static analysis and verification of drivers donn terry software development engr. microsoft...

Static Analysis And Static Analysis And Verification Of DriversVerification Of Drivers

Donn TerryDonn TerrySoftware Development Engr.Software Development Engr.Microsoft CorporationMicrosoft Corporation

Vlad LevinVlad LevinSoftware Development Engr. Software Development Engr. Microsoft CorporationMicrosoft Corporation

Session OutlineSession Outline

Static analysis toolsStatic analysis toolsWhat they areWhat they are

The benefits of using themThe benefits of using them

PREPREffast for Drivers (PFD)ast for Drivers (PFD)

Static Driver Verifier (SDV)Static Driver Verifier (SDV)

SummarySummary

Getting started/labGetting started/lab

What Is Static Analysis?What Is Static Analysis?

Compile-time analysis of the source programCompile-time analysis of the source programLike code inspection, but performed by a toolLike code inspection, but performed by a tool

Compile-time type-checking is a predecessorCompile-time type-checking is a predecessor

Looks for violations of well-defined constraintsLooks for violations of well-defined constraintsProcedure contracts or API contracts Procedure contracts or API contracts

Examples of bugs to be found by Examples of bugs to be found by Static Analysis:Static Analysis:

p = NULL;p = NULL;……f(p);f(p);f()f() requires requires pp to be non-NULLto be non-NULL

Completing the same Irp twice:Completing the same Irp twice: IoCompleteRequest (Irp); IoCompleteRequest (Irp);

... ...

IoCompleteRequest (Irp);IoCompleteRequest (Irp);

Why Static Analysis?Why Static Analysis?

Rule of thumbRule of thumb

A defect that costs $1 to fix on the A defect that costs $1 to fix on the programmer’s desktop costs $100 toprogrammer’s desktop costs $100 tofix once it is incorporated into a complete fix once it is incorporated into a complete program and many thousands of dollarsprogram and many thousands of dollarsif it is identified only after the softwareif it is identified only after the softwarehas been deployed in the fieldhas been deployed in the fieldBuilding a Better Bug Trap – The Economist June 2003Building a Better Bug Trap – The Economist June 2003

Static Analysis Tools For DriversStatic Analysis Tools For Drivers

Two technologies providedTwo technologies providedPFD: Look inside every procedure for possible violationsPFD: Look inside every procedure for possible violations

SDV: Look along paths, cross inter-procedural boundariesSDV: Look along paths, cross inter-procedural boundariesEach is better in some situationsEach is better in some situations

ReadFoo ( PIRP Irp ){ PIRP p = NULL; ... if (status) { Irp = p; }}

ReadFoo ( PIRP Irp ) { ... status = Bar (Irp); if (status) { IoCompleteRequest(Irp); } }

Bar ( PIRP Irp ) { ... IoCompleteRequest(Irp); return STATUS_SUCCESS;}

XXXX

XXXX

Static Analysis Tools For DriversStatic Analysis Tools For Drivers

PREPREffast for Drivers (PFD)ast for Drivers (PFD)Looks at one procedure at a timeLooks at one procedure at a time

For several hundred constraintsFor several hundred constraints

Best for quick checks and early developmentBest for quick checks and early development

Static Driver Verifier (SDV)Static Driver Verifier (SDV)A “compile-time version” of Driver Verifier.A “compile-time version” of Driver Verifier.

Looks along every path, crossingLooks along every path, crossinginter-procedural boundariesinter-procedural boundaries

For a few hundred WDM constraintsFor a few hundred WDM constraints

More under developmentMore under development

Best for deep analysis of full driverBest for deep analysis of full driver

We Can Make It BetterWe Can Make It BetterUse static analysis tools for driversUse static analysis tools for drivers

Push-button technologyPush-button technology

100% path coverage100% path coverageAt no cost (let a computer do it)At no cost (let a computer do it)

At little time (hours versus weeks)At little time (hours versus weeks)

Defects are discovered early Defects are discovered early Even before device hardware is availableEven before device hardware is available

Before designing test casesBefore designing test cases

Often while still codingOften while still coding

Defect reports are easy to useDefect reports are easy to useA direct reference to the defective path (or point)A direct reference to the defective path (or point)in the source code reduces cost of debugging in the source code reduces cost of debugging

How You Debug And Test TodayHow You Debug And Test Today

XXXX

I/OMgr

DLLDLLDriverDriver

????

