1

i am trying explore static code analysis option in VS 2013. I have written very simple code below 

int main()
{
    int a, b; //found unused variable 
    std::cout << "Hello world!";
    std::cin >> a;

    int* i = new int; // analysis didn't find this memory leak 
    //delete i;
    //i = NULL;
}

when I run code analysis on the above block, I expect it finds int* i = new int; and warns about memory leak, but it didn't find but find unused variable b.

So now I am in bit confusion, memory leak is a most common mistake in C/C++ & this tool couldn't find this. Now my question is can we rely on this analysis or not ?

Environment: Windows 7, VS ultimate 2013.

NDestiny
  • 1,133
  • 1
  • 12
  • 28
  • 1
    unused variables are quite simple to find, but doing deeper more complex analysis on code is something else. While Visual Studio version 2013 is by no means old, if it is a free version you are using then i suspect that might be why you are not seeing those more complex capabilities of the compiler. I remember in visual studio 2008 express which was free, that it could not do full optimization; you had to pay for the full/pro version of visual studio for those compiler capabilities. – ron Feb 11 '17 at 19:01
  • Microsoft loves to throw out capabilities of their products, but they don't make it easy to understand nor find info on all the various versions and what is or is not available in each... for example VS2015 community vs professional vs enterprise. – ron Feb 11 '17 at 19:09
  • @ron Thanks for the replay, Yes I think this is the reason, I have downloaded free version and using it. – NDestiny Feb 11 '17 at 19:15
  • Doesn't the information you provided tell you that it is unreliable? Also consider upgrading your Visual Studio to 2015 or (soon) 2017. Static analysis has been greatly improved since 2013. – rustyx Feb 11 '17 at 19:18
  • yeah you might try looking into Visual Studio 2015 Community, but that's also free. Last year when I started using it that seemed to be about the best free version of VS you can get, wasting an hour of my life trying to find what's the difference between community, pro, and enterprise. – ron Feb 11 '17 at 19:19
  • I have no love for Microsoft VS, but I would not go so far as to say it is **unreliable**. There are more accurate words to describe it ;) – ron Feb 11 '17 at 19:20
  • @ron thanks for the more details ron, any idea what is the best open source static code analysis tool for C/C++ I have tried many like CppCheck and all but had faced same issue(they don't have much deeper analysis so I gave up and stared exploring MS-Visual Studio) – NDestiny Feb 11 '17 at 19:30
  • no i don't, sorry. – ron Feb 11 '17 at 19:48
  • C++ has many possible ways of creating memory leaks and other problems, especially when developers start trying to be overly clever. No static code analysis can ever catch all of them. You can only even hope for a subset of all possible problems. And sure, ideally this kind of blatantly obvious leak would be flagged... but that assumes the analysis is even intended to look for leaks. Offhand, I don't recall if it does. But on the other hand I've seen value in it detecting other kinds of problems. – TheUndeadFish Feb 11 '17 at 20:16
  • 2
    @ron: the VC++ 2008 express *compiler* was exactly the same as in the paid SKUs (in particular, it did optimize exactly the same), what it missed was some libraries and IDE functionalities. – Matteo Italia Feb 12 '17 at 01:02
  • *"memory leak is a most common mistake in [...] C++"* - It used to be, in 1998. Today, if you are writing `int* i = new int;` you are simply doing it wrong. There is no compelling reason to go with manual resource management. @ron: **All** free Visual Studio releases used the same optimizing compiler as their commercial counterparts. – IInspectable Feb 13 '17 at 11:23

1 Answers1

0

This is not the kind of code problem that /analyze (aka PREfast) is designed to detect. There are other common tools for detecting straight-forward memory leaks like the CRT Debug Heap--see MSDN. Arguably, you should be using C++11 functionality like std::unique_ptr in the first place and never have to remember to call delete.

#include <memory>
int main()
{
    int a, b; //found unused variable 
    std::cout << "Hello world!";
    std::cin >> a;

    auto i = std::make_unique<int>()
}

What /analyze is intended to do is provide some of the 'additional warnings' you get from products like lint, but mostly to do inter-procedural buffer size validation via SAL annotations.

This is the kind of bug it finds:

void someFunction(char *buffer, size_t len)
{
    ...
}

void otherFunction()
{
    char buff[128];
    someFunction(buff, 256);
}

When you add the required SAL that communicates the relationship between the pointer and the size:

void someFunction(_Out_writes_(len) char *buffer, size_t len)

It's chains of assumptions that get violated and result in buffer overflows are really hard to find, not so much memory leaks.

Another useful function of /analyze is to validate variable-length printf arguments vs. the format string:

void printf_debug( _In_z_ _Printf_format_string_ const char* format, ... )
{
    ...
}


void otherFunction()
{
    unsigned long l;
    std::wstring str;
    std::string str2;

    ...

    printf_debug( "%i %s %d", i, str.c_str(), str2.c_str());
}

VS 2015 and VS 2017 now include a few of the warnings that used to be only in /analyze in VS 2013 or earlier like shadowed variables and basic printf validation (if you write your own printf-style functions, you should still use /analyze with _Printf_format_string_). /analyze continues to provide SAL-based buffer analysis that is not part of the standard compiler.

The /analyze PREFast technology can detect potential memory leaks in some cases (particularly with C++ exception safety), dereferencing of potentially null pointers, using uninitialized memory, etc. It also has a lot of extra rules for dealing with kernel-mode coding and writing drivers particularly tracking locks, IRQL levels, etc.

Prefast And SAL Annotations

For C#, /analyze is the FXCop tool which is a code-analysis tool plus a 'style enforcer' for .NET.

Chuck Walbourn
  • 38,259
  • 2
  • 58
  • 81