What’s New in Code Analysis for Visual Studio 2012

Hi Everyone,

With the launch of the Beta we would like to tell you about some of the great enhancements we have made to code analysis based on your feedback. Back when we started planning for Visual Studio 2012 we spent a good deal of time talking with people who use code analysis, and understanding the common pain points. What we learned was there are three key areas you would like to see us improve:

  1. Help better manage large numbers of warnings
  2. Make the output from the analyzer more understandable
  3. Improve the accuracy of the analyzer and the types of coding errors it finds

In this post let’s go over some of the highlights for code analysis in Visual Studio 2012:

  • Code Analysis is available in all editions of Visual Studio and supports 64bit C++ projects
  • Custom rule sets for C++ projects and quick keyword filtering for managing results
  • Ability to step through each line on the warning path to improve understanding of the issue
  • More accurate, relevant warnings to find important bugs early in development

 

Code Analysis Available in All Editions of Visual Studio

First, we are really excited to announce that we are including code analysis in all editions of Visual Studio 2012, including a subset of the most critical warnings in the Express edition for free (this applies to C++, C#, and VB code analysis) and all rules in the Professional, Premium, and Ultimate editions. We see code analysis as an important tool for writing high quality software, and we want you to have access to the same tools that we run internally at Microsoft.

Filtering and C++ Rule Sets

Historically, one of the difficult things about using code analysis has been managing the sometimes large sets of results. When we would run analysis on a moderate or large codebase for the first time the sheer number of warnings returned was overwhelming. Finding ways to carve off small bits was difficult.

To help with this we have created a new window for managing Code Analysis results.

image

This window contains a keyword filter text box where you can filter code analysis results on warning number, text in the title or message of the warning, as well as filename or function name. We have found this is really useful for quickly getting to the code analysis warnings that are most relevant. For example, say you are adding a new function to an existing project that has previous code analysis warnings in it, and you just want to see any new warnings you may have added. Using keyword filtering you can filter on your new function name and investigate those first.

In addition, if you are using Visual Studio 2012 Professional, Premium, or Ultimate editions you can now create custom rule sets for C++ projects. The rule set configuration file determines which warnings Code Analysis checks for. We have included a default rule set that we think is a great place to start, but we encourage you to customize the rule set to make Code Analysis more relevant to you. For instance, if your organization cares about globalization defects because you ship your software in multiple languages you can enable these rules, or vice versa.

image

Detailed Explanation of Code Path to Warning

Another part of the C++ code analysis experience we set out to improve is around understanding how the analyzer found the problem. Previously when investigating a code analysis warning we would often scratch our heads and say to ourselves “ok, it’s telling me there is a bug on this line of source code, but how did it get there in the first place?”

So in Visual Studio 2012 we have introduced the concept of “key events.” A Key event is a relevant decision or assumption the analyzer made in the process of finding a defect. In the example below there are three key events (on the left). The key event on line 7 explains what the analyzer assumed in order to reach the bug; that the Boolean parameter ‘guard’ is false.

clip_image004

In the Code Analysis window you can click on a warning and step through these key events similar to a traditional debugger.

image

We have added key events to a handful of the most relevant and common C++ warnings, and as we hear feedback from you we will continue to update and improve the output of the warning messages.

Many Other Improvements

Lastly I would like to mention that there are many other improvements we have made to the accuracy of the C++ analyzer, the source code annotation language used by the analyzer (as well as documentation for it), and the kinds of defects the analyzer finds. Just to point out one improvement; in this release we have added checks for concurrency defects like threading deadlocks and race conditions in C++ code. However, these are topics unto themselves, so we can save them for another day.

In closing this first post for code analysis in Visual Studio 2012, we are excited to use this blog as a way to teach, learn, and interact together. We encourage you to try Visual Studio 2012 and check out code analysis, and we appreciate and look forward to your feedback.

-Code Analysis Team

To discover more about code analysis in Visual Studio 2012 go here:

https://msdn.microsoft.com/en-us/library/windows/apps/hh441471(v=VS.85).aspx