Quick Start: Code Analysis for C/C++
You can improve the quality of your application by running code analysis regularly on C or C++ code. This can help you find common problems, violations of good programming practice, or defects that are difficult to discover through testing. Code analysis warnings differ from compiler errors and warnings because code analysis searches for specific code patterns that are valid but could still create issues for you or other people who use your code.
Requirements
- Visual Studio Ultimate, Visual Studio Premium, Visual Studio Professional
In this topic
Configure rule sets for a project
In Solution Explorer, open the shortcut menu for the project name and then choose Properties.
The following steps are optional:
In the Configuration and Platform lists, choose the build configuration and target platform.
By default, code analysis does not report warnings from code that is automatically generated by external tools. To view warnings from generated code, clear the Suppress results from generated code check box.
Note
This option does not suppress code analysis errors and warnings from generated code when the errors and warnings appear in forms and templates. You can both view and maintain the source code for a form or a template.
To run code analysis every time the project is built using the selected configuration, select the Enable Code Analysis for C/C++ on Build check box. You can also run code analysis manually by opening the Analyze menu and then choosing Run Code Analysis on ProjectName.
In the Run this rule set list, do one of the following:
Choose the rule set that you want to use.
Choose <Browse...> to specify an existing custom rule set that is not in the list.
Define a custom rule set.
For more information, see Creating Custom Code Analysis Rule Sets.
Standard C/C++ Rule Sets
Visual Studio includes two standard sets of rules for native code:
Rule Set |
Description |
|---|---|
Microsoft Native Minimum Recommended Rules |
This rule set focuses on the most critical problems in your native code, including potential security holes and application crashes. You should include this rule set in any custom rule set you create for your native projects. |
Microsoft Native Recommended Rules |
This rule set covers a broad range of problems. It includes all the rules in Microsoft Native Minimum Recommended Rules. |
Run code analysis
On the Code analysis page of the project properties pages, you can configure code analysis to run each time you build your project. You can also run code analysis manually.
To run code analysis on a solution:
- On the Build menu, choose Run Code Analysis on Solution.
To run code analysis on a project:
In Solution Explorer, choose the name of the project.
On the Build menu, choose Run Code Analysis on Project Name.
The project or solution is compiled and code analysis runs. Results appear in the Code Analysis window.
Analyze and resolve code analysis warnings
To analyze a specific warning, choose the title of the warning in the Code Analysis window. The warning expands to display additional information about the issue. When possible, code analysis displays the line numbers and analysis logic that led to the warning. For detailed information about the warning, including possible solutions to the issue, choose the warning id to display the help topic in the MSND Library for the message.
When you expand a warning, the line of code that caused the warning is highlighted in the Visual Studio code editor.
After you understand the problem, you can resolve it in your code. Then rerun code analysis to make sure that the warning no longer appears in the Code Analysis window, and that your fix has not raised new warnings.
Tip
You can rerun code analysis from the Code Analysis window. Choose the Analyze button and choose the scope of the analysis. You can rerun analysis on the entire solution or on a selected project.
Suppressing code analysis warnings
There are times when you might decide not to fix a code analysis warning. You might decide that resolving the warning requires too much recoding in relation to the probability that the issue will arise in any real-world implementation of your code. Or you might believe that the analysis that is used in the warning is inappropriate for the particular context. You can suppress individual warnings so that they no longer appear in the Code Analysis window.
To suppress a warning:
If the detailed information is not displayed, choose the title of the warning to expand it.
Choose the Actions link at the bottom of the warning.
Choose Suppress Message and then choose In Source.
Suppressing a message inserts #pragma warning (disable:WarningId) that suppresses the warning for the line of code.
Creating work items for code analysis warnings
You can use the work item tracking feature to log bugs from within Visual Studio. To use this feature, you must connect to an instance of Team Foundation Server.
To create a work item for one or more C/C++ code warnings
In the Code Analysis window, expand and select the warnings
On the shortcut menu for the warnings, choose Create Work Item, and then choose the work item type.
Visual Studio creates a single work item for the selected warnings and displays the work item in a document window of the IDE.
Add any additional information, and then choose Save Work Item.
Searching and filtering code analysis results
You can search long lists of warning messages and you can filter warnings in multi-project solutions.
To filter warnings by title or warning id: Enter the keyword in the Filter text box.
To filter warnings by project: In a multi-project solution, choose one or more projects in the list at the top right of the Code Analysis window. Choose the solution name to display all warnings.
To filter warnings by severity: By default, code analysis messages are assigned a severity of Warning. You can assign the severity of one or more messages as Error in a custom rule set. Choose either Warning or Error to display only the messages that are assigned the respective severity. Choose All to display all messages.