{"id":28697,"date":"2021-09-13T15:00:24","date_gmt":"2021-09-13T15:00:24","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/cppblog\/?p=28697"},"modified":"2022-04-25T16:26:21","modified_gmt":"2022-04-25T16:26:21","slug":"static%e2%80%afanalysis-fixes-in-visual-studio-2019-version-16-11","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/cppblog\/static%e2%80%afanalysis-fixes-in-visual-studio-2019-version-16-11\/","title":{"rendered":"Static\u202fAnalysis Fixes in Visual Studio 2019 version 16.11"},"content":{"rendered":"<p>The C++ static analysis team is committed to making your C++ coding experience as safe as possible. We are adding richer code safety checks and addressing high impact customer feedback bugs posted on the\u202f<a href=\"https:\/\/developercommunity.visualstudio.com\/search?space=62\">C++ Developer Community\u202fpage<\/a>.\u202fThank you for engaging with us and giving us great feedback on the past releases and early previews leading to this point.\u202fBelow is the compilation of bug fixes that were made from Visual Studio 2019 version 16.10 to 16.11\u202ffor\u202fcode analysis.\u202f Note that 16.11 is the last non-servicing release of Visual Studio 2019, so the focus was on stabilization and minor improvements rather than new features (stay tuned for updates in 17.0). We also found time to improve the performance of certain checks. The changes are summarized below:<\/p>\n<ul>\n<li>Clarified the warning message for <a href=\"https:\/\/aka.ms\/cpp\/warnings\/C26445\">C26445<\/a>. The old message implied that there is a lifetime problem. The new message is: \u201cDo not assign <code>gsl::span<\/code> or <code>std::string_view<\/code> to a reference. They are cheap to construct and are not owners of the underlying data. (gsl.view)\u201d<\/li>\n<li>Fixed false positive due to not considering lifetime extension rules in <a href=\"https:\/\/aka.ms\/cpp\/warnings\/C26444\">C26444<\/a>. See the code example below:<\/li>\n<\/ul>\n<pre class=\"prettyprint\">struct MyStruct { int i; }; \r\nvoid example() { \r\n  const MyStruct&amp; s = {}; \/\/ Previously, false positive C26444 was emitted. \r\n}<\/pre>\n<ul>\n<li>Fixed using <code>ALL_CPPCORECHECK_WARNINGS<\/code> in suppression would not suppress <a href=\"https:\/\/aka.ms\/cpp\/warnings\/C26457\">C26457<\/a>.<\/li>\n<li>Fixed a problem where certain control flows could trick Concurrency Check into emitting false positive warnings.<\/li>\n<li>Fixed a false positive in Concurrency Check due to incorrect modelling of unwinding paths (for exceptions). This fixed the false positive below. Previously, analysis would proceed along the exception path of the constructor call (no lock is acquired in the exception path), leading to a false warning.<\/li>\n<\/ul>\n<pre class=\"prettyprint\">mutex mtx; \r\nmutex&amp; mutexRef() { return mtx; } \r\nvoid test() { \r\n  lock_guard&lt;mutex&gt; lock(mutexRef()); \/\/ No C26110 (failing to hold lock) \r\n}<\/pre>\n<ul>\n<li>Fixed a compilation failure of code snippets relying on guaranteed copy elision during code analysis.<\/li>\n<\/ul>\n<pre class=\"prettyprint\">struct S { \r\n  S(const S&amp; o) = delete; \r\n  S&amp; operator=(const S&amp; o) = delete; \r\n  S(const S&amp;&amp; o) = delete; \r\n  S&amp; operator=(const S&amp;&amp; o) = delete; \r\n  static const S foo(); \r\n};\r\n\r\nvoid bar() {\r\n  S s = S::foo(); \/\/ Used to trigger compilation failure.\r\n}\r\n\r\n<\/pre>\n<ul>\n<li>Fixed a <a href=\"https:\/\/developercommunity.visualstudio.com\/t\/Codeanalysis-warning-C6285-in-STL-functi\/1429721\">bug<\/a> that caused the <a href=\"https:\/\/devblogs.microsoft.com\/cppblog\/customized-warning-levels-and-code-analysis-for-external-headers\/\">\/external<\/a>\u00a0options for specifying external headers to override CAExcludePath and generate warnings for external files.<\/li>\n<li>Performance improvements to the checker that reports warnings on misuse of `VARIANT`s (warnings <a href=\"https:\/\/docs.microsoft.com\/cpp\/code-quality\/c33001?view=msvc-160\">C33001<\/a>, <a href=\"https:\/\/docs.microsoft.com\/cpp\/code-quality\/c33004?view=msvc-160\">C33004<\/a>, and <a href=\"https:\/\/docs.microsoft.com\/cpp\/code-quality\/c33005?view=msvc-160\">C33005<\/a>). Please refer to &#8220;<a href=\"https:\/\/devblogs.microsoft.com\/cppblog\/new-safety-rules-in-c-code-analysis\/\">New Safety Rules for in C++ Code Analysis<\/a>&#8221; for more information on these warnings.<\/li>\n<li>Performance improvements to the checker that reports warnings on misuse of enum values as an index (warnings <a href=\"https:\/\/docs.microsoft.com\/cpp\/code-quality\/c33010?view=msvc-160\">C33010<\/a> and <a href=\"https:\/\/docs.microsoft.com\/cpp\/code-quality\/c33011?view=msvc-160\">C33011<\/a>). Please refer to \u201c<a href=\"https:\/\/devblogs.microsoft.com\/cppblog\/even-more-new-safety-rules-in-c-code-analysis\/\">Even More Safety Rules in C++ Code Analysis<\/a>\u201d for more information on these warnings. Improved the performance of pointer safety related C++ Core Guidelines checks. See <code>OWNER_POINTER<\/code>, <code>RAW_POINTER<\/code>, <code>UNIQUE_POINTER<\/code>, and <code>SHARED_POINTER<\/code> groups here.<\/li>\n<li>Fixed some memory leaks in some checks when multiple translation units are analyzed in a single compiler invocation.<\/li>\n<\/ul>\n<h2>Fixes in 16.11.1 to 16.11.3 servicing releases<\/h2>\n<ul>\n<li>Fixed a crash when <code>__uuidof <\/code>was used in a template argument a certain way.<\/li>\n<li>Fixed a rare crash when SAL annotations refer to fields of unnamed <code>struct<\/code>s.<\/li>\n<\/ul>\n<h2>Try it out\u202fand let us know what you think<\/h2>\n<p>The work that we do is heavily influenced by feedback we receive on\u202f<a href=\"https:\/\/developercommunity.visualstudio.com\/search?space=62\">Developer Community<\/a>\u202fso\u202fthank you again for your participation. Please continue to file feedback and let us know if there is a checker or rule that you would like to see added to C++ Core Check.\u202f\u202f Stay tuned for more C++ static analysis blogs. In the meanwhile, do not hesitate to reach out to us. We can be reached via the comments below or\u202f@VisualC\u202fon Twitter.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>List of Code Analysis Fixes in Visual Studio 2019 16.11<\/p>\n","protected":false},"author":89854,"featured_media":35994,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1,239],"tags":[],"class_list":["post-28697","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cplusplus","category-diagnostics"],"acf":[],"blog_post_summary":"<p>List of Code Analysis Fixes in Visual Studio 2019 16.11<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/posts\/28697","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/users\/89854"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/comments?post=28697"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/posts\/28697\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/media\/35994"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/media?parent=28697"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/categories?post=28697"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/tags?post=28697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}