code analysis for c++

0 %
100 %
Information about code analysis for c++

Published on January 5, 2016

Author: auranx

Source: slideshare.net

1. Code Analysis for C/C++

2. Overview  The C/C++ Code Analysis tool provides information to developers about possible defects in their C/C++ source code. Common coding errors reported by the tool include buffer overruns, un-initialized memory, null pointer dereferences, and memory and resource leaks. 5.1.2016Roman Okolovich2

3. Source-code Annotation Language (SAL)  The Microsoft source-code annotation language (SAL) provides a set of annotations that can be used to describe how a function uses its parameters, the assumptions that it makes about them, and the guarantees that it makes when it finishes. The annotations are defined in the header file <sal.h>. Visual Studio code analysis for C++ uses SAL annotations to modify its analysis of functions.  Natively, C and C++ provide only limited ways for developers to consistently express intent and invariance.  By using SAL annotations, you can describe your functions in greater detail so that developers who are consuming them can better understand how to use them. 5.1.2016Roman Okolovich3

4. SAL makes code more valuable void* memcpy( void* dest, const void* src, size_t count );  Without SAL annotations, you'd have to rely on documentation or code comments. void * memcpy( _Out_writes_bytes_all_(count) void *dest, _In_reads_bytes_(count) const void *src, size_t count );  Notice that these annotations resemble the information in the MSDN documentation, but they are more concise and they follow a semantic pattern. When you read this code, you can quickly understand the properties of this function and how to avoid buffer overrun security issues. 5.1.2016Roman Okolovich4

5. Find potential bugs wchar_t * wmemcpy( _Out_writes_all_(count) wchar_t *dest, _In_reads_(count) const wchar_t *src, size_t count) { size_t i; for (i = 0; i <= count; i++) { // BUG: off-by-one error dest[i] = src[i]; } return dest; }  This implementation contains a common off-by-one error. Fortunately, the code author included the SAL buffer size annotation—a code analysis tool could catch the bug by analyzing this function alone. 5.1.2016Roman Okolovich5

6.  Annotating Function Parameters and Return Values  _In_, _Out_, _Inout_, _In_z_, etc  When a pointer parameter annotation includes _opt_, it indicates that the parameter may be null  _In_opt_, _Out_opt_, _Inout_opt_, _In_opt_z_, etc  Return values  _Ret_z_, _Ret_maybenull_, _Ret_writes_to_(s,c), _Ret_notnull_, etc  Annotating Function Behavior  A function can fail, and when it does, its results may be incomplete or differ from the results when the function succeeds.  _Check_return_ - annotates a return value and states that the caller should inspect it.  _Always_(anno_list), _Success_(expr), etc  Example: annotate formal parameters and return value of the function by using the Pre and Post conditions: [returnvalue:SA_Post(Null=SA_Maybe)] LinkedList* AddTail([SA_Pre(Null=SA_Maybe)] LinkedList* node, int value) 5.1.2016Roman Okolovich6

7. Specify Additional Code Information It’s possible to provide hints to the code analysis tool for C/C++ code that will help the analysis process and reduce warnings. __analysis_assume( expr ) expr - any expression that is assumed to evaluate to true. #include <windows.h> #include <codeanalysissourceannotations.h> using namespace vc_attributes; // calls free and sets ch to null void FreeAndNull(char* ch); //requires pc to be null void f([Pre(Null=Yes)] char* pc); void test( ) { char *pc = (char*)malloc(5); FreeAndNull(pc); __analysis_assume(pc == NULL); f(pc); } 5.1.2016Roman Okolovich

8. When do I Annotate?  Annotate all pointer parameters.  Annotate value-range annotations so that Code Analysis can ensure buffer and pointer safety.  Annotate locking rules and locking side effects.  Annotate driver properties and other domain-specific properties.  In new code, you can use SAL-based specifications by design throughout; in older code, you can add annotations incrementally and thereby increase the benefits every time you update. 5.1.2016Roman Okolovich8

9. Links  Analyzing C/C++ Code Quality by Using Code Analysis  How to: Set Code Analysis Properties for C/C++ Projects  Understanding SAL  Annotating Function Parameters and Return Values  Annotating Locking Behavior 5.1.2016Roman Okolovich9

Add a comment

Related pages

Code Analysis for C/C++ Overview

The C/C++ Code Analysis tool provides information to developers about possible defects in their C/C++ source code. Common coding errors reported by the ...
Read more

Quick Start: Code Analysis for C/C++

To run code analysis every time the project is built using the selected configuration, select the Enable Code Analysis for C/C++ on Build check box.
Read more

List of tools for static code analysis - Wikipedia, the ...

List of tools for static code analysis This article needs additional citations for verification. ... List of static source code analysis tools for C;
Read more

Liste von Werkzeugen zur statischen Codeanalyse – Wikipedia

Diese Liste von Werkzeugen zur statischen Codeanalyse enthält Werkzeuge, mit deren Hilfe man Statische Code-Analyse betreiben kann. Derartige Werkzeuge ...
Read more

Code Analysis for C/C++

About This Video. Watch this short video to learn more about Code Analysis for C++. The C/C++ Code Analysis tool is a static analyzer that is provided with ...
Read more

Clang Static Analyzer

Clang Static Analyzer. The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C programs. Currently it can be ...
Read more

OCLint

OCLint, A static source code analysis tool to improve quality and reduce defects for C, C++ and Objective-C
Read more

c - Choosing a static code analysis tool - Stack Overflow

I'm working on a project where I'm coding in C in a UNIX environment. I've been using the lint tool to check my source code. Lint has been around a long ...
Read more

Cppcheck - A tool for static C/C++ code analysis

Cppcheck is an analysis tool for C/C++ code. It detects the types of bugs that the compilers normally fail to detect. The goal is no false positives.
Read more

C++ Code Analysis

Visual Studio Code Analysis and Code Metrics http://social.msdn.microsoft.com/Forums/en-US/3e982391-0e8b ... Set "Enable Code Analysis for C/C++ on Build ...
Read more