Walkthrough: Analyzing C/C++ code for defects
This walkthrough demonstrates how to analyze C/C++ code for potential code defects. It uses the code analysis tools for C/C++ code.
In this walkthrough, you'll:
- Run code analysis on native code.
- Analyze code defect warnings.
- Treat warning as an error.
- Annotate source code to improve code defect analysis.
Prerequisites
- A copy of the CppDemo Sample.
- Basic understanding of C/C++.
Run code analysis on native code
To run code defect analysis on native code
Open the CppDemo solution in Visual Studio.
The CppDemo solution now populates Solution Explorer.
On the Build menu, choose Rebuild Solution.
The solution builds without any errors or warnings.
In Solution Explorer, select the CodeDefects project.
On the Project menu, choose Properties.
The CodeDefects Property Pages dialog box is displayed.
Select the Code Analysis property page.
Change the Enable Code Analysis on Build property to Yes. Choose OK to save your changes.
Rebuild the CodeDefects project.
Code analysis warnings are displayed in the Error List window.
Open the CppDemo solution in Visual Studio.
The CppDemo solution now populates Solution Explorer.
On the Build menu, choose Rebuild Solution.
The solution builds without any errors or warnings.
Note
In Visual Studio 2017, you may see a spurious warning
E1097 unknown attribute "no_init_all"
in the IntelliSense engine. You can safely ignore this warning.In Solution Explorer, select the CodeDefects project.
On the Project menu, choose Properties.
The CodeDefects Property Pages dialog box is displayed.
Select the Code Analysis property page.
Select the Enable Code Analysis on Build check box. Choose OK to save your changes.
Rebuild the CodeDefects project.
Code analysis warnings are displayed in the Error List window.
To analyze code defect warnings
On the View menu, choose Error List.
This menu item may not be visible. It depends on the developer profile that you chose in Visual Studio. You might have to point to Other Windows on the View menu, and then choose Error List.
In the Error List window, double-click the following warning:
C6230: Implicit cast between semantically different types: using HRESULT in a Boolean context.
The code editor displays the line that caused the warning inside the function
bool ProcessDomain()
. This warning indicates that anHRESULT
is being used in an 'if' statement where a Boolean result is expected. It's typically a mistake, because when theS_OK
HRESULT is returned from a function it indicates success, but when converted into a boolean value it evaluates tofalse
.Correct this warning by using the
SUCCEEDED
macro, which converts totrue
when aHRESULT
return value indicates success. Your code should resemble the following code:if (SUCCEEDED(ReadUserAccount()))
In the Error List, double-click the following warning:
C6282: Incorrect operator: assignment of constant in Boolean context. Consider using '==' instead.
Correct this warning by testing for equality. Your code should look similar to the following code:
if ((len == ACCOUNT_DOMAIN_LEN) || (g_userAccount[len] != L'\\'))
Correct the remaining C6001 warnings in the Error List by initializing
i
andj
to 0.Rebuild the CodeDefects project.
The project builds without any warnings or errors.
Correct source code annotation warnings
To enable the source code annotation warnings in annotation.c
In Solution Explorer, select the Annotations project.
On the Project menu, choose Properties.
The Annotations Property Pages dialog box is displayed.
Select the Code Analysis property page.
Change the Enable Code Analysis on Build property to Yes. Choose OK to save your changes.
In Solution Explorer, select the Annotations project.
On the Project menu, choose Properties.
The Annotations Property Pages dialog box is displayed.
Select the Code Analysis property page.
Select the Enable Code Analysis on Build check box. Choose OK to save your changes.
To correct the source code annotation warnings in annotation.c
Rebuild the Annotations project.
On the Build menu, choose Run Code Analysis on Annotations.
In the Error List, double-click the following warning:
C6011: Dereferencing NULL pointer 'newNode'.
This warning indicates failure by the caller to check the return value. In this case, a call to
AllocateNode
might return a NULL value. See the annotations.h header file for the function declaration forAllocateNode
.The cursor is on the location in the annotations.cpp file where the warning occurred.
To correct this warning, use an 'if' statement to test the return value. Your code should resemble the following code:
LinkedList* newNode = AllocateNode(); if (nullptr != newNode) { newNode->data = value; newNode->next = 0; node->next = newNode; }
Rebuild the Annotations project.
The project builds without any warnings or errors.
Use source code annotation to discover more issues
To use source code annotation
Annotate formal parameters and return value of the function
AddTail
to indicate the pointer values may be null:_Ret_maybenull_ LinkedList* AddTail(_Maybenull_ LinkedList* node, int value)
On the Build menu, choose Run Code Analysis on Solution.
In the Error List, double-click the following warning:
C6011: Dereferencing NULL pointer 'node'.
This warning indicates that the node passed into the function might be null.
To correct this warning, use an 'if' statement at the beginning of the function to test the passed in value. Your code should resemble the following code:
if (nullptr == node) { return nullptr; }
On the Build menu, choose Run Code Analysis on Solution.
The project now builds without any warnings or errors.
See also
Walkthrough: Analyzing Managed Code for Code Defects
Code analysis for C/C++