C++代码静态分析工具-Prefast

1. 什么是Prefast

       Prefast是一种代码分析工具，它能够帮助你找到编译器不能找到的错误或者缺陷。Prefast首次被微软集成到Visual Studio 2005 Team Suite中去，使用起来非常方便。

 

2.怎么使用Prefast

      在vs2005 Team Suite中，使用Prefast非常简单。修改你的工程属性，设置Enable Code Analysis For C/C++为Yes.

     

效果: 注意到有可能错误的地方以浅灰色显示在编辑器中了。

 

3.Prefast能帮你找到哪些错误

    1)没有初始化

        // no initial

        void defect1()

        {

            int a;

            int b;

            b = a;

        }

        会报: d:/test/testcode/testcode.cpp(18) : warning C6001: Using uninitialized memory 'a': Lines: 15, 16, 18

 

        2)空指针取值

        // one path dereference NULL

        void defect4( int b, int c)

        {

            int * p = NULL;

            int a = 1 ;

            if (b == 1 )

            {

                if (c == 1 )

                {

                    p = & a;

                }

                else

                {

                }

            }

            else

            {

                if (c == 1 )

                {

                }

                else

                {

                    p = & a;

                }

            }

            * p;

            return ;

        }

        会报:d:/test/testcode/testcode.cpp(65) : warning C6011: Dereferencing NULL pointer 'p': Lines: 45, 46, 48, 57, 65

 

        3)可能错误的运算符优先级

        void defect5()

        {

            int a = 1 ;

            int b = 1 ;

            int c = 1 ;

            if (a & b == c)

                return ;

        }

        会报: d:/test/testcode/testcode.cpp(76) : warning C6281: Incorrect order of operations: relational operators have higher precedence than bitwise operators

 

        4)可能的buffer overrun

        void defect8()

        {

            char buf[ 100 ];

            char buf2[ 200 ];

            int i = 100 ;

            sprintf(buf, " hello world %d " , i);

            strcpy(buf, buf2);

        }

        会报: d:/test/testcode/testcode.cpp(133) : warning C6202: Buffer overrun for 'buf', which is possibly stack allocated, in call to 'strcpy': length '200' exceeds buffer size '100'

 

        5)可能的无穷循环 // infinite loop

        void defect14()

        {

            signed char i;

            for (i = 100 ; i >= 0 ; i ++ )

            {

                ;

            }

        }

        会报: d:/test/testcode/testcode.cpp(198) : warning C6292: Ill-defined for-loop: counts up from maximum

 

        6)格式字符串错误 // Format string mismatch

        void defect21()

        {

            char buff[ 5 ];

            sprintf(buff, " %s %s " , " a " );

        }

        会报: d:/test/testcode/testcode.cpp(277) : warning C6063: Missing string argument to 'sprintf' that corresponds to conversion specifier '2'

 

        7)安全问题

        void defect27()

        {

            CreateProcess(NULL, " c://program files//Project.exe arg1 " , // correct "/"c://program files//Project.exe/"                         arg1", NULL, NULL, false , 0 , NULL, NULL, NULL, NULL);

        }

        会报: d:/test/testcode/testcode.cpp(327) : warning C6277: NULL application name with an unquoted path in call to 'CreateProcessA': results in a security vulnerability if the path contains spaces

 

        8)=和==误用

        void defect32()

        {

            int a = 1 ;

            if (a = 2 )

                return ;

        }

        会报: d:/test/testcode/testcode.cpp(405) : warning C6282: Incorrect operator: assignment of constant in Boolean context. Consider using '==' instead

 

        9)逻辑运算问题 // always false

        void defect45()

        {

             int x;

             if ( 0 && x ++ )

            {

                ;

            }

        }

        会报: d:/test/testcode/testcode.cpp(564) : warning C6237: ( && ) is always zero. is never evaluated and might have side effects

 

        10)其他