|Important||This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here.|
Code Analysis for C/C++ Overview
C/C++ Code Analysis tool provides information to developers about possible defects in their C/C++ source code. Common coding errors reported by the tool include buffer overrun, un-initialized memory, null pointer dereference, memory and resource leaks.
To make it natural for developers to use the analysis tool, it is fully integrated within the IDE. During the build process, any warnings generated for the source code appear in the Error List. These warnings include defect path information, if available; double-clicking the warning highlights the defect path that led to the warning.
Annotations improve the accuracy of the code analysis. Annotations provide additional information about pre- and post- conditions on function parameters and return types.
[returnvalue:Post( MustCheck=SA_Yes )] double* CalcSquareRoot
[Pre( Null=SA_No )] double* source,
unsigned int size
In the preceding example:
[Post ( MustCheck=SA_Yes)] requires caller to check the return value of CalcSquareRoot
[Pre ( Null=SA_No)] requires caller to pass non-null parameter "source" to CalcSquareRoot
As an organization, you might want to require that all check-ins satisfy certain policies. In particular, you want to make sure that you follow these policies:
There were no build errors in the code being checked in.
Code analysis was run as part of the most recent build.
You can accomplish this by specifying check-in policies.
You can use the integrated features of the build system to run the analysis tool as part of the build process. For more information, see Team Foundation Build Overview.