C++ Core Check is Microsoft’s static analysis tool that enforces the rules from the C++ Core Guidelines, which is maintained by the C++ Foundation. This post is to provide a snapshot of the C++ Core Guidelines coverage that C++ Core Check offers.
For background, the C++ team introduced C++ Core Check in December 2015 as part of Visual Studio 2015 Update 1. At the time of its release, C++ Core Check offered rules from the Bounds profile and Type profile with the promise of the Lifetimes profile to follow.
The C++ team has been expanding C++ Core Check’s coverage over the last five years. We have added more rules into the existing Type, Bounds, and Lifetimes profiles and have expanded into other areas of the C++ Core Guidelines, which you can see in the tables at the bottom of the post. For a more detailed view into the growth and evolution of C++ Core Check, see the other posts in our blog tagged “CppCoreCheck”.
The C++ Core Guidelines is an ever-evolving document that currently contains 482 rules, however only 263 of these provide guides that are enforceable by static analysis (Enforceable Set). At the time of writing, C++ Core Check covers 67 rules from the Enforceable Set. We are actively expanding the coverage as well as fixing issues raised on the Developer Community page.
1Â This excludes rules that are philosophical, code-style based rules, rules marked as “impossible to enforce”, or those that are meant to be interpreted and enforced by each codebase’s maintainers.
Mapping of C++ Core Guidelines rules to C++ Core Check warnings
Type Profile
| C++ Core Guidelines Rule | C++ Core Check warning(s) |
| Type.1 | C26471, C26472, C26473, C26474, C26490 |
| Type.2 | C26466, C26491 |
| Type.3 | C26465, C26492 |
| Type.4 | C26493 |
| Type.5 | C26494 |
| Type.6 | C26495 |
| Type.7 | C26496 |
Bounds Profile
| C++ Core Guidelines Rule | C++ Core Check warning(s) |
| Bounds.1 | C26481 |
| Bounds.2 | C26482, C26483 |
| Bounds.3 | C26485 |
| Bounds.4 | C26446 |
Lifetimes Profile
| C++ Core Guidelines Rule | C++ Core Check warning(s) |
| Lifetime.1 | C26488, C26489, C26800, C26810, C26811 |
| Lifetime.3 | C26486 |
| Lifetime.4 | C26487 |
| Lifetime.ptrtotemp | C26815 |
| Lifetime.ptrtostack | C26816 |
C: Classes and class hierarchy
| C++ Core Guidelines Rule | C++ Core Check warning(s) |
| C.21 | C26432 |
| C.35 | C26436 |
| C.41 | C26495 |
| C.52 | C26495 |
| C.66 | C26493 |
| C.84 | C26493 |
| C.85 | C26493 |
| C.127 | C26436 |
| C.128 | C26433, C26434, C26435, C26443, C26456 |
| C.146 | C26466 |
| C.149 | C26409 |
Con: Constants and immutability
| C++ Core Guidelines Rule | C++ Core Check warning(s) |
| Con.1 | C26496 |
| Con.3 | C26460, C26461 |
| Con.4 | C26462, C26463, C26464, C26496 |
| Con.5 | C26498, C26814 |
CP.con: Concurrency
| C++ Core Guidelines Rule | C++ Core Check warning |
| CP.44 | C26441 |
E: Error handling
| C++ Core Guidelines Rule | C++ Core Check warning |
| E.16 | C26495 |
Enum: Enumerations
| C++ Core Guidelines Rule | C++ Core Check warning |
| Enum.3 | C26812 |
ES: Expressions and statements
| C++ Core Guidelines Rule | C++ Core Check warning |
| ES.24 | C26409 |
| ES.25 | C26462 |
| ES.46 | Compiler warning: C4244 |
| ES.47 | C26477 |
| ES.49 | C26475 |
| ES.50 | C26492 |
| ES.56 | C26478 |
| ES.60 | C26409 |
| ES.61 | C26409 |
| ES.63 | C26437 |
| ES.65 | See Lifetimes.1 |
| ES.71 | C26817 |
| ES.76 | C26438 |
| ES.78 | C26819 |
| ES.79 | C26818 |
| ES.84 | C26444 |
F: Functions
| C++ Core Guidelines Rule | C++ Core Check warning(s) |
| F.4 | C26497 |
| F.6 | C26439, C26440, C26447 |
| F.23 | C26429, C26430, C26431 |
I: Interfaces
| C++ Core Guidelines Rule | C++ Core Check warning(s) |
| I.11 | C26400, C26401 |
| I.22 | C26426, C26427 |
P: Philosophy
| C++ Core Guidelines Rule | C++ Core Check warning |
| P.9 | C26820 |
R: Resource management
| C++ Core Guidelines Rule | C++ Core Check warning |
| R.3 | C26402, C26403, C26404, C26406 |
| R.5 | C26407, C26414 |
| R.10 | C26408 |
| R.11 | C26409 |
| R.20 | C26409 |
| R.23 | C26409 |
| R.30 | C26415 |
| R.32 | C26410 |
| R.33 | C26411 |
| R.34 | C26416 |
| R.35 | C26417 |
| R.36 | C26418 |
Additionally, C++ Core Check also publishes a few rules that do not directly map to the C++ Core Guidelines.
| C++ Core Guidelines Inspired Rule | C++ Core Check warning |
| GSL.view | C26445, C26449 |
| GSL.util | C26448 |
| Io.1 | C26450 |
| Io.2 | C26451 |
| Io.3 | C26452 |
| Io.4 | C26453 |
| Io.5 | C26454 |
| STL.1 | C26459 |
All of these rules are available in Visual Studio. The checkers from the “Microsoft Native Recommended Rules” ruleset already appear in-editor in the form of green squiggles: see in-editor code analysis.
To run the C++ Core Check rules, navigate to the project properties dialog and select the “C++ Core Check rules” in the Code analysis pane.
For more information about the various rulesets and configuring them please visit Quickstart: Code analysis for C/C++.
Next steps:
If there are any rules you’d like to see added, please visit the Suggest a Feature page and tag your rule C++ Core Check. See the Microsoft Docs page for in-depth examples and explanations for each of the warnings that C++ Core Check offers. We can be reached via the comments below or @VisualC on Twitter.
At first, I was little bit confused. But, I understand when I finished reading it. I shared it to my friends in aluminum door locks and hardware.
Enjoyed reading the above post, the article is very insightful and successful, really explains everything in depth. Thank you and good luck for the upcoming articles Gadsden health
First off I wanna say I really really like this tool!
I think it's a fantastic way to uncover issues.
However, it has problems.
My company uses cmake for it's build system. We would ideally want to run this tool using Ninja on our servers.Read more
How do we use this tool standalone? As far as I can tell this tool is essentially intended to be run with a Visual Studio solution which just isn't an acceptable workflow.