We have added a new experimental static analysis rule in Visual Studio 16.10 version Preview 3 – C26458, WARNING_PATH_SENSITIVE_USE_GSL_AT. The new warning is a more precise and less noisy version of warning C26446, WARNING_USE_GSL_AT. Both warnings analyse standard containers for unchecked element access and they both share the warning message: “Prefer to use gsl::at() instead of unchecked subscript operator (bounds.4).” This new warning,
Infer is a static analysis tool provided by Facebook in 2015. It supports Java and C / C ++ / Objective-C code and can detect a number of potential problems, including child exceptions.
Below is a summary of the improvements and bug fixes made from VS 2019 16.8 to 16.9 for code analysis and Cpp Core Testing.
Peer code reviews have increasingly been adopted by engineering teams around the world. Here are 6 tips to make the process better for teams.
Static code analysis is a method of debugging by examining source code before a program is run. It's done by analyzing a set of code against a set (or multiple sets) of coding rules. Static code analysis and static analysis are often used interchangeably, along with source code analysis.
In Visual Studio version 16.8 Preview 3, we have added a few safety rules to C++ Code Analysis that can find some common mistakes, which can lead to bugs ranging from simple broken features to costly security vulnerabilities. These new rules are developed around issues discovered in production software via security reviews and incidents requiring costly servicing.
One year ago GitHub announced the acquisition of Semmle, maker of a semantic code analysis engine powered by the Semmle QL query language. After a few months in beta, GitHub is now announcing the availability of its new CodeQL-based code scanning capability for all public and private repos.
This blog post will introduce new rules related to VARIANT and its sibling types – such as VARIANTARG, or PROPVARIANT. To help with the new rules, we have built a code analysis extension, called VariantClear, that detects violations of these new rules in code. It is named VariantClear because the primary rule it detects is about misuse of VariantClear function.
C++ Core Check is Microsoft’s static analysis tool that enforces the rules from the C++ Core Guidelines, which is maintained by the C++ Foundation. This post is to provide a snapshot of the C++ Core Guidelines coverage that C++ Core Check offers.
In this article, we'll take a look at some of the more advanced RESTful API design patterns/best practices.
Limitations of Linters—Is it Time to Level-Up? While linters have been around for a while and offer basic code checks, many developers are starting to ask for more comprehensive insights into their code.
The focus has been on test quantity/coverage without mentioning test quality. If tests are a developer's safety net, shouldn't they be treated like safety gear?
Anti-Patterns seem harmless but lead to error-prone solutions and make your code unmaintainable in the long-run.
Like GitLab and don't like bugs? Want to improve the quality of your source code? Let's see how to configure PVS-Studio C# analyzer for checking merge requests.