Brief interlude with Some of Microsoft's Analysis Tools

Randall Maas 6/16/2010 9:56:42 AM

I've been describing the emulation of embedded software on a host platform, and encouraging use of the hosts code analysis tools to improve the code. So I've had the good fortune that Raymond Chen has mentioning some of Microsoft's code analysis tools at the same time. I have reproduced some of his links below:

Why it is called PREfast
How the annotation helps design better APIs for people and catching bugs

In this case, Mr Chen is referring to how a designer conveys the rules of the API, with something they call Security Annotation Language (SAL). The interesting things that you can see about an API include:

Some constraints on the value ' must be, maybe or must not be null (or zero)
If the pointer is to a single variable or an array
If the parameter that is the length (or other size) of the array
If the pointer (buffer) passed is an input (e.g. populated)
If the pointer (buffer) passed is an output (e.g. will be populated by the procedure)
The kind of string termination, if any, that is used.
That the string is a format string

These rules are made as "annotations" - inline attributes or qualifiers to each of the respective parameters - in the header file exporting the API. I don't think it makes the API easy to read, and the rules can be hard to read.

I have not done anything to generate the transformed code using Microsoft's annotations. This might might be an interesting project in the future.