I've been describing the emulation of embedded software on a host platform, and encouraging use of the hosts code analysis tools to improve the code. So I've had the good fortune that Raymond Chen has mentioning some of Microsoft's code analysis tools at the same time. I have reproduced some of his links below:
In this case, Mr Chen is referring to how a designer conveys the rules of the API, with something they call Security Annotation Language (SAL). The interesting things that you can see about an API include:
These rules are made as "annotations" - inline attributes or qualifiers to each of the respective parameters - in the header file exporting the API. I don't think it makes the API easy to read, and the rules can be hard to read.
I have not done anything to generate the transformed code using Microsoft's annotations. This might might be an interesting project in the future.