Analyze C++ code quality of Store apps using Visual Studio static code analysis
.png "Applies to Windows and Windows Phone")
The code analysis tool in Visual Studio express editions examines your code for a set of common problems and violations of good programming practice. Code analysis warnings differ from compiler errors and warnings because code analysis searches for specific code patterns that are valid but could still create issues for you or other people who use your code. Code analysis can also find defects in your code that are difficult to discover through testing. Running the code analysis tool at regular intervals during your development process can enhance the quality of your completed app.
Note
In Visual Studio Ultimate, Visual Studio Premium, and Visual Studio Professional, you can use the full functionality of code analysis tools. See Analyzing Application Quality by Using Code Analysis Tools in the MSDN Library.
In this topic
You can learn about:
Analyzing and resolving code analysis warnings
Suppressing code analysis warnings
Searching and filtering code analysis results
Running code analysis
To run code analysis on your Visual Studio solution:
- On the Build menu, choose Run Code Analysis on Solution.
To automatically run code analysis each time you build a project:
Choose the project name in Solution Explorer and then choose Properties.
In the project property page, choose Code Analysis and then choose Enable Code Analysis for C/C++ on Build.
The solution is compiled and code analysis runs. Results appear in the Code Analysis window.
.png "Code Analysis window")
Analyzing and resolving code analysis warnings
To analyze a specific warning, choose the title of the warning in the Code Analysis window. The warning expands to display detailed information about the issue. When possible, code analysis displays the line number and analysis logic that led to the warning.
.png "Expanded code analysis warning")
When you expand a warning, the lines of code that caused the warning are highlighted in the Visual Studio code editor.
.png "Highlighted source code")
After you understand the problem, you can resolve it in your code. Then rerun code analysis to make sure that the warning no longer appears in the Code Analysis window, and that your fix has not raised new warnings.
Tip
You can rerun code analysis from the Code Analysis window. Choose the Analyze button and then choose the scope of the analysis. You can rerun analysis on the entire solution or on a selected project.
Suppressing code analysis warnings
There are times when you might decide not to fix a code analysis warning. You might decide that resolving the warning requires too much recoding in relation to the probability that the issue will arise in any real-world implementation of your code. Or you might believe that the analysis that is used in the warning is inappropriate for the particular context. You can suppress individual warnings so that they no longer appear in the Code Analysis window.
To suppress a warning:
If the detailed information is not displayed, expand the title of the warning.
Choose the Actions link at the bottom of the warning.
Choose to Suppress Message and then choose In Source.
Suppressing a message inserts #pragma(warning:WarningId) that suppresses the warning for the line of code.
Searching and filtering code analysis results
You can search long lists of warning messages and you can filter warnings in multi-project solutions.
.png "Search and filter the code analysis window")
C++ code analysis warnings
Code analysis raises the following warnings for C++ code:
Rule |
Description |
|---|---|
Using Uninitialized Memory |
|
Dereferencing Null Pointer |
|
Use Of Unchecked Value |
|
Zero Termination From Call |
|
Bad Concatenation |
|
Missing String Argument To Format Function |
|
Missing Integer Argument To Format Function |
|
Missing Pointer Argument To Format Function |
|
Missing String Pointer Argument To Format Function |
|
Returning uninitialized memory |
|
Index Exceeds Buffer Maximum |
|
Index Exceeds Stack Buffer Maximum |
|
Missing Float Argument To Format Function |
|
Extra Argument To Format Function |
|
Non-Float Argument To Format Function |
|
Non-Integer Argumen To Format Function |
|
Non-Character Argument To Format Function |
|
Invalid String Cast |
|
Invalid CreateProcess Call |
|
Invalid Object Argument To Format Function |
|
Logical-Not Bitwise-And Precedence |
|
Logical-Not Bitwise-Or Precedence |
|
Invalid Character String Argument To Format Function |
|
Invalid Wide Character String Argument To Format Function |
|
Mismatched Size And Count Use |
|
Incorrect Variable Argument Function Call |
|
Potential Argument Type Mismatch |
|
Read Overrun |
|
Write Overrun |
|
Invalid Parameter Value |
|
Invalid Attribute Property |
|
Conflicting Attribute Property Values |
|
References Cannot Be Null |
|
Null On Non-Pointer |
|
MustCheck On Void |
|
Buffer Size On Non-Pointer Or Array |
|
Null Mismatch At Dereference Zero |
|
Write Access On Constant |
|
Return Used On Precondition |
|
Null Terminated On Non-Pointer |
|
MustCheck Must Be Yes Or No |
|
Element Size Without Buffer Size |
|
Buffer Size Exceeds Array Size |
|
Buffer Size On Non-Pointer |
|
No Properties On Attribute |
|
Valid Size On Non-Readable Buffer |
|
Writable Size On Non-Writable Buffer |
|
Invalid annotation: value of the 'NeedsRelease' property must be Yes or No |
|
Invalid Size String Dereference |
|
Invalid Size String Type |
|
Invalid Size String Parameter |
|
