1. IT-Security >
  2. Programmierung >
  3. IntelliSense Code Linter for C++


IntelliSense Code Linter for C++

Programmierung vom | Direktlink: devblogs.microsoft.com Nachrichten Bewertung

In Visual Studio 2019 version 16.6 Preview 2, we’re excited to announce a new preview feature to help C++ developers identify and fix code defects as they write code. The IntelliSense Code Linter for C++ checks your code “as-you-type, underlines problems in the editor, and Lightbulb actions offer suggested fixes.

Linter demo showing a check and applying a suggested fix.

This new feature is built on the existing IntelliSense capabilities for C++ in Visual Studio. This means results are provided more quickly than results from Background Code Analysis. In order to ensure that IntelliSense stays as fast as possible, the linter checks are focused on easily detected issues. The new linter checks complement existing code analysis tools (like Background Code Analysis using MSVC or Clang-Tidy) which handle complex analysis. 

You can try out the linter today by enabling it from the Preview Features pane in the Tools > Options menu.

Screenshot showing how to enable the C++ linter.

Design Goals

When deciding what would make a good linter check, we kept a few goals in mind.

  • Identify defects that surprise C++ developers – especially polyglot developers coming from other languages. The linter checks will smooth the learning curve for some C++ language features.
  • Offer suggested fixes for the problems. Just as IntelliSense errors can help you identify when code will fail to build due to syntactic errors, the linter helps you identify and fix logic and runtime errors before the code even builds.
  • Identify problems that make sense to fix. This ends up being a matter of code style and philosophy, but in general they’re focused on the kinds of defects that cause real bugs.

New Checks

With these goals in mind, we have implemented the following checks in Preview 2.

Arithmetic Overflow

This check finds cases where arithmetic is evaluated with 32-bit types and then assigned to a wider type. Assigning to a wider type is a good indication that the developer expected the expression value to exceed the range of a 32-bit type. In C++ the expression will be evaluated as 32-bit, which may overflow, and then widened for assignment.

Arithmetic Overflow Check and Suggested Fix.

Integer Division Assigned to Floating Point

This check finds places where integer division is assigned to a floating-point type. Assigning to a floating-point type is a good indication that the developer wanted the fractional part of the result. In C++, the integer division will be evaluated, and the fractional part will be truncated before the result is assigned to the floating-point type.

Int Division to Float Check and Suggested Check

Logical/Bitwise Mismatch

This check finds cases where logical operators are used with integer values or using bitwise operators with Boolean values. C++ allows this because of implicit conversions, but the practice is error prone and hurts code readability.

Logical Bitwise Mismatch Check and Suggested Fix.

Assignment/Equality Mismatch

Using the assignment operator in conditional expressions is syntactically correct but may be a logical error. This check looks for cases where variables are being assigned from constants in conditions. This is almost always incorrect because it forces the condition to always be true or false.

Assignment Equality Mismatch Check and Suggested Fix.

Accidental Copy

The auto keyword in C++ is a great feature, especially when interacting with templated code. It has one subtle behavior that can be confusing or easily overlooked by C++ developers of all skill levels. auto does not deduce references so in cases where a declared variable is being assigned from an expression that returns a reference, a copy is made. This isn’t always a bug, but we wanted to help developers be aware that a copy is being made, when maybe it wasn’t desired.

Accidental Copy Check and Suggested Fix.

Uninitialized Local

Primitive variables in C++ are not initialized to any value by default. This can lead to non-deterministic behaviors at runtime. The current implementation of this check is very aggressive and will warn on any declaration that doesn’t have an initializer.

Uninitialized Local check and suggested fix.

Coming Soon

The new linter is still a work in progress, but we are excited to be able to ship a preview release that developers can try out. Here are a few features that will be coming in future releases. 

  • Configuration: currently the feature is either enabled or disabled. There isn’t a way in the current version to enable/disable or change the severity of individual checks. 
  • Suppression: many code analysis tools can suppress warnings on a per-instance basis. This is typically done in the source code with an annotation (e.g. #pragma or a code comment). The linter does not support suppression currently. 
  • Integration with other code analysis tools: the linter checks only run in the IDE so currently cannot be used as part of a CI or build. The compiler-based tools (MSVC and Clang-Tidy) should continue to be used. When Background Code Analysis is enabled, you may get green squiggles from MSVC or Clang-Tidy that overlap with the linter results in the editor.  

