C++ Core Check in Visual Studio 2017 15.6 Preview 2

Andrew

January 18th, 2018

点这里看中文版

This post was written by Sergiy Oryekhov.

Note that some of the links to docs.microsoft.com do not yet resolve. Not all of the official documentation has yet been written for this topic.

Visual Studio 2017 15.6 Preview 2 includes a set of updates to the C++ Core Guidelines Check extension. We added more checks to help with the effort of making code cleaner, more secure and maintainable. This document is a quick overview of the new rules. More detailed information about these rules as well as an updated list of available rules can be found here:

This release also has general improvements in user experience for native code analysis tools:

C++ Static Analysis Improvements for Visual Studio 2017 15.6 Preview 2

New rule sets

Two new rule categories are introduced in this release with corresponding rule set files that can be chosen in project configuration to filter static analysis results:

Arithmetic rules These rules focus on cases where arithmetic operations can lead to loss of data, undefined behavior, or overflows.

These rules focus on cases where arithmetic operations can lead to loss of data, undefined behavior, or overflows. Lifetime rulesThis set of rules was formerly released in the form of experimental C++ core check (which is still available). For 15.6 it was completely rewritten and the first version of it is ready for evaluation. The primary focus is to catch very dangerous situations in which code obtains access to a memory location which is no longer valid because its content’s lifetime ended (e.g. local variable is no longer in scope and was destroyed).

New rules

Class rules C26433 OVERRIDE_EXPLICITLY When a method overrides a base virtual function it should clearly state this by using the ‘override’ specifier. C26435 SINGLE_VIRTUAL_SPECIFICATION Methods should clearly state the kind of their virtual behavior by using a single specifier (‘virtual’, ‘override’, or ‘final’). C26443 NO_EXPLICIT_DTOR_OVERRIDE Destructors are very special methods and guidelines for them differ from the OVERRIDE_EXPLICITLY rule: it is recommended to rely on implicit overriding if the base class has a virtual destructor.

Declaration rules C26444 NO_UNNAMED_RAII_OBJECTS This rule helps to detect some common cases where a potentially expensive object is created and immediately discarded. This is often an indication of ignored call results or inefficient resource handling.



Arithmetic rules C26450 RESULT_OF_ARITHMETIC_OPERATION_PROVABLY_LOSSY Arithmetic operation on constants can sometimes lead to unintended overflows which are not obvious in user code but can be easily identified by automated tools. C26451 RESULT_OF_ARITHMETIC_OPERATION_CAST_TO_LARGER_SIZE A cast to a wider type can be ineffective and lead to unexpected results due to order of operations and non-obvious overflows. For example, an arithmetic operation may cause an overflow on 32-bit integer result before it is converted to 64-bit type. C26452 SHIFT_COUNT_NEGATIVE_OR_TOO_BIG Shifting integral values can result in undefined behavior if the shift count is not appropriate to the left-hand operand type. C26453 LEFTSHIFT_NEGATIVE_SIGNED_NUMBER Left shifting of negative signed integral has undefined results. C26454 RESULT_OF_ARITHMETIC_OPERATION_NEGATIVE_UNSIGNED This rule detects if subtraction operations result in a negative number converted into unsigned type, which is always an overflow.

Lifetime rules C26486 LIFETIMES_FUNCTION_PRECONDITION_VIOLATION If a pointer is passed to a function it is expected that it points to a valid memory location, i.e. a location with a valid object or nullptr. C26487 LIFETIMES_FUNCTION_POSTCONDITION_VIOLATION If a pointer is returned from a function it must either point to a valid object which will outlive the function or be nullptr. C26489 LIFETIMES_DEREF_INVALID_POINTER This rule tries to catch scenarios in which a local pointer obtains a value pointing to a transient object. If such a pointer is accessed at the point where its target may not be alive this can clearly lead to catastrophic results.



In closing

Good tools can help you to maintain and upgrade your code. The C++ Core Guidelines are a great place to start, and the C++ Core Guidelines Checker can help you to clean up your code and keep it clean. Try out the expanded C++ Core Guidelines Checker in Visual Studio 2017 version 15.6 and let us know what you think.

If you have any feedback or suggestions for us, let us know. We can be reached via the comments below, via email (visualcpp@microsoft.com) and you can provide feedback via Help > Report A Problem in the product, or via Developer Community. You can also find us on Twitter (@VisualC) and Facebook (msftvisualcpp).