PVS-Studio

[saso]

New report from the early may build 0.19.16720 is available now

[saso]

Not directly related to PVS-Studio but still on a similar topic and maybe something good to know for the development in the future...

Use constexpr for faster, smaller, and safer code
https://blog.trailofbits.com/2019/06/27 ... afer-code/

[saso]

New report from build 0.19.17300 has been created...

[saso]

New report from build 0.19.18227 has been created...

[saso]

New report from build 0.19.21984 has been created...

[saso]

New report from build 0.19.22366 has been created...

[saso]

I am sharing my current build recipe for the PVS-Studio build on Ubuntu 16.04. Mostly it is basically just a normal build with a few commands to set up and run the scanner. I will continue to make the builds as I did in the past, so this is mostly for the purpose if it can maybe be of some use and help for some other projects... Check also https://www.viva64.com/en/m/

sudo add-apt-repository ppa:freecad-maintainers/freecad-daily

sudo apt-get update -qq

sudo apt-get install -y libboost-date-time-dev libboost-dev libboost-filesystem-dev libboost-graph-dev libboost-iostreams-dev libboost-program-options-dev libboost-regex-dev libboost-serialization-dev libboost-signals-dev libboost-thread-dev libboost-python-dev libcoin-dev libdouble-conversion-dev liblz4-dev libglew-dev libopencv-dev libeigen3-dev libgts-bin libgts-dev libkdtree++-dev libmedc-dev libmetis-dev libocct-data-exchange-dev libocct-ocaf-dev libocct-visualization-dev libproj-dev libpyside-dev libqt4-dev libqt4-opengl-dev libqtwebkit-dev libshiboken-dev libspnav-dev libvtk6-dev libx11-dev libxerces-c-dev libzipios++-dev lsb-release netgen netgen-headers occt-draw pybind11-dev pyside-tools python3-pyside.qtcore python3-pyside.qtgui python3-pyside.qtsvg python3-pyside.qtuitools python3-pyside.qtxml python3-dev python3-ply swig doxygen

sudo apt-get install -y git curl cmake

sudo apt-get clean

git clone --depth=1600 --branch=master https://github.com/FreeCAD/FreeCAD.git FreeCAD

cd FreeCAD/

git checkout

mkdir build

cd build

cmake -DBUILD_FEM_NETGEN=ON -DFREECAD_USE_PYBIND11=ON ../

cd ..

cd ..

download and unpack pvs-studio from https://www.viva64.com/en/pvs-studio-download/

export PATH=$PATH:/home/user/pvs-studio/bin

echo $PATH

cd FreeCAD/build/

make clean

pvs-studio-analyzer trace -- make -j2

pvs-studio-analyzer analyze -o ./freecad.log -l pvs.lic -j2

plog-converter -m cwe -t fullhtml -d V1042 freecad.log -o ./report

plog-converter -m cwe -t sarif -d V1042 freecad.log -o freecad.sarif

[saso]

New report from build 0.19.23754 has been created, I had some issues with the PVS scanner this time so it's a bit late...

[chennes]

Is it possible to exclude generated and 3rd-party code from this analysis? Or is it better to just write a script that strips it out afterwards?

[saso]

Is it possible to exclude generated and 3rd-party code from this analysis? Or is it better to just write a script that strips it out afterwards?

This is the known issue here yes, while we use the online apps to manage Coverity and LGTM reports, this (and the manual builds of the CodeQL/LGTM C++ reports) are sort of just raw scan logs. This is why I am exporting them in to several formats, some have preferred the csv because one can use some scripts to parse them or just sort/delete in an spreadsheet/excel. The PVS html and LGTM sarif reports are on the other hand nice because they pack the source code with it... Maybe I can look a bit for some different options for the future.