????

????????

The driver causes a crash – How? Under what scenario? On which path?The driver causes a crash – How? Under what scenario? On which path?It takes time to find out …It takes time to find out …

Is this DLL involved?

XXXX

I/OMgr

DLLDLLDriverDriver

IoCompleteRequest(…)

DriverIoCtl ( Irp ) ????

Now, you knowNow, you know the type of the bug – Yet, the path is cloudythe type of the bug – Yet, the path is cloudyDebug, debug, debug …Debug, debug, debug …

????

Driver Verifier And A Lucky TestDriver Verifier And A Lucky Test

ClassIoCtl ( Irp )

???? ????IoCompleteRequest(…)

IoCompleteRequest(…)

Static Analysis Does Two ThingsStatic Analysis Does Two ThingsFinds a defectFinds a defect

Reveals the pathReveals the path

Without testingWithout testing

Without debuggingWithout debugging

DriverIoCtl ( Irp )

ClassIoCtl ( Irp )

if (status != …) {

IoCompleteRequest( Irp );

}IoCompleteRequest( Irp );}

switch ( … ){

DLLDLLDriverDriver

I/OMgr

XXXX

How About Path Coverage? How About Path Coverage?

One test caseOne test case covers only covers only one pathone path in the driver in the driver

The path remains unrevealed if no defect foundThe path remains unrevealed if no defect found

100 test cases cover < 100 paths? 100 test cases cover < 100 paths?

More test cases -> more duplicationMore test cases -> more duplication

XXXX

I/OMgr

XXXX

XXXXXXXX

weeksweeks

Path Coverage: Testing In ProgressPath Coverage: Testing In Progress

XXXX

XXXXXXXX

weeksweeks

Failure pathsFailure paths

Corner casesCorner cases

““Impossible” pathsImpossible” paths

Path Coverage: Far From CompletePath Coverage: Far From Complete

Path Coverage: Incomplete, UnknownPath Coverage: Incomplete, Unknown

XXXX

XXXXXXXX

weeksweeks

How many paths remain How many paths remain untested?untested?

50% ? More?50% ? More?Corner casesCorner casesFailure pathsFailure paths

““Impossible” pathsImpossible” pathsJust omissionsJust omissions

Path Coverage: Time To MarketPath Coverage: Time To Market

XXXX

XXXXXXXX

weeksweeks

Corner casesCorner casesFailure pathsFailure paths

““Impossible” pathsImpossible” pathsJust omissionsJust omissions

When When areare you done? you done?

How long would it take to test How long would it take to test all of them? all of them?

Longer than you can afford!Longer than you can afford!

XXXX XXXX

XXXX

XXXX

XXXX

XXXX

In minutes or hours, not weeks or In minutes or hours, not weeks or monthsmonths

Employing Computer, not a Test Employing Computer, not a Test EngineerEngineer

Targeting a large set of potential Targeting a large set of potential violationsviolations

Static Analysis: 100% CoverageStatic Analysis: 100% Coverage

Static Analysis – How Does It Work?Static Analysis – How Does It Work?

The tool builds an abstract model of a driver and The tool builds an abstract model of a driver and exhaustively inspects execution along all paths exhaustively inspects execution along all paths

The abstract model is simpler: it’s reduced... The abstract model is simpler: it’s reduced...

