CMake 4.3.0 now officially integrates PVS-Studio static analyzer for C and C++ projects. Developers can enable analysis by setting the CMAKE_C_PVS_STUDIO or CMAKE_CXX_PVS_STUDIO directive in CMakeLists.txt, and analyzer warnings will appear alongside compiler output during the build. The post walks through a practical example using the LibreSSL cryptographic library, demonstrating how to configure and run the analysis with Ninja. It also highlights real bugs found in LibreSSL, including a dead assignment that prevents secure memory clearing under optimization and a duplicate condition in an ASN.1 parser. Limitations include no saved report file and no plog-converter support, though results can be aggregated in CDash. Existing analysis methods via compile_commands.json and the CMake module remain available.
Sort: