Analyze C++ code quality of Store apps using Visual Studio static code analysis
The code analysis tool in Visual Studio express editions examines your code for a set of common problems and violations of good programming practice. Code analysis warnings differ from compiler errors and warnings because code analysis searches for specific code patterns that are valid but could still create issues for you or other people who use your code. Code analysis can also find defects in your code that are difficult to discover through testing. Running the code analysis tool at regular intervals during your development process can enhance the quality of your completed app.
In Visual Studio Ultimate, Visual Studio Premium, and Visual Studio Professional, you can use the full functionality of code analysis tools. See Analyzing Application Quality by Using Code Analysis Tools in the MSDN Library.
To run code analysis on your Visual Studio solution:
On the Build menu, choose Run Code Analysis on Solution.
To automatically run code analysis each time you build a project:
Choose the project name in Solution Explorer and then choose Properties.
In the project property page, choose Code Analysis and then choose Enable Code Analysis for C/C++ on Build.
The solution is compiled and code analysis runs. Results appear in the Code Analysis window.
To analyze a specific warning, choose the title of the warning in the Code Analysis window. The warning expands to display detailed information about the issue. When possible, code analysis displays the line number and analysis logic that led to the warning.
When you expand a warning, the lines of code that caused the warning are highlighted in the Visual Studio code editor.
After you understand the problem, you can resolve it in your code. Then rerun code analysis to make sure that the warning no longer appears in the Code Analysis window, and that your fix has not raised new warnings.
You can rerun code analysis from the Code Analysis window. Choose the Analyze button and then choose the scope of the analysis. You can rerun analysis on the entire solution or on a selected project.
There are times when you might decide not to fix a code analysis warning. You might decide that resolving the warning requires too much recoding in relation to the probability that the issue will arise in any real-world implementation of your code. Or you might believe that the analysis that is used in the warning is inappropriate for the particular context. You can suppress individual warnings so that they no longer appear in the Code Analysis window.
To suppress a warning:
If the detailed information is not displayed, expand the title of the warning.
Choose the Actions link at the bottom of the warning.
Choose to Suppress Message and then choose In Source.
Suppressing a message inserts #pragma(warning:WarningId) that suppresses the warning for the line of code.
You can search long lists of warning messages and you can filter warnings in multi-project solutions.
Code analysis raises the following warnings for C++ code:
Using Uninitialized Memory
Dereferencing Null Pointer
Use Of Unchecked Value
Zero Termination From Call
Missing String Argument To Format Function
Missing Integer Argument To Format Function
Missing Pointer Argument To Format Function
Missing String Pointer Argument To Format Function
Returning uninitialized memory
Index Exceeds Buffer Maximum
Index Exceeds Stack Buffer Maximum
Missing Float Argument To Format Function
Extra Argument To Format Function
Non-Float Argument To Format Function
Non-Integer Argumen To Format Function
Non-Character Argument To Format Function
Invalid String Cast
Invalid CreateProcess Call
Invalid Object Argument To Format Function
Logical-Not Bitwise-And Precedence
Logical-Not Bitwise-Or Precedence
Invalid Character String Argument To Format Function
Invalid Wide Character String Argument To Format Function
Mismatched Size And Count Use
Incorrect Variable Argument Function Call
Potential Argument Type Mismatch
Invalid Parameter Value
Invalid Attribute Property
Conflicting Attribute Property Values
References Cannot Be Null
Null On Non-Pointer
MustCheck On Void
Buffer Size On Non-Pointer Or Array
Null Mismatch At Dereference Zero
Write Access On Constant
Return Used On Precondition
Null Terminated On Non-Pointer
MustCheck Must Be Yes Or No
Element Size Without Buffer Size
Buffer Size Exceeds Array Size
Buffer Size On Non-Pointer
No Properties On Attribute
Valid Size On Non-Readable Buffer
Writable Size On Non-Writable Buffer
Invalid annotation: value of the 'NeedsRelease' property must be Yes or No
Invalid Size String Dereference
Invalid Size String Type
Invalid Size String Parameter
Invalid Size String Unreachable Location
Invalid Size String Buffer Type
Invalid annotation: 'NeedsRelease' property may not be used on values of void type
Unrecognized Format String Style
The use of attribute annotations on this function will invalidate all of its existing __declspec annotations
Invalid size specification: expression not parsable
Invalid Deref= or Notref=: expression not parsable
The value is not a valid Yes/No/Maybe value
The value is not a string value
The value is not a number
Unexpected Annotation Expression Error
Expected number of arguments for annotation does not match actual number of arguments for annotation
Unexpected Annotation Error for annotation
The parameter being annotated must be a pointer
Dereferencing NULL pointer. The pointer contains the same NULL value as another pointer did.
