We’re making it easier to configure and use the C++ code analysis features with a set of changes targeting 15.7. In the first 15.7 preview we’ve cleaned up the UI, fixed our documentation links and, most importantly, simplified the way analysis extensions are configured.
If you’re not familiar with C++ Core Check, it’s a code analysis extension that helps you update your code to be safer and use a more modern style as outlined in the C++ Core Guidelines. You can learn more about the rules we enforce on our reference page.
C++ Core Check Extension on by Default
We wanted to make it easier for developers to take advantage of the new checks from C++ Core Check. Previously if developers wanted to use C++ Core Check with code analysis, they had to explicitly enable the analysis extension for each project. Then, when running analysis, the tools would produce a deluge of Core Check warnings because all C++ Core Check warnings were enabled by default.
Starting in Preview 1, the C++ Core Check extension is enabled whenever code analysis is run. We also updated the Microsoft Native Recommended Rules and Microsoft Native Minimum Rules to include only the highest impact C++ Core Check warnings (more on that below). We think this provides the best experience: running code analysis on a project “just works” without requiring additional configuration.
We also removed the UI that was used to configure the analysis extensions because it’s no longer needed. Our goal is to make the ruleset the one-stop configuration file for code analysis. All a developer needs to worry about is which warnings he or she wants to run, and the engine will intelligently enable and disable extensions and checkers based on the ruleset. This feature isn’t fully implemented in Preview 1; the remaining work will ship in an upcoming preview.
The code analysis extensions selection panel has been removed – extensions will be enabled automatically based on the rules that are enabled.
Disabling C++ Core Check for a Project
Because this work is still in preview, we added a way to revert to the previous behavior. If the C++ Core Check extension is causing problems with a project, it can be disabled per-project by editing the vcxproj file and adding the following property.
<PropertyGroup> <EnableCppCoreCheck>false</EnableCppCoreCheck> </PropertyGroup>
When building from the command line with msbuild, it can also be disabled by passing the property /p:EnableCppCoreCheck=false
If you find you need to disable the extension, we’d like to know about any blocking issues you found. Use the “Send Feedback” button in Visual Studio to report any problems.
New Rules in Recommended and Minimum Rulesets
Previously the Microsoft Native Recommended and Microsoft Minimum Rulesets had all C++ Core Check warnings enabled by default. This meant if you wanted to try out C++ Core Check and enabled the extension, you’d get a flood of additional warnings.
To stay consistent with the spirit of the “Recommended” and “Minimum” rulesets, we looked across our internal projects and identified the C++ Core Check rules that helped prevent the most critical bugs. The Recommended and Minimum rulesets still contain the core analyzer rules they had previously and now also contain the high-impact C++ Core Check rules. If you want to run with all the C++ Core Check warnings enabled, you can still choose the “C++ Core Check Rules” ruleset.
New in Microsoft Native Minimum
- C26450 RESULT_OF_ARITHMETIC_OPERATION_PROVABLY_LOSSY
- C26451 RESULT_OF_ARITHMETIC_OPERATION_CAST_TO_LARGER_SIZE
- C26452 SHIFT_COUNT_NEGATIVE_OR_TOO_BIG
- C26453 LEFTSHIFT_NEGATIVE_SIGNED_NUMBER
- C26454 RESULT_OF_ARITHMETIC_OPERATION_NEGATIVE_UNSIGNED
- C26495 MEMBER_UNINIT
New in Microsoft Native Recommended
- All the Minimum rules above
- C26441 NO_UNNAMED_GUARDS
- C26444 NO_UNNAMED_RAII_OBJECTS
- C26498 USE_CONSTEXPR_FOR_FUNCTIONCALL
C++ Core Check Experimental Extension Removed
Previous versions of Visual Studio included a C++ Core Check (Experimental) option for rules that weren’t quite ready for release. We’ve been updating these rules over several releases and now the rules dealing with raw pointers, owner pointers, and lifetime profile are implemented in the main checker. A few of the experimental rules do not map exactly to new rules and are being deprecated.
The following experimental rules are deprecated
- C26412 DEREF_INVALID_POINTER
- C26413 DEREF_NULLPTR
- C26420 ASSIGN_NONOWNER_TO_EXPLICIT_OWNER
- C26421 ASSIGN_VALID_OWNER
- C26422 VALID_OWNER_LEAVING_SCOPE
- C26423 ALLOCATION_NOT_ASSIGNED_TO_OWNER
- C26424 VALID_ALLOCATION_LEAVING_SCOPE
- C26425 ASSIGNING_TO_STATIC
- C26499 NO_LIFETIME_TRACKING
Fit and Finish
We also spent some time fixing some minor bugs to improve the overall C++ code analysis experience.
- Clicking on an error navigates to the current documentation page instead of the page for previous versions of Visual Studio.
- Removed “Run Code Metrics” from the Analyze menu on projects that don’t support Code Metrics.
- C++ Core Check now runs significantly faster and uses up to 50% less memory compared with the 15.6 release.
- Added a hot key to run code analysis on the current file: Ctrl+Shift+Alt+F7 in the default keyboard mapping.
Wrap Up
We’re excited to have C++ Core Check on by default and a simpler story for getting our code analysis tools set up for your projects. Hopefully you’ll find the C++ code analysis tools easier to use and the new warnings useful. Download the latest Visual Studio preview and give them a try.
As always, we welcome your feedback. Feel free to send any comments through e-mail at visualcpp@microsoft.com, through Twitter @visualc, or Facebook at Microsoft Visual Cpp.
If you encounter other problems with MSVC in VS 2017, please let us know via the Report a Problem option, either from the installer or the Visual Studio IDE itself. For suggestions, let us know through UserVoice. Thank you!
Happy coding.