Static Analysis Fixes, Improvements, and Updates in Visual Studio 2019 version 16.10

Avatar

Jordan

The C++ static analysis team is committed to making your C++ coding experience as safe as possible. We are adding richer code safety checks and addressing high impact customer feedback bugs posted on the  C++ Developer Community page. Thank you for engaging with us and giving us great feedback on the past releases and early previews leading to this point. Below is the compilation of improvements and bug fixes that were made from Visual Studio 2019 versions 16.9 to 16.10 for code analysis and CppCoreCheck.

New features:

  • C26479 is a new warning that supports F.48, don’t return a local variable with std::move.
  • C26458 is a new warning that serves as a path-sensitive version of C26446. C26458 had a dedicated blog post in mid-May. In case you missed it, you can read more about the new warning here.
  • C26800, which is used to detect if a variable is used after it has been moved from, is no longer an experimental rule and is now a part of the default rule set.
  • The lifetime warnings C26810 and C26811, originally introduced in 16.2 and discussed here, are no longer experimental and can be used by selecting the default ruleset or “CppCoreCheckLifetimeRules”.
  • Sarif suppression properties will only be populated when /analyze:log:includesuppressed is specified. This can be useful for auditing the rules that are suppressed in a codebase.

Analysis crash fixes:

  • Fixed a crash in the analysis engine caused by an empty brace initializer in an initializer list.
struct TestStruct {
public:
    enum TestEnum : char { Dummy };

    TestEnum m1 : 1;
    TestEnum m2 : 1;
    short m3;
};

TestStruct Test2()
{
    return{ TestStruct::Dummy, TestStruct::Dummy, {} };
}
  • Fixed analysis engine crash when using the drivers plugin from the WDK.

Bug fixes and optimizations:

  • C.35 no longer is issued on functions marked override in classes that are marked final.
  • The message string for C26434 has been updated to remove the reference to C.128. This warning does not align to C.128 but is still a helpful warning to prevent hiding member functions.
  • Fix false negative for C26414 for some unique pointers returned from std::make_unique where no arguments are passed to std::make_unique
#include <memory>
struct struct_1
{
    void method_1();
};
void c26414()
{
    auto ptr = std::make_unique<struct_1>(); //now issues C26414
    ptr->method_1();
}
  • C26800 – Use of a moved from object.
    • Prevent analysis in function bodies where called functions do not have rvalue reference parameters.
    • Fixed false positive that appeared when using coroutines.
  • Improved the detection of C26812, “prefer enum class over enum
  • Fixed false positive for C6285 and C6237 when code contains if constexpr.
constexpr void f1()
{
    constexpr int val1 = false;
    constexpr int val2 = false;
    if constexpr (val1 == true || val2 == true)
    {
        //...
    }
    if (val1 == true || val2 == true) // C6285
    {
        //...
    }
}

constexpr bool foo()
{
    return false;
}
constexpr bool bar()
{
    return true;
}
constexpr void f2()
{
    constexpr bool fooVal = foo();
    if constexpr (fooVal && bar())
    {
        //...
    }
    if (fooVal && bar()) //C6237
    {
        //...
    }
}
  • Improvements for the coroutine checks:
    • Fixed problem that caused warnings to be issued against an incorrect line.
    • Improved detection for cases using rvalue references.
    • Fixed a false positive in code using std::suspend_never
  • Fixed false positive in local lifetime check caused by use of std::optional
void assignToReferenceArg( std::optional<double>& x )
{
    x = 1.0; // Used to produce false positive
}
  • Fixed bounds warning for code in if constexpr block.
constexpr void test_constexpr()
{
    int arr[] = {1,2,3};
    constexpr int index = -1;

    if constexpr (index != -1)
    {
        arr[index]; //No C6201
    }

    if constexpr (index == -1)
    {
        arr[index]; //C6201
    }
}
  • Fixed analysis failure for file paths that contained non-ASCII characters.
  • General improvements to the uninit check. See this post for more information on how this affects analysis.

Try it out and let us know what you think:

The work that we do is heavily influenced by feedback we receive on the Developer Community so thank you again for your participation. Please continue to file feedback and let us know if there is a checker or rule that you would like to see added to C++ Core Check. Stay tuned for more C++ static analysis blogs. In the meanwhile, do not hesitate to reach out to us. We can be reached via the comments below or @VisualC on Twitter.

0 comments

Leave a comment