C++代码静态分析工具-Prefast

C++代码静态分析工具-Prefast

2008-05-08 00:46

1. 什么是Prefast Prefast是一种代码分析工具，它能够帮助你找到编译器不能找到的错误或者缺陷。Prefast首次被微软集成到Visual Studio 2005 Team Suite中去，使用起来非常方便。 2.怎么使用Prefast 在vs2005 Team Suite中，使用Prefast非常简单。修改你的工程属性，设置Enable Code Analysis For C/C++为Yes. 效果: 注意到有可能错误的地方以浅灰色显示在编辑器中了。 3.Prefast能帮你找到哪些错误 1)没有初始化 // no initial void defect1() {          int a;          int b;          b = a; } 会报: d:/test/testcode/testcode.cpp(18) : warning C6001: Using uninitialized memory 'a': Lines: 15, 16, 18 2)空指针取值 // one path dereference NULL void defect4( int b, int c) {          int * p = NULL;          int a = 1 ;          if (b == 1 ) {                  if (c == 1 ) {                          p = & a;                  }                  else {                                                                   }          }          else {                  if (c == 1 ) {                  }                  else {                          p = & a;                  }          }          * p;          return ; }     会报:d:/test/testcode/testcode.cpp(65) : warning C6011: Dereferencing NULL pointer 'p': Lines: 45, 46, 48, 57, 65 3)可能错误的运算符优先级 void defect5() {          int a = 1 ;          int b = 1 ;          int c = 1 ;          if (a & b == c)                  return ; } 会报: d:/test/testcode/testcode.cpp(76) : warning C6281: Incorrect order of operations: relational operators have higher precedence than bitwise operators 4)可能的buffer overrun void defect8() {          char buf[ 100 ];          char buf2[ 200 ];          int i = 100 ;          sprintf(buf, " hello world %d " , i);          strcpy(buf, buf2); } 会报: d:/test/testcode/testcode.cpp(133) : warning C6202: Buffer overrun for 'buf', which is possibly stack allocated, in call to 'strcpy': length '200' exceeds buffer size '100' 5)可能的无穷循环 // infinite loop void defect14() {          signed char i;          for (i = 100 ; i >= 0 ; i ++ ) {                  ;          } } 会报: d:/test/testcode/testcode.cpp(198) : warning C6292: Ill-defined for-loop: counts up from maximum 6)格式字符串错误 // Format string mismatch void defect21() {          char buff[ 5 ];          sprintf(buff, " %s %s " , " a " ); } 会报: d:/test/testcode/testcode.cpp(277) : warning C6063: Missing string argument to 'sprintf' that corresponds to conversion specifier '2' 7)安全问题 void defect27() {          CreateProcess(NULL,                 " c://program files//Project.exe arg1 " , // correct "/"c://program files//Project.exe/" arg1",                 NULL,                 NULL,                 false ,                 0 ,                 NULL,                 NULL,                 NULL,                 NULL);                } 会报: d:/test/testcode/testcode.cpp(327) : warning C6277: NULL application name with an unquoted path in call to 'CreateProcessA': results in a security vulnerability if the path contains spaces 8)=和==误用 void defect32() {          int a = 1 ;          if (a = 2 )                  return ; } 会报: d:/test/testcode/testcode.cpp(405) : warning C6282: Incorrect operator: assignment of constant in Boolean context. Consider using '==' instead 9)逻辑运算问题 // always false void defect45() {          int x;          if ( 0 && x ++ ) {                  ;          } } 会报: d:/test/testcode/testcode.cpp(564) : warning C6237: (<zero> && <expression>) is always zero. <expression> is never evaluated and might have side effects 10)其他