[英]How to cause SAL compiler warnings in my own code using Visual C++ without running static code analysis
If I create a new console project in VS 2019 and add my own annotated implementation of printf
and call both real printf
and my version:如果我在 VS 2019 中创建一个新的控制台项目并添加我自己的
printf
注释实现并调用真正的printf
和我的版本:
// SALTest.cpp : This file contains the 'main' function. Program execution begins and ends there.
//
#include <iostream>
#include <cstdarg>
int my_printf(_In_z_ _Printf_format_string_ char const* const format, ...)
{
va_list arglist;
va_start(arglist, format);
int result = _vfprintf_l(stdout, format, nullptr, arglist);
va_end(arglist);
return result;
}
int main()
{
printf("Hello World!\n");
printf("printf good: %s\n", "narrow string");
printf("printf bad: %s\n", L"wide string");
my_printf("my_printf good: %s\n", "narrow string");
my_printf("my_printf bad: %s\n", L"wide string");
}
When I compile the file I see a compiler warning for the misuse of printf
but not for the misuse of my_printf
:当我编译文件时,我看到一个编译器警告,提示误用
printf
而不是误用my_printf
:
1>------ Build started: Project: SALTest, Configuration: Debug Win32 ------
1>SALTest.cpp
1>C:\Code\SALTest\SALTest.cpp(21,12): warning C4477: 'printf' : format string '%s' requires an argument of type 'char *', but variadic argument 1 has type 'const wchar_t *'
Now it is true that I can "Run Code Analysis on File (Ctrl+Shift+Alt+F7)" and that will give me code analysis warnings for both printf and my_printf in addition to the original compiler warning for printf:现在确实可以“在文件上运行代码分析 (Ctrl+Shift+Alt+F7)”,除了 printf 的原始编译器警告之外,它还将为我提供 printf 和 my_printf 的代码分析警告:
1>------ Build started: Project: SALTest, Configuration: Debug Win32 ------
1>SALTest.cpp
1>C:\Code\SALTest\SALTest.cpp(21,12): warning C4477: 'printf' : format string '%s' requires an argument of type 'char *', but variadic argument 1 has type 'const wchar_t *'
...
C:\Code\SALTest\SALTest.cpp(21): warning C6303: Format string mismatch: wide character string passed as _Param_(2) when character string is required in call to 'printf' Actual type: 'const wchar_t [12]'.
C:\Code\SALTest\SALTest.cpp(23): warning C6303: Format string mismatch: wide character string passed as _Param_(2) when character string is required in call to 'my_printf' Actual type: 'const wchar_t [12]'.
But my question is this: is it possible to get the same compiler warning for my_printf
that I get for printf
without resorting to running a code-analysis?但我的问题是:是否有可能在不求助于运行代码分析的情况下为
my_printf
获得与我为printf
获得的相同的编译器警告? Turning on code-analysis for the huge project I'm on is not an option.为我正在进行的大型项目打开代码分析不是一种选择。
SAL annotations have no effect whatsoever during the compiling stage, as they are implemented as empty preprocessor macros. SAL 注释在编译阶段没有任何影响,因为它们是作为空的预处理器宏实现的。 They only have an effect on static analysis tools.
它们只对静态分析工具有影响。
In the case of printf()
(and other similar standard functions, like scanf()
), modern compilers have built-in knowledge of the requirements of their parameters, and can thus validate user-provided parameter values at compile-time.对于
printf()
(以及其他类似的标准函数,如scanf()
),现代编译器具有对其参数要求的内置知识,因此可以在编译时验证用户提供的参数值。 But that a compiler extension, not defined by the C/C++ standards.但这是一个编译器扩展,不是由 C/C++ 标准定义的。
For instance, gcc and clang offer compile-time validation of a printf
-style user function by decorating it with __attribute__((format(...)))
, but MSVC does not support that feature at this time, it only supports SAL annotations.例如,gcc 和 clang 通过用
__attribute__((format(...)))
装饰printf
风格的用户函数来提供编译时验证,但MSVC 目前不支持该功能,它只支持 SAL 注释.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.