Skip to main content

 none
Code Analysis on solution does not show any warning RRS feed

  • Question

  • Hi All,

    I am running code analysis on this following code from visual studio to check the behavior. The _In_ can be used to enforce read only property of the argument so it should show warning when updating the variable. But i couldn't see any warning on visual studio after running code analysis on solution. Anything i am missing in the setup. 

    NTSTATUS
    DriverEntry (
        _In_ PDRIVER_OBJECT DriverObject,
        _In_ PUNICODE_STRING RegistryPath
        )

       {

       ....

       DriverObject = NULL;

     }

    Thanks,

    Monday, September 23, 2019 3:12 AM

Answers

  • _In_ is not used to enforce read-only, as least not in the way "const" does in C++.  Remember, your statement:

        DriverObject = NULL;

    changes nothing in the caller's world.  All that does is change a local stack location.  Now, if you had tried to change the caller's contents:

        DriverObject->DriverSize = 18;

    then you could argue that _In_ should be flagged and replaced by _InOut_.

    In practice, drivers MUST modify the DRIVER_OBJECT, so _InOut_ is more appropriate.


    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    Tuesday, September 24, 2019 4:12 AM

All replies

  • The decl_annotations should be inherited from the OS headers, see https://docs.microsoft.com/en-us/visualstudio/code-quality/annotating-function-behavior?view=vs-2019.

    Here is the recommendation for your work:

    _Use_decl_annotations_

    NTSTATUS

    DriverEntry (

        PDRIVER_OBJECT DriverObject,

        PUNICODE_STRING RegistryPath

        )

       {

       ....

       DriverObject = NULL;

     }

    Monday, September 23, 2019 10:51 PM
    Moderator
  • _In_ is not used to enforce read-only, as least not in the way "const" does in C++.  Remember, your statement:

        DriverObject = NULL;

    changes nothing in the caller's world.  All that does is change a local stack location.  Now, if you had tried to change the caller's contents:

        DriverObject->DriverSize = 18;

    then you could argue that _In_ should be flagged and replaced by _InOut_.

    In practice, drivers MUST modify the DRIVER_OBJECT, so _InOut_ is more appropriate.


    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    Tuesday, September 24, 2019 4:12 AM