Edit

Share via


Walkthrough: Analyzing C/C++ code for defects

This walkthrough demonstrates how to analyze C/C++ code for potential code defects. It uses the code analysis tools for C/C++ code.

In this walkthrough, you'll:

  • Run code analysis on native code.
  • Analyze code defect warnings.
  • Treat warning as an error.
  • Annotate source code to improve code defect analysis.

Prerequisites

Run code analysis on native code

To run code defect analysis on native code

  1. Open the CppDemo solution in Visual Studio.

    The CppDemo solution now populates Solution Explorer.

  2. On the Build menu, choose Rebuild Solution.

    The solution builds without any errors or warnings.

  3. In Solution Explorer, select the CodeDefects project.

  4. On the Project menu, choose Properties.

    The CodeDefects Property Pages dialog box is displayed.

  5. Select the Code Analysis property page.

  6. Change the Enable Code Analysis on Build property to Yes. Choose OK to save your changes.

  7. Rebuild the CodeDefects project.

    Code analysis warnings are displayed in the Error List window.

  1. Open the CppDemo solution in Visual Studio.

    The CppDemo solution now populates Solution Explorer.

  2. On the Build menu, choose Rebuild Solution.

    The solution builds without any errors or warnings.

    Note

    In Visual Studio 2017, you may see a spurious warning E1097 unknown attribute "no_init_all" in the IntelliSense engine. You can safely ignore this warning.

  3. In Solution Explorer, select the CodeDefects project.

  4. On the Project menu, choose Properties.

    The CodeDefects Property Pages dialog box is displayed.

  5. Select the Code Analysis property page.

  6. Select the Enable Code Analysis on Build check box. Choose OK to save your changes.

  7. Rebuild the CodeDefects project.

    Code analysis warnings are displayed in the Error List window.

To analyze code defect warnings

  1. On the View menu, choose Error List.

    This menu item may not be visible. It depends on the developer profile that you chose in Visual Studio. You might have to point to Other Windows on the View menu, and then choose Error List.

  2. In the Error List window, double-click the following warning:

    C6230: Implicit cast between semantically different types: using HRESULT in a Boolean context.

    The code editor displays the line that caused the warning inside the function bool ProcessDomain(). This warning indicates that an HRESULT is being used in an 'if' statement where a Boolean result is expected. It's typically a mistake, because when the S_OK HRESULT is returned from a function it indicates success, but when converted into a boolean value it evaluates to false.

  3. Correct this warning by using the SUCCEEDED macro, which converts to true when a HRESULT return value indicates success. Your code should resemble the following code:

    if (SUCCEEDED(ReadUserAccount()))
    
  4. In the Error List, double-click the following warning:

    C6282: Incorrect operator: assignment of constant in Boolean context. Consider using '==' instead.

  5. Correct this warning by testing for equality. Your code should look similar to the following code:

    if ((len == ACCOUNT_DOMAIN_LEN) || (g_userAccount[len] != L'\\'))
    
  6. Correct the remaining C6001 warnings in the Error List by initializing i and j to 0.

  7. Rebuild the CodeDefects project.

    The project builds without any warnings or errors.

Correct source code annotation warnings

To enable the source code annotation warnings in annotation.c

  1. In Solution Explorer, select the Annotations project.

  2. On the Project menu, choose Properties.

    The Annotations Property Pages dialog box is displayed.

  3. Select the Code Analysis property page.

  4. Change the Enable Code Analysis on Build property to Yes. Choose OK to save your changes.

  1. In Solution Explorer, select the Annotations project.

  2. On the Project menu, choose Properties.

    The Annotations Property Pages dialog box is displayed.

  3. Select the Code Analysis property page.

  4. Select the Enable Code Analysis on Build check box. Choose OK to save your changes.

To correct the source code annotation warnings in annotation.c

  1. Rebuild the Annotations project.

  2. On the Build menu, choose Run Code Analysis on Annotations.

  3. In the Error List, double-click the following warning:

    C6011: Dereferencing NULL pointer 'newNode'.

    This warning indicates failure by the caller to check the return value. In this case, a call to AllocateNode might return a NULL value. See the annotations.h header file for the function declaration for AllocateNode.

  4. The cursor is on the location in the annotations.cpp file where the warning occurred.

  5. To correct this warning, use an 'if' statement to test the return value. Your code should resemble the following code:

    LinkedList* newNode = AllocateNode();
    if (nullptr != newNode)
    {
        newNode->data = value;
        newNode->next = 0;
        node->next = newNode;
    }
    
  6. Rebuild the Annotations project.

    The project builds without any warnings or errors.

Use source code annotation to discover more issues

To use source code annotation

  1. Annotate formal parameters and return value of the function AddTail to indicate the pointer values may be null:

    _Ret_maybenull_ LinkedList* AddTail(_Maybenull_ LinkedList* node, int value)
    
  2. On the Build menu, choose Run Code Analysis on Solution.

  3. In the Error List, double-click the following warning:

    C6011: Dereferencing NULL pointer 'node'.

    This warning indicates that the node passed into the function might be null.

  4. To correct this warning, use an 'if' statement at the beginning of the function to test the passed in value. Your code should resemble the following code:

    if (nullptr == node)
    {
         return nullptr;
    }
    
  5. On the Build menu, choose Run Code Analysis on Solution.

    The project now builds without any warnings or errors.

See also

Walkthrough: Analyzing Managed Code for Code Defects
Code analysis for C/C++