[gameprogrammer] Re: Code Annotations
- From: Paulo Pinto <pjmlp@xxxxxxxxxxxxx>
- To: gameprogrammer@xxxxxxxxxxxxx
- Date: Sun, 23 Oct 2011 20:19:56 +0200
Another way would be to use Eclipse CDT with Codan:
http://wiki.eclipse.org/CDT/designs/StaticAnalysis
http://www.slideshare.net/laskava/eclipse-con2011-v11
But it is not as good as what Visual Studio offers. The next version might
also support analysis of x64 code.
http://channel9.msdn.com/Events/BUILD/BUILD2011/TOOL-100T
--
Paulo
On Sun, Oct 23, 2011 at 8:00 PM, Alan Wolfe <alan.wolfe@xxxxxxxxx> wrote:
> for what it's worth, the SAL stuff is implemented via macros, which means
> if you were worried about being able to compile the code in another
> compiler, you could make #define's for the SAL stuff which just did nothing.
>
> That would effectively make it ignore the markup.
>
>
> On Sun, Oct 23, 2011 at 10:55 AM, Christoph Harder <shadowomf@xxxxxxxx>wrote:
>
>> Hello,
>>
>> thanks for looking, I tried to create an annotated project, that should
>> actually create a warning when analyzed.
>> However I received a compiler error and on MSDN it says the analyzer is
>> not available for x64 Versions of Visual Studio.
>> Since I do use the x64 version and also build my Software for x64 (it is
>> just for myself and my portfolio) it is useless for me.
>>
>> The annotations are actually directly done in source code (see example
>> below), but I wasn't able to test if it works when put into some macro.
>> One thing is for sure, the source code gets longer. And Microsoft seems to
>> be unsure how to do the actual annotation, there seem to be 4 different
>> ways/versions of doing it in Visual C++.
>>
>> class Test
>> {
>> public:
>> [returnvalue:Post(Tainted=Yes)**] static int returnsTainted()
>> {
>> return 0;
>> }
>> static int requiresUntainted([Pre(**Tainted=No)] int p)
>> {
>> return p;
>> }
>> static void testAnalyzer()
>> {
>> int x = requiresUntainted(**returnsTainted());
>> }
>> };
>>
>> Can anybody recommend another (free) static analyzer? Do you use them in
>> your projects or do you rely on the compiler warnings (and you own
>> programming skill)?
>> I would like to try if it really helps me catching some bugs that are
>> usually just not detected. Microsoft seems to catch quite a few bugs, but my
>> projects aren't as complex as theirs.
>>
>> The clang project seems to provide a static analyzer, but it seems
>> non-trivial to use it on anything but OS X.
>> And there is Cppcheck, maybe I will try it when I have the time.
>>
>> Thanks for your help.
>> -Christoph Harder
>>
>>
>> On 23.10.2011 17:04, Kevin Jenkins wrote:
>>
>>> Can't find an answer in Google for that. But I would try creating a file,
>>> writing an annotation, then saving it. Then open the file in a text
>>> editor
>>> and make sure it's regular C++. If the annotations are saved in a
>>> separate
>>> file then you'd have to check that in along with the C++ file, which I
>>> can
>>> see being a nuisance with source control where people forget to check it
>>> in.
>>>
>>>
>> ---------------------
>> To unsubscribe go to
>> http://gameprogrammer.com/**mailinglist.html<http://gameprogrammer.com/mailinglist.html>
>>
>>
>>
>
Other related posts:
