Ros-diffs June 2021

ros-diffs@reactos.org

19 participants
228 discussions

[reactos] 26/26: [PSDK] Alias _Check_return_ annotation to warn_unused_result attribute

by Jérôme Gardou

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=ada609bdbc18f1cb3b9bf… commit ada609bdbc18f1cb3b9bff1c6854c40be076b570 Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Tue Jun 22 10:57:06 2021 +0200 Commit: Jérôme Gardou <zefklop(a)users.noreply.github.com> CommitDate: Mon Jun 28 10:20:57 2021 +0200 [PSDK] Alias _Check_return_ annotation to warn_unused_result attribute --- sdk/include/psdk/gcc_sal.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sdk/include/psdk/gcc_sal.h b/sdk/include/psdk/gcc_sal.h index 0e0c9570893..421e4e18e16 100644 --- a/sdk/include/psdk/gcc_sal.h +++ b/sdk/include/psdk/gcc_sal.h @@ -18,5 +18,9 @@ #if __has_attribute(warn_unused_result) # undef _Must_inspect_result_ +/* FIXME: Not really equivalent */ # define _Must_inspect_result_ __attribute__((__warn_unused_result__)) +# undef _Check_return_ +/* This one is 1:1 equivalent */ +# define _Check_return_ __attribute__((__warn_unused_result__)) #endif

3 years, 3 months

[reactos] 25/26: [CRT] Put __MINGW_EXTENSION (whatever that means) in front of function declarations

by Jérôme Gardou

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=e10892e4f4c3216f7db00… commit e10892e4f4c3216f7db00eb51ab95070c5d408cc Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Tue Jun 22 11:09:12 2021 +0200 Commit: Jérôme Gardou <zefklop(a)users.noreply.github.com> CommitDate: Mon Jun 28 10:20:57 2021 +0200 [CRT] Put __MINGW_EXTENSION (whatever that means) in front of function declarations Needed for next commit --- sdk/include/crt/io.h | 6 +++--- sdk/include/crt/stdio.h | 4 ++-- sdk/include/crt/stdlib.h | 30 +++++++++++++++--------------- sdk/include/crt/wchar.h | 12 ++++++------ 4 files changed, 26 insertions(+), 26 deletions(-) diff --git a/sdk/include/crt/io.h b/sdk/include/crt/io.h index 5e29e67680b..404407d7dba 100644 --- a/sdk/include/crt/io.h +++ b/sdk/include/crt/io.h @@ -396,8 +396,8 @@ _getcwd( #if _INTEGRAL_MAX_BITS >= 64 - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl @@ -452,8 +452,8 @@ _getcwd( _In_ intptr_t _FindHandle, _Out_ struct __finddata64_t *_FindData); - _Check_return_opt_ __MINGW_EXTENSION + _Check_return_opt_ _CRTIMP __int64 __cdecl @@ -462,8 +462,8 @@ _getcwd( _In_ __int64 _Offset, _In_ int _Origin); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl diff --git a/sdk/include/crt/stdio.h b/sdk/include/crt/stdio.h index 40dd62ae76b..bff3578088d 100644 --- a/sdk/include/crt/stdio.h +++ b/sdk/include/crt/stdio.h @@ -391,8 +391,8 @@ extern "C" { _In_ __int64 _Offset, _In_ int _Origin); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl @@ -1186,8 +1186,8 @@ extern "C" { _In_ __int64 _Offset, _In_ int _Origin); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl diff --git a/sdk/include/crt/stdlib.h b/sdk/include/crt/stdlib.h index a1a35636ad2..2d0af78e3a3 100644 --- a/sdk/include/crt/stdlib.h +++ b/sdk/include/crt/stdlib.h @@ -403,16 +403,16 @@ extern "C" { _Pre_notnull_ _Post_z_ char *_DstBuf, _In_ int _Radix); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl _atoi64( _In_z_ const char *_String); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl @@ -420,8 +420,8 @@ extern "C" { _In_z_ const char *_String, _In_opt_ _locale_t _Locale); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl @@ -430,8 +430,8 @@ extern "C" { _Out_opt_ _Deref_post_z_ char **_EndPtr, _In_ int _Radix); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl @@ -441,8 +441,8 @@ extern "C" { _In_ int _Radix, _In_opt_ _locale_t _Locale); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP unsigned __int64 __cdecl @@ -451,8 +451,8 @@ extern "C" { _Out_opt_ _Deref_post_z_ char **_EndPtr, _In_ int _Radix); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP unsigned __int64 __cdecl @@ -995,16 +995,16 @@ extern "C" { _Pre_notnull_ _Post_z_ wchar_t *_DstBuf, _In_ int _Radix); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl _wtoi64( _In_z_ const wchar_t *_Str); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl @@ -1012,8 +1012,8 @@ extern "C" { _In_z_ const wchar_t *_Str, _In_opt_ _locale_t _Locale); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl @@ -1022,8 +1022,8 @@ extern "C" { _Out_opt_ _Deref_post_z_ wchar_t **_EndPtr, _In_ int _Radix); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl @@ -1033,8 +1033,8 @@ extern "C" { _In_ int _Radix, _In_opt_ _locale_t _Locale); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP unsigned __int64 __cdecl @@ -1043,8 +1043,8 @@ extern "C" { _Out_opt_ _Deref_post_z_ wchar_t **_EndPtr, _In_ int _Radix); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP unsigned __int64 __cdecl @@ -1203,8 +1203,8 @@ extern "C" { _In_ int _Shift); #if _INTEGRAL_MAX_BITS >= 64 - _Check_return_ __MINGW_EXTENSION + _Check_return_ unsigned __int64 __cdecl _rotl64( @@ -1220,8 +1220,8 @@ extern "C" { _In_ int _Shift); #if _INTEGRAL_MAX_BITS >= 64 - _Check_return_ __MINGW_EXTENSION + _Check_return_ unsigned __int64 __cdecl _rotr64( @@ -1438,7 +1438,7 @@ extern "C" { __MINGW_EXTENSION typedef struct { long long quot, rem; } lldiv_t; - _Check_return_ __MINGW_EXTENSION lldiv_t __cdecl lldiv(_In_ long long, _In_ long long); + __MINGW_EXTENSION _Check_return_ lldiv_t __cdecl lldiv(_In_ long long, _In_ long long); __MINGW_EXTENSION __CRT_INLINE long long __cdecl llabs(_In_ long long _j) { return (_j >= 0 ? _j : -_j); } diff --git a/sdk/include/crt/wchar.h b/sdk/include/crt/wchar.h index 309bed76cef..f708917ace3 100644 --- a/sdk/include/crt/wchar.h +++ b/sdk/include/crt/wchar.h @@ -1761,16 +1761,16 @@ _CRTIMP int __cdecl iswblank(wint_t _C); _Pre_notnull_ _Post_z_ wchar_t *_DstBuf, _In_ int _Radix); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl _wtoi64( _In_z_ const wchar_t *_Str); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl @@ -1778,8 +1778,8 @@ _CRTIMP int __cdecl iswblank(wint_t _C); _In_z_ const wchar_t *_Str, _In_opt_ _locale_t _Locale); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl @@ -1788,8 +1788,8 @@ _CRTIMP int __cdecl iswblank(wint_t _C); _Out_opt_ _Deref_post_z_ wchar_t **_EndPtr, _In_ int _Radix); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP __int64 __cdecl @@ -1799,8 +1799,8 @@ _CRTIMP int __cdecl iswblank(wint_t _C); _In_ int _Radix, _In_opt_ _locale_t _Locale); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP unsigned __int64 __cdecl @@ -1809,8 +1809,8 @@ _CRTIMP int __cdecl iswblank(wint_t _C); _Out_opt_ _Deref_post_z_ wchar_t **_EndPtr, _In_ int _Radix); - _Check_return_ __MINGW_EXTENSION + _Check_return_ _CRTIMP unsigned __int64 __cdecl

