Driver Verification with CodeQL

Driver verification is a 3 step process in VS 2019:

  1. Static Driver Verification
  2. Code Analysis
  3. CodeQL Verification

CodeQl is giving me a problem.

Loading the DVL file to my test target and starting the verification process yields the following error:

"DVL test failed:
Microsoft.StaticToolsLogo.ObjectModel.DvlException: c:\dvl\CrestronBYODDriver.DVL.XML:
DVL file format incorrect (CrestronBYODDriver.x64.Semmle.Summary).
at Microsoft.StaticToolsLogo.ObjectModel.DvlChecker.CheckDvl()
at DevfundTests.DvlTest.DvlCheck()"

I generate my SARIF file using the following command:

codeql.cmd database analyze “C:\codeql-home\databases\CrestronBYOD” windows_driver_recommended.qls --format=sarifv2.1.0 --output=C:\codeql-home\databases\CrestronBYOD.sarif -j 0

Viewing the SARIF in Visual Studio shows a warning:

“The type of schema applied to the document is not supported”

I tried other schemas - sarifv1 & sarifv2. These schemas DO NOT show the above warning.

These schemas are converted to version 2.1.0 when I view them in Visual Studio.

The converted SARIF is detected by the DVL tool, however attempting to create the log yields the following error:

“Object reference not set to an instance of an object.”

I don’t know what else I can do.

Any suggestions would be greatly appreciated.

Hi, I’m on the team at Microsoft that owns CodeQL for drivers. Can you share which WDK or eWDK version you are using to generate the DVL?

WDK 10.0.19041.685

The functionality to generate a DVL that consumes CodeQL SARIF results is available from WDK preview versions 20190 and forward (https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/static-tools-and-codeql#driver-verification-log-dvl-consumption-of-sarif-output).

Do you have access to preview WDK versions? If yes, could you give that a try and let me know if you’re still seeing the same issue?

Thanks, will give it a try.

Thank you for taking the time to answer me.

The latest preview builds for both the SDK and WDK are 10.0.20303.1

After installing each, I started to get the following pop-up whenever I launched Visual Studio for my driver solution:

Driver Testing
Could not load test information. Error: Could not load file or assembly 'TaefTestParser, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. The system cannot find the file specified.

I was no longer able to compile my project. Any time I attempted to build it, I go the following build error:

Severity Code Description Project File Line Suppression State Priority
Error MSB4062 The “ValidateNTTargetVersion” task could not be loaded from the assembly
C:\Program Files (x86)\Windows Kits\10\build\bin\Microsoft.DriverKit.Build.Tasks.16.0.dll.
Could not load file or assembly 'Microsoft.DriverKit.Build.Tasks, Version=10.0.0.0,
Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies.
Strong name validation failed. (Exception from HRESULT: 0x8013141A) Confirm that the declaration is correct,
that the assembly and all its dependencies are available, and that the task contains a public class that implements
Microsoft.Build.Framework.ITask. C:\Users\Admin\Desktop\MyProjects\CrestronBYOD\Driver\CrestronBYODDriver.vcxproj
C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.common.targets 299 Normal

In order to restore my build environment, I needed to uninstall all SDK’s and WDK’s. Then followed by installing the 1.0.19041.685 versions of each.

The problem that I identified in my original post is still occurring.

Is there a preview version earlier than 10.0.20303.1 that I can try?

I think that the DVL file format error is related to the schema that I used to generate my SARIF file. Apparently, the WDK tools do not like the sarifv2.1.0 schema that I am using.

Which schema should I be using?

Thanks for sharing that update, I’m looking into the compiler issue right now and will update when I have a better answer.

For the SARIF schema issue, are you using Visual Studio or VS Code? Are you using the VS Code SARIF viewer? Just trying to better understand your set up.

I am using Visual Studio.

Under Tools > Open Static Analysis Results as SARIF

Thanks for clarifying. Would it be possible to send over the SARIF file to stlogohelp@microsoft.com so that we can investigate further?

Just emailed it to you.

The latest preview builds for both the SDK and WDK are 10.0.20303.1

Free advice from one who has been burnt more times than I care to recall: Never install a pre-release version of VS, the SDK, or the WDK on your “regular” dev system. This is something else that VMs are designed for. In the past, I have had really enormous difficulty is getting a “preview” build fully and completely uninstalled, to the point where I’ve had to re-install my entire machine to get back to a normal, working, production environment.

Peter

A little bit late, but I am encountering the same issue. This you find a fix for the problem?