Introducing PVS-Studio Static Analyzer for Java
Over the years, the PVS-Studio team has been developing the static analyzer of the same name. At the moment, the analyzer is a complex software solution and provides the ability to analyze programming languages ββsuch as C, C ++, C # and Java on the Windows, Linux and macOS platforms. More recently, Java has been added to a number of supported programming languages. If the PVS-Studio analyzer has already established itself among C ++ and C # developers for many years, then PVS-Studio is still a newbie for the Java audience. Many did not even hear about the analyzer, and whoever heard it knew little about all of its capabilities. Therefore, in this article I would like to introduce you to PVS-Studio Java, talk about launch methods and its capabilities.
PVS-Studio Java static code analyzer consists of two main parts: the kernel that performs analysis, and plug-ins for integration into assembly systems (Gradle, Maven) and IDE (IntelliJ IDEA).
Plugins receive the project structure (sets of source files and classpath), after which they transfer this information to the kernel. In addition, plugins are responsible for deploying the kernel for analysis - it will be automatically downloaded on first launch.
It is also possible to run the analyzer directly by listing the sources and classpath.
Analysis can be performed if your computer meets the following system requirements:
If the project you are working on is based on the Maven build system, you can use the pvsstudio-maven-plugin plugin. To do this, add the following to the project pom.xml file:
Before starting the analysis, you must enter the license data:
After that, the license information will be saved in % APPDATA% / PVS-Studio-Java / PVS-Studio.lic on Windows or ~ / .config / PVS-Studio-Java / PVS-Studio.lic on macOS and Linux.
After that, you can run the analysis:
In the <analyzer> block, you can configure the analyzer. A list of all the settings can be found here .
If the project you are working on is based on the Gradle build system, you can use the pvsstudio-gradle-plugin plugin. To do this, add the following to the project build.gradle file:
Before starting the analysis, you must enter the license data:
After that, the license information, as well as with the Maven plugin, will be saved in % APPDATA% / PVS-Studio-Java / PVS-Studio.lic on Windows OS or in ~ / .config / PVS-Studio-Java / PVS- Studio.lic on macOS and Linux.
After that, you can run the analysis:
In the pvsstudio block, you can configure the analyzer. A list of all the settings can be found here .
PVS-Studio Java analyzer can also be used as a plug-in for IntelliJ IDEA. In this case, the analysis of the project structure is carried out by means of this IDE, and the plug-in provides a convenient graphical interface for working with the analyzer.
PVS-Studio plugin for IDEA can be installed from:
After you have installed the plugin, you must enter the license data:
1) Analyze β PVS-Studio β Settings
2) Registration tab:
Now you can start the analysis of the current project:
PVS-Studio analyzer is focused on development teams and is essentially a proprietary B2B product. To familiarize yourself with the capabilities of the analyzer, you can request a trial key .
If you are developing open source projects, or, for example, being a student, then you can use one of the free licensing options of PVS-Studio.
To combat false positives, the analyzer provides a set of different mechanisms:
1. Using special comments in the code:
2. Using the suppress file .
3. Using @SuppressWarnings annotations (....)
The analyzer is aware of some annotations and may not generate warnings on code that has already been marked up. For example:
What we have just examined is only a small part of what could be told. For example, there is the possibility of integration with SonarQube and so on. PVS-Studio Java is a young area that is actively developing:
To fully explore the existing capabilities of the analyzer and not to miss the appearance of new ones in the future, read the PVS-Studio blog .
If you want to share this article with an English-speaking audience, then please use the link to the translation: Maxim Stefanov. Get to Know the PVS-Studio Static Analyzer for Java
General information
PVS-Studio Java static code analyzer consists of two main parts: the kernel that performs analysis, and plug-ins for integration into assembly systems (Gradle, Maven) and IDE (IntelliJ IDEA).
Plugins receive the project structure (sets of source files and classpath), after which they transfer this information to the kernel. In addition, plugins are responsible for deploying the kernel for analysis - it will be automatically downloaded on first launch.
It is also possible to run the analyzer directly by listing the sources and classpath.
Analysis can be performed if your computer meets the following system requirements:
- Operating System: Windows, Linux, macOS;
- Minimum version of Java to run the analyzer: Java 8 (64-bit). Note: the analyzed project can use any version of Java;
- The minimum version of IntelliJ IDEA is 2017.2.
