PVS-Studio 7.33: C# user annotations, SN-DBS support, and more

Unicorn Developer
4 min readOct 15, 2024

--

PVS-Studio 7.33 has been released. Check out the latest features, including SN-DBS support, C# user annotations, and other exciting updates! See more details in this note.

You can download the latest PVS-Studio version here.

PVS-Studio and Unreal Engine

  • To enhance the integration of PVS-Studio with Unreal Engine, we’ve introduced support for SN-DBS, a distributed build system. These changes apply to Unreal Engine 5.5. Learn more about using PVS-Studio with Unreal Engine in the documentation.
  • The C++ analyzer now generates fewer false positives when analyzing Unreal Engine projects. The processing of __builtin_expect built-in functions implemented in the compiler has been standardized, and the way explicit casting to bool is processed has been enhanced. This improves the analysis of check functions implemented through the DO_CHECK macro in Unreal Engine projects.

Memory consumption

The C++ analyzer memory consumption has been reduced for analyzing template instantiation and the initialization of multiple global variables containing string literals.

User annotations

PVS-Studio C# analyzer now supports user annotations for functions and types in JSON format, as it is already possible in PVS-Studio C++ analyzer. For more details on user annotations, please consult the documentation.

The PVS-Studio user annotation mechanism for functions and types now treats the //V_PVS_ANNOTATIONS $path comment for enabling user annotations as deprecated. The following comment should be used instead: //V_PVS_ANNOTATIONS, language: $lang, path: $path.

A new field in the PVS-Studio C++ analyzer report

A new field, analyzedSourceFiles, has been added into the JSON format of the PVS-Studio C++ analyzer report. This field stores additional information about the translation unit where the diagnostic rule is triggered, which is useful when header files contain a potential error.

Breaking changes

These changes are not backward compatible with earlier versions of the analyzer. You may need to adjust the way you use the analyzer due to these changes.

  • The versions of analyzer report formats, .json and .plog, have been updated to versions 3 and 9 respectively For C# projects with several target frameworks, the framework name will no longer be appended to the project name.
  • The JSON schema version of PVS-Studio user annotations for functions and types has been updated to version 2. A new language entity has been added to the schema. It enables the use of user annotations directly in the analyzer for the specific language. Additionally, the id field value has also been modified.
  • The minimum supported versions of JetBrains IDEs — IDEA, CLion, and Rider — have been updated to 2022.2.
  • Path resolution has been updated in the PVS-Studio plugin for the Gradle build system Relative paths from the configuration are now resolved relative to the project directory instead of the gradle daemon directory.
  • It is no longer possible to convert PVS-Studio report to Visual Studio Code specific SARIF format utilized by the SARIF Viewer extension using the plog converter utilities Users can convert the analyzer report to the standard-compliant SARIF format.

New diagnostic rules:

C, C++:

  • V1113. Potential resource leak. Calling the ‘memset’ function will change the pointer itself, not the allocated resource. Check the first and third arguments.
  • V1114. Suspicious use of ‘dynamic_cast’ when working with COM interfaces. Consider using the ‘QueryInterface’ member function.
  • V1115. Function annotated with the ‘pure’ attribute has side effects.

C#:

  • V3204. The expression is always false due to implicit type conversion. Overflow check is incorrect.
  • V3205. Unity Engine. Improper creation of ‘MonoBehaviour’ or ‘ScriptableObject’ object using the ‘new’ operator. Use the special object creation method instead.
  • V3206. Unity Engine. A direct call to the coroutine-like method will not start it. Use the ‘StartCoroutine’ method instead.
  • V4006. Unity Engine. Multiple operations between complex and numeric values. Prioritizing operations between numeric values can optimize execution time.

Java:

  • V6118. The original exception object was swallowed. Cause of original exception could be lost.
  • V6119. The result of ‘&’ operator is always ‘0’.
  • V6120. The result of the ‘&’ operator is ‘0’ because one of the operands is ‘0’.
  • V6121. Return value is not always used. Consider inspecting the ‘foo’ method.
  • V6122. The ‘Y’ (week year) pattern is used for date formatting. Check whether the ‘y’ (year) pattern was intended instead.

Articles

For those, who code in C++:

For those, who code in C#:

For those, who code in Java:

Other articles:

Video tutorials

The latest video tutorials provide a step-by-step guide to using PVS-Studio in both Visual Studio and SonarQube.

Do you want to check a project with PVS-Studio? Then start from this page.

If you would like to get news on latest releases, subscribe to the PVS-Studio newsletter here.

--

--

Unicorn Developer
Unicorn Developer

Written by Unicorn Developer

The developer, the debugger, the unicorn. I know all about static analysis and how to find bugs and errors in C, C++, C#, and Java source code.

No responses yet