Visual Studio 2013 静态代码分析 - 它有多可靠? [英] visual studio 2013 static code analysis - how reliable is it?

问题描述

我正在尝试探索 VS 2013 中的静态代码分析选项.我在下面写了非常简单的代码

int main(){国际a, b;//找到未使用的变量std::cout <<你好，世界！";std::cin >>一种;int* i = 新整数；//分析没有发现这个内存泄漏//删除我;//i = NULL;}

当我在上面的块上运行代码分析时，我希望它找到 int* i = new int; 并警告内存泄漏，但它没有找到但找到了未使用的变量 b.

所以现在我有点困惑，内存泄漏是 C/C++ & 中最常见的错误这个工具找不到这个.现在我的问题是我们是否可以依靠这种分析?

环境:Windows 7，VS Ultimate 2013.

解决方案

这不是 /analyze(又名 PREfast)旨在检测的那种代码问题.还有其他常用工具可用于检测直接内存泄漏，例如 CRT 调试堆——请参阅 MSDN.可以说，您应该首先使用 C++11 功能，例如 std::unique_ptr，并且永远必须记住调用 delete.

#include int main(){国际a, b;//找到未使用的变量std::cout <<你好，世界！";std::cin >>一种;auto i = std::make_unique()}

/analyze 的目的是提供一些您从 lint 等产品中获得的附加警告"，但主要用于进行过程间缓冲区大小验证通过 SAL 注释.

这是它发现的那种错误:

void someFunction(char *buffer, size_t len){...}void otherFunction(){字符增益[128]；someFunction(buff, 256);}

当您添加传达指针和大小之间关系的所需 SAL 时:

void someFunction(_Out_writes_(len) char *buffer, size_t len)

被违反并导致缓冲区溢出的假设链真的很难找到，而不是太多的内存泄漏.

/analyze 的另一个有用功能是验证可变长度 printf 参数与格式字符串:

void printf_debug( _In_z_ _Printf_format_string_ const char* 格式，...){...}void otherFunction(){无符号长 l;std::wstring str;std::string str2;...printf_debug( "%i %s %d", i, str.c_str(), str2.c_str());}

<块引用>

VS 2015 和 VS 2017 现在包含一些过去仅在 VS 2013 或更早版本中的 /analyze 中的警告，例如阴影变量和基本 printf 验证(如果您编写自己的 printf-样式函数，您仍然应该使用 /analyze 和 _Printf_format_string_)./analyze 继续提供基于 SAL 的缓冲区分析，它不是标准编译器的一部分.

/analyze PREFast 技术可以检测某些情况下的潜在内存泄漏(尤其是 C++ 异常安全)、潜在空指针的解引用、使用未初始化的内存等.它还有很多额外的功能处理内核模式编码和编写驱动程序的规则，特别是跟踪锁、IRQL 级别等.

Prefast 和 SAL 注释

<块引用>

对于 C#，/analyze 是 FXCop 工具，它是一种代码分析工具，外加 .NET 的风格执行器".

i am trying explore static code analysis option in VS 2013. I have written very simple code below

int main()
{
    int a, b; //found unused variable 
    std::cout << "Hello world!";
    std::cin >> a;

    int* i = new int; // analysis didn't find this memory leak 
    //delete i;
    //i = NULL;
}

when I run code analysis on the above block, I expect it finds int* i = new int; and warns about memory leak, but it didn't find but find unused variable b.

So now I am in bit confusion, memory leak is a most common mistake in C/C++ & this tool couldn't find this. Now my question is can we rely on this analysis or not ?

Environment: Windows 7, VS ultimate 2013.

解决方案

This is not the kind of code problem that /analyze (aka PREfast) is designed to detect. There are other common tools for detecting straight-forward memory leaks like the CRT Debug Heap--see MSDN. Arguably, you should be using C++11 functionality like std::unique_ptr in the first place and never have to remember to call delete.

#include <memory>
int main()
{
    int a, b; //found unused variable 
    std::cout << "Hello world!";
    std::cin >> a;

    auto i = std::make_unique<int>()
}

What /analyze is intended to do is provide some of the 'additional warnings' you get from products like lint, but mostly to do inter-procedural buffer size validation via SAL annotations.

This is the kind of bug it finds:

void someFunction(char *buffer, size_t len)
{
    ...
}

void otherFunction()
{
    char buff[128];
    someFunction(buff, 256);
}

When you add the required SAL that communicates the relationship between the pointer and the size:

void someFunction(_Out_writes_(len) char *buffer, size_t len)

It's chains of assumptions that get violated and result in buffer overflows are really hard to find, not so much memory leaks.

Another useful function of /analyze is to validate variable-length printf arguments vs. the format string:

void printf_debug( _In_z_ _Printf_format_string_ const char* format, ... )
{
    ...
}


void otherFunction()
{
    unsigned long l;
    std::wstring str;
    std::string str2;

    ...

    printf_debug( "%i %s %d", i, str.c_str(), str2.c_str());
}

VS 2015 and VS 2017 now include a few of the warnings that used to be only in /analyze in VS 2013 or earlier like shadowed variables and basic printf validation (if you write your own printf-style functions, you should still use /analyze with _Printf_format_string_). /analyze continues to provide SAL-based buffer analysis that is not part of the standard compiler.

The /analyze PREFast technology can detect potential memory leaks in some cases (particularly with C++ exception safety), dereferencing of potentially null pointers, using uninitialized memory, etc. It also has a lot of extra rules for dealing with kernel-mode coding and writing drivers particularly tracking locks, IRQL levels, etc.

Prefast And SAL Annotations

For C#, /analyze is the FXCop tool which is a code-analysis tool plus a 'style enforcer' for .NET.

这篇关于Visual Studio 2013 静态代码分析 - 它有多可靠?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！