PVS-Studio 7.24: Unity, advanced warning suppression and much more

Apr 13 2023

Author: Nikita Lipilin

PVS-Studio 7.24 is released. We enhanced the analysis of Unity projects, introduced new features for handling suppress files (*.suppress), implemented new diagnostic rules, and so on. Learn more details on the release in this note.

Enhanced Unity projects analysis

The '==' operator is overloaded in a peculiar way for many Unity classes. The peculiarity of this overload is that checking for null can return true even if the reference being compared is not null. Here is an example:

void Start()
{
  GameObject obj = GameObject.CreatePrimitive(PrimitiveType.Sphere);
  Instantiate(obj);

  if (obj == null)
    Debug.Log("obj == null before destroy");

  DestroyImmediate(obj);

  if (obj == null)
    Debug.Log("obj == null after destroy");

  if (ReferenceEquals(obj, null))
    Debug.Log("obj is really null");

  if (obj is null)
    Debug.Log("obj is really null 2");
}

If you've ever worked with Unity, you can guess that the only message that will be displayed on the console screen is "obj == null after destroy". This happens because the '==' operator returns true when compared to null if the object being compared is destroyed.

The new version of the analyzer better recognizes the features of the game engine. It helps eliminate false positives on dereferencing null references. Now PVS-Studio also tracks accesses to methods and properties of potentially destroyed objects. These accesses may result in exceptions. We've introduced the new V3188 diagnostic rule to search for them.

We intend to further enhance the analysis of Unity projects by fine-tuning existing mechanisms and introducing new diagnostic rules. Feel free to contact us if you have any ideas about what errors the analyzer should detect in Unity projects.

Advanced handling of suppress files in Visual Studio

The interface for handling suppress files (*.suppress) has been significantly expanded in the plugin for Visual Studio. Previously, a project could have only one suppress file. Now you can have multiple suppress files for each project.

Some of the new features are listed below.

1) You can add warnings to specific suppress files:

2) You can select the suppress files, the warnings from which will be displayed in the list:

3) You can transfer suppressed warnings between suppress files.

These features will make it easier to implement new scenarios for handling suppress files. For example, you can use one suppress file for warnings left "for later", and another one for false positives.

Further information on these and other features can be found in the documentation.

New features for suppressing warnings in the command line

Now the PVS-Studio_Cmd.exe and pvs-studio-dotnet utilities have a new Suppression mode. You can use it to deal with suppress files in many different ways.

For example, you can create a new suppress file for each project of the solution:

PVS-Studio_Cmd.exe suppression -m CreateEmptySuppressFiles ^
                               -t JulietTestSuite.sln ^
                               -P myPrefix%projName%myPostfix.suppress

This command adds an empty suppress file to each solution project. The name of the suppress file is based on the name of the corresponding project.

Another curious feature is the suppression of warnings that meet certain criteria:

PVS-Studio_Cmd.exe suppression -m Suppress ^
                               -t JulietTestSuite.sln ^
                               -P myPrefix%projName%myPostfix.suppress ^
                               -R  JulietTestSuite.plog ^
                               --groups "GA:3|OWASP"

The specified command will suppress warnings from the JulietTestSuite.plog report into the suppress files corresponding to the pattern passed in via the '-P' parameter. However, only level 3 warnings of the General Analysis group and all OWASP warnings will be suppressed.

Thus, you can also remove the suppression of specific warnings by passing 'UnSuppress' as the value of the '-m' parameter.

These and other features of the new mode are described in detail in the documentation.

Support for the null-forgiving operator ('!') in C#

C# 9 got an option to conditionally divide reference types into those that allow null and those that don't. You can find the details in the official Microsoft documentation.

When a reference type variable can have a null value, '?' is added to its type name. If, in a particular situation, the expression does not return a null reference, developers can use the null-forgiving operator ('!'). Here is an example:

bool _returnText = false;

void Foo()
{
  _returnText = true;

  string value = GetText()!;
  _ = value.Length;
}

// may return null
private string? GetText()
{
  return _returnText ? "some text" : null;
}

The GetText method can in fact return null in some cases, but when it is called inside of Foo, the result is always the "some text" string. By labeling the call with a postfix '!', the developer informs the compiler that the expression does not equal null.

We thought long and hard whether it was necessary for the analyzer to take the null-forgiving operator into account. On the one hand, it does not guarantee that the expression will not be null. On the other hand, it's a way to suppress false compiler warnings on unsafe dereference. Is it worth issuing a warning in places where a similar compiler warning has already been suppressed?

As a result, the analyzer did begin to take the null-forgiving operator into account when issuing warnings. Now PVS-Studio will not issue warnings on the potential null reference dereference, if the expression is labeled with '!'. However, a warning will still be shown if null is the only possible value of the expression.

New diagnostic rules

C, C++

V1095. Usage of potential invalid handle. The value should be non-negative.
V1096. Variable with static storage duration is declared inside the inline function with external linkage. This may lead to ODR violation.
V1097. Line splice results in a character sequence that matches the syntax of a universal-character-name. Using this sequence lead to undefined behavior.

V3187. Parts of an SQL query are not delimited by any separators or whitespaces. Executing this query may lead to an error.
V3188. The value of an expression is a potentially destroyed Unity object or null. Member invocation on this value may lead to an exception.
V3189. The assignment to a member of the readonly field will have no effect when the field is of a value type. Consider restricting the type parameter to reference types.

User's personal account

Recently our website got a new feature. Now you can create and log in to your personal account. The registration/authorization buttons can be found in the website header by hovering over the icon: