久久经典免费视频,久久精品国产99国产精品导航 ,久久精品无码一区二区三区日韩

C++代碼靜態(tài)分析工具-Prefast

Posted on 2006-03-28 13:59 小明閱讀(13276) 評論(7) 編輯收藏引用所屬分類: C/C++ 、Tools

1. 什么是Prefast

Prefast是一種代碼分析工具，它能夠幫助你找到編譯器不能找到的錯(cuò)誤或者缺陷。Prefast首次被微軟集成到Visual Studio 2005 Team Suite中去，使用起來非常方便。

2.怎么使用Prefast
在vs2005 Team Suite中，使用Prefast非常簡單。修改你的工程屬性，設(shè)置Enable Code Analysis For C/C++為Yes.

效果:

注意到有可能錯(cuò)誤的地方以淺灰色顯示在編輯器中了。

3.Prefast能幫你找到哪些錯(cuò)誤

1)沒有初始化

// no?initial
void ?defect1()
{
???????? int ?a;
???????? int ?b;

????????b? = ?a;
}

會報(bào): d:\test\testcode\testcode.cpp(18) : warning C6001: Using uninitialized memory 'a': Lines: 15, 16, 18

2)空指針取值

// one?path?dereference?NULL
void ?defect4( int ?b,? int ?c)
{
???????? int ? * p? = ?NULL;
???????? int ?a? = ? 1 ;

???????? if ?(b? == ? 1 )?{
???????????????? if ?(c? == ? 1 )?{
????????????????????????p? = ? & a;
????????????????}
???????????????? else ?{
????????????????????????????????????????????????
????????????????}
????????}
???????? else ?{
???????????????? if ?(c? == ? 1 )?{

????????????????}
???????????????? else ?{
????????????????????????p? = ? & a;
????????????????}
????????}

???????? * p;

???????? return ;
}????

會報(bào):d:\test\testcode\testcode.cpp(65) : warning C6011: Dereferencing NULL pointer 'p': Lines: 45, 46, 48, 57, 65

3)可能錯(cuò)誤的運(yùn)算符優(yōu)先級

void ?defect5()
{
???????? int ?a? = ? 1 ;
???????? int ?b? = ? 1 ;
???????? int ?c? = ? 1 ;

???????? if ?(a? & ?b? == ?c)
???????????????? return ;
}

會報(bào): d:\test\testcode\testcode.cpp(76) : warning C6281: Incorrect order of operations: relational operators have higher precedence than bitwise operators

4)可能的buffer overrun

void ?defect8()
{
???????? char ?buf[ 100 ];
???????? char ?buf2[ 200 ];
???????? int ?i? = ? 100 ;

????????sprintf(buf,? " hello?world?%d " ,?i);
????????strcpy(buf,?buf2);
}

會報(bào): d:\test\testcode\testcode.cpp(133) : warning C6202: Buffer overrun for 'buf', which is possibly stack allocated, in call to 'strcpy': length '200' exceeds buffer size '100'

5)可能的無窮循環(huán)

// infinite?loop
void ?defect14()
{
????????signed? char ?i;

???????? for ?(i? = ? 100 ;?i? >= ? 0 ;?i ++ )?{
????????????????;?
????????}
}

會報(bào): d:\test\testcode\testcode.cpp(198) : warning C6292: Ill-defined for-loop: counts up from maximum

6)格式字符串錯(cuò)誤

// Format?string?mismatch
void ?defect21()
{
???????? char ?buff[ 5 ];
????????sprintf(buff,? " %s?%s " ,? " a " );
}

會報(bào): d:\test\testcode\testcode.cpp(277) : warning C6063: Missing string argument to 'sprintf' that corresponds to conversion specifier '2'

7)安全問題

void ?defect27()
{
????????CreateProcess(NULL,
??????????????? " c:\\program?files\\Project.exe?arg1 " ,? // correct?"\"c:\\program?files\\Project.exe\"?arg1",
???????????????NULL,
???????????????NULL,
??????????????? false ,
??????????????? 0 ,
???????????????NULL,
???????????????NULL,
???????????????NULL,
???????????????NULL);???????????????
}

會報(bào): d:\test\testcode\testcode.cpp(327) : warning C6277: NULL application name with an unquoted path in call to 'CreateProcessA': results in a security vulnerability if the path contains spaces

8)=和==誤用

void ?defect32()
{
???????? int ?a? = ? 1 ;

