| Hi ZeroMQ devs, I want to see how you guys feel about adding SAL 2 annotations to the code (https://learn.microsoft.com/en-us/cpp/c-runtime-library/sal-annotations) The goal is to give hints to (Microsoft’s) static analyzers beyond what can be inferred from the code itself, with the hope to enforce correct usage, verify assumptions at compile time, and ultimately reduce defects. We have a couple of static analyzers at work that use the annotations, the public version of one of them (PREfast) ships with Visual Studio and can be used by anyone. It is possible to #define out all annotations for non-MSVC builds. The PREfast analysis itself is opt-in so it’s possible to annotate with zero side effect save for a little more work for the preprocessor. What I did was adding a new zmq_sal.h header (next to zmq_utils.h) and simply included it #ifdef _MSC_VER from zmq.h The new header either includes <sal.h> from the Windows SDK for MSVC, or adds a bunch of #defines that resolve to nothing for other compilers. The next step is to annotate all the exported functions, then progressively move inwards to internal functions and methods and check that in. From there, anyone can opt to enable code analysis on MSVC builds and review/address the more insightful warnings. Any resulting code changes would be separate things. Thoughts? Axel |
_______________________________________________ zeromq-dev mailing list [email protected] https://lists.zeromq.org/mailman/listinfo/zeromq-dev
