SAL 2.0 Annotations for Windows Drivers

  • 2 minutes to read
  • Contributors
    • Eliot Graff
    • Nathan Bazan

The Microsoft Source Code Annotation Language (SAL) includes annotations that are specific to the analysis of Windows drivers and the related kernel code. The annotation language provides a way of describing properties of functions, parameters, return values, structures, and structure fields. Annotations are like comments that you add to your code and are ignored by the compiler but are used by the static analysis tools. The use of annotations helps improve developer effectiveness, helps improve the accuracy of the results from static analysis, and allows the tools to better determine whether a particular bug exists. The driver annotations are not intended for use in non-driver or non-kernel-related code. The driver annotations are defined in Driverspecs.h.

Note  Windows 8 introduces SAL 2.0, which replaces SAL 1.0. For information about SAL 2.0, see Using SAL Annotations to Reduce C/C++ Code Defects. SAL 2.0 replaces SAL 1.0. SAL 2.0 should be used with the Windows Driver Kit (WDK) 8 for Windows 8. If you need information about the SAL 1.0 for drivers, refer to the documentation that ships with the WDK for Windows 7.

Driver annotations Category Use

IRQL_requires_max(value)

IRQL_requires_min(value)

IRQL_raises(value)

IRQL_requires(value)

IRQL_raises(value)

IRQL_saves

IRQL_restores

IRQL_saves_global(kind, param)

IRQL_restores_global(kind, param)

IRQL_always_function_min(value)

IRQL_always_function_max(value)

IRQL_requires_same

 IRQL annotations

Use the IRQL annotations to specify the range of IRQL levels at which a function should run. The IRQL annotations help the code analysis tool to more accurately find errors.
IRQL_is_cancel IRQL annotations

Use the IRQL_is_cancel annotation can help ensure correct behavior of a DRIVER_CANCEL callback function.

Kernel_float_saved

Kernel_float_restored

Kernel_float_used

 Floating point annotations for drivers

Use the floating point annotations to help the code analysis tool detect the use of floating point in kernel-mode code and to report errors if the floating-point state is not properly protected.

Kernel_clear_do_init

 DO_DEVICE_INITIALIZING annotation

Use the Kernel_clear_do_init annotation to specify whether the annotated function is expected to clear the DO_DEVICE_INITIALIZING bit in the Flags field of the device object.

Kernel_IoGetDmaAdapter

 Kernel_IoGetDmaAdapter Annotation

Use the Kernel_IoGetDmaAdapter annotation to direct the code analysis tools to look for misuse of DMA pointers.

Interlocked_operand

 Annotations for interlocked operands

Use the Interlocked_operand annotation for function parameters to identify them as an interlocked operands. A number of functions take as one of their parameters the address of a variable that should be accessed by using an interlocked processor instruction. These are cache read-through atomic instructions, and if the operands are used incorrectly, very subtle bugs result.

Dispatch_type

 Annotations for Driver Dispatch Routines.

Use the Dispatch_type annotation used when you declare WDM driver dispatch routines. See Declaring Functions Using Function Role Types for WDM Drivers and Annotating Driver Dispatch Routines

Flt_CompletionContext_Outptr

 Flt_CompletionContext_Outptr Annotation

Use the Flt_CompletionContext_Outptr annotation when you declare file system minifilter pre-operation callback functions (PFLT_PRE_OPERATION_CALLBACK). Place this annotation on the CompletionContext parameter. This annotation directs the code analysis tool to check that the CompletionContext is correct for the FLT_PREOP_CALLBACK_STATUS return value.

Using SAL Annotations to Reduce C/C++ Code Defects