Managing warnings in the C++ Core Guidelines Checker
This post written by Sergiy Oryekhov and Andrew Pardoe
With several new rules added to the Core Guidelines Checker in Visual Studio 2017 15.3, the amount of warnings produced for pre-existing code may greatly increase. The C++ Core Guidelines include a lot of recommendations that cover all kinds of situations in C+ code. We know that not everyone can do large rewrites of legacy codebases. The techniques in this blog post will help you use the C++ Core Guidelines to start an incremental journey towards a cleaner codebase by selectively enabling warnings or enabling warnings on a selected code region.
In some cases, these techniques will help you deal with problems in the code analysis. All code analysis is heuristic in nature and can produce warnings where your code is actually correct—we call these “false positives”. The methods listed below will also help you to suppress individual cases of false positives that may be raised on your code.
Using rule sets to filter warnings
Visual Studio provides a few predefined rule sets to pick a more appropriate level of quality checks when Code Analysis runs on a project. In this release, we added rule sets that focus specifically on different groups of C++ Core Guidelines warnings. By selecting a specific group, you can slice results and work through them more efficiently.
To see information about new rule sets: open the Project Properties dialog, select “Code Analysis\General”, open the dropdown in the “Rule Sets” combo-box, pick “Choose multiple rule sets”:
We recommend starting with the rule set “C++ Core Check Rules”. This rule set includes and enables all other C++ Core Check categories.
The “Native Minimum” and “Native Recommended” rule sets include C++ Core Check rules in addition to other checks performance by the C++ Code Analysis tools.
Keep in mind, you must enable the C++ Core Guidelines Checker extension to see warnings from these rule sets. Once it is enabled, you can choose which warnings to show, and which to hide.
Using macros to filter warnings
The C++ Core Guidelines Checker comes with a header file that defines handy macros to ease warning suppressions in code:
These macros correspond to the rule sets and expand into space-separated lists of warning numbers.
How is this useful? By using the appropriate pragma constructs you can configure the effective set of rules that are interesting for your project (or maybe a portion of your code). For example, here we want to see only warnings about missing constant modifiers:
#pragma warning(disable: ALL_CPPCORECHECK_WARNINGS)
#pragma warning(default: CPPCORECHECK_CONST_WARNINGS)
Using attributes to filter warnings
The Microsoft Visual C++ compiler has limited support for the GSL suppress attribute. This attribute can be used to suppress warnings on expressions and block statements inside of a function. You can use either the specific warning number (e.g., 26400) or the rule ID from the C++ Core Guidelines (e.g., r.11). You can also suppress the entire rule group as shown below.
// Suppress only warnings from the ‘r.11’ rule in expression.
[[gsl::suppress(r.11)]] new int;
// Suppress all warnings from the ‘r’ rule group (resource management) in block.
// Suppress only one specific warning number.
// For declarations, you may need to use the surrounding block.
// Macros are not expanded inside of attributes.
// Use plain numbers instead of macros from Warnings.h.
int *p = new int;
Using command line options to subset warnings
You can also use command line options to suppress warnings per file or per project. For example, you can pick one file from your project and disable the warning 26400 in its properties page:
You can even temporarily disable code analysis for a file by specifying “/analyze-“. This will produce warning D9025 “overriding ‘/analyze’ with ‘/analyze-‘”, which will remind you to re-enable code analysis later.
These C++ Core Guidelines Checker rulesets,
gsl::suppress attributes, and macros are new in Visual Studio 2017. Try them out and give us feedback on what you like and what you’d like to see improved.
If you have any feedback or suggestions for us about the C++ Core Guidelines Checker or any part of Visual C++, please let us know. We can be reached via the comments below, via email (firstname.lastname@example.org) and you can provide feedback via Help > Report A Problem in the product, or via Developer Community. You can also find us on Twitter (@VisualC) and Facebook (msftvisualcpp).