We have added a new experimental static analysis rule in Visual Studio 16.10 version Preview 3 – C26458, WARNING_PATH_SENSITIVE_USE_GSL_AT. The new warning is a more precise and less noisy version of warning C26446, WARNING_USE_GSL_AT. Both warnings analyse standard containers for unchecked element access and they both share the warning message: “Prefer to use gsl::at() instead of unchecked subscript operator (bounds.4).” This new warning, however, uses path sensitive analysis to track buffer size validation calls to provide a less noisy, more targeted warning compared to C26446.

Path sensitive analysis is not an inexpensive operation: the complexity and time required to analyze each function depends on the length, number of branching operations, and individual properties that are tracked in each function. The path simulation walks the function and emulates each branch and loop that it encounters, updating an internal state based on various assumptions made in the code. Consider the following code segment:

As the simulation reaches the branch, the analysis forks its state. In one fork it tracks that i is less than v.size(), and in the other i is greater than or equal to v.size(). The analysis does not necessarily know the value of i or the number of elements in v. It will only know the relation between these two due to the comparison. The same branching happens when the analysis encounters a loop.

#c++ #general c++ series #writing code #code analysis #static analysis