3

I am working on a C++ library and I'd like to enable Visual Studio's static analysis for it. To get familiar with it, I've read through these articles and started this walkthrough. However, in both my project and the walkthrough demo project, I cannot get the analysis to work inside of Visual Studio. Specifically, in these steps from the walkthrough:

  1. In Solution Explorer, select the CodeDefects project.

  2. On the Project menu, click Properties.

  3. Click Code Analysis.

  4. Click the Enable Code Analysis for C/C++ on Build check box.

I don't see the check box from step 6. My dialog looks like this:

Code analysis properties page

Furthermore, running this command line (for the demo):

cl /analyze .\Bug.cpp

produces several code analysis warnings, but executing code analysis on the solution in Visual Studio (Analyze, Run Code Analysis, On Solution) shows no warnings at all in the error list.

What am I missing here?

Here is my MVCE, pared down from the walkthrough:

  1. Using Visual Studio 2015 Professional Update 2, create an empty C++ project.

  2. Change the project's Configuration Type to "Static Library".

  3. Right-click on the project's properties, select Code Analysis, then check the box for "Enable Code Analysis on Build" and select "Microsoft All Rules" for the current platform/configuration or all.

  4. Create "Bug.cpp" and set its contents to this:

    int path_dependent(int n)
{
    int i;
    int j;
    if (n == 0)
        i = 1;
    else
        j = 1;
    return i + j;
}

  5. Build the project. Observe no errors for C6001 in the Error List.

  6. At a developer prompt, run the command cl /analyze:only .\Bug.cpp and observe the expected errors:

    Microsoft (R) C/C++ Optimizing Compiler Version 19.00.23918 for x86
Copyright (C) Microsoft Corporation.  All rights reserved.

Bug.cpp
c:\sources\cppdemo\codedefectsdemo\bug.cpp(9) : warning C6001: Using uninitialized memory 'i'.: Lines: 3, 4, 5, 8, 9
c:\sources\cppdemo\codedefectsdemo\bug.cpp(9) : warning C6001: Using uninitialized memory 'j'.: Lines: 3, 4, 5, 6, 9
Patrick Quirk
  • 23,334
  • 2
  • 57
  • 88
  • Look again, the checkbox is the one on the top of the property page, the one that is checked in your screenshot. Pick the ruleset you want to use, the "recommended" one isn't as strict. Maybe you like "Microsoft All Rules" better if you want a match. – Hans Passant Jun 20 '16 at 14:37
  • I saw that, but [this answer](http://stackoverflow.com/a/3260620/1698557) implies that option is for managed code only. Also, I see [images like this](http://i.stack.imgur.com/zga7k.png) (from [this answer](http://stackoverflow.com/a/10163994/1698557)), but maybe they're from different versions of VS. Regardless, setting it to "Microsoft All Rules" still produces no errors inside VS, but I can see them when running the command line. – Patrick Quirk Jun 20 '16 at 14:45
  • A six year old answer is quite irrelevant, native code analysis was added in VS2012. You'll have to uplift this question from the current "it doesn't work" diagnostic, an MCVE is essential to get somewhere. – Hans Passant Jun 20 '16 at 14:50
  • Added an MVCE, at least for my machine. – Patrick Quirk Jun 20 '16 at 16:50
  • For me it's all even worse, getting totally cryptic and ungoogleable `Error C1253 Unable to load model file 'res://mspft140.dll/300` when trying to start c++ code analysis. – sunny moon Aug 30 '16 at 12:03

0 Answers0