Visual Studio 2013 静态代码分析 - 它有多可靠? [英] visual studio 2013 static code analysis - how reliable is it?
问题描述
我正在尝试探索 VS 2013 中的静态代码分析选项.我在下面写了非常简单的代码
int main(){国际a, b;//找到未使用的变量std::cout <<你好,世界!";std::cin >>一种;int* i = 新整数;//分析没有发现这个内存泄漏//删除我;//i = NULL;}
当我在上面的块上运行代码分析时,我希望它找到 int* i = new int; 并警告内存泄漏,但它没有找到但找到了未使用的变量 b.
所以现在我有点困惑,内存泄漏是 C/C++ & 中最常见的错误这个工具找不到这个.现在我的问题是我们是否可以依靠这种分析?
环境:Windows 7,VS Ultimate 2013.
这不是 /analyze
(又名 PREfast)旨在检测的那种代码问题.还有其他常用工具可用于检测直接内存泄漏,例如 CRT 调试堆——请参阅 MSDN.可以说,您应该首先使用 C++11 功能,例如 std::unique_ptr
,并且永远必须记住调用 delete
.
#include int main(){国际a, b;//找到未使用的变量std::cout <<你好,世界!";std::cin >>一种;auto i = std::make_unique()}
/analyze
的目的是提供一些您从 lint 等产品中获得的附加警告",但主要用于进行过程间缓冲区大小验证通过 SAL 注释.
这是它发现的那种错误:
void someFunction(char *buffer, size_t len){...}void otherFunction(){字符增益[128];someFunction(buff, 256);}
当您添加传达指针和大小之间关系的所需 SAL 时:
void someFunction(_Out_writes_(len) char *buffer, size_t len)
被违反并导致缓冲区溢出的假设链真的很难找到,而不是太多的内存泄漏.
/analyze
的另一个有用功能是验证可变长度 printf 参数与格式字符串:
void printf_debug( _In_z_ _Printf_format_string_ const char* 格式,...){...}void otherFunction(){无符号长 l;std::wstring str;std::string str2;...printf_debug( "%i %s %d", i, str.c_str(), str2.c_str());}
<块引用>
VS 2015 和 VS 2017 现在包含一些过去仅在 VS 2013 或更早版本中的 /analyze
中的警告,例如阴影变量和基本 printf 验证(如果您编写自己的 printf-样式函数,您仍然应该使用 /analyze
和 _Printf_format_string_
)./analyze
继续提供基于 SAL 的缓冲区分析,它不是标准编译器的一部分.
/analyze
PREFast 技术可以检测某些情况下的潜在内存泄漏(尤其是 C++ 异常安全)、潜在空指针的解引用、使用未初始化的内存等.它还有很多额外的功能处理内核模式编码和编写驱动程序的规则,特别是跟踪锁、IRQL 级别等.
对于 C#,/analyze
是 FXCop 工具,它是一种代码分析工具,外加 .NET 的风格执行器".
i am trying explore static code analysis option in VS 2013. I have written very simple code below
int main()
{
int a, b; //found unused variable
std::cout << "Hello world!";
std::cin >> a;
int* i = new int; // analysis didn't find this memory leak
//delete i;
//i = NULL;
}
when I run code analysis on the above block, I expect it finds int* i = new int; and warns about memory leak, but it didn't find but find unused variable b.
So now I am in bit confusion, memory leak is a most common mistake in C/C++ & this tool couldn't find this. Now my question is can we rely on this analysis or not ?
Environment: Windows 7, VS ultimate 2013.
This is not the kind of code problem that /analyze
(aka PREfast) is designed to detect. There are other common tools for detecting straight-forward memory leaks like the CRT Debug Heap--see MSDN. Arguably, you should be using C++11 functionality like std::unique_ptr
in the first place and never have to remember to call delete
.
#include <memory>
int main()
{
int a, b; //found unused variable
std::cout << "Hello world!";
std::cin >> a;
auto i = std::make_unique<int>()
}
What /analyze
is intended to do is provide some of the 'additional warnings' you get from products like lint, but mostly to do inter-procedural buffer size validation via SAL annotations.
This is the kind of bug it finds:
void someFunction(char *buffer, size_t len)
{
...
}
void otherFunction()
{
char buff[128];
someFunction(buff, 256);
}
When you add the required SAL that communicates the relationship between the pointer and the size:
void someFunction(_Out_writes_(len) char *buffer, size_t len)
It's chains of assumptions that get violated and result in buffer overflows are really hard to find, not so much memory leaks.
Another useful function of /analyze
is to validate variable-length printf arguments vs. the format string:
void printf_debug( _In_z_ _Printf_format_string_ const char* format, ... )
{
...
}
void otherFunction()
{
unsigned long l;
std::wstring str;
std::string str2;
...
printf_debug( "%i %s %d", i, str.c_str(), str2.c_str());
}
VS 2015 and VS 2017 now include a few of the warnings that used to be only in
/analyze
in VS 2013 or earlier like shadowed variables and basic printf validation (if you write your own printf-style functions, you should still use/analyze
with_Printf_format_string_
)./analyze
continues to provide SAL-based buffer analysis that is not part of the standard compiler.
The /analyze
PREFast technology can detect potential memory leaks in some cases (particularly with C++ exception safety), dereferencing of potentially null pointers, using uninitialized memory, etc. It also has a lot of extra rules for dealing with kernel-mode coding and writing drivers particularly tracking locks, IRQL levels, etc.
For C#,
/analyze
is the FXCop tool which is a code-analysis tool plus a 'style enforcer' for .NET.
这篇关于Visual Studio 2013 静态代码分析 - 它有多可靠?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!