code analysis Archives | C++ Team Blog

Microsoft C++ Code Analysis supports SARIF 2.1

Hwi-sung Im May 13, 2021 May 13, 2021 05/13/21

Starting with Visual Studio 16.8, MSVC Code Analysis officially supports SARIF 2.1.0 standard. SARIF is an industry standard for representing static analysis logs and we've been one of the earliest collaborators with the SARIF Technical Committee. Behind the scenes, analysis log files in the SARIF format powers Visual Studio IDE to ...

New Static Analysis Rule for Bounds Checking

Jordan Maples May 11, 2021 May 11, 2021 05/11/21

We have added a new experimental static analysis rule in Visual Studio 16.10 version Preview 3 - C26458, WARNING_PATH_SENSITIVE_USE_GSL_AT. The new warning is a more precise and less noisy version of warning C26446, WARNING_USE_GSL_AT. Both warnings analyse standard containers for unchecked element access and they both share the warning ...

Even More New Safety Rules in C++ Code Analysis

Hwi-sung Im October 28, 2020 Oct 28, 2020 10/28/20

In Visual Studio version 16.8 Preview 3,  we have added a few safety rules to C++ Code Analysis that can find some common mistakes, which can lead to bugs ranging from simple broken features to costly security vulnerabilities. These new rules are developed around issues discovered in production software via ...

C++ Core Check in Visual Studio

Jordan Maples October 6, 2020 Oct 6, 2020 10/6/20

C++ Core Check is Microsoft’s static analysis tool that enforces the rules from the C++ Core Guidelines, which is maintained by the C++ Foundation. This post is to provide a snapshot of the C++ Core Guidelines coverage that C++ Core Check offers. For background, the C++ team introduced C++ Core Check in December 2015 as part of Visual ...

New Safety Rules in C++ Code Analysis

Hwi-sung Im October 2, 2020 Oct 2, 2020 10/2/20

In Visual Studio version 16.8 Preview 3, we are adding a few safety rules to C++ Code Analysis that can find some common mistakes, which can lead to bugs ranging from simple broken features to costly security vulnerabilities. These new rules are developed around issues discovered in production software via security reviews and...

New safety rules in C++ Core Check

Sunny Chatterjee September 4, 2020 Sep 4, 2020 09/4/20

Rust and C++ are two popular systems programming languages. For years, the focus of C++ has been on performance. We are increasingly hearing calls from customers and security researchers that C++ should have stronger safety guarantees in the language. C++ often falls behind Rust when it comes to programming safety. Visual Studio 2019 ...

IntelliSense Code Linter for C++

Kyle Reed March 26, 2020 Mar 26, 2020 03/26/20

Introducing the IntelliSense Code Linter for C++; a preview of "as-you-type" code analysis with fixups. Try it out today in Visual Studio 2019 16.6 Preview 2.

Code analysis with clang-tidy in Visual Studio

eli fessler October 8, 2019 Oct 8, 2019 10/8/19

[Updated on 11/6/2019] - Removed "Setup: Installing Clang tools" section; this is no longer required starting in Visual Studio 2019 version 16.4 Preview 3. Visual Studio 2019 version 16.4 Preview 1 brings a significant improvement to the C++ code analysis experience: native support for clang-tidy, a Clang-based “linter” tool developed ...

New code analysis quick fixes for uninitialized memory (C6001) and use before init (C26494) warnings

eli fessler May 7, 2019 May 7, 2019 05/7/19

In the latest Preview release of Visual Studio 2019 version 16.1, we’ve added two quick fixes to the Code Analysis experience focused around uninitialized variable checks. These quick fixes are available via the Quick Actions (lightbulb) menu on relevant lines, accessed by hovering over the line or squiggle, or by pressing Ctrl+...

New Code Analysis Checks in Visual Studio 2019: use-after-move and coroutine

Sunny Chatterjee January 28, 2019 Jan 28, 2019 01/28/19

Visual Studio 2019 Preview 2 is an exciting release for the C++ code analysis team. In this release, we shipped a new set of experimental rules that help you catch bugs in your codebase, namely: use-after-move and coroutine checks. This article provides an overview of the new rules and how you can enable them in your project. Use-after-move ...

C++ Team Blog