Michael Howard, Microsoft’s resident coding security blogger, has posted an article about Standard Annotation Language, or SAL – otherwise known to developers as the switch from IN to __in in the SDK. It looks like a really fantastic tool, and things like Team System’s /analyze switch and the DDK’s PreFAST can make great use of these annotations to catch latent bugs.
There’s only one problem: if you are not a proud owner of Team System (which is pretty expensive), you’re not invited to the SAL party:
C:\vs2k5\VC>cl /analyze test.cpp Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 14.00.50727.42 for 80x86 Copyright (C) Microsoft Corporation. All rights reserved. cl : Command line warning D9040 : ignoring option '/analyze'; Code Analysis warnings are not available in this edition of the compiler test.cpp Microsoft (R) Incremental Linker Version 8.00.50727.42 Copyright (C) Microsoft Corporation. All rights reserved. /out:test.exe test.obj C:\vs2k5\VC>
Users of other editions of Visual Studio, including (I suppose) Standard Edition and (certainly) Express Edition, are left out in the cold.
I think this is a mistake on Microsoft’s part. For a company that has only recently gotten ahead of its reputation for security problems, I would think that anything it can do to disseminate these tools to the world would be really valuable to them. It’s one thing to charge more for features such as a resource editor or a profiler (both extra-cost add-ons to Visual Studio), but selling an important security tool like this is a bad idea.
I predict that this will be addressed soon. Microsoft is usually excellent at making tools like this available – look at PreFAST, which is part of the (freely available) DDK, and Static Driver Verifier (ditto). You could, of course, argue that this is dramatically more important to the world than ether of the preceding tools, if only due to the massively larger developer audience for user-mode software, and due to the fact that a kernel-mode driver is not usually a coder’s first project.
Good point. I’m irritated to find that the version of Visual Studio I get with my MSDN subscription, a reward given along with the MVP status, doesn’t actually come with this feature. If I didn’t get the MSDN for free, I’d be buying it for my small business, and I certainly wouldn’t be affording the Enterprise version, so I still wouldn’t have SAL.
Code Security tools should not be a pricey solution available only to a few.
I wish I had as much confidence as you did. Microsoft tends to worry more about dollar and marketshare than end-user concerns.
[...] Last week I complained that Microsoft hadn’t made the benefits of SAL available to people who didn’t plunk down the money for their top-of-the-line development tools. Well, today Michael Howard pointed out that the Vista beta 2 SDK includes PREfast and can therefore take advantage of SAL. I’m downloading the new Vista stuff now (still…), and I can’t wait to check this out for myself. I’m glad Microsoft decided to take my excellent advice, even before I offered it! [...]
Welcome to the wonderful wide world of developer tool monetization. You’ll also notice that the IA64 tools aren’t available in standard, the x64 tools aren’t available in the express SKU. Profile guided optimization is only available to the non std/express SKU owners. At least the express & standard SKU’s now contain an optimizing compiler back end…
I haven’t been at MSFT quite long enough to recall this, but many of the longer-term MSFT folks in the VC++ organization refer to the day that the developer division started turning a profit on it’s own as a the beginning of the end. Developer tools should be focused on pull through for the platform, not squeezing money from developers… [Just my opinion, here...]
It is kind of a crazy thought, now that you put it that way. I can understand removing “features” (x64 et al.) but at some point you may as well just not ship the compiler.
The thing that gets me is shipping less-secure versions of your tools. If you’re going to ship ‘em at all, ship ‘em as securely as you can.
The code analysis features that Michael Howard describes in his post are available for download as part of the compiler toolset in the Microsoft Windows SDK (http://www.microsoft.com/downloads/details.aspx?FamilyId=13F8E273-F5EA-4B7B-B022-97755838DB94&displaylang=en).