PVS-Studio 7.25 release

Transcript

1. PVS-Studio 7.25 Support for latest versions of Qt Creator, Rider,

   and more PVS-Studio LLC pvs-studio.com

2. ▪ Supported Qt Creator 10 and Rider 2022.2.3+ ▪ Updated

   dependencies: MSBuild and Roslyn ▪ Sped up analysis on the 12th gen Intel processors ▪ Introduced new features for the analysis and diagnostic configuration files (pvsconfig) ▪ Documentation and diagnostics ▪ A fun quiz on Java (C++ and C# quizzes are also available) What we did in PVS-Studio 7.25 2

3. Features 3

4. ▪ We are happy to announce that the PVS-Studio plugin

   for Qt Creator 10 is now officially available! You can read more about it here. ▪ The PVS-Studio plugin for Rider also got an update: now you can use the analyzer in Rider 2022.2.3 and higher. Qt Creator and Rider 4

5. ▪ Usually, we update the analyzer dependencies after a new

   .NET version is released. This approach makes it possible to analyze C# projects that use the new SDK and the new language syntax. Another positive thing is the overall improvement of the Roslyn and MSBuild libraries used by the analyzer. ▪ This time we updated the dependencies in advance. This fixed the error occurring in projects that use attributes for code generation: “Can't get compilation for project: NameOfProject. You may have experienced an error due to the use of attributes for automatic code generation. Please contact our support team (https://pvs-studio.com/en/about-feedback).” ▪ If you get this error, please download the new version of the analyzer. MSBuild and Roslyn 5

6. ▪ When checking C++ projects that use MSBuild, PVS-Studio did

   not use the full power of Intel's 12th generation processors (for example, i7-12700, i9-12900). ▪ In the new version of PVS-Studio, the error has been fixed. Now the analyzer fully loads the processors and works much faster. Faster analysis on the 12th gen Intel processors 6

7. 7 New features for the analysis and diagnostic configuration files

   (pvsconfig) ▪ You can enable only specific diagnostic via pvsconfig files. ▪ You can specify the loading priority of conflicting pvsconfig files: for example, you can enable or disable individual diagnostics (C++ only). ▪ You can ignore global settings from Settings.xml (only when working via Visual Studio or PVS-Studio_Cmd.exe). ▪ Find the details in the documentation.

8. Documentation and diagnostics 8

9. Documentation 9 Document Status Documentation on analysis in commit and

   branch merge modes (pull/merge requests) Rewritten AppVeyor documentation Got a new dedicated page Buddy documentation Got a new dedicated page Documentation for integrating analysis results into SonarQube Enhanced, includes new sections on how to make the PVS-Studio C# analyzer work with SonarQube on Linux and macOS

10. C, C++ ▪ V837. The 'emplace' / 'insert' function does

    not guarantee that arguments will not be copied or moved if there is no insertion. Consider using the 'try_emplace' function. ▪ V1098. The 'emplace' / 'insert' function call contains potentially dangerous move operation. Moved object can be destroyed even if there is no insertion. ▪ V1099. Using the function of uninitialized derived class while initializing the base class will lead to undefined behavior. ▪ V2020. The loop body contains the 'break;' / 'continue;' statement. This may complicate the control flow. C# ▪ V3190. Concurrent modification of a variable may lead to errors. ▪ V4001. Unity Engine. Boxing inside a frequently called method may decrease performance. Diagnostics 10

11. Other 11

12. Spot an error in the Java code 12 In this

    release, the PVS-Studio team has prepared for you a new challenge on finding errors in the code. This time it is dedicated to Java. You can find the challenge here. I'm sure you will flawlessly complete it :). By the way, similar challenges on C++ and C# are available here, and here respectively. Dig in!

13. For C++ programmers: ▪ 60 terrible tips for a C++

    developer ▪ GPT-3 detected 213 Security Vulnerabilities... Or it did not For C# programmers: ▪ XSS vulnerability in the ASP.NET application: examining CVE-2023-24322 in mojoPortal CMS ▪ RavenDB and PVS-Studio: win-win collaboration ▪ BTCPay Server: top 10 bugs in Bitcoin payment processor code ▪ Top 10 C# conference talks 2019–2022 ▪ NullReferenceException in C#. What is it and how to fix it? Articles 13 Miscellaneous: ▪ How static analysis works ▪ Do developers dream of secure apps? ▪ 5 reasons why static analysis is important for business ▪ Can code review be automated? ▪ SAST vs DAST

14. Download 14 ▪ You can download the latest version of

    PVS-Studio here. ▪ If you'd like to receive press releases by email, subscribe to PVS-Studio newsletter.

15. Thank you! 15 This presentation is a short overview of

    the new PVS-Studio 7.25 release. For more information on the new features, please visit the PVS-Studio website for the detailed press-release article. pvs-studio.com