Static Analysis And Verification Of Drivers Donn Terry Software Development Engr. Microsoft...
-
Upload
ada-barton -
Category
Documents
-
view
217 -
download
1
Transcript of Static Analysis And Verification Of Drivers Donn Terry Software Development Engr. Microsoft...
Static Analysis And Static Analysis And Verification Of DriversVerification Of Drivers
Donn TerryDonn TerrySoftware Development Engr.Software Development Engr.Microsoft CorporationMicrosoft Corporation
Vlad LevinVlad LevinSoftware Development Engr. Software Development Engr. Microsoft CorporationMicrosoft Corporation
Session OutlineSession Outline
Static analysis toolsStatic analysis toolsWhat they areWhat they are
The benefits of using themThe benefits of using them
PREPREffast for Drivers (PFD)ast for Drivers (PFD)
Static Driver Verifier (SDV)Static Driver Verifier (SDV)
SummarySummary
Getting started/labGetting started/lab
What Is Static Analysis?What Is Static Analysis?
Compile-time analysis of the source programCompile-time analysis of the source programLike code inspection, but performed by a toolLike code inspection, but performed by a tool
Compile-time type-checking is a predecessorCompile-time type-checking is a predecessor
Looks for violations of well-defined constraintsLooks for violations of well-defined constraintsProcedure contracts or API contracts Procedure contracts or API contracts
Examples of bugs to be found by Examples of bugs to be found by Static Analysis:Static Analysis:
p = NULL;p = NULL;……f(p);f(p);f()f() requires requires pp to be non-NULLto be non-NULL
Completing the same Irp twice:Completing the same Irp twice: IoCompleteRequest (Irp); IoCompleteRequest (Irp);
... ...
IoCompleteRequest (Irp);IoCompleteRequest (Irp);
Why Static Analysis?Why Static Analysis?
Rule of thumbRule of thumb
A defect that costs $1 to fix on the A defect that costs $1 to fix on the programmer’s desktop costs $100 toprogrammer’s desktop costs $100 tofix once it is incorporated into a complete fix once it is incorporated into a complete program and many thousands of dollarsprogram and many thousands of dollarsif it is identified only after the softwareif it is identified only after the softwarehas been deployed in the fieldhas been deployed in the fieldBuilding a Better Bug Trap – The Economist June 2003Building a Better Bug Trap – The Economist June 2003
Static Analysis Tools For DriversStatic Analysis Tools For Drivers
Two technologies providedTwo technologies providedPFD: Look inside every procedure for possible violationsPFD: Look inside every procedure for possible violations
SDV: Look along paths, cross inter-procedural boundariesSDV: Look along paths, cross inter-procedural boundariesEach is better in some situationsEach is better in some situations
ReadFoo ( PIRP Irp ){ PIRP p = NULL; ... if (status) { Irp = p; }}
ReadFoo ( PIRP Irp ) { ... status = Bar (Irp); if (status) { IoCompleteRequest(Irp); } }
Bar ( PIRP Irp ) { ... IoCompleteRequest(Irp); return STATUS_SUCCESS;}
XXXX
XXXX
Static Analysis Tools For DriversStatic Analysis Tools For Drivers
PREPREffast for Drivers (PFD)ast for Drivers (PFD)Looks at one procedure at a timeLooks at one procedure at a time
For several hundred constraintsFor several hundred constraints
Best for quick checks and early developmentBest for quick checks and early development
Static Driver Verifier (SDV)Static Driver Verifier (SDV)A “compile-time version” of Driver Verifier.A “compile-time version” of Driver Verifier.
Looks along every path, crossingLooks along every path, crossinginter-procedural boundariesinter-procedural boundaries
For a few hundred WDM constraintsFor a few hundred WDM constraints
More under developmentMore under development
Best for deep analysis of full driverBest for deep analysis of full driver
We Can Make It BetterWe Can Make It BetterUse static analysis tools for driversUse static analysis tools for drivers
Push-button technologyPush-button technology
100% path coverage100% path coverageAt no cost (let a computer do it)At no cost (let a computer do it)
At little time (hours versus weeks)At little time (hours versus weeks)
Defects are discovered early Defects are discovered early Even before device hardware is availableEven before device hardware is available
Before designing test casesBefore designing test cases
Often while still codingOften while still coding
Defect reports are easy to useDefect reports are easy to useA direct reference to the defective path (or point)A direct reference to the defective path (or point)in the source code reduces cost of debugging in the source code reduces cost of debugging
How You Debug And Test TodayHow You Debug And Test Today
XXXX
I/OMgr
DLLDLLDriverDriver
????
