{"id":13723,"date":"2010-06-14T07:00:00","date_gmt":"2010-06-14T07:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2010\/06\/14\/annotating-function-parameters-and-using-prefast-to-check-them\/"},"modified":"2010-06-14T07:00:00","modified_gmt":"2010-06-14T07:00:00","slug":"annotating-function-parameters-and-using-prefast-to-check-them","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20100614-00\/?p=13723","title":{"rendered":"Annotating function parameters and using PREfast to check them"},"content":{"rendered":"<p>Via the suggestion box, Sys64738 asks, <a href=\"http:\/\/blogs.msdn.com\/b\/oldnewthing\/archive\/2007\/05\/23\/407234.aspx#1499080\"> whether I think is a good C\/C++ programming style to add IN and OUT to function prototypes<\/a>.\n Remember, this is my opinion. Your opinion may validly differ.\n I would go beyond just IN and OUT and step up to <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/aa383701.aspx\"> SAL annotations<\/a>, which describe the semantics of function parameters in more detail than simply IN and OUT. For example, the <code>__out_ecount<\/code> annotation lets you specify not only that the buffer is an output parameter, but also lets you specify how big the buffer is.\n This added expressiveness is used by tools like <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/ff550543.aspx\"> PREfast<\/a> and its user-mode equivalent the <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/d3bbz7tz.aspx\"> C\/C++ Code Analysis tool<\/a>. These tools study your source code and attempt to find errors like writing past the end of an output buffer, passing the wrong buffer size for an output parameter, or writing to an input buffer.\n One question that often comes up when people start adding SAL annotations to their code is &#8220;I have a function whose parameters are used in a manner that isn&#8217;t neatly covered by an existing annotation. How do I annotate it?&#8221; If you ask them to describe the parameters they are having trouble with, you often find that they don&#8217;t have an easy annotation because they are too complicated. &#8220;Well, this is a null-terminated input string buffer, unless the <code>SET<\/code> flag set, in which case it&#8217;s an output buffer with length specified by the <code>cchBuf<\/code> parameter, and the buffer size is specified in <code>CHAR<\/code>s unless the <code>FN_UNICODE<\/code> flag is set in the <code>dwFlags<\/code> parameter, in which case the size is in <code>WCHAR<\/code>s.&#8221;<\/p>\n<p> One lesson we learned in Windows is that if your function is so complicated that the annotation language has trouble expressing it, then that might be a clue that your function is so complicated that human beings can&#8217;t understand it either. The answer to &#8220;How do I annotate it?&#8221; is therefore &#8220;Don&#8217;t try. Simplify your interface instead.&#8221; (Of course, if the function must be kept around for compatibility reasons, then you are stuck with a complicated annotation.) <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Via the suggestion box, Sys64738 asks, whether I think is a good C\/C++ programming style to add IN and OUT to function prototypes. Remember, this is my opinion. Your opinion may validly differ. I would go beyond just IN and OUT and step up to SAL annotations, which describe the semantics of function parameters in [&hellip;]<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-13723","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"<p>Via the suggestion box, Sys64738 asks, whether I think is a good C\/C++ programming style to add IN and OUT to function prototypes. Remember, this is my opinion. Your opinion may validly differ. I would go beyond just IN and OUT and step up to SAL annotations, which describe the semantics of function parameters in [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/13723","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=13723"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/13723\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=13723"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=13723"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=13723"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}