pvs-stdio ue4_了解适用于Java的PVS-Studio静态分析器

最新推荐文章于 2024-02-29 15:34:23 发布

cullen2012

最新推荐文章于 2024-02-29 15:34:23 发布

阅读量274

点赞数

文章标签： java linux 大数据 python android

原文链接：https://habr.com/en/company/pvs-studio/blog/462267/

版权

pvs-stdio ue4

总览 (Overview)

The PVS-Studio Java static code analyzer consists of 2 main parts: the kernel, which performs the analysis, and plugins for integration in build systems (Gradle, Maven) and IDE (IntelliJ IDEA).

PVS-Studio Java静态代码分析器包括2个主要部分：内核(用于执行分析)以及用于集成到构建系统(Gradle，Maven)和IDE(IntelliJ IDEA)中的插件。

Plugins get project structure (a collection of source files and classpath), then pass this information to the analyzer core. In addition, plugins are responsible for deploying the core for analysis — it will be automatically loaded at the first run.

插件获取项目结构(源文件和类路径的集合)，然后将此信息传递给分析器核心。此外，插件负责部署核心以进行分析-它将在首次运行时自动加载。

It's also possible to run the analyzer directly, listing the sources and classpath.

也可以直接运行分析器，列出源和类路径。

Analysis can be done if your computer meets the following system requirements:

如果您的计算机满足以下系统要求，则可以进行分析：

Operating system: Windows, Linux, macOS;

操作系统：Windows，Linux，macOS；

Minimum required Java version to run the analyzer with: Java 8 (64-bit). Note: A project being analyzed could use any Java version;

运行分析仪所需的最低Java版本：Java 8(64位)。注意：被分析的项目可以使用任何Java版本。

Minimum version of IntelliJ IDEA: 2017.2.

最低版本的IntelliJ IDEA：2017.2。

Maven插件 (Plugin for Maven)

If the project you're working on is based on the Maven build system, you can use the plugin pvsstudio-maven-plugin. To do this, you need to add the following to the pom.xml file:

如果您正在处理的项目基于Maven构建系统，则可以使用插件pvsstudio-maven-plugin。为此，您需要将以下内容添加到pom.xml文件中：

<pluginRepositories>
  <pluginRepository>
    <id>pvsstudio-maven-repo</id>
    <url>http://files.viva64.com/java/pvsstudio-maven-repository/</url>
  </pluginRepository>
</pluginRepositories>

<build>
  <plugins>
    <plugin>
      <groupId>com.pvsstudio</groupId>
      <artifactId>pvsstudio-maven-plugin</artifactId>
      <version>{VERSION_PVS_JAVA}</version>
      <configuration>
        <analyzer>
          <outputType>text</outputType>
          <outputFile>path/to/output.txt</outputFile>
          ....
        </analyzer>
      </configuration>
    </plugin>
  </plugins>
</build>

Before running the analysis you need to enter the license data:

在运行分析之前，您需要输入许可证数据：

mvn pvsstudio:pvsCredentials "-Dpvsstudio.username=USR" "-Dpvsstudio.serial=KEY"

After that, the license information will be saved in %APPDATA%/PVS-Studio-Java/PVS-Studio.lic on Windows or in ~/.config/PVS-Studio-Java/PVS-Studio.lic on macOS and Linux.

之后，许可证信息将保存在Windows上的％APPDATA％/ PVS-Studio-Java / PVS-Studio.lic或macOS和Linux上的〜/ .config / PVS-Studio-Java / PVS-Studio.lic中 。

After that you can run the analysis:

之后，您可以运行分析：

$ mvn pvsstudio:pvsAnalyze

In the block <analyzer> you can configure the analyzer. A list of all the settings can be found here.

在块<analyzer>中 ，可以配置分析仪。可以在此处找到所有设置的列表。

Gradle插件 (Plugin for Gradle)

If the project you're working on is based on the Gradle build system, you can use the plugin pvsstudio-gradle-plugin. To do this, you need to add the following in the build.gradle file:

如果您正在处理的项目基于Gradle构建系统，则可以使用插件pvsstudio-gradle-plugin。为此，您需要在build.gradle文件中添加以下内容：

buildscript {
  repositories {
    mavenCentral()
    maven {
      url uri('http://files.viva64.com/java/pvsstudio-maven-repository/')
    }
  }
  dependencies {
    classpath group: 'com.pvsstudio',
              name: 'pvsstudio-gradle-plugin',
              version: '{VERSION_PVS_JAVA}'
  }
}

apply plugin: com.pvsstudio.PvsStudioGradlePlugin
pvsstudio {
  outputType = 'text'
  outputFile = 'path/to/output.txt'
  ....
}

Before running the analysis you need to enter the license data:

在运行分析之前，您需要输入许可证数据：

./gradlew pvsCredentials "-Ppvsstudio.username=USR" "-Ppvsstudio.serial=KEY"

After that, the license information will be saved in % APPDATA%/PVS-Studio-Java/PVS-Studio.lic on Windows OS or in ~/.config/PVS-Studio-Java/PVS-Studio.lic on macOS and Linux.