????
????????
The driver causes a crash – How? Under what scenario? On which path?The driver causes a crash – How? Under what scenario? On which path?It takes time to find out …It takes time to find out …
Is this DLL involved?
XXXX
I/OMgr
DLLDLLDriverDriver
IoCompleteRequest(…)
DriverIoCtl ( Irp ) ????
Now, you knowNow, you know the type of the bug – Yet, the path is cloudythe type of the bug – Yet, the path is cloudyDebug, debug, debug …Debug, debug, debug …
????
Driver Verifier And A Lucky TestDriver Verifier And A Lucky Test
ClassIoCtl ( Irp )
???? ????IoCompleteRequest(…)
IoCompleteRequest(…)
Static Analysis Does Two ThingsStatic Analysis Does Two ThingsFinds a defectFinds a defect
Reveals the pathReveals the path
Without testingWithout testing
Without debuggingWithout debugging
DriverIoCtl ( Irp )
ClassIoCtl ( Irp )
if (status != …) {
IoCompleteRequest( Irp );
}IoCompleteRequest( Irp );}
switch ( … ){
DLLDLLDriverDriver
I/OMgr
XXXX
How About Path Coverage? How About Path Coverage?
One test caseOne test case covers only covers only one pathone path in the driver in the driver
The path remains unrevealed if no defect foundThe path remains unrevealed if no defect found
100 test cases cover < 100 paths? 100 test cases cover < 100 paths?
More test cases -> more duplicationMore test cases -> more duplication
XXXX
I/OMgr
XXXX
XXXXXXXX
weeksweeks
Failure pathsFailure paths
Corner casesCorner cases
““Impossible” pathsImpossible” paths
Path Coverage: Far From CompletePath Coverage: Far From Complete
Path Coverage: Incomplete, UnknownPath Coverage: Incomplete, Unknown
XXXX
XXXXXXXX
weeksweeks
How many paths remain How many paths remain untested?untested?
50% ? More?50% ? More?Corner casesCorner casesFailure pathsFailure paths
““Impossible” pathsImpossible” pathsJust omissionsJust omissions
Path Coverage: Time To MarketPath Coverage: Time To Market
XXXX
XXXXXXXX
weeksweeks
Corner casesCorner casesFailure pathsFailure paths
““Impossible” pathsImpossible” pathsJust omissionsJust omissions
When When areare you done? you done?
How long would it take to test How long would it take to test all of them? all of them?
Longer than you can afford!Longer than you can afford!
XXXX XXXX
XXXX
XXXX
XXXX
XXXX
In minutes or hours, not weeks or In minutes or hours, not weeks or monthsmonths
Employing Computer, not a Test Employing Computer, not a Test EngineerEngineer
Targeting a large set of potential Targeting a large set of potential violationsviolations
Static Analysis: 100% CoverageStatic Analysis: 100% Coverage
Static Analysis – How Does It Work?Static Analysis – How Does It Work?
The tool builds an abstract model of a driver and The tool builds an abstract model of a driver and exhaustively inspects execution along all paths exhaustively inspects execution along all paths
The abstract model is simpler: it’s reduced... The abstract model is simpler: it’s reduced...
