In Visual Studio version 16.8 Preview 3, we are adding a few safety rules to C++ Code Analysis that can find some common mistakes, which can lead to bugs ranging from simple broken features to costly security vulnerabilities. These new rules are developed around issues discovered in production software via security reviews and incidents requiring costly servicing. Every shipping piece of software in Microsoft runs these rules as part of security and compliance requirements.
This blog post will introduce new rules related to VARIANTand its sibling types – such as
VARIANTARG, or
PROPVARIANT. To help with the new rules, we have built a code analysis extension, called
VariantClear, that detects violations of these new rules in code. It is named
VariantClear because the primary rule it detects is about misuse of
VariantClearfunction.
The VariantClear
extension detects and reports the following warnings:
While Visual Studio version 16.8 Preview 3 already has the VariantClear extension included, it is not yet enabled by default. To enable this extension, please add the following lines either to your project file or to the Microsoft.CodeAnalysis.Extensions.props
file under MSBuild\Microsoft\VC\v160
folder in the Visual Studio installation location:
If you want to add this to individual project file, add it after all other <PropertyGroup>
elements:
<PropertyGroup Condition="'$(ConfigurationType)'!='Utility' and '$(ConfigurationType)'!='Makefile'">
<EspXtensions Condition="'$(EnableVariantClear)'!='false'">VariantClear.dll;$(EspXtensions)</EspXtensions>
</PropertyGroup>
If you want to modify your Visual Studio installation, you can add this to the Microsoft.CodeAnalysis.Extensions.props
file, after the similar element for HResultCheck
:
<EspXtensions Condition="'$(EnableVariantClear)'!='false'">VariantClear.dll;$(EspXtensions)</EspXtensions>
Please note that this will likely be overwritten if you repair or reinstall Visual Studio, or upgrade to a later release. Please stay tuned for update when we have this extension enabled in Visual Studio.
#c++ #diagnostics #new feature #writing code #code analysis #static analysis