Microsoft is considering making commercially available advanced code-checking tools used mostly by in-house developers thus far.
The tools have been under the purview of the Microsoft's Programmer Productivity Research Center. The center has tools for static analysis to examine static source text and patterns that indicate errors. Tools for dynamic analysis, which observe for program errors while the program is running, also have been a focus, said Thomas Ball, senior researcher with Microsoft's research group.
Static analysis tools that may be released commercially include Prefix, which features a toolkit to analyze source text for common errors. "It does a very sort of deep semantic analysis," finding errors such as memory leaks, corruption of memory, and null pointer references, said Ball.
Another static analysis tool, Prefast, is a more lightweight analysis tool for source text. "It's looking for errors but it's lightweight enough a toolkit that developers can run it on their desktop machine before they ever check in their code," Ball said. Prefast actually has had a narrow release to driver developers as part of the Microsoft driver developer kit, but the company is pondering a wider commercial distribution, he said.
Prefix, which was originally developed by Intrinsa in 1999, and Prefast, which was internally built at Microsoft, have been widely deployed inside Microsoft's major product groups, used on projects such as Windows Server 2003.
Additionally, Microsoft plans to eventually add to its driver developer kit technology called Slam, which is a core engine that provides rule-checking for device driver development. Slam checks to make sure an API is being used correctly, Ball said. The Slam engine works with Static Driver, which is a set of rules for finding errors in device drivers.
"What we're doing with tools like Prefix, Prefast, and Slam is extending the capability of [bug] checking," Ball said.
Microsoft also plans to make available to universities compilers from its Project Phoenix research effort, announced two years. Project Phoenix is intended as a next-generation compiler architecture in which developers can build additional value on top of the compiler to make code faster and find more defects. Project Phoenix eventually will be incorporated into Microsoft's Visual Studio tool.
The research center also has a tool called Scout, which provides regression testing to prevent introduction of bugs. It is not known whether this tool be made commercially available, Ball said.
Microsoft's Programmer Productivity Research Center has several areas of focus, including advanced compiler technology, performance monitoring and analysis, binary technologies, programming language systems, reliability, and software productivity tools.