Windows Driver Kit (WDK)
A set of Microsoft tools that are used to develop, test, and deploy Windows drivers.
47 questions
SDV Deprecation Announcement
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 87%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPE%3C/text%3E%3C/svg%3E)
Paul Eze
0
Reputation points Microsoft Employee
Hello Windows driver developer community. I’m part of the Windows Driver Kit (WDK) team here at Microsoft. I wanted to give an update on our static analysis strategy for drivers. As most of you know, we’ve supported three different code analysis tools for Windows drivers over the years:
• Code Analysis for Drivers (CaD), AKA PREFast for Drivers. • Static Driver Verifier. • CodeQL for Drivers.
Over the years we’ve heard a lot about how useful these have been. Peter Viscarola at OSR wrote a great piece about CA a few years back that we still pass around: It Passes Code Analysis – OSR Going forward, we intend to focus on CodeQL as the primary static analysis tool for drivers. CodeQL provides a powerful query language that treats code as a database to be queried, making it simple to write queries for specific behaviors, patterns, and more across a codebase. The Introduction to QL and CodeQL for C and C++ pages on GitHub describe the language in more detail, while our Windows-Drivers-Developer-Supplemental-Tools GitHub repo provides instructions on how to get started running CodeQL on your drivers.
The core CodeQL engine is maintained by a dedicated team at GitHub, and it enables developers to write their own queries and provide direct feedback and PRs on existing ones. CodeQL also works on a broader set of driver projects than SDV or CA, and can run outside of an MSBuild context. We feel this is the right way to balance our resources and streamline the process for creating new queries going forward.
We’ve made the decision to retire SDV from ongoing support. As such, it is not available in WDKs newer than build 26017 and will be absent from the Windows 24H2 RTM WDK.
Code Analysis for Drivers is also on our roadmap to retire in the future; however, at present it is still available in the WDK, including in the upcoming 24H2 release.
CodeQL uses an entirely different technology than SDV and CA, and as such it cannot directly ingest existing SDV and CA rules; nor can it integrate with Visual Studio directly at this time. We have ported the CA rules that were previously required to pass the Static Tools Logo test on server to CodeQL, and plan to port more CA rules as well as SDV rules in the future. We also hope to improve Visual Studio integration and the user experience.
Many of you are also familiar with the Static Tools Logo (STL) test, and that in the past SDV and/or CA were required for server certification. Going forward, the only static analysis logs that STL will require are from CodeQL – both for server and client releases. These results still must be provided in the form of a DVL.
We recognize there is still a ways to go before CodeQL can provide the same queries and user experience as SDV. With that in mind, we have a few questions we’d appreciate feedback on:
- Given SDV and CA are no longer required for certification, do you intend to continue using these tools?
- What SDV rule(s) have proven the most helpful to you over the years? Which, if any, have had issues with false positives?
- What CA rule(s) have proven the most helpful to you over the years? Which, if any, have had issues with false positives?
- What IDE/dev environment integration(s) are the highest priority? Full Visual Studio? Visual Studio Code? The EWDK?
Please see below for some common questions and answers.
Can I still use SDV and CA?
SDV can still be used by downloading the Windows 11, version 22H2 EWDK (released October 24, 2023) with Visual Studio Buildtools 17.1.5 from Download the Windows Driver Kit (WDK) - Windows drivers | Microsoft Learn. We recommend only using Enterprise WDK to run SDV at this time. Using older versions of the standard WDK in conjunction with recent releases of VS is not recommended, as this will likely result in analysis failures.
SDV is not available in Windows 24H2 WDK or EWDK releases.
CA is available in the Windows 24H2 WDK and EWDK, but is planned to be retired at a future date.
I’m still certifying for downlevel OSes, like WS2019. What do I do?
You have a couple of options:
• WS2022 (and/or earlier OS versions, WS19, WS16) must be submitted using SDV/CA logs. • WS2025 (and earlier OS versions, WS22, WS19, WS16). Must submit CodeQL results for WS2025, and waiver granted for SDV/CA log requirements for down level OS.
I heavily rely on a rule that’s present in SDV or CA but not in CodeQL. What do I do?
Let us know! The more we hear that a given class of rules is helpful and necessary, the easier it is for us to prioritize developing CodeQL versions of them.
Additionally, as an open-source query language, you can try writing CodeQL queries for your specific needs. We accept pull requests into our CodeQL repo: microsoft/Windows-Driver-Developer-Supplemental-Tools: Supplemental open-source components for use in developing device drivers for Windows. (github.com)
Why does CodeQL require a separate download from VS and the WDK?
Licensing agreements with GitHub mandate that CodeQL is shipped separately.
Do I need a GitHub Enterprise plan to use CodeQL?
No. CodeQL licensing allows the use of CodeQL for driver certification without any paid GitHub plan.
I rely on suppressions to run CA rules without noise. Can I still use my existing suppressions when testing with CodeQL?
Yes. We’ve developed a CodeQL library to translate CA suppressions into CodeQL-style suppressions, and an associated query that will honor suppressions when run alongside other queries.