It’s so much simpler that it’s possible to have it inspected It’s so much simpler that it’s possible to have it inspected (“simulated”) exhaustively(“simulated”) exhaustively
Over-approximation of the driverOver-approximation of the driverThe control part remains the same The control part remains the same
All paths are preserved and treated equally All paths are preserved and treated equally
The data state is over-approximatedThe data state is over-approximatedif argument x is not constrained, assume any value if argument x is not constrained, assume any value
if (x>0) guards the point of interest, keep track of boolean (x>0),if (x>0) guards the point of interest, keep track of boolean (x>0),but not integer value of x: boolean is simpler than integer but not integer value of x: boolean is simpler than integer
if (x > 0) { IoCompleteRequest (Irp); }if (x > 0) { IoCompleteRequest (Irp); }
Static AnalysisStatic AnalysisNot a silver bulletNot a silver bullet
Does Does notnot replace functional testing replace functional testing
Targets violations of a given set of Targets violations of a given set of well-defined constraintswell-defined constraints
Principal limitationPrincipal limitationIt doesn’t know about every possible errorIt doesn’t know about every possible error
Algorithms are based on source code abstraction Algorithms are based on source code abstraction and heuristicsand heuristics
Which results in both false positives and false negativesWhich results in both false positives and false negatives
It is not a silver bullet…It is not a silver bullet…
It is a useful toolIt is a useful tool
Our Static Tools For DriversOur Static Tools For Drivers
PREPREffast For Drivers (PFD)ast For Drivers (PFD)Lightweight and fast (runs in minutes)Lightweight and fast (runs in minutes)
Easy to use early in development – start earlyEasy to use early in development – start earlyUse on any code that compilesUse on any code that compiles
Limited to a procedure scopeLimited to a procedure scope
Works on any code, C and C++Works on any code, C and C++
Finds many local violationsFinds many local violations
Static Driver Verifier (SDV)Static Driver Verifier (SDV)Extremely deep analysis (runs in hours)Extremely deep analysis (runs in hours)
More useful in the later stages of developmentMore useful in the later stages of developmentRequires complete driverRequires complete driver
Works over the whole driverWorks over the whole driver
Limited to WDM and to C (more planned)Limited to WDM and to C (more planned)
Finds deep bugsFinds deep bugs
A problem has been detected and Windows has been shut down to prevent A problem has been detected and Windows has been shut down to prevent Damage to your Damage to your computer..
DRIVER_IRQL_NOT_LESS_OR_EQUALDRIVER_IRQL_NOT_LESS_OR_EQUAL
If this is the first time you've seen this Stop error screen,If this is the first time you've seen this Stop error screen,restart your computer. If this screen appears again, followrestart your computer. If this screen appears again, followthese steps:these steps:
Check to make sure any new hardware or software is properly installed.Check to make sure any new hardware or software is properly installed.If this is a new installation, ask your hardware or softwareIf this is a new installation, ask your hardware or softwareManufacturer for any Windows updates you might need.Manufacturer for any Windows updates you might need.
If problems continue, disable or remove any newly installed hardwareIf problems continue, disable or remove any newly installed hardwareor software. Disable BIOS memory options such as caching or shadowing.or software. Disable BIOS memory options such as caching or shadowing.If you need to use Safe Mode to remove or disable components, restartIf you need to use Safe Mode to remove or disable components, restartyour computer, press F8 to select Advanced Startup Options, and thenyour computer, press F8 to select Advanced Startup Options, and thenselect Safe Modeselect Safe Mode
Technical information:Technical information:
*** STOP: 0x00000001 (0x0000000,00000002,0x00000000,0x00000000)*** STOP: 0x00000001 (0x0000000,00000002,0x00000000,0x00000000)
Driver Tools RelationshipDriver Tools Relationship
Easy Easy Reproducibility Reproducibility HardHard
DepthDepth
DriverVerifier Static Driver
Verifier
PREfast for drivers
HardHardEase Ease Of UseOf Use
ComplexComplex
PFD: PREPFD: PREffast For Driversast For Drivers
Fast (2-5x compile time, usually)Fast (2-5x compile time, usually)
Finds a lot of “inadvertent” errors and some “hard” onesFinds a lot of “inadvertent” errors and some “hard” ones
Works on code that compiles; doesn’t need to runWorks on code that compiles; doesn’t need to run
Some things it can findSome things it can findNull pointer, uninitialized variable (along an unusual path)Null pointer, uninitialized variable (along an unusual path)
Local leaks (memory, resource)Local leaks (memory, resource)
Mismatched parametersMismatched parameters
Forgot to check resultForgot to check result
Format/list mismatchFormat/list mismatch
Misuse of IRQLs (some)Misuse of IRQLs (some)
Various special cases that are easily missed Various special cases that are easily missed (Cancel IRQL, e.g.)(Cancel IRQL, e.g.)
