PVS-Studio 7.41: MISRA C 2023, enhanced Unreal Engine integration, new logging system, and much more

PVS-Studio 7.41 has been released. It brings improvements for Unreal Engine, support for MISRA C 2023, an update to the IntelliJ IDEA plugin, and other useful changes. See more details in this note.

Support for MISRA C 2023 standard

Throughout the year, we have been working to cover more of the MISRA C 2023 standard. Currently, PVS-Studio analyzer covers 86% of the standard. You can find more information on this page.

In future releases, we will continue to expand MISRA C++ 2023 standard coverage.

Enhancements for Unreal Engine support

We continue to enhance how PVS-Studio handles Unreal Engine project code.

In this release, we improved the C++ analyzer's diagnostic capabilities for these projects. We fixed issues in the V557 diagnostic rule when working with engine containers, as well as a problem with parsing the final specifier in virtual functions.

For more details on how PVS-Studio works with Unreal Engine, refer to the documentation.

Expanded taint analysis in C\

We expanded taint analysis support in the C# analyzer. Now you can add JSON user annotations for async functions. We also annotated async methods in standard library classes.

With the user annotation mechanism, you can provide the analyzer with additional context via a JSON file. We introduced this feature for the C# analyzer in PVS-Studio 7.33. For more details on how it works, refer to the documentation.

The removal of redundant false alarm markers

A new utility, pvs-fp-cleaner, is now included in PVS-Studio distributions. It removes redundant false alarm markers from the codebase.

False alarm markers are code comments that indicate to the analyzer that a triggered diagnostic rule on a specific line is a false positive and should not appear in the report. Previously, removing these markers required a manual review of the entire codebase.

For more details on the new utility, refer to the documentation.

New logging system

Starting with this release, we are introducing a new logging system.

This system streamlines the process of collecting information about issues encountered when using PVS-Studio analyzers, thereby simplifying the technical support process.

The first stage involved adding extended logging for the C and C++ cross-platform analyzer. In the next release, we plan to extend logging for the analyzer of C++ and C# projects based on the MSBuild build system.

For more details on the new logging system, refer to the documentation.

Enhancements to the IntelliJ IDEA plugin

We are constantly improving our IDE plugins to streamline the user experience of the analyzer during development.

This release enhances the IntelliJ IDEA plugin with the capability to convert analyzer reports to CSV format and the option to display relative paths. We also fixed the slowdown when opening documentation.

For more information on how the IntelliJ IDEA plugin works, refer to the documentation .

Breaking Changes

These changes are not backward compatible with earlier versions of the analyzer. You may need to adjust how you use the analyzer due to these changes.

• The analyzer output now follows a consistent CSV format. The converter-generated reports were changed for all platforms.
• The V2609 diagnostic rule message was changed. Previously suppressed warnings may reappear in the analyzer report.

New diagnostic rules

C and C++

• V2667. MISRA. The value of an expression and its persistent side effects must be the same under all permitted evaluation orders and must be independent from thread interleaving.
• V2668. MISRA. Macro parameter immediately following by the '#' operator should not immediately be followed by the '##' operator.
• V2669. MISRA. Tokens that look like a preprocessing directive should not occur within a macro argument.
• V2670. MISRA. Thread objects, thread synchronization objects, and thread-specific storage pointers should only be accessed by the appropriate Standard Library functions.
• V2671. MISRA. Pointers returned by the function 'localeconv' / 'getenv' / 'setlocale' / 'strerror' should be used as if they have pointer to const-qualified type.
• V2672. MISRA. Subtraction between pointers should only be applied to pointers that address elements of the same array.

C\

• V3230. Comparison with 'typeof(Nullable)' is meaningless. Calling 'GetType()' on a nullable variable never returns 'Nullable'.

Java

• V5339. OWASP. Potential RCE vulnerability. Insecure GraalVM context is used to process potentially tainted data.
• V5340. OWASP. Code contains invisible characters that may alter its logic. Consider enabling the display of invisible characters in the code editor.

Articles

Here's our usual roundup of blog posts. Over the past two months, we have published articles covering the best bugs in C++, C#, and Java for 2025. We have also explained alignment intricacies and discussed how dangerous Minecraft mods can compromise server security. You can find a full list of articles on different topics below.

C and C++

• Bugs in the Wild West: Top 10 C and C++ errors of 2025
• Silent foe or quiet ally: Brief guide to alignment in C++: Part 1 and Part 2

C\

• Top 10 errors found in C# projects in 2025

Java

• Top 10 noteworthy Java errors in 2025
• The Hitchhiker's Guide to LTS: Key changes when upgrading from Java 8 to Java 11

GameDev

• What's C++ like in gamedev?
• How to avoid losing your Minecraft server due to dangerous mods

Other

• From experts to speakers: No pressure included
• How to create your own Go static analyzer?
• What's new in PVS-Studio in 2025?
• Vibe coding: Pros, cons, and 2026 forecasts from PVS-Studio

Conclusion

If you would like to get news on latest releases, subscribe to our newsletter here.

If you haven't yet checked your project using PVS-Studio, you can start by getting a trial license.