3 years, 3 months

[reactos] 24/26: [SDK] Add GCC overrides for SAL annotations

by Jérôme Gardou

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=d1f5c31820e35fbc7dfe3… commit d1f5c31820e35fbc7dfe306e23a51ed13afe50b6 Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Thu Jun 17 14:48:52 2021 +0200 Commit: Jérôme Gardou <zefklop(a)users.noreply.github.com> CommitDate: Mon Jun 28 10:20:57 2021 +0200 [SDK] Add GCC overrides for SAL annotations GCC has some functions, variables & type attributes which can be used as aliases for some of the SAL annotations. Although it's not as rich & precise, it's still useful since we actually enable -Werror on GCC builds whereas we don't use such an option on MSVC builds. For now, _Must_inspect_result_ is aliased to warn_result_unused attribute. --- ntoskrnl/CMakeLists.txt | 5 + sdk/cmake/gcc.cmake | 1 + sdk/include/psdk/gcc_sal.h | 22 + sdk/include/psdk/{sal.h => ms_sal.h} | 0 sdk/include/psdk/sal.h | 2961 +--------------------------------- sdk/lib/rtl/CMakeLists.txt | 5 + 6 files changed, 39 insertions(+), 2955 deletions(-) diff --git a/ntoskrnl/CMakeLists.txt b/ntoskrnl/CMakeLists.txt index 0c91c1f7f40..31970629c76 100644 --- a/ntoskrnl/CMakeLists.txt +++ b/ntoskrnl/CMakeLists.txt @@ -1,6 +1,11 @@ PROJECT(NTOS) +if (GCC) + # Enable this again. CORE-17637 + add_compile_options(-Wunused-result) +endif() + include(ntos.cmake) if (CMAKE_C_COMPILER_ID MATCHES "GNU|Clang") diff --git a/sdk/cmake/gcc.cmake b/sdk/cmake/gcc.cmake index 1ab10b6f97a..fec53361b08 100644 --- a/sdk/cmake/gcc.cmake +++ b/sdk/cmake/gcc.cmake @@ -102,6 +102,7 @@ add_compile_options(-Wno-char-subscripts -Wno-multichar -Wno-unused-value) add_compile_options(-Wno-unused-const-variable) add_compile_options(-Wno-unused-local-typedefs) add_compile_options(-Wno-deprecated) +add_compile_options(-Wno-unused-result) # FIXME To be removed when CORE-17637 is resolved if(NOT CMAKE_C_COMPILER_ID STREQUAL "Clang") add_compile_options(-Wno-maybe-uninitialized) diff --git a/sdk/include/psdk/gcc_sal.h b/sdk/include/psdk/gcc_sal.h new file mode 100644 index 00000000000..0e0c9570893 --- /dev/null +++ b/sdk/include/psdk/gcc_sal.h @@ -0,0 +1,22 @@ +/* + * PROJECT: ReactOS PSDK + * LICENSE: MIT (https://spdx.org/licenses/MIT) + * PURPOSE: Standard Annotation Language (SAL) definitions - GCC overrides + * COPYRIGHT: 2021 - Jérôme Gardou + */ + +#pragma once + +#ifndef __GNUC__ +#error "Not for your compiler!" +#endif + +#ifndef __has_attribute +#pragma GCC warning "GCC without __has_attribute, no SAL niceties for you" +#define __has_attribute(__x) 0 +#endif + +#if __has_attribute(warn_unused_result) +# undef _Must_inspect_result_ +# define _Must_inspect_result_ __attribute__((__warn_unused_result__)) +#endif diff --git a/sdk/include/psdk/sal.h b/sdk/include/psdk/ms_sal.h similarity index 100% copy from sdk/include/psdk/sal.h copy to sdk/include/psdk/ms_sal.h diff --git a/sdk/include/psdk/sal.h b/sdk/include/psdk/sal.h index 96cc8eab228..b2be2de5654 100644 --- a/sdk/include/psdk/sal.h +++ b/sdk/include/psdk/sal.h @@ -2,2964 +2,15 @@ * PROJECT: ReactOS PSDK * LICENSE: MIT (https://spdx.org/licenses/MIT) * PURPOSE: Standard Annotation Language (SAL) definitions - * COPYRIGHT: Microsoft Corporation. - * SOURCE: https://github.com/microsoft/ChakraCore/blob/master/pal/inc/rt/sal.h + * COPYRIGHT: 2021 - Jérôme Gardou */ -// ------------------------------------------------------------ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License (MIT). See License.txt in the repo root for license information. -// ------------------------------------------------------------ -/*** -*sal.h - markers for documenting the semantics of APIs -* - -* -*Purpose: -* sal.h provides a set of annotations to describe how a function uses its -* parameters - the assumptions it makes about them, and the guarantees it makes -* upon finishing. -****/ #pragma once -/*========================================================================== - - The comments in this file are intended to give basic understanding of - the usage of SAL, the Microsoft Source Code Annotation Language. - For more details, please see https://go.microsoft.com/fwlink/?LinkID=242134 - - The macros are defined in 3 layers, plus the structural set: - - _In_/_Out_/_Ret_ Layer: - ---------------------- - This layer provides the highest abstraction and its macros should be used - in most cases. These macros typically start with: - _In_ : input parameter to a function, unmodified by called function - _Out_ : output parameter, written to by called function, pointed-to - location not expected to be initialized prior to call - _Outptr_ : like _Out_ when returned variable is a pointer type - (so param is pointer-to-pointer type). Called function - provides/allocated space. - _Outref_ : like _Outptr_, except param is reference-to-pointer type. - _Inout_ : inout parameter, read from and potentially modified by - called function. - _Ret_ : for return values - _Field_ : class/struct field invariants - For common usage, this class of SAL provides the most concise annotations. - Note that _In_/_Out_/_Inout_/_Outptr_ annotations are designed to be used - with a parameter target. Using them with _At_ to specify non-parameter - targets may yield unexpected results. - - This layer also includes a number of other properties that can be specified - to extend the ability of code analysis, most notably: - -- Designating parameters as format strings for printf/scanf/scanf_s - -- Requesting stricter type checking for C enum parameters - - _Pre_/_Post_ Layer: - ------------------ - The macros of this layer only should be used when there is no suitable macro - in the _In_/_Out_ layer. Its macros start with _Pre_ or _Post_. - This layer provides the most flexibility for annotations. - - Implementation Abstraction Layer: - -------------------------------- - Macros from this layer should never be used directly. The layer only exists - to hide the implementation of the annotation macros. - - Structural Layer: - ---------------- - These annotations, like _At_ and _When_, are used with annotations from - any of the other layers as modifiers, indicating exactly when and where - the annotations apply. - - - Common syntactic conventions: - ---------------------------- - - Usage: - ----- - _In_, _Out_, _Inout_, _Pre_, _Post_, are for formal parameters. - _Ret_, _Deref_ret_ must be used for return values. - - Nullness: - -------- - If the parameter can be NULL as a precondition to the function, the - annotation contains _opt. If the macro does not contain '_opt' the - parameter cannot be NULL. - - If an out/inout parameter returns a null pointer as a postcondition, this is - indicated by _Ret_maybenull_ or _result_maybenull_. If the macro is not - of this form, then the result will not be NULL as a postcondition. - _Outptr_ - output value is not NULL - _Outptr_result_maybenull_ - output value might be NULL - - String Type: - ----------- - _z: NullTerminated string - for _In_ parameters the buffer must have the specified stringtype before the call - for _Out_ parameters the buffer must have the specified stringtype after the call - for _Inout_ parameters both conditions apply - - Extent Syntax: - ------------- - Buffer sizes are expressed as element counts, unless the macro explicitly - contains _byte_ or _bytes_. Some annotations specify two buffer sizes, in - which case the second is used to indicate how much of the buffer is valid - as a postcondition. This table outlines the precondition buffer allocation - size, precondition number of valid elements, postcondition allocation size, - and postcondition number of valid elements for representative buffer size - annotations: - Pre | Pre | Post | Post - alloc | valid | alloc | valid - Annotation elems | elems | elems | elems - ---------- ------------------------------------ - _In_reads_(s) s | s | s | s - _Inout_updates_(s) s | s | s | s - _Inout_updates_to_(s,c) s | s | s | c - _Out_writes_(s) s | 0 | s | s - _Out_writes_to_(s,c) s | 0 | s | c - _Outptr_result_buffer_(s) ? | ? | s | s - _Outptr_result_buffer_to_(s,c) ? | ? | s | c - - For the _Outptr_ annotations, the buffer in question is at one level of - dereference. The called function is responsible for supplying the buffer. - - Success and failure: - ------------------- - The SAL concept of success allows functions to define expressions that can - be tested by the caller, which if it evaluates to non-zero, indicates the - function succeeded, which means that its postconditions are guaranteed to - hold. Otherwise, if the expression evaluates to zero, the function is - considered to have failed, and the postconditions are not guaranteed. - - The success criteria can be specified with the _Success_(expr) annotation: - _Success_(return != FALSE) BOOL - PathCanonicalizeA(_Out_writes_(MAX_PATH) LPSTR pszBuf, LPCSTR pszPath) : - pszBuf is only guaranteed to be NULL-terminated when TRUE is returned, - and FALSE indiates failure. In common practice, callers check for zero - vs. non-zero returns, so it is preferable to express the success - criteria in terms of zero/non-zero, not checked for exactly TRUE. - - Functions can specify that some postconditions will still hold, even when - the function fails, using _On_failure_(anno-list), or postconditions that - hold regardless of success or failure using _Always_(anno-list). - - The annotation _Return_type_success_(expr) may be used with a typedef to - give a default _Success_ criteria to all functions returning that type. - This is the case for common Windows API status types, including - HRESULT and NTSTATUS. This may be overridden on a per-function basis by - specifying a _Success_ annotation locally. - -============================================================================*/ - -#define __ATTR_SAL - -#ifndef _SAL_VERSION /*IFSTRIP=IGN*/ -#define _SAL_VERSION 20 -#endif - -#ifdef _PREFAST_ // [ - -// choose attribute or __declspec implementation -#ifndef _USE_DECLSPECS_FOR_SAL // [ -#define _USE_DECLSPECS_FOR_SAL 1 -#endif // ] - -#if _USE_DECLSPECS_FOR_SAL // [ -#undef _USE_ATTRIBUTES_FOR_SAL -#define _USE_ATTRIBUTES_FOR_SAL 0 -#elif !defined(_USE_ATTRIBUTES_FOR_SAL) // ][ -#if _MSC_VER >= 1400 /*IFSTRIP=IGN*/ // [ -#define _USE_ATTRIBUTES_FOR_SAL 1 -#else // ][ -#define _USE_ATTRIBUTES_FOR_SAL 0 -#endif // ] -#endif // ] - - -#if !_USE_DECLSPECS_FOR_SAL // [ -#if !_USE_ATTRIBUTES_FOR_SAL // [ -#if _MSC_VER >= 1400 /*IFSTRIP=IGN*/ // [ -#undef _USE_ATTRIBUTES_FOR_SAL -#define _USE_ATTRIBUTES_FOR_SAL 1 -#else // ][ -#undef _USE_DECLSPECS_FOR_SAL -#define _USE_DECLSPECS_FOR_SAL 1 -#endif // ] -#endif // ] -#endif // ] - -#else - -// Disable expansion of SAL macros in non-Prefast mode to -// improve compiler throughput. -#ifndef _USE_DECLSPECS_FOR_SAL // [ -#define _USE_DECLSPECS_FOR_SAL 0 -#endif // ] -#ifndef _USE_ATTRIBUTES_FOR_SAL // [ -#define _USE_ATTRIBUTES_FOR_SAL 0 -#endif // ] - -#endif // ] +/* Include MS version first */ +#include "ms_sal.h" -// safeguard for MIDL and RC builds -#if _USE_DECLSPECS_FOR_SAL && ( defined( MIDL_PASS ) || defined(__midl) || defined(RC_INVOKED) || !defined(_PREFAST_) ) /*IFSTRIP=IGN*/ // [ -#undef _USE_DECLSPECS_FOR_SAL -#define _USE_DECLSPECS_FOR_SAL 0 -#endif // ] -#if _USE_ATTRIBUTES_FOR_SAL && ( !defined(_MSC_EXTENSIONS) || defined( MIDL_PASS ) || defined(__midl) || defined(RC_INVOKED) ) /*IFSTRIP=IGN*/ // [ -#undef _USE_ATTRIBUTES_FOR_SAL -#define _USE_ATTRIBUTES_FOR_SAL 0 -#endif // ] - -#if _USE_DECLSPECS_FOR_SAL || _USE_ATTRIBUTES_FOR_SAL - -// Special enum type for Y/N/M -enum __SAL_YesNo {_SAL_notpresent, _SAL_no, _SAL_maybe, _SAL_yes, _SAL_default}; - -#endif - -#if defined(BUILD_WINDOWS) && !_USE_ATTRIBUTES_FOR_SAL /*IFSTRIP=IGN*/ -#define _SAL1_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "1") _GrouP_(annotes _SAL_nop_impl_) -#define _SAL1_1_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "1.1") _GrouP_(annotes _SAL_nop_impl_) -#define _SAL1_2_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "1.2") _GrouP_(annotes _SAL_nop_impl_) -#define _SAL2_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "2") _GrouP_(annotes _SAL_nop_impl_) -#else -#define _SAL1_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "1") _Group_(annotes _SAL_nop_impl_) -#define _SAL1_1_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "1.1") _Group_(annotes _SAL_nop_impl_) -#define _SAL1_2_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "1.2") _Group_(annotes _SAL_nop_impl_) -#define _SAL2_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "2") _Group_(annotes _SAL_nop_impl_) +/* Some overrides with GCC attributes */ +#ifdef __GNUC__ +#include "gcc_sal.h" #endif - -//============================================================================ -// Structural SAL: -// These annotations modify the use of other annotations. They may -// express the annotation target (i.e. what parameter/field the annotation -// applies to) or the condition under which the annotation is applicable. -//============================================================================ - -// _At_(target, annos) specifies that the annotations listed in 'annos' is to -// be applied to 'target' rather than to the identifier which is the current -// lexical target. -#define _At_(target, annos) _At_impl_(target, annos _SAL_nop_impl_) - -// _At_buffer_(target, iter, bound, annos) is similar to _At_, except that -// target names a buffer, and each annotation in annos is applied to each -// element of target up to bound, with the variable named in iter usable -// by the annotations to refer to relevant offsets within target. -#define _At_buffer_(target, iter, bound, annos) _At_buffer_impl_(target, iter, bound, annos _SAL_nop_impl_) - -// _When_(expr, annos) specifies that the annotations listed in 'annos' only -// apply when 'expr' evaluates to non-zero. -#define _When_(expr, annos) _When_impl_(expr, annos _SAL_nop_impl_) -#define _Group_(annos) _Group_impl_(annos _SAL_nop_impl_) -#define _GrouP_(annos) _GrouP_impl_(annos _SAL_nop_impl_) - -// <expr> indicates whether normal post conditions apply to a function -#define _Success_(expr) _SAL2_Source_(_Success_, (expr), _Success_impl_(expr)) - -// <expr> indicates whether post conditions apply to a function returning -// the type that this annotation is applied to -#define _Return_type_success_(expr) _SAL2_Source_(_Return_type_success_, (expr), _Success_impl_(expr)) - -// Establish postconditions that apply only if the function does not succeed -#define _On_failure_(annos) _On_failure_impl_(annos _SAL_nop_impl_) - -// Establish postconditions that apply in both success and failure cases. -// Only applicable with functions that have _Success_ or _Return_type_succss_. -#define _Always_(annos) _Always_impl_(annos _SAL_nop_impl_) - -// Usable on a function defintion. Asserts that a function declaration is -// in scope, and its annotations are to be used. There are no other annotations -// allowed on the function definition. -#define _Use_decl_annotations_ _Use_decl_anno_impl_ - -// _Notref_ may precede a _Deref_ or "real" annotation, and removes one -// level of dereference if the parameter is a C++ reference (&). If the -// net deref on a "real" annotation is negative, it is simply discarded. -#define _Notref_ _Notref_impl_ - -// Annotations for defensive programming styles. -#define _Pre_defensive_ _SA_annotes0(SAL_pre_defensive) -#define _Post_defensive_ _SA_annotes0(SAL_post_defensive) - -#define _In_defensive_(annotes) _Pre_defensive_ _Group_(annotes) -#define _Out_defensive_(annotes) _Post_defensive_ _Group_(annotes) -#define _Inout_defensive_(annotes) _Pre_defensive_ _Post_defensive_ _Group_(annotes) - -//============================================================================ -// _In_\_Out_ Layer: -//============================================================================ - -// Reserved pointer parameters, must always be NULL. -#define _Reserved_ _SAL2_Source_(_Reserved_, (), _Pre1_impl_(__null_impl)) - -// _Const_ allows specification that any namable memory location is considered -// readonly for a given call. -#define _Const_ _SAL2_Source_(_Const_, (), _Pre1_impl_(__readaccess_impl_notref)) - - -// Input parameters -------------------------- - -// _In_ - Annotations for parameters where data is passed into the function, but not modified. -// _In_ by itself can be used with non-pointer types (although it is redundant). - -// e.g. void SetPoint( _In_ const POINT* pPT ); -#define _In_ _SAL2_Source_(_In_, (), _Pre1_impl_(__notnull_impl_notref) _Pre_valid_impl_ _Deref_pre1_impl_(__readaccess_impl_notref)) -#define _In_opt_ _SAL2_Source_(_In_opt_, (), _Pre1_impl_(__maybenull_impl_notref) _Pre_valid_impl_ _Deref_pre_readonly_) - -// nullterminated 'in' parameters. -// e.g. void CopyStr( _In_z_ const char* szFrom, _Out_z_cap_(cchTo) char* szTo, size_t cchTo ); -#define _In_z_ _SAL2_Source_(_In_z_, (), _In_ _Pre1_impl_(__zterm_impl)) -#define _In_opt_z_ _SAL2_Source_(_In_opt_z_, (), _In_opt_ _Pre1_impl_(__zterm_impl)) - - -// 'input' buffers with given size - -#define _In_reads_(size) _SAL2_Source_(_In_reads_, (size), _Pre_count_(size) _Deref_pre_readonly_) -#define _In_reads_opt_(size) _SAL2_Source_(_In_reads_opt_, (size), _Pre_opt_count_(size) _Deref_pre_readonly_) -#define _In_reads_bytes_(size) _SAL2_Source_(_In_reads_bytes_, (size), _Pre_bytecount_(size) _Deref_pre_readonly_) -#define _In_reads_bytes_opt_(size) _SAL2_Source_(_In_reads_bytes_opt_, (size), _Pre_opt_bytecount_(size) _Deref_pre_readonly_) -#define _In_reads_z_(size) _SAL2_Source_(_In_reads_z_, (size), _In_reads_(size) _Pre_z_) -#define _In_reads_opt_z_(size) _SAL2_Source_(_In_reads_opt_z_, (size), _Pre_opt_count_(size) _Deref_pre_readonly_ _Pre_opt_z_) -#define _In_reads_or_z_(size) _SAL2_Source_(_In_reads_or_z_, (size), _In_ _When_(_String_length_(_Curr_) < (size), _Pre_z_) _When_(_String_length_(_Curr_) >= (size), _Pre1_impl_(__count_impl(size)))) -#define _In_reads_or_z_opt_(size) _SAL2_Source_(_In_reads_or_z_opt_, (size), _In_opt_ _When_(_String_length_(_Curr_) < (size), _Pre_z_) _When_(_String_length_(_Curr_) >= (size), _Pre1_impl_(__count_impl(size)))) - - -// 'input' buffers valid to the given end pointer - -#define _In_reads_to_ptr_(ptr) _SAL2_Source_(_In_reads_to_ptr_, (ptr), _Pre_ptrdiff_count_(ptr) _Deref_pre_readonly_) -#define _In_reads_to_ptr_opt_(ptr) _SAL2_Source_(_In_reads_to_ptr_opt_, (ptr), _Pre_opt_ptrdiff_count_(ptr) _Deref_pre_readonly_) -#define _In_reads_to_ptr_z_(ptr) _SAL2_Source_(_In_reads_to_ptr_z_, (ptr), _In_reads_to_ptr_(ptr) _Pre_z_) -#define _In_reads_to_ptr_opt_z_(ptr) _SAL2_Source_(_In_reads_to_ptr_opt_z_, (ptr), _Pre_opt_ptrdiff_count_(ptr) _Deref_pre_readonly_ _Pre_opt_z_) - - - -// Output parameters -------------------------- - -// _Out_ - Annotations for pointer or reference parameters where data passed back to the caller. -// These are mostly used where the pointer/reference is to a non-pointer type. -// _Outptr_/_Outref) (see below) are typically used to return pointers via parameters. - -// e.g. void GetPoint( _Out_ POINT* pPT ); -#define _Out_ _SAL2_Source_(_Out_, (), _Out_impl_) -#define _Out_opt_ _SAL2_Source_(_Out_opt_, (), _Out_opt_impl_) - -#define _Out_writes_(size) _SAL2_Source_(_Out_writes_, (size), _Pre_cap_(size) _Post_valid_impl_) -#define _Out_writes_opt_(size) _SAL2_Source_(_Out_writes_opt_, (size), _Pre_opt_cap_(size) _Post_valid_impl_) -#define _Out_writes_bytes_(size) _SAL2_Source_(_Out_writes_bytes_, (size), _Pre_bytecap_(size) _Post_valid_impl_) -#define _Out_writes_bytes_opt_(size) _SAL2_Source_(_Out_writes_bytes_opt_, (size), _Pre_opt_bytecap_(size) _Post_valid_impl_) -#define _Out_writes_z_(size) _SAL2_Source_(_Out_writes_z_, (size), _Pre_cap_(size) _Post_valid_impl_ _Post_z_) -#define _Out_writes_opt_z_(size) _SAL2_Source_(_Out_writes_opt_z_, (size), _Pre_opt_cap_(size) _Post_valid_impl_ _Post_z_) - -#define _Out_writes_to_(size,count) _SAL2_Source_(_Out_writes_to_, (size,count), _Pre_cap_(size) _Post_valid_impl_ _Post_count_(count)) -#define _Out_writes_to_opt_(size,count) _SAL2_Source_(_Out_writes_to_opt_, (size,count), _Pre_opt_cap_(size) _Post_valid_impl_ _Post_count_(count)) -#define _Out_writes_all_(size) _SAL2_Source_(_Out_writes_all_, (size), _Out_writes_to_(_Old_(size), _Old_(size))) -#define _Out_writes_all_opt_(size) _SAL2_Source_(_Out_writes_all_opt_, (size), _Out_writes_to_opt_(_Old_(size), _Old_(size))) - -#define _Out_writes_bytes_to_(size,count) _SAL2_Source_(_Out_writes_bytes_to_, (size,count), _Pre_bytecap_(size) _Post_valid_impl_ _Post_bytecount_(count)) -#define _Out_writes_bytes_to_opt_(size,count) _SAL2_Source_(_Out_writes_bytes_to_opt_, (size,count), _Pre_opt_bytecap_(size) _Post_valid_impl_ _Post_bytecount_(count)) -#define _Out_writes_bytes_all_(size) _SAL2_Source_(_Out_writes_bytes_all_, (size), _Out_writes_bytes_to_(_Old_(size), _Old_(size))) -#define _Out_writes_bytes_all_opt_(size) _SAL2_Source_(_Out_writes_bytes_all_opt_, (size), _Out_writes_bytes_to_opt_(_Old_(size), _Old_(size))) - -#define _Out_writes_to_ptr_(ptr) _SAL2_Source_(_Out_writes_to_ptr_, (ptr), _Pre_ptrdiff_cap_(ptr) _Post_valid_impl_) -#define _Out_writes_to_ptr_opt_(ptr) _SAL2_Source_(_Out_writes_to_ptr_opt_, (ptr), _Pre_opt_ptrdiff_cap_(ptr) _Post_valid_impl_) -#define _Out_writes_to_ptr_z_(ptr) _SAL2_Source_(_Out_writes_to_ptr_z_, (ptr), _Pre_ptrdiff_cap_(ptr) _Post_valid_impl_ Post_z_) -#define _Out_writes_to_ptr_opt_z_(ptr) _SAL2_Source_(_Out_writes_to_ptr_opt_z_, (ptr), _Pre_opt_ptrdiff_cap_(ptr) _Post_valid_impl_ Post_z_) - - -// Inout parameters ---------------------------- - -// _Inout_ - Annotations for pointer or reference parameters where data is passed in and -// potentially modified. -// void ModifyPoint( _Inout_ POINT* pPT ); -// void ModifyPointByRef( _Inout_ POINT& pPT ); - -#define _Inout_ _SAL2_Source_(_Inout_, (), _Prepost_valid_) -#define _Inout_opt_ _SAL2_Source_(_Inout_opt_, (), _Prepost_opt_valid_) - -// For modifying string buffers -// void toupper( _Inout_z_ char* sz ); -#define _Inout_z_ _SAL2_Source_(_Inout_z_, (), _Prepost_z_) -#define _Inout_opt_z_ _SAL2_Source_(_Inout_opt_z_, (), _Prepost_opt_z_) - -// For modifying buffers with explicit element size -#define _Inout_updates_(size) _SAL2_Source_(_Inout_updates_, (size), _Pre_cap_(size) _Pre_valid_impl_ _Post_valid_impl_) -#define _Inout_updates_opt_(size) _SAL2_Source_(_Inout_updates_opt_, (size), _Pre_opt_cap_(size) _Pre_valid_impl_ _Post_valid_impl_) -#define _Inout_updates_z_(size) _SAL2_Source_(_Inout_updates_z_, (size), _Pre_cap_(size) _Pre_valid_impl_ _Post_valid_impl_ _Pre1_impl_(__zterm_impl) _Post1_impl_(__zterm_impl)) -#define _Inout_updates_opt_z_(size) _SAL2_Source_(_Inout_updates_opt_z_, (size), _Pre_opt_cap_(size) _Pre_valid_impl_ _Post_valid_impl_ _Pre1_impl_(__zterm_impl) _Post1_impl_(__zterm_impl)) - -#define _Inout_updates_to_(size,count) _SAL2_Source_(_Inout_updates_to_, (size,count), _Out_writes_to_(size,count) _Pre_valid_impl_ _Pre1_impl_(__count_impl(count))) -#define _Inout_updates_to_opt_(size,count) _SAL2_Source_(_Inout_updates_to_opt_, (size,count), _Out_writes_to_opt_(size,count) _Pre_valid_impl_ _Pre1_impl_(__count_impl(count))) - -#define _Inout_updates_all_(size) _SAL2_Source_(_Inout_updates_all_, (size), _Inout_updates_to_(_Old_(size), _Old_(size))) -#define _Inout_updates_all_opt_(size) _SAL2_Source_(_Inout_updates_all_opt_, (size), _Inout_updates_to_opt_(_Old_(size), _Old_(size))) - -// For modifying buffers with explicit byte size -#define _Inout_updates_bytes_(size) _SAL2_Source_(_Inout_updates_bytes_, (size), _Pre_bytecap_(size) _Pre_valid_impl_ _Post_valid_impl_) -#define _Inout_updates_bytes_opt_(size) _SAL2_Source_(_Inout_updates_bytes_opt_, (size), _Pre_opt_bytecap_(size) _Pre_valid_impl_ _Post_valid_impl_) - -#define _Inout_updates_bytes_to_(size,count) _SAL2_Source_(_Inout_updates_bytes_to_, (size,count), _Out_writes_bytes_to_(size,count) _Pre_valid_impl_ _Pre1_impl_(__bytecount_impl(count))) -#define _Inout_updates_bytes_to_opt_(size,count) _SAL2_Source_(_Inout_updates_bytes_to_opt_, (size,count), _Out_writes_bytes_to_opt_(size,count) _Pre_valid_impl_ _Pre1_impl_(__bytecount_impl(count))) - -#define _Inout_updates_bytes_all_(size) _SAL2_Source_(_Inout_updates_bytes_all_, (size), _Inout_updates_bytes_to_(_Old_(size), _Old_(size))) -#define _Inout_updates_bytes_all_opt_(size) _SAL2_Source_(_Inout_updates_bytes_all_opt_, (size), _Inout_updates_bytes_to_opt_(_Old_(size), _Old_(size))) - - -// Pointer to pointer parameters ------------------------- - -// _Outptr_ - Annotations for output params returning pointers -// These describe parameters where the called function provides the buffer: -// HRESULT SHStrDupW(_In_ LPCWSTR psz, _Outptr_ LPWSTR *ppwsz); -// The caller passes the address of an LPWSTR variable as ppwsz, and SHStrDupW allocates -// and initializes memory and returns the pointer to the new LPWSTR in *ppwsz. -// -// _Outptr_opt_ - describes parameters that are allowed to be NULL. -// _Outptr_*_result_maybenull_ - describes parameters where the called function might return NULL to the caller. -// -// Example: -// void MyFunc(_Outptr_opt_ int **ppData1, _Outptr_result_maybenull_ int **ppData2); -// Callers: -// MyFunc(NULL, NULL); // error: parameter 2, ppData2, should not be NULL -// MyFunc(&pData1, &pData2); // ok: both non-NULL -// if (*pData1 == *pData2) ... // error: pData2 might be NULL after call - -#define _Outptr_ _SAL2_Source_(_Outptr_, (), _Out_impl_ _Deref_post2_impl_(__notnull_impl_notref, __count_impl(1))) -#define _Outptr_result_maybenull_ _SAL2_Source_(_Outptr_result_maybenull_, (), _Out_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __count_impl(1))) -#define _Outptr_opt_ _SAL2_Source_(_Outptr_opt_, (), _Out_opt_impl_ _Deref_post2_impl_(__notnull_impl_notref, __count_impl(1))) -#define _Outptr_opt_result_maybenull_ _SAL2_Source_(_Outptr_opt_result_maybenull_, (), _Out_opt_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __count_impl(1))) - -// Annotations for _Outptr_ parameters returning pointers to null terminated strings. - -#define _Outptr_result_z_ _SAL2_Source_(_Outptr_result_z_, (), _Out_impl_ _Deref_post_z_) -#define _Outptr_opt_result_z_ _SAL2_Source_(_Outptr_opt_result_z_, (), _Out_opt_impl_ _Deref_post_z_) -#define _Outptr_result_maybenull_z_ _SAL2_Source_(_Outptr_result_maybenull_z_, (), _Out_impl_ _Deref_post_opt_z_) -#define _Outptr_opt_result_maybenull_z_ _SAL2_Source_(_Outptr_opt_result_maybenull_z_, (), _Out_opt_impl_ _Deref_post_opt_z_) - -// Annotations for _Outptr_ parameters where the output pointer is set to NULL if the function fails. - -#define _Outptr_result_nullonfailure_ _SAL2_Source_(_Outptr_result_nullonfailure_, (), _Outptr_ _On_failure_(_Deref_post_null_)) -#define _Outptr_opt_result_nullonfailure_ _SAL2_Source_(_Outptr_opt_result_nullonfailure_, (), _Outptr_opt_ _On_failure_(_Deref_post_null_)) - -// Annotations for _Outptr_ parameters which return a pointer to a ref-counted COM object, -// following the COM convention of setting the output to NULL on failure. -// The current implementation is identical to _Outptr_result_nullonfailure_. -// For pointers to types that are not COM objects, _Outptr_result_nullonfailure_ is preferred. - -#define _COM_Outptr_ _SAL2_Source_(_COM_Outptr_, (), _Outptr_ _On_failure_(_Deref_post_null_)) -#define _COM_Outptr_result_maybenull_ _SAL2_Source_(_COM_Outptr_result_maybenull_, (), _Outptr_result_maybenull_ _On_failure_(_Deref_post_null_)) -#define _COM_Outptr_opt_ _SAL2_Source_(_COM_Outptr_opt_, (), _Outptr_opt_ _On_failure_(_Deref_post_null_)) -#define _COM_Outptr_opt_result_maybenull_ _SAL2_Source_(_COM_Outptr_opt_result_maybenull_, (), _Outptr_opt_result_maybenull_ _On_failure_(_Deref_post_null_)) - -// Annotations for _Outptr_ parameters returning a pointer to buffer with a specified number of elements/bytes - -#define _Outptr_result_buffer_(size) _SAL2_Source_(_Outptr_result_buffer_, (size), _Out_impl_ _Deref_post2_impl_(__notnull_impl_notref, __cap_impl(size))) -#define _Outptr_opt_result_buffer_(size) _SAL2_Source_(_Outptr_opt_result_buffer_, (size), _Out_opt_impl_ _Deref_post2_impl_(__notnull_impl_notref, __cap_impl(size))) -#define _Outptr_result_buffer_to_(size, count) _SAL2_Source_(_Outptr_result_buffer_to_, (size, count), _Out_impl_ _Deref_post3_impl_(__notnull_impl_notref, __cap_impl(size), __count_impl(count))) -#define _Outptr_opt_result_buffer_to_(size, count) _SAL2_Source_(_Outptr_opt_result_buffer_to_, (size, count), _Out_opt_impl_ _Deref_post3_impl_(__notnull_impl_notref, __cap_impl(size), __count_impl(count))) - -#define _Outptr_result_buffer_all_(size) _SAL2_Source_(_Outptr_result_buffer_all_, (size), _Out_impl_ _Deref_post2_impl_(__notnull_impl_notref, __count_impl(size))) -#define _Outptr_opt_result_buffer_all_(size) _SAL2_Source_(_Outptr_opt_result_buffer_all_, (size), _Out_opt_impl_ _Deref_post2_impl_(__notnull_impl_notref, __count_impl(size))) - -#define _Outptr_result_buffer_maybenull_(size) _SAL2_Source_(_Outptr_result_buffer_maybenull_, (size), _Out_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __cap_impl(size))) -#define _Outptr_opt_result_buffer_maybenull_(size) _SAL2_Source_(_Outptr_opt_result_buffer_maybenull_, (size), _Out_opt_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __cap_impl(size))) -#define _Outptr_result_buffer_to_maybenull_(size, count) _SAL2_Source_(_Outptr_result_buffer_to_maybenull_, (size, count), _Out_impl_ _Deref_post3_impl_(__maybenull_impl_notref, __cap_impl(size), __count_impl(count))) -#define _Outptr_opt_result_buffer_to_maybenull_(size, count) _SAL2_Source_(_Outptr_opt_result_buffer_to_maybenull_, (size, count), _Out_opt_impl_ _Deref_post3_impl_(__maybenull_impl_notref, __cap_impl(size), __count_impl(count))) - -#define _Outptr_result_buffer_all_maybenull_(size) _SAL2_Source_(_Outptr_result_buffer_all_maybenull_, (size), _Out_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __count_impl(size))) -#define _Outptr_opt_result_buffer_all_maybenull_(size) _SAL2_Source_(_Outptr_opt_result_buffer_all_maybenull_, (size), _Out_opt_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __count_impl(size))) - -#define _Outptr_result_bytebuffer_(size) _SAL2_Source_(_Outptr_result_bytebuffer_, (size), _Out_impl_ _Deref_post2_impl_(__notnull_impl_notref, __bytecap_impl(size))) -#define _Outptr_opt_result_bytebuffer_(size) _SAL2_Source_(_Outptr_opt_result_bytebuffer_, (size), _Out_opt_impl_ _Deref_post2_impl_(__notnull_impl_notref, __bytecap_impl(size))) -#define _Outptr_result_bytebuffer_to_(size, count) _SAL2_Source_(_Outptr_result_bytebuffer_to_, (size, count), _Out_impl_ _Deref_post3_impl_(__notnull_impl_notref, __bytecap_impl(size), __bytecount_impl(count))) -#define _Outptr_opt_result_bytebuffer_to_(size, count) _SAL2_Source_(_Outptr_opt_result_bytebuffer_to_, (size, count), _Out_opt_impl_ _Deref_post3_impl_(__notnull_impl_notref, __bytecap_impl(size), __bytecount_impl(count))) - -#define _Outptr_result_bytebuffer_all_(size) _SAL2_Source_(_Outptr_result_bytebuffer_all_, (size), _Out_impl_ _Deref_post2_impl_(__notnull_impl_notref, __bytecount_impl(size))) -#define _Outptr_opt_result_bytebuffer_all_(size) _SAL2_Source_(_Outptr_opt_result_bytebuffer_all_, (size), _Out_opt_impl_ _Deref_post2_impl_(__notnull_impl_notref, __bytecount_impl(size))) - -#define _Outptr_result_bytebuffer_maybenull_(size) _SAL2_Source_(_Outptr_result_bytebuffer_maybenull_, (size), _Out_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __bytecap_impl(size))) -#define _Outptr_opt_result_bytebuffer_maybenull_(size) _SAL2_Source_(_Outptr_opt_result_bytebuffer_maybenull_, (size), _Out_opt_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __bytecap_impl(size))) -#define _Outptr_result_bytebuffer_to_maybenull_(size, count) _SAL2_Source_(_Outptr_result_bytebuffer_to_maybenull_, (size, count), _Out_impl_ _Deref_post3_impl_(__maybenull_impl_notref, __bytecap_impl(size), __bytecount_impl(count))) -#define _Outptr_opt_result_bytebuffer_to_maybenull_(size, count) _SAL2_Source_(_Outptr_opt_result_bytebuffer_to_maybenull_, (size, count), _Out_opt_impl_ _Deref_post3_impl_(__maybenull_impl_notref, __bytecap_impl(size), __bytecount_impl(count))) - -#define _Outptr_result_bytebuffer_all_maybenull_(size) _SAL2_Source_(_Outptr_result_bytebuffer_all_maybenull_, (size), _Out_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __bytecount_impl(size))) -#define _Outptr_opt_result_bytebuffer_all_maybenull_(size) _SAL2_Source_(_Outptr_opt_result_bytebuffer_all_maybenull_, (size), _Out_opt_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __bytecount_impl(size))) - -// Annotations for output reference to pointer parameters. - -#define _Outref_ _SAL2_Source_(_Outref_, (), _Out_impl_ _Post_notnull_) -#define _Outref_result_maybenull_ _SAL2_Source_(_Outref_result_maybenull_, (), _Pre2_impl_(__notnull_impl_notref, __cap_c_one_notref_impl) _Post_maybenull_ _Post_valid_impl_) - -#define _Outref_result_buffer_(size) _SAL2_Source_(_Outref_result_buffer_, (size), _Outref_ _Post1_impl_(__cap_impl(size))) -#define _Outref_result_bytebuffer_(size) _SAL2_Source_(_Outref_result_bytebuffer_, (size), _Outref_ _Post1_impl_(__bytecap_impl(size))) -#define _Outref_result_buffer_to_(size, count) _SAL2_Source_(_Outref_result_buffer_to_, (size, count), _Outref_result_buffer_(size) _Post1_impl_(__count_impl(count))) -#define _Outref_result_bytebuffer_to_(size, count) _SAL2_Source_(_Outref_result_bytebuffer_to_, (size, count), _Outref_result_bytebuffer_(size) _Post1_impl_(__bytecount_impl(count))) -#define _Outref_result_buffer_all_(size) _SAL2_Source_(_Outref_result_buffer_all_, (size), _Outref_result_buffer_to_(size, _Old_(size))) -#define _Outref_result_bytebuffer_all_(size) _SAL2_Source_(_Outref_result_bytebuffer_all_, (size), _Outref_result_bytebuffer_to_(size, _Old_(size))) - -#define _Outref_result_buffer_maybenull_(size) _SAL2_Source_(_Outref_result_buffer_maybenull_, (size), _Outref_result_maybenull_ _Post1_impl_(__cap_impl(size))) -#define _Outref_result_bytebuffer_maybenull_(size) _SAL2_Source_(_Outref_result_bytebuffer_maybenull_, (size), _Outref_result_maybenull_ _Post1_impl_(__bytecap_impl(size))) -#define _Outref_result_buffer_to_maybenull_(size, count) _SAL2_Source_(_Outref_result_buffer_to_maybenull_, (size, count), _Outref_result_buffer_maybenull_(size) _Post1_impl_(__count_impl(count))) -#define _Outref_result_bytebuffer_to_maybenull_(size, count) _SAL2_Source_(_Outref_result_bytebuffer_to_maybenull_, (size, count), _Outref_result_bytebuffer_maybenull_(size) _Post1_impl_(__bytecount_impl(count))) -#define _Outref_result_buffer_all_maybenull_(size) _SAL2_Source_(_Outref_result_buffer_all_maybenull_, (size), _Outref_result_buffer_to_maybenull_(size, _Old_(size))) -#define _Outref_result_bytebuffer_all_maybenull_(size) _SAL2_Source_(_Outref_result_bytebuffer_all_maybenull_, (size), _Outref_result_bytebuffer_to_maybenull_(size, _Old_(size))) - -// Annotations for output reference to pointer parameters that guarantee -// that the pointer is set to NULL on failure. -#define _Outref_result_nullonfailure_ _SAL2_Source_(_Outref_result_nullonfailure_, (), _Outref_ _On_failure_(_Post_null_)) - -// Generic annotations to set output value of a by-pointer or by-reference parameter to null/zero on failure. -#define _Result_nullonfailure_ _SAL2_Source_(_Result_nullonfailure_, (), _On_failure_(_Notref_impl_ _Deref_impl_ _Post_null_)) -#define _Result_zeroonfailure_ _SAL2_Source_(_Result_zeroonfailure_, (), _On_failure_(_Notref_impl_ _Deref_impl_ _Out_range_(==, 0))) - - -// return values ------------------------------- - -// -// _Ret_ annotations -// -// describing conditions that hold for return values after the call - -// e.g. _Ret_z_ CString::operator const WCHAR*() const throw(); -#define _Ret_z_ _SAL2_Source_(_Ret_z_, (), _Ret2_impl_(__notnull_impl, __zterm_impl) _Ret_valid_impl_) -#define _Ret_maybenull_z_ _SAL2_Source_(_Ret_maybenull_z_, (), _Ret2_impl_(__maybenull_impl,__zterm_impl) _Ret_valid_impl_) - -// used with allocated but not yet initialized objects -#define _Ret_notnull_ _SAL2_Source_(_Ret_notnull_, (), _Ret1_impl_(__notnull_impl)) -#define _Ret_maybenull_ _SAL2_Source_(_Ret_maybenull_, (), _Ret1_impl_(__maybenull_impl)) -#define _Ret_null_ _SAL2_Source_(_Ret_null_, (), _Ret1_impl_(__null_impl)) - -// used with allocated and initialized objects -// returns single valid object -#define _Ret_valid_ _SAL2_Source_(_Ret_valid_, (), _Ret1_impl_(__notnull_impl_notref) _Ret_valid_impl_) - -// returns pointer to initialized buffer of specified size -#define _Ret_writes_(size) _SAL2_Source_(_Ret_writes_, (size), _Ret2_impl_(__notnull_impl, __count_impl(size)) _Ret_valid_impl_) -#define _Ret_writes_z_(size) _SAL2_Source_(_Ret_writes_z_, (size), _Ret3_impl_(__notnull_impl, __count_impl(size), __zterm_impl) _Ret_valid_impl_) -#define _Ret_writes_bytes_(size) _SAL2_Source_(_Ret_writes_bytes_, (size), _Ret2_impl_(__notnull_impl, __bytecount_impl(size)) _Ret_valid_impl_) -#define _Ret_writes_maybenull_(size) _SAL2_Source_(_Ret_writes_maybenull_, (size), _Ret2_impl_(__maybenull_impl,__count_impl(size)) _Ret_valid_impl_) -#define _Ret_writes_maybenull_z_(size) _SAL2_Source_(_Ret_writes_maybenull_z_, (size), _Ret3_impl_(__maybenull_impl,__count_impl(size),__zterm_impl) _Ret_valid_impl_) -#define _Ret_writes_bytes_maybenull_(size) _SAL2_Source_(_Ret_writes_bytes_maybenull_, (size), _Ret2_impl_(__maybenull_impl,__bytecount_impl(size)) _Ret_valid_impl_) - -// returns pointer to partially initialized buffer, with total size 'size' and initialized size 'count' -#define _Ret_writes_to_(size,count) _SAL2_Source_(_Ret_writes_to_, (size,count), _Ret3_impl_(__notnull_impl, __cap_impl(size), __count_impl(count)) _Ret_valid_impl_) -#define _Ret_writes_bytes_to_(size,count) _SAL2_Source_(_Ret_writes_bytes_to_, (size,count), _Ret3_impl_(__notnull_impl, __bytecap_impl(size), __bytecount_impl(count)) _Ret_valid_impl_) -#define _Ret_writes_to_maybenull_(size,count) _SAL2_Source_(_Ret_writes_to_maybenull_, (size,count), _Ret3_impl_(__maybenull_impl, __cap_impl(size), __count_impl(count)) _Ret_valid_impl_) -#define _Ret_writes_bytes_to_maybenull_(size,count) _SAL2_Source_(_Ret_writes_bytes_to_maybenull_, (size,count), _Ret3_impl_(__maybenull_impl, __bytecap_impl(size), __bytecount_impl(count)) _Ret_valid_impl_) - - -// Annotations for strict type checking -#define _Points_to_data_ _SAL2_Source_(_Points_to_data_, (), _Pre_ _Points_to_data_impl_) -#define _Literal_ _SAL2_Source_(_Literal_, (), _Pre_ _Literal_impl_) -#define _Notliteral_ _SAL2_Source_(_Notliteral_, (), _Pre_ _Notliteral_impl_) - -// Check the return value of a function e.g. _Check_return_ ErrorCode Foo(); -#define _Check_return_ _SAL2_Source_(_Check_return_, (), _Check_return_impl_) -#define _Must_inspect_result_ _SAL2_Source_(_Must_inspect_result_, (), _Must_inspect_impl_ _Check_return_impl_) - -// e.g. MyPrintF( _Printf_format_string_ const WCHAR* wzFormat, ... ); -#define _Printf_format_string_ _SAL2_Source_(_Printf_format_string_, (), _Printf_format_string_impl_) -#define _Scanf_format_string_ _SAL2_Source_(_Scanf_format_string_, (), _Scanf_format_string_impl_) -#define _Scanf_s_format_string_ _SAL2_Source_(_Scanf_s_format_string_, (), _Scanf_s_format_string_impl_) - -#define _Format_string_impl_(kind,where) _SA_annotes2(SAL_IsFormatString2, kind, where) -#define _Printf_format_string_params_(x) _SAL2_Source_(_Printf_format_string_params_, (x), _Format_string_impl_("printf", x)) -#define _Scanf_format_string_params_(x) _SAL2_Source_(_Scanf_format_string_params_, (x), _Format_string_impl_("scanf", x)) -#define _Scanf_s_format_string_params_(x) _SAL2_Source_(_Scanf_s_format_string_params_, (x), _Format_string_impl_("scanf_s", x)) - -// annotations to express value of integral or pointer parameter -#define _In_range_(lb,ub) _SAL2_Source_(_In_range_, (lb,ub), _In_range_impl_(lb,ub)) -#define _Out_range_(lb,ub) _SAL2_Source_(_Out_range_, (lb,ub), _Out_range_impl_(lb,ub)) -#define _Ret_range_(lb,ub) _SAL2_Source_(_Ret_range_, (lb,ub), _Ret_range_impl_(lb,ub)) -#define _Deref_in_range_(lb,ub) _SAL2_Source_(_Deref_in_range_, (lb,ub), _Deref_in_range_impl_(lb,ub)) -#define _Deref_out_range_(lb,ub) _SAL2_Source_(_Deref_out_range_, (lb,ub), _Deref_out_range_impl_(lb,ub)) -#define _Deref_ret_range_(lb,ub) _SAL2_Source_(_Deref_ret_range_, (lb,ub), _Deref_ret_range_impl_(lb,ub)) -#define _Pre_equal_to_(expr) _SAL2_Source_(_Pre_equal_to_, (expr), _In_range_(==, expr)) -#define _Post_equal_to_(expr) _SAL2_Source_(_Post_equal_to_, (expr), _Out_range_(==, expr)) - -// annotation to express that a value (usually a field of a mutable class) -// is not changed by a function call -#define _Unchanged_(e) _SAL2_Source_(_Unchanged_, (e), _At_(e, _Post_equal_to_(_Old_(e)) _Const_)) - -// Annotations to allow expressing generalized pre and post conditions. -// 'cond' may be any valid SAL expression that is considered to be true as a precondition -// or postcondition (respsectively). -#define _Pre_satisfies_(cond) _SAL2_Source_(_Pre_satisfies_, (cond), _Pre_satisfies_impl_(cond)) -#define _Post_satisfies_(cond) _SAL2_Source_(_Post_satisfies_, (cond), _Post_satisfies_impl_(cond)) - -// Annotations to express struct, class and field invariants -#define _Struct_size_bytes_(size) _SAL2_Source_(_Struct_size_bytes_, (size), _Writable_bytes_(size)) - -#define _Field_size_(size) _SAL2_Source_(_Field_size_, (size), _Notnull_ _Writable_elements_(size)) -#define _Field_size_opt_(size) _SAL2_Source_(_Field_size_opt_, (size), _Maybenull_ _Writable_elements_(size)) -#define _Field_size_part_(size, count) _SAL2_Source_(_Field_size_part_, (size, count), _Notnull_ _Writable_elements_(size) _Readable_elements_(count)) -#define _Field_size_part_opt_(size, count) _SAL2_Source_(_Field_size_part_opt_, (size, count), _Maybenull_ _Writable_elements_(size) _Readable_elements_(count)) -#define _Field_size_full_(size) _SAL2_Source_(_Field_size_full_, (size), _Field_size_part_(size, size)) -#define _Field_size_full_opt_(size) _SAL2_Source_(_Field_size_full_opt_, (size), _Field_size_part_opt_(size, size)) - -#define _Field_size_bytes_(size) _SAL2_Source_(_Field_size_bytes_, (size), _Notnull_ _Writable_bytes_(size)) -#define _Field_size_bytes_opt_(size) _SAL2_Source_(_Field_size_bytes_opt_, (size), _Maybenull_ _Writable_bytes_(size)) -#define _Field_size_bytes_part_(size, count) _SAL2_Source_(_Field_size_bytes_part_, (size, count), _Notnull_ _Writable_bytes_(size) _Readable_bytes_(count)) -#define _Field_size_bytes_part_opt_(size, count) _SAL2_Source_(_Field_size_bytes_part_opt_, (size, count), _Maybenull_ _Writable_bytes_(size) _Readable_bytes_(count)) -#define _Field_size_bytes_full_(size) _SAL2_Source_(_Field_size_bytes_full_, (size), _Field_size_bytes_part_(size, size)) -#define _Field_size_bytes_full_opt_(size) _SAL2_Source_(_Field_size_bytes_full_opt_, (size), _Field_size_bytes_part_opt_(size, size)) - -#define _Field_z_ _SAL2_Source_(_Field_z_, (), _Null_terminated_) - -#define _Field_range_(min,max) _SAL2_Source_(_Field_range_, (min,max), _Field_range_impl_(min,max)) - -//============================================================================ -// _Pre_\_Post_ Layer: -//============================================================================ - -// -// Raw Pre/Post for declaring custom pre/post conditions -// - -#define _Pre_ _Pre_impl_ -#define _Post_ _Post_impl_ - -// -// Validity property -// - -#define _Valid_ _Valid_impl_ -#define _Notvalid_ _Notvalid_impl_ -#define _Maybevalid_ _Maybevalid_impl_ - -// -// Buffer size properties -// - -// Expressing buffer sizes without specifying pre or post condition -#define _Readable_bytes_(size) _SAL2_Source_(_Readable_bytes_, (size), _Readable_bytes_impl_(size)) -#define _Readable_elements_(size) _SAL2_Source_(_Readable_elements_, (size), _Readable_elements_impl_(size)) -#define _Writable_bytes_(size) _SAL2_Source_(_Writable_bytes_, (size), _Writable_bytes_impl_(size)) -#define _Writable_elements_(size) _SAL2_Source_(_Writable_elements_, (size), _Writable_elements_impl_(size)) - -#define _Null_terminated_ _SAL2_Source_(_Null_terminated_, (), _Null_terminated_impl_) -#define _NullNull_terminated_ _SAL2_Source_(_NullNull_terminated_, (), _NullNull_terminated_impl_) - -// Expressing buffer size as pre or post condition -#define _Pre_readable_size_(size) _SAL2_Source_(_Pre_readable_size_, (size), _Pre1_impl_(__count_impl(size)) _Pre_valid_impl_) -#define _Pre_writable_size_(size) _SAL2_Source_(_Pre_writable_size_, (size), _Pre1_impl_(__cap_impl(size))) -#define _Pre_readable_byte_size_(size) _SAL2_Source_(_Pre_readable_byte_size_, (size), _Pre1_impl_(__bytecount_impl(size)) _Pre_valid_impl_) -#define _Pre_writable_byte_size_(size) _SAL2_Source_(_Pre_writable_byte_size_, (size), _Pre1_impl_(__bytecap_impl(size))) - -#define _Post_readable_size_(size) _SAL2_Source_(_Post_readable_size_, (size), _Post1_impl_(__count_impl(size)) _Post_valid_impl_) -#define _Post_writable_size_(size) _SAL2_Source_(_Post_writable_size_, (size), _Post1_impl_(__cap_impl(size))) -#define _Post_readable_byte_size_(size) _SAL2_Source_(_Post_readable_byte_size_, (size), _Post1_impl_(__bytecount_impl(size)) _Post_valid_impl_) -#define _Post_writable_byte_size_(size) _SAL2_Source_(_Post_writable_byte_size_, (size), _Post1_impl_(__bytecap_impl(size))) - -// -// Pointer null-ness properties -// -#define _Null_ _Null_impl_ -#define _Notnull_ _Notnull_impl_ -#define _Maybenull_ _Maybenull_impl_ - -// -// _Pre_ annotations --- -// -// describing conditions that must be met before the call of the function - -// e.g. int strlen( _Pre_z_ const char* sz ); -// buffer is a zero terminated string -#define _Pre_z_ _SAL2_Source_(_Pre_z_, (), _Pre1_impl_(__zterm_impl) _Pre_valid_impl_) - -// valid size unknown or indicated by type (e.g.:LPSTR) -#define _Pre_valid_ _SAL2_Source_(_Pre_valid_, (), _Pre1_impl_(__notnull_impl_notref) _Pre_valid_impl_) -#define _Pre_opt_valid_ _SAL2_Source_(_Pre_opt_valid_, (), _Pre1_impl_(__maybenull_impl_notref) _Pre_valid_impl_) - -#define _Pre_invalid_ _SAL2_Source_(_Pre_invalid_, (), _Deref_pre1_impl_(__notvalid_impl)) - -// Overrides recursive valid when some field is not yet initialized when using _Inout_ -#define _Pre_unknown_ _SAL2_Source_(_Pre_unknown_, (), _Pre1_impl_(__maybevalid_impl)) - -// used with allocated but not yet initialized objects -#define _Pre_notnull_ _SAL2_Source_(_Pre_notnull_, (), _Pre1_impl_(__notnull_impl_notref)) -#define _Pre_maybenull_ _SAL2_Source_(_Pre_maybenull_, (), _Pre1_impl_(__maybenull_impl_notref)) -#define _Pre_null_ _SAL2_Source_(_Pre_null_, (), _Pre1_impl_(__null_impl_notref)) - -// -// _Post_ annotations --- -// -// describing conditions that hold after the function call - -// void CopyStr( _In_z_ const char* szFrom, _Pre_cap_(cch) _Post_z_ char* szFrom, size_t cchFrom ); -// buffer will be a zero-terminated string after the call -#define _Post_z_ _SAL2_Source_(_Post_z_, (), _Post1_impl_(__zterm_impl) _Post_valid_impl_) - -// e.g. HRESULT InitStruct( _Post_valid_ Struct* pobj ); -#define _Post_valid_ _SAL2_Source_(_Post_valid_, (), _Post_valid_impl_) -#define _Post_invalid_ _SAL2_Source_(_Post_invalid_, (), _Deref_post1_impl_(__notvalid_impl)) - -// e.g. void free( _Post_ptr_invalid_ void* pv ); -#define _Post_ptr_invalid_ _SAL2_Source_(_Post_ptr_invalid_, (), _Post1_impl_(__notvalid_impl)) - -// e.g. void ThrowExceptionIfNull( _Post_notnull_ const void* pv ); -#define _Post_notnull_ _SAL2_Source_(_Post_notnull_, (), _Post1_impl_(__notnull_impl)) - -// e.g. HRESULT GetObject(_Outptr_ _On_failure_(_At_(*p, _Post_null_)) T **p); -#define _Post_null_ _SAL2_Source_(_Post_null_, (), _Post1_impl_(__null_impl)) - -#define _Post_maybenull_ _SAL2_Source_(_Post_maybenull_, (), _Post1_impl_(__maybenull_impl)) - -#define _Prepost_z_ _SAL2_Source_(_Prepost_z_, (), _Pre_z_ _Post_z_) - - -// #pragma region Input Buffer SAL 1 compatibility macros - -/*========================================================================== - - This section contains definitions for macros defined for VS2010 and earlier. - Usage of these macros is still supported, but the SAL 2 macros defined above - are recommended instead. This comment block is retained to assist in - understanding SAL that still uses the older syntax. - - The macros are defined in 3 layers: - - _In_\_Out_ Layer: - ---------------- - This layer provides the highest abstraction and its macros should be used - in most cases. Its macros start with _In_, _Out_ or _Inout_. For the - typical case they provide the most concise annotations. - - _Pre_\_Post_ Layer: - ------------------ - The macros of this layer only should be used when there is no suitable macro - in the _In_\_Out_ layer. Its macros start with _Pre_, _Post_, _Ret_, - _Deref_pre_ _Deref_post_ and _Deref_ret_. This layer provides the most - flexibility for annotations. - - Implementation Abstraction Layer: - -------------------------------- - Macros from this layer should never be used directly. The layer only exists - to hide the implementation of the annotation macros. - - - Annotation Syntax: - |--------------|----------|----------------|-----------------------------| - | Usage | Nullness | ZeroTerminated | Extent | - |--------------|----------|----------------|-----------------------------| - | _In_ | <> | <> | <> | - | _Out_ | opt_ | z_ | [byte]cap_[c_|x_]( size ) | - | _Inout_ | | | [byte]count_[c_|x_]( size ) | - | _Deref_out_ | | | ptrdiff_cap_( ptr ) | - |--------------| | | ptrdiff_count_( ptr ) | - | _Ret_ | | | | - | _Deref_ret_ | | | | - |--------------| | | | - | _Pre_ | | | | - | _Post_ | | | | - | _Deref_pre_ | | | | - | _Deref_post_ | | | | - |--------------|----------|----------------|-----------------------------| - - Usage: - ----- - _In_, _Out_, _Inout_, _Pre_, _Post_, _Deref_pre_, _Deref_post_ are for - formal parameters. - _Ret_, _Deref_ret_ must be used for return values. - - Nullness: - -------- - If the pointer can be NULL the annotation contains _opt. If the macro - does not contain '_opt' the pointer may not be NULL. - - String Type: - ----------- - _z: NullTerminated string - for _In_ parameters the buffer must have the specified stringtype before the call - for _Out_ parameters the buffer must have the specified stringtype after the call - for _Inout_ parameters both conditions apply - - Extent Syntax: - |------|---------------|---------------| - | Unit | Writ\Readable | Argument Type | - |------|---------------|---------------| - | <> | cap_ | <> | - | byte | count_ | c_ | - | | | x_ | - |------|---------------|---------------| - - 'cap' (capacity) describes the writable size of the buffer and is typically used - with _Out_. The default unit is elements. Use 'bytecap' if the size is given in bytes - 'count' describes the readable size of the buffer and is typically used with _In_. - The default unit is elements. Use 'bytecount' if the size is given in bytes. - - Argument syntax for cap_, bytecap_, count_, bytecount_: - (<parameter>|return)[+n] e.g. cch, return, cb+2 - - If the buffer size is a constant expression use the c_ postfix. - E.g. cap_c_(20), count_c_(MAX_PATH), bytecount_c_(16) - - If the buffer size is given by a limiting pointer use the ptrdiff_ versions - of the macros. - - If the buffer size is neither a parameter nor a constant expression use the x_ - postfix. e.g. bytecount_x_(num*size) x_ annotations accept any arbitrary string. - No analysis can be done for x_ annotations but they at least tell the tool that - the buffer has some sort of extent description. x_ annotations might be supported - by future compiler versions. - -============================================================================*/ - -// e.g. void SetCharRange( _In_count_(cch) const char* rgch, size_t cch ) -// valid buffer extent described by another parameter -#define _In_count_(size) _SAL1_1_Source_(_In_count_, (size), _Pre_count_(size) _Deref_pre_readonly_) -#define _In_opt_count_(size) _SAL1_1_Source_(_In_opt_count_, (size), _Pre_opt_count_(size) _Deref_pre_readonly_) -#define _In_bytecount_(size) _SAL1_1_Source_(_In_bytecount_, (size), _Pre_bytecount_(size) _Deref_pre_readonly_) -#define _In_opt_bytecount_(size) _SAL1_1_Source_(_In_opt_bytecount_, (size), _Pre_opt_bytecount_(size) _Deref_pre_readonly_) - -// valid buffer extent described by a constant extression -#define _In_count_c_(size) _SAL1_1_Source_(_In_count_c_, (size), _Pre_count_c_(size) _Deref_pre_readonly_) -#define _In_opt_count_c_(size) _SAL1_1_Source_(_In_opt_count_c_, (size), _Pre_opt_count_c_(size) _Deref_pre_readonly_) -#define _In_bytecount_c_(size) _SAL1_1_Source_(_In_bytecount_c_, (size), _Pre_bytecount_c_(size) _Deref_pre_readonly_) -#define _In_opt_bytecount_c_(size) _SAL1_1_Source_(_In_opt_bytecount_c_, (size), _Pre_opt_bytecount_c_(size) _Deref_pre_readonly_) - -// nullterminated 'input' buffers with given size - -// e.g. void SetCharRange( _In_count_(cch) const char* rgch, size_t cch ) -// nullterminated valid buffer extent described by another parameter -#define _In_z_count_(size) _SAL1_1_Source_(_In_z_count_, (size), _Pre_z_ _Pre_count_(size) _Deref_pre_readonly_) -#define _In_opt_z_count_(size) _SAL1_1_Source_(_In_opt_z_count_, (size), _Pre_opt_z_ _Pre_opt_count_(size) _Deref_pre_readonly_) -#define _In_z_bytecount_(size) _SAL1_1_Source_(_In_z_bytecount_, (size), _Pre_z_ _Pre_bytecount_(size) _Deref_pre_readonly_) -#define _In_opt_z_bytecount_(size) _SAL1_1_Source_(_In_opt_z_bytecount_, (size), _Pre_opt_z_ _Pre_opt_bytecount_(size) _Deref_pre_readonly_) - -// nullterminated valid buffer extent described by a constant extression -#define _In_z_count_c_(size) _SAL1_1_Source_(_In_z_count_c_, (size), _Pre_z_ _Pre_count_c_(size) _Deref_pre_readonly_) -#define _In_opt_z_count_c_(size) _SAL1_1_Source_(_In_opt_z_count_c_, (size), _Pre_opt_z_ _Pre_opt_count_c_(size) _Deref_pre_readonly_) -#define _In_z_bytecount_c_(size) _SAL1_1_Source_(_In_z_bytecount_c_, (size), _Pre_z_ _Pre_bytecount_c_(size) _Deref_pre_readonly_) -#define _In_opt_z_bytecount_c_(size) _SAL1_1_Source_(_In_opt_z_bytecount_c_, (size), _Pre_opt_z_ _Pre_opt_bytecount_c_(size) _Deref_pre_readonly_) - -// buffer capacity is described by another pointer -// e.g. void Foo( _In_ptrdiff_count_(pchMax) const char* pch, const char* pchMax ) { while pch < pchMax ) pch++; } -#define _In_ptrdiff_count_(size) _SAL1_1_Source_(_In_ptrdiff_count_, (size), _Pre_ptrdiff_count_(size) _Deref_pre_readonly_) -#define _In_opt_ptrdiff_count_(size) _SAL1_1_Source_(_In_opt_ptrdiff_count_, (size), _Pre_opt_ptrdiff_count_(size) _Deref_pre_readonly_) - -// 'x' version for complex expressions that are not supported by the current compiler version -// e.g. void Set3ColMatrix( _In_count_x_(3*cRows) const Elem* matrix, int cRows ); -#define _In_count_x_(size) _SAL1_1_Source_(_In_count_x_, (size), _Pre_count_x_(size) _Deref_pre_readonly_) -#define _In_opt_count_x_(size) _SAL1_1_Source_(_In_opt_count_x_, (size), _Pre_opt_count_x_(size) _Deref_pre_readonly_) -#define _In_bytecount_x_(size) _SAL1_1_Source_(_In_bytecount_x_, (size), _Pre_bytecount_x_(size) _Deref_pre_readonly_) -#define _In_opt_bytecount_x_(size) _SAL1_1_Source_(_In_opt_bytecount_x_, (size), _Pre_opt_bytecount_x_(size) _Deref_pre_readonly_) - - -// 'out' with buffer size -// e.g. void GetIndeces( _Out_cap_(cIndeces) int* rgIndeces, size_t cIndices ); -// buffer capacity is described by another parameter -#define _Out_cap_(size) _SAL1_1_Source_(_Out_cap_, (size), _Pre_cap_(size) _Post_valid_impl_) -#define _Out_opt_cap_(size) _SAL1_1_Source_(_Out_opt_cap_, (size), _Pre_opt_cap_(size) _Post_valid_impl_) -#define _Out_bytecap_(size) _SAL1_1_Source_(_Out_bytecap_, (size), _Pre_bytecap_(size) _Post_valid_impl_) -#define _Out_opt_bytecap_(size) _SAL1_1_Source_(_Out_opt_bytecap_, (size), _Pre_opt_bytecap_(size) _Post_valid_impl_) - -// buffer capacity is described by a constant expression -#define _Out_cap_c_(size) _SAL1_1_Source_(_Out_cap_c_, (size), _Pre_cap_c_(size) _Post_valid_impl_) -#define _Out_opt_cap_c_(size) _SAL1_1_Source_(_Out_opt_cap_c_, (size), _Pre_opt_cap_c_(size) _Post_valid_impl_) -#define _Out_bytecap_c_(size) _SAL1_1_Source_(_Out_bytecap_c_, (size), _Pre_bytecap_c_(size) _Post_valid_impl_) -#define _Out_opt_bytecap_c_(size) _SAL1_1_Source_(_Out_opt_bytecap_c_, (size), _Pre_opt_bytecap_c_(size) _Post_valid_impl_) - -// buffer capacity is described by another parameter multiplied by a constant expression -#define _Out_cap_m_(mult,size) _SAL1_1_Source_(_Out_cap_m_, (mult,size), _Pre_cap_m_(mult,size) _Post_valid_impl_) -#define _Out_opt_cap_m_(mult,size) _SAL1_1_Source_(_Out_opt_cap_m_, (mult,size), _Pre_opt_cap_m_(mult,size) _Post_valid_impl_) -#define _Out_z_cap_m_(mult,size) _SAL1_1_Source_(_Out_z_cap_m_, (mult,size), _Pre_cap_m_(mult,size) _Post_valid_impl_ _Post_z_) -#define _Out_opt_z_cap_m_(mult,size) _SAL1_1_Source_(_Out_opt_z_cap_m_, (mult,size), _Pre_opt_cap_m_(mult,size) _Post_valid_impl_ _Post_z_) - -// buffer capacity is described by another pointer -// e.g. void Foo( _Out_ptrdiff_cap_(pchMax) char* pch, const char* pchMax ) { while pch < pchMax ) pch++; } -#define _Out_ptrdiff_cap_(size) _SAL1_1_Source_(_Out_ptrdiff_cap_, (size), _Pre_ptrdiff_cap_(size) _Post_valid_impl_) -#define _Out_opt_ptrdiff_cap_(size) _SAL1_1_Source_(_Out_opt_ptrdiff_cap_, (size), _Pre_opt_ptrdiff_cap_(size) _Post_valid_impl_) - -// buffer capacity is described by a complex expression -#define _Out_cap_x_(size) _SAL1_1_Source_(_Out_cap_x_, (size), _Pre_cap_x_(size) _Post_valid_impl_) -#define _Out_opt_cap_x_(size) _SAL1_1_Source_(_Out_opt_cap_x_, (size), _Pre_opt_cap_x_(size) _Post_valid_impl_) -#define _Out_bytecap_x_(size) _SAL1_1_Source_(_Out_bytecap_x_, (size), _Pre_bytecap_x_(size) _Post_valid_impl_) -#define _Out_opt_bytecap_x_(size) _SAL1_1_Source_(_Out_opt_bytecap_x_, (size), _Pre_opt_bytecap_x_(size) _Post_valid_impl_) - -// a zero terminated string is filled into a buffer of given capacity -// e.g. void CopyStr( _In_z_ const char* szFrom, _Out_z_cap_(cchTo) char* szTo, size_t cchTo ); -// buffer capacity is described by another parameter -#define _Out_z_cap_(size) _SAL1_1_Source_(_Out_z_cap_, (size), _Pre_cap_(size) _Post_valid_impl_ _Post_z_) -#define _Out_opt_z_cap_(size) _SAL1_1_Source_(_Out_opt_z_cap_, (size), _Pre_opt_cap_(size) _Post_valid_impl_ _Post_z_) -#define _Out_z_bytecap_(size) _SAL1_1_Source_(_Out_z_bytecap_, (size), _Pre_bytecap_(size) _Post_valid_impl_ _Post_z_) -#define _Out_opt_z_bytecap_(size) _SAL1_1_Source_(_Out_opt_z_bytecap_, (size), _Pre_opt_bytecap_(size) _Post_valid_impl_ _Post_z_) - -// buffer capacity is described by a constant expression -#define _Out_z_cap_c_(size) _SAL1_1_Source_(_Out_z_cap_c_, (size), _Pre_cap_c_(size) _Post_valid_impl_ _Post_z_) -#define _Out_opt_z_cap_c_(size) _SAL1_1_Source_(_Out_opt_z_cap_c_, (size), _Pre_opt_cap_c_(size) _Post_valid_impl_ _Post_z_) -#define _Out_z_bytecap_c_(size) _SAL1_1_Source_(_Out_z_bytecap_c_, (size), _Pre_bytecap_c_(size) _Post_valid_impl_ _Post_z_) -#define _Out_opt_z_bytecap_c_(size) _SAL1_1_Source_(_Out_opt_z_bytecap_c_, (size), _Pre_opt_bytecap_c_(size) _Post_valid_impl_ _Post_z_) - -// buffer capacity is described by a complex expression -#define _Out_z_cap_x_(size) _SAL1_1_Source_(_Out_z_cap_x_, (size), _Pre_cap_x_(size) _Post_valid_impl_ _Post_z_) -#define _Out_opt_z_cap_x_(size) _SAL1_1_Source_(_Out_opt_z_cap_x_, (size), _Pre_opt_cap_x_(size) _Post_valid_impl_ _Post_z_) -#define _Out_z_bytecap_x_(size) _SAL1_1_Source_(_Out_z_bytecap_x_, (size), _Pre_bytecap_x_(size) _Post_valid_impl_ _Post_z_) -#define _Out_opt_z_bytecap_x_(size) _SAL1_1_Source_(_Out_opt_z_bytecap_x_, (size), _Pre_opt_bytecap_x_(size) _Post_valid_impl_ _Post_z_) - -// a zero terminated string is filled into a buffer of given capacity -// e.g. size_t CopyCharRange( _In_count_(cchFrom) const char* rgchFrom, size_t cchFrom, _Out_cap_post_count_(cchTo,return)) char* rgchTo, size_t cchTo ); -#define _Out_cap_post_count_(cap,count) _SAL1_1_Source_(_Out_cap_post_count_, (cap,count), _Pre_cap_(cap) _Post_valid_impl_ _Post_count_(count)) -#define _Out_opt_cap_post_count_(cap,count) _SAL1_1_Source_(_Out_opt_cap_post_count_, (cap,count), _Pre_opt_cap_(cap) _Post_valid_impl_ _Post_count_(count)) -#define _Out_bytecap_post_bytecount_(cap,count) _SAL1_1_Source_(_Out_bytecap_post_bytecount_, (cap,count), _Pre_bytecap_(cap) _Post_valid_impl_ _Post_bytecount_(count)) -#define _Out_opt_bytecap_post_bytecount_(cap,count) _SAL1_1_Source_(_Out_opt_bytecap_post_bytecount_, (cap,count), _Pre_opt_bytecap_(cap) _Post_valid_impl_ _Post_bytecount_(count)) - -// a zero terminated string is filled into a buffer of given capacity -// e.g. size_t CopyStr( _In_z_ const char* szFrom, _Out_z_cap_post_count_(cchTo,return+1) char* szTo, size_t cchTo ); -#define _Out_z_cap_post_count_(cap,count) _SAL1_1_Source_(_Out_z_cap_post_count_, (cap,count), _Pre_cap_(cap) _Post_valid_impl_ _Post_z_count_(count)) -#define _Out_opt_z_cap_post_count_(cap,count) _SAL1_1_Source_(_Out_opt_z_cap_post_count_, (cap,count), _Pre_opt_cap_(cap) _Post_valid_impl_ _Post_z_count_(count)) -#define _Out_z_bytecap_post_bytecount_(cap,count) _SAL1_1_Source_(_Out_z_bytecap_post_bytecount_, (cap,count), _Pre_bytecap_(cap) _Post_valid_impl_ _Post_z_bytecount_(count)) -#define _Out_opt_z_bytecap_post_bytecount_(cap,count) _SAL1_1_Source_(_Out_opt_z_bytecap_post_bytecount_, (cap,count), _Pre_opt_bytecap_(cap) _Post_valid_impl_ _Post_z_bytecount_(count)) - -// only use with dereferenced arguments e.g. '*pcch' -#define _Out_capcount_(capcount) _SAL1_1_Source_(_Out_capcount_, (capcount), _Pre_cap_(capcount) _Post_valid_impl_ _Post_count_(capcount)) -#define _Out_opt_capcount_(capcount) _SAL1_1_Source_(_Out_opt_capcount_, (capcount), _Pre_opt_cap_(capcount) _Post_valid_impl_ _Post_count_(capcount)) -#define _Out_bytecapcount_(capcount) _SAL1_1_Source_(_Out_bytecapcount_, (capcount), _Pre_bytecap_(capcount) _Post_valid_impl_ _Post_bytecount_(capcount)) -#define _Out_opt_bytecapcount_(capcount) _SAL1_1_Source_(_Out_opt_bytecapcount_, (capcount), _Pre_opt_bytecap_(capcount) _Post_valid_impl_ _Post_bytecount_(capcount)) - -#define _Out_capcount_x_(capcount) _SAL1_1_Source_(_Out_capcount_x_, (capcount), _Pre_cap_x_(capcount) _Post_valid_impl_ _Post_count_x_(capcount)) -#define _Out_opt_capcount_x_(capcount) _SAL1_1_Source_(_Out_opt_capcount_x_, (capcount), _Pre_opt_cap_x_(capcount) _Post_valid_impl_ _Post_count_x_(capcount)) -#define _Out_bytecapcount_x_(capcount) _SAL1_1_Source_(_Out_bytecapcount_x_, (capcount), _Pre_bytecap_x_(capcount) _Post_valid_impl_ _Post_bytecount_x_(capcount)) -#define _Out_opt_bytecapcount_x_(capcount) _SAL1_1_Source_(_Out_opt_bytecapcount_x_, (capcount), _Pre_opt_bytecap_x_(capcount) _Post_valid_impl_ _Post_bytecount_x_(capcount)) - -// e.g. GetString( _Out_z_capcount_(*pLen+1) char* sz, size_t* pLen ); -#define _Out_z_capcount_(capcount) _SAL1_1_Source_(_Out_z_capcount_, (capcount), _Pre_cap_(capcount) _Post_valid_impl_ _Post_z_count_(capcount)) -#define _Out_opt_z_capcount_(capcount) _SAL1_1_Source_(_Out_opt_z_capcount_, (capcount), _Pre_opt_cap_(capcount) _Post_valid_impl_ _Post_z_count_(capcount)) -#define _Out_z_bytecapcount_(capcount) _SAL1_1_Source_(_Out_z_bytecapcount_, (capcount), _Pre_bytecap_(capcount) _Post_valid_impl_ _Post_z_bytecount_(capcount)) -#define _Out_opt_z_bytecapcount_(capcount) _SAL1_1_Source_(_Out_opt_z_bytecapcount_, (capcount), _Pre_opt_bytecap_(capcount) _Post_valid_impl_ _Post_z_bytecount_(capcount)) - - -// 'inout' buffers with initialized elements before and after the call -// e.g. void ModifyIndices( _Inout_count_(cIndices) int* rgIndeces, size_t cIndices ); -#define _Inout_count_(size) _SAL1_1_Source_(_Inout_count_, (size), _Prepost_count_(size)) -#define _Inout_opt_count_(size) _SAL1_1_Source_(_Inout_opt_count_, (size), _Prepost_opt_count_(size)) -#define _Inout_bytecount_(size) _SAL1_1_Source_(_Inout_bytecount_, (size), _Prepost_bytecount_(size)) -#define _Inout_opt_bytecount_(size) _SAL1_1_Source_(_Inout_opt_bytecount_, (size), _Prepost_opt_bytecount_(size)) - -#define _Inout_count_c_(size) _SAL1_1_Source_(_Inout_count_c_, (size), _Prepost_count_c_(size)) -#define _Inout_opt_count_c_(size) _SAL1_1_Source_(_Inout_opt_count_c_, (size), _Prepost_opt_count_c_(size)) -#define _Inout_bytecount_c_(size) _SAL1_1_Source_(_Inout_bytecount_c_, (size), _Prepost_bytecount_c_(size)) -#define _Inout_opt_bytecount_c_(size) _SAL1_1_Source_(_Inout_opt_bytecount_c_, (size), _Prepost_opt_bytecount_c_(size)) - -// nullterminated 'inout' buffers with initialized elements before and after the call -// e.g. void ModifyIndices( _Inout_count_(cIndices) int* rgIndeces, size_t cIndices ); -#define _Inout_z_count_(size) _SAL1_1_Source_(_Inout_z_count_, (size), _Prepost_z_ _Prepost_count_(size)) -#define _Inout_opt_z_count_(size) _SAL1_1_Source_(_Inout_opt_z_count_, (size), _Prepost_z_ _Prepost_opt_count_(size)) -#define _Inout_z_bytecount_(size) _SAL1_1_Source_(_Inout_z_bytecount_, (size), _Prepost_z_ _Prepost_bytecount_(size)) -#define _Inout_opt_z_bytecount_(size) _SAL1_1_Source_(_Inout_opt_z_bytecount_, (size), _Prepost_z_ _Prepost_opt_bytecount_(size)) - -#define _Inout_z_count_c_(size) _SAL1_1_Source_(_Inout_z_count_c_, (size), _Prepost_z_ _Prepost_count_c_(size)) -#define _Inout_opt_z_count_c_(size) _SAL1_1_Source_(_Inout_opt_z_count_c_, (size), _Prepost_z_ _Prepost_opt_count_c_(size)) -#define _Inout_z_bytecount_c_(size) _SAL1_1_Source_(_Inout_z_bytecount_c_, (size), _Prepost_z_ _Prepost_bytecount_c_(size)) -#define _Inout_opt_z_bytecount_c_(size) _SAL1_1_Source_(_Inout_opt_z_bytecount_c_, (size), _Prepost_z_ _Prepost_opt_bytecount_c_(size)) - -#define _Inout_ptrdiff_count_(size) _SAL1_1_Source_(_Inout_ptrdiff_count_, (size), _Pre_ptrdiff_count_(size)) -#define _Inout_opt_ptrdiff_count_(size) _SAL1_1_Source_(_Inout_opt_ptrdiff_count_, (size), _Pre_opt_ptrdiff_count_(size)) - -#define _Inout_count_x_(size) _SAL1_1_Source_(_Inout_count_x_, (size), _Prepost_count_x_(size)) -#define _Inout_opt_count_x_(size) _SAL1_1_Source_(_Inout_opt_count_x_, (size), _Prepost_opt_count_x_(size)) -#define _Inout_bytecount_x_(size) _SAL1_1_Source_(_Inout_bytecount_x_, (size), _Prepost_bytecount_x_(size)) -#define _Inout_opt_bytecount_x_(size) _SAL1_1_Source_(_Inout_opt_bytecount_x_, (size), _Prepost_opt_bytecount_x_(size)) - -// e.g. void AppendToLPSTR( _In_ LPCSTR szFrom, _Inout_cap_(cchTo) LPSTR* szTo, size_t cchTo ); -#define _Inout_cap_(size) _SAL1_1_Source_(_Inout_cap_, (size), _Pre_valid_cap_(size) _Post_valid_) -#define _Inout_opt_cap_(size) _SAL1_1_Source_(_Inout_opt_cap_, (size), _Pre_opt_valid_cap_(size) _Post_valid_) -#define _Inout_bytecap_(size) _SAL1_1_Source_(_Inout_bytecap_, (size), _Pre_valid_bytecap_(size) _Post_valid_) -#define _Inout_opt_bytecap_(size) _SAL1_1_Source_(_Inout_opt_bytecap_, (size), _Pre_opt_valid_bytecap_(size) _Post_valid_) - -#define _Inout_cap_c_(size) _SAL1_1_Source_(_Inout_cap_c_, (size), _Pre_valid_cap_c_(size) _Post_valid_) -#define _Inout_opt_cap_c_(size) _SAL1_1_Source_(_Inout_opt_cap_c_, (size), _Pre_opt_valid_cap_c_(size) _Post_valid_) -#define _Inout_bytecap_c_(size) _SAL1_1_Source_(_Inout_bytecap_c_, (size), _Pre_valid_bytecap_c_(size) _Post_valid_) -#define _Inout_opt_bytecap_c_(size) _SAL1_1_Source_(_Inout_opt_bytecap_c_, (size), _Pre_opt_valid_bytecap_c_(size) _Post_valid_) - -#define _Inout_cap_x_(size) _SAL1_1_Source_(_Inout_cap_x_, (size), _Pre_valid_cap_x_(size) _Post_valid_) -#define _Inout_opt_cap_x_(size) _SAL1_1_Source_(_Inout_opt_cap_x_, (size), _Pre_opt_valid_cap_x_(size) _Post_valid_) -#define _Inout_bytecap_x_(size) _SAL1_1_Source_(_Inout_bytecap_x_, (size), _Pre_valid_bytecap_x_(size) _Post_valid_) -#define _Inout_opt_bytecap_x_(size) _SAL1_1_Source_(_Inout_opt_bytecap_x_, (size), _Pre_opt_valid_bytecap_x_(size) _Post_valid_) - -// inout string buffers with writable size -// e.g. void AppendStr( _In_z_ const char* szFrom, _Inout_z_cap_(cchTo) char* szTo, size_t cchTo ); -#define _Inout_z_cap_(size) _SAL1_1_Source_(_Inout_z_cap_, (size), _Pre_z_cap_(size) _Post_z_) -#define _Inout_opt_z_cap_(size) _SAL1_1_Source_(_Inout_opt_z_cap_, (size), _Pre_opt_z_cap_(size) _Post_z_) -#define _Inout_z_bytecap_(size) _SAL1_1_Source_(_Inout_z_bytecap_, (size), _Pre_z_bytecap_(size) _Post_z_) -#define _Inout_opt_z_bytecap_(size) _SAL1_1_Source_(_Inout_opt_z_bytecap_, (size), _Pre_opt_z_bytecap_(size) _Post_z_) - -#define _Inout_z_cap_c_(size) _SAL1_1_Source_(_Inout_z_cap_c_, (size), _Pre_z_cap_c_(size) _Post_z_) -#define _Inout_opt_z_cap_c_(size) _SAL1_1_Source_(_Inout_opt_z_cap_c_, (size), _Pre_opt_z_cap_c_(size) _Post_z_) -#define _Inout_z_bytecap_c_(size) _SAL1_1_Source_(_Inout_z_bytecap_c_, (size), _Pre_z_bytecap_c_(size) _Post_z_) -#define _Inout_opt_z_bytecap_c_(size) _SAL1_1_Source_(_Inout_opt_z_bytecap_c_, (size), _Pre_opt_z_bytecap_c_(size) _Post_z_) - -#define _Inout_z_cap_x_(size) _SAL1_1_Source_(_Inout_z_cap_x_, (size), _Pre_z_cap_x_(size) _Post_z_) -#define _Inout_opt_z_cap_x_(size) _SAL1_1_Source_(_Inout_opt_z_cap_x_, (size), _Pre_opt_z_cap_x_(size) _Post_z_) -#define _Inout_z_bytecap_x_(size) _SAL1_1_Source_(_Inout_z_bytecap_x_, (size), _Pre_z_bytecap_x_(size) _Post_z_) -#define _Inout_opt_z_bytecap_x_(size) _SAL1_1_Source_(_Inout_opt_z_bytecap_x_, (size), _Pre_opt_z_bytecap_x_(size) _Post_z_) - - -// returning pointers to valid objects -#define _Ret_ _SAL1_1_Source_(_Ret_, (), _Ret_valid_) -#define _Ret_opt_ _SAL1_1_Source_(_Ret_opt_, (), _Ret_opt_valid_) - -// annotations to express 'boundedness' of integral value parameter -#define _In_bound_ _SAL1_1_Source_(_In_bound_, (), _In_bound_impl_) -#define _Out_bound_ _SAL1_1_Source_(_Out_bound_, (), _Out_bound_impl_) -#define _Ret_bound_ _SAL1_1_Source_(_Ret_bound_, (), _Ret_bound_impl_) -#define _Deref_in_bound_ _SAL1_1_Source_(_Deref_in_bound_, (), _Deref_in_bound_impl_) -#define _Deref_out_bound_ _SAL1_1_Source_(_Deref_out_bound_, (), _Deref_out_bound_impl_) -#define _Deref_inout_bound_ _SAL1_1_Source_(_Deref_inout_bound_, (), _Deref_in_bound_ _Deref_out_bound_) -#define _Deref_ret_bound_ _SAL1_1_Source_(_Deref_ret_bound_, (), _Deref_ret_bound_impl_) - -// e.g. HRESULT HrCreatePoint( _Deref_out_opt_ POINT** ppPT ); -#define _Deref_out_ _SAL1_1_Source_(_Deref_out_, (), _Out_ _Deref_post_valid_) -#define _Deref_out_opt_ _SAL1_1_Source_(_Deref_out_opt_, (), _Out_ _Deref_post_opt_valid_) -#define _Deref_opt_out_ _SAL1_1_Source_(_Deref_opt_out_, (), _Out_opt_ _Deref_post_valid_) -#define _Deref_opt_out_opt_ _SAL1_1_Source_(_Deref_opt_out_opt_, (), _Out_opt_ _Deref_post_opt_valid_) - -// e.g. void CloneString( _In_z_ const WCHAR* wzFrom, _Deref_out_z_ WCHAR** pWzTo ); -#define _Deref_out_z_ _SAL1_1_Source_(_Deref_out_z_, (), _Out_ _Deref_post_z_) -#define _Deref_out_opt_z_ _SAL1_1_Source_(_Deref_out_opt_z_, (), _Out_ _Deref_post_opt_z_) -#define _Deref_opt_out_z_ _SAL1_1_Source_(_Deref_opt_out_z_, (), _Out_opt_ _Deref_post_z_) -#define _Deref_opt_out_opt_z_ _SAL1_1_Source_(_Deref_opt_out_opt_z_, (), _Out_opt_ _Deref_post_opt_z_) - -// -// _Deref_pre_ --- -// -// describing conditions for array elements of dereferenced pointer parameters that must be met before the call - -// e.g. void SaveStringArray( _In_count_(cStrings) _Deref_pre_z_ const WCHAR* const rgpwch[] ); -#define _Deref_pre_z_ _SAL1_1_Source_(_Deref_pre_z_, (), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__zterm_impl) _Pre_valid_impl_) -#define _Deref_pre_opt_z_ _SAL1_1_Source_(_Deref_pre_opt_z_, (), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__zterm_impl) _Pre_valid_impl_) - -// e.g. void FillInArrayOfStr32( _In_count_(cStrings) _Deref_pre_cap_c_(32) _Deref_post_z_ WCHAR* const rgpwch[] ); -// buffer capacity is described by another parameter -#define _Deref_pre_cap_(size) _SAL1_1_Source_(_Deref_pre_cap_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__cap_impl(size))) -#define _Deref_pre_opt_cap_(size) _SAL1_1_Source_(_Deref_pre_opt_cap_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__cap_impl(size))) -#define _Deref_pre_bytecap_(size) _SAL1_1_Source_(_Deref_pre_bytecap_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecap_impl(size))) -#define _Deref_pre_opt_bytecap_(size) _SAL1_1_Source_(_Deref_pre_opt_bytecap_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecap_impl(size))) - -// buffer capacity is described by a constant expression -#define _Deref_pre_cap_c_(size) _SAL1_1_Source_(_Deref_pre_cap_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__cap_c_impl(size))) -#define _Deref_pre_opt_cap_c_(size) _SAL1_1_Source_(_Deref_pre_opt_cap_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__cap_c_impl(size))) -#define _Deref_pre_bytecap_c_(size) _SAL1_1_Source_(_Deref_pre_bytecap_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecap_c_impl(size))) -#define _Deref_pre_opt_bytecap_c_(size) _SAL1_1_Source_(_Deref_pre_opt_bytecap_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecap_c_impl(size))) - -// buffer capacity is described by a complex condition -#define _Deref_pre_cap_x_(size) _SAL1_1_Source_(_Deref_pre_cap_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__cap_x_impl(size))) -#define _Deref_pre_opt_cap_x_(size) _SAL1_1_Source_(_Deref_pre_opt_cap_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__cap_x_impl(size))) -#define _Deref_pre_bytecap_x_(size) _SAL1_1_Source_(_Deref_pre_bytecap_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecap_x_impl(size))) -#define _Deref_pre_opt_bytecap_x_(size) _SAL1_1_Source_(_Deref_pre_opt_bytecap_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecap_x_impl(size))) - -// convenience macros for nullterminated buffers with given capacity -#define _Deref_pre_z_cap_(size) _SAL1_1_Source_(_Deref_pre_z_cap_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__cap_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_z_cap_(size) _SAL1_1_Source_(_Deref_pre_opt_z_cap_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__cap_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_z_bytecap_(size) _SAL1_1_Source_(_Deref_pre_z_bytecap_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__bytecap_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_z_bytecap_(size) _SAL1_1_Source_(_Deref_pre_opt_z_bytecap_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__bytecap_impl(size)) _Pre_valid_impl_) - -#define _Deref_pre_z_cap_c_(size) _SAL1_1_Source_(_Deref_pre_z_cap_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__cap_c_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_z_cap_c_(size) _SAL1_1_Source_(_Deref_pre_opt_z_cap_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__cap_c_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_z_bytecap_c_(size) _SAL1_1_Source_(_Deref_pre_z_bytecap_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__bytecap_c_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_z_bytecap_c_(size) _SAL1_1_Source_(_Deref_pre_opt_z_bytecap_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__bytecap_c_impl(size)) _Pre_valid_impl_) - -#define _Deref_pre_z_cap_x_(size) _SAL1_1_Source_(_Deref_pre_z_cap_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__cap_x_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_z_cap_x_(size) _SAL1_1_Source_(_Deref_pre_opt_z_cap_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__cap_x_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_z_bytecap_x_(size) _SAL1_1_Source_(_Deref_pre_z_bytecap_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__bytecap_x_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_z_bytecap_x_(size) _SAL1_1_Source_(_Deref_pre_opt_z_bytecap_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__bytecap_x_impl(size)) _Pre_valid_impl_) - -// known capacity and valid but unknown readable extent -#define _Deref_pre_valid_cap_(size) _SAL1_1_Source_(_Deref_pre_valid_cap_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__cap_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_valid_cap_(size) _SAL1_1_Source_(_Deref_pre_opt_valid_cap_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__cap_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_valid_bytecap_(size) _SAL1_1_Source_(_Deref_pre_valid_bytecap_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecap_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_valid_bytecap_(size) _SAL1_1_Source_(_Deref_pre_opt_valid_bytecap_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecap_impl(size)) _Pre_valid_impl_) - -#define _Deref_pre_valid_cap_c_(size) _SAL1_1_Source_(_Deref_pre_valid_cap_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__cap_c_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_valid_cap_c_(size) _SAL1_1_Source_(_Deref_pre_opt_valid_cap_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__cap_c_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_valid_bytecap_c_(size) _SAL1_1_Source_(_Deref_pre_valid_bytecap_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecap_c_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_valid_bytecap_c_(size) _SAL1_1_Source_(_Deref_pre_opt_valid_bytecap_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecap_c_impl(size)) _Pre_valid_impl_) - -#define _Deref_pre_valid_cap_x_(size) _SAL1_1_Source_(_Deref_pre_valid_cap_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__cap_x_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_valid_cap_x_(size) _SAL1_1_Source_(_Deref_pre_opt_valid_cap_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__cap_x_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_valid_bytecap_x_(size) _SAL1_1_Source_(_Deref_pre_valid_bytecap_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecap_x_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_valid_bytecap_x_(size) _SAL1_1_Source_(_Deref_pre_opt_valid_bytecap_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecap_x_impl(size)) _Pre_valid_impl_) - -// e.g. void SaveMatrix( _In_count_(n) _Deref_pre_count_(n) const Elem** matrix, size_t n ); -// valid buffer extent is described by another parameter -#define _Deref_pre_count_(size) _SAL1_1_Source_(_Deref_pre_count_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__count_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_count_(size) _SAL1_1_Source_(_Deref_pre_opt_count_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__count_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_bytecount_(size) _SAL1_1_Source_(_Deref_pre_bytecount_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecount_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_bytecount_(size) _SAL1_1_Source_(_Deref_pre_opt_bytecount_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecount_impl(size)) _Pre_valid_impl_) - -// valid buffer extent is described by a constant expression -#define _Deref_pre_count_c_(size) _SAL1_1_Source_(_Deref_pre_count_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__count_c_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_count_c_(size) _SAL1_1_Source_(_Deref_pre_opt_count_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__count_c_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_bytecount_c_(size) _SAL1_1_Source_(_Deref_pre_bytecount_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecount_c_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_bytecount_c_(size) _SAL1_1_Source_(_Deref_pre_opt_bytecount_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecount_c_impl(size)) _Pre_valid_impl_) - -// valid buffer extent is described by a complex expression -#define _Deref_pre_count_x_(size) _SAL1_1_Source_(_Deref_pre_count_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__count_x_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_count_x_(size) _SAL1_1_Source_(_Deref_pre_opt_count_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__count_x_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_bytecount_x_(size) _SAL1_1_Source_(_Deref_pre_bytecount_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecount_x_impl(size)) _Pre_valid_impl_) -#define _Deref_pre_opt_bytecount_x_(size) _SAL1_1_Source_(_Deref_pre_opt_bytecount_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecount_x_impl(size)) _Pre_valid_impl_) - -// e.g. void PrintStringArray( _In_count_(cElems) _Deref_pre_valid_ LPCSTR rgStr[], size_t cElems ); -#define _Deref_pre_valid_ _SAL1_1_Source_(_Deref_pre_valid_, (), _Deref_pre1_impl_(__notnull_impl_notref) _Pre_valid_impl_) -#define _Deref_pre_opt_valid_ _SAL1_1_Source_(_Deref_pre_opt_valid_, (), _Deref_pre1_impl_(__maybenull_impl_notref) _Pre_valid_impl_) -#define _Deref_pre_invalid_ _SAL1_1_Source_(_Deref_pre_invalid_, (), _Deref_pre1_impl_(__notvalid_impl)) - -#define _Deref_pre_notnull_ _SAL1_1_Source_(_Deref_pre_notnull_, (), _Deref_pre1_impl_(__notnull_impl_notref)) -#define _Deref_pre_maybenull_ _SAL1_1_Source_(_Deref_pre_maybenull_, (), _Deref_pre1_impl_(__maybenull_impl_notref)) -#define _Deref_pre_null_ _SAL1_1_Source_(_Deref_pre_null_, (), _Deref_pre1_impl_(__null_impl_notref)) - -// restrict access rights -#define _Deref_pre_readonly_ _SAL1_1_Source_(_Deref_pre_readonly_, (), _Deref_pre1_impl_(__readaccess_impl_notref)) -#define _Deref_pre_writeonly_ _SAL1_1_Source_(_Deref_pre_writeonly_, (), _Deref_pre1_impl_(__writeaccess_impl_notref)) - -// -// _Deref_post_ --- -// -// describing conditions for array elements or dereferenced pointer parameters that hold after the call - -// e.g. void CloneString( _In_z_ const Wchar_t* wzIn _Out_ _Deref_post_z_ WCHAR** pWzOut ); -#define _Deref_post_z_ _SAL1_1_Source_(_Deref_post_z_, (), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__zterm_impl) _Post_valid_impl_) -#define _Deref_post_opt_z_ _SAL1_1_Source_(_Deref_post_opt_z_, (), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__zterm_impl) _Post_valid_impl_) - -// e.g. HRESULT HrAllocateMemory( size_t cb, _Out_ _Deref_post_bytecap_(cb) void** ppv ); -// buffer capacity is described by another parameter -#define _Deref_post_cap_(size) _SAL1_1_Source_(_Deref_post_cap_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__cap_impl(size))) -#define _Deref_post_opt_cap_(size) _SAL1_1_Source_(_Deref_post_opt_cap_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__cap_impl(size))) -#define _Deref_post_bytecap_(size) _SAL1_1_Source_(_Deref_post_bytecap_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecap_impl(size))) -#define _Deref_post_opt_bytecap_(size) _SAL1_1_Source_(_Deref_post_opt_bytecap_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecap_impl(size))) - -// buffer capacity is described by a constant expression -#define _Deref_post_cap_c_(size) _SAL1_1_Source_(_Deref_post_cap_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__cap_c_impl(size))) -#define _Deref_post_opt_cap_c_(size) _SAL1_1_Source_(_Deref_post_opt_cap_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__cap_c_impl(size))) -#define _Deref_post_bytecap_c_(size) _SAL1_1_Source_(_Deref_post_bytecap_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecap_c_impl(size))) -#define _Deref_post_opt_bytecap_c_(size) _SAL1_1_Source_(_Deref_post_opt_bytecap_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecap_c_impl(size))) - -// buffer capacity is described by a complex expression -#define _Deref_post_cap_x_(size) _SAL1_1_Source_(_Deref_post_cap_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__cap_x_impl(size))) -#define _Deref_post_opt_cap_x_(size) _SAL1_1_Source_(_Deref_post_opt_cap_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__cap_x_impl(size))) -#define _Deref_post_bytecap_x_(size) _SAL1_1_Source_(_Deref_post_bytecap_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecap_x_impl(size))) -#define _Deref_post_opt_bytecap_x_(size) _SAL1_1_Source_(_Deref_post_opt_bytecap_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecap_x_impl(size))) - -// convenience macros for nullterminated buffers with given capacity -#define _Deref_post_z_cap_(size) _SAL1_1_Source_(_Deref_post_z_cap_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post2_impl_(__zterm_impl,__cap_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_z_cap_(size) _SAL1_1_Source_(_Deref_post_opt_z_cap_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post2_impl_(__zterm_impl,__cap_impl(size)) _Post_valid_impl_) -#define _Deref_post_z_bytecap_(size) _SAL1_1_Source_(_Deref_post_z_bytecap_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post2_impl_(__zterm_impl,__bytecap_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_z_bytecap_(size) _SAL1_1_Source_(_Deref_post_opt_z_bytecap_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post2_impl_(__zterm_impl,__bytecap_impl(size)) _Post_valid_impl_) - -#define _Deref_post_z_cap_c_(size) _SAL1_1_Source_(_Deref_post_z_cap_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post2_impl_(__zterm_impl,__cap_c_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_z_cap_c_(size) _SAL1_1_Source_(_Deref_post_opt_z_cap_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post2_impl_(__zterm_impl,__cap_c_impl(size)) _Post_valid_impl_) -#define _Deref_post_z_bytecap_c_(size) _SAL1_1_Source_(_Deref_post_z_bytecap_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post2_impl_(__zterm_impl,__bytecap_c_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_z_bytecap_c_(size) _SAL1_1_Source_(_Deref_post_opt_z_bytecap_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post2_impl_(__zterm_impl,__bytecap_c_impl(size)) _Post_valid_impl_) - -#define _Deref_post_z_cap_x_(size) _SAL1_1_Source_(_Deref_post_z_cap_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post2_impl_(__zterm_impl,__cap_x_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_z_cap_x_(size) _SAL1_1_Source_(_Deref_post_opt_z_cap_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post2_impl_(__zterm_impl,__cap_x_impl(size)) _Post_valid_impl_) -#define _Deref_post_z_bytecap_x_(size) _SAL1_1_Source_(_Deref_post_z_bytecap_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post2_impl_(__zterm_impl,__bytecap_x_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_z_bytecap_x_(size) _SAL1_1_Source_(_Deref_post_opt_z_bytecap_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post2_impl_(__zterm_impl,__bytecap_x_impl(size)) _Post_valid_impl_) - -// known capacity and valid but unknown readable extent -#define _Deref_post_valid_cap_(size) _SAL1_1_Source_(_Deref_post_valid_cap_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__cap_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_valid_cap_(size) _SAL1_1_Source_(_Deref_post_opt_valid_cap_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__cap_impl(size)) _Post_valid_impl_) -#define _Deref_post_valid_bytecap_(size) _SAL1_1_Source_(_Deref_post_valid_bytecap_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecap_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_valid_bytecap_(size) _SAL1_1_Source_(_Deref_post_opt_valid_bytecap_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecap_impl(size)) _Post_valid_impl_) - -#define _Deref_post_valid_cap_c_(size) _SAL1_1_Source_(_Deref_post_valid_cap_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__cap_c_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_valid_cap_c_(size) _SAL1_1_Source_(_Deref_post_opt_valid_cap_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__cap_c_impl(size)) _Post_valid_impl_) -#define _Deref_post_valid_bytecap_c_(size) _SAL1_1_Source_(_Deref_post_valid_bytecap_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecap_c_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_valid_bytecap_c_(size) _SAL1_1_Source_(_Deref_post_opt_valid_bytecap_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecap_c_impl(size)) _Post_valid_impl_) - -#define _Deref_post_valid_cap_x_(size) _SAL1_1_Source_(_Deref_post_valid_cap_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__cap_x_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_valid_cap_x_(size) _SAL1_1_Source_(_Deref_post_opt_valid_cap_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__cap_x_impl(size)) _Post_valid_impl_) -#define _Deref_post_valid_bytecap_x_(size) _SAL1_1_Source_(_Deref_post_valid_bytecap_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecap_x_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_valid_bytecap_x_(size) _SAL1_1_Source_(_Deref_post_opt_valid_bytecap_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecap_x_impl(size)) _Post_valid_impl_) - -// e.g. HRESULT HrAllocateZeroInitializedMemory( size_t cb, _Out_ _Deref_post_bytecount_(cb) void** ppv ); -// valid buffer extent is described by another parameter -#define _Deref_post_count_(size) _SAL1_1_Source_(_Deref_post_count_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__count_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_count_(size) _SAL1_1_Source_(_Deref_post_opt_count_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__count_impl(size)) _Post_valid_impl_) -#define _Deref_post_bytecount_(size) _SAL1_1_Source_(_Deref_post_bytecount_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecount_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_bytecount_(size) _SAL1_1_Source_(_Deref_post_opt_bytecount_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecount_impl(size)) _Post_valid_impl_) - -// buffer capacity is described by a constant expression -#define _Deref_post_count_c_(size) _SAL1_1_Source_(_Deref_post_count_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__count_c_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_count_c_(size) _SAL1_1_Source_(_Deref_post_opt_count_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__count_c_impl(size)) _Post_valid_impl_) -#define _Deref_post_bytecount_c_(size) _SAL1_1_Source_(_Deref_post_bytecount_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecount_c_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_bytecount_c_(size) _SAL1_1_Source_(_Deref_post_opt_bytecount_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecount_c_impl(size)) _Post_valid_impl_) - -// buffer capacity is described by a complex expression -#define _Deref_post_count_x_(size) _SAL1_1_Source_(_Deref_post_count_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__count_x_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_count_x_(size) _SAL1_1_Source_(_Deref_post_opt_count_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__count_x_impl(size)) _Post_valid_impl_) -#define _Deref_post_bytecount_x_(size) _SAL1_1_Source_(_Deref_post_bytecount_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecount_x_impl(size)) _Post_valid_impl_) -#define _Deref_post_opt_bytecount_x_(size) _SAL1_1_Source_(_Deref_post_opt_bytecount_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecount_x_impl(size)) _Post_valid_impl_) - -// e.g. void GetStrings( _Out_count_(cElems) _Deref_post_valid_ LPSTR const rgStr[], size_t cElems ); -#define _Deref_post_valid_ _SAL1_1_Source_(_Deref_post_valid_, (), _Deref_post1_impl_(__notnull_impl_notref) _Post_valid_impl_) -#define _Deref_post_opt_valid_ _SAL1_1_Source_(_Deref_post_opt_valid_, (), _Deref_post1_impl_(__maybenull_impl_notref) _Post_valid_impl_) - -#define _Deref_post_notnull_ _SAL1_1_Source_(_Deref_post_notnull_, (), _Deref_post1_impl_(__notnull_impl_notref)) -#define _Deref_post_maybenull_ _SAL1_1_Source_(_Deref_post_maybenull_, (), _Deref_post1_impl_(__maybenull_impl_notref)) -#define _Deref_post_null_ _SAL1_1_Source_(_Deref_post_null_, (), _Deref_post1_impl_(__null_impl_notref)) - -// -// _Deref_ret_ --- -// - -#define _Deref_ret_z_ _SAL1_1_Source_(_Deref_ret_z_, (), _Deref_ret1_impl_(__notnull_impl_notref) _Deref_ret1_impl_(__zterm_impl)) -#define _Deref_ret_opt_z_ _SAL1_1_Source_(_Deref_ret_opt_z_, (), _Deref_ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__zterm_impl)) - -// -// special _Deref_ --- -// -#define _Deref2_pre_readonly_ _SAL1_1_Source_(_Deref2_pre_readonly_, (), _Deref2_pre1_impl_(__readaccess_impl_notref)) - -// -// _Ret_ --- -// - -// e.g. _Ret_opt_valid_ LPSTR void* CloneSTR( _Pre_valid_ LPSTR src ); -#define _Ret_opt_valid_ _SAL1_1_Source_(_Ret_opt_valid_, (), _Ret1_impl_(__maybenull_impl_notref) _Ret_valid_impl_) -#define _Ret_opt_z_ _SAL1_1_Source_(_Ret_opt_z_, (), _Ret2_impl_(__maybenull_impl,__zterm_impl) _Ret_valid_impl_) - -// e.g. _Ret_opt_bytecap_(cb) void* AllocateMemory( size_t cb ); -// Buffer capacity is described by another parameter -#define _Ret_cap_(size) _SAL1_1_Source_(_Ret_cap_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__cap_impl(size))) -#define _Ret_opt_cap_(size) _SAL1_1_Source_(_Ret_opt_cap_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__cap_impl(size))) -#define _Ret_bytecap_(size) _SAL1_1_Source_(_Ret_bytecap_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__bytecap_impl(size))) -#define _Ret_opt_bytecap_(size) _SAL1_1_Source_(_Ret_opt_bytecap_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__bytecap_impl(size))) - -// Buffer capacity is described by a constant expression -#define _Ret_cap_c_(size) _SAL1_1_Source_(_Ret_cap_c_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__cap_c_impl(size))) -#define _Ret_opt_cap_c_(size) _SAL1_1_Source_(_Ret_opt_cap_c_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__cap_c_impl(size))) -#define _Ret_bytecap_c_(size) _SAL1_1_Source_(_Ret_bytecap_c_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__bytecap_c_impl(size))) -#define _Ret_opt_bytecap_c_(size) _SAL1_1_Source_(_Ret_opt_bytecap_c_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__bytecap_c_impl(size))) - -// Buffer capacity is described by a complex condition -#define _Ret_cap_x_(size) _SAL1_1_Source_(_Ret_cap_x_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__cap_x_impl(size))) -#define _Ret_opt_cap_x_(size) _SAL1_1_Source_(_Ret_opt_cap_x_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__cap_x_impl(size))) -#define _Ret_bytecap_x_(size) _SAL1_1_Source_(_Ret_bytecap_x_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__bytecap_x_impl(size))) -#define _Ret_opt_bytecap_x_(size) _SAL1_1_Source_(_Ret_opt_bytecap_x_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__bytecap_x_impl(size))) - -// return value is nullterminated and capacity is given by another parameter -#define _Ret_z_cap_(size) _SAL1_1_Source_(_Ret_z_cap_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret2_impl_(__zterm_impl,__cap_impl(size)) _Ret_valid_impl_) -#define _Ret_opt_z_cap_(size) _SAL1_1_Source_(_Ret_opt_z_cap_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret2_impl_(__zterm_impl,__cap_impl(size)) _Ret_valid_impl_) -#define _Ret_z_bytecap_(size) _SAL1_1_Source_(_Ret_z_bytecap_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret2_impl_(__zterm_impl,__bytecap_impl(size)) _Ret_valid_impl_) -#define _Ret_opt_z_bytecap_(size) _SAL1_1_Source_(_Ret_opt_z_bytecap_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret2_impl_(__zterm_impl,__bytecap_impl(size)) _Ret_valid_impl_) - -// e.g. _Ret_opt_bytecount_(cb) void* AllocateZeroInitializedMemory( size_t cb ); -// Valid Buffer extent is described by another parameter -#define _Ret_count_(size) _SAL1_1_Source_(_Ret_count_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__count_impl(size)) _Ret_valid_impl_) -#define _Ret_opt_count_(size) _SAL1_1_Source_(_Ret_opt_count_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__count_impl(size)) _Ret_valid_impl_) -#define _Ret_bytecount_(size) _SAL1_1_Source_(_Ret_bytecount_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__bytecount_impl(size)) _Ret_valid_impl_) -#define _Ret_opt_bytecount_(size) _SAL1_1_Source_(_Ret_opt_bytecount_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__bytecount_impl(size)) _Ret_valid_impl_) - -// Valid Buffer extent is described by a constant expression -#define _Ret_count_c_(size) _SAL1_1_Source_(_Ret_count_c_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__count_c_impl(size)) _Ret_valid_impl_) -#define _Ret_opt_count_c_(size) _SAL1_1_Source_(_Ret_opt_count_c_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__count_c_impl(size)) _Ret_valid_impl_) -#define _Ret_bytecount_c_(size) _SAL1_1_Source_(_Ret_bytecount_c_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__bytecount_c_impl(size)) _Ret_valid_impl_) -#define _Ret_opt_bytecount_c_(size) _SAL1_1_Source_(_Ret_opt_bytecount_c_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__bytecount_c_impl(size)) _Ret_valid_impl_) - -// Valid Buffer extent is described by a complex expression -#define _Ret_count_x_(size) _SAL1_1_Source_(_Ret_count_x_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__count_x_impl(size)) _Ret_valid_impl_) -#define _Ret_opt_count_x_(size) _SAL1_1_Source_(_Ret_opt_count_x_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__count_x_impl(size)) _Ret_valid_impl_) -#define _Ret_bytecount_x_(size) _SAL1_1_Source_(_Ret_bytecount_x_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__bytecount_x_impl(size)) _Ret_valid_impl_) -#define _Ret_opt_bytecount_x_(size) _SAL1_1_Source_(_Ret_opt_bytecount_x_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__bytecount_x_impl(size)) _Ret_valid_impl_) - -// return value is nullterminated and length is given by another parameter -#define _Ret_z_count_(size) _SAL1_1_Source_(_Ret_z_count_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret2_impl_(__zterm_impl,__count_impl(size)) _Ret_valid_impl_) -#define _Ret_opt_z_count_(size) _SAL1_1_Source_(_Ret_opt_z_count_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret2_impl_(__zterm_impl,__count_impl(size)) _Ret_valid_impl_) -#define _Ret_z_bytecount_(size) _SAL1_1_Source_(_Ret_z_bytecount_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret2_impl_(__zterm_impl,__bytecount_impl(size)) _Ret_valid_impl_) -#define _Ret_opt_z_bytecount_(size) _SAL1_1_Source_(_Ret_opt_z_bytecount_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret2_impl_(__zterm_impl,__bytecount_impl(size)) _Ret_valid_impl_) - - -// _Pre_ annotations --- -#define _Pre_opt_z_ _SAL1_1_Source_(_Pre_opt_z_, (), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__zterm_impl) _Pre_valid_impl_) - -// restrict access rights -#define _Pre_readonly_ _SAL1_1_Source_(_Pre_readonly_, (), _Pre1_impl_(__readaccess_impl_notref)) -#define _Pre_writeonly_ _SAL1_1_Source_(_Pre_writeonly_, (), _Pre1_impl_(__writeaccess_impl_notref)) - -// e.g. void FreeMemory( _Pre_bytecap_(cb) _Post_ptr_invalid_ void* pv, size_t cb ); -// buffer capacity described by another parameter -#define _Pre_cap_(size) _SAL1_1_Source_(_Pre_cap_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_impl(size))) -#define _Pre_opt_cap_(size) _SAL1_1_Source_(_Pre_opt_cap_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_impl(size))) -#define _Pre_bytecap_(size) _SAL1_1_Source_(_Pre_bytecap_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecap_impl(size))) -#define _Pre_opt_bytecap_(size) _SAL1_1_Source_(_Pre_opt_bytecap_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecap_impl(size))) - -// buffer capacity described by a constant expression -#define _Pre_cap_c_(size) _SAL1_1_Source_(_Pre_cap_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_c_impl(size))) -#define _Pre_opt_cap_c_(size) _SAL1_1_Source_(_Pre_opt_cap_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_c_impl(size))) -#define _Pre_bytecap_c_(size) _SAL1_1_Source_(_Pre_bytecap_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecap_c_impl(size))) -#define _Pre_opt_bytecap_c_(size) _SAL1_1_Source_(_Pre_opt_bytecap_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecap_c_impl(size))) -#define _Pre_cap_c_one_ _SAL1_1_Source_(_Pre_cap_c_one_, (), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_c_one_notref_impl)) -#define _Pre_opt_cap_c_one_ _SAL1_1_Source_(_Pre_opt_cap_c_one_, (), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_c_one_notref_impl)) - -// buffer capacity is described by another parameter multiplied by a constant expression -#define _Pre_cap_m_(mult,size) _SAL1_1_Source_(_Pre_cap_m_, (mult,size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__mult_impl(mult,size))) -#define _Pre_opt_cap_m_(mult,size) _SAL1_1_Source_(_Pre_opt_cap_m_, (mult,size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__mult_impl(mult,size))) - -// buffer capacity described by size of other buffer, only used by dangerous legacy APIs -// e.g. int strcpy(_Pre_cap_for_(src) char* dst, const char* src); -#define _Pre_cap_for_(param) _SAL1_1_Source_(_Pre_cap_for_, (param), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_for_impl(param))) -#define _Pre_opt_cap_for_(param) _SAL1_1_Source_(_Pre_opt_cap_for_, (param), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_for_impl(param))) - -// buffer capacity described by a complex condition -#define _Pre_cap_x_(size) _SAL1_1_Source_(_Pre_cap_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_x_impl(size))) -#define _Pre_opt_cap_x_(size) _SAL1_1_Source_(_Pre_opt_cap_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_x_impl(size))) -#define _Pre_bytecap_x_(size) _SAL1_1_Source_(_Pre_bytecap_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecap_x_impl(size))) -#define _Pre_opt_bytecap_x_(size) _SAL1_1_Source_(_Pre_opt_bytecap_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecap_x_impl(size))) - -// buffer capacity described by the difference to another pointer parameter -#define _Pre_ptrdiff_cap_(ptr) _SAL1_1_Source_(_Pre_ptrdiff_cap_, (ptr), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_x_impl(__ptrdiff(ptr)))) -#define _Pre_opt_ptrdiff_cap_(ptr) _SAL1_1_Source_(_Pre_opt_ptrdiff_cap_, (ptr), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_x_impl(__ptrdiff(ptr)))) - -// e.g. void AppendStr( _Pre_z_ const char* szFrom, _Pre_z_cap_(cchTo) _Post_z_ char* szTo, size_t cchTo ); -#define _Pre_z_cap_(size) _SAL1_1_Source_(_Pre_z_cap_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre2_impl_(__zterm_impl,__cap_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_z_cap_(size) _SAL1_1_Source_(_Pre_opt_z_cap_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre2_impl_(__zterm_impl,__cap_impl(size)) _Pre_valid_impl_) -#define _Pre_z_bytecap_(size) _SAL1_1_Source_(_Pre_z_bytecap_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre2_impl_(__zterm_impl,__bytecap_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_z_bytecap_(size) _SAL1_1_Source_(_Pre_opt_z_bytecap_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre2_impl_(__zterm_impl,__bytecap_impl(size)) _Pre_valid_impl_) - -#define _Pre_z_cap_c_(size) _SAL1_1_Source_(_Pre_z_cap_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre2_impl_(__zterm_impl,__cap_c_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_z_cap_c_(size) _SAL1_1_Source_(_Pre_opt_z_cap_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre2_impl_(__zterm_impl,__cap_c_impl(size)) _Pre_valid_impl_) -#define _Pre_z_bytecap_c_(size) _SAL1_1_Source_(_Pre_z_bytecap_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre2_impl_(__zterm_impl,__bytecap_c_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_z_bytecap_c_(size) _SAL1_1_Source_(_Pre_opt_z_bytecap_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre2_impl_(__zterm_impl,__bytecap_c_impl(size)) _Pre_valid_impl_) - -#define _Pre_z_cap_x_(size) _SAL1_1_Source_(_Pre_z_cap_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre2_impl_(__zterm_impl,__cap_x_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_z_cap_x_(size) _SAL1_1_Source_(_Pre_opt_z_cap_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre2_impl_(__zterm_impl,__cap_x_impl(size)) _Pre_valid_impl_) -#define _Pre_z_bytecap_x_(size) _SAL1_1_Source_(_Pre_z_bytecap_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre2_impl_(__zterm_impl,__bytecap_x_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_z_bytecap_x_(size) _SAL1_1_Source_(_Pre_opt_z_bytecap_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre2_impl_(__zterm_impl,__bytecap_x_impl(size)) _Pre_valid_impl_) - -// known capacity and valid but unknown readable extent -#define _Pre_valid_cap_(size) _SAL1_1_Source_(_Pre_valid_cap_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_valid_cap_(size) _SAL1_1_Source_(_Pre_opt_valid_cap_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_impl(size)) _Pre_valid_impl_) -#define _Pre_valid_bytecap_(size) _SAL1_1_Source_(_Pre_valid_bytecap_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecap_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_valid_bytecap_(size) _SAL1_1_Source_(_Pre_opt_valid_bytecap_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecap_impl(size)) _Pre_valid_impl_) - -#define _Pre_valid_cap_c_(size) _SAL1_1_Source_(_Pre_valid_cap_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_c_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_valid_cap_c_(size) _SAL1_1_Source_(_Pre_opt_valid_cap_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_c_impl(size)) _Pre_valid_impl_) -#define _Pre_valid_bytecap_c_(size) _SAL1_1_Source_(_Pre_valid_bytecap_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecap_c_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_valid_bytecap_c_(size) _SAL1_1_Source_(_Pre_opt_valid_bytecap_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecap_c_impl(size)) _Pre_valid_impl_) - -#define _Pre_valid_cap_x_(size) _SAL1_1_Source_(_Pre_valid_cap_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_x_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_valid_cap_x_(size) _SAL1_1_Source_(_Pre_opt_valid_cap_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_x_impl(size)) _Pre_valid_impl_) -#define _Pre_valid_bytecap_x_(size) _SAL1_1_Source_(_Pre_valid_bytecap_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecap_x_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_valid_bytecap_x_(size) _SAL1_1_Source_(_Pre_opt_valid_bytecap_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecap_x_impl(size)) _Pre_valid_impl_) - -// e.g. void AppendCharRange( _Pre_count_(cchFrom) const char* rgFrom, size_t cchFrom, _Out_z_cap_(cchTo) char* szTo, size_t cchTo ); -// Valid buffer extent described by another parameter -#define _Pre_count_(size) _SAL1_1_Source_(_Pre_count_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__count_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_count_(size) _SAL1_1_Source_(_Pre_opt_count_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__count_impl(size)) _Pre_valid_impl_) -#define _Pre_bytecount_(size) _SAL1_1_Source_(_Pre_bytecount_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecount_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_bytecount_(size) _SAL1_1_Source_(_Pre_opt_bytecount_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecount_impl(size)) _Pre_valid_impl_) - -// Valid buffer extent described by a constant expression -#define _Pre_count_c_(size) _SAL1_1_Source_(_Pre_count_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__count_c_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_count_c_(size) _SAL1_1_Source_(_Pre_opt_count_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__count_c_impl(size)) _Pre_valid_impl_) -#define _Pre_bytecount_c_(size) _SAL1_1_Source_(_Pre_bytecount_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecount_c_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_bytecount_c_(size) _SAL1_1_Source_(_Pre_opt_bytecount_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecount_c_impl(size)) _Pre_valid_impl_) - -// Valid buffer extent described by a complex expression -#define _Pre_count_x_(size) _SAL1_1_Source_(_Pre_count_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__count_x_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_count_x_(size) _SAL1_1_Source_(_Pre_opt_count_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__count_x_impl(size)) _Pre_valid_impl_) -#define _Pre_bytecount_x_(size) _SAL1_1_Source_(_Pre_bytecount_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecount_x_impl(size)) _Pre_valid_impl_) -#define _Pre_opt_bytecount_x_(size) _SAL1_1_Source_(_Pre_opt_bytecount_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecount_x_impl(size)) _Pre_valid_impl_) - -// Valid buffer extent described by the difference to another pointer parameter -#define _Pre_ptrdiff_count_(ptr) _SAL1_1_Source_(_Pre_ptrdiff_count_, (ptr), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__count_x_impl(__ptrdiff(ptr))) _Pre_valid_impl_) -#define _Pre_opt_ptrdiff_count_(ptr) _SAL1_1_Source_(_Pre_opt_ptrdiff_count_, (ptr), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__count_x_impl(__ptrdiff(ptr))) _Pre_valid_impl_) - - -// char * strncpy(_Out_cap_(_Count) _Post_maybez_ char * _Dest, _In_z_ const char * _Source, _In_ size_t _Count) -// buffer maybe zero-terminated after the call -#define _Post_maybez_ _SAL1_1_Source_(_Post_maybez_, (), _Post1_impl_(__maybezterm_impl)) - -// e.g. SIZE_T HeapSize( _In_ HANDLE hHeap, DWORD dwFlags, _Pre_notnull_ _Post_bytecap_(return) LPCVOID lpMem ); -#define _Post_cap_(size) _SAL1_1_Source_(_Post_cap_, (size), _Post1_impl_(__cap_impl(size))) -#define _Post_bytecap_(size) _SAL1_1_Source_(_Post_bytecap_, (size), _Post1_impl_(__bytecap_impl(size))) - -// e.g. int strlen( _In_z_ _Post_count_(return+1) const char* sz ); -#define _Post_count_(size) _SAL1_1_Source_(_Post_count_, (size), _Post1_impl_(__count_impl(size)) _Post_valid_impl_) -#define _Post_bytecount_(size) _SAL1_1_Source_(_Post_bytecount_, (size), _Post1_impl_(__bytecount_impl(size)) _Post_valid_impl_) -#define _Post_count_c_(size) _SAL1_1_Source_(_Post_count_c_, (size), _Post1_impl_(__count_c_impl(size)) _Post_valid_impl_) -#define _Post_bytecount_c_(size) _SAL1_1_Source_(_Post_bytecount_c_, (size), _Post1_impl_(__bytecount_c_impl(size)) _Post_valid_impl_) -#define _Post_count_x_(size) _SAL1_1_Source_(_Post_count_x_, (size), _Post1_impl_(__count_x_impl(size)) _Post_valid_impl_) -#define _Post_bytecount_x_(size) _SAL1_1_Source_(_Post_bytecount_x_, (size), _Post1_impl_(__bytecount_x_impl(size)) _Post_valid_impl_) - -// e.g. size_t CopyStr( _In_z_ const char* szFrom, _Pre_cap_(cch) _Post_z_count_(return+1) char* szFrom, size_t cchFrom ); -#define _Post_z_count_(size) _SAL1_1_Source_(_Post_z_count_, (size), _Post2_impl_(__zterm_impl,__count_impl(size)) _Post_valid_impl_) -#define _Post_z_bytecount_(size) _SAL1_1_Source_(_Post_z_bytecount_, (size), _Post2_impl_(__zterm_impl,__bytecount_impl(size)) _Post_valid_impl_) -#define _Post_z_count_c_(size) _SAL1_1_Source_(_Post_z_count_c_, (size), _Post2_impl_(__zterm_impl,__count_c_impl(size)) _Post_valid_impl_) -#define _Post_z_bytecount_c_(size) _SAL1_1_Source_(_Post_z_bytecount_c_, (size), _Post2_impl_(__zterm_impl,__bytecount_c_impl(size)) _Post_valid_impl_) -#define _Post_z_count_x_(size) _SAL1_1_Source_(_Post_z_count_x_, (size), _Post2_impl_(__zterm_impl,__count_x_impl(size)) _Post_valid_impl_) -#define _Post_z_bytecount_x_(size) _SAL1_1_Source_(_Post_z_bytecount_x_, (size), _Post2_impl_(__zterm_impl,__bytecount_x_impl(size)) _Post_valid_impl_) - -// -// _Prepost_ --- -// -// describing conditions that hold before and after the function call - -#define _Prepost_opt_z_ _SAL1_1_Source_(_Prepost_opt_z_, (), _Pre_opt_z_ _Post_z_) - -#define _Prepost_count_(size) _SAL1_1_Source_(_Prepost_count_, (size), _Pre_count_(size) _Post_count_(size)) -#define _Prepost_opt_count_(size) _SAL1_1_Source_(_Prepost_opt_count_, (size), _Pre_opt_count_(size) _Post_count_(size)) -#define _Prepost_bytecount_(size) _SAL1_1_Source_(_Prepost_bytecount_, (size), _Pre_bytecount_(size) _Post_bytecount_(size)) -#define _Prepost_opt_bytecount_(size) _SAL1_1_Source_(_Prepost_opt_bytecount_, (size), _Pre_opt_bytecount_(size) _Post_bytecount_(size)) -#define _Prepost_count_c_(size) _SAL1_1_Source_(_Prepost_count_c_, (size), _Pre_count_c_(size) _Post_count_c_(size)) -#define _Prepost_opt_count_c_(size) _SAL1_1_Source_(_Prepost_opt_count_c_, (size), _Pre_opt_count_c_(size) _Post_count_c_(size)) -#define _Prepost_bytecount_c_(size) _SAL1_1_Source_(_Prepost_bytecount_c_, (size), _Pre_bytecount_c_(size) _Post_bytecount_c_(size)) -#define _Prepost_opt_bytecount_c_(size) _SAL1_1_Source_(_Prepost_opt_bytecount_c_, (size), _Pre_opt_bytecount_c_(size) _Post_bytecount_c_(size)) -#define _Prepost_count_x_(size) _SAL1_1_Source_(_Prepost_count_x_, (size), _Pre_count_x_(size) _Post_count_x_(size)) -#define _Prepost_opt_count_x_(size) _SAL1_1_Source_(_Prepost_opt_count_x_, (size), _Pre_opt_count_x_(size) _Post_count_x_(size)) -#define _Prepost_bytecount_x_(size) _SAL1_1_Source_(_Prepost_bytecount_x_, (size), _Pre_bytecount_x_(size) _Post_bytecount_x_(size)) -#define _Prepost_opt_bytecount_x_(size) _SAL1_1_Source_(_Prepost_opt_bytecount_x_, (size), _Pre_opt_bytecount_x_(size) _Post_bytecount_x_(size)) - -#define _Prepost_valid_ _SAL1_1_Source_(_Prepost_valid_, (), _Pre_valid_ _Post_valid_) -#define _Prepost_opt_valid_ _SAL1_1_Source_(_Prepost_opt_valid_, (), _Pre_opt_valid_ _Post_valid_) - -// -// _Deref_<both> --- -// -// short version for _Deref_pre_<ann> _Deref_post_<ann> -// describing conditions for array elements or dereferenced pointer parameters that hold before and after the call - -#define _Deref_prepost_z_ _SAL1_1_Source_(_Deref_prepost_z_, (), _Deref_pre_z_ _Deref_post_z_) -#define _Deref_prepost_opt_z_ _SAL1_1_Source_(_Deref_prepost_opt_z_, (), _Deref_pre_opt_z_ _Deref_post_opt_z_) - -#define _Deref_prepost_cap_(size) _SAL1_1_Source_(_Deref_prepost_cap_, (size), _Deref_pre_cap_(size) _Deref_post_cap_(size)) -#define _Deref_prepost_opt_cap_(size) _SAL1_1_Source_(_Deref_prepost_opt_cap_, (size), _Deref_pre_opt_cap_(size) _Deref_post_opt_cap_(size)) -#define _Deref_prepost_bytecap_(size) _SAL1_1_Source_(_Deref_prepost_bytecap_, (size), _Deref_pre_bytecap_(size) _Deref_post_bytecap_(size)) -#define _Deref_prepost_opt_bytecap_(size) _SAL1_1_Source_(_Deref_prepost_opt_bytecap_, (size), _Deref_pre_opt_bytecap_(size) _Deref_post_opt_bytecap_(size)) - -#define _Deref_prepost_cap_x_(size) _SAL1_1_Source_(_Deref_prepost_cap_x_, (size), _Deref_pre_cap_x_(size) _Deref_post_cap_x_(size)) -#define _Deref_prepost_opt_cap_x_(size) _SAL1_1_Source_(_Deref_prepost_opt_cap_x_, (size), _Deref_pre_opt_cap_x_(size) _Deref_post_opt_cap_x_(size)) -#define _Deref_prepost_bytecap_x_(size) _SAL1_1_Source_(_Deref_prepost_bytecap_x_, (size), _Deref_pre_bytecap_x_(size) _Deref_post_bytecap_x_(size)) -#define _Deref_prepost_opt_bytecap_x_(size) _SAL1_1_Source_(_Deref_prepost_opt_bytecap_x_, (size), _Deref_pre_opt_bytecap_x_(size) _Deref_post_opt_bytecap_x_(size)) - -#define _Deref_prepost_z_cap_(size) _SAL1_1_Source_(_Deref_prepost_z_cap_, (size), _Deref_pre_z_cap_(size) _Deref_post_z_cap_(size)) -#define _Deref_prepost_opt_z_cap_(size) _SAL1_1_Source_(_Deref_prepost_opt_z_cap_, (size), _Deref_pre_opt_z_cap_(size) _Deref_post_opt_z_cap_(size)) -#define _Deref_prepost_z_bytecap_(size) _SAL1_1_Source_(_Deref_prepost_z_bytecap_, (size), _Deref_pre_z_bytecap_(size) _Deref_post_z_bytecap_(size)) -#define _Deref_prepost_opt_z_bytecap_(size) _SAL1_1_Source_(_Deref_prepost_opt_z_bytecap_, (size), _Deref_pre_opt_z_bytecap_(size) _Deref_post_opt_z_bytecap_(size)) - -#define _Deref_prepost_valid_cap_(size) _SAL1_1_Source_(_Deref_prepost_valid_cap_, (size), _Deref_pre_valid_cap_(size) _Deref_post_valid_cap_(size)) -#define _Deref_prepost_opt_valid_cap_(size) _SAL1_1_Source_(_Deref_prepost_opt_valid_cap_, (size), _Deref_pre_opt_valid_cap_(size) _Deref_post_opt_valid_cap_(size)) -#define _Deref_prepost_valid_bytecap_(size) _SAL1_1_Source_(_Deref_prepost_valid_bytecap_, (size), _Deref_pre_valid_bytecap_(size) _Deref_post_valid_bytecap_(size)) -#define _Deref_prepost_opt_valid_bytecap_(size) _SAL1_1_Source_(_Deref_prepost_opt_valid_bytecap_, (size), _Deref_pre_opt_valid_bytecap_(size) _Deref_post_opt_valid_bytecap_(size)) - -#define _Deref_prepost_valid_cap_x_(size) _SAL1_1_Source_(_Deref_prepost_valid_cap_x_, (size), _Deref_pre_valid_cap_x_(size) _Deref_post_valid_cap_x_(size)) -#define _Deref_prepost_opt_valid_cap_x_(size) _SAL1_1_Source_(_Deref_prepost_opt_valid_cap_x_, (size), _Deref_pre_opt_valid_cap_x_(size) _Deref_post_opt_valid_cap_x_(size)) -#define _Deref_prepost_valid_bytecap_x_(size) _SAL1_1_Source_(_Deref_prepost_valid_bytecap_x_, (size), _Deref_pre_valid_bytecap_x_(size) _Deref_post_valid_bytecap_x_(size)) -#define _Deref_prepost_opt_valid_bytecap_x_(size) _SAL1_1_Source_(_Deref_prepost_opt_valid_bytecap_x_, (size), _Deref_pre_opt_valid_bytecap_x_(size) _Deref_post_opt_valid_bytecap_x_(size)) - -#define _Deref_prepost_count_(size) _SAL1_1_Source_(_Deref_prepost_count_, (size), _Deref_pre_count_(size) _Deref_post_count_(size)) -#define _Deref_prepost_opt_count_(size) _SAL1_1_Source_(_Deref_prepost_opt_count_, (size), _Deref_pre_opt_count_(size) _Deref_post_opt_count_(size)) -#define _Deref_prepost_bytecount_(size) _SAL1_1_Source_(_Deref_prepost_bytecount_, (size), _Deref_pre_bytecount_(size) _Deref_post_bytecount_(size)) -#define _Deref_prepost_opt_bytecount_(size) _SAL1_1_Source_(_Deref_prepost_opt_bytecount_, (size), _Deref_pre_opt_bytecount_(size) _Deref_post_opt_bytecount_(size)) - -#define _Deref_prepost_count_x_(size) _SAL1_1_Source_(_Deref_prepost_count_x_, (size), _Deref_pre_count_x_(size) _Deref_post_count_x_(size)) -#define _Deref_prepost_opt_count_x_(size) _SAL1_1_Source_(_Deref_prepost_opt_count_x_, (size), _Deref_pre_opt_count_x_(size) _Deref_post_opt_count_x_(size)) -#define _Deref_prepost_bytecount_x_(size) _SAL1_1_Source_(_Deref_prepost_bytecount_x_, (size), _Deref_pre_bytecount_x_(size) _Deref_post_bytecount_x_(size)) -#define _Deref_prepost_opt_bytecount_x_(size) _SAL1_1_Source_(_Deref_prepost_opt_bytecount_x_, (size), _Deref_pre_opt_bytecount_x_(size) _Deref_post_opt_bytecount_x_(size)) - -#define _Deref_prepost_valid_ _SAL1_1_Source_(_Deref_prepost_valid_, (), _Deref_pre_valid_ _Deref_post_valid_) -#define _Deref_prepost_opt_valid_ _SAL1_1_Source_(_Deref_prepost_opt_valid_, (), _Deref_pre_opt_valid_ _Deref_post_opt_valid_) - -// -// _Deref_<miscellaneous> -// -// used with references to arrays - -#define _Deref_out_z_cap_c_(size) _SAL1_1_Source_(_Deref_out_z_cap_c_, (size), _Deref_pre_cap_c_(size) _Deref_post_z_) -#define _Deref_inout_z_cap_c_(size) _SAL1_1_Source_(_Deref_inout_z_cap_c_, (size), _Deref_pre_z_cap_c_(size) _Deref_post_z_) -#define _Deref_out_z_bytecap_c_(size) _SAL1_1_Source_(_Deref_out_z_bytecap_c_, (size), _Deref_pre_bytecap_c_(size) _Deref_post_z_) -#define _Deref_inout_z_bytecap_c_(size) _SAL1_1_Source_(_Deref_inout_z_bytecap_c_, (size), _Deref_pre_z_bytecap_c_(size) _Deref_post_z_) -#define _Deref_inout_z_ _SAL1_1_Source_(_Deref_inout_z_, (), _Deref_prepost_z_) - -// #pragma endregion Input Buffer SAL 1 compatibility macros - - -//============================================================================ -// Implementation Layer: -//============================================================================ - - -// Naming conventions: -// A symbol the begins with _SA_ is for the machinery of creating any -// annotations; many of those come from sourceannotations.h in the case -// of attributes. - -// A symbol that ends with _impl is the very lowest level macro. It is -// not required to be a legal standalone annotation, and in the case -// of attribute annotations, usually is not. (In the case of some declspec -// annotations, it might be, but it should not be assumed so.) Those -// symols will be used in the _PreN..., _PostN... and _RetN... annotations -// to build up more complete annotations. - -// A symbol ending in _impl_ is reserved to the implementation as well, -// but it does form a complete annotation; usually they are used to build -// up even higher level annotations. - - -#if _USE_ATTRIBUTES_FOR_SAL || _USE_DECLSPECS_FOR_SAL // [ -// Sharable "_impl" macros: these can be shared between the various annotation -// forms but are part of the implementation of the macros. These are collected -// here to assure that only necessary differences in the annotations -// exist. - -#define _Always_impl_(annos) _Group_(annos _SAL_nop_impl_) _On_failure_impl_(annos _SAL_nop_impl_) -#define _Bound_impl_ _SA_annotes0(SAL_bound) -#define _Field_range_impl_(min,max) _Range_impl_(min,max) -#define _Literal_impl_ _SA_annotes1(SAL_constant, __yes) -#define _Maybenull_impl_ _SA_annotes1(SAL_null, __maybe) -#define _Maybevalid_impl_ _SA_annotes1(SAL_valid, __maybe) -#define _Must_inspect_impl_ _Post_impl_ _SA_annotes0(SAL_mustInspect) -#define _Notliteral_impl_ _SA_annotes1(SAL_constant, __no) -#define _Notnull_impl_ _SA_annotes1(SAL_null, __no) -#define _Notvalid_impl_ _SA_annotes1(SAL_valid, __no) -#define _NullNull_terminated_impl_ _Group_(_SA_annotes1(SAL_nullTerminated, __yes) _SA_annotes1(SAL_readableTo,inexpressibleCount("NullNull terminated string"))) -#define _Null_impl_ _SA_annotes1(SAL_null, __yes) -#define _Null_terminated_impl_ _SA_annotes1(SAL_nullTerminated, __yes) -#define _Out_impl_ _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_c_one_notref_impl) _Post_valid_impl_ -#define _Out_opt_impl_ _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_c_one_notref_impl) _Post_valid_impl_ -#define _Points_to_data_impl_ _At_(*_Curr_, _SA_annotes1(SAL_mayBePointer, __no)) -#define _Post_satisfies_impl_(cond) _Post_impl_ _Satisfies_impl_(cond) -#define _Post_valid_impl_ _Post1_impl_(__valid_impl) -#define _Pre_satisfies_impl_(cond) _Pre_impl_ _Satisfies_impl_(cond) -#define _Pre_valid_impl_ _Pre1_impl_(__valid_impl) -#define _Range_impl_(min,max) _SA_annotes2(SAL_range, min, max) -#define _Readable_bytes_impl_(size) _SA_annotes1(SAL_readableTo, byteCount(size)) -#define _Readable_elements_impl_(size) _SA_annotes1(SAL_readableTo, elementCount(size)) -#define _Ret_valid_impl_ _Ret1_impl_(__valid_impl) -#define _Satisfies_impl_(cond) _SA_annotes1(SAL_satisfies, cond) -#define _Valid_impl_ _SA_annotes1(SAL_valid, __yes) -#define _Writable_bytes_impl_(size) _SA_annotes1(SAL_writableTo, byteCount(size)) -#define _Writable_elements_impl_(size) _SA_annotes1(SAL_writableTo, elementCount(size)) - -#define _In_range_impl_(min,max) _Pre_impl_ _Range_impl_(min,max) -#define _Out_range_impl_(min,max) _Post_impl_ _Range_impl_(min,max) -#define _Ret_range_impl_(min,max) _Post_impl_ _Range_impl_(min,max) -#define _Deref_in_range_impl_(min,max) _Deref_pre_impl_ _Range_impl_(min,max) -#define _Deref_out_range_impl_(min,max) _Deref_post_impl_ _Range_impl_(min,max) -#define _Deref_ret_range_impl_(min,max) _Deref_post_impl_ _Range_impl_(min,max) - -#define _Deref_pre_impl_ _Pre_impl_ _Notref_impl_ _Deref_impl_ -#define _Deref_post_impl_ _Post_impl_ _Notref_impl_ _Deref_impl_ - -// The following are for the implementation machinery, and are not -// suitable for annotating general code. -// We're tying to phase this out, someday. The parser quotes the param. -#define __AuToQuOtE _SA_annotes0(SAL_AuToQuOtE) - -// Normally the parser does some simple type checking of annotation params, -// defer that check to the plugin. -#define __deferTypecheck _SA_annotes0(SAL_deferTypecheck) - -#define _SA_SPECSTRIZE( x ) #x -#define _SAL_nop_impl_ /* nothing */ -#define __nop_impl(x) x -#endif - - -#if _USE_ATTRIBUTES_FOR_SAL // [ - -// Using attributes for sal - -#include "codeanalysis\sourceannotations.h" - - -#define _SA_annotes0(n) [SAL_annotes(Name=#n)] -#define _SA_annotes1(n,pp1) [SAL_annotes(Name=#n, p1=_SA_SPECSTRIZE(pp1))] -#define _SA_annotes2(n,pp1,pp2) [SAL_annotes(Name=#n, p1=_SA_SPECSTRIZE(pp1), p2=_SA_SPECSTRIZE(pp2))] -#define _SA_annotes3(n,pp1,pp2,pp3) [SAL_annotes(Name=#n, p1=_SA_SPECSTRIZE(pp1), p2=_SA_SPECSTRIZE(pp2), p3=_SA_SPECSTRIZE(pp3))] - -#define _Pre_impl_ [SAL_pre] -#define _Post_impl_ [SAL_post] -#define _Deref_impl_ [SAL_deref] -#define _Notref_impl_ [SAL_notref] - - -// Declare a function to be an annotation or primop (respectively). -// Done this way so that they don't appear in the regular compiler's -// namespace. -#define __ANNOTATION(fun) _SA_annotes0(SAL_annotation) void __SA_##fun; -#define __PRIMOP(type, fun) _SA_annotes0(SAL_primop) type __SA_##fun; -#define __QUALIFIER(fun) _SA_annotes0(SAL_qualifier) void __SA_##fun; - -// Benign declspec needed here for WindowsPREfast -#define __In_impl_ [SA_Pre(Valid=SA_Yes)] [SA_Pre(Deref=1, Notref=1, Access=SA_Read)] __declspec("SAL_pre SAL_valid") - -#elif _USE_DECLSPECS_FOR_SAL // ][ - -// Using declspecs for sal - -#define _SA_annotes0(n) __declspec(#n) -#define _SA_annotes1(n,pp1) __declspec(#n "(" _SA_SPECSTRIZE(pp1) ")" ) -#define _SA_annotes2(n,pp1,pp2) __declspec(#n "(" _SA_SPECSTRIZE(pp1) "," _SA_SPECSTRIZE(pp2) ")") -#define _SA_annotes3(n,pp1,pp2,pp3) __declspec(#n "(" _SA_SPECSTRIZE(pp1) "," _SA_SPECSTRIZE(pp2) "," _SA_SPECSTRIZE(pp3) ")") - -#define _Pre_impl_ _SA_annotes0(SAL_pre) -#define _Post_impl_ _SA_annotes0(SAL_post) -#define _Deref_impl_ _SA_annotes0(SAL_deref) -#define _Notref_impl_ _SA_annotes0(SAL_notref) - -// Declare a function to be an annotation or primop (respectively). -// Done this way so that they don't appear in the regular compiler's -// namespace. -#define __ANNOTATION(fun) _SA_annotes0(SAL_annotation) void __SA_##fun - -#define __PRIMOP(type, fun) _SA_annotes0(SAL_primop) type __SA_##fun - -#define __QUALIFIER(fun) _SA_annotes0(SAL_qualifier) void __SA_##fun; - -#define __In_impl_ _Pre_impl_ _SA_annotes0(SAL_valid) _Pre_impl_ _Deref_impl_ _Notref_impl_ _SA_annotes0(SAL_readonly) - -#else // ][ - -// Using "nothing" for sal - -#define _SA_annotes0(n) -#define _SA_annotes1(n,pp1) -#define _SA_annotes2(n,pp1,pp2) -#define _SA_annotes3(n,pp1,pp2,pp3) - -#define __ANNOTATION(fun) -#define __PRIMOP(type, fun) -#define __QUALIFIER(type, fun) - -#endif // ] - -#if _USE_ATTRIBUTES_FOR_SAL || _USE_DECLSPECS_FOR_SAL // [ - -// Declare annotations that need to be declared. -__ANNOTATION(SAL_useHeader(void)); -__ANNOTATION(SAL_bound(void)); -__ANNOTATION(SAL_allocator(void)); //??? resolve with PFD -__ANNOTATION(SAL_file_parser(__AuToQuOtE __In_impl_ char *, __In_impl_ char *)); -__ANNOTATION(SAL_source_code_content(__In_impl_ char *)); -__ANNOTATION(SAL_analysisHint(__AuToQuOtE __In_impl_ char *)); -__ANNOTATION(SAL_untrusted_data_source(__AuToQuOtE __In_impl_ char *)); -__ANNOTATION(SAL_untrusted_data_source_this(__AuToQuOtE __In_impl_ char *)); -__ANNOTATION(SAL_validated(__AuToQuOtE __In_impl_ char *)); -__ANNOTATION(SAL_validated_this(__AuToQuOtE __In_impl_ char *)); -__ANNOTATION(SAL_encoded(void)); -__ANNOTATION(SAL_adt(__AuToQuOtE __In_impl_ char *, __AuToQuOtE __In_impl_ char *)); -__ANNOTATION(SAL_add_adt_property(__AuToQuOtE __In_impl_ char *, __AuToQuOtE __In_impl_ char *)); -__ANNOTATION(SAL_remove_adt_property(__AuToQuOtE __In_impl_ char *, __AuToQuOtE __In_impl_ char *)); -__ANNOTATION(SAL_transfer_adt_property_from(__AuToQuOtE __In_impl_ char *)); -__ANNOTATION(SAL_post_type(__AuToQuOtE __In_impl_ char *)); -__ANNOTATION(SAL_volatile(void)); -__ANNOTATION(SAL_nonvolatile(void)); -__ANNOTATION(SAL_entrypoint(__AuToQuOtE __In_impl_ char *, __AuToQuOtE __In_impl_ char *)); -__ANNOTATION(SAL_blocksOn(__In_impl_ void*)); -__ANNOTATION(SAL_mustInspect(void)); - -// Only appears in model files, but needs to be declared. -__ANNOTATION(SAL_TypeName(__AuToQuOtE __In_impl_ char *)); - -// To be declared well-known soon. -__ANNOTATION(SAL_interlocked(void);) - -#pragma warning (suppress: 28227 28241) -__ANNOTATION(SAL_name(__In_impl_ char *, __In_impl_ char *, __In_impl_ char *);) - -__PRIMOP(char *, _Macro_value_(__In_impl_ char *)); -__PRIMOP(int, _Macro_defined_(__In_impl_ char *)); -__PRIMOP(char *, _Strstr_(__In_impl_ char *, __In_impl_ char *)); - -#endif // ] - -#if _USE_ATTRIBUTES_FOR_SAL // [ - -#define _Check_return_impl_ [SA_Post(MustCheck=SA_Yes)] - -#define _Success_impl_(expr) [SA_Success(Condition=#expr)] -#define _On_failure_impl_(annos) [SAL_context(p1="SAL_failed")] _Group_(_Post_impl_ _Group_(annos _SAL_nop_impl_)) - -#define _Printf_format_string_impl_ [SA_FormatString(Style="printf")] -#define _Scanf_format_string_impl_ [SA_FormatString(Style="scanf")] -#define _Scanf_s_format_string_impl_ [SA_FormatString(Style="scanf_s")] - -#define _In_bound_impl_ [SA_PreBound(Deref=0)] -#define _Out_bound_impl_ [SA_PostBound(Deref=0)] -#define _Ret_bound_impl_ [SA_PostBound(Deref=0)] -#define _Deref_in_bound_impl_ [SA_PreBound(Deref=1)] -#define _Deref_out_bound_impl_ [SA_PostBound(Deref=1)] -#define _Deref_ret_bound_impl_ [SA_PostBound(Deref=1)] - -#define __valid_impl Valid=SA_Yes -#define __maybevalid_impl Valid=SA_Maybe -#define __notvalid_impl Valid=SA_No - -#define __null_impl Null=SA_Yes -#define __maybenull_impl Null=SA_Maybe -#define __notnull_impl Null=SA_No - -#define __null_impl_notref Null=SA_Yes,Notref=1 -#define __maybenull_impl_notref Null=SA_Maybe,Notref=1 -#define __notnull_impl_notref Null=SA_No,Notref=1 - -#define __zterm_impl NullTerminated=SA_Yes -#define __maybezterm_impl NullTerminated=SA_Maybe -#define __maybzterm_impl NullTerminated=SA_Maybe -#define __notzterm_impl NullTerminated=SA_No - -#define __readaccess_impl Access=SA_Read -#define __writeaccess_impl Access=SA_Write -#define __allaccess_impl Access=SA_ReadWrite - -#define __readaccess_impl_notref Access=SA_Read,Notref=1 -#define __writeaccess_impl_notref Access=SA_Write,Notref=1 -#define __allaccess_impl_notref Access=SA_ReadWrite,Notref=1 - -#if _MSC_VER >= 1610 /*IFSTRIP=IGN*/ // [ - -// For SAL2, we need to expect general expressions. - -#define __cap_impl(size) WritableElements="\n"#size -#define __bytecap_impl(size) WritableBytes="\n"#size -#define __bytecount_impl(size) ValidBytes="\n"#size -#define __count_impl(size) ValidElements="\n"#size - -#else // ][ - -#define __cap_impl(size) WritableElements=#size -#define __bytecap_impl(size) WritableBytes=#size -#define __bytecount_impl(size) ValidBytes=#size -#define __count_impl(size) ValidElements=#size - -#endif // ] - -#define __cap_c_impl(size) WritableElementsConst=size -#define __cap_c_one_notref_impl WritableElementsConst=1,Notref=1 -#define __cap_for_impl(param) WritableElementsLength=#param -#define __cap_x_impl(size) WritableElements="\n@"#size - -#define __bytecap_c_impl(size) WritableBytesConst=size -#define __bytecap_x_impl(size) WritableBytes="\n@"#size - -#define __mult_impl(mult,size) __cap_impl((mult)*(size)) - -#define __count_c_impl(size) ValidElementsConst=size -#define __count_x_impl(size) ValidElements="\n@"#size - -#define __bytecount_c_impl(size) ValidBytesConst=size -#define __bytecount_x_impl(size) ValidBytes="\n@"#size - - -#define _At_impl_(target, annos) [SAL_at(p1=#target)] _Group_(annos) -#define _At_buffer_impl_(target, iter, bound, annos) [SAL_at_buffer(p1=#target, p2=#iter, p3=#bound)] _Group_(annos) -#define _When_impl_(expr, annos) [SAL_when(p1=#expr)] _Group_(annos) - -#define _Group_impl_(annos) [SAL_begin] annos [SAL_end] -#define _GrouP_impl_(annos) [SAL_BEGIN] annos [SAL_END] - -#define _Use_decl_anno_impl_ _SA_annotes0(SAL_useHeader) // this is a special case! - -#define _Pre1_impl_(p1) [SA_Pre(p1)] -#define _Pre2_impl_(p1,p2) [SA_Pre(p1,p2)] -#define _Pre3_impl_(p1,p2,p3) [SA_Pre(p1,p2,p3)] - -#define _Post1_impl_(p1) [SA_Post(p1)] -#define _Post2_impl_(p1,p2) [SA_Post(p1,p2)] -#define _Post3_impl_(p1,p2,p3) [SA_Post(p1,p2,p3)] - -#define _Ret1_impl_(p1) [SA_Post(p1)] -#define _Ret2_impl_(p1,p2) [SA_Post(p1,p2)] -#define _Ret3_impl_(p1,p2,p3) [SA_Post(p1,p2,p3)] - -#define _Deref_pre1_impl_(p1) [SA_Pre(Deref=1,p1)] -#define _Deref_pre2_impl_(p1,p2) [SA_Pre(Deref=1,p1,p2)] -#define _Deref_pre3_impl_(p1,p2,p3) [SA_Pre(Deref=1,p1,p2,p3)] - - -#define _Deref_post1_impl_(p1) [SA_Post(Deref=1,p1)] -#define _Deref_post2_impl_(p1,p2) [SA_Post(Deref=1,p1,p2)] -#define _Deref_post3_impl_(p1,p2,p3) [SA_Post(Deref=1,p1,p2,p3)] - -#define _Deref_ret1_impl_(p1) [SA_Post(Deref=1,p1)] -#define _Deref_ret2_impl_(p1,p2) [SA_Post(Deref=1,p1,p2)] -#define _Deref_ret3_impl_(p1,p2,p3) [SA_Post(Deref=1,p1,p2,p3)] - -#define _Deref2_pre1_impl_(p1) [SA_Pre(Deref=2,Notref=1,p1)] -#define _Deref2_post1_impl_(p1) [SA_Post(Deref=2,Notref=1,p1)] -#define _Deref2_ret1_impl_(p1) [SA_Post(Deref=2,Notref=1,p1)] - -// Obsolete -- may be needed for transition to attributes. -#define __inner_typefix(ctype) [SAL_typefix(p1=_SA_SPECSTRIZE(ctype))] -#define __inner_exceptthat [SAL_except] - - -#elif _USE_DECLSPECS_FOR_SAL // ][ - -#define _Check_return_impl_ __post _SA_annotes0(SAL_checkReturn) - -#define _Success_impl_(expr) _SA_annotes1(SAL_success, expr) -#define _On_failure_impl_(annos) _SA_annotes1(SAL_context, SAL_failed) _Group_(_Post_impl_ _Group_(_SAL_nop_impl_ annos)) - -#define _Printf_format_string_impl_ _SA_annotes1(SAL_IsFormatString, "printf") -#define _Scanf_format_string_impl_ _SA_annotes1(SAL_IsFormatString, "scanf") -#define _Scanf_s_format_string_impl_ _SA_annotes1(SAL_IsFormatString, "scanf_s") - -#define _In_bound_impl_ _Pre_impl_ _Bound_impl_ -#define _Out_bound_impl_ _Post_impl_ _Bound_impl_ -#define _Ret_bound_impl_ _Post_impl_ _Bound_impl_ -#define _Deref_in_bound_impl_ _Deref_pre_impl_ _Bound_impl_ -#define _Deref_out_bound_impl_ _Deref_post_impl_ _Bound_impl_ -#define _Deref_ret_bound_impl_ _Deref_post_impl_ _Bound_impl_ - - -#define __null_impl _SA_annotes0(SAL_null) // _SA_annotes1(SAL_null, __yes) -#define __notnull_impl _SA_annotes0(SAL_notnull) // _SA_annotes1(SAL_null, __no) -#define __maybenull_impl _SA_annotes0(SAL_maybenull) // _SA_annotes1(SAL_null, __maybe) - -#define __valid_impl _SA_annotes0(SAL_valid) // _SA_annotes1(SAL_valid, __yes) -#define __notvalid_impl _SA_annotes0(SAL_notvalid) // _SA_annotes1(SAL_valid, __no) -#define __maybevalid_impl _SA_annotes0(SAL_maybevalid) // _SA_annotes1(SAL_valid, __maybe) - -#define __null_impl_notref _Notref_ _Null_impl_ -#define __maybenull_impl_notref _Notref_ _Maybenull_impl_ -#define __notnull_impl_notref _Notref_ _Notnull_impl_ - -#define __zterm_impl _SA_annotes1(SAL_nullTerminated, __yes) -#define __maybezterm_impl _SA_annotes1(SAL_nullTerminated, __maybe) -#define __maybzterm_impl _SA_annotes1(SAL_nullTerminated, __maybe) -#define __notzterm_impl _SA_annotes1(SAL_nullTerminated, __no) - -#define __readaccess_impl _SA_annotes1(SAL_access, 0x1) -#define __writeaccess_impl _SA_annotes1(SAL_access, 0x2) -#define __allaccess_impl _SA_annotes1(SAL_access, 0x3) - -#define __readaccess_impl_notref _Notref_ _SA_annotes1(SAL_access, 0x1) -#define __writeaccess_impl_notref _Notref_ _SA_annotes1(SAL_access, 0x2) -#define __allaccess_impl_notref _Notref_ _SA_annotes1(SAL_access, 0x3) - -#define __cap_impl(size) _SA_annotes1(SAL_writableTo,elementCount(size)) -#define __cap_c_impl(size) _SA_annotes1(SAL_writableTo,elementCount(size)) -#define __cap_c_one_notref_impl _Notref_ _SA_annotes1(SAL_writableTo,elementCount(1)) -#define __cap_for_impl(param) _SA_annotes1(SAL_writableTo,inexpressibleCount(sizeof(param))) -#define __cap_x_impl(size) _SA_annotes1(SAL_writableTo,inexpressibleCount(#size)) - -#define __bytecap_impl(size) _SA_annotes1(SAL_writableTo,byteCount(size)) -#define __bytecap_c_impl(size) _SA_annotes1(SAL_writableTo,byteCount(size)) -#define __bytecap_x_impl(size) _SA_annotes1(SAL_writableTo,inexpressibleCount(#size)) - -#define __mult_impl(mult,size) _SA_annotes1(SAL_writableTo,(mult)*(size)) - -#define __count_impl(size) _SA_annotes1(SAL_readableTo,elementCount(size)) -#define __count_c_impl(size) _SA_annotes1(SAL_readableTo,elementCount(size)) -#define __count_x_impl(size) _SA_annotes1(SAL_readableTo,inexpressibleCount(#size)) - -#define __bytecount_impl(size) _SA_annotes1(SAL_readableTo,byteCount(size)) -#define __bytecount_c_impl(size) _SA_annotes1(SAL_readableTo,byteCount(size)) -#define __bytecount_x_impl(size) _SA_annotes1(SAL_readableTo,inexpressibleCount(#size)) - -#define _At_impl_(target, annos) _SA_annotes0(SAL_at(target)) _Group_(annos) -#define _At_buffer_impl_(target, iter, bound, annos) _SA_annotes3(SAL_at_buffer, target, iter, bound) _Group_(annos) -#define _Group_impl_(annos) _SA_annotes0(SAL_begin) annos _SA_annotes0(SAL_end) -#define _GrouP_impl_(annos) _SA_annotes0(SAL_BEGIN) annos _SA_annotes0(SAL_END) -#define _When_impl_(expr, annos) _SA_annotes0(SAL_when(expr)) _Group_(annos) - -#define _Use_decl_anno_impl_ __declspec("SAL_useHeader()") // this is a special case! - -#define _Pre1_impl_(p1) _Pre_impl_ p1 -#define _Pre2_impl_(p1,p2) _Pre_impl_ p1 _Pre_impl_ p2 -#define _Pre3_impl_(p1,p2,p3) _Pre_impl_ p1 _Pre_impl_ p2 _Pre_impl_ p3 - -#define _Post1_impl_(p1) _Post_impl_ p1 -#define _Post2_impl_(p1,p2) _Post_impl_ p1 _Post_impl_ p2 -#define _Post3_impl_(p1,p2,p3) _Post_impl_ p1 _Post_impl_ p2 _Post_impl_ p3 - -#define _Ret1_impl_(p1) _Post_impl_ p1 -#define _Ret2_impl_(p1,p2) _Post_impl_ p1 _Post_impl_ p2 -#define _Ret3_impl_(p1,p2,p3) _Post_impl_ p1 _Post_impl_ p2 _Post_impl_ p3 - -#define _Deref_pre1_impl_(p1) _Deref_pre_impl_ p1 -#define _Deref_pre2_impl_(p1,p2) _Deref_pre_impl_ p1 _Deref_pre_impl_ p2 -#define _Deref_pre3_impl_(p1,p2,p3) _Deref_pre_impl_ p1 _Deref_pre_impl_ p2 _Deref_pre_impl_ p3 - -#define _Deref_post1_impl_(p1) _Deref_post_impl_ p1 -#define _Deref_post2_impl_(p1,p2) _Deref_post_impl_ p1 _Deref_post_impl_ p2 -#define _Deref_post3_impl_(p1,p2,p3) _Deref_post_impl_ p1 _Deref_post_impl_ p2 _Deref_post_impl_ p3 - -#define _Deref_ret1_impl_(p1) _Deref_post_impl_ p1 -#define _Deref_ret2_impl_(p1,p2) _Deref_post_impl_ p1 _Deref_post_impl_ p2 -#define _Deref_ret3_impl_(p1,p2,p3) _Deref_post_impl_ p1 _Deref_post_impl_ p2 _Deref_post_impl_ p3 - -#define _Deref2_pre1_impl_(p1) _Deref_pre_impl_ _Notref_impl_ _Deref_impl_ p1 -#define _Deref2_post1_impl_(p1) _Deref_post_impl_ _Notref_impl_ _Deref_impl_ p1 -#define _Deref2_ret1_impl_(p1) _Deref_post_impl_ _Notref_impl_ _Deref_impl_ p1 - -#define __inner_typefix(ctype) _SA_annotes1(SAL_typefix, ctype) -#define __inner_exceptthat _SA_annotes0(SAL_except) - -#elif defined(_MSC_EXTENSIONS) && !defined( MIDL_PASS ) && !defined(__midl) && !defined(RC_INVOKED) && defined(_PFT_VER) && _MSC_VER >= 1400 /*IFSTRIP=IGN*/ // ][ - -// minimum attribute expansion for foreground build - -#pragma push_macro( "SA" ) -#pragma push_macro( "REPEATABLE" ) - -#ifdef __cplusplus // [ -#define SA( id ) id -#define REPEATABLE [repeatable] -#else // !__cplusplus // ][ -#define SA( id ) SA_##id -#define REPEATABLE -#endif // !__cplusplus // ] - -REPEATABLE -[source_annotation_attribute( SA( Parameter ) )] -struct __P_impl -{ -#ifdef __cplusplus // [ - __P_impl(); -#endif // ] - int __d_; -}; -typedef struct __P_impl __P_impl; - -REPEATABLE -[source_annotation_attribute( SA( ReturnValue ) )] -struct __R_impl -{ -#ifdef __cplusplus // [ - __R_impl(); -#endif // ] - int __d_; -}; -typedef struct __R_impl __R_impl; - -[source_annotation_attribute( SA( Method ) )] -struct __M_ -{ -#ifdef __cplusplus // [ - __M_(); -#endif // ] - int __d_; -}; -typedef struct __M_ __M_; - -[source_annotation_attribute( SA( All ) )] -struct __A_ -{ -#ifdef __cplusplus // [ - __A_(); -#endif // ] - int __d_; -}; -typedef struct __A_ __A_; - -[source_annotation_attribute( SA( Field ) )] -struct __F_ -{ -#ifdef __cplusplus // [ - __F_(); -#endif // ] - int __d_; -}; -typedef struct __F_ __F_; - -#pragma pop_macro( "REPEATABLE" ) -#pragma pop_macro( "SA" ) - - -#define _SAL_nop_impl_ - -#define _At_impl_(target, annos) [__A_(__d_=0)] -#define _At_buffer_impl_(target, iter, bound, annos) [__A_(__d_=0)] -#define _When_impl_(expr, annos) annos -#define _Group_impl_(annos) annos -#define _GrouP_impl_(annos) annos -#define _Use_decl_anno_impl_ [__M_(__d_=0)] - -#define _Points_to_data_impl_ [__P_impl(__d_=0)] -#define _Literal_impl_ [__P_impl(__d_=0)] -#define _Notliteral_impl_ [__P_impl(__d_=0)] - -#define _Pre_valid_impl_ [__P_impl(__d_=0)] -#define _Post_valid_impl_ [__P_impl(__d_=0)] -#define _Ret_valid_impl_ [__R_impl(__d_=0)] - -#define _Check_return_impl_ [__R_impl(__d_=0)] -#define _Must_inspect_impl_ [__R_impl(__d_=0)] - -#define _Success_impl_(expr) [__M_(__d_=0)] -#define _On_failure_impl_(expr) [__M_(__d_=0)] -#define _Always_impl_(expr) [__M_(__d_=0)] - -#define _Printf_format_string_impl_ [__P_impl(__d_=0)] -#define _Scanf_format_string_impl_ [__P_impl(__d_=0)] -#define _Scanf_s_format_string_impl_ [__P_impl(__d_=0)] - -#define _Raises_SEH_exception_impl_ [__M_(__d_=0)] -#define _Maybe_raises_SEH_exception_impl_ [__M_(__d_=0)] - -#define _In_bound_impl_ [__P_impl(__d_=0)] -#define _Out_bound_impl_ [__P_impl(__d_=0)] -#define _Ret_bound_impl_ [__R_impl(__d_=0)] -#define _Deref_in_bound_impl_ [__P_impl(__d_=0)] -#define _Deref_out_bound_impl_ [__P_impl(__d_=0)] -#define _Deref_ret_bound_impl_ [__R_impl(__d_=0)] - -#define _Range_impl_(min,max) [__P_impl(__d_=0)] -#define _In_range_impl_(min,max) [__P_impl(__d_=0)] -#define _Out_range_impl_(min,max) [__P_impl(__d_=0)] -#define _Ret_range_impl_(min,max) [__R_impl(__d_=0)] -#define _Deref_in_range_impl_(min,max) [__P_impl(__d_=0)] -#define _Deref_out_range_impl_(min,max) [__P_impl(__d_=0)] -#define _Deref_ret_range_impl_(min,max) [__R_impl(__d_=0)] - -#define _Field_range_impl_(min,max) [__F_(__d_=0)] - -#define _Pre_satisfies_impl_(cond) [__A_(__d_=0)] -#define _Post_satisfies_impl_(cond) [__A_(__d_=0)] -#define _Satisfies_impl_(cond) [__A_(__d_=0)] - -#define _Null_impl_ [__A_(__d_=0)] -#define _Notnull_impl_ [__A_(__d_=0)] -#define _Maybenull_impl_ [__A_(__d_=0)] - -#define _Valid_impl_ [__A_(__d_=0)] -#define _Notvalid_impl_ [__A_(__d_=0)] -#define _Maybevalid_impl_ [__A_(__d_=0)] - -#define _Readable_bytes_impl_(size) [__A_(__d_=0)] -#define _Readable_elements_impl_(size) [__A_(__d_=0)] -#define _Writable_bytes_impl_(size) [__A_(__d_=0)] -#define _Writable_elements_impl_(size) [__A_(__d_=0)] - -#define _Null_terminated_impl_ [__A_(__d_=0)] -#define _NullNull_terminated_impl_ [__A_(__d_=0)] - -#define _Pre_impl_ [__P_impl(__d_=0)] -#define _Pre1_impl_(p1) [__P_impl(__d_=0)] -#define _Pre2_impl_(p1,p2) [__P_impl(__d_=0)] -#define _Pre3_impl_(p1,p2,p3) [__P_impl(__d_=0)] - -#define _Post_impl_ [__P_impl(__d_=0)] -#define _Post1_impl_(p1) [__P_impl(__d_=0)] -#define _Post2_impl_(p1,p2) [__P_impl(__d_=0)] -#define _Post3_impl_(p1,p2,p3) [__P_impl(__d_=0)] - -#define _Ret1_impl_(p1) [__R_impl(__d_=0)] -#define _Ret2_impl_(p1,p2) [__R_impl(__d_=0)] -#define _Ret3_impl_(p1,p2,p3) [__R_impl(__d_=0)] - -#define _Deref_pre1_impl_(p1) [__P_impl(__d_=0)] -#define _Deref_pre2_impl_(p1,p2) [__P_impl(__d_=0)] -#define _Deref_pre3_impl_(p1,p2,p3) [__P_impl(__d_=0)] - -#define _Deref_post1_impl_(p1) [__P_impl(__d_=0)] -#define _Deref_post2_impl_(p1,p2) [__P_impl(__d_=0)] -#define _Deref_post3_impl_(p1,p2,p3) [__P_impl(__d_=0)] - -#define _Deref_ret1_impl_(p1) [__R_impl(__d_=0)] -#define _Deref_ret2_impl_(p1,p2) [__R_impl(__d_=0)] -#define _Deref_ret3_impl_(p1,p2,p3) [__R_impl(__d_=0)] - -#define _Deref2_pre1_impl_(p1) //[__P_impl(__d_=0)] -#define _Deref2_post1_impl_(p1) //[__P_impl(__d_=0)] -#define _Deref2_ret1_impl_(p1) //[__P_impl(__d_=0)] - -#else // ][ - - -#define _SAL_nop_impl_ X - -#define _At_impl_(target, annos) -#define _When_impl_(expr, annos) -#define _Group_impl_(annos) -#define _GrouP_impl_(annos) -#define _At_buffer_impl_(target, iter, bound, annos) -#define _Use_decl_anno_impl_ -#define _Points_to_data_impl_ -#define _Literal_impl_ -#define _Notliteral_impl_ -#define _Notref_impl_ - -#define _Pre_valid_impl_ -#define _Post_valid_impl_ -#define _Ret_valid_impl_ - -#define _Check_return_impl_ -#define _Must_inspect_impl_ - -#define _Success_impl_(expr) -#define _On_failure_impl_(annos) -#define _Always_impl_(annos) - -#define _Printf_format_string_impl_ -#define _Scanf_format_string_impl_ -#define _Scanf_s_format_string_impl_ - -#define _In_bound_impl_ -#define _Out_bound_impl_ -#define _Ret_bound_impl_ -#define _Deref_in_bound_impl_ -#define _Deref_out_bound_impl_ -#define _Deref_ret_bound_impl_ - -#define _Range_impl_(min,max) -#define _In_range_impl_(min,max) -#define _Out_range_impl_(min,max) -#define _Ret_range_impl_(min,max) -#define _Deref_in_range_impl_(min,max) -#define _Deref_out_range_impl_(min,max) -#define _Deref_ret_range_impl_(min,max) - -#define _Satisfies_impl_(expr) -#define _Pre_satisfies_impl_(expr) -#define _Post_satisfies_impl_(expr) - -#define _Null_impl_ -#define _Notnull_impl_ -#define _Maybenull_impl_ - -#define _Valid_impl_ -#define _Notvalid_impl_ -#define _Maybevalid_impl_ - -#define _Field_range_impl_(min,max) - -#define _Pre_impl_ -#define _Pre1_impl_(p1) -#define _Pre2_impl_(p1,p2) -#define _Pre3_impl_(p1,p2,p3) - -#define _Post_impl_ -#define _Post1_impl_(p1) -#define _Post2_impl_(p1,p2) -#define _Post3_impl_(p1,p2,p3) - -#define _Ret1_impl_(p1) -#define _Ret2_impl_(p1,p2) -#define _Ret3_impl_(p1,p2,p3) - -#define _Deref_pre1_impl_(p1) -#define _Deref_pre2_impl_(p1,p2) -#define _Deref_pre3_impl_(p1,p2,p3) - -#define _Deref_post1_impl_(p1) -#define _Deref_post2_impl_(p1,p2) -#define _Deref_post3_impl_(p1,p2,p3) - -#define _Deref_ret1_impl_(p1) -#define _Deref_ret2_impl_(p1,p2) -#define _Deref_ret3_impl_(p1,p2,p3) - -#define _Deref2_pre1_impl_(p1) -#define _Deref2_post1_impl_(p1) -#define _Deref2_ret1_impl_(p1) - -#define _Readable_bytes_impl_(size) -#define _Readable_elements_impl_(size) -#define _Writable_bytes_impl_(size) -#define _Writable_elements_impl_(size) - -#define _Null_terminated_impl_ -#define _NullNull_terminated_impl_ - -// Obsolete -- may be needed for transition to attributes. -#define __inner_typefix(ctype) -#define __inner_exceptthat - -#endif // ] - -// This section contains the deprecated annotations - -/* - ------------------------------------------------------------------------------- - Introduction - - sal.h provides a set of annotations to describe how a function uses its - parameters - the assumptions it makes about them, and the guarantees it makes - upon finishing. - - Annotations may be placed before either a function parameter's type or its return - type, and describe the function's behavior regarding the parameter or return value. - There are two classes of annotations: buffer annotations and advanced annotations. - Buffer annotations describe how functions use their pointer parameters, and - advanced annotations either describe complex/unusual buffer behavior, or provide - additional information about a parameter that is not otherwise expressible. - - ------------------------------------------------------------------------------- - Buffer Annotations - - The most important annotations in sal.h provide a consistent way to annotate - buffer parameters or return values for a function. Each of these annotations describes - a single buffer (which could be a string, a fixed-length or variable-length array, - or just a pointer) that the function interacts with: where it is, how large it is, - how much is initialized, and what the function does with it. - - The appropriate macro for a given buffer can be constructed using the table below. - Just pick the appropriate values from each category, and combine them together - with a leading underscore. Some combinations of values do not make sense as buffer - annotations. Only meaningful annotations can be added to your code; for a list of - these, see the buffer annotation definitions section. - - Only a single buffer annotation should be used for each parameter. - - |------------|------------|---------|--------|----------|----------|---------------| - | Level | Usage | Size | Output | NullTerm | Optional | Parameters | - |------------|------------|---------|--------|----------|----------|---------------| - | <> | <> | <> | <> | _z | <> | <> | - | _deref | _in | _ecount | _full | _nz | _opt | (size) | - | _deref_opt | _out | _bcount | _part | | | (size,length) | - | | _inout | | | | | | - | | | | | | | | - |------------|------------|---------|--------|----------|----------|---------------| - - Level: Describes the buffer pointer's level of indirection from the parameter or - return value 'p'. - - <> : p is the buffer pointer. - _deref : *p is the buffer pointer. p must not be NULL. - _deref_opt : *p may be the buffer pointer. p may be NULL, in which case the rest of - the annotation is ignored. - - Usage: Describes how the function uses the buffer. - - <> : The buffer is not accessed. If used on the return value or with _deref, the - function will provide the buffer, and it will be uninitialized at exit. - Otherwise, the caller must provide the buffer. This should only be used - for alloc and free functions. - _in : The function will only read from the buffer. The caller must provide the - buffer and initialize it. Cannot be used with _deref. - _out : The function will only write to the buffer. If used on the return value or - with _deref, the function will provide the buffer and initialize it. - Otherwise, the caller must provide the buffer, and the function will - initialize it. - _inout : The function may freely read from and write to the buffer. The caller must - provide the buffer and initialize it. If used with _deref, the buffer may - be reallocated by the function. - - Size: Describes the total size of the buffer. This may be less than the space actually - allocated for the buffer, in which case it describes the accessible amount. - - <> : No buffer size is given. If the type specifies the buffer size (such as - with LPSTR and LPWSTR), that amount is used. Otherwise, the buffer is one - element long. Must be used with _in, _out, or _inout. - _ecount : The buffer size is an explicit element count. - _bcount : The buffer size is an explicit byte count. - - Output: Describes how much of the buffer will be initialized by the function. For - _inout buffers, this also describes how much is initialized at entry. Omit this - category for _in buffers; they must be fully initialized by the caller. - - <> : The type specifies how much is initialized. For instance, a function initializing - an LPWSTR must NULL-terminate the string. - _full : The function initializes the entire buffer. - _part : The function initializes part of the buffer, and explicitly indicates how much. - - NullTerm: States if the present of a '\0' marks the end of valid elements in the buffer. - _z : A '\0' indicated the end of the buffer - _nz : The buffer may not be null terminated and a '\0' does not indicate the end of the - buffer. - Optional: Describes if the buffer itself is optional. - - <> : The pointer to the buffer must not be NULL. - _opt : The pointer to the buffer might be NULL. It will be checked before being dereferenced. - - Parameters: Gives explicit counts for the size and length of the buffer. - - <> : There is no explicit count. Use when neither _ecount nor _bcount is used. - (size) : Only the buffer's total size is given. Use with _ecount or _bcount but not _part. - (size,length) : The buffer's total size and initialized length are given. Use with _ecount_part - and _bcount_part. - - ------------------------------------------------------------------------------- - Buffer Annotation Examples - - LWSTDAPI_(BOOL) StrToIntExA( - __in LPCSTR pszString, - DWORD dwFlags, - __out int *piRet -- A pointer whose dereference will be filled in. - ); - - void MyPaintingFunction( - __in HWND hwndControl, -- An initialized read-only parameter. - __in_opt HDC hdcOptional, -- An initialized read-only parameter that might be NULL. - __inout IPropertyStore *ppsStore -- An initialized parameter that may be freely used - -- and modified. - ); - - LWSTDAPI_(BOOL) PathCompactPathExA( - __out_ecount(cchMax) LPSTR pszOut, -- A string buffer with cch elements that will - -- be NULL terminated on exit. - __in LPCSTR pszSrc, - UINT cchMax, - DWORD dwFlags - ); - - HRESULT SHLocalAllocBytes( - size_t cb, - __deref_bcount(cb) T **ppv -- A pointer whose dereference will be set to an - -- uninitialized buffer with cb bytes. - ); - - __inout_bcount_full(cb) : A buffer with cb elements that is fully initialized at - entry and exit, and may be written to by this function. - - __out_ecount_part(count, *countOut) : A buffer with count elements that will be - partially initialized by this function. The function indicates how much it - initialized by setting *countOut. - - ------------------------------------------------------------------------------- - Advanced Annotations - - Advanced annotations describe behavior that is not expressible with the regular - buffer macros. These may be used either to annotate buffer parameters that involve - complex or conditional behavior, or to enrich existing annotations with additional - information. - - __success(expr) f : - <expr> indicates whether function f succeeded or not. If <expr> is true at exit, - all the function's guarantees (as given by other annotations) must hold. If <expr> - is false at exit, the caller should not expect any of the function's guarantees - to hold. If not used, the function must always satisfy its guarantees. Added - automatically to functions that indicate success in standard ways, such as by - returning an HRESULT. - - __nullterminated p : - Pointer p is a buffer that may be read or written up to and including the first - NULL character or pointer. May be used on typedefs, which marks valid (properly - initialized) instances of that type as being NULL-terminated. - - __nullnullterminated p : - Pointer p is a buffer that may be read or written up to and including the first - sequence of two NULL characters or pointers. May be used on typedefs, which marks - valid instances of that type as being double-NULL terminated. - - __reserved v : - Value v must be 0/NULL, reserved for future use. - - __checkReturn v : - Return value v must not be ignored by callers of this function. - - __typefix(ctype) v : - Value v should be treated as an instance of ctype, rather than its declared type. - - __override f : - Specify C#-style 'override' behaviour for overriding virtual methods. - - __callback f : - Function f can be used as a function pointer. - - __format_string p : - Pointer p is a string that contains % markers in the style of printf. - - __blocksOn(resource) f : - Function f blocks on the resource 'resource'. - - __fallthrough : - Annotates switch statement labels where fall-through is desired, to distinguish - from forgotten break statements. - - ------------------------------------------------------------------------------- - Advanced Annotation Examples - - __success(return != FALSE) LWSTDAPI_(BOOL) - PathCanonicalizeA(__out_ecount(MAX_PATH) LPSTR pszBuf, LPCSTR pszPath) : - pszBuf is only guaranteed to be NULL-terminated when TRUE is returned. - - typedef __nullterminated WCHAR* LPWSTR : Initialized LPWSTRs are NULL-terminated strings. - - __out_ecount(cch) __typefix(LPWSTR) void *psz : psz is a buffer parameter which will be - a NULL-terminated WCHAR string at exit, and which initially contains cch WCHARs. - - ------------------------------------------------------------------------------- -*/ - -#define __specstrings - -#ifdef __cplusplus // [ -#ifndef __nothrow // [ -# define __nothrow __declspec(nothrow) -#endif // ] -extern "C" { -#else // ][ -#ifndef __nothrow // [ -# define __nothrow -#endif // ] -#endif /* #ifdef __cplusplus */ // ] - - -/* - ------------------------------------------------------------------------------- - Helper Macro Definitions - - These express behavior common to many of the high-level annotations. - DO NOT USE THESE IN YOUR CODE. - ------------------------------------------------------------------------------- -*/ - -/* - The helper annotations are only understood by the compiler version used by - various defect detection tools. When the regular compiler is running, they - are defined into nothing, and do not affect the compiled code. -*/ - -#if !defined(__midl) && defined(_PREFAST_) // [ - - /* - In the primitive "SAL_*" annotations "SAL" stands for Standard - Annotation Language. These "SAL_*" annotations are the - primitives the compiler understands and high-level MACROs - will decompose into these primivates. - */ - - #define _SA_SPECSTRIZE( x ) #x - - /* - __null p - __notnull p - __maybenull p - - Annotates a pointer p. States that pointer p is null. Commonly used - in the negated form __notnull or the possibly null form __maybenull. - */ - -#ifndef PAL_STDCPP_COMPAT - #define __null _Null_impl_ - #define __notnull _Notnull_impl_ - #define __maybenull _Maybenull_impl_ -#endif // !PAL_STDCPP_COMPAT - - /* - __readonly l - __notreadonly l - __mabyereadonly l - - Annotates a location l. States that location l is not modified after - this point. If the annotation is placed on the precondition state of - a function, the restriction only applies until the postcondition state - of the function. __maybereadonly states that the annotated location - may be modified, whereas __notreadonly states that a location must be - modified. - */ - - #define __readonly _Pre1_impl_(__readaccess_impl) - #define __notreadonly _Pre1_impl_(__allaccess_impl) - #define __maybereadonly _Pre1_impl_(__readaccess_impl) - - /* - __valid v - __notvalid v - __maybevalid v - - Annotates any value v. States that the value satisfies all properties of - valid values of its type. For example, for a string buffer, valid means - that the buffer pointer is either NULL or points to a NULL-terminated string. - */ - - #define __valid _Valid_impl_ - #define __notvalid _Notvalid_impl_ - #define __maybevalid _Maybevalid_impl_ - - /* - __readableTo(extent) p - - Annotates a buffer pointer p. If the buffer can be read, extent describes - how much of the buffer is readable. For a reader of the buffer, this is - an explicit permission to read up to that amount, rather than a restriction to - read only up to it. - */ - - #define __readableTo(extent) _SA_annotes1(SAL_readableTo, extent) - - /* - - __elem_readableTo(size) - - Annotates a buffer pointer p as being readable to size elements. - */ - - #define __elem_readableTo(size) _SA_annotes1(SAL_readableTo, elementCount( size )) - - /* - __byte_readableTo(size) - - Annotates a buffer pointer p as being readable to size bytes. - */ - #define __byte_readableTo(size) _SA_annotes1(SAL_readableTo, byteCount(size)) - - /* - __writableTo(extent) p - - Annotates a buffer pointer p. If the buffer can be modified, extent - describes how much of the buffer is writable (usually the allocation - size). For a writer of the buffer, this is an explicit permission to - write up to that amount, rather than a restriction to write only up to it. - */ - #define __writableTo(size) _SA_annotes1(SAL_writableTo, size) - - /* - __elem_writableTo(size) - - Annotates a buffer pointer p as being writable to size elements. - */ - #define __elem_writableTo(size) _SA_annotes1(SAL_writableTo, elementCount( size )) - - /* - __byte_writableTo(size) - - Annotates a buffer pointer p as being writable to size bytes. - */ - #define __byte_writableTo(size) _SA_annotes1(SAL_writableTo, byteCount( size)) - - /* - __deref p - - Annotates a pointer p. The next annotation applies one dereference down - in the type. If readableTo(p, size) then the next annotation applies to - all elements *(p+i) for which i satisfies the size. If p is a pointer - to a struct, the next annotation applies to all fields of the struct. - */ - #define __deref _Deref_impl_ - - /* - __pre __next_annotation - - The next annotation applies in the precondition state - */ - #define __pre _Pre_impl_ - - /* - __post __next_annotation - - The next annotation applies in the postcondition state - */ - #define __post _Post_impl_ - - /* - __precond(<expr>) - - When <expr> is true, the next annotation applies in the precondition state - (currently not enabled) - */ - #define __precond(expr) __pre - - /* - __postcond(<expr>) - - When <expr> is true, the next annotation applies in the postcondition state - (currently not enabled) - */ - #define __postcond(expr) __post - - /* - __exceptthat - - Given a set of annotations Q containing __exceptthat maybeP, the effect of - the except clause is to erase any P or notP annotations (explicit or - implied) within Q at the same level of dereferencing that the except - clause appears, and to replace it with maybeP. - - Example 1: __valid __pre_except_maybenull on a pointer p means that the - pointer