Recent Posts

Tags

News

  • A blog about Microsoft Windows development, focused on kernel-mode driver development, the Windows DDK, WDK, and related tools.

    To elaborate on the copyright notice at the bottom: all content produced by me on this site is copyright and licensed as follows:

    <!-- Creative Commons License --> Creative Commons License
    This work is licensed under a Creative Commons License. <!-- /Creative Commons License --> <!-- <rdf:RDF xmlns="http://web.resource.org/cc/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <Work rdf:about=""> <dc:type rdf:resource="http://purl.org/dc/dcmitype/Text" /> <license rdf:resource="http://creativecommons.org/licenses/by-nc/2.0/" /> </Work> <License rdf:about="http://creativecommons.org/licenses/by-nc/2.0/"> <permits rdf:resource="http://web.resource.org/cc/Reproduction" /> <permits rdf:resource="http://web.resource.org/cc/Distribution" /> <requires rdf:resource="http://web.resource.org/cc/Notice" /> <requires rdf:resource="http://web.resource.org/cc/Attribution" /> <prohibits rdf:resource="http://web.resource.org/cc/CommercialUse" /> <permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" /> </License> </rdf:RDF> -->

    Although I work for Positive Networks, this work is my own and is not connected with my employer in any way.

    <!-- technorati again --> <script type="text/javascript" src="http://embed.technorati.com/embed/8xz8dihr.js"> </script>

Community

Email Notifications

Other Blogs

General

Technical Resources

About Me

Archives

Kernel Mustard

Reflections on Windows System Programming
Steve Dispensa, MVP - Windows DDK

Some PreFAST and Static Driver Verifier Notes

I just spent most of the day working with the new builds of PreFAST and Static Driver Verifier. PreFAST keeps getting better with each release; I found a few more issues with the 5112 WDK PreFAST than previous versions (mostly having to do with improved decorations of callback functions and better obsolete API checking). It's still my favorite static analysis tool... PC-Lint is great, and I'll continue to use it, but PreFAST is much more driver-oriented and tends to catch more of the types of mistakes I make these days than Lint does. Maybe the folks at Gimpel have finally got me trained. :-)

Static Driver Verifier is, well, SLOW. I ran it against one of my production drivers, and it did manage to find a bug (a double-completion, through an unlikely but not impossible code path), that I suspect was introduced fairly recently by another coder. Highly recommended as well - zero false positives, one true positive. If you haven't tried it yet, check out your WDF kits from WinHEC or Driver DevCon, if you were there. If you weren't there, consider signing up for the WDF beta; Static Driver Verifier is only in the WDF kit at this point, as far as I know.

In pondering the importance of static analysis tools, I think the double-completion case from today is important to consider. Any project of reasonable size will have more than one programmer on it, either during development or down the road, and issues like the one that popped up today are just bound to happen. Maintaining existing code is really hard to do well - just think of how much state you have in your head during initial code construction. You'll never manage to get that state re-built two years later when hunting down a bluescreen for a day or two, and unless the maintenance coders are out of sight, they aren't going to amass that much state either.

That's where static tools like PreFAST and Static Driver Verifier come into play. If someone manages to put an IoCompleteRequest() in a perfectly reasonable (but incorrect) place, they'll catch it. Add that to a checked OS and full driver verifier, and you have an exceedingly high chance of catching bugs introduced as a result of this lack of state.

Posted: Oct 10 2005, 06:00 PM by Steve Dispensa | with no comments
Filed under:
Leave a Comment

(required) 

(required) 

(optional)

(required)