Compartilhar via


Analyze C++ code quality of Store apps using Visual Studio static code analysis

Note

This article applies to Visual Studio 2015. If you're looking for the latest Visual Studio documentation, see Visual Studio documentation. We recommend upgrading to the latest version of Visual Studio. Download it here

Applies to Windows and Windows Phone](../Image/windows_and_phone_content.png "windows_and_phone_content")

The code analysis tool in Visual Studio express editions examines your code for a set of common problems and violations of good programming practice. Code analysis warnings differ from compiler errors and warnings because code analysis searches for specific code patterns that are valid but could still create issues for you or other people who use your code. Code analysis can also find defects in your code that are difficult to discover through testing. Running the code analysis tool at regular intervals during your development process can enhance the quality of your completed app.

Note

In Visual Studio Ultimate, Visual Studio Premium, and Visual Studio Professional, you can use the full functionality of code analysis tools. See Analyzing Application Quality by Using Code Analysis Tools in the MSDN Library.

Running code analysis

To run code analysis on your Visual Studio solution:

  • On the Build menu, choose Run Code Analysis on Solution.

    To automatically run code analysis each time you build a project:

  1. Choose the project name in Solution Explorer and then choose Properties.

  2. In the project property page, choose Code Analysis and then choose Enable Code Analysis for C/C++ on Build.

    The solution is compiled and code analysis runs. Results appear in the Code Analysis window.

    Code Analysis window

Analyzing and resolving code analysis warnings

To analyze a specific warning, choose the title of the warning in the Code Analysis window. The warning expands to display detailed information about the issue. When possible, code analysis displays the line number and analysis logic that led to the warning.

Expanded code analysis warning

When you expand a warning, the lines of code that caused the warning are highlighted in the Visual Studio code editor.

Highlighted source code

After you understand the problem, you can resolve it in your code. Then rerun code analysis to make sure that the warning no longer appears in the Code Analysis window, and that your fix has not raised new warnings.

Tip

You can rerun code analysis from the Code Analysis window. Choose the Analyze button and then choose the scope of the analysis. You can rerun analysis on the entire solution or on a selected project.

Suppressing code analysis warnings

There are times when you might decide not to fix a code analysis warning. You might decide that resolving the warning requires too much recoding in relation to the probability that the issue will arise in any real-world implementation of your code. Or you might believe that the analysis that is used in the warning is inappropriate for the particular context. You can suppress individual warnings so that they no longer appear in the Code Analysis window.

To suppress a warning:

  1. If the detailed information is not displayed, expand the title of the warning.

  2. Choose the Actions link at the bottom of the warning.

  3. Choose to Suppress Message and then choose In Source.

    Suppressing a message inserts #pragma(warning:WarningId) that suppresses the warning for the line of code.

You can search long lists of warning messages and you can filter warnings in multi-project solutions.

Search and filter the code analysis window

C++ code analysis warnings

Code analysis raises the following warnings for C++ code:

