prefast

Prefast, often styled PREfast, is a static analysis tool developed by Microsoft for C and C++ code. It analyzes source code to detect programming mistakes that could lead to security vulnerabilities, memory corruption, resource leaks, or other runtime failures. The tool operates at compile time, inspecting function calls, return codes, memory management, and API usage, and it can examine code paths that are difficult to validate with dynamic testing.

Prefast relies on code annotations, such as SAL (Source Annotation Language), to express intended behaviors, preconditions,

Historically, PreFast was distributed with Microsoft development tools and was widely used in Windows and driver

Limitations include potential false positives and the need for careful annotation. As static analysis capabilities evolved,