It’s so much simpler that it’s possible to have it inspected It’s so much simpler that it’s possible to have it inspected (“simulated”) exhaustively(“simulated”) exhaustively

Over-approximation of the driverOver-approximation of the driverThe control part remains the same The control part remains the same

All paths are preserved and treated equally All paths are preserved and treated equally

The data state is over-approximatedThe data state is over-approximatedif argument x is not constrained, assume any value if argument x is not constrained, assume any value

if (x>0) guards the point of interest, keep track of boolean (x>0),if (x>0) guards the point of interest, keep track of boolean (x>0),but not integer value of x: boolean is simpler than integer but not integer value of x: boolean is simpler than integer

if (x > 0) { IoCompleteRequest (Irp); }if (x > 0) { IoCompleteRequest (Irp); }

Static AnalysisStatic AnalysisNot a silver bulletNot a silver bullet

Does Does notnot replace functional testing replace functional testing

Targets violations of a given set of Targets violations of a given set of well-defined constraintswell-defined constraints

Principal limitationPrincipal limitationIt doesn’t know about every possible errorIt doesn’t know about every possible error

Algorithms are based on source code abstraction Algorithms are based on source code abstraction and heuristicsand heuristics

Which results in both false positives and false negativesWhich results in both false positives and false negatives

It is not a silver bullet…It is not a silver bullet…

It is a useful toolIt is a useful tool

Our Static Tools For DriversOur Static Tools For Drivers

PREPREffast For Drivers (PFD)ast For Drivers (PFD)Lightweight and fast (runs in minutes)Lightweight and fast (runs in minutes)

Easy to use early in development – start earlyEasy to use early in development – start earlyUse on any code that compilesUse on any code that compiles

Limited to a procedure scopeLimited to a procedure scope

Works on any code, C and C++Works on any code, C and C++

Finds many local violationsFinds many local violations

Static Driver Verifier (SDV)Static Driver Verifier (SDV)Extremely deep analysis (runs in hours)Extremely deep analysis (runs in hours)

More useful in the later stages of developmentMore useful in the later stages of developmentRequires complete driverRequires complete driver

Works over the whole driverWorks over the whole driver

Limited to WDM and to C (more planned)Limited to WDM and to C (more planned)

Finds deep bugsFinds deep bugs

A problem has been detected and Windows has been shut down to prevent A problem has been detected and Windows has been shut down to prevent Damage to your Damage to your computer..

DRIVER_IRQL_NOT_LESS_OR_EQUALDRIVER_IRQL_NOT_LESS_OR_EQUAL

If this is the first time you've seen this Stop error screen,If this is the first time you've seen this Stop error screen,restart your computer. If this screen appears again, followrestart your computer. If this screen appears again, followthese steps:these steps:

Check to make sure any new hardware or software is properly installed.Check to make sure any new hardware or software is properly installed.If this is a new installation, ask your hardware or softwareIf this is a new installation, ask your hardware or softwareManufacturer for any Windows updates you might need.Manufacturer for any Windows updates you might need.

If problems continue, disable or remove any newly installed hardwareIf problems continue, disable or remove any newly installed hardwareor software. Disable BIOS memory options such as caching or shadowing.or software. Disable BIOS memory options such as caching or shadowing.If you need to use Safe Mode to remove or disable components, restartIf you need to use Safe Mode to remove or disable components, restartyour computer, press F8 to select Advanced Startup Options, and thenyour computer, press F8 to select Advanced Startup Options, and thenselect Safe Modeselect Safe Mode

Technical information:Technical information:

*** STOP: 0x00000001 (0x0000000,00000002,0x00000000,0x00000000)*** STOP: 0x00000001 (0x0000000,00000002,0x00000000,0x00000000)

Driver Tools RelationshipDriver Tools Relationship

Easy Easy Reproducibility Reproducibility HardHard

DepthDepth

DriverVerifier Static Driver

Verifier

PREfast for drivers

HardHardEase Ease Of UseOf Use

ComplexComplex

PFD: PREPFD: PREffast For Driversast For Drivers

Fast (2-5x compile time, usually)Fast (2-5x compile time, usually)

Finds a lot of “inadvertent” errors and some “hard” onesFinds a lot of “inadvertent” errors and some “hard” ones

Works on code that compiles; doesn’t need to runWorks on code that compiles; doesn’t need to run

Some things it can findSome things it can findNull pointer, uninitialized variable (along an unusual path)Null pointer, uninitialized variable (along an unusual path)

Local leaks (memory, resource)Local leaks (memory, resource)

Mismatched parametersMismatched parameters

Forgot to check resultForgot to check result

Format/list mismatchFormat/list mismatch

Misuse of IRQLs (some)Misuse of IRQLs (some)

Various special cases that are easily missed Various special cases that are easily missed (Cancel IRQL, e.g.)(Cancel IRQL, e.g.)

