Code Analysis Overview (Windows Embedded CE 6.0)
1/5/2010
Developed from the PREfast static analysis tool, C/C++ Code Analysis identifies defects in the C/C++ source via intra-procedural analysis, and outputs the defects it finds in a log report.
Users commonly run Code Analysis over a section of code, view the results in the log, make fixes, and then run Code Analysis again. To make the best use of Code Analysis, divide your build into sections that are 10MB or smaller, and then run Code Analysis on each section.
For information about how to enable Code Analysis, see the desktop compiler documentation.
When the analysis is complete, C/C++ Code Analysis displays a log of the code defects encountered. Each line entry in the log shows the following information:
- A warning message that describes the type of defect
- A Code Analysis warning number
- The source location
- The function where the code defect occurred
Code Analysis warnings look just like other compiler warnings, with two exceptions:
- A code analysis identifier is of the form C6XXX, instead of C4XXX.
- Following a code analysis warning description, a list of line numbers appears that indicates the path of the analysis.
For example, the following warning message indicates that Code Analysis found a possible null pointer dereference, when lines 6 and 7 are executed in source program test1.cpp
Test1.cpp(7): warning C6011: Dereferencing NULL pointer 'p': Lines 6,7
To display additional detail about a warning, double-click the warning in the log.
Finding More Information
For a brief description of warning messages, see C/C++ Code Analysis Warning Messages.
For more information about Code Analysis warnings, see this Microsoft Web site.
See Also
Concepts
Security Best Practices for C++