzer warns you about some code that was expanded from a macro. You can mark this macro and analyzer won’t warn you about this code anymore. You can add these mark directly to your code or special pvsconfig-file. Follow the link in QR code to get more information.
  • #24: What if you have some third-party libraries and you don’t want to get messages from these projects. Of course It’s possible to exclude these projects from analysis by specifying some name of the file, directory or wildcard pattern. Another thing that we provide interactive filtration of warnings in PVS-Studio output window in VS plugin. You can filter messages by the level of the warning, type of the warning, filename, text in the message.
  • #25: If you change only one file, you may want to analyze only modified file. This may be done by incremental analysis.
  • #26: PVS-Studio may analyze up to “the number of logical cores” files simultaneously. This may dramatically reduce the analysis time. If this isn’t enough, you can try PVS-Studio together with IncrediBuild. IncrediBuild may distribute analysis on several machines.
  • #27: Until this moment, I meant that analysis is performed on developer machine. But what if we want to analyze project on continuous integration server on each commit / PR? PVS-Studio can be directly integrated in CI-servers and can perform analysis on commit / PR / night build. If there is some warning in analysis report, you can notify developers about this problem with help of BlameNotifier tool. If you want to get more information – you can follow the link in QR codes.
  • #28: For each our diagnostic rule we provide documentation with the description what is wrong and how to fix it. You can access this documentation on our website or download pdf. If you use VS plugin, you can open the documentation for diagnostic rule in VS itself – just click on the warning number in PVS-Studio output windows. On the screen you can see how it looks.
  • #29: Many our customers were interested in importing analysis results into SonarQube. SonarQube is a platform for continuous code inspection of projects. We developed a plugin for SonarQube that can do that. If you want to get more information – you can follow the link in QR codes.
  • #30: Here you can see all imported diagnostic rules from PVS-Studio into SonarQube.
  • #31: This is how it looks as a result.
  • #32: If you don’t have SonarQube, but you want to review warnings with source code in CI-server, you can convert analysis report into FullHTML format. This format looks like output from Clang SA. You click a location link in the “Location column” for the warning, and it opens a source code in HTML and scrolls to the interested line. This FullHTML report then can be published on CI-server.
  • #33: That’s all for now. Thank you for you attention! If you have questions, I’m ready to answer them.