Proper use of callback/function pointersProper use of callback/function pointers

PFD: Driver Specific Resource LeakPFD: Driver Specific Resource Leak

void LeakSample(BOOLEAN Option1)

{

NTSTATUS Status;

KIRQL OldIrql;

BufInfo *pBufInfo;

KeAcquireSpinLock(MyLock,&OldIrql);

//...

if (Option1) {

pBufInfo = ExAllocatePoolWithTag(NonPagedPool,

sizeof(BufInfo), 'fuB_');

if (NULL==pBufInfo) {

return STATUS_NO_MEMORY;

}

//...

KeReleaseSpinLock(MyLock, OldIrql);

return STATUS_SUCCESS;

}

//...


{

NTSTATUS Status;

KIRQL OldIrql;

BufInfo *pBufInfo;


//...

if (Option1) {





}

//...



}

//...


warning 8103: Leaking the resource stored in 'SpinLock:MyLock'.


{

NTSTATUS Status;

KIRQL OldIrql;

BufInfo *pBufInfo;


//...

if (Option1) {




KeReleaseSpinLock(MyLock, OldIrql);KeReleaseSpinLock(MyLock, OldIrql);


}

//...



}

//...


PFD: AnnotationsPFD: Annotations

Tells PFD things it could not inferTells PFD things it could not infer

Enhance/enforce the “contract” between Enhance/enforce the “contract” between calling and called functioncalling and called function

Too much to cover here; there’s a paper Too much to cover here; there’s a paper with the detailswith the details

PFD: Annotations – ExamplePFD: Annotations – Example

wchar_t * wmemset( __out_ecount(ss) wchar_t *p, __in wchar_t v, __in size_t ss);

__in: the parameter is input to the function__in: the parameter is input to the function

__out: the parameter is output from the function__out: the parameter is output from the function

__out_ecount(s): the parameter is a buffer with s elements__out_ecount(s): the parameter is a buffer with s elements

If the parameter p doesn’t contain at least s elements, If the parameter p doesn’t contain at least s elements, PFD will yield a warningPFD will yield a warning

Static Analysis ToolsStatic Analysis ToolsFor DriversFor Drivers

Static Driver VerifierStatic Driver VerifierSDVSDV

SDV: Session OutlineSDV: Session Outline

IntroductionIntroduction

ExampleExample

ConceptsConceptsRulesRules

DDI ModelDDI Model

Verification EngineVerification Engine

ExperienceExperience

SDV: IntroductionSDV: Introduction

A “compile-time version” of Driver VerifierA “compile-time version” of Driver VerifierInspects driver source codeInspects driver source code

Looking for violations of DDI constraints Looking for violations of DDI constraints

SupportsSupportsWDM drivers WDM drivers

SDV 1.4 in Windows Vista WDKSDV 1.4 in Windows Vista WDK

KMDF drivers KMDF drivers Planned for Windows Server Planned for Windows Server code-named “Longhorn”code-named “Longhorn”

Preview in static analysis tools lab tomorrowPreview in static analysis tools lab tomorrow

SDV: QualitySDV: Quality

Comprehensive path coverageComprehensive path coverageChecks all possible paths in a driverChecks all possible paths in a driver

Checks cross procedure callsChecks cross procedure calls

Checks a driver together with librariesChecks a driver together with libraries

Finds deep defects that are hard to repro Finds deep defects that are hard to repro

SDV is not perfectSDV is not perfectOnly one driver (not the entire driver stack)Only one driver (not the entire driver stack)