We’ve been working hard to make an editor that helps developers “shift left” and find bugs earlier in the development loop. We hope that you find the new IntelliSense Code Linter for C++ useful. Please try it out and let us know what you think. We can be reached via the comments below, email ([email protected]), and Twitter (@VisualC). The best way to file a bug or suggest a feature is via Developer CommunityHappy coding!

The post IntelliSense Code Linter for C++ appeared first on C++ Team Blog.


Externe Webseite mit kompletten Inhalt öffnen


Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • Regex Performance Improvements in .NET 5

    vom 810.15 Punkte ic_school_black_18dp
    The System.Text.RegularExpressions namespace has been in .NET for years, all the way back to .NET Framework 1.1. It’s used in hundreds of places within the .NET implementation itself, and directly by thousands upon thousands of applications. Across all of t
  • ConfigureAwait FAQ

    vom 754.83 Punkte ic_school_black_18dp
    .NET added async/await to the languages and libraries over seven years ago. In that time, it’s caught on like wildfire, not only across the .NET ecosystem, but also being replicated in a myriad of other languages and frameworks. It’s also seen a ton of im
  • Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes

    vom 729.01 Punkte ic_school_black_18dp
    This is the second in our series of Top 5 interesting cases from 2019. Each of these bugs has some element that sets them apart from the more than 1,000 advisories released by the program this year. Today’s blog looks a local privilege escalation in t
  • Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs

    vom 687.21 Punkte ic_school_black_18dp
    Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be
  • Diving Deep Into a Pwn2Own Winning WebKit Bug

    vom 571.65 Punkte ic_school_black_18dp
    Pwn2Own Tokyo just completed, and it got me thinking about a WebKit bug used by the team of Fluoroacetate (Amat Cama and Richard Zhu) at this year’s Pwn2Own in Vancouver. It was a part of the chain that earned them $55,000 and was a nifty piece of
  • Announcing TypeScript 3.7

    vom 556.9 Punkte ic_school_black_18dp
    We’re thrilled to announce the release of TypeScript 3.7, a release packed with awesome new language, compiler, and tooling features. If you haven’t yet heard of TypeScript, it’s a language based on JavaScript that adds static type-checking along wit
  • IntelliSense Code Linter for C++

    vom 537.17 Punkte ic_school_black_18dp
    In Visual Studio 2019 version 16.6 Preview 2, we’re excited to announce a new preview feature to help C++ developers identify and fix code defects as they write code. The IntelliSense Code Linter for C++ checks your code “as-you-type,“ underlines problems 
  • Announcing TypeScript 3.8

    vom 507.73 Punkte ic_school_black_18dp
    Today we’re proud to release TypeScript 3.8! For those unfamiliar with TypeScript, it’s a language that adds syntax for types on top of JavaScript which can be analyzed through a process called static type-checking. This type-checking can tell us about
  • RetDec - A Retargetable Machine-Code Decompiler Based On LLVM

    vom 478.22 Punkte ic_school_black_18dp
    RetDec is a retargetable machine-code decompiler based on LLVM.The decompiler is not limited to any particular target architecture, operating system, or executable file format:Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and ra
  • Try out Nullable Reference Types

    vom 474.53 Punkte ic_school_black_18dp
    Try out Nullable Reference Types With the release of .NET Core 3.0 Preview 7, C# 8.0 is considered "feature complete". That means that the biggest feature of them all, Nullable Reference Types, is also locked down behavior-wise for the .NET Core release. It w
  • An Introduction to System.Threading.Channels

    vom 447.49 Punkte ic_school_black_18dp
    “Producer/consumer” problems are everywhere, in all facets of our lives. A line cook at a fast food restaurant, slicing tomatoes that are handed off to another cook to assemble a burger, which is handed off to a register worker to fulfill your or
  • Announcing TypeScript 3.7 RC

    vom 441.34 Punkte ic_school_black_18dp
    We’re pleased to announce TypeScript 3.7 RC, the release candidate of TypeScript 3.7. Between now and the final release, we expect no further changes except for critical bug fixes. To get started using the RC, you can get it through NuGet, or use npm with the following command: npm install [email protected]

Team Security Diskussion über IntelliSense Code Linter for C++