Edit

DDI usage rule set (KMDF)

  • Article

Use these rules to verify that your driver correctly uses KMDF DDIs correctly.

In this section

Topic Description

BufAfterReqCompletedIoctl

The BufAfterReqCompletedIoctl rule specifies that within the EvtIoDeviceControl callback function, the I/O request buffer retrieved cannot be accessed after the I/O request is completed.

BufAfterReqCompletedIntIoctl

The BufAfterReqCompletedIntIoctl rule specifies that after a request is completed, its buffer cannot be accessed (inside EvtIoInternalDeviceControl callback function only). The buffer is retrieved by calling WdfRequestRetrieveOutputBuffer or WdfRequestRetrieveUnsafeUserOutputBuffer or WdfRequestRetrieveInputBuffer or WdfRequestRetrieveUnsafeUserInputBuffer.

BufAfterReqCompletedIntIoctlA

The BufAfterReqCompletedIntIoctlA rule verifies that after a request is completed, its buffer cannot be accessed (inside EvtIoInternalDeviceControl callback only). The buffer was retrieved by calling WdfRequestRetrieveInputBuffer or WdfRequestRetrieveOutputBuffer or WdfRequestRetrieveUnsafeUserInputBuffer or WdfRequestRetrieveUnsafeUserOutputBuffer.

BufAfterReqCompletedIoctlA

The BufAfterReqCompletedIoctlA rule specifies that within the EvtIoDeviceControl callback function, the I/O request buffer retrieved cannot be accessed after the I/O request is completed.

BufAfterReqCompletedRead

The BufAfterReqCompletedRead rule specifies that within the EvtIoRead callback function, the I/O request buffer retrieved cannot be accessed after the I/O request is completed. There are 14 DDIs that serve as possible buffer access methods.

BufAfterReqCompletedReadA

The BufAfterReqCompletedReadA rule specifies that within the EvtIoRead callback function, the I/O request buffer retrieved cannot be accessed after the I/O request is completed. There are 14 DDIs that serve as possible buffer access methods.

BufAfterReqCompletedWrite

The BufAfterReqCompletedWrite rule specifies that within the EvtIoWrite callback function, the I/O request buffer retrieved cannot be accessed after the I/O request is completed.

BufAfterReqCompletedWriteA

The BufAfterReqCompletedWriteA rule specifies that within the EvtIoWrite callback function, the I/O request buffer retrieved cannot be accessed after the I/O request is completed.

ChildDeviceInitApi

The ChildDeviceInitApi rule specifies that for a child device, the framework device object initialization methods must be called before the driver calls the WdfDeviceCreate method for the child device object.

ControlDeviceDeleted

The ControDeviceDeleted rule specifies that if a PnP driver creates a control device object, the driver must delete the control device object in one of the cleanup callback functions before the driver unloads.

ControlDeviceInitAPI

The ControlDeviceInitAPI rule specifies that WdfControlDeviceInitAllocate and all other device object initialization DDIs that set up a WDFDEVICE_INIT structure for the control device must be called before WdfDeviceCreate for the control device.

CtlDeviceFinishInitDeviceAdd

The CtlDeviceFinishInitDeviceAdd rule specifies that if a driver creates control device object in an EvtDriverDeviceAdd callback function, it must call WdfControlFinishInitializing after the device has been created and before it exits from the EvtDriverDeviceAdd callback function. This rule does not apply for non-PnP drivers.

CtlDeviceFinishInitDrEntry

The CtlDeviceFinishInitDrEntry rule specifies that if a driver creates a control device object in a DriverEntry callback function, it must call WdfControlFinishInitializing after the device has been created and before it exits from the EvtDriverDeviceAdd callback function. This rule does not apply for non-PnP drivers.

DeviceCreateFail

The DeviceCreateFail rule specifies that EVT_WDF_DRIVER_DEVICE_ADD returns an error status when the call to WdfDeviceCreate fails.

DeviceInitAllocate

The DeviceInitAllocate rule specifies that, for a PDO device or a control device object, the framework device object initialization methods WdfPdoInitAllocate or WdfControlDeviceInitAllocate must be called before the driver calls WdfDeviceCreate.

