C++ Core Check in Visual Studio

Jordan

C++ Core Check is Microsoft’s static analysis tool that enforces the rules from the C++ Core Guidelines, which is maintained by the C++ Foundation. This post is to provide a snapshot of the C++ Core Guidelines coverage that C++ Core Check offers.

For background, the C++ team introduced C++ Core Check in December 2015 as part of Visual Studio 2015 Update 1. At the time of its release, C++ Core Check offered rules from the Bounds profile and Type profile with the promise of the Lifetimes profile to follow.

The C++ team has been expanding C++ Core Check’s coverage over the last five years. We have added more rules into the existing Type, Bounds, and Lifetimes profiles and have expanded into other areas of the C++ Core Guidelines, which you can see in the tables at the bottom of the post. For a more detailed view into the growth and evolution of C++ Core Check, see the other posts in our blog tagged “CppCoreCheck”.

The C++ Core Guidelines is an ever-evolving document that currently contains 482 rules, however only 263 of these provide guides that are enforceable by static analysis (Enforceable Set). At the time of writing, C++ Core Check covers 67 rules from the Enforceable Set. We are actively expanding the coverage as well as fixing issues raised on the Developer Community page.

1 This excludes rules that are philosophical, code-style based rules, rules marked as “impossible to enforce”, or those that are meant to be interpreted and enforced by each codebase’s maintainers.

 

Mapping of C++ Core Guidelines rules to C++ Core Check warnings

Type Profile

C++ Core Guidelines Rule C++ Core Check warning(s)
Type.1 C26471, C26472, C26473, C26474, C26490
Type.2 C26466, C26491
Type.3 C26465, C26492
Type.4 C26493
Type.5 C26494
Type.6 C26495
Type.7 C26496

 

Bounds Profile

C++ Core Guidelines Rule C++ Core Check warning(s)
Bounds.1 C26481
Bounds.2 C26482, C26483
Bounds.3 C26485
Bounds.4 C26446

 

Lifetimes Profile

C++ Core Guidelines Rule C++ Core Check warning(s)
Lifetime.1 C26488, C26489, C26800, C26810, C26811
Lifetime.3 C26486
Lifetime.4 C26487
Lifetime.ptrtotemp C26815
Lifetime.ptrtostack C26816

 

C: Classes and class hierarchy

C++ Core Guidelines Rule C++ Core Check warning(s)
C.21 C26432
C.35 C26436
C.41 C26495
C.52 C26495
C.66 C26493
C.84 C26493
C.85 C26493
C.127 C26436
C.128 C26433, C26434, C26435, C26443, C26456
C.146 C26466
C.149 C26409

 

Con: Constants and immutability

C++ Core Guidelines Rule C++ Core Check warning(s)
Con.1 C26496
Con.3 C26460, C26461
Con.4 C26462, C26463, C26464, C26496
Con.5 C26498, C26814

 

CP.con: Concurrency

C++ Core Guidelines Rule C++ Core Check warning
CP.44 C26441

 

E: Error handling

C++ Core Guidelines Rule C++ Core Check warning
E.16 C26495

 

Enum: Enumerations

C++ Core Guidelines Rule C++ Core Check warning
Enum.3 C26812

 

ES: Expressions and statements

C++ Core Guidelines Rule C++ Core Check warning
ES.24 C26409
ES.25 C26462
ES.46 Compiler warning: C4244
ES.47 C26477
ES.49 C26475
ES.50 C26492
ES.56 C26478
ES.60 C26409
ES.61 C26409
ES.63 C26437
ES.65 See Lifetimes.1
ES.71 C26817
ES.76 C26438
ES.78 C26819
ES.79 C26818
ES.84 C26444

 

F: Functions

C++ Core Guidelines Rule C++ Core Check warning(s)
F.4 C26497
F.6 C26439, C26440, C26447
F.23 C26429, C26430, C26431

 

I: Interfaces

C++ Core Guidelines Rule C++ Core Check warning(s)
I.11 C26400, C26401
I.22 C26426, C26427

 

P: Philosophy

C++ Core Guidelines Rule C++ Core Check warning
P.9 C26820

 

R: Resource management

C++ Core Guidelines Rule C++ Core Check warning
R.3 C26402, C26403, C26404, C26406
R.5 C26407, C26414
R.10 C26408
R.11 C26409
R.20 C26409
R.23 C26409
R.30 C26415
R.32 C26410
R.33 C26411
R.34 C26416
R.35 C26417
R.36 C26418

 

Additionally, C++ Core Check also publishes a few rules that do not directly map to the C++ Core Guidelines.

C++ Core Guidelines Inspired Rule C++ Core Check warning
GSL.view C26445, C26449
GSL.util C26448
Io.1 C26450
Io.2 C26451
Io.3 C26452
Io.4 C26453
Io.5 C26454
STL.1 C26459

 

All of these rules are available in Visual Studio. The checkers from the “Microsoft Native Recommended Rules” ruleset already appear in-editor in the form of green squiggles: see in-editor code analysis.

Visual Studio Editor with C++ code and a Code analysis warning showing up as a squiggle

To run the C++ Core Check rules, navigate to the project properties dialog and select the “C++ Core Check rules” in the Code analysis pane.

Image property pages

For more information about the various rulesets and configuring them please visit Quickstart: Code analysis for C/C++.

Next steps:

If there are any rules you’d like to see added, please visit the Suggest a Feature page and tag your rule C++ Core Check. See the Microsoft Docs page for in-depth examples and explanations for each of the warnings that C++ Core Check offers. We can be reached via the comments below or @VisualC on Twitter.

 

3 comments

Comments are closed. Login to edit/delete your existing comments

  • Juan Ramos

    First off I wanna say I really really like this tool!
    I think it’s a fantastic way to uncover issues.

    However, it has problems.

    My company uses cmake for it’s build system. We would ideally want to run this tool using Ninja on our servers.
    How do we use this tool standalone? As far as I can tell this tool is essentially intended to be run with a Visual Studio solution which just isn’t an acceptable workflow.
    We aren’t going to install Visual Studio in our CI servers.

    CmakeSettings.json is not an acceptable workflow, it has far too much bugs/issues.

    And finally it’s really slow. Adding this to our CI would dramatically increase our build times.

    Here is a cmake post attesting to that very fact:
    https://discourse.cmake.org/t/cmake-cxx-clang-tidy-in-msvc/890

  • Keannu Cruz

    Enjoyed reading the above post, the article is very insightful and successful, really explains everything in depth. Thank you and good luck for the upcoming articles Gadsden health