Invalid Size String Unreachable Location |
|
Invalid Size String Buffer Type |
|
Invalid annotation: 'NeedsRelease' property may not be used on values of void type |
|
Unrecognized Format String Style |
|
The use of attribute annotations on this function will invalidate all of its existing __declspec annotations |
|
Invalid size specification: expression not parsable |
|
Invalid Deref= or Notref=: expression not parsable |
|
The value is not a valid Yes/No/Maybe value |
|
The value is not a string value |
|
The value is not a number |
|
Unexpected Annotation Expression Error |
|
Expected number of arguments for annotation does not match actual number of arguments for annotation |
|
Unexpected Annotation Error for annotation |
|
The parameter being annotated must be a pointer |
|
Dereferencing NULL pointer. The pointer contains the same NULL value as another pointer did. |
|
Illegal reference to non-static member |
|
Ambiguous reference to class member. |
|
_Success_ or _On_failure_ used in an illegal context |
|
Left operand points to a struct, use '->' |
|
Left operand is a struct, use '.' |
|
Annotations for the __on_failure context must not be in explicit pre context |
|
Static context name expected for SAL_context |
|
Pointer expression expected for annotation |
|
The _Use_decl_annotations_ annotation must be used to reference, without modification, a prior declaration. |
|
Attribute parameter names must be p1...p9 |
|
The typefix cannot be applied to a parameter that already has a typefix |
|
The checkReturn annotation only applies to postconditions for the specific function parameter. |
|
For function, the number of parameters to annotation does not match that found at file |
|
For function paramteer, the annotation's parameter does not match that found at file |
|
Member of enumeration expected for annotation the parameter in the annotation |
|
Integer expression expected for annotation the parameter in the annotation |
|
String expression expected for the parameter in the annotation |
|
__yes, __no, or __maybe expected for annotation |
|
Did not find expected Token/identifier for annotation, parameter |
|
Annotation requires parameters |
|
Did not find the correct number of required parameters in annotation |
|
Annotation cannot also be a PrimOp (in current declaration) |
|
Annotation cannot also be a PrimOp (see prior declaration) |
|
Annotation parameter: cannot use type in annotations |
|
Annotation does not support parameters |
|
The type of parameter has no member. |
|
Annotation is only valid on array |
|
pre, post, or deref not applied to any annotation |
|
pre, post, or deref applied to a block |
|
__at expression does not apply to current function |
|
The function cannot stand alone as an annotation |
|
The annotation cannot be used in an expression |
|
The annotation on parameter is no longer supported |
|
The annotation on parameter has more than one of value, stringValue, and longValue. Use paramn=xxx |
|
The annotation on parameter has both value, stringValue, or longValue; and paramn=xxx. Use only paramn=xxx |
|
The annotation on parameter has param2 but no param1 |
|
The annotation for function on parameter is not recognized |
|
The annotation for function on parameter requires more dereferences than the actual type annotated allows |
|
The annotation for function annotates 'this' on a non-member-function |
|
The parameter annotation for function does not match the type of the parameter |
|
Inconsistent annotation for function: the prior instance has an error. |
|
Inconsistent annotation for function: this instance has an error. |
|
Inconsistent annotation for function: parameter has another annotations on this instance. |
|
Inconsistent annotation for function: parameter has another annotations on this instance. |
|
dynamic_cast<>() is not supported in annotations |
|
A syntax error in the annotation was found in function, for annotation |
|
A syntax error in a conditional annotation was found for Intrinsic annotation |
|
Result lists values must be constants. |
|
A syntax error in the annotations was found annotation in the function. |
|
The annotation for function, parameter when examining is inconsistent with the function declaration |
|
For function, the clues are inconsistent with the function declaration |
|
The parameter to _Macro_value_ is null |
|
For symbol, a 'begin' was found without a matching 'end' |
|
For symbol, an 'end' was found without a matching 'begin' |
|
Format Strings must be in preconditions |
|
For function, syntax error in parameter |
|
For function, syntax error near the end |
|
For function, syntax Error in _At_() annotation (unrecognized parameter name) |
|
For function, syntax Error in _At_() annotation (invalid parameter name) |
|
For function: ReadableTo or WritableTo did not have a limit-spec as a parameter |
|
the annotation for function contains more Externals than the actual number of parameters |
|
post null/notnull at deref level 0 is meaningless for function. |
|
Expression operands of incompatible types for operator |
|
No annotations for first declaration of function. |
|
An extra _Deref_ operator was found on annotation. |
|
An ambiguous _Deref_ operator was found on annotation. |
|
An improperly placed _Notref_ operator was found applied to token. |
|
An error while parsing a token was discovered. |
|
The annotation describes a situation that is not conditionally applicable. |
|
The annotation describes where a dynamic value (a variable) cannot be used in the condition. |