之后，许可证信息将保存在Windows OS上的％APPDATA％/ PVS-Studio-Java / PVS-Studio.lic中或MacOS和Linux上的〜/ .config / PVS-Studio-Java / PVS-Studio.lic中 。。

After that you can run the analysis:

之后，您可以运行分析：

$ ./gradlew pvsAnalyze

In the block 'pvsstudio' you can configure the analyzer. A list of all settings can be found here.

在“ pvsstudio”块中，您可以配置分析仪。可以在此处找到所有设置的列表。

IntelliJ IDEA的插件 (Plugin for IntelliJ IDEA)

The PVS-Studio Java analyzer can be also used as a plugin for IntelliJ IDEA. In this case, the parsing of the project structure is made by means of this IDE and the plugin provides a convenient graphic interface to work with the analyzer.

PVS-Studio Java分析器也可以用作IntelliJ IDEA的插件。在这种情况下，项目结构的解析是通过此IDE进行的，并且插件提供了一个方便的图形界面来与分析仪一起使用。

The PVS-Studio plugin for IDEA can be installed:

可以安装IDEA的PVS-Studio插件：

from the official repository of JetBrains plugins;
来自JetBrains插件的官方仓库 ;
from the repository on the viva64.com site;
从viva64.com网站上的存储库中；
via the PVS-Studio installer for Windows, available on the download page.
通过适用于Windows的PVS-Studio安装程序，可在下载页面上找到。

Once you installed the plugin, you need to enter the license data:

安装插件后，您需要输入许可证数据：

1) Analyze -> PVS-Studio -> Settings

1)分析-> PVS-Studio->设置

2) Registration tab:

2)注册标签：

You can then run the analysis of the current project:

然后，您可以运行当前项目的分析：

发牌 (Licensing)

The PVS-Studio analyzer is meant for teams of developers and essentially represents a proprietary B2B product. To play around with all analyzer abilities, you can request a trial key.

PVS-Studio分析仪适用于开发人员团队，实质上代表了专有的B2B产品。要使用所有分析仪功能，您可以请求一个试用密钥。

If you are developing open projects, or for example, you are a student, then you can use one of the free licensing options of PVS-Studio.

如果您正在开发开放项目，或者例如，您是学生，则可以使用PVS-Studio的免费许可选项之一。

误报抑制 (False Positives Suppression)

To fight against false positives, the analyzer provides a set of different mechanisms.

为了对抗误报，分析仪提供了一组不同的机制。

1. Using special comments in the code:

1.在代码中使用特殊注释：

void f() {
    int x = 01000; //-V6061
}

2. Using the suppress file.

2.使用禁止文件。

3. Using the @SuppressWarnings(....) annotations.

3.使用@SuppressWarnings(....)批注。

The analyzer is aware of annotations and might not issue warnings on the code that has already been marked. For example:

分析器知道注释，并且可能不会对已标记的代码发出警告。例如：

@SuppressWarnings("OctalInteger")
void f() {
    int x = 01000;
}

结论 (Conclusion)

What we've just looked at is only a small part of what could be told. For example, it's also possible to integrate with SonarQube and much more. PVS-Studio Java is a new direction that is actively developing:

我们刚刚看到的只是可以告诉的一小部分。例如，还可以与SonarQube等集成。 PVS-Studio Java是正在积极开发的新方向：

new functionality is added,
添加了新功能，
abilities are expanding,
能力在扩大，
diagnostic rules are added and improved,
诊断规则已添加和改进，
and much more.
以及更多。

To fully explore the existing analyzer abilities and not to miss the emergence of new ones in future, follow the PVS-Studio blog.

要充分利用现有的分析仪功能，并且将来不要错过新的分析仪功能，请关注PVS-Studio 博客。

翻译自: https://habr.com/en/company/pvs-studio/blog/462267/

pvs-stdio ue4

cullen2012

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
pvs-stdio ue4_了解适用于Java的PVS-Studio静态分析器

pvs-stdio ue4 总览 (Overview)The PVS-Studio Java static code analyzer consists of 2 main parts: the kernel, which performs the analysis, and plugins for integration in build systems (Gradle, Maven) a...
复制链接

扫一扫