DDI usage rule set (KMDF)
Use these rules to verify that your driver correctly uses KMDF DDIs correctly.
In this section
| Topic | Description |
|---|---|
The BufAfterReqCompletedIoctl rule specifies that within the EvtIoDeviceControl callback function, the I/O request buffer retrieved cannot be accessed after the I/O request is completed. |
|
The BufAfterReqCompletedIntIoctl rule specifies that after a request is completed, its buffer cannot be accessed (inside EvtIoInternalDeviceControl callback function only). The buffer is retrieved by calling WdfRequestRetrieveOutputBuffer or WdfRequestRetrieveUnsafeUserOutputBuffer or WdfRequestRetrieveInputBuffer or WdfRequestRetrieveUnsafeUserInputBuffer. |
|
The BufAfterReqCompletedIntIoctlA rule verifies that after a request is completed, its buffer cannot be accessed (inside EvtIoInternalDeviceControl callback only). The buffer was retrieved by calling WdfRequestRetrieveInputBuffer or WdfRequestRetrieveOutputBuffer or WdfRequestRetrieveUnsafeUserInputBuffer or WdfRequestRetrieveUnsafeUserOutputBuffer. |
|
The BufAfterReqCompletedIoctlA rule specifies that within the EvtIoDeviceControl callback function, the I/O request buffer retrieved cannot be accessed after the I/O request is completed. |
|
The BufAfterReqCompletedRead rule specifies that within the EvtIoRead callback function, the I/O request buffer retrieved cannot be accessed after the I/O request is completed. There are 14 DDIs that serve as possible buffer access methods. |
|
The BufAfterReqCompletedReadA rule specifies that within the EvtIoRead callback function, the I/O request buffer retrieved cannot be accessed after the I/O request is completed. There are 14 DDIs that serve as possible buffer access methods. |
|
The BufAfterReqCompletedWrite rule specifies that within the EvtIoWrite callback function, the I/O request buffer retrieved cannot be accessed after the I/O request is completed. |
|
The BufAfterReqCompletedWriteA rule specifies that within the EvtIoWrite callback function, the I/O request buffer retrieved cannot be accessed after the I/O request is completed. |
|
The ChildDeviceInitApi rule specifies that for a child device, the framework device object initialization methods must be called before the driver calls the WdfDeviceCreate method for the child device object. |
|
The ControDeviceDeleted rule specifies that if a PnP driver creates a control device object, the driver must delete the control device object in one of the cleanup callback functions before the driver unloads. |
|
The ControlDeviceInitAPI rule specifies that WdfControlDeviceInitAllocate and all other device object initialization DDIs that set up a WDFDEVICE_INIT structure for the control device must be called before WdfDeviceCreate for the control device. |
|
The CtlDeviceFinishInitDeviceAdd rule specifies that if a driver creates control device object in an EvtDriverDeviceAdd callback function, it must call WdfControlFinishInitializing after the device has been created and before it exits from the EvtDriverDeviceAdd callback function. This rule does not apply for non-PnP drivers. |
|
The CtlDeviceFinishInitDrEntry rule specifies that if a driver creates a control device object in a DriverEntry callback function, it must call WdfControlFinishInitializing after the device has been created and before it exits from the EvtDriverDeviceAdd callback function. This rule does not apply for non-PnP drivers. |
|
The DeviceCreateFail rule specifies that EVT_WDF_DRIVER_DEVICE_ADD returns an error status when the call to WdfDeviceCreate fails. |
|
The DeviceInitAllocate rule specifies that, for a PDO device or a control device object, the framework device object initialization methods WdfPdoInitAllocate or WdfControlDeviceInitAllocate must be called before the driver calls WdfDeviceCreate. |
|
For an FDO device, the framework device object initialization methods and the framework FDO initialization methods must be called before the driver calls the WdfDeviceCreate method for the device object. |
|
The DoubleDeviceInitFree rule specifies that drivers should not free device initialization structure twice. |
|
The DriverCreate rule specifies that a driver that uses Kernel Mode Driver Framework (KMDF) must call the WdfDriverCreate method to create a framework driver object from within its DriverEntry routine. |
|
The InitFreeDeviceCallback rule specifies that a driver must call WdfDeviceInitFree if the driver encounters an error while it initializes a new framework device object, and if the driver received the WDFDEVICE_INIT structure from a call to WdfControlDeviceInitAllocate. |
|
The InitFreeDeviceCreate rule specifies that a driver must call WdfDeviceInitFree instead of WdfDeviceCreate if an error occurs in one of the device object initialization methods and if the driver received the WDFDEVICE_INIT structure from a call to WdfControlDeviceInitAllocate. |
|
The InitFreeDeviceCreateType2 rule specifies that a driver must not call WdfDeviceCreate after it calls WdfDeviceInitFree. |
|
The InitFreeDeviceCreateType4 rule specifies that a driver must call WdfDeviceInitFree if the driver encounters an error while it calls WdfDeviceCreate and if the driver received the WDFDEVICE_INIT structure from a call to WdfControlDeviceInitAllocate. |
|
The InitFreeNull rule specifies that DDIs receiving PWDFDEVICE_INIT as a parameter cannot be called by using a NULL pointer to a WDFDEVICE_INIT structure. |
|