Rule Description
C6001 Using Uninitialized Memory
C6011 Dereferencing Null Pointer
C6029 Use Of Unchecked Value
C6053 Zero Termination From Call
C6059 Bad Concatenation
C6063 Missing String Argument To Format Function
C6064 Missing Integer Argument To Format Function
C6066 Missing Pointer Argument To Format Function
C6067 Missing String Pointer Argument To Format Function
C6101 Returning uninitialized memory
C6200 Index Exceeds Buffer Maximum
C6201 Index Exceeds Stack Buffer Maximum
C6270 Missing Float Argument To Format Function
C6271 Extra Argument To Format Function
C6272 Non-Float Argument To Format Function
C6273 Non-Integer Argument To Format Function
C6274 Non-Character Argument To Format Function
C6276 Invalid String Cast
C6277 Invalid CreateProcess Call
C6284 Invalid Object Argument To Format Function
C6290 Logical-Not Bitwise-And Precedence
C6291 Logical-Not Bitwise-Or Precedence
C6302 Invalid Character String Argument To Format Function
C6303 Invalid Wide Character String Argument To Format Function
C6305 Mismatched Size And Count Use
C6306 Incorrect Variable Argument Function Call
C6328 Potential Argument Type Mismatch
C6385 Read Overrun
C6386 Write Overrun
C6387 Invalid Parameter Value
C6500 Invalid Attribute Property
C6501 Conflicting Attribute Property Values
C6503 References Cannot Be Null
C6504 Null On Non-Pointer
C6505 MustCheck On Void
C6506 Buffer Size On Non-Pointer Or Array
C6507 Null Mismatch At Dereference Zero
C6508 Write Access On Constant
C6509 Return Used On Precondition
C6510 Null Terminated On Non-Pointer
C6511 MustCheck Must Be Yes Or No
C6513 Element Size Without Buffer Size
C6514 Buffer Size Exceeds Array Size
C6515 Buffer Size On Non-Pointer
C6516 No Properties On Attribute
C6517 Valid Size On Non-Readable Buffer
C6518 Writable Size On Non-Writable Buffer
C6521 Invalid Size String Dereference
C6522 Invalid Size String Type
C6523 Invalid Size String Parameter
C6525 Invalid Size String Unreachable Location
C6526 Invalid Size String Buffer Type
C6527 Invalid annotation: 'NeedsRelease' property may not be used on values of void type
C6530 Unrecognized Format String Style
C6540 The use of attribute annotations on this function will invalidate all of its existing __declspec annotations
C6551 Invalid size specification: expression not parsable
C6552 Invalid Deref= or Notref=: expression not parsable
C6701 The value is not a valid Yes/No/Maybe value
C6702 The value is not a string value
C6703 The value is not a number
C6704 Unexpected Annotation Expression Error
C6705 Expected number of arguments for annotation does not match actual number of arguments for annotation
C6706 Unexpected Annotation Error for annotation
C28021 The parameter being annotated must be a pointer
C28182 Dereferencing NULL pointer. The pointer contains the same NULL value as another pointer did.
C28202 Illegal reference to non-static member
C28203 Ambiguous reference to class member.
C28205 _Success_ or _On_failure_ used in an illegal context
C28206 Left operand points to a struct, use '->'
C28207 Left operand is a struct, use '.'
C28210 Annotations for the __on_failure context must not be in explicit pre context
C28211 Static context name expected for SAL_context
C28212 Pointer expression expected for annotation
C28213 The _Use_decl_annotations_ annotation must be used to reference, without modification, a prior declaration.
C28214 Attribute parameter names must be p1...p9
C28215 The typefix cannot be applied to a parameter that already has a typefix
C28216 The checkReturn annotation only applies to postconditions for the specific function parameter.
C28217 For function, the number of parameters to annotation does not match that found at file
C28218 For function parameter, the annotation's parameter does not match that found at file
C28219 Member of enumeration expected for annotation the parameter in the annotation
C28220 Integer expression expected for annotation the parameter in the annotation
C28221 String expression expected for the parameter in the annotation
C28222 __yes, __no, or __maybe expected for annotation
C28223 Did not find expected Token/identifier for annotation, parameter
C28224 Annotation requires parameters
C28225 Did not find the correct number of required parameters in annotation
C28226 Annotation cannot also be a PrimOp (in current declaration)
C28227 Annotation cannot also be a PrimOp (see prior declaration)
C28228 Annotation parameter: cannot use type in annotations
C28229 Annotation does not support parameters
C28230 The type of parameter has no member.
C28231 Annotation is only valid on array
C28232 pre, post, or deref not applied to any annotation
C28233 pre, post, or deref applied to a block
C28234 __at expression does not apply to current function
C28235 The function cannot stand alone as an annotation
C28236 The annotation cannot be used in an expression
C28237 The annotation on parameter is no longer supported
C28238 The annotation on parameter has more than one of value, stringValue, and longValue. Use paramn=xxx
C28239 The annotation on parameter has both value, stringValue, or longValue; and paramn=xxx. Use only paramn=xxx
C28240 The annotation on parameter has param2 but no param1
C28241 The annotation for function on parameter is not recognized
C28243 The annotation for function on parameter requires more dereferences than the actual type annotated allows
C28245 The annotation for function annotates 'this' on a non-member-function
C28246 The parameter annotation for function does not match the type of the parameter
C28250 Inconsistent annotation for function: the prior instance has an error.
C28251 Inconsistent annotation for function: this instance has an error.
C28252 Inconsistent annotation for function: parameter has another annotations on this instance.
C28253 Inconsistent annotation for function: parameter has another annotations on this instance.
C28254 dynamic_cast<>() is not supported in annotations
C28262 A syntax error in the annotation was found in function, for annotation
C28263 A syntax error in a conditional annotation was found for Intrinsic annotation
C28267 A syntax error in the annotations was found annotation in the function.
C28272 The annotation for function, parameter when examining is inconsistent with the function declaration
C28273 For function, the clues are inconsistent with the function declaration
C28275 The parameter to _Macro_value_ is null
C28279 For symbol, a 'begin' was found without a matching 'end'
C28280 For symbol, an 'end' was found without a matching 'begin'
C28282 Format Strings must be in preconditions
C28285 For function, syntax error in parameter
C28286 For function, syntax error near the end
C28287 For function, syntax Error in _At_() annotation (unrecognized parameter name)
C28288 For function, syntax Error in _At_() annotation (invalid parameter name)
C28289 For function: ReadableTo or WritableTo did not have a limit-spec as a parameter
C28290 the annotation for function contains more Externals than the actual number of parameters
C28291 post null/notnull at deref level 0 is meaningless for function.
C28300 Expression operands of incompatible types for operator
C28301 No annotations for first declaration of function.
C28302 An extra _Deref_ operator was found on annotation.
C28303 An ambiguous _Deref_ operator was found on annotation.
C28304 An improperly placed _Notref_ operator was found applied to token.
C28305 An error while parsing a token was discovered.
C28350 The annotation describes a situation that is not conditionally applicable.
C28351 The annotation describes where a dynamic value (a variable) cannot be used in the condition.