Improving software quality using Visual Studio 11 C++ Code Analysis 11/18/2018 7:59 PM TOOL-100T Improving software quality using Visual Studio 11 C++ Code Analysis Vince Smith Senior Program Manager Jason Yang Principal Development Lead Microsoft Corporation © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Key takeaways Code analysis finds bugs early in development Code analysis can find bugs often missed by traditional testing Code analysis in Visual Studio 11 is simple to use “If you're not using ‘Analyze’ you're making a mistake. It is enlightening to see what's happening when you turn this on.” John Carmack – Cofounder ID software
Great customer experiences start with quality 11/18/2018 7:59 PM Great customer experiences start with quality Reliability and security bugs Crashes and hangs Poor performance Security vulnerabilities Lead to poor customer experience Can be difficult to catch © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
What code analysis is Finds bugs at compile time 11/18/2018 7:59 PM What code analysis is Finds bugs at compile time Systematically looks for bug patterns in source code Complements traditional testing techniques “A defect that costs $1 to fix on the programmer’s desktop costs $100 to fix once it is incorporated into a complete program and many thousands of dollars if it is identified only after the software has been deployed in the field.” “Building a Better Bug Trap” — The Economist © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Introduction to code analysis 11/18/2018 7:59 PM demo Introduction to code analysis © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
What we heard from you “Make the analyzer more understandable” “Help me manage the number of results” “Improve the accuracy and breadth of coverage”
Improvements in Visual Studio 11
Walking through code analysis 11/18/2018 7:59 PM demo Walking through code analysis © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Results of your feedback Intuitive analysis results with key events and code step through Effective prioritization using keyword filtering and rule sets Broader coverage and more accurate results
Getting the most out of code analysis
Source code Annotation Language (SAL) Consistent syntax describing critical properties Automatically enforced by tools Allows you to get analysis results quickly
_In_: input parameter; cannot be NULL What SAL looks like _In_: input parameter; cannot be NULL void Print(_In_ int* p) { std::cout << *p; } void Bad() int* q = NULL; ... Print(q); void Print(_In_ int* p) { std::cout << *p; } void Good() int* q = NULL; ... if (q != NULL) Print(q);
Examples of parameter annotations Required Parameters Optional Parameters Input to called function _In_ _In_opt_ Output to caller _Out_ _Out_opt_ Input to called function and output to caller _Inout_ _Inout_opt_ Output of pointer to caller _Outptr_ _Outptr_opt_
Analyzer improvement in Visual Studio 11 Broad coverage Accurate results Fast speed Null pointer dereference Uninitialized variable Buffer overflow Memory leak Concurrency issue
Incremental and lasting benefit Initial benefit without annotations Incremental benefit with some annotations Full benefit when thoroughly annotated
Adding annotations to find more bugs 11/18/2018 7:59 PM demo Adding annotations to find more bugs © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Review
Code analysis finds bugs early in development
Code analysis can find bugs often missed by traditional testing
Code analysis in Visual Studio 11 is simple to use
For more information Related sessions Documentation & articles [HW-889P] Advanced driver code analysis techniques [HW-239T] Moving driver quality upstream with WDK driver verification and test tools Developer’s Reference Guide to SAL Developer’s Reference Guide to Concurrency SAL Annotations Visual Studio Code Analysis Defect Warnings Reference SAL Illustrated: A Visual Guide for New Users Code Analysis Team Blog
thank you Feedback and questions http://forums.dev.windows.com Session feedback http://bldw.in/SessionFeedback
11/18/2018 7:59 PM © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.