Proper use of callback/function pointersProper use of callback/function pointers
PFD: Driver Specific Resource LeakPFD: Driver Specific Resource Leak
void LeakSample(BOOLEAN Option1)
{
NTSTATUS Status;
KIRQL OldIrql;
BufInfo *pBufInfo;
KeAcquireSpinLock(MyLock,&OldIrql);
//...
if (Option1) {
pBufInfo = ExAllocatePoolWithTag(NonPagedPool,
sizeof(BufInfo), 'fuB_');
if (NULL==pBufInfo) {
return STATUS_NO_MEMORY;
}
//...
KeReleaseSpinLock(MyLock, OldIrql);
return STATUS_SUCCESS;
}
//...
void LeakSample(BOOLEAN Option1)
{
NTSTATUS Status;
KIRQL OldIrql;
BufInfo *pBufInfo;
KeAcquireSpinLock(MyLock,&OldIrql);
//...
if (Option1) {
pBufInfo = ExAllocatePoolWithTag(NonPagedPool,
sizeof(BufInfo), 'fuB_');
if (NULL==pBufInfo) {
return STATUS_NO_MEMORY;
}
//...
KeReleaseSpinLock(MyLock, OldIrql);
return STATUS_SUCCESS;
}
//...
PFD: Driver Specific Resource LeakPFD: Driver Specific Resource Leak
warning 8103: Leaking the resource stored in 'SpinLock:MyLock'.
void LeakSample(BOOLEAN Option1)
{
NTSTATUS Status;
KIRQL OldIrql;
BufInfo *pBufInfo;
KeAcquireSpinLock(MyLock,&OldIrql);
//...
if (Option1) {
pBufInfo = ExAllocatePoolWithTag(NonPagedPool,
sizeof(BufInfo), 'fuB_');
if (NULL==pBufInfo) {
KeReleaseSpinLock(MyLock, OldIrql);KeReleaseSpinLock(MyLock, OldIrql);
return STATUS_NO_MEMORY;
}
//...
KeReleaseSpinLock(MyLock, OldIrql);
return STATUS_SUCCESS;
}
//...
PFD: Driver Specific Resource LeakPFD: Driver Specific Resource Leak
PFD: AnnotationsPFD: Annotations
Tells PFD things it could not inferTells PFD things it could not infer
Enhance/enforce the “contract” between Enhance/enforce the “contract” between calling and called functioncalling and called function
Too much to cover here; there’s a paper Too much to cover here; there’s a paper with the detailswith the details
PFD: Annotations – ExamplePFD: Annotations – Example
wchar_t * wmemset( __out_ecount(ss) wchar_t *p, __in wchar_t v, __in size_t ss);
__in: the parameter is input to the function__in: the parameter is input to the function
__out: the parameter is output from the function__out: the parameter is output from the function
__out_ecount(s): the parameter is a buffer with s elements__out_ecount(s): the parameter is a buffer with s elements
If the parameter p doesn’t contain at least s elements, If the parameter p doesn’t contain at least s elements, PFD will yield a warningPFD will yield a warning
Static Analysis ToolsStatic Analysis ToolsFor DriversFor Drivers
Static Driver VerifierStatic Driver VerifierSDVSDV
SDV: Session OutlineSDV: Session Outline
IntroductionIntroduction
ExampleExample
ConceptsConceptsRulesRules
DDI ModelDDI Model
Verification EngineVerification Engine
ExperienceExperience
SDV: IntroductionSDV: Introduction
A “compile-time version” of Driver VerifierA “compile-time version” of Driver VerifierInspects driver source codeInspects driver source code
Looking for violations of DDI constraints Looking for violations of DDI constraints
SupportsSupportsWDM drivers WDM drivers
SDV 1.4 in Windows Vista WDKSDV 1.4 in Windows Vista WDK
KMDF drivers KMDF drivers Planned for Windows Server Planned for Windows Server code-named “Longhorn”code-named “Longhorn”
Preview in static analysis tools lab tomorrowPreview in static analysis tools lab tomorrow
SDV: QualitySDV: Quality
Comprehensive path coverageComprehensive path coverageChecks all possible paths in a driverChecks all possible paths in a driver
Checks cross procedure callsChecks cross procedure calls
Checks a driver together with librariesChecks a driver together with libraries
Finds deep defects that are hard to repro Finds deep defects that are hard to repro