Plugin for Maven
If the project you are working on is based on the Maven build system, you can use the pvsstudio-maven-plugin plugin. To do this, add the following to the project pom.xml file:
<pluginRepositories> <pluginRepository> <id>pvsstudio-maven-repo</id> <url>http://files.viva64.com/java/pvsstudio-maven-repository/</url> </pluginRepository> </pluginRepositories> <build> <plugins> <plugin> <groupId>com.pvsstudio</groupId> <artifactId>pvsstudio-maven-plugin</artifactId> <version>{VERSION_PVS_JAVA}</version> <configuration> <analyzer> <outputType>text</outputType> <outputFile>path/to/output.txt</outputFile> .... </analyzer> </configuration> </plugin> </plugins> </build>
Before starting the analysis, you must enter the license data:
mvn pvsstudio:pvsCredentials "-Dpvsstudio.username=USR" "-Dpvsstudio.serial=KEY"
After that, the license information will be saved in % APPDATA% / PVS-Studio-Java / PVS-Studio.lic on Windows or ~ / .config / PVS-Studio-Java / PVS-Studio.lic on macOS and Linux.
After that, you can run the analysis:
$ mvn pvsstudio:pvsAnalyze
In the <analyzer> block, you can configure the analyzer. A list of all the settings can be found here .
Plugin for gradle
If the project you are working on is based on the Gradle build system, you can use the pvsstudio-gradle-plugin plugin. To do this, add the following to the project build.gradle file:
buildscript { repositories { mavenCentral() maven { url uri('http://files.viva64.com/java/pvsstudio-maven-repository/') } } dependencies { classpath group: 'com.pvsstudio', name: 'pvsstudio-gradle-plugin', version: '{VERSION_PVS_JAVA}' } }
apply plugin: com.pvsstudio.PvsStudioGradlePlugin pvsstudio { outputType = 'text' outputFile = 'path/to/output.txt' .... }
Before starting the analysis, you must enter the license data:
./gradlew pvsCredentials "-Ppvsstudio.username=USR" "-Ppvsstudio.serial=KEY"
After that, the license information, as well as with the Maven plugin, will be saved in % APPDATA% / PVS-Studio-Java / PVS-Studio.lic on Windows OS or in ~ / .config / PVS-Studio-Java / PVS- Studio.lic on macOS and Linux.
After that, you can run the analysis:
$ ./gradlew pvsAnalyze
In the pvsstudio block, you can configure the analyzer. A list of all the settings can be found here .
Plugin for IntelliJ IDEA
PVS-Studio Java analyzer can also be used as a plug-in for IntelliJ IDEA. In this case, the analysis of the project structure is carried out by means of this IDE, and the plug-in provides a convenient graphical interface for working with the analyzer.
PVS-Studio plugin for IDEA can be installed from:
- The official JetBrains plugin repository
- from the repository on viva64.com;
- via the PVS-Studio for Windows installer, available on the download page .
After you have installed the plugin, you must enter the license data:
1) Analyze β PVS-Studio β Settings
2) Registration tab:
Now you can start the analysis of the current project:
Licensing
PVS-Studio analyzer is focused on development teams and is essentially a proprietary B2B product. To familiarize yourself with the capabilities of the analyzer, you can request a trial key .
If you are developing open source projects, or, for example, being a student, then you can use one of the free licensing options of PVS-Studio.
Suppression of false warnings
To combat false positives, the analyzer provides a set of different mechanisms:
1. Using special comments in the code:
void f() { int x = 01000; //-V6061 }
2. Using the suppress file .
3. Using @SuppressWarnings annotations (....)
The analyzer is aware of some annotations and may not generate warnings on code that has already been marked up. For example:
@SuppressWarnings("OctalInteger") void f() { int x = 01000; }
Conclusion
What we have just examined is only a small part of what could be told. For example, there is the possibility of integration with SonarQube and so on. PVS-Studio Java is a young area that is actively developing:
- new functionality is added
- expanding opportunities
- diagnostic rules are added and improved,
- and much more.
To fully explore the existing capabilities of the analyzer and not to miss the appearance of new ones in the future, read the PVS-Studio blog .
If you want to share this article with an English-speaking audience, then please use the link to the translation: Maxim Stefanov. Get to Know the PVS-Studio Static Analyzer for Java
All Articles