The MdlAfterReqCompletedIntIoctl rule specifies that within the EvtIoInternalDeviceControl callback function, the memory descriptor list (MDL) cannot be accessed after the I/O request is completed. |
|
The MdlAfterReqCompletedIntIoctlA rule specifies that within the EvtIoInternalDeviceControl callback function, the memory descriptor list (MDL) cannot be accessed after the I/O request is completed. |
|
The MdlAfterReqCompletedIoctl rule specifies that within the EvtIoDeviceControl callback function, the memory descriptor list (MDL) cannot be accessed after the I/O request is completed. |
|
The MdlAfterReqCompletedIoctlA rule specifies that within the EvtIoDeviceControl callback function, the memory descriptor list (MDL) cannot be accessed after the I/O request is completed. |
|
The MdlAfterReqCompletedRead rule specifies that within the EvtIoRead callback function, the memory descriptor list (MDL) object retrieved cannot be accessed after the I/O request is completed. |
|
The MdlAfterReqCompletedReadA rule specifies that within the EvtIoRead callback function, the memory descriptor list (MDL) object retrieved cannot be accessed after the I/O request is completed. |
|
The MdlAfterReqCompletedWrite rule specifies that within the EvtIoWrite callback function, the memory descriptor list (MDL) object retrieved cannot be accessed after the I/O request is completed. |
|
The MdlAfterReqCompletedWriteA rule specifies that within the EvtIoWrite callback function, the memory descriptor list (MDL) object retrieved cannot be accessed after the I/O request is completed. |
|
The MemAfterReqCompletedIntIoctl rule specifies that within the EvtIoInternalDeviceControl callback function, the framework memory object cannot be accessed after the I/O request is completed. |
|
The MemAfterReqCompletedIntIoctlA rule specifies that within the EvtIoInternalDeviceControl callback function, the framework memory object cannot be accessed after the I/O request is completed. |
|
The MemAfterReqCompletedIoctl rule specifies that within the EvtIoDeviceControl callback function, the framework memory object cannot be accessed after the I/O request is completed. |
|
The MemAfterReqCompletedIoctlA rule specifies that within the EvtIoDeviceControl callback function, the framework memory object cannot be accessed after the I/O request is completed. |
|
The MemAfterReqCompletedRead rule specifies that within the EvtIoRead callback function, the framework memory object cannot be accessed after the I/O request is completed. |
|
The MemAfterReqCompletedReadA rule specifies that within the EvtIoRead callback function, the framework memory object cannot be accessed after the I/O request is completed. |
|
The MemAfterReqCompletedWrite rule specifies that within the EvtIoWrite callback function, the framework memory object cannot be accessed after the I/O request is completed. |
|
The MemAfterReqCompletedWriteA rule specifies that within the EvtIoWrite callback function, the framework memory object cannot be accessed after the I/O request is completed. |
|
The NullCheck rule verifies that a NULL value inside the driver code is not dereferenced later in the driver. This rule reports a defect if either of these conditions is true:
With NullCheck rule violations, the most relevant code statements are highlighted in the trace tree pane. For more information about working with report output, see Static Driver Verifier Report and Understanding the Trace Viewer. |
|
The PdoDeviceInitAPI rule specifies that WdfPdoInitAllocate and all other device object initialization DDIs that set up a WDFDEVICE_INIT structure for the physical device object (PDO) must be called before the driver calls WdfDeviceCreate for the PDO. |
|
The PdoInitFreeDeviceCallback rule specifies that the driver must call WdfDeviceInitFree if an error occurs when the driver calls any framework device object initialization function. |
|
The PdoInitFreeDeviceCreate rule specifies that a driver must call WdfDeviceInitFree instead of WdfDeviceCreate if an error occurs in one of the device object initialization functions and if the driver received the WDFDEVICE_INIT structure from a call to WdfPdoInitAllocate. |
|
The PdoInitFreeDeviceCreateType2 rule specifies that a driver must not call WdfDeviceCreate after it calls WdfDeviceInitFree. |
|
The PdoInitFreeDeviceCreateType4 rule specifies that the driver must call WdfDeviceInitFree if an error occurs when the driver calls WdfDeviceCreate. |
|
The ControlDeviceInitAllocate rule specifies that for a control device object, the driver must call the framework device object initialization method WdfControlDeviceInitAllocate before the driver calls WdfDeviceCreate. |
|
The InputBufferAPI rule specifies that the correct DDIs for buffer retrieval are used in the EvtIoReadcallback function. Within the EvtIoRead callback function, the following DDIs cannot be called for buffer retrieval: |
To select the DDI usage rule set
Select your driver project (.vcxProj) in Microsoft Visual Studio. From the Driver menu, click Launch Static Driver Verifier….
Click the Rules tab. Under Rule Sets, select DDIUsage.
To select the default rule set from a Visual Studio developer command prompt window, specify DDIUsage.sdv with the /check option. For example:
msbuild /t:sdv /p:Inputs="/check:DDIUsage.sdv" mydriver.VcxProj /p:Configuration="Win8 Release" /p:Platform=Win32For more information, see Using Static Driver Verifier to Find Defects in Drivers and Static Driver Verifier commands (MSBuild).