SDV is not perfectSDV is not perfectOnly one driver (not the entire driver stack)Only one driver (not the entire driver stack)
DDI implementation code is abstracted awayDDI implementation code is abstracted away
Might run out of time Might run out of time
SDV: ExampleSDV: Example
Device DriverInterface
IoCompleteRequest
Driver
Dispatch routine
I/O System
IrpIrp
IrpIrp
SDV: ExampleSDV: Example
XXXX
Device DriverInterface
IoCompleteRequest
Driver
Dispatch routine
I/O System
IrpIrp
IrpIrp IrpIrp
ParPort: A Double Completion BugParPort: A Double Completion BugFrom Windows Server 2003 DDK (build 3677 or earlier)From Windows Server 2003 DDK (build 3677 or earlier)
PptDispatchClose ( Irp ) P4CompleteRequest ( Irp )
IoCompleteRequest( Irp );XX
PptFdoClose( Irp )
P4CompleteRequestReleaseRemLoc ( Irp )
IOMngr
SDV: ConceptsSDV: Concepts
XXXX
RulesRules
VerificatioVerification n EngineEngine
OS ModelOS Model
library.c
more_code.c
driver.c SDV
SDV: DDI RulesSDV: DDI Rules
XXXX
RulesRules
VerificatioVerification n EngineEngine
OS ModelOS Model
library.c
more_code.c
driver.c SDV DDI
Model
Verification Engine
DDI Rules
SDV: DDI RulesSDV: DDI Rules
XXXX
Rules
Verification Engine
OS Model
library.c
more_code.c
driver.c SDV DDI
Model
Verification Engine
DDI Rules
SDV: DDI RulesSDV: DDI Rules
SDV comes with SDV comes with 66 WDM rules 66 WDM rules
KMDF rules – planned for Windows Server KMDF rules – planned for Windows Server code-named “Longhorn”code-named “Longhorn”
A rule captures constraints imposed A rule captures constraints imposed by DDI requirements by DDI requirements
A rule is a Finite State Machine (FSM)A rule is a Finite State Machine (FSM)StatesStates
Abort points trap violationsAbort points trap violations
Other states are interim points Other states are interim points
EventsEventsAssociated with calls into DDIAssociated with calls into DDI
SDV: WDK Tells DDI ConstraintsSDV: WDK Tells DDI Constraints
KeAcquire SpinLock
KeReleaseSpinLock
Driver
Entry Point
I/O System
Driver Development Interface
SDV: Rule 1 SDV: Rule 1
KeAcquire SpinLock
KeReleaseSpinLock
Driver
Entry Point
I/O System
AbortAbortA
cqui
reA
cqui
re Release
Release
Driv
er c
alle
dD
river
cal
led
Driver returns
Driver returns
Unlocked
Acquire
Acquire
Driver re
turns
Driver re
turns
Locked
Release
Release
KeAcquireSpinLock and KeReleaseSpinLock can only be called in alternate order
Driver Development Interface
SDV: DDI ModelSDV: DDI Model
XXXX
RulesRules
VerificatioVerification n EngineEngine
OS ModelOS Model
library.c
more_code.c
driver.c SDVDDI
Rules
DDI Model
Verification Engine
SDV: DDI Model Wraps The DriverSDV: DDI Model Wraps The Driver
MainMain
Calls Calls DriverEntryDriverEntry
Calls Dispatch Routines (WDM) Calls Dispatch Routines (WDM) or Driver Callbacks (KMDF)or Driver Callbacks (KMDF)
Aspects of the OS state Aspects of the OS state
Interrupt Request Level (IRQL)Interrupt Request Level (IRQL)
Stubs for hundredsStubs for hundredsof DDI functionsof DDI functions
IoCreateDevice, …IoCreateDevice, …Device Driver
Interface
I/O Systemmainmain
IoCreateDeviceIoCreateDevice
IoCompleteRequestIoCompleteRequest
Driver
DriverEntryDriverEntry
IRQLIRQL
SDV: DDI Model – SummarySDV: DDI Model – Summary
Captures aspects ofCaptures aspects ofPlug-n-Play life cycle of a driverPlug-n-Play life cycle of a driver
The OS state The OS state
DDI implementationDDI implementation
Covers corner case scenariosCovers corner case scenarios
DDI model must be balanced DDI model must be balanced A more accurate model is biggerA more accurate model is bigger
A bigger model brings more computational A bigger model brings more computational complexity for the engine to cope withcomplexity for the engine to cope with
