1// Licensed to the .NET Foundation under one or more agreements.
2// The .NET Foundation licenses this file to you under the MIT license.
3// See the LICENSE file in the project root for more information.
4
5/***
6*sal.h - markers for documenting the semantics of APIs
7*
8
9*
10*Purpose:
11* sal.h provides a set of annotations to describe how a function uses its
12* parameters - the assumptions it makes about them, and the guarantees it makes
13* upon finishing.
14****/
15#pragma once
16
17/*==========================================================================
18
19 The comments in this file are intended to give basic understanding of
20 the usage of SAL, the Microsoft Source Code Annotation Language.
21 For more details, please see http://go.microsoft.com/fwlink/?LinkID=242134
22
23 The macros are defined in 3 layers, plus the structural set:
24
25 _In_/_Out_/_Ret_ Layer:
26 ----------------------
27 This layer provides the highest abstraction and its macros should be used
28 in most cases. These macros typically start with:
29 _In_ : input parameter to a function, unmodified by called function
30 _Out_ : output parameter, written to by called function, pointed-to
31 location not expected to be initialized prior to call
32 _Outptr_ : like _Out_ when returned variable is a pointer type
33 (so param is pointer-to-pointer type). Called function
34 provides/allocated space.
35 _Outref_ : like _Outptr_, except param is reference-to-pointer type.
36 _Inout_ : inout parameter, read from and potentially modified by
37 called function.
38 _Ret_ : for return values
39 _Field_ : class/struct field invariants
40 For common usage, this class of SAL provides the most concise annotations.
41 Note that _In_/_Out_/_Inout_/_Outptr_ annotations are designed to be used
42 with a parameter target. Using them with _At_ to specify non-parameter
43 targets may yield unexpected results.
44
45 This layer also includes a number of other properties that can be specified
46 to extend the ability of code analysis, most notably:
47 -- Designating parameters as format strings for printf/scanf/scanf_s
48 -- Requesting stricter type checking for C enum parameters
49
50 _Pre_/_Post_ Layer:
51 ------------------
52 The macros of this layer only should be used when there is no suitable macro
53 in the _In_/_Out_ layer. Its macros start with _Pre_ or _Post_.
54 This layer provides the most flexibility for annotations.
55
56 Implementation Abstraction Layer:
57 --------------------------------
58 Macros from this layer should never be used directly. The layer only exists
59 to hide the implementation of the annotation macros.
60
61 Structural Layer:
62 ----------------
63 These annotations, like _At_ and _When_, are used with annotations from
64 any of the other layers as modifiers, indicating exactly when and where
65 the annotations apply.
66
67
68 Common syntactic conventions:
69 ----------------------------
70
71 Usage:
72 -----
73 _In_, _Out_, _Inout_, _Pre_, _Post_, are for formal parameters.
74 _Ret_, _Deref_ret_ must be used for return values.
75
76 Nullness:
77 --------
78 If the parameter can be NULL as a precondition to the function, the
79 annotation contains _opt. If the macro does not contain '_opt' the
80 parameter cannot be NULL.
81
82 If an out/inout parameter returns a null pointer as a postcondition, this is
83 indicated by _Ret_maybenull_ or _result_maybenull_. If the macro is not
84 of this form, then the result will not be NULL as a postcondition.
85 _Outptr_ - output value is not NULL
86 _Outptr_result_maybenull_ - output value might be NULL
87
88 String Type:
89 -----------
90 _z: NullTerminated string
91 for _In_ parameters the buffer must have the specified stringtype before the call
92 for _Out_ parameters the buffer must have the specified stringtype after the call
93 for _Inout_ parameters both conditions apply
94
95 Extent Syntax:
96 -------------
97 Buffer sizes are expressed as element counts, unless the macro explicitly
98 contains _byte_ or _bytes_. Some annotations specify two buffer sizes, in
99 which case the second is used to indicate how much of the buffer is valid
100 as a postcondition. This table outlines the precondition buffer allocation
101 size, precondition number of valid elements, postcondition allocation size,
102 and postcondition number of valid elements for representative buffer size
103 annotations:
104 Pre | Pre | Post | Post
105 alloc | valid | alloc | valid
106 Annotation elems | elems | elems | elems
107 ---------- ------------------------------------
108 _In_reads_(s) s | s | s | s
109 _Inout_updates_(s) s | s | s | s
110 _Inout_updates_to_(s,c) s | s | s | c
111 _Out_writes_(s) s | 0 | s | s
112 _Out_writes_to_(s,c) s | 0 | s | c
113 _Outptr_result_buffer_(s) ? | ? | s | s
114 _Outptr_result_buffer_to_(s,c) ? | ? | s | c
115
116 For the _Outptr_ annotations, the buffer in question is at one level of
117 dereference. The called function is responsible for supplying the buffer.
118
119 Success and failure:
120 -------------------
121 The SAL concept of success allows functions to define expressions that can
122 be tested by the caller, which if it evaluates to non-zero, indicates the
123 function succeeded, which means that its postconditions are guaranteed to
124 hold. Otherwise, if the expression evaluates to zero, the function is
125 considered to have failed, and the postconditions are not guaranteed.
