Quickstart: Code analysis for C/C++
You can improve the quality of your application by running code analysis regularly on C or C++ code. This can help you find common problems, violations of good programming practice, or defects that are difficult to discover through testing. Code analysis warnings differ from compiler errors and warnings because code analysis searches for specific code patterns that are valid but could still create issues for you or other people who use your code.
Configure rule sets for a project
In Solution Explorer, open the shortcut menu for the project name and then choose Properties.
The following steps are optional:
In the Configuration and Platform lists, choose the build configuration and target platform.
By default, code analysis does not report warnings from code that is automatically generated by external tools. To view warnings from generated code, clear the Suppress results from generated code check box.
This option does not suppress code analysis errors and warnings from generated code when the errors and warnings appear in forms and templates. You can both view and maintain the source code for a form or a template.
To run code analysis every time the project is built using the selected configuration, select the Enable Code Analysis for C/C++ on Build check box. You can also run code analysis manually by opening the Analyze menu and then choosing Run Code Analysis on ProjectName.
In the Run this rule set list, do one of the following:
Choose the rule set that you want to use.
Choose <Browse...> to specify an existing custom rule set that is not in the list.
Define a custom rule set.
For more information, see Creating Custom Rule Sets.
Standard C/C++ Rule Sets
Visual Studio includes two standard sets of rules for native code:
|Microsoft Native Minimum Recommended Rules||This rule set focuses on the most critical problems in your native code, including potential security holes and application crashes. You should include this rule set in any custom rule set you create for your native projects.|
|Microsoft Native Recommended Rules||This rule set covers a broad range of problems. It includes all the rules in Microsoft Native Minimum Recommended Rules.|
Run code analysis
On the Code analysis page of the project properties pages, you can configure code analysis to run each time you build your project. You can also run code analysis manually.
To run code analysis on a solution:
On the Build menu, choose Run Code Analysis on Solution.
To run code analysis on a project:
In Solution Explorer, choose the name of the project.
On the Build menu, choose Run Code Analysis on Project Name.
The project or solution is compiled and code analysis runs. Results appear in the Error List.
Analyze and resolve code analysis warnings
To analyze a specific warning, choose the title of the warning in the Error List. The warning expands to display additional information about the issue. When possible, code analysis displays the line numbers and analysis logic that led to the warning. For detailed information about the warning, including possible solutions to the issue, choose the warning ID to display its corresponding online help topic.
When you select a warning, the line of code that caused the warning is highlighted in the Visual Studio code editor.
After you understand the problem, you can resolve it in your code. Then, rerun code analysis to make sure that the warning no longer appears in the Error List, and that your fix has not raised any new warnings.
Suppressing code analysis warnings
There are times when you might decide not to fix a code analysis warning. You might decide that resolving the warning requires too much recoding in relation to the probability that the issue will arise in any real-world implementation of your code. Or you might believe that the analysis that is used in the warning is inappropriate for the particular context. You can suppress individual warnings so that they no longer appear in the Error List.
To suppress a warning:
If the detailed information is not displayed, choose the title of the warning to expand it.
Choose the Actions link at the bottom of the warning.
Choose Suppress Message and then choose In Source.
Suppressing a message inserts
#pragma warning (disable:WarningId
)that suppresses the warning for the line of code.
Creating work items for code analysis warnings
You can use the work item tracking feature to log bugs from within Visual Studio. To use this feature, you must connect to an instance of Team Foundation Server.
To create a work item for one or more C/C++ code warnings
In the Error List, expand and select the warnings
On the shortcut menu for the warnings, choose Create Work Item, and then choose the work item type.
Visual Studio creates a single work item for the selected warnings and displays the work item in a document window of the IDE.
Add any additional information, and then choose Save Work Item.
Searching and filtering code analysis results
You can search long lists of warning messages and you can filter warnings in multi-project solutions.
To filter warnings by title or warning id: Enter the keyword in the search box.
To filter warnings by severity: By default, code analysis messages are assigned a severity of Warning. You can assign the severity of one or more messages as Error in a custom rule set. On the Severity column of the Error List, choose the drop-down arrow and then the filter icon. Choose Warning or Error to display only the messages that are assigned the respective severity. Choose Select All to display all messages.