SDV: Verification EngineSDV: Verification Engine
XXXX
RulesRules
VerificatioVerification n EngineEngine
OS ModelOS Model
library.c
more_code.c
driver.c SDVDDI Rules
DDI Model
Verification Engine
SDV: Verification EngineSDV: Verification Engine
Symbolic model checking of a C programSymbolic model checking of a C program
Symbolically executesSymbolically executesYour driver in the context of the DDI modelYour driver in the context of the DDI model
While looking for rule violationsWhile looking for rule violations
Each and every path of the driver Each and every path of the driver is checkedis checked
How does it cope with computational How does it cope with computational complexity?complexity?
SDV: Abstract-Refine LoopSDV: Abstract-Refine Loop
AbstractionAbstraction – throw away irrelevant details – throw away irrelevant details
Model-checkingModel-checking on the reduced code on the reduced code
Bug validationBug validation on the original code on the original code
RefineRefine the abstraction if the bug doesn’t the abstraction if the bug doesn’t show in the original codeshow in the original code
bug bug ??
rule
validate
abstractrefine
model– check
C codeDriver
DDI model
XXXX
Reducedcode
SDV: Our Practical ExperienceSDV: Our Practical Experience
Finds deep bugs not found by testingFinds deep bugs not found by testing1 bug on average for a sample driver in Windows 1 bug on average for a sample driver in Windows Server 2003 DDK-3677Server 2003 DDK-3677
Well tested drivers are often cleanWell tested drivers are often clean
A dozen true bugs in a fresh driver A dozen true bugs in a fresh driver
Low Noise levelLow Noise levelLess than 1 false bug reported per driverLess than 1 false bug reported per driver
2 real bugs for 1 false bug on DDK-3677 samples2 real bugs for 1 false bug on DDK-3677 samples
PerformancePerformanceRuns in a few hoursRuns in a few hours
But may need to run overnightBut may need to run overnight
Static Analysis Tools For DriversStatic Analysis Tools For DriversSummarySummary
PREPREffast for Driversast for Drivers Static Driver VerifierStatic Driver Verifier
AvailabilityAvailability Available nowAvailable now WDM rules are availableWDM rules are available
KMDF rules are plannedKMDF rules are planned for LH Server – preview in for LH Server – preview in Static Analysis Tools Lab Static Analysis Tools Lab
ApplicabilityApplicability C and C++C and C++ C only, up to 50K LOCC only, up to 50K LOC
Issues foundIssues found Local defectsLocal defects
Easy to fixEasy to fix
High volumeHigh volume
Global defectsGlobal defects
Harder to fixHarder to fix
Low volumeLow volume
Development Development CycleCycle
Apply early –Apply early –
““When the driver When the driver compiles”compiles”
Run oftenRun often
Apply later –Apply later –
““When the basic structure of When the basic structure of the driver is in place”the driver is in place”
Run ad hoc or overnightRun ad hoc or overnight
Static Analysis CanStatic Analysis Can
The business caseThe business caseReduce risk of expensive after-deployment bugsReduce risk of expensive after-deployment bugs
Reduce time to marketReduce time to market
Reduce cost of code review and testingReduce cost of code review and testing
Improve code quality Improve code quality
Achieve higher test coverageAchieve higher test coverage
The development case The development case Find/prevent bugs earlierFind/prevent bugs earlier
more directly and obviouslymore directly and obviously
Find/prevent “hard to test” bugsFind/prevent “hard to test” bugs
Make you more efficientMake you more efficient
Use Static Analysis WiselyUse Static Analysis Wisely
It doesn’t know about all possible errorsIt doesn’t know about all possible errors
