Code Analysis for C/C++ Overview
The C/C++ Code Analysis tool provides information to developers about possible defects in their C/C++ source code. Common coding errors reported by the tool include buffer overruns, un-initialized memory, null pointer dereferences, and memory and resource leaks.
To make it natural for developers to use the analysis tool, it is fully integrated within the Visual Studio IDE. During the build process, any warnings generated for the source code appear in the Error List. You can navigate to source code that caused the warning, and you can view additional information about the cause and possible solutions of the issue.
Developers can use the #pragma directive to treat warnings as errors; enable or disable warnings, and suppress warnings for individual lines of code. For more information, see How to: Enable and Disable Code Analysis for Specific C/C++ Warnings.
Annotations improve the accuracy of the code analysis. Annotations provide additional information about pre- and post- conditions on function parameters and return types. For more information, see How to: Specify Additional Code Information by Using __analysis_assume
You might want to require that all source code check-ins satisfy certain policies. In particular, you want to make sure that analysis was run as a step of the most recent local build. For more information about enabling a code analysis check-in policy, see Creating and Using Code Analysis Check-In Policies
You can use the integrated features of the build system to run code analysis tool as a step of the Team Foundation Server build process. For more information, see Build the application.
In addition to the full integration within the development environment, developers can also use the analysis tool from the command line, as shown in the following example:
C:\>cl /analyze Sample.cpp