may be null, and is otherwise valid, thus overriding - the implicit notnull annotation implied by __valid on - pointers. - - Example 2: __valid __deref __pre_except_maybenull on an int **p means - that p is not null (implied by valid), but the elements - pointed to by p could be null, and are otherwise valid. - */ - #define __exceptthat __inner_exceptthat - - /* - _refparam - - Added to all out parameter macros to indicate that they are all reference - parameters. - */ - #define __refparam _Notref_ __deref __notreadonly - - /* - __inner_* - - Helper macros that directly correspond to certain high-level annotations. - - */ - - /* - Macros to classify the entrypoints and indicate their category. - - Pre-defined control point categories include: RPC, LPC, DeviceDriver, UserToKernel, ISAPI, COM. - - */ - #define __inner_control_entrypoint(category) _SA_annotes2(SAL_entrypoint, controlEntry, category) - - - /* - Pre-defined data entry point categories include: Registry, File, Network. - */ - #define __inner_data_entrypoint(category) _SA_annotes2(SAL_entrypoint, dataEntry, category) - - #define __inner_override _SA_annotes0(__override) - #define __inner_callback _SA_annotes0(__callback) - #define __inner_blocksOn(resource) _SA_annotes1(SAL_blocksOn, resource) - #define __inner_fallthrough_dec __inline __nothrow void __FallThrough() {} - #define __inner_fallthrough __FallThrough(); - - #define __post_except_maybenull __post __inner_exceptthat _Maybenull_impl_ - #define __pre_except_maybenull __pre __inner_exceptthat _Maybenull_impl_ - - #define __post_deref_except_maybenull __post __deref __inner_exceptthat _Maybenull_impl_ - #define __pre_deref_except_maybenull __pre __deref __inner_exceptthat _Maybenull_impl_ - - #define __inexpressible_readableTo(size) _Readable_elements_impl_(_Inexpressible_(size)) - #define __inexpressible_writableTo(size) _Writable_elements_impl_(_Inexpressible_(size)) - - -#else // ][ -#ifndef PAL_STDCPP_COMPAT - #define __null - #define __notnull -#endif // !PAL_STDCPP_COMPAT - #define __maybenull - #define __readonly - #define __notreadonly - #define __maybereadonly - #define __valid - #define __notvalid - #define __maybevalid - #define __readableTo(extent) - #define __elem_readableTo(size) - #define __byte_readableTo(size) - #define __writableTo(size) - #define __elem_writableTo(size) - #define __byte_writableTo(size) - #define __deref - #define __pre - #define __post - #define __precond(expr) - #define __postcond(expr) - #define __exceptthat - #define __inner_override - #define __inner_callback - #define __inner_blocksOn(resource) - #define __inner_fallthrough_dec - #define __inner_fallthrough - #define __refparam - #define __inner_control_entrypoint(category) - #define __inner_data_entrypoint(category) - - #define __post_except_maybenull - #define __pre_except_maybenull - #define __post_deref_except_maybenull - #define __pre_deref_except_maybenull - - #define __inexpressible_readableTo(size) - #define __inexpressible_writableTo(size) - -#endif /* #if !defined(__midl) && defined(_PREFAST_) */ // ] - -/* -------------------------------------------------------------------------------- -Buffer Annotation Definitions - -Any of these may be used to directly annotate functions, but only one should -be used for each parameter. To determine which annotation to use for a given -buffer, use the table in the buffer annotations section. -------------------------------------------------------------------------------- -*/ - -// These macros conflict with c++ headers. -#ifndef PAL_STDCPP_COMPAT -#define __in _SAL1_Source_(__in, (), _In_) -#define __out _SAL1_Source_(__out, (), _Out_) -#endif // !PAL_STDCPP_COMPAT - -#define __ecount(size) _SAL1_Source_(__ecount, (size), __notnull __elem_writableTo(size)) -#define __bcount(size) _SAL1_Source_(__bcount, (size), __notnull __byte_writableTo(size)) -#define __in_ecount(size) _SAL1_Source_(__in_ecount, (size), _In_reads_(size)) -#define __in_bcount(size) _SAL1_Source_(__in_bcount, (size), _In_reads_bytes_(size)) -#define __in_z _SAL1_Source_(__in_z, (), _In_z_) -#define __in_ecount_z(size) _SAL1_Source_(__in_ecount_z, (size), _In_reads_z_(size)) -#define __in_bcount_z(size) _SAL1_Source_(__in_bcount_z, (size), __in_bcount(size) __pre __nullterminated) -#define __in_nz _SAL1_Source_(__in_nz, (), __in) -#define __in_ecount_nz(size) _SAL1_Source_(__in_ecount_nz, (size), __in_ecount(size)) -#define __in_bcount_nz(size) _SAL1_Source_(__in_bcount_nz, (size), __in_bcount(size)) -#define __out_ecount(size) _SAL1_Source_(__out_ecount, (size), _Out_writes_(size)) -#define __out_bcount(size) _SAL1_Source_(__out_bcount, (size), _Out_writes_bytes_(size)) -#define __out_ecount_part(size,length) _SAL1_Source_(__out_ecount_part, (size,length), _Out_writes_to_(size,length)) -#define __out_bcount_part(size,length) _SAL1_Source_(__out_bcount_part, (size,length), _Out_writes_bytes_to_(size,length)) -#define __out_ecount_full(size) _SAL1_Source_(__out_ecount_full, (size), _Out_writes_all_(size)) -#define __out_bcount_full(size) _SAL1_Source_(__out_bcount_full, (size), _Out_writes_bytes_all_(size)) -#define __out_z _SAL1_Source_(__out_z, (), __post __valid __refparam __post __nullterminated) -#define __out_z_opt _SAL1_Source_(__out_z_opt, (), __post __valid __refparam __post __nullterminated __pre_except_maybenull) -#define __out_ecount_z(size) _SAL1_Source_(__out_ecount_z, (size), __ecount(size) __post __valid __refparam __post __nullterminated) -#define __out_bcount_z(size) _SAL1_Source_(__out_bcount_z, (size), __bcount(size) __post __valid __refparam __post __nullterminated) -#define __out_ecount_part_z(size,length) _SAL1_Source_(__out_ecount_part_z, (size,length), __out_ecount_part(size,length) __post __nullterminated) -#define __out_bcount_part_z(size,length) _SAL1_Source_(__out_bcount_part_z, (size,length), __out_bcount_part(size,length) __post __nullterminated) -#define __out_ecount_full_z(size) _SAL1_Source_(__out_ecount_full_z, (size), __out_ecount_full(size) __post __nullterminated) -#define __out_bcount_full_z(size) _SAL1_Source_(__out_bcount_full_z, (size), __out_bcount_full(size) __post __nullterminated) -#define __out_nz _SAL1_Source_(__out_nz, (), __post __valid __refparam) -#define __out_nz_opt _SAL1_Source_(__out_nz_opt, (), __post __valid __refparam __post_except_maybenull_) -#define __out_ecount_nz(size) _SAL1_Source_(__out_ecount_nz, (size), __ecount(size) __post __valid __refparam) -#define __out_bcount_nz(size) _SAL1_Source_(__out_bcount_nz, (size), __bcount(size) __post __valid __refparam) -#define __inout _SAL1_Source_(__inout, (), _Inout_) -#define __inout_ecount(size) _SAL1_Source_(__inout_ecount, (size), _Inout_updates_(size)) -#define __inout_bcount(size) _SAL1_Source_(__inout_bcount, (size), _Inout_updates_bytes_(size)) -#define __inout_ecount_part(size,length) _SAL1_Source_(__inout_ecount_part, (size,length), _Inout_updates_to_(size,length)) -#define __inout_bcount_part(size,length) _SAL1_Source_(__inout_bcount_part, (size,length), _Inout_updates_bytes_to_(size,length)) -#define __inout_ecount_full(size) _SAL1_Source_(__inout_ecount_full, (size), _Inout_updates_all_(size)) -#define __inout_bcount_full(size) _SAL1_Source_(__inout_bcount_full, (size), _Inout_updates_bytes_all_(size)) -#define __inout_z _SAL1_Source_(__inout_z, (), _Inout_z_) -#define __inout_ecount_z(size) _SAL1_Source_(__inout_ecount_z, (size), _Inout_updates_z_(size)) -#define __inout_bcount_z(size) _SAL1_Source_(__inout_bcount_z, (size), __inout_bcount(size) __pre __nullterminated __post __nullterminated) -#define __inout_nz _SAL1_Source_(__inout_nz, (), __inout) -#define __inout_ecount_nz(size) _SAL1_Source_(__inout_ecount_nz, (size), __inout_ecount(size)) -#define __inout_bcount_nz(size) _SAL1_Source_(__inout_bcount_nz, (size), __inout_bcount(size)) -#define __ecount_opt(size) _SAL1_Source_(__ecount_opt, (size), __ecount(size) __pre_except_maybenull) -#define __bcount_opt(size) _SAL1_Source_(__bcount_opt, (size), __bcount(size) __pre_except_maybenull) -#define __in_opt _SAL1_Source_(__in_opt, (), _In_opt_) -#define __in_ecount_opt(size) _SAL1_Source_(__in_ecount_opt, (size), _In_reads_opt_(size)) -#define __in_bcount_opt(size) _SAL1_Source_(__in_bcount_opt, (size), _In_reads_bytes_opt_(size)) -#define __in_z_opt _SAL1_Source_(__in_z_opt, (), _In_opt_z_) -#define __in_ecount_z_opt(size) _SAL1_Source_(__in_ecount_z_opt, (size), __in_ecount_opt(size) __pre __nullterminated) -#define __in_bcount_z_opt(size) _SAL1_Source_(__in_bcount_z_opt, (size), __in_bcount_opt(size) __pre __nullterminated) -#define __in_nz_opt _SAL1_Source_(__in_nz_opt, (), __in_opt) -#define __in_ecount_nz_opt(size) _SAL1_Source_(__in_ecount_nz_opt, (size), __in_ecount_opt(size)) -#define __in_bcount_nz_opt(size) _SAL1_Source_(__in_bcount_nz_opt, (size), __in_bcount_opt(size)) -#define __out_opt _SAL1_Source_(__out_opt, (), _Out_opt_) -#define __out_ecount_opt(size) _SAL1_Source_(__out_ecount_opt, (size), _Out_writes_opt_(size)) -#define __out_bcount_opt(size) _SAL1_Source_(__out_bcount_opt, (size), _Out_writes_bytes_opt_(size)) -#define __out_ecount_part_opt(size,length) _SAL1_Source_(__out_ecount_part_opt, (size,length), __out_ecount_part(size,length) __pre_except_maybenull) -#define __out_bcount_part_opt(size,length) _SAL1_Source_(__out_bcount_part_opt, (size,length), __out_bcount_part(size,length) __pre_except_maybenull) -#define __out_ecount_full_opt(size) _SAL1_Source_(__out_ecount_full_opt, (size), __out_ecount_full(size) __pre_except_maybenull) -#define __out_bcount_full_opt(size) _SAL1_Source_(__out_bcount_full_opt, (size), __out_bcount_full(size) __pre_except_maybenull) -#define __out_ecount_z_opt(size) _SAL1_Source_(__out_ecount_z_opt, (size), __out_ecount_opt(size) __post __nullterminated) -#define __out_bcount_z_opt(size) _SAL1_Source_(__out_bcount_z_opt, (size), __out_bcount_opt(size) __post __nullterminated) -#define __out_ecount_part_z_opt(size,length) _SAL1_Source_(__out_ecount_part_z_opt, (size,length), __out_ecount_part_opt(size,length) __post __nullterminated) -#define __out_bcount_part_z_opt(size,length) _SAL1_Source_(__out_bcount_part_z_opt, (size,length), __out_bcount_part_opt(size,length) __post __nullterminated) -#define __out_ecount_full_z_opt(size) _SAL1_Source_(__out_ecount_full_z_opt, (size), __out_ecount_full_opt(size) __post __nullterminated) -#define __out_bcount_full_z_opt(size) _SAL1_Source_(__out_bcount_full_z_opt, (size), __out_bcount_full_opt(size) __post __nullterminated) -#define __out_ecount_nz_opt(size) _SAL1_Source_(__out_ecount_nz_opt, (size), __out_ecount_opt(size) __post __nullterminated) -#define __out_bcount_nz_opt(size) _SAL1_Source_(__out_bcount_nz_opt, (size), __out_bcount_opt(size) __post __nullterminated) -#define __inout_opt _SAL1_Source_(__inout_opt, (), _Inout_opt_) -#define __inout_ecount_opt(size) _SAL1_Source_(__inout_ecount_opt, (size), __inout_ecount(size) __pre_except_maybenull) -#define __inout_bcount_opt(size) _SAL1_Source_(__inout_bcount_opt, (size), __inout_bcount(size) __pre_except_maybenull) -#define __inout_ecount_part_opt(size,length) _SAL1_Source_(__inout_ecount_part_opt, (size,length), __inout_ecount_part(size,length) __pre_except_maybenull) -#define __inout_bcount_part_opt(size,length) _SAL1_Source_(__inout_bcount_part_opt, (size,length), __inout_bcount_part(size,length) __pre_except_maybenull) -#define __inout_ecount_full_opt(size) _SAL1_Source_(__inout_ecount_full_opt, (size), __inout_ecount_full(size) __pre_except_maybenull) -#define __inout_bcount_full_opt(size) _SAL1_Source_(__inout_bcount_full_opt, (size), __inout_bcount_full(size) __pre_except_maybenull) -#define __inout_z_opt _SAL1_Source_(__inout_z_opt, (), __inout_opt __pre __nullterminated __post __nullterminated) -#define __inout_ecount_z_opt(size) _SAL1_Source_(__inout_ecount_z_opt, (size), __inout_ecount_opt(size) __pre __nullterminated __post __nullterminated) -#define __inout_ecount_z_opt(size) _SAL1_Source_(__inout_ecount_z_opt, (size), __inout_ecount_opt(size) __pre __nullterminated __post __nullterminated) -#define __inout_bcount_z_opt(size) _SAL1_Source_(__inout_bcount_z_opt, (size), __inout_bcount_opt(size)) -#define __inout_nz_opt _SAL1_Source_(__inout_nz_opt, (), __inout_opt) -#define __inout_ecount_nz_opt(size) _SAL1_Source_(__inout_ecount_nz_opt, (size), __inout_ecount_opt(size)) -#define __inout_bcount_nz_opt(size) _SAL1_Source_(__inout_bcount_nz_opt, (size), __inout_bcount_opt(size)) -#define __deref_ecount(size) _SAL1_Source_(__deref_ecount, (size), _Notref_ __ecount(1) __post _Notref_ __elem_readableTo(1) __post _Notref_ __deref _Notref_ __notnull __post __deref __elem_writableTo(size)) -#define __deref_bcount(size) _SAL1_Source_(__deref_bcount, (size), _Notref_ __ecount(1) __post _Notref_ __elem_readableTo(1) __post _Notref_ __deref _Notref_ __notnull __post __deref __byte_writableTo(size)) -#define __deref_out _SAL1_Source_(__deref_out, (), _Outptr_) -#define __deref_out_ecount(size) _SAL1_Source_(__deref_out_ecount, (size), _Outptr_result_buffer_(size)) -#define __deref_out_bcount(size) _SAL1_Source_(__deref_out_bcount, (size), _Outptr_result_bytebuffer_(size)) -#define __deref_out_ecount_part(size,length) _SAL1_Source_(__deref_out_ecount_part, (size,length), _Outptr_result_buffer_to_(size,length)) -#define __deref_out_bcount_part(size,length) _SAL1_Source_(__deref_out_bcount_part, (size,length), _Outptr_result_bytebuffer_to_(size,length)) -#define __deref_out_ecount_full(size) _SAL1_Source_(__deref_out_ecount_full, (size), __deref_out_ecount_part(size,size)) -#define __deref_out_bcount_full(size) _SAL1_Source_(__deref_out_bcount_full, (size), __deref_out_bcount_part(size,size)) -#define __deref_out_z _SAL1_Source_(__deref_out_z, (), _Outptr_result_z_) -#define __deref_out_ecount_z(size) _SAL1_Source_(__deref_out_ecount_z, (size), __deref_out_ecount(size) __post __deref __nullterminated) -#define __deref_out_bcount_z(size) _SAL1_Source_(__deref_out_bcount_z, (size), __deref_out_bcount(size) __post __deref __nullterminated) -#define __deref_out_nz _SAL1_Source_(__deref_out_nz, (), __deref_out) -#define __deref_out_ecount_nz(size) _SAL1_Source_(__deref_out_ecount_nz, (size), __deref_out_ecount(size)) -#define __deref_out_bcount_nz(size) _SAL1_Source_(__deref_out_bcount_nz, (size), __deref_out_ecount(size)) -#define __deref_inout _SAL1_Source_(__deref_inout, (), _Notref_ __notnull _Notref_ __elem_readableTo(1) __pre __deref __valid __post _Notref_ __deref __valid __refparam) -#define __deref_inout_z _SAL1_Source_(__deref_inout_z, (), __deref_inout __pre __deref __nullterminated __post _Notref_ __deref __nullterminated) -#define __deref_inout_ecount(size) _SAL1_Source_(__deref_inout_ecount, (size), __deref_inout __pre __deref __elem_writableTo(size) __post _Notref_ __deref __elem_writableTo(size)) -#define __deref_inout_bcount(size) _SAL1_Source_(__deref_inout_bcount, (size), __deref_inout __pre __deref __byte_writableTo(size) __post _Notref_ __deref __byte_writableTo(size)) -#define __deref_inout_ecount_part(size,length) _SAL1_Source_(__deref_inout_ecount_part, (size,length), __deref_inout_ecount(size) __pre __deref __elem_readableTo(length) __post __deref __elem_readableTo(length)) -#define __deref_inout_bcount_part(size,length) _SAL1_Source_(__deref_inout_bcount_part, (size,length), __deref_inout_bcount(size) __pre __deref __byte_readableTo(length) __post __deref __byte_readableTo(length)) -#define __deref_inout_ecount_full(size) _SAL1_Source_(__deref_inout_ecount_full, (size), __deref_inout_ecount_part(size,size)) -#define __deref_inout_bcount_full(size) _SAL1_Source_(__deref_inout_bcount_full, (size), __deref_inout_bcount_part(size,size)) -#define __deref_inout_ecount_z(size) _SAL1_Source_(__deref_inout_ecount_z, (size), __deref_inout_ecount(size) __pre __deref __nullterminated __post __deref __nullterminated) -#define __deref_inout_bcount_z(size) _SAL1_Source_(__deref_inout_bcount_z, (size), __deref_inout_bcount(size) __pre __deref __nullterminated __post __deref __nullterminated) -#define __deref_inout_nz _SAL1_Source_(__deref_inout_nz, (), __deref_inout) -#define __deref_inout_ecount_nz(size) _SAL1_Source_(__deref_inout_ecount_nz, (size), __deref_inout_ecount(size)) -#define __deref_inout_bcount_nz(size) _SAL1_Source_(__deref_inout_bcount_nz, (size), __deref_inout_ecount(size)) -#define __deref_ecount_opt(size) _SAL1_Source_(__deref_ecount_opt, (size), __deref_ecount(size) __post_deref_except_maybenull) -#define __deref_bcount_opt(size) _SAL1_Source_(__deref_bcount_opt, (size), __deref_bcount(size) __post_deref_except_maybenull) -#define __deref_out_opt _SAL1_Source_(__deref_out_opt, (), __deref_out __post_deref_except_maybenull) -#define __deref_out_ecount_opt(size) _SAL1_Source_(__deref_out_ecount_opt, (size), __deref_out_ecount(size) __post_deref_except_maybenull) -#define __deref_out_bcount_opt(size) _SAL1_Source_(__deref_out_bcount_opt, (size), __deref_out_bcount(size) __post_deref_except_maybenull) -#define __deref_out_ecount_part_opt(size,length) _SAL1_Source_(__deref_out_ecount_part_opt, (size,length), __deref_out_ecount_part(size,length) __post_deref_except_maybenull) -#define __deref_out_bcount_part_opt(size,length) _SAL1_Source_(__deref_out_bcount_part_opt, (size,length), __deref_out_bcount_part(size,length) __post_deref_except_maybenull) -#define __deref_out_ecount_full_opt(size) _SAL1_Source_(__deref_out_ecount_full_opt, (size), __deref_out_ecount_full(size) __post_deref_except_maybenull) -#define __deref_out_bcount_full_opt(size) _SAL1_Source_(__deref_out_bcount_full_opt, (size), __deref_out_bcount_full(size) __post_deref_except_maybenull) -#define __deref_out_z_opt _SAL1_Source_(__deref_out_z_opt, (), _Outptr_result_maybenull_z_) -#define __deref_out_ecount_z_opt(size) _SAL1_Source_(__deref_out_ecount_z_opt, (size), __deref_out_ecount_opt(size) __post __deref __nullterminated) -#define __deref_out_bcount_z_opt(size) _SAL1_Source_(__deref_out_bcount_z_opt, (size), __deref_out_bcount_opt(size) __post __deref __nullterminated) -#define __deref_out_nz_opt _SAL1_Source_(__deref_out_nz_opt, (), __deref_out_opt) -#define __deref_out_ecount_nz_opt(size) _SAL1_Source_(__deref_out_ecount_nz_opt, (size), __deref_out_ecount_opt(size)) -#define __deref_out_bcount_nz_opt(size) _SAL1_Source_(__deref_out_bcount_nz_opt, (size), __deref_out_bcount_opt(size)) -#define __deref_inout_opt _SAL1_Source_(__deref_inout_opt, (), __deref_inout __pre_deref_except_maybenull __post_deref_except_maybenull) -#define __deref_inout_ecount_opt(size) _SAL1_Source_(__deref_inout_ecount_opt, (size), __deref_inout_ecount(size) __pre_deref_except_maybenull __post_deref_except_maybenull) -#define __deref_inout_bcount_opt(size) _SAL1_Source_(__deref_inout_bcount_opt, (size), __deref_inout_bcount(size) __pre_deref_except_maybenull __post_deref_except_maybenull) -#define __deref_inout_ecount_part_opt(size,length) _SAL1_Source_(__deref_inout_ecount_part_opt, (size,length), __deref_inout_ecount_part(size,length) __pre_deref_except_maybenull __post_deref_except_maybenull) -#define __deref_inout_bcount_part_opt(size,length) _SAL1_Source_(__deref_inout_bcount_part_opt, (size,length), __deref_inout_bcount_part(size,length) __pre_deref_except_maybenull __post_deref_except_maybenull) -#define __deref_inout_ecount_full_opt(size) _SAL1_Source_(__deref_inout_ecount_full_opt, (size), __deref_inout_ecount_full(size) __pre_deref_except_maybenull __post_deref_except_maybenull) -#define __deref_inout_bcount_full_opt(size) _SAL1_Source_(__deref_inout_bcount_full_opt, (size), __deref_inout_bcount_full(size) __pre_deref_except_maybenull __post_deref_except_maybenull) -#define __deref_inout_z_opt _SAL1_Source_(__deref_inout_z_opt, (), __deref_inout_opt __pre __deref __nullterminated __post __deref __nullterminated) -#define __deref_inout_ecount_z_opt(size) _SAL1_Source_(__deref_inout_ecount_z_opt, (size), __deref_inout_ecount_opt(size) __pre __deref __nullterminated __post __deref __nullterminated) -#define __deref_inout_bcount_z_opt(size) _SAL1_Source_(__deref_inout_bcount_z_opt, (size), __deref_inout_bcount_opt(size) __pre __deref __nullterminated __post __deref __nullterminated) -#define __deref_inout_nz_opt _SAL1_Source_(__deref_inout_nz_opt, (), __deref_inout_opt) -#define __deref_inout_ecount_nz_opt(size) _SAL1_Source_(__deref_inout_ecount_nz_opt, (size), __deref_inout_ecount_opt(size)) -#define __deref_inout_bcount_nz_opt(size) _SAL1_Source_(__deref_inout_bcount_nz_opt, (size), __deref_inout_bcount_opt(size)) -#define __deref_opt_ecount(size) _SAL1_Source_(__deref_opt_ecount, (size), __deref_ecount(size) __pre_except_maybenull) -#define __deref_opt_bcount(size) _SAL1_Source_(__deref_opt_bcount, (size), __deref_bcount(size) __pre_except_maybenull) -#define __deref_opt_out _SAL1_Source_(__deref_opt_out, (), _Outptr_opt_) -#define __deref_opt_out_z _SAL1_Source_(__deref_opt_out_z, (), _Outptr_opt_result_z_) -#define __deref_opt_out_ecount(size) _SAL1_Source_(__deref_opt_out_ecount, (size), __deref_out_ecount(size) __pre_except_maybenull) -#define __deref_opt_out_bcount(size) _SAL1_Source_(__deref_opt_out_bcount, (size), __deref_out_bcount(size) __pre_except_maybenull) -#define __deref_opt_out_ecount_part(size,length) _SAL1_Source_(__deref_opt_out_ecount_part, (size,length), __deref_out_ecount_part(size,length) __pre_except_maybenull) -#define __deref_opt_out_bcount_part(size,length) _SAL1_Source_(__deref_opt_out_bcount_part, (size,length), __deref_out_bcount_part(size,length) __pre_except_maybenull) -#define __deref_opt_out_ecount_full(size) _SAL1_Source_(__deref_opt_out_ecount_full, (size), __deref_out_ecount_full(size) __pre_except_maybenull) -#define __deref_opt_out_bcount_full(size) _SAL1_Source_(__deref_opt_out_bcount_full, (size), __deref_out_bcount_full(size) __pre_except_maybenull) -#define __deref_opt_inout _SAL1_Source_(__deref_opt_inout, (), _Inout_opt_) -#define __deref_opt_inout_ecount(size) _SAL1_Source_(__deref_opt_inout_ecount, (size), __deref_inout_ecount(size) __pre_except_maybenull) -#define __deref_opt_inout_bcount(size) _SAL1_Source_(__deref_opt_inout_bcount, (size), __deref_inout_bcount(size) __pre_except_maybenull) -#define __deref_opt_inout_ecount_part(size,length) _SAL1_Source_(__deref_opt_inout_ecount_part, (size,length), __deref_inout_ecount_part(size,length) __pre_except_maybenull) -#define __deref_opt_inout_bcount_part(size,length) _SAL1_Source_(__deref_opt_inout_bcount_part, (size,length), __deref_inout_bcount_part(size,length) __pre_except_maybenull) -#define __deref_opt_inout_ecount_full(size) _SAL1_Source_(__deref_opt_inout_ecount_full, (size), __deref_inout_ecount_full(size) __pre_except_maybenull) -#define __deref_opt_inout_bcount_full(size) _SAL1_Source_(__deref_opt_inout_bcount_full, (size), __deref_inout_bcount_full(size) __pre_except_maybenull) -#define __deref_opt_inout_z _SAL1_Source_(__deref_opt_inout_z, (), __deref_opt_inout __pre __deref __nullterminated __post __deref __nullterminated) -#define __deref_opt_inout_ecount_z(size) _SAL1_Source_(__deref_opt_inout_ecount_z, (size), __deref_opt_inout_ecount(size) __pre __deref __nullterminated __post __deref __nullterminated) -#define __deref_opt_inout_bcount_z(size) _SAL1_Source_(__deref_opt_inout_bcount_z, (size), __deref_opt_inout_bcount(size) __pre __deref __nullterminated __post __deref __nullterminated) -#define __deref_opt_inout_nz _SAL1_Source_(__deref_opt_inout_nz, (), __deref_opt_inout) -#define __deref_opt_inout_ecount_nz(size) _SAL1_Source_(__deref_opt_inout_ecount_nz, (size), __deref_opt_inout_ecount(size)) -#define __deref_opt_inout_bcount_nz(size) _SAL1_Source_(__deref_opt_inout_bcount_nz, (size), __deref_opt_inout_bcount(size)) -#define __deref_opt_ecount_opt(size) _SAL1_Source_(__deref_opt_ecount_opt, (size), __deref_ecount_opt(size) __pre_except_maybenull) -#define __deref_opt_bcount_opt(size) _SAL1_Source_(__deref_opt_bcount_opt, (size), __deref_bcount_opt(size) __pre_except_maybenull) -#define __deref_opt_out_opt _SAL1_Source_(__deref_opt_out_opt, (), _Outptr_opt_result_maybenull_) -#define __deref_opt_out_ecount_opt(size) _SAL1_Source_(__deref_opt_out_ecount_opt, (size), __deref_out_ecount_opt(size) __pre_except_maybenull) -#define __deref_opt_out_bcount_opt(size) _SAL1_Source_(__deref_opt_out_bcount_opt, (size), __deref_out_bcount_opt(size) __pre_except_maybenull) -#define __deref_opt_out_ecount_part_opt(size,length) _SAL1_Source_(__deref_opt_out_ecount_part_opt, (size,length), __deref_out_ecount_part_opt(size,length) __pre_except_maybenull) -#define __deref_opt_out_bcount_part_opt(size,length) _SAL1_Source_(__deref_opt_out_bcount_part_opt, (size,length), __deref_out_bcount_part_opt(size,length) __pre_except_maybenull) -#define __deref_opt_out_ecount_full_opt(size) _SAL1_Source_(__deref_opt_out_ecount_full_opt, (size), __deref_out_ecount_full_opt(size) __pre_except_maybenull) -#define __deref_opt_out_bcount_full_opt(size) _SAL1_Source_(__deref_opt_out_bcount_full_opt, (size), __deref_out_bcount_full_opt(size) __pre_except_maybenull) -#define __deref_opt_out_z_opt _SAL1_Source_(__deref_opt_out_z_opt, (), __post __deref __valid __refparam __pre_except_maybenull __pre_deref_except_maybenull __post_deref_except_maybenull __post __deref __nullterminated) -#define __deref_opt_out_ecount_z_opt(size) _SAL1_Source_(__deref_opt_out_ecount_z_opt, (size), __deref_opt_out_ecount_opt(size) __post __deref __nullterminated) -#define __deref_opt_out_bcount_z_opt(size) _SAL1_Source_(__deref_opt_out_bcount_z_opt, (size), __deref_opt_out_bcount_opt(size) __post __deref __nullterminated) -#define __deref_opt_out_nz_opt _SAL1_Source_(__deref_opt_out_nz_opt, (), __deref_opt_out_opt) -#define __deref_opt_out_ecount_nz_opt(size) _SAL1_Source_(__deref_opt_out_ecount_nz_opt, (size), __deref_opt_out_ecount_opt(size)) -#define __deref_opt_out_bcount_nz_opt(size) _SAL1_Source_(__deref_opt_out_bcount_nz_opt, (size), __deref_opt_out_bcount_opt(size)) -#define __deref_opt_inout_opt _SAL1_Source_(__deref_opt_inout_opt, (), __deref_inout_opt __pre_except_maybenull) -#define __deref_opt_inout_ecount_opt(size) _SAL1_Source_(__deref_opt_inout_ecount_opt, (size), __deref_inout_ecount_opt(size) __pre_except_maybenull) -#define __deref_opt_inout_bcount_opt(size) _SAL1_Source_(__deref_opt_inout_bcount_opt, (size), __deref_inout_bcount_opt(size) __pre_except_maybenull) -#define __deref_opt_inout_ecount_part_opt(size,length) _SAL1_Source_(__deref_opt_inout_ecount_part_opt, (size,length), __deref_inout_ecount_part_opt(size,length) __pre_except_maybenull) -#define __deref_opt_inout_bcount_part_opt(size,length) _SAL1_Source_(__deref_opt_inout_bcount_part_opt, (size,length), __deref_inout_bcount_part_opt(size,length) __pre_except_maybenull) -#define __deref_opt_inout_ecount_full_opt(size) _SAL1_Source_(__deref_opt_inout_ecount_full_opt, (size), __deref_inout_ecount_full_opt(size) __pre_except_maybenull) -#define __deref_opt_inout_bcount_full_opt(size) _SAL1_Source_(__deref_opt_inout_bcount_full_opt, (size), __deref_inout_bcount_full_opt(size) __pre_except_maybenull) -#define __deref_opt_inout_z_opt _SAL1_Source_(__deref_opt_inout_z_opt, (), __deref_opt_inout_opt __pre __deref __nullterminated __post __deref __nullterminated) -#define __deref_opt_inout_ecount_z_opt(size) _SAL1_Source_(__deref_opt_inout_ecount_z_opt, (size), __deref_opt_inout_ecount_opt(size) __pre __deref __nullterminated __post __deref __nullterminated) -#define __deref_opt_inout_bcount_z_opt(size) _SAL1_Source_(__deref_opt_inout_bcount_z_opt, (size), __deref_opt_inout_bcount_opt(size) __pre __deref __nullterminated __post __deref __nullterminated) -#define __deref_opt_inout_nz_opt _SAL1_Source_(__deref_opt_inout_nz_opt, (), __deref_opt_inout_opt) -#define __deref_opt_inout_ecount_nz_opt(size) _SAL1_Source_(__deref_opt_inout_ecount_nz_opt, (size), __deref_opt_inout_ecount_opt(size)) -#define __deref_opt_inout_bcount_nz_opt(size) _SAL1_Source_(__deref_opt_inout_bcount_nz_opt, (size), __deref_opt_inout_bcount_opt(size)) - -/* -------------------------------------------------------------------------------- -Advanced Annotation Definitions - -Any of these may be used to directly annotate functions, and may be used in -combination with each other or with regular buffer macros. For an explanation -of each annotation, see the advanced annotations section. -------------------------------------------------------------------------------- -*/ - -#define __success(expr) _Success_(expr) -#define __nullterminated _Null_terminated_ -#define __nullnullterminated -#define __reserved _SAL1_Source_(__reserved, (), _Reserved_) -#define __checkReturn _SAL1_Source_(__checkReturn, (), _Check_return_) -#define __typefix(ctype) _SAL1_Source_(__typefix, (ctype), __inner_typefix(ctype)) -#define __override __inner_override -#define __callback __inner_callback -#define __format_string _Printf_format_string_ -#define __blocksOn(resource) __inner_blocksOn(resource) -#define __control_entrypoint(category) __inner_control_entrypoint(category) -#define __data_entrypoint(category) __inner_data_entrypoint(category) -#define __useHeader _Use_decl_anno_impl_ -#define __on_failure(annotes) _On_failure_impl_(annotes _SAL_nop_impl_) - -#ifndef __fallthrough // [ - __inner_fallthrough_dec - #define __fallthrough __inner_fallthrough -#endif // ] - -#ifndef __analysis_assume // [ -#ifdef _PREFAST_ // [ -#define __analysis_assume(expr) __assume(expr) -#else // ][ -#define __analysis_assume(expr) -#endif // ] -#endif // ] - -#ifndef _Analysis_assume_ // [ -#ifdef _PREFAST_ // [ -#define _Analysis_assume_(expr) __assume(expr) -#else // ][ -#define _Analysis_assume_(expr) -#endif // ] -#endif // ] - -#define _Analysis_noreturn_ _SAL2_Source_(_Analysis_noreturn_, (), _SA_annotes0(SAL_terminates)) - -#ifdef _PREFAST_ // [ -__inline __nothrow -void __AnalysisAssumeNullterminated(_Post_ __nullterminated void *p); - -#define _Analysis_assume_nullterminated_(x) __AnalysisAssumeNullterminated(x) -#else // ][ -#define _Analysis_assume_nullterminated_(x) -#endif // ] - -// -// Set the analysis mode (global flags to analysis). -// They take effect at the point of declaration; use at global scope -// as a declaration. -// - -// Synthesize a unique symbol. -#define ___MKID(x, y) x ## y -#define __MKID(x, y) ___MKID(x, y) -#define __GENSYM(x) __MKID(x, __COUNTER__) - -__ANNOTATION(SAL_analysisMode(__AuToQuOtE __In_impl_ char *mode);) - -#define _Analysis_mode_impl_(mode) _SA_annotes1(SAL_analysisMode, #mode) - -#define _Analysis_mode_(mode) \ - typedef _Analysis_mode_impl_(mode) int \ - __GENSYM(__prefast_analysis_mode_flag); - -// The following are predefined: -// _Analysis_operator_new_throw_ (operator new throws) -// _Analysis_operator_new_null_ (operator new returns null) -// _Analysis_operator_new_never_fails_ (operator new never fails) -// - -// Function class annotations. -__ANNOTATION(SAL_functionClassNew(__In_impl_ char*);) -__PRIMOP(int, _In_function_class_(__In_impl_ char*);) -#define _In_function_class_(x) _In_function_class_(#x) - -#define _Function_class_(x) _SA_annotes1(SAL_functionClassNew, #x) - -/* - * interlocked operand used in interlocked instructions - */ -#define _Interlocked_operand_ _Pre_ _SA_annotes0(SAL_interlocked) - -#define _Enum_is_bitflag_ _SA_annotes0(SAL_enumIsBitflag) -#define _Strict_type_match_ _SA_annotes0(SAL_strictType2) - -#define _Maybe_raises_SEH_exception_ _Pre_ _SA_annotes1(SAL_inTry,__yes) -#define _Raises_SEH_exception_ _Group_(_Maybe_raises_SEH_exception_ _Analysis_noreturn_) - -#ifdef __cplusplus // [ -} -#endif // ] - -// Rotor doesn't need concurrency sal. -// #include <ConcurrencySal.h> - diff --git a/sdk/lib/rtl/CMakeLists.txt b/sdk/lib/rtl/CMakeLists.txt index f250931846a..eee2b97d530 100644 --- a/sdk/lib/rtl/CMakeLists.txt +++ b/sdk/lib/rtl/CMakeLists.txt @@ -5,6 +5,11 @@ add_definitions( -D_NTSYSTEM_ -D_NTDLLBUILD_) +if (GCC) + # Enable this again. CORE-17637 + add_compile_options(-Wunused-result) +endif() + list(APPEND SOURCE access.c acl.c

