C++ Core Check in Visual Studio

Avatar

Jordan

C++ Core Check is Microsoft’s static analysis tool that enforces the rules from the C++ Core Guidelines, which is maintained by the C++ Foundation. This post is to provide a snapshot of the C++ Core Guidelines coverage that C++ Core Check offers.

For background, the C++ team introduced C++ Core Check in December 2015 as part of Visual Studio 2015 Update 1. At the time of its release, C++ Core Check offered rules from the Bounds profile and Type profile with the promise of the Lifetimes profile to follow.

The C++ team has been expanding C++ Core Check’s coverage over the last five years. We have added more rules into the existing Type, Bounds, and Lifetimes profiles and have expanded into other areas of the C++ Core Guidelines, which you can see in the tables at the bottom of the post. For a more detailed view into the growth and evolution of C++ Core Check, see the other posts in our blog tagged “CppCoreCheck”.

The C++ Core Guidelines is an ever-evolving document that currently contains 482 rules, however only 263 of these provide guides that are enforceable by static analysis (Enforceable Set). At the time of writing, C++ Core Check covers 67 rules from the Enforceable Set. We are actively expanding the coverage as well as fixing issues raised on the Developer Community page.

1 This excludes rules that are philosophical, code-style based rules, rules marked as “impossible to enforce”, or those that are meant to be interpreted and enforced by each codebase’s maintainers.

 

Mapping of C++ Core Guidelines rules to C++ Core Check warnings

Type Profile

C++ Core Guidelines RuleC++ Core Check warning(s)
Type.1C26471, C26472, C26473, C26474, C26490
Type.2C26466, C26491
Type.3C26465, C26492
Type.4C26493
Type.5C26494
Type.6C26495
Type.7C26496

 

Bounds Profile

C++ Core Guidelines RuleC++ Core Check warning(s)
Bounds.1C26481
Bounds.2C26482, C26483
Bounds.3C26485
Bounds.4C26446

 

Lifetimes Profile

C++ Core Guidelines RuleC++ Core Check warning(s)
Lifetime.1C26488, C26489, C26800, C26810, C26811
Lifetime.3C26486
Lifetime.4C26487
Lifetime.ptrtotempC26815
Lifetime.ptrtostackC26816

 

C: Classes and class hierarchy

C++ Core Guidelines RuleC++ Core Check warning(s)
C.21C26432
C.35C26436
C.41C26495
C.52C26495
C.66C26493
C.84C26493
C.85C26493
C.127C26436
C.128C26433, C26434, C26435, C26443, C26456
C.146C26466
C.149C26409

 

Con: Constants and immutability

C++ Core Guidelines RuleC++ Core Check warning(s)
Con.1C26496
Con.3C26460, C26461
Con.4C26462, C26463, C26464, C26496
Con.5C26498, C26814

 

CP.con: Concurrency

C++ Core Guidelines RuleC++ Core Check warning
CP.44C26441

 

E: Error handling

C++ Core Guidelines RuleC++ Core Check warning
E.16C26495

 

Enum: Enumerations

C++ Core Guidelines RuleC++ Core Check warning
Enum.3C26812

 

ES: Expressions and statements

C++ Core Guidelines RuleC++ Core Check warning
ES.24C26409
ES.25C26462
ES.46Compiler warning: C4244
ES.47C26477
ES.49C26475
ES.50C26492
ES.56C26478
ES.60C26409
ES.61C26409
ES.63C26437
ES.65See Lifetimes.1
ES.71C26817
ES.76C26438
ES.78C26819
ES.79C26818
ES.84C26444

 

F: Functions

C++ Core Guidelines RuleC++ Core Check warning(s)
F.4C26497
F.6C26439, C26440, C26447
F.23C26429, C26430, C26431

 

I: Interfaces

C++ Core Guidelines RuleC++ Core Check warning(s)
I.11C26400, C26401
I.22C26426, C26427

 

P: Philosophy

C++ Core Guidelines RuleC++ Core Check warning
P.9C26820

 

R: Resource management

C++ Core Guidelines RuleC++ Core Check warning
R.3C26402, C26403, C26404, C26406
R.5C26407, C26414
R.10C26408
R.11C26409
R.20C26409
R.23C26409
R.30C26415
R.32C26410
R.33C26411
R.34C26416
R.35C26417
R.36C26418

 

Additionally, C++ Core Check also publishes a few rules that do not directly map to the C++ Core Guidelines.

C++ Core Guidelines Inspired RuleC++ Core Check warning
GSL.viewC26445, C26449
GSL.utilC26448
Io.1C26450
Io.2C26451
Io.3C26452
Io.4C26453
Io.5C26454
STL.1C26459

 

All of these rules are available in Visual Studio. The checkers from the “Microsoft Native Recommended Rules” ruleset already appear in-editor in the form of green squiggles: see in-editor code analysis.

Visual Studio Editor with C++ code and a Code analysis warning showing up as a squiggle

To run the C++ Core Check rules, navigate to the project properties dialog and select the “C++ Core Check rules” in the Code analysis pane.

Image property pages

For more information about the various rulesets and configuring them please visit Quickstart: Code analysis for C/C++.

Next steps:

If there are any rules you’d like to see added, please visit the Suggest a Feature page and tag your rule C++ Core Check. See the Microsoft Docs page for in-depth examples and explanations for each of the warnings that C++ Core Check offers. We can be reached via the comments below or @VisualC on Twitter.

 

1 comment

Leave a comment

  • Avatar
    Juan Ramos

    First off I wanna say I really really like this tool!
    I think it’s a fantastic way to uncover issues.

    However, it has problems.

    My company uses cmake for it’s build system. We would ideally want to run this tool using Ninja on our servers.
    How do we use this tool standalone? As far as I can tell this tool is essentially intended to be run with a Visual Studio solution which just isn’t an acceptable workflow.
    We aren’t going to install Visual Studio in our CI servers.

    CmakeSettings.json is not an acceptable workflow, it has far too much bugs/issues.

    And finally it’s really slow. Adding this to our CI would dramatically increase our build times.

    Here is a cmake post attesting to that very fact:
    https://discourse.cmake.org/t/cmake-cxx-clang-tidy-in-msvc/890