DDI implementation code is abstracted awayDDI implementation code is abstracted away

Might run out of time Might run out of time

SDV: ExampleSDV: Example

Device DriverInterface

IoCompleteRequest

Driver

Dispatch routine

I/O System

IrpIrp

IrpIrp


XXXX

Device DriverInterface

IoCompleteRequest

Driver

Dispatch routine

I/O System

IrpIrp

IrpIrp IrpIrp

ParPort: A Double Completion BugParPort: A Double Completion BugFrom Windows Server 2003 DDK (build 3677 or earlier)From Windows Server 2003 DDK (build 3677 or earlier)

PptDispatchClose ( Irp ) P4CompleteRequest ( Irp )

IoCompleteRequest( Irp );XX

PptFdoClose( Irp )

P4CompleteRequestReleaseRemLoc ( Irp )

IOMngr


Sample driver in the old DDK 3677


One defect foundXXXX

First CompletionDouble Completion

SDV: ConceptsSDV: Concepts

XXXX

RulesRules

VerificatioVerification n EngineEngine

OS ModelOS Model

library.c

more_code.c

driver.c SDV

SDV: DDI RulesSDV: DDI Rules

XXXX

RulesRules


OS ModelOS Model

library.c

more_code.c

driver.c SDV DDI

Model

Verification Engine

DDI Rules


XXXX

Rules

Verification Engine

OS Model

library.c

more_code.c

driver.c SDV DDI

Model

Verification Engine

DDI Rules


SDV comes with SDV comes with 66 WDM rules 66 WDM rules

KMDF rules – planned for Windows Server KMDF rules – planned for Windows Server code-named “Longhorn”code-named “Longhorn”

A rule captures constraints imposed A rule captures constraints imposed by DDI requirements by DDI requirements

A rule is a Finite State Machine (FSM)A rule is a Finite State Machine (FSM)StatesStates

Abort points trap violationsAbort points trap violations

Other states are interim points Other states are interim points

EventsEventsAssociated with calls into DDIAssociated with calls into DDI

SDV: WDK Tells DDI ConstraintsSDV: WDK Tells DDI Constraints

KeAcquire SpinLock

KeReleaseSpinLock

Driver

Entry Point

I/O System

Driver Development Interface

SDV: A DDI Constraint Is – A RuleSDV: A DDI Constraint Is – A Rule

Rule 1Rule 1

SDV: One More RuleSDV: One More Rule

Rule 2Rule 2

SDV: And Yet Another RuleSDV: And Yet Another Rule

Rule 3Rule 3

SDV: Rule 1 SDV: Rule 1

KeAcquire SpinLock

KeReleaseSpinLock

Driver

Entry Point

I/O System

AbortAbortA

cqui

reA

cqui

re Release

Release

Driv

er c

alle

dD

river

cal

led

Driver returns

Driver returns

Unlocked

Acquire

Acquire

Driver re

turns

Driver re

turns

Locked

Release

Release

KeAcquireSpinLock and KeReleaseSpinLock can only be called in alternate order

Driver Development Interface

SDV: DDI ModelSDV: DDI Model

XXXX

RulesRules


OS ModelOS Model

library.c

more_code.c

driver.c SDVDDI

Rules

DDI Model

Verification Engine

SDV: DDI Model Wraps The DriverSDV: DDI Model Wraps The Driver

MainMain

Calls Calls DriverEntryDriverEntry

Calls Dispatch Routines (WDM) Calls Dispatch Routines (WDM) or Driver Callbacks (KMDF)or Driver Callbacks (KMDF)

Aspects of the OS state Aspects of the OS state

Interrupt Request Level (IRQL)Interrupt Request Level (IRQL)

Stubs for hundredsStubs for hundredsof DDI functionsof DDI functions

IoCreateDevice, …IoCreateDevice, …Device Driver

Interface

I/O Systemmainmain

IoCreateDeviceIoCreateDevice

IoCompleteRequestIoCompleteRequest

Driver

DriverEntryDriverEntry

IRQLIRQL

SDV: DDI Model – SummarySDV: DDI Model – Summary

Captures aspects ofCaptures aspects ofPlug-n-Play life cycle of a driverPlug-n-Play life cycle of a driver

