Analyzing Application Quality by Using Code Analysis Tools

What's New in Visual Studio 2012

Code Analysis window	Code analysis warnings now appear on the Code Analysis tool window. The window helps you manage and resolve code analysis warnings.
Filter warning messages	On the window, you can filter messages on the Code Analysis window by keyword, project, and severity.
Code editor highlighting	Selecting a message in the window Code Analysis highlights the line in the source code editor where the message was triggered.
C++ message suppression	On the Code Analysis window, you can insert a pragma into the source code that suppresses a selected warning.
C++ rule sets	Like managed code, you can now specify the analysis rules that you want to apply to code analysis runs by creating or using rule sets.

Support for Windows Store apps

You can run code analysis on Visual Basic, C#, and C/++ code in Windows Store apps. For more information, see Analyzing the code quality of Windows Store apps with Visual Studio code analysis in the Windows Dev Center.

New C++Concurrency Warnings

The new concurrency warnings help you ensure locking disciplines in multithreaded C/C++ programs. The analyzer detects a number of concurrency bugs, including potential race conditions, lock order inversions, caller/callee locking contract violations, and mismatched synchronization operations.

C26100	Race condition. Variable <var> should be protected by lock <lock>.
C26101	Failing to use interlocked operation properly for variable <var>.
C26105	Lock order violation. Acquiring lock <lock> with level <level> causes order inversion.
C26110	Caller failing to hold lock <lock> before calling function <func>.
C26111	Caller failing to release lock <lock> before calling function <func>.
C26112	Caller cannot hold any lock before calling <func>.
C26115	Failing to release lock <lock> in function <func>.
C26116	Failing to acquire or to hold lock <lock> in <func>.
C26117	Releasing unheld lock <lock> in function <func>.
C26130	Missing annotation _Requires_lock_held_(<lock>) or _No_competing_thread_ at function <func>. Otherwise it could be a race condition. Variable <var> should be protected by lock <lock>.
C26135	Missing annotation <annotation> at function <func>.
C26140	Concurrency SAL annotation error
C26160	Caller possibly failing to hold lock <lock> before calling function <func>.
C26165	Possibly failing to release lock
C26166	Possibly failing to acquire or to hold lock <lock> in function <func>.
C26167	Possibly releasing unheld lock <lock> in function <func>.
C28101	The Drivers module has inferred that the current function is not the correct type of function
C28182	Dereferencing NULL pointer

In This Section

Managed Code Analysis

Code analysis for managed code provides information about managed assemblies, such as violations of the programming and design rules set forth in the Microsoft .NET Framework Design Guidelines. Warning messages identify any relevant programming and design issues and, when it is possible, supply information about how to fix the problem.

• Analyzing Managed Code Quality by Using Code Analysis
  Learn how to configure and run the managed code analysis tool.

• Code Analysis for Managed Code Warnings
  Describes the warnings that code analysis reports for C/C++ code.

C++ Code Analysis

The C/C++ Code Analysis tool provides information to developers about possible defects in their C/C++ source code. Common coding errors reported by the tool include buffer overruns, un-initialized memory, null pointer dereferences, and memory and resource leaks.

• Analyzing C/C++ Code Quality by Using Code Analysis
  Learn how to configure and run the C/C++ code analysis tool.

• Code Analysis for C/C++ Warnings
  Describes the warnings that code analysis reports for C/C++ code.

Code Analysis for Drivers

Code analysis tools can help improve the stability and reliability of your driver by systematically analyzing the driver source code.

• Analyzing Driver Quality by Using Code Analysis Tools
  Code Analysis for Drivers is a compile-time static verification tool that detects basic coding errors in C and C++ programs and includes a specialized module that is designed to detect errors in (primarily) kernel-mode driver code.. Static Driver Verifier (SDV) is a static verification tool that systematically analyzes the source code of Windows kernel-mode drivers. SDV determines whether the driver correctly interacts with the Windows operating system kernel.

• Code Analysis for Drivers Warnings
  Describes the warnings that the Code Analysis for Drivers reports when it detects a possible error in driver code.

Additional Topics in This Section

• Viewing Code Analysis Messages

• Enhancing Code Quality with Team Project Check-in Policies

More Code Analysis Info

• Enhancing Code Quality with Team Project Check-in Policies
  Insert description here.

Related Tasks

• Measuring Complexity and Maintainability of Managed Code
  Insert description here.

• Verifying Code by Using Unit Tests
  Insert description here.