New Static Analysis Rule for Bounds Checking

We have added a new experimental static analysis rule in Visual Studio 16.10 version Preview 3 – C26458, WARNING_PATH_SENSITIVE_USE_GSL_AT. The new warning is a more precise and less noisy version of warning C26446, WARNING_USE_GSL_AT. Both warnings analyse standard containers for unchecked element access and they both share the warning message: “Prefer to use gsl::at() instead of unchecked subscript operator (bounds.4).” This new warning,

Infer# Brings Facebook's Infer Static Analyzer to C# and .NET

Infer is a static analysis tool provided by Facebook in 2015. It supports Java and C / C ++ / Objective-C code and can detect a number of potential problems, including child exceptions.

Static Analysis Fixes, Improvements, and Updates in Visual Studio 2019 16.9

Below is a summary of the improvements and bug fixes made from VS 2019 16.8 to 16.9 for code analysis and Cpp Core Testing.

Effective Code Reviews: A Primer

Peer code reviews have increasingly been adopted by engineering teams around the world. Here are 6 tips to make the process better for teams.

Static Code Analysis: What It Is? How to Use It?

Static code analysis is a method of debugging by examining source code before a program is run. It's done by analyzing a set of code against a set (or multiple sets) of coding rules. Static code analysis and static analysis are often used interchangeably, along with source code analysis.

Even More New Safety Rules in C++ Code Analysis

In Visual Studio version 16.8 Preview 3,  we have added a few safety rules to C++ Code Analysis that can find some common mistakes, which can lead to bugs ranging from simple broken features to costly security vulnerabilities. These new rules are developed around issues discovered in production software via security reviews and incidents requiring costly servicing. 

GitHub Code Scanning Is out of Beta

One year ago GitHub announced the acquisition of Semmle, maker of a semantic code analysis engine powered by the Semmle QL query language. After a few months in beta, GitHub is now announcing the availability of its new CodeQL-based code scanning capability for all public and private repos.

New Safety Rules in C++ Code Analysis

This blog post will introduce new rules related to VARIANT and its sibling types – such as VARIANTARG, or PROPVARIANT. To help with the new rules, we have built a code analysis extension, called VariantClear, that detects violations of these new rules in code. It is named VariantClear because the primary rule it detects is about misuse of VariantClear function.

C++ Core Check in Visual Studio

C++ Core Check is Microsoft’s static analysis tool that enforces the rules from the C++ Core Guidelines, which is maintained by the C++ Foundation. This post is to provide a snapshot of the C++ Core Guidelines coverage that C++ Core Check offers.

A Look at REST API Design Patterns: Advanced

In this article, we'll take a look at some of the more advanced RESTful API design patterns/best practices.

Limitations of Linters—Is it Time to Level-Up?

Limitations of Linters—Is it Time to Level-Up? While linters have been around for a while and offer basic code checks, many developers are starting to ask for more comprehensive insights into their code.

What's Worse Than Coding Without Tests? Coding With Bad Tests.

The focus has been on test quantity/coverage without mentioning test quality. If tests are a developer's safety net, shouldn't they be treated like safety gear?

The Silent Villains of the Coding Universe: A Review of Anti-Patterns

Anti-Patterns seem harmless but lead to error-prone solutions and make your code unmaintainable in the long-run.

Analysis of Merge Requests in GitLab Using PVS-Studio For

Like GitLab and don't like bugs? Want to improve the quality of your source code? Let's see how to configure PVS-Studio C# analyzer for checking merge requests.


Uberは、失効した機能フラグ(feature flag)によって発生する不要なコードを自動的にクリーンアップする、同社のツールPiranhaをオープンソースとして公開した。