The OS state The OS state

DDI implementationDDI implementation

Covers corner case scenariosCovers corner case scenarios

DDI model must be balanced DDI model must be balanced A more accurate model is biggerA more accurate model is bigger

A bigger model brings more computational A bigger model brings more computational complexity for the engine to cope withcomplexity for the engine to cope with

SDV: Verification EngineSDV: Verification Engine

XXXX

RulesRules


OS ModelOS Model

library.c

more_code.c

driver.c SDVDDI Rules

DDI Model

Verification Engine

SDV: Verification EngineSDV: Verification Engine

Symbolic model checking of a C programSymbolic model checking of a C program

Symbolically executesSymbolically executesYour driver in the context of the DDI modelYour driver in the context of the DDI model

While looking for rule violationsWhile looking for rule violations

Each and every path of the driver Each and every path of the driver is checkedis checked

How does it cope with computational How does it cope with computational complexity?complexity?

SDV: Abstract-Refine LoopSDV: Abstract-Refine Loop

AbstractionAbstraction – throw away irrelevant details – throw away irrelevant details

Model-checkingModel-checking on the reduced code on the reduced code

Bug validationBug validation on the original code on the original code

RefineRefine the abstraction if the bug doesn’t the abstraction if the bug doesn’t show in the original codeshow in the original code

bug bug ??

rule

validate

abstractrefine

model– check

C codeDriver

DDI model

XXXX

Reducedcode

SDV: Our Practical ExperienceSDV: Our Practical Experience

Finds deep bugs not found by testingFinds deep bugs not found by testing1 bug on average for a sample driver in Windows 1 bug on average for a sample driver in Windows Server 2003 DDK-3677Server 2003 DDK-3677

Well tested drivers are often cleanWell tested drivers are often clean

A dozen true bugs in a fresh driver A dozen true bugs in a fresh driver

Low Noise levelLow Noise levelLess than 1 false bug reported per driverLess than 1 false bug reported per driver

2 real bugs for 1 false bug on DDK-3677 samples2 real bugs for 1 false bug on DDK-3677 samples

PerformancePerformanceRuns in a few hoursRuns in a few hours

But may need to run overnightBut may need to run overnight

Static Analysis Tools For DriversStatic Analysis Tools For DriversSummarySummary

PREPREffast for Driversast for Drivers Static Driver VerifierStatic Driver Verifier

AvailabilityAvailability Available nowAvailable now WDM rules are availableWDM rules are available

KMDF rules are plannedKMDF rules are planned for LH Server – preview in for LH Server – preview in Static Analysis Tools Lab Static Analysis Tools Lab

ApplicabilityApplicability C and C++C and C++ C only, up to 50K LOCC only, up to 50K LOC

Issues foundIssues found Local defectsLocal defects

Easy to fixEasy to fix

High volumeHigh volume

Global defectsGlobal defects

Harder to fixHarder to fix

Low volumeLow volume

Development Development CycleCycle

Apply early –Apply early –

““When the driver When the driver compiles”compiles”

Run oftenRun often

Apply later –Apply later –

““When the basic structure of When the basic structure of the driver is in place”the driver is in place”

Run ad hoc or overnightRun ad hoc or overnight

Static Analysis CanStatic Analysis Can

The business caseThe business caseReduce risk of expensive after-deployment bugsReduce risk of expensive after-deployment bugs

Reduce time to marketReduce time to market

Reduce cost of code review and testingReduce cost of code review and testing

Improve code quality Improve code quality

Achieve higher test coverageAchieve higher test coverage

The development case The development case Find/prevent bugs earlierFind/prevent bugs earlier

more directly and obviouslymore directly and obviously

Find/prevent “hard to test” bugsFind/prevent “hard to test” bugs

Make you more efficientMake you more efficient

Use Static Analysis WiselyUse Static Analysis Wisely

It doesn’t know about all possible errorsIt doesn’t know about all possible errors