DeviceInitAPI

For an FDO device, the framework device object initialization methods and the framework FDO initialization methods must be called before the driver calls the WdfDeviceCreate method for the device object.

DoubleDeviceInitFree

The DoubleDeviceInitFree rule specifies that drivers should not free device initialization structure twice.

DriverCreate

The DriverCreate rule specifies that a driver that uses Kernel Mode Driver Framework (KMDF) must call the WdfDriverCreate method to create a framework driver object from within its DriverEntry routine.

InitFreeDeviceCallback

The InitFreeDeviceCallback rule specifies that a driver must call WdfDeviceInitFree if the driver encounters an error while it initializes a new framework device object, and if the driver received the WDFDEVICE_INIT structure from a call to WdfControlDeviceInitAllocate.

InitFreeDeviceCreate

The InitFreeDeviceCreate rule specifies that a driver must call WdfDeviceInitFree instead of WdfDeviceCreate if an error occurs in one of the device object initialization methods and if the driver received the WDFDEVICE_INIT structure from a call to WdfControlDeviceInitAllocate.

InitFreeDeviceCreateType2

The InitFreeDeviceCreateType2 rule specifies that a driver must not call WdfDeviceCreate after it calls WdfDeviceInitFree.

InitFreeDeviceCreateType4

The InitFreeDeviceCreateType4 rule specifies that a driver must call WdfDeviceInitFree if the driver encounters an error while it calls WdfDeviceCreate and if the driver received the WDFDEVICE_INIT structure from a call to WdfControlDeviceInitAllocate.

InitFreeNull

The InitFreeNull rule specifies that DDIs receiving PWDFDEVICE_INIT as a parameter cannot be called by using a NULL pointer to a WDFDEVICE_INIT structure.

MdlAfterReqCompletedIntIoctl

The MdlAfterReqCompletedIntIoctl rule specifies that within the EvtIoInternalDeviceControl callback function, the memory descriptor list (MDL) cannot be accessed after the I/O request is completed.

MdlAfterReqCompletedIntIoctlA

The MdlAfterReqCompletedIntIoctlA rule specifies that within the EvtIoInternalDeviceControl callback function, the memory descriptor list (MDL) cannot be accessed after the I/O request is completed.

MdlAfterReqCompletedIoctl

The MdlAfterReqCompletedIoctl rule specifies that within the EvtIoDeviceControl callback function, the memory descriptor list (MDL) cannot be accessed after the I/O request is completed.

MdlAfterReqCompletedIoctlA

The MdlAfterReqCompletedIoctlA rule specifies that within the EvtIoDeviceControl callback function, the memory descriptor list (MDL) cannot be accessed after the I/O request is completed.

MdlAfterReqCompletedRead

The MdlAfterReqCompletedRead rule specifies that within the EvtIoRead callback function, the memory descriptor list (MDL) object retrieved cannot be accessed after the I/O request is completed.

MdlAfterReqCompletedReadA

The MdlAfterReqCompletedReadA rule specifies that within the EvtIoRead callback function, the memory descriptor list (MDL) object retrieved cannot be accessed after the I/O request is completed.

MdlAfterReqCompletedWrite

The MdlAfterReqCompletedWrite rule specifies that within the EvtIoWrite callback function, the memory descriptor list (MDL) object retrieved cannot be accessed after the I/O request is completed.

MdlAfterReqCompletedWriteA

The MdlAfterReqCompletedWriteA rule specifies that within the EvtIoWrite callback function, the memory descriptor list (MDL) object retrieved cannot be accessed after the I/O request is completed.

MemAfterReqCompletedIntIoctl

The MemAfterReqCompletedIntIoctl rule specifies that within the EvtIoInternalDeviceControl callback function, the framework memory object cannot be accessed after the I/O request is completed.

MemAfterReqCompletedIntIoctlA

The MemAfterReqCompletedIntIoctlA rule specifies that within the EvtIoInternalDeviceControl callback function, the framework memory object cannot be accessed after the I/O request is completed.

