PVS-Studio 7.41: MISRA C 2023, enhanced Unreal Engine integration, new logging system, and much more

Source: Dev.to

PVS‑Studio 7.41 has been released, bringing a range of improvements for Unreal Engine, MISRA C 2023 support, the IntelliJ IDEA plugin, and more.

MISRA C 2023 Support

• The analyzer now covers 86 % of the MISRA C 2023 standard.
• Further expansion of MISRA C++ 2023 coverage is planned for upcoming releases.
• More information is available on the official MISRA C 2023 page.

Unreal Engine Integration

• Diagnostic capabilities for Unreal Engine projects have been enhanced.
• Fixed issues in the V557 rule when working with engine containers.
• Resolved a parsing problem with the final specifier in virtual functions.
• See the documentation for details on using PVS‑Studio with Unreal Engine.

C# Analyzer Enhancements

• Taint analysis now supports JSON user annotations for async functions, including async methods in standard library classes.
• The user‑annotation mechanism (introduced in PVS‑Studio 7.33) allows additional context via a JSON file.
• Documentation provides guidance on configuring and using these annotations.

New Utility: pvs-fp-cleaner

• A new tool included in the distribution removes redundant false‑alarm markers (comments that suppress diagnostics) automatically.
• This eliminates the need for a manual review of the entire codebase.
• Refer to the documentation for usage instructions.

New Logging System

• Introduced a logging system to collect information about issues encountered during analysis, simplifying technical support.
• The first stage adds extended logging for the C and C++ cross‑platform analyzer.
• Future releases will extend logging to the MSBuild‑based C++ and C# analyzers.
• Documentation contains further details.

IDE Plugin Updates

• The IntelliJ IDEA plugin now can export analyzer reports to CSV and display relative paths.
• Fixed a slowdown that occurred when opening documentation.
• Additional information on the plugin is available in the documentation.

Compatibility and Diagnostic Changes

These changes are not backward compatible with earlier analyzer versions; adjustments may be required.

• Analyzer output now follows a consistent CSV format across all platforms.
• The CSV converter‑generated reports have been updated.
• The message for diagnostic rule V2609 has changed; previously suppressed warnings may reappear.

Updated MISRA‑related diagnostics

• V2667 – The value of an expression and its persistent side effects must be the same under all permitted evaluation orders and independent of thread interleaving.
• V2668 – Macro parameter immediately followed by # should not be immediately followed by ##.
• V2669 – Tokens that look like a preprocessing directive should not occur within a macro argument.
• V2670 – Thread objects, synchronization objects, and thread‑specific storage pointers should only be accessed via the appropriate Standard Library functions.
• V2671 – Pointers returned by localeconv, getenv, setlocale, or strerror should be treated as pointing to const‑qualified data.
• V2672 – Subtraction between pointers should only be applied to pointers that address elements of the same array.

Other diagnostic updates

• V3230 – Comparison with typeof(Nullable) is meaningless; calling GetType() on a nullable variable never returns Nullable.
• V5339 – OWASP: Potential RCE vulnerability – insecure GraalVM context used to process potentially tainted data.
• V5340 – OWASP: Code contains invisible characters that may alter its logic; consider enabling the display of invisible characters in the editor.