Morioh
Login
Alexandrea Abernathy

Alexandrea Abernathy

3 years ago

In Visual Studio version 16.8 Preview 3,  we are adding a few safety rules to C++ Code Analysis that can find some common mistakes, which can lead to bugs ranging from simple broken features to costly security vulnerabilities. These new rules are developed around issues discovered in production software via security reviews and incidents requiring costly servicing. Every shipping piece of software in Microsoft runs these rules as part of security and compliance requirements.

This blog post will introduce new rules related to VARIANTand its sibling types – such as VARIANTARG, or PROPVARIANT. To help with the new rules, we have built a code analysis extension, called VariantClear, that detects violations of these new rules in code.  It is named VariantClear because the primary rule it detects is about misuse of VariantClearfunction.

The VariantClear extension detects and reports the following warnings:

  • C33001: VARIANT ‘var’ was cleared when it was uninitialized
  • C33004: VARIANT ‘var’, which is marked as Out was cleared before being initialized
  • C33005: VARIANT ‘var’ was provided as an input or input/output parameter but was not initialized

While Visual Studio version 16.8 Preview 3 already has the VariantClear extension included, it is not yet enabled by default. To enable this extension, please add the following lines either to your project file or to the Microsoft.CodeAnalysis.Extensions.props file under MSBuild\Microsoft\VC\v160 folder in the Visual Studio installation location:

If you want to add this to individual project file, add it after all other <PropertyGroup> elements:

<PropertyGroup Condition="'$(ConfigurationType)'!='Utility' and '$(ConfigurationType)'!='Makefile'">
    <EspXtensions Condition="'$(EnableVariantClear)'!='false'">VariantClear.dll;$(EspXtensions)</EspXtensions>
</PropertyGroup>

If you want to modify your Visual Studio installation, you can add this to the Microsoft.CodeAnalysis.Extensions.props file, after the similar element for HResultCheck:

<EspXtensions Condition="'$(EnableVariantClear)'!='false'">VariantClear.dll;$(EspXtensions)</EspXtensions>

Please note that this will likely be overwritten if you repair or reinstall Visual Studio, or upgrade to a later release. Please stay tuned for update when we have this extension enabled in Visual Studio.

#c++ #diagnostics #new feature #writing code #code analysis #static analysis

New Safety Rules in C++ Code Analysis

devblogs.microsoft.com

New Safety Rules in C++ Code Analysis

This blog post will introduce new rules related to VARIANT and its sibling types – such as VARIANTARG, or PROPVARIANT. To help with the new rules, we have built a code analysis extension, called VariantClear, that detects violations of these new rules in code. It is named VariantClear because the primary rule it detects is about misuse of VariantClear function.

1.75 GEEK