MemAfterReqCompletedIoctl

The MemAfterReqCompletedIoctl rule specifies that within the EvtIoDeviceControl callback function, the framework memory object cannot be accessed after the I/O request is completed.

MemAfterReqCompletedIoctlA

The MemAfterReqCompletedIoctlA rule specifies that within the EvtIoDeviceControl callback function, the framework memory object cannot be accessed after the I/O request is completed.

MemAfterReqCompletedRead

The MemAfterReqCompletedRead rule specifies that within the EvtIoRead callback function, the framework memory object cannot be accessed after the I/O request is completed.

MemAfterReqCompletedReadA

The MemAfterReqCompletedReadA rule specifies that within the EvtIoRead callback function, the framework memory object cannot be accessed after the I/O request is completed.

MemAfterReqCompletedWrite

The MemAfterReqCompletedWrite rule specifies that within the EvtIoWrite callback function, the framework memory object cannot be accessed after the I/O request is completed.

MemAfterReqCompletedWriteA

The MemAfterReqCompletedWriteA rule specifies that within the EvtIoWrite callback function, the framework memory object cannot be accessed after the I/O request is completed.

NullCheck

The NullCheck rule verifies that a NULL value inside the driver code is not dereferenced later in the driver. This rule reports a defect if either of these conditions is true:

  • There is an assignment of NULL that is dereferenced later.
  • There is a global/parameter to a procedure in a driver that may be NULL that is dereferenced later, and there is an explicit check in the driver that suggests that the initial value of the pointer may be NULL.

With NullCheck rule violations, the most relevant code statements are highlighted in the trace tree pane. For more information about working with report output, see Static Driver Verifier Report and Understanding the Trace Viewer.

PdoDeviceInitAPI

The PdoDeviceInitAPI rule specifies that WdfPdoInitAllocate and all other device object initialization DDIs that set up a WDFDEVICE_INIT structure for the physical device object (PDO) must be called before the driver calls WdfDeviceCreate for the PDO.

PdoInitFreeDeviceCallback

The PdoInitFreeDeviceCallback rule specifies that the driver must call WdfDeviceInitFree if an error occurs when the driver calls any framework device object initialization function.

PdoInitFreeDeviceCreate

The PdoInitFreeDeviceCreate rule specifies that a driver must call WdfDeviceInitFree instead of WdfDeviceCreate if an error occurs in one of the device object initialization functions and if the driver received the WDFDEVICE_INIT structure from a call to WdfPdoInitAllocate.

PdoInitFreeDeviceCreateType2

The PdoInitFreeDeviceCreateType2 rule specifies that a driver must not call WdfDeviceCreate after it calls WdfDeviceInitFree.

PdoInitFreeDeviceCreateType4

The PdoInitFreeDeviceCreateType4 rule specifies that the driver must call WdfDeviceInitFree if an error occurs when the driver calls WdfDeviceCreate.

ControlDeviceInitAllocate

The ControlDeviceInitAllocate rule specifies that for a control device object, the driver must call the framework device object initialization method WdfControlDeviceInitAllocate before the driver calls WdfDeviceCreate.

InputBufferAPI

The InputBufferAPI rule specifies that the correct DDIs for buffer retrieval are used in the EvtIoReadcallback function. Within the EvtIoRead callback function, the following DDIs cannot be called for buffer retrieval:

To select the DDI usage rule set

  1. Select your driver project (.vcxProj) in Microsoft Visual Studio. From the Driver menu, click Launch Static Driver Verifier….

  2. Click the Rules tab. Under Rule Sets, select DDIUsage.

    To select the default rule set from a Visual Studio developer command prompt window, specify DDIUsage.sdv with the /check option. For example:

    msbuild /t:sdv /p:Inputs="/check:DDIUsage.sdv" mydriver.VcxProj /p:Configuration="Win8 Release" /p:Platform=Win32

    For more information, see Using Static Driver Verifier to Find Defects in Drivers and Static Driver Verifier commands (MSBuild).