Michael Howard, Microsoft’s resident coding security blogger, has posted an article about Standard Annotation Language, or SAL – otherwise known to developers as the switch from IN to __in in the SDK. It looks like a really fantastic tool, and things like Team System’s /analyze switch and the DDK’s PreFAST can make great use of these annotations to catch latent bugs.
There’s only one problem: if you are not a proud owner of Team System (which is pretty expensive), you’re not invited to the SAL party:
C:\vs2k5\VC>cl /analyze test.cpp
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 14.00.50727.42 for 80x86
Copyright (C) Microsoft Corporation. All rights reserved.
cl : Command line warning D9040 : ignoring option '/analyze';
Code Analysis warnings are not available in this edition of the compiler
test.cpp
Microsoft (R) Incremental Linker Version 8.00.50727.42
Copyright (C) Microsoft Corporation. All rights reserved.
/out:test.exe
test.obj
C:\vs2k5\VC>
Users of other editions of Visual Studio, including (I suppose) Standard Edition and (certainly) Express Edition, are left out in the cold.
I think this is a mistake on Microsoft’s part. For a company that has only recently gotten ahead of its reputation for security problems, I would think that anything it can do to disseminate these tools to the world would be really valuable to them. It’s one thing to charge more for features such as a resource editor or a profiler (both extra-cost add-ons to Visual Studio), but selling an important security tool like this is a bad idea.
I predict that this will be addressed soon. Microsoft is usually excellent at making tools like this available – look at PreFAST, which is part of the (freely available) DDK, and Static Driver Verifier (ditto). You could, of course, argue that this is dramatically more important to the world than ether of the preceding tools, if only due to the massively larger developer audience for user-mode software, and due to the fact that a kernel-mode driver is not usually a coder’s first project.