Illegal reference to non-static member
Ambiguous reference to class member.
_Success_ or _On_failure_ used in an illegal context
Left operand points to a struct, use '->'
Left operand is a struct, use '.'
Annotations for the __on_failure context must not be in explicit pre context
Static context name expected for SAL_context
Pointer expression expected for annotation
The _Use_decl_annotations_ annotation must be used to reference, without modification, a prior declaration.
Attribute parameter names must be p1...p9
The typefix cannot be applied to a parameter that already has a typefix
The checkReturn annotation only applies to postconditions for the specific function parameter.
For function, the number of parameters to annotation does not match that found at file
For function paramteer, the annotation's parameter does not match that found at file
Member of enumeration expected for annotation the parameter in the annotation
Integer expression expected for annotation the parameter in the annotation
String expression expected for the parameter in the annotation
__yes, __no, or __maybe expected for annotation
Did not find expected Token/identifier for annotation, parameter
Annotation requires parameters
Did not find the correct number of required parameters in annotation
Annotation cannot also be a PrimOp (in current declaration)
Annotation cannot also be a PrimOp (see prior declaration)
Annotation parameter: cannot use type in annotations
Annotation does not support parameters
The type of parameter has no member.
Annotation is only valid on array
pre, post, or deref not applied to any annotation
pre, post, or deref applied to a block
__at expression does not apply to current function
The function cannot stand alone as an annotation
The annotation cannot be used in an expression
The annotation on parameter is no longer supported
The annotation on parameter has more than one of value, stringValue, and longValue. Use paramn=xxx
The annotation on parameter has both value, stringValue, or longValue; and paramn=xxx. Use only paramn=xxx
The annotation on parameter has param2 but no param1
The annotation for function on parameter is not recognized
The annotation for function on parameter requires more dereferences than the actual type annotated allows
The annotation for function annotates 'this' on a non-member-function
The parameter annotation for function does not match the type of the parameter
Inconsistent annotation for function: the prior instance has an error.
Inconsistent annotation for function: this instance has an error.
Inconsistent annotation for function: parameter has another annotations on this instance.
Inconsistent annotation for function: parameter has another annotations on this instance.
dynamic_cast<>() is not supported in annotations
A syntax error in the annotation was found in function, for annotation
A syntax error in a conditional annotation was found for Intrinsic annotation
Result lists values must be constants.
A syntax error in the annotations was found annotation in the function.
The annotation for function, parameter when examining is inconsistent with the function declaration
For function, the clues are inconsistent with the function declaration
The parameter to _Macro_value_ is null
For symbol, a 'begin' was found without a matching 'end'
For symbol, an 'end' was found without a matching 'begin'
Format Strings must be in preconditions
For function, syntax error in parameter
For function, syntax error near the end
For function, syntax Error in _At_() annotation (unrecognized parameter name)
For function, syntax Error in _At_() annotation (invalid parameter name)
For function: ReadableTo or WritableTo did not have a limit-spec as a parameter
the annotation for function contains more Externals than the actual number of parameters
post null/notnull at deref level 0 is meaningless for function.
Expression operands of incompatible types for operator
No annotations for first declaration of function.
An extra _Deref_ operator was found on annotation.
An ambiguous _Deref_ operator was found on annotation.
An improperly placed _Notref_ operator was found applied to token.
An error while parsing a token was discovered.
The annotation describes a situation that is not conditionally applicable.
The annotation describes where a dynamic value (a variable) cannot be used in the condition.