Visual C++ has a static code analyzer called PREfast that ist now ditributes in the new-ish Windows SDK v6.1. PREfast analyze used to be distributed in the DDK, and it used in part by the Microsoft Secure Development Lifecycle (SDL). The analysis basically catches stuff you forget when you're dealing with a lot of code
- Checking for NULL pointers or parameters in your functions
- Out of bounds indexing or buffer overflows for example in array indexes in 'for' loops
- Local variable scope masking other scopes
To make code analyze work with visual studio, for example VS2005, I set up this batch file
; devenv-prefast.bat
call "C:\Program Files\Windows SDK\v6.1\vcvars32.bat"
start "C:\Program Files\Microsoft Visual Studio 8.0\VC\Common7\IDE\devenv.exe" /UseEnv
This uses the PATH, INCLUDES, and LIBS from vcvars32.bat, and uses them in the Visual Studio environment. Then, you add /analyze to the Project -> C/C++ Command line options and it does the static code analysis