Code Analysis for C/C++ Overview

Note

This article applies to Visual Studio 2015. If you're looking for Visual Studio 2017 documentation, use the version selector at the top left. We recommend upgrading to Visual Studio 2017. Download it here.

The C/C++ Code Analysis tool provides information to developers about possible defects in their C/C++ source code. Common coding errors reported by the tool include buffer overruns, un-initialized memory, null pointer dereferences, and memory and resource leaks.

IDE (integrated development environment) Integration

To make it natural for developers to use the analysis tool, it is fully integrated within the Visual Studio IDE. During the build process, any warnings generated for the source code appear in the Error List. You can navigate to source code that caused the warning, and you can view additional information about the cause and possible solutions of the issue.

#pragma Support

Developers can use the #pragma directive to treat warnings as errors; enable or disable warnings, and suppress warnings for individual lines of code. For more information, see How to: Enable and Disable Code Analysis for Specific C/C++ Warnings.

Annotation Support

Annotations improve the accuracy of the code analysis. Annotations provide additional information about pre- and post- conditions on function parameters and return types. For more information, see How to: Specify Additional Code Information by Using __analysis_assume

Run analysis tool as part of check-in policy

You might want to require that all source code check-ins satisfy certain policies. In particular, you want to make sure that analysis was run as a step of the most recent local build. For more information about enabling a code analysis check-in policy, see Creating and Using Code Analysis Check-In Policies

Team Build Integration

You can use the integrated features of the build system to run code analysis tool as a step of the Team Foundation Server build process. For more information, see Build the application.

Command-line support

In addition to the full integration within the development environment, developers can also use the analysis tool from the command line, as shown in the following example:

C:\>cl /analyze Sample.cpp