@David - Thank you for your feedback. 1. We are working to reduce the number of warnings in the headers as much as possible. 2. Running code analysis on one source file is an interesting idea, we've taken note. 3. Nice find! This is due to a missing annotation on _tsplitpath_s() that tells the analyzer it indeed returns null terminated strings. We will investigate. 4 & 5. Great suggestions. The second one is something we have discussed as well and we are looking into possible solutions. 6. As Jason mentioned, 64bit support is a high priority for us.
@Viorel - Thank you for your interest in code analysis. Code analysis is a static analyzer, meaning it solely depends on the source code, and does not require any changes to the binary to work correctly. There are big advantages to this methodology (no performance or size impact, minimal testing infrastructure required, consistent results) that would have to be compromised in order to throw runtime exceptions. I'd be happy to discuss further if you have additional questions.