Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

FxCop (or equivalent) for non-.Net C++ code

Tags:

c++

.net

fxcop

Is there a way to get FxCop to analyze unmanaged C++ code? Setting the /clr flag allowed FxCop to open the .exe. It find a LOT of C++ items, but the analysis on the code is very weak. For example, the following code was skipped:


int i=0;
if (i=2) printf("Don't worry..everything will be okay.");

I would like a tool that can catch the i=2 and warn that it should be i==2. Any advice on either getting FxCop to be more thorough or another tool that others found useful?

like image 392
User1 Avatar asked Feb 10 '10 00:02

User1


1 Answers

MSVC (at least VC9/VS2008) already warns about your specific example:

warning C4706: assignment within conditional expression

(Oops: I just realized that I have my test projects settings cranked up to Warning level 4 - /W4. MSVC doesn't issue this warning at the default setting). So set the project settings to /W4 and get more diagnostics (hopefully without too much noise).

I find the warnings in VC9 to be pretty decent, and you can easily set the compiler to treat them as errors if you want to force the issue.

The Team Server edition of Visual Studio contains support for PREfast - a static analysis tool from Microsoft (the option is in the C++ project's Advanced/Enable Code Analysis For C/C++). You can also get the tool in the Windows Driver Kit and/or the Windows SDK, though I can't vouch for the instructions on getting the WDK/SDK version integrated into Visual Studio:

  • http://blogs.msdn.com/vcblog/archive/2008/02/05/prefast-and-sal-annotations.aspx
  • http://buildingsecurecode.blogspot.com/2007/08/security-code-scanning-with-microsoft.html

Another alternative some people like (non-free) is Gimpel's PC-Lint product.

like image 193
Michael Burr Avatar answered Oct 15 '22 07:10

Michael Burr