Another way would be to use Eclipse CDT with Codan: http://wiki.eclipse.org/CDT/designs/StaticAnalysis http://www.slideshare.net/laskava/eclipse-con2011-v11 But it is not as good as what Visual Studio offers. The next version might also support analysis of x64 code. http://channel9.msdn.com/Events/BUILD/BUILD2011/TOOL-100T -- Paulo On Sun, Oct 23, 2011 at 8:00 PM, Alan Wolfe <alan.wolfe@xxxxxxxxx> wrote: > for what it's worth, the SAL stuff is implemented via macros, which means > if you were worried about being able to compile the code in another > compiler, you could make #define's for the SAL stuff which just did nothing. > > That would effectively make it ignore the markup. > > > On Sun, Oct 23, 2011 at 10:55 AM, Christoph Harder <shadowomf@xxxxxxxx>wrote: > >> Hello, >> >> thanks for looking, I tried to create an annotated project, that should >> actually create a warning when analyzed. >> However I received a compiler error and on MSDN it says the analyzer is >> not available for x64 Versions of Visual Studio. >> Since I do use the x64 version and also build my Software for x64 (it is >> just for myself and my portfolio) it is useless for me. >> >> The annotations are actually directly done in source code (see example >> below), but I wasn't able to test if it works when put into some macro. >> One thing is for sure, the source code gets longer. And Microsoft seems to >> be unsure how to do the actual annotation, there seem to be 4 different >> ways/versions of doing it in Visual C++. >> >> class Test >> { >> public: >> [returnvalue:Post(Tainted=Yes)**] static int returnsTainted() >> { >> return 0; >> } >> static int requiresUntainted([Pre(**Tainted=No)] int p) >> { >> return p; >> } >> static void testAnalyzer() >> { >> int x = requiresUntainted(**returnsTainted()); >> } >> }; >> >> Can anybody recommend another (free) static analyzer? Do you use them in >> your projects or do you rely on the compiler warnings (and you own >> programming skill)? >> I would like to try if it really helps me catching some bugs that are >> usually just not detected. Microsoft seems to catch quite a few bugs, but my >> projects aren't as complex as theirs. >> >> The clang project seems to provide a static analyzer, but it seems >> non-trivial to use it on anything but OS X. >> And there is Cppcheck, maybe I will try it when I have the time. >> >> Thanks for your help. >> -Christoph Harder >> >> >> On 23.10.2011 17:04, Kevin Jenkins wrote: >> >>> Can't find an answer in Google for that. But I would try creating a file, >>> writing an annotation, then saving it. Then open the file in a text >>> editor >>> and make sure it's regular C++. If the annotations are saved in a >>> separate >>> file then you'd have to check that in along with the C++ file, which I >>> can >>> see being a nuisance with source control where people forget to check it >>> in. >>> >>> >> --------------------- >> To unsubscribe go to >> http://gameprogrammer.com/**mailinglist.html<http://gameprogrammer.com/mailinglist.html> >> >> >> >