???????? if ?(a? = ? 2 )
???????????????? return ;
}

會報(bào): d:\test\testcode\testcode.cpp(405) : warning C6282: Incorrect operator: assignment of constant in Boolean context. Consider using '==' instead

9)邏輯運(yùn)算問題

// always?false
void ?defect45()
{
???????? int ?x;

???????? if ?( 0 ? && ?x ++ )?{
????????????????;
????????}
}

會報(bào): d:\test\testcode\testcode.cpp(564) : warning C6237: (<zero> && <expression>) is always zero. <expression> is never evaluated and might have side effects

10)其他

Feedback

# re: C++代碼靜態(tài)分析工具-Prefast 回復(fù) 更多評論

2006-03-28 17:36 by 笑笑生

不錯(cuò)

# re: C++代碼靜態(tài)分析工具-Prefast 回復(fù) 更多評論

2006-03-28 18:32 by christanxw

哪里可以下載？

# re: C++代碼靜態(tài)分析工具-Prefast 回復(fù) 更多評論

2006-03-28 20:57 by fiestay

樓上的哥們,樓主逗說了,這個(gè)是和VS.net 2005集成在一起的:)

這工具看起來還不錯(cuò),沒有具體用過.有個(gè)叫C++Test的工具也能對代碼進(jìn)行分析,也可以進(jìn)行單元測試,也不錯(cuò):)

# re: C++代碼靜態(tài)分析工具-Prefast 回復(fù) 更多評論

2006-03-29 12:12 by flyingxu

有VC6能用的嗎?

# re: flyingxu 回復(fù) 更多評論

2006-03-29 12:57 by 小明

vc6中使用Prefast的方法:

prefast是附帶在微軟的DDK中的

In VC6 project

1. Install Windows IFS Kit and DDK package
2. Execute Development Kits->Windows IFS Kit and DDK ->Build environment -> windows 2000->windows 2000 checked build environment
3. Export Visual Studio project to a .mak file
4. remove /GZ in .mak file or link fail
5. Edit a run.bat file (not necessary, only for set new include and lib path)

run.bat file content
----------------
rem set include and lib path
set include=C:\Program Files\Microsoft Visual Studio\VC98\atl\include;C:\Program Files\Microsoft Visual Studio\VC98\mfc\include;C:\Program Files\Microsoft Visual Studio\VC98\include
set lib=C:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;C:\Program Files\Microsoft Visual Studio\VC98\lib
rem clean environment
nmake /f httpgetfile.mak clean
rem run prefast command
C:\WINDDK\3790.1830\bin\x86\prefast\scripts\prefast nmake /f httpgetfile.mak CFG="HttpGetFile - Win32 Debug"
rem unset include and lib path
set lib=
set include=

# re: C++代碼靜態(tài)分析工具-Prefast 回復(fù) 更多評論

2008-11-03 10:01 by 微波輻射

C上可以用嗎？

# re: C++代碼靜態(tài)分析工具-Prefast 回復(fù) 更多評論

2008-11-04 17:01 by zhangyz

linux 有這樣的工具嗎?

刷新評論列表

只有注冊用戶登錄后才能發(fā)表評論。
【推薦】100%開源！大型工業(yè)跨平臺軟件C++源碼提供，建模，組態(tài)！

相關(guān)文章: 逆向三國群英2 debug to fix crash 那些leveldb使用的奇技淫巧1-內(nèi)存管理奇怪的g++的行為 printf的wrapper 如何寫出專業(yè)的C頭文件 C++源文件編碼問題 {Just for fun} 如何讓指針指向自己 [STL] 循環(huán)中erase 談?wù)剆nprintf

網(wǎng)站導(dǎo)航: 博客園 IT新聞 BlogJava 博問 Chat2DB 管理

小明思考

C++代碼靜態(tài)分析工具-Prefast

Feedback

# re: C++代碼靜態(tài)分析工具-Prefast 回復(fù) 更多評論

# re: C++代碼靜態(tài)分析工具-Prefast 回復(fù) 更多評論

# re: C++代碼靜態(tài)分析工具-Prefast 回復(fù) 更多評論

# re: C++代碼靜態(tài)分析工具-Prefast 回復(fù) 更多評論

# re: flyingxu 回復(fù) 更多評論

# re: C++代碼靜態(tài)分析工具-Prefast 回復(fù) 更多評論

# re: C++代碼靜態(tài)分析工具-Prefast 回復(fù) 更多評論

日歷

公告

留言簿(17)

隨筆分類

隨筆檔案

友情連接

搜索

積分與排名

最新評論

閱讀排行榜

評論排行榜