C++ Code Analysis improvements in Visual Studio 2017 RTM

This blog post was written by Sunny Chatterjee and Andrew Pardoe

Visual Studio 2017 RTM  release includes the C++ Core Guidelines Checkers as part of Code Analysis tools for C/C++. We have gotten a ton of useful feedback on the early previews of these checks through our external customers. Thank you for engaging with us and giving us great feedback. This feedback helped us improve the quality of the final released version of  C++ Core Guidelines checks. Some of these improvements are explained in detail in this blog post about const correctness.

Besides shipping the C++ Core Guidelines checker, we also fixed  more than 150 bugs in our core analysis engine. All of these fixes are available in the Visual Studio 2017 RTM. As a result, developers should expect to see accuracy improvements in C++ code analysis. Download Visual Studio 2017 today and let us know what you think of the improvements to code analysis!

Here are some notable fixes that were frequently reported. These fixes were made as a result of direct external feedback.

  1. False positive during dereferencing null-pointer checks (C6011)
    1. https://connect.microsoft.com/VisualStudio/feedback/details/1645136/c6011-occurs-const-cast-to-const-members-after-if-statement
    2. https://connect.microsoft.com/VisualStudio/feedback/details/1981990/inappropriate-analyzer-warning-when-casting-to-reference-in-constructor
    3. http://connect.microsoft.com/VisualStudio/feedback/details/2556936/static-analysis-c6011-warning-false-positive-in-short-circuited-conditionals
    4. https://connect.microsoft.com/VisualStudio/feedback/details/2750342/static-analysis-false-positive-when-using-a-bracketed-ternary-operator
    5. https://connect.microsoft.com/VisualStudio/feedback/details/3078125/false-positive-dereferencing-null-pointer-warning-when-taking-a-named-reference
    6. https://connect.microsoft.com/VisualStudio/feedback/details/3082362/static-analysis-false-positive-when-comparing-ptr-nullptr-vs-simply-ptr
  2. False positive during uninitialized memory checks (C6001)
    1. http://connect.microsoft.com/VisualStudio/feedback/details/1858404/false-positive-in-c-static-analysis-c6001
    2. https://connect.microsoft.com/VisualStudio/feedback/details/2607792/erroneous-report-from-sal
  3. False positive around inconsistent annotation checking (C28252 and C28253)
    1. http://connect.microsoft.com/VisualStudio/feedback/details/2053524/wsutil-compiler-version-1-0095-creates-a-file-that-triggers-warnings-c28252-and-c28253-even-when-compiled-with-w0
  4. False positive during annotation parsing (C28285)
    1. http://connect.microsoft.com/VisualStudio/feedback/details/2358718/sal-analysis-warning-c28285-when-using-local-static-variables
  5. False positive during strict type match checking (C28039)
    1. https://connect.microsoft.com/VisualStudio/feedback/details/2573764/sal-false-positive-on-strict-type-match
  6. False positive when checking for local vs. global declarations on enum classes (C6244)
    1. https://connect.microsoft.com/VisualStudio/feedback/details/3101212/incorrect-static-analysis-warning-of-enum-class-enumerators-hiding-other-declarations
  7. MSBuild error MSB4018 during code analysis runs: The “MergeNativeCodeAnalysis” task failed unexpectedly
    1. https://connect.microsoft.com/VisualStudio/feedback/details/3113987/error-msb4018-the-mergenativecodeanalysis-task-failed-unexpectedly

Send us your feedback!

We hope that the C++ Code Analysis tools in Visual Studio 2017 help improve your code and make you more productive. We’d like to thank you all and as always, we welcome your feedback. Please tell us what you like and dislike about our current toolset and what you’d like to see in future releases.

For problems, let us know via the Report a Problem option, either from the installer or the Visual Studio IDE itself. And you can always reach us through e-mail at cppcorecheck@microsoft.com.