Hacker News new | past | comments | ask | show | jobs | submit login

It is available to VS 2015 Update 1 users.



I don't believe it is, unless something's changed. To quote MSDN:

"The package currently contains checkers for the Bounds and Type profiles. Tooling for the Lifetime profile demonstrated in Herb Sutter’s plenary talk (video at https://www.youtube.com/watch?v=hEx5DNLWGgA) will be made available in a future release of the code analysis tools."

https://blogs.msdn.microsoft.com/vcblog/2015/12/03/c-core-gu...


I thought that the NuGet package already had a few updates since December.


I don't have access to a Windows machine right this moment to check, but a cursory search of the internet gives no indication that this tool has been released in any subsequent update. If it had, you'd think there'd be some fanfare, or acknowledgement, or documentation, or experience reports from users, or anything.


Have you seen the CppCon presentation?

About 1% of the audience answered affirmatively to Herb's question about who was using some kind of static analysis tools.

Outside HN and Reddit circles, very few C and C++ developers, at least the typical enterprise ones, don't really care about such tools.

Back on my C++ days, just one company cared to pay for Insure++ and I was probably the only one using it.

This is way I am looking forward to use it eventually, but don't have high hopes for wider adoption from other C++ vendors.

I guess need to update to Update 2 when it goes to RTM ready.


Extra-lingual static analysis tools are OK at finding bugs. They're not good at proving the absence of whole classes of bugs; that is what we should be striving for, and what Rust and other languages can provide.

So what I'm looking for from Herb Sutter is not just a set of good guidelines and tools to check for them, but also a proof --- or at least an argument --- that if the tool finds no errors in a piece of code then that code cannot be the source of memory safety bugs.


I agree, the biggest issue with extra tools is that they require additional effort to use them.

After all, lint was created to compensate for C's unsafety in 1979 and up until clang's introduction of static analysis, barely unused in the industry.

Still C++ isn't going anywhere and is the only native language with first class support in all mobile SDKs, so anything that helps improve its use is welcome.


I won't dispute that the vast majority of C++ developers seem to be indifferent to static analysis (look how many decades it took John Carmack to come around...), but the initial video presentation did cause a noticeable stir, and I would expect the actual release of the tool to incite a comparable reaction.


Yes I do agree with you.

Nowadays I only use C++ for hobby coding between Android and WP nowadays, or when I need to step out of JVM/.NET worlds, so I missed to follow up on it.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: