C++博客-ice197983-文章分类-VC相关工具http://www.cppblog.com/ice197983/category/1978.htmlzh-cnWed, 21 May 2008 03:29:43 GMTWed, 21 May 2008 03:29:43 GMT60C++代码静态分析工具-Prefast http://www.cppblog.com/ice197983/articles/8632.html黑色幽灵黑色幽灵Fri, 16 Jun 2006 05:19:00 GMThttp://www.cppblog.com/ice197983/articles/8632.htmlhttp://www.cppblog.com/ice197983/comments/8632.htmlhttp://www.cppblog.com/ice197983/articles/8632.html#Feedback0http://www.cppblog.com/ice197983/comments/commentRss/8632.htmlhttp://www.cppblog.com/ice197983/services/trackbacks/8632.html1. 什么是Prefast

Prefast是一种代码分析工具,它能够帮助你找到编译器不能找到的错误或者缺陷。Prefast首次被微软集成到Visual Studio 2005 Team Suite中去,使用起来非常方便。

2.怎么使用Prefast
在vs2005 Team Suite中,使用Prefast非常简单。修改你的工程属性,设置Enable Code Analysis For C/C++为Yes.

prefast1.jpg

效果:
prefast2.jpg

注意到有可能错误的地方以浅灰色显示在编辑器中了。

3.Prefast能帮你找到哪些错误

1)没有初始化

//no initial
void defect1()
{
        int a;
        int b;

        b = a;
}

会报: d:\test\testcode\testcode.cpp(18) : warning C6001: Using uninitialized memory 'a': Lines: 15, 16, 18

2)空指针取值

//one path dereference NULL
void defect4(int b, int c)
{
        int *= NULL;
        int a = 1;

        if (b == 1) {
                if (c == 1) {
                        p = &a;
                }
                else {
                                                
                }
        }
        else {
                if (c == 1) {

                }
                else {
                        p = &a;
                }
        }

        *p;

        return;
}    

会报:d:\test\testcode\testcode.cpp(65) : warning C6011: Dereferencing NULL pointer 'p': Lines: 45, 46, 48, 57, 65

3)可能错误的运算符优先级

void defect5()
{
        int a = 1;
        int b = 1;
        int c = 1;

        if (a & b == c)
                return;
}

会报: d:\test\testcode\testcode.cpp(76) : warning C6281: Incorrect order of operations: relational operators have higher precedence than bitwise operators

4)可能的buffer overrun

void defect8()
{
        char buf[100];
        char buf2[200];
        int i = 100;

        sprintf(buf, "hello world %d", i);
        strcpy(buf, buf2);
}

会报: d:\test\testcode\testcode.cpp(133) : warning C6202: Buffer overrun for 'buf', which is possibly stack allocated, in call to 'strcpy': length '200' exceeds buffer size '100'

5)可能的无穷循环

//infinite loop
void defect14()
{
        signed char i;

        for (i = 100; i >= 0; i++) {
                ; 
        }
}

会报: d:\test\testcode\testcode.cpp(198) : warning C6292: Ill-defined for-loop: counts up from maximum

6)格式字符串错误

//Format string mismatch
void defect21()
{
        char buff[5];
        sprintf(buff, "%s %s""a");
}

会报: d:\test\testcode\testcode.cpp(277) : warning C6063: Missing string argument to 'sprintf' that corresponds to conversion specifier '2'

7)安全问题

void defect27()
{
        CreateProcess(NULL,
               "c:\\program files\\Project.exe arg1"//correct "\"c:\\program files\\Project.exe\" arg1",
               NULL,
               NULL,
               false,
               0,
               NULL,
               NULL,
               NULL,
               NULL);               
}

会报: d:\test\testcode\testcode.cpp(327) : warning C6277: NULL application name with an unquoted path in call to 'CreateProcessA': results in a security vulnerability if the path contains spaces

8)=和==误用

void defect32()
{
        int a = 1;

        if (a = 2)
                return;
}

会报: d:\test\testcode\testcode.cpp(405) : warning C6282: Incorrect operator: assignment of constant in Boolean context. Consider using '==' instead

9)逻辑运算问题

//always false
void defect45()
{
        int x;

        if (0 && x++) {
                ;
        }
}

会报: d:\test\testcode\testcode.cpp(564) : warning C6237: (<zero> && <expression>) is always zero. <expression> is never evaluated and might have side effects

10)其他



黑色幽灵 2006-06-16 13:19 发表评论
]]>