It doesn’t make testing unnecessary It doesn’t make testing unnecessary
Both false positives and false negatives Both false positives and false negatives can be misleadingcan be misleading
Static analysis tools complement testingStatic analysis tools complement testing
It’s wise to use them as a major part of It’s wise to use them as a major part of your quality strategy your quality strategy
Call To ActionCall To Action
Use these static tools on your driversUse these static tools on your drivers
Learn more about static analysis toolsLearn more about static analysis toolsRead the “PRERead the “PREffast Step-by-Step” paperast Step-by-Step” paper
Read the “Introducing Static Driver Verifier” paperRead the “Introducing Static Driver Verifier” paper
Read the Annotations paperRead the Annotations paper
Try the tools on your drivers or WDK samples Try the tools on your drivers or WDK samples at the lab tomorrowat the lab tomorrow
The lab requires a signed DPAThe lab requires a signed DPA
Send us questionsSend us questions
Give us feedbackGive us feedback
Current Status Of SDV And PFDCurrent Status Of SDV And PFD
Use PFD included in the latest WDKUse PFD included in the latest WDKavailable to youavailable to you
There are four versions of PREThere are four versions of PREffast “out there”ast “out there”Latest one in WDK and previous versions in older DDKsLatest one in WDK and previous versions in older DDKs
Use PFD version 8.0.xxxxxUse PFD version 8.0.xxxxxType “prefast” in a WDK build environmentType “prefast” in a WDK build environmentto view the PFD versionto view the PFD version
Use SDV included in the latest WDKUse SDV included in the latest WDKavailable to youavailable to you
There are two versions of SDV “out there”There are two versions of SDV “out there”Latest one in WDK prereleasesLatest one in WDK prereleases
Use SDV version 1.4.224 or laterUse SDV version 1.4.224 or laterType “staticdv” in a WDK build environment to view the SDV versionType “staticdv” in a WDK build environment to view the SDV version
Additional ResourcesAdditional Resources
Whitepapers on WHDC web siteWhitepapers on WHDC web sitePREPREffast step-by-step ast step-by-step
English: English: http://www.microsoft.com/whdc/DevTools/tools/PREfast_steps.mspxhttp://www.microsoft.com/whdc/DevTools/tools/PREfast_steps.mspxLinks to Chinese and Japanese translations are also available on this pageLinks to Chinese and Japanese translations are also available on this page
PREPREffast annotations ast annotations http://www.microsoft.com/whdc/DevTools/tools/annotations.mspxhttp://www.microsoft.com/whdc/DevTools/tools/annotations.mspx
Static Driver Verifier: finding bugs in device drivers at compile-time Static Driver Verifier: finding bugs in device drivers at compile-time http://www.microsoft.com/whdc/devtools/tools/SDV.mspxhttp://www.microsoft.com/whdc/devtools/tools/SDV.mspx
Introducing Static Driver Verifier Introducing Static Driver Verifier http://www.microsoft.com/whdc/devtools/tools/sdvintro.mspxhttp://www.microsoft.com/whdc/devtools/tools/sdvintro.mspx
Static Driver Verifier experience at MicrosoftStatic Driver Verifier experience at Microsofthttp://www.microsoft.com/whdc/devtools/tools/sdv-case.mspxhttp://www.microsoft.com/whdc/devtools/tools/sdv-case.mspx
EmailEmail (PRE(PREffast for Drivers)ast for Drivers) (Static Driver Verifier)(Static Driver Verifier)
Related sessionsRelated sessionsStatic Analysis Tools LabStatic Analysis Tools Lab
pfdfdbk @ microsoft.compfdfdbk @ microsoft.comsdvfdbk @ microsoft.comsdvfdbk @ microsoft.com
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions,
it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.