How to cause SAL compiler warnings in my own code using Visual C++ without running static code analysis

Question

If I create a new console project in VS 2019 and add my own annotated implementation of printf and call both real printf and my version:

    // SALTest.cpp : This file contains the 'main' function. Program execution begins and ends there.
    //

    #include <iostream>
    #include <cstdarg>

    int my_printf(_In_z_ _Printf_format_string_ char const* const format, ...)
    {
        va_list arglist;
        va_start(arglist, format);
        int result = _vfprintf_l(stdout, format, nullptr, arglist);
        va_end(arglist);
        return result;
    }

    int main()
    {
        printf("Hello World!\n");

        printf("printf good: %s\n", "narrow string");
        printf("printf bad: %s\n", L"wide string");
        my_printf("my_printf good: %s\n", "narrow string");
        my_printf("my_printf bad: %s\n", L"wide string");
    }

When I compile the file I see a compiler warning for the misuse of printf but not for the misuse of my_printf :

1>------ Build started: Project: SALTest, Configuration: Debug Win32 ------
1>SALTest.cpp
1>C:\Code\SALTest\SALTest.cpp(21,12): warning C4477: 'printf' : format string '%s' requires an argument of type 'char *', but variadic argument 1 has type 'const wchar_t *'

Now it is true that I can "Run Code Analysis on File (Ctrl+Shift+Alt+F7)" and that will give me code analysis warnings for both printf and my_printf in addition to the original compiler warning for printf:

1>------ Build started: Project: SALTest, Configuration: Debug Win32 ------
1>SALTest.cpp
1>C:\Code\SALTest\SALTest.cpp(21,12): warning C4477: 'printf' : format string '%s' requires an argument of type 'char *', but variadic argument 1 has type 'const wchar_t *'
...
C:\Code\SALTest\SALTest.cpp(21): warning C6303: Format string mismatch:  wide character string passed as _Param_(2) when character string is required in call to 'printf' Actual type: 'const wchar_t [12]'.
C:\Code\SALTest\SALTest.cpp(23): warning C6303: Format string mismatch:  wide character string passed as _Param_(2) when character string is required in call to 'my_printf' Actual type: 'const wchar_t [12]'.

But my question is this: is it possible to get the same compiler warning for my_printf that I get for printf without resorting to running a code-analysis? Turning on code-analysis for the huge project I'm on is not an option.

Answer 1

SAL annotations have no effect whatsoever during the compiling stage, as they are implemented as empty preprocessor macros. They only have an effect on static analysis tools.

In the case of printf() (and other similar standard functions, like scanf() ), modern compilers have built-in knowledge of the requirements of their parameters, and can thus validate user-provided parameter values at compile-time. But that a compiler extension, not defined by the C/C++ standards.

For instance, gcc and clang offer compile-time validation of a printf -style user function by decorating it with __attribute__((format(...))) , but MSVC does not support that feature at this time, it only supports SAL annotations.