3 years, 3 months

[reactos] 23/26: [NDK][XDK] Remove _Must_inspect_result_ from RtlTimeFieldsToTime & RtlTimeToSecondsSince1970

by Jérôme Gardou

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=a28a34f108f4d171773d6… commit a28a34f108f4d171773d6b1fef0efebfd7a4920f Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Tue Jun 22 10:28:47 2021 +0200 Commit: Jérôme Gardou <zefklop(a)users.noreply.github.com> CommitDate: Mon Jun 28 10:20:57 2021 +0200 [NDK][XDK] Remove _Must_inspect_result_ from RtlTimeFieldsToTime & RtlTimeToSecondsSince1970 WDK doesn't have it and it causes more mess than anything. CORE-17637 --- sdk/include/ndk/rtlfuncs.h | 6 ++---- sdk/include/xdk/rtlfuncs.h | 4 +--- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/sdk/include/ndk/rtlfuncs.h b/sdk/include/ndk/rtlfuncs.h index c45bd9f35e8..a99ba39fa0e 100644 --- a/sdk/include/ndk/rtlfuncs.h +++ b/sdk/include/ndk/rtlfuncs.h @@ -4575,8 +4575,7 @@ NTAPI RtlSetTimeZoneInformation( _In_ PRTL_TIME_ZONE_INFORMATION TimeZoneInformation); -_Success_(return!=FALSE) -_Must_inspect_result_ +_Success_(return != FALSE) NTSYSAPI BOOLEAN NTAPI @@ -4585,8 +4584,7 @@ RtlTimeFieldsToTime( _Out_ PLARGE_INTEGER Time ); -_Success_(return != 0) -_Must_inspect_result_ +_Success_(return != FALSE) NTSYSAPI BOOLEAN NTAPI diff --git a/sdk/include/xdk/rtlfuncs.h b/sdk/include/xdk/rtlfuncs.h index cba07f72aa5..276cfaf6cf9 100644 --- a/sdk/include/xdk/rtlfuncs.h +++ b/sdk/include/xdk/rtlfuncs.h @@ -932,8 +932,7 @@ RtlSetDaclSecurityDescriptor( #define RtlStoreUlongPtr(Address,Value) RtlStoreUlong(Address,Value) #endif /* _WIN64 */ -_Success_(return!=FALSE) -_Must_inspect_result_ +_Success_(return != FALSE) NTSYSAPI BOOLEAN NTAPI @@ -1716,7 +1715,6 @@ RtlSecondsSince1980ToTime( _Out_ PLARGE_INTEGER Time); _Success_(return != 0) -_Must_inspect_result_ NTSYSAPI BOOLEAN NTAPI

3 years, 3 months

[reactos] 22/26: [DDK] Do not put _Must_inspect_result_ on function returning void & without _Out_ parameters

by Jérôme Gardou

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=28c5f7538adaea2e122d7… commit 28c5f7538adaea2e122d7f5d8bb9bf9046e8e8ea Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Fri Jun 18 10:02:50 2021 +0200 Commit: Jérôme Gardou <zefklop(a)users.noreply.github.com> CommitDate: Mon Jun 28 10:20:57 2021 +0200 [DDK] Do not put _Must_inspect_result_ on function returning void & without _Out_ parameters --- sdk/include/ddk/fltkernel.h | 1 - 1 file changed, 1 deletion(-) diff --git a/sdk/include/ddk/fltkernel.h b/sdk/include/ddk/fltkernel.h index 5e04d5ceae0..c12cb57fcba 100644 --- a/sdk/include/ddk/fltkernel.h +++ b/sdk/include/ddk/fltkernel.h @@ -1388,7 +1388,6 @@ FltDeviceIoControlFile( _In_ ULONG OutputBufferLength, _Out_opt_ PULONG LengthReturned); -_Must_inspect_result_ _When_(FlagOn(CallbackData->Iopb->IrpFlags, IRP_PAGING_IO), _IRQL_requires_max_(APC_LEVEL)) _When_(!FlagOn(CallbackData->Iopb->IrpFlags, IRP_PAGING_IO), _IRQL_requires_max_(PASSIVE_LEVEL)) VOID

3 years, 3 months

[reactos] 21/26: [NTOS:FSRTL] Check return status of FsRtl locking functions

by Jérôme Gardou

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=46af941c4cc8a922559b1… commit 46af941c4cc8a922559b1038813878793b26dc6e Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Fri Jun 18 10:01:59 2021 +0200 Commit: Jérôme Gardou <zefklop(a)users.noreply.github.com> CommitDate: Mon Jun 28 10:20:57 2021 +0200 [NTOS:FSRTL] Check return status of FsRtl locking functions CORE-17637 --- ntoskrnl/fsrtl/filelock.c | 42 +++++++++++++++++++++++++----------------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/ntoskrnl/fsrtl/filelock.c b/ntoskrnl/fsrtl/filelock.c index f92f9397c96..624d2dd7047 100644 --- a/ntoskrnl/fsrtl/filelock.c +++ b/ntoskrnl/fsrtl/filelock.c @@ -994,6 +994,7 @@ FsRtlFastUnlockSingle(IN PFILE_LOCK FileLock, InternalInfo->Generation++; while ((NextMatchingLockIrp = IoCsqRemoveNextIrp(&InternalInfo->Csq, &Find))) { + NTSTATUS Status; if (NextMatchingLockIrp->IoStatus.Information == InternalInfo->Generation) { // We've already looked at this one, meaning that we looped. @@ -1011,7 +1012,9 @@ FsRtlFastUnlockSingle(IN PFILE_LOCK FileLock, // because somebody else snatched part of the range in a new thread. DPRINT("Locking another IRP %p for %p %wZ\n", NextMatchingLockIrp, FileLock, &FileObject->FileName); - FsRtlProcessFileLock(InternalInfo->BelongsTo, NextMatchingLockIrp, NULL); + Status = FsRtlProcessFileLock(InternalInfo->BelongsTo, NextMatchingLockIrp, NULL); + if (!NT_SUCCESS(Status)) + return Status; } DPRINT("Success %wZ\n", &FileObject->FileName); @@ -1173,23 +1176,25 @@ FsRtlProcessFileLock(IN PFILE_LOCK FileLock, { /* A lock */ case IRP_MN_LOCK: - + { /* Call the private lock routine */ - FsRtlPrivateLock(FileLock, - IoStackLocation->FileObject, - &IoStackLocation-> - Parameters.LockControl.ByteOffset, - IoStackLocation->Parameters.LockControl.Length, - IoGetRequestorProcess(Irp), - IoStackLocation->Parameters.LockControl.Key, - IoStackLocation->Flags & SL_FAIL_IMMEDIATELY, - IoStackLocation->Flags & SL_EXCLUSIVE_LOCK, - &IoStatusBlock, - Irp, - Context, - FALSE); + BOOLEAN Result = FsRtlPrivateLock(FileLock, + IoStackLocation->FileObject, + &IoStackLocation->Parameters.LockControl.ByteOffset, + IoStackLocation->Parameters.LockControl.Length, + IoGetRequestorProcess(Irp), + IoStackLocation->Parameters.LockControl.Key, + IoStackLocation->Flags & SL_FAIL_IMMEDIATELY, + IoStackLocation->Flags & SL_EXCLUSIVE_LOCK, + &IoStatusBlock, + Irp, + Context, + FALSE); + /* FsRtlPrivateLock has _Must_inspect_result_. Just check this is consistent on debug builds */ + NT_ASSERT(Result == NT_SUCCESS(IoStatusBlock.Status)); + (void)Result; return IoStatusBlock.Status; - + } /* A single unlock */ case IRP_MN_UNLOCK_SINGLE: @@ -1299,7 +1304,10 @@ FsRtlUninitializeFileLock(IN PFILE_LOCK FileLock) } while ((Irp = IoCsqRemoveNextIrp(&InternalInfo->Csq, NULL)) != NULL) { - FsRtlProcessFileLock(FileLock, Irp, NULL); + NTSTATUS Status = FsRtlProcessFileLock(FileLock, Irp, NULL); + /* FsRtlProcessFileLock has _Must_inspect_result_ */ + NT_ASSERT(NT_SUCCESS(Status)); + (void)Status; } ExFreePoolWithTag(InternalInfo, TAG_FLOCK); FileLock->LockInformation = NULL;

3 years, 3 months

[reactos] 20/26: [WDF] Synchronize function attributes between declaration & definition

by Jérôme Gardou

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=e55eeb2d9c14cff0b8659… commit e55eeb2d9c14cff0b8659db2a4463f43d8343363 Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Fri Jun 18 09:58:04 2021 +0200 Commit: Jérôme Gardou <zefklop(a)users.noreply.github.com> CommitDate: Mon Jun 28 10:20:57 2021 +0200 [WDF] Synchronize function attributes between declaration & definition Addendum to 1f377076d783 --- sdk/lib/drivers/wdf/kmdf/src/core/fxchildlist.cpp | 1 - sdk/lib/drivers/wdf/shared/core/fxdevice.cpp | 2 ++ sdk/lib/drivers/wdf/shared/core/km/fxdriverkm.cpp | 1 + sdk/lib/drivers/wdf/shared/irphandlers/general/fxpkggeneral.cpp | 2 ++ sdk/lib/drivers/wdf/shared/irphandlers/pnp/fdopower.cpp | 3 +++ sdk/lib/drivers/wdf/shared/irphandlers/pnp/fxpkgfdo.cpp | 2 ++ sdk/lib/drivers/wdf/shared/targets/general/fxiotarget.cpp | 1 + sdk/lib/drivers/wdf/shared/targets/general/km/fxiotargetremotekm.cpp | 1 + 8 files changed, 12 insertions(+), 1 deletion(-) diff --git a/sdk/lib/drivers/wdf/kmdf/src/core/fxchildlist.cpp b/sdk/lib/drivers/wdf/kmdf/src/core/fxchildlist.cpp index e749b7c9a3f..8bbfcf803c2 100644 --- a/sdk/lib/drivers/wdf/kmdf/src/core/fxchildlist.cpp +++ b/sdk/lib/drivers/wdf/kmdf/src/core/fxchildlist.cpp @@ -412,7 +412,6 @@ exit: return ntStatus; } -_Must_inspect_result_ VOID FxChildList::Initialize( __in PWDF_CHILD_LIST_CONFIG Config diff --git a/sdk/lib/drivers/wdf/shared/core/fxdevice.cpp b/sdk/lib/drivers/wdf/shared/core/fxdevice.cpp index 6fb8723283f..4157f4c244b 100644 --- a/sdk/lib/drivers/wdf/shared/core/fxdevice.cpp +++ b/sdk/lib/drivers/wdf/shared/core/fxdevice.cpp @@ -1332,6 +1332,7 @@ FxDevice::_AcquireOptinRemoveLock( _Must_inspect_result_ NTSTATUS +STDCALL FxDevice::DispatchWithLock( __in MdDeviceObject DeviceObject, __in MdIrp Irp @@ -1546,6 +1547,7 @@ DispatchWorker( _Must_inspect_result_ NTSTATUS +STDCALL FxDevice::Dispatch( __in MdDeviceObject DeviceObject, __in MdIrp Irp diff --git a/sdk/lib/drivers/wdf/shared/core/km/fxdriverkm.cpp b/sdk/lib/drivers/wdf/shared/core/km/fxdriverkm.cpp index 9c80b0b1e7f..75deb8d3945 100644 --- a/sdk/lib/drivers/wdf/shared/core/km/fxdriverkm.cpp +++ b/sdk/lib/drivers/wdf/shared/core/km/fxdriverkm.cpp @@ -34,6 +34,7 @@ extern "C" { _Must_inspect_result_ NTSTATUS +STDCALL FxDriver::AddDevice( __in MdDriverObject DriverObject, __in MdDeviceObject PhysicalDeviceObject diff --git a/sdk/lib/drivers/wdf/shared/irphandlers/general/fxpkggeneral.cpp b/sdk/lib/drivers/wdf/shared/irphandlers/general/fxpkggeneral.cpp index 80e144aabfa..9c8cb352e21 100644 --- a/sdk/lib/drivers/wdf/shared/irphandlers/general/fxpkggeneral.cpp +++ b/sdk/lib/drivers/wdf/shared/irphandlers/general/fxpkggeneral.cpp @@ -1444,6 +1444,7 @@ Return Value: _Must_inspect_result_ NTSTATUS +STDCALL FxPkgGeneral::_CreateCompletionRoutine( __in MdDeviceObject DeviceObject, __in MdIrp OriginalIrp, @@ -1500,6 +1501,7 @@ Return Value: _Must_inspect_result_ NTSTATUS +STDCALL FxPkgGeneral::_CreateCompletionRoutine2( __in MdDeviceObject DeviceObject, __in MdIrp OriginalIrp, diff --git a/sdk/lib/drivers/wdf/shared/irphandlers/pnp/fdopower.cpp b/sdk/lib/drivers/wdf/shared/irphandlers/pnp/fdopower.cpp index 09b20e0e0ac..05bd8893095 100644 --- a/sdk/lib/drivers/wdf/shared/irphandlers/pnp/fdopower.cpp +++ b/sdk/lib/drivers/wdf/shared/irphandlers/pnp/fdopower.cpp @@ -154,6 +154,7 @@ Returns: _Must_inspect_result_ NTSTATUS +STDCALL FxPkgFdo::_SystemPowerS0Completion( __in MdDeviceObject DeviceObject, __in MdIrp OriginalIrp, @@ -205,6 +206,7 @@ FxPkgFdo::_SystemPowerS0Completion( _Must_inspect_result_ NTSTATUS +STDCALL FxPkgFdo::_SystemPowerSxCompletion( __in MdDeviceObject DeviceObject, __in MdIrp OriginalIrp, @@ -365,6 +367,7 @@ FxPkgFdo::RaiseDevicePower( _Must_inspect_result_ NTSTATUS +STDCALL FxPkgFdo::RaiseDevicePowerCompletion( __in MdDeviceObject DeviceObject, __in MdIrp OriginalIrp, diff --git a/sdk/lib/drivers/wdf/shared/irphandlers/pnp/fxpkgfdo.cpp b/sdk/lib/drivers/wdf/shared/irphandlers/pnp/fxpkgfdo.cpp index ec29a1a4dc9..fa8e598b43b 100644 --- a/sdk/lib/drivers/wdf/shared/irphandlers/pnp/fxpkgfdo.cpp +++ b/sdk/lib/drivers/wdf/shared/irphandlers/pnp/fxpkgfdo.cpp @@ -1434,6 +1434,7 @@ Return Value: _Must_inspect_result_ NTSTATUS +STDCALL FxPkgFdo::_PnpFilteredStartDeviceCompletionRoutine( __in MdDeviceObject DeviceObject, __inout MdIrp Irp, @@ -1457,6 +1458,7 @@ FxPkgFdo::_PnpFilteredStartDeviceCompletionRoutine( _Must_inspect_result_ NTSTATUS +STDCALL FxPkgFdo::_PnpStartDeviceCompletionRoutine( __in MdDeviceObject DeviceObject, __inout MdIrp Irp, diff --git a/sdk/lib/drivers/wdf/shared/targets/general/fxiotarget.cpp b/sdk/lib/drivers/wdf/shared/targets/general/fxiotarget.cpp index 12066b6891f..c374947142b 100644 --- a/sdk/lib/drivers/wdf/shared/targets/general/fxiotarget.cpp +++ b/sdk/lib/drivers/wdf/shared/targets/general/fxiotarget.cpp @@ -2402,6 +2402,7 @@ Return Value: _Must_inspect_result_ NTSTATUS +STDCALL FxIoTarget::_RequestCompletionRoutine( MdDeviceObject DeviceObject, MdIrp Irp, diff --git a/sdk/lib/drivers/wdf/shared/targets/general/km/fxiotargetremotekm.cpp b/sdk/lib/drivers/wdf/shared/targets/general/km/fxiotargetremotekm.cpp index 63f743c380a..90100bb5050 100644 --- a/sdk/lib/drivers/wdf/shared/targets/general/km/fxiotargetremotekm.cpp +++ b/sdk/lib/drivers/wdf/shared/targets/general/km/fxiotargetremotekm.cpp @@ -29,6 +29,7 @@ extern "C" { _Must_inspect_result_ NTSTATUS +STDCALL FxIoTargetRemote::_PlugPlayNotification( __in PVOID NotificationStructure, __inout_opt PVOID Context

3 years, 3 months

[reactos] 19/26: [NTOS:CONFIG] Do not ignore Rtl*String functions return value

by Jérôme Gardou

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=d924cb8271d478c16a76c… commit d924cb8271d478c16a76c3c746946d8d4cc6f0e2 Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Thu Jun 17 18:19:04 2021 +0200 Commit: Jérôme Gardou <zefklop(a)users.noreply.github.com> CommitDate: Mon Jun 28 10:20:57 2021 +0200 [NTOS:CONFIG] Do not ignore Rtl*String functions return value CORE-17637 --- ntoskrnl/config/i386/cmhardwr.c | 137 ++++++++++++++++++++++------------------ 1 file changed, 76 insertions(+), 61 deletions(-) diff --git a/ntoskrnl/config/i386/cmhardwr.c b/ntoskrnl/config/i386/cmhardwr.c index 4b7457d12ac..7bdd139ecbd 100644 --- a/ntoskrnl/config/i386/cmhardwr.c +++ b/ntoskrnl/config/i386/cmhardwr.c @@ -472,22 +472,27 @@ CmpInitializeMachineDependentConfiguration(IN PLOADER_PARAMETER_BLOCK LoaderBloc { /* Convert it to Unicode */ RtlInitAnsiString(&TempString, CpuString); - RtlAnsiStringToUnicodeString(&Data, &TempString, TRUE); - - /* Add it to the registry */ - RtlInitUnicodeString(&ValueName, L"ProcessorNameString"); - Status = NtSetValueKey(KeyHandle, - &ValueName, - 0, - REG_SZ, - Data.Buffer, - Data.Length + sizeof(UNICODE_NULL)); - - /* ROS: Save a copy for bugzilla reporting */ - RtlCreateUnicodeString(&KeRosProcessorName, Data.Buffer); + if (NT_SUCCESS(RtlAnsiStringToUnicodeString(&Data, &TempString, TRUE))) + { + /* Add it to the registry */ + RtlInitUnicodeString(&ValueName, L"ProcessorNameString"); + Status = NtSetValueKey(KeyHandle, + &ValueName, + 0, + REG_SZ, + Data.Buffer, + Data.Length + sizeof(UNICODE_NULL)); + + /* ROS: Save a copy for bugzilla reporting */ + if (!RtlCreateUnicodeString(&KeRosProcessorName, Data.Buffer)) + { + /* Do not fail for this */ + KeRosProcessorName.Length = 0; + } - /* Free the temporary buffer */ - RtlFreeUnicodeString(&Data); + /* Free the temporary buffer */ + RtlFreeUnicodeString(&Data); + } } /* Check if we had a Vendor ID */ @@ -495,19 +500,20 @@ CmpInitializeMachineDependentConfiguration(IN PLOADER_PARAMETER_BLOCK LoaderBloc { /* Convert it to Unicode */ RtlInitAnsiString(&TempString, Prcb->VendorString); - RtlAnsiStringToUnicodeString(&Data, &TempString, TRUE); - - /* Add it to the registry */ - RtlInitUnicodeString(&ValueName, L"VendorIdentifier"); - Status = NtSetValueKey(KeyHandle, - &ValueName, - 0, - REG_SZ, - Data.Buffer, - Data.Length + sizeof(UNICODE_NULL)); - - /* Free the temporary buffer */ - RtlFreeUnicodeString(&Data); + if (NT_SUCCESS(RtlAnsiStringToUnicodeString(&Data, &TempString, TRUE))) + { + /* Add it to the registry */ + RtlInitUnicodeString(&ValueName, L"VendorIdentifier"); + Status = NtSetValueKey(KeyHandle, + &ValueName, + 0, + REG_SZ, + Data.Buffer, + Data.Length + sizeof(UNICODE_NULL)); + + /* Free the temporary buffer */ + RtlFreeUnicodeString(&Data); + } } /* Check if we have features bits */ @@ -638,19 +644,20 @@ CmpInitializeMachineDependentConfiguration(IN PLOADER_PARAMETER_BLOCK LoaderBloc { /* Convert it to Unicode */ RtlInitAnsiString(&TempString, Buffer); - RtlAnsiStringToUnicodeString(&Data, &TempString, TRUE); - - /* Write the date into the registry */ - RtlInitUnicodeString(&ValueName, L"SystemBiosDate"); - Status = NtSetValueKey(SystemHandle, - &ValueName, - 0, - REG_SZ, - Data.Buffer, - Data.Length + sizeof(UNICODE_NULL)); + if (NT_SUCCESS(RtlAnsiStringToUnicodeString(&Data, &TempString, TRUE))) + { + /* Write the date into the registry */ + RtlInitUnicodeString(&ValueName, L"SystemBiosDate"); + Status = NtSetValueKey(SystemHandle, + &ValueName, + 0, + REG_SZ, + Data.Buffer, + Data.Length + sizeof(UNICODE_NULL)); - /* Free the string */ - RtlFreeUnicodeString(&Data); + /* Free the string */ + RtlFreeUnicodeString(&Data); + } if (BiosHandle) { @@ -672,7 +679,8 @@ CmpInitializeMachineDependentConfiguration(IN PLOADER_PARAMETER_BLOCK LoaderBloc Data.Length + sizeof(UNICODE_NULL)); /* ROS: Save a copy for bugzilla reporting */ - RtlCreateUnicodeString(&KeRosBiosDate, Data.Buffer); + if (!RtlCreateUnicodeString(&KeRosBiosDate, Data.Buffer)) + KeRosBiosDate.Length = 0; /* Free the string */ RtlFreeUnicodeString(&Data); @@ -692,7 +700,9 @@ CmpInitializeMachineDependentConfiguration(IN PLOADER_PARAMETER_BLOCK LoaderBloc { /* Convert to Unicode */ RtlInitAnsiString(&TempString, Buffer); - RtlAnsiStringToUnicodeString(&Data, &TempString, TRUE); + Status = RtlAnsiStringToUnicodeString(&Data, &TempString, TRUE); + if (!NT_SUCCESS(Status)) + break; /* Calculate the length of this string and copy it in */ Length = Data.Length + sizeof(UNICODE_NULL); @@ -732,7 +742,8 @@ CmpInitializeMachineDependentConfiguration(IN PLOADER_PARAMETER_BLOCK LoaderBloc TotalLength); /* ROS: Save a copy for bugzilla reporting */ - RtlCreateUnicodeString(&KeRosBiosVersion, (PWCH)BiosVersion); + if (!RtlCreateUnicodeString(&KeRosBiosVersion, (PWCH)BiosVersion)) + KeRosBiosVersion.Length = 0; } } @@ -763,22 +774,24 @@ CmpInitializeMachineDependentConfiguration(IN PLOADER_PARAMETER_BLOCK LoaderBloc { /* Convert it to Unicode */ RtlInitAnsiString(&TempString, Buffer); - RtlAnsiStringToUnicodeString(&Data, &TempString, TRUE); - - /* Write the date into the registry */ - RtlInitUnicodeString(&ValueName, L"VideoBiosDate"); - Status = NtSetValueKey(SystemHandle, - &ValueName, - 0, - REG_SZ, - Data.Buffer, - Data.Length + sizeof(UNICODE_NULL)); - - /* ROS: Save a copy for bugzilla reporting */ - RtlCreateUnicodeString(&KeRosVideoBiosDate, Data.Buffer); - - /* Free the string */ - RtlFreeUnicodeString(&Data); + if (NT_SUCCESS(RtlAnsiStringToUnicodeString(&Data, &TempString, TRUE))) + { + /* Write the date into the registry */ + RtlInitUnicodeString(&ValueName, L"VideoBiosDate"); + Status = NtSetValueKey(SystemHandle, + &ValueName, + 0, + REG_SZ, + Data.Buffer, + Data.Length + sizeof(UNICODE_NULL)); + + /* ROS: Save a copy for bugzilla reporting */ + if (!RtlCreateUnicodeString(&KeRosVideoBiosDate, Data.Buffer)) + KeRosVideoBiosDate.Length = 0; + + /* Free the string */ + RtlFreeUnicodeString(&Data); + } } /* Get the Video BIOS Version */ @@ -790,7 +803,8 @@ CmpInitializeMachineDependentConfiguration(IN PLOADER_PARAMETER_BLOCK LoaderBloc { /* Convert to Unicode */ RtlInitAnsiString(&TempString, Buffer); - RtlAnsiStringToUnicodeString(&Data, &TempString, TRUE); + if (!NT_SUCCESS(RtlAnsiStringToUnicodeString(&Data, &TempString, TRUE))) + break; /* Calculate the length of this string and copy it in */ Length = Data.Length + sizeof(UNICODE_NULL); @@ -830,7 +844,8 @@ CmpInitializeMachineDependentConfiguration(IN PLOADER_PARAMETER_BLOCK LoaderBloc TotalLength); /* ROS: Save a copy for bugzilla reporting */ - RtlCreateUnicodeString(&KeRosVideoBiosVersion, (PWCH)BiosVersion); + if (!RtlCreateUnicodeString(&KeRosVideoBiosVersion, (PWCH)BiosVersion)) + KeRosVideoBiosVersion.Length = 0; } }

3 years, 3 months

[reactos] 18/26: [NTOS:OB] Use RtlInitUnicodeString for constant string

by Jérôme Gardou

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=3ad38f29b5c8a3845ddad… commit 3ad38f29b5c8a3845ddad43de45e1271a1fea3fa Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Thu Jun 17 17:59:32 2021 +0200 Commit: Jérôme Gardou <zefklop(a)users.noreply.github.com> CommitDate: Mon Jun 28 10:20:57 2021 +0200 [NTOS:OB] Use RtlInitUnicodeString for constant string CORE-17637 --- ntoskrnl/ob/obname.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ntoskrnl/ob/obname.c b/ntoskrnl/ob/obname.c index e83000a3448..586561cd9b0 100644 --- a/ntoskrnl/ob/obname.c +++ b/ntoskrnl/ob/obname.c @@ -259,7 +259,7 @@ ObpCreateDosDevicesDirectory(VOID) * DosDevices directory \?? , for backward compatibility with * Windows NT-2000 systems. */ - RtlCreateUnicodeString(&LinkName, L"\\DosDevices"); + RtlInitUnicodeString(&LinkName, L"\\DosDevices"); RtlInitUnicodeString(&RootName, (PCWSTR)&ObpDosDevicesShortNameRoot); InitializeObjectAttributes(&ObjectAttributes, &LinkName,

3 years, 3 months

[reactos] 17/26: [NTOS:SE] Do not ignore SepAccessCheckAndAuditAlarmWorker return value

by Jérôme Gardou

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=81789965593b254827e0f… commit 81789965593b254827e0f8bf7f27a72510dd8c0c Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Thu Jun 17 17:55:14 2021 +0200 Commit: Jérôme Gardou <zefklop(a)users.noreply.github.com> CommitDate: Mon Jun 28 10:20:57 2021 +0200 [NTOS:SE] Do not ignore SepAccessCheckAndAuditAlarmWorker return value CORE-17637 --- ntoskrnl/se/audit.c | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/ntoskrnl/se/audit.c b/ntoskrnl/se/audit.c index 9cc7c51f9f3..03604d30259 100644 --- a/ntoskrnl/se/audit.c +++ b/ntoskrnl/se/audit.c @@ -622,23 +622,25 @@ SepAccessCheckAndAuditAlarm( } /* Call the worker routine with the captured buffers */ - SepAccessCheckAndAuditAlarmWorker(&CapturedSubsystemName, - HandleId, - &SubjectContext, - &CapturedObjectTypeName, - &CapturedObjectName, - CapturedSecurityDescriptor, - CapturedPrincipalSelfSid, - DesiredAccess, - AuditType, - HaveAuditPrivilege, - CapturedObjectTypeList, - ObjectTypeListLength, - &LocalGenericMapping, - SafeGrantedAccessList, - SafeAccessStatusList, - &LocalGenerateOnClose, - UseResultList); + Status = SepAccessCheckAndAuditAlarmWorker(&CapturedSubsystemName, + HandleId, + &SubjectContext, + &CapturedObjectTypeName, + &CapturedObjectName, + CapturedSecurityDescriptor, + CapturedPrincipalSelfSid, + DesiredAccess, + AuditType, + HaveAuditPrivilege, + CapturedObjectTypeList, + ObjectTypeListLength, + &LocalGenericMapping, + SafeGrantedAccessList, + SafeAccessStatusList, + &LocalGenerateOnClose, + UseResultList); + if (!NT_SUCCESS(Status)) + goto Cleanup; /* Enter SEH to copy the data back to user mode */ _SEH2_TRY

3 years, 3 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Ros-diffs June 2021