Open Bug 338758 Opened 16 years ago Updated 4 years ago

Support Standard Annotation Language to enhance static analysis of code

Categories

(Firefox Build System :: General, defect)

Product:
Firefox Build System
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

People

(Reporter: David.R.Gardiner, Unassigned)

Details

The Microsoft C++ compiler in the 2005 Team System and Team Developer versions supports the /analyze switch which performs static code analysis. It is the commercial version of the preFAST tool. 

(You can obtain prefast as part of the device development kit (DDK) but I'm not clear as to whether that version also supports these annotations like the /analyze switch of the C++ compiler does)

To improve the ability of the static analysis, some macros are defined that assist in things such as hinting whether parameters return values or not.

An introduction to SAL by Michael Howard (of "Writing Secure Code" fame)
http://blogs.msdn.com/michael_howard/archive/2006/05/19/602077.aspx

MSDN documentation on the annotations:
http://msdn2.microsoft.com/en-us/library/ms182032(VS.80).aspx

I think this would be a valuable thing to add to Mozilla source code. As they are macros, they could be added in a platform-neutral way (eg. the macros could resolve to nothing when not using the latest Windows Platform SDK and 2005 headers).

-dave
Another way to get a C++ compiler that supports the /analyze option is through the newly released Microsoft Windows SDK - 

http://www.microsoft.com/downloads/details.aspx?FamilyID=13f8e273-f5ea-4b7b-b022-97755838db94&DisplayLang=en (this is the Beta 2 release for Vista, but it runs on 2003 and XP)
I am in contact with a group of researchers who are interested in doing something quite similar - albeit with the Coccinelle toolset instead of the Microsoft toolset.
Product: Core → Firefox Build System
You need to log in before you can comment on or make changes to this bug.