SAL 2.0 Annotations for Windows Drivers
- 2 minutes to read
-
Contributors
The Microsoft Source Code Annotation Language (SAL) includes annotations that are specific to the analysis of Windows drivers and the related kernel code. The annotation language provides a way of describing properties of functions, parameters, return values, structures, and structure fields. Annotations are like comments that you add to your code and are ignored by the compiler but are used by the static analysis tools. The use of annotations helps improve developer effectiveness, helps improve the accuracy of the results from static analysis, and allows the tools to better determine whether a particular bug exists. The driver annotations are not intended for use in non-driver or non-kernel-related code. The driver annotations are defined in Driverspecs.h.
Note Windows 8 introduces SAL 2.0, which replaces SAL 1.0. For information about SAL 2.0, see Using SAL Annotations to Reduce C/C++ Code Defects. SAL 2.0 replaces SAL 1.0. SAL 2.0 should be used with the Windows Driver Kit (WDK) 8 for Windows 8. If you need information about the SAL 1.0 for drivers, refer to the documentation that ships with the WDK for Windows 7.
| Driver annotations | Category | Use |
|---|---|---|
IRQL_requires_max(value) IRQL_requires_min(value) IRQL_raises(value) IRQL_requires(value) IRQL_raises(value) IRQL_saves IRQL_restores IRQL_saves_global(kind, param) IRQL_restores_global(kind, param) IRQL_always_function_min(value) IRQL_always_function_max(value) IRQL_requires_same |
IRQL annotations | Use the IRQL annotations to specify the range of IRQL levels at which a function should run. The IRQL annotations help the code analysis tool to more accurately find errors. |
| IRQL_is_cancel | IRQL annotations | Use the IRQL_is_cancel annotation can help ensure correct behavior of a DRIVER_CANCEL callback function. |
Kernel_float_saved Kernel_float_restored Kernel_float_used |
Floating point annotations for drivers | Use the floating point annotations to help the code analysis tool detect the use of floating point in kernel-mode code and to report errors if the floating-point state is not properly protected. |
Kernel_clear_do_init |
DO_DEVICE_INITIALIZING annotation | Use the Kernel_clear_do_init annotation to specify whether the annotated function is expected to clear the DO_DEVICE_INITIALIZING bit in the Flags field of the device object. |
Kernel_IoGetDmaAdapter |
Kernel_IoGetDmaAdapter Annotation | Use the Kernel_IoGetDmaAdapter annotation to direct the code analysis tools to look for misuse of DMA pointers. |
Interlocked_operand |
Annotations for interlocked operands | Use the Interlocked_operand annotation for function parameters to identify them as an interlocked operands. A number of functions take as one of their parameters the address of a variable that should be accessed by using an interlocked processor instruction. These are cache read-through atomic instructions, and if the operands are used incorrectly, very subtle bugs result. |
Dispatch_type |
Annotations for Driver Dispatch Routines. | Use the Dispatch_type annotation used when you declare WDM driver dispatch routines. See Declaring Functions Using Function Role Types for WDM Drivers and Annotating Driver Dispatch Routines |
Flt_CompletionContext_Outptr |
Flt_CompletionContext_Outptr Annotation | Use the Flt_CompletionContext_Outptr annotation when you declare file system minifilter pre-operation callback functions (PFLT_PRE_OPERATION_CALLBACK). Place this annotation on the CompletionContext parameter. This annotation directs the code analysis tool to check that the CompletionContext is correct for the FLT_PREOP_CALLBACK_STATUS return value. |