It doesn’t make testing unnecessary It doesn’t make testing unnecessary

Both false positives and false negatives Both false positives and false negatives can be misleadingcan be misleading

Static analysis tools complement testingStatic analysis tools complement testing

It’s wise to use them as a major part of It’s wise to use them as a major part of your quality strategy your quality strategy

Call To ActionCall To Action

Use these static tools on your driversUse these static tools on your drivers

Learn more about static analysis toolsLearn more about static analysis toolsRead the “PRERead the “PREffast Step-by-Step” paperast Step-by-Step” paper

Read the “Introducing Static Driver Verifier” paperRead the “Introducing Static Driver Verifier” paper

Read the Annotations paperRead the Annotations paper

Try the tools on your drivers or WDK samples Try the tools on your drivers or WDK samples at the lab tomorrowat the lab tomorrow

The lab requires a signed DPAThe lab requires a signed DPA

Send us questionsSend us questions

Give us feedbackGive us feedback

Current Status Of SDV And PFDCurrent Status Of SDV And PFD

Use PFD included in the latest WDKUse PFD included in the latest WDKavailable to youavailable to you

There are four versions of PREThere are four versions of PREffast “out there”ast “out there”Latest one in WDK and previous versions in older DDKsLatest one in WDK and previous versions in older DDKs

Use PFD version 8.0.xxxxxUse PFD version 8.0.xxxxxType “prefast” in a WDK build environmentType “prefast” in a WDK build environmentto view the PFD versionto view the PFD version

Use SDV included in the latest WDKUse SDV included in the latest WDKavailable to youavailable to you

There are two versions of SDV “out there”There are two versions of SDV “out there”Latest one in WDK prereleasesLatest one in WDK prereleases

Use SDV version 1.4.224 or laterUse SDV version 1.4.224 or laterType “staticdv” in a WDK build environment to view the SDV versionType “staticdv” in a WDK build environment to view the SDV version

Additional ResourcesAdditional Resources

Whitepapers on WHDC web siteWhitepapers on WHDC web sitePREPREffast step-by-step ast step-by-step

English: English: http://www.microsoft.com/whdc/DevTools/tools/PREfast_steps.mspxhttp://www.microsoft.com/whdc/DevTools/tools/PREfast_steps.mspxLinks to Chinese and Japanese translations are also available on this pageLinks to Chinese and Japanese translations are also available on this page

PREPREffast annotations ast annotations http://www.microsoft.com/whdc/DevTools/tools/annotations.mspxhttp://www.microsoft.com/whdc/DevTools/tools/annotations.mspx

Static Driver Verifier: finding bugs in device drivers at compile-time Static Driver Verifier: finding bugs in device drivers at compile-time http://www.microsoft.com/whdc/devtools/tools/SDV.mspxhttp://www.microsoft.com/whdc/devtools/tools/SDV.mspx

Introducing Static Driver Verifier Introducing Static Driver Verifier http://www.microsoft.com/whdc/devtools/tools/sdvintro.mspxhttp://www.microsoft.com/whdc/devtools/tools/sdvintro.mspx

Static Driver Verifier experience at MicrosoftStatic Driver Verifier experience at Microsofthttp://www.microsoft.com/whdc/devtools/tools/sdv-case.mspxhttp://www.microsoft.com/whdc/devtools/tools/sdv-case.mspx

EmailEmail (PRE(PREffast for Drivers)ast for Drivers) (Static Driver Verifier)(Static Driver Verifier)

Related sessionsRelated sessionsStatic Analysis Tools LabStatic Analysis Tools Lab

pfdfdbk @ microsoft.compfdfdbk @ microsoft.comsdvfdbk @ microsoft.comsdvfdbk @ microsoft.com

Questions?Questions?

© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions,

it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

static analysis and verification of drivers donn terry software development engr. microsoft...

Documents