I’ve been a customer of Gimpel Software’s PC-Lint for a while now.To help programmers adapt to using it, Gimpel publishes a Living with Lint
document that provides practical advice for optimizing the signal-to-noise ratio in Lint’s output, and for optimizing your development process for use with Lint.
In that spirit, here are Steve’s Top 10 Suggestions for Living with PREfast
- Turn up your compiler warnings. Try to get used to coding at the highest warning levels – /W4 /Wp64 /WX. This will help you write cleaner code and PREfast will find less to complain about when you run it.
- Turn PREfast’s warnings all the way up.. Then use one-line suppress annotations to suppress any false positives. This one may be counter-intuitive, but you get used to it. Code that is clear enough for PREfast to let through under full warnings is likely to be easier for a new maintainer to pick up, and it forces you to document assumptions with suppress statements.
- Test early, test often. Far better to discover a design flaw early than be forced into either rewriting a whole lot of code later or shipping sub-par code due to time pressure. Start running PREfast as soon as your code compiles at all, and keep testing frequently throughout the dev process.
- Integrate PREfast into dev, test, and release. Set a policy that code should be PREfast-clean before it’s merged into a shipping branch. Test engineers should participate in enforcing the PREfast-clean quality gate. Release engineers should sanity check before final release. You may even want to document exceptions.
- Test checked and free builds. Conditional compilation results in different code in free and checked builds. Test both to get complete coverage.
- Use the latest kit. PREfast gets better with every release of the DDK, and with every beta of the WDK. Staying up-to-date is important.
- Set up error suppressions. #pragma warning will suppress false positives. You can’t see real problems easily if you have lots of noise in the warning list.
- Develop a warning suppression list. This applies to both /W4 and PREfast. Suppress as few warnings as you can.
- File bugs on PREfast exceptions. If you are forced to make an exception and not fix a PREfast warning, open a bug for it. Taking PREfast warnings seriously means not starving them of dev time. Give them formal attention in the form of bug count.
- Adapt. Placating PREfast is not a coding goal. But it happens that, more often than not, getting PREfast to quiet down by changing your code results in clearer (if occasionally less elegant) code. The fewer one-offs you have to remember, the better, so learning to code with PREfast will save you time in the long run.
- Give feedback. The folks who are responsible for PREfast are a smart bunch indeed, but nobody writes perfect code. If you find a PREfast problem, bring it up on NTDEV or USENET.
OK, I guess this list goes to 11. I’d be curious to hear about others’ experiences in really using PREfast for development.
from where do u get the DDK , specify me the locations please .
I cant find even 1 location for that .
Hi Steve,
I just started using PREfast for ordinary Win32 user mode development for x86. I am using it probably in an unsupported scenario: I have VS2005 Professional and installed the latest Vista Beta PlatSDK (Build 5472) which comes with a cl.exe that is PREfast-capable (the cl.exe that comes with VS2005 Professional doesn’t know about PREfast). I simply added /analyze to the C/C++ compiler settings and the path to the PlatSDK’s bin directory to the executable search path and presto: I had Prefast support . However, in this scenario, any one-line suppress annotation as mentioned in your post simply doesn’t work. So I have to resort to “#pragma warning” on a per-function scope which is less than optimal. Any clues to why “#pragma prefast” doesn’t work?
Also, the macro _PREFAST doesn’t automatically get defined, as the link to the one-line suppress annotations suggests. Is this a CE-only thingie?
Anyway, PREfast is way cool. I already found a number of subtle errors in my code that never in my whole life I would have figured that they could even exist.
[...] Using PREfast takes some getting used to, but in the end, I find it to be worthwhile. Oh, and incidentally, you can also get other features left out of Express Edition this way, like x64 compilers. Happy coding! [...]
You mention “Turn PREfast’s warnings all the way up” as one of your guidelines. However, as far as I could tell from available documentation there is no way to enable additional warnings in PREfast, at least not the version I’m using (/analyze on the cl.exe that comes with the Windows SDK). The only thing I saw was instructions on how to disable warnings, or how to turn warnings into errors. Am I missing something?
Yeah, that wasn’t particularly clear. PREfast comes with a set of warning filters for different uses. I meant to suggest *not* filtering any warnings. You’re right, there is no “warning level”; simply not filtering any warnings is the thing to do.
I found this article useful, but one thing I want to know is running the prefast from the command line.
Is there a way to compile, do codeanalysis & build the whole solution (.sln) by using cl.exe from the command line since that can understand /analyze. I know that cl.exe perhaps only take the .cpp/.c/.cs files as the file arguments , so is there a way to run codeanalysis on a project file or a solution file which includes all the files in the project?
The main objective here is to run the codeanalysis from a batch file on a solution/project file and not calling the cl.exe multiple times in the batch file for each cpp file in the project
Sure, you could handle it by creating another configuration (Release, Debug, “Analysis”) and calling that from vcbuild. That ought to do it for you.
I don’t know anything about .cs so I can’t comment there. Should work for .c and .cpp though.
Hey I just posted an article on how to get PREFast, use it and verify that scans are indeed running on http://www.buildingsecurecode.com.
The article’s direct link is: http://buildingsecurecode.blogspot.com/2007/08/security-code-scanning-with-microsoft.html.
Thanks,
Kevin Lam
Impacta LLC (www.impactalabs.com)
Sorry there was an extra period at the end, the correct link is:
http://buildingsecurecode.blogspot.com/2007/08/security-code-scanning-with-microsoft.html
Hi
Just install the latest WDK I tied to run PREfast on the sample code but apperently it fail exit without doing anything
even “prefast /?” does not work .
Tried to capture the prefast in the debbuger showed that it exit from operator new[] function
any ideas ?
Odd. Are you in the source directory of your driver? Make sure the path has no spaces in it. What command are you using to set up your build environment? (setenv…)