126
127 The success criteria can be specified with the _Success_(expr) annotation:
128 _Success_(return != FALSE) BOOL
129 PathCanonicalizeA(_Out_writes_(MAX_PATH) LPSTR pszBuf, LPCSTR pszPath) :
130 pszBuf is only guaranteed to be NULL-terminated when TRUE is returned,
131 and FALSE indiates failure. In common practice, callers check for zero
132 vs. non-zero returns, so it is preferable to express the success
133 criteria in terms of zero/non-zero, not checked for exactly TRUE.
134
135 Functions can specify that some postconditions will still hold, even when
136 the function fails, using _On_failure_(anno-list), or postconditions that
137 hold regardless of success or failure using _Always_(anno-list).
138
139 The annotation _Return_type_success_(expr) may be used with a typedef to
140 give a default _Success_ criteria to all functions returning that type.
141 This is the case for common Windows API status types, including
142 HRESULT and NTSTATUS. This may be overridden on a per-function basis by
143 specifying a _Success_ annotation locally.
144
145============================================================================*/
146
147#define __ATTR_SAL
148
149#ifndef _SAL_VERSION /*IFSTRIP=IGN*/
150#define _SAL_VERSION 20
151#endif
152
153#ifdef _PREFAST_ // [
154
155// choose attribute or __declspec implementation
156#ifndef _USE_DECLSPECS_FOR_SAL // [
157#define _USE_DECLSPECS_FOR_SAL 1
158#endif // ]
159
160#if _USE_DECLSPECS_FOR_SAL // [
161#undef _USE_ATTRIBUTES_FOR_SAL
162#define _USE_ATTRIBUTES_FOR_SAL 0
163#elif !defined(_USE_ATTRIBUTES_FOR_SAL) // ][
164#if _MSC_VER >= 1400 /*IFSTRIP=IGN*/ // [
165#define _USE_ATTRIBUTES_FOR_SAL 1
166#else // ][
167#define _USE_ATTRIBUTES_FOR_SAL 0
168#endif // ]
169#endif // ]
170
171
172#if !_USE_DECLSPECS_FOR_SAL // [
173#if !_USE_ATTRIBUTES_FOR_SAL // [
174#if _MSC_VER >= 1400 /*IFSTRIP=IGN*/ // [
175#undef _USE_ATTRIBUTES_FOR_SAL
176#define _USE_ATTRIBUTES_FOR_SAL 1
177#else // ][
178#undef _USE_DECLSPECS_FOR_SAL
179#define _USE_DECLSPECS_FOR_SAL 1
180#endif // ]
181#endif // ]
182#endif // ]
183
184#else
185
186// Disable expansion of SAL macros in non-Prefast mode to
187// improve compiler throughput.
188#ifndef _USE_DECLSPECS_FOR_SAL // [
189#define _USE_DECLSPECS_FOR_SAL 0
190#endif // ]
191#ifndef _USE_ATTRIBUTES_FOR_SAL // [
192#define _USE_ATTRIBUTES_FOR_SAL 0
193#endif // ]
194
195#endif // ]
196
197// safeguard for MIDL and RC builds
198#if _USE_DECLSPECS_FOR_SAL && ( defined( MIDL_PASS ) || defined(__midl) || defined(RC_INVOKED) || !defined(_PREFAST_) ) /*IFSTRIP=IGN*/ // [
199#undef _USE_DECLSPECS_FOR_SAL
200#define _USE_DECLSPECS_FOR_SAL 0
201#endif // ]
202#if _USE_ATTRIBUTES_FOR_SAL && ( !defined(_MSC_EXTENSIONS) || defined( MIDL_PASS ) || defined(__midl) || defined(RC_INVOKED) ) /*IFSTRIP=IGN*/ // [
203#undef _USE_ATTRIBUTES_FOR_SAL
204#define _USE_ATTRIBUTES_FOR_SAL 0
205#endif // ]
206
207#if _USE_DECLSPECS_FOR_SAL || _USE_ATTRIBUTES_FOR_SAL
208
209// Special enum type for Y/N/M
210enum __SAL_YesNo {_SAL_notpresent, _SAL_no, _SAL_maybe, _SAL_yes, _SAL_default};
211
212#endif
213
214#if defined(BUILD_WINDOWS) && !_USE_ATTRIBUTES_FOR_SAL /*IFSTRIP=IGN*/
215#define _SAL1_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "1") _GrouP_(annotes _SAL_nop_impl_)
216#define _SAL1_1_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "1.1") _GrouP_(annotes _SAL_nop_impl_)
217#define _SAL1_2_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "1.2") _GrouP_(annotes _SAL_nop_impl_)
218#define _SAL2_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "2") _GrouP_(annotes _SAL_nop_impl_)
219#else
220#define _SAL1_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "1") _Group_(annotes _SAL_nop_impl_)
221#define _SAL1_1_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "1.1") _Group_(annotes _SAL_nop_impl_)
222#define _SAL1_2_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "1.2") _Group_(annotes _SAL_nop_impl_)
223#define _SAL2_Source_(Name, args, annotes) _SA_annotes3(SAL_name, #Name, "", "2") _Group_(annotes _SAL_nop_impl_)
224#endif
225
226//============================================================================
227// Structural SAL:
228// These annotations modify the use of other annotations. They may
229// express the annotation target (i.e. what parameter/field the annotation
230// applies to) or the condition under which the annotation is applicable.
231//============================================================================
232
233// _At_(target, annos) specifies that the annotations listed in 'annos' is to
234// be applied to 'target' rather than to the identifier which is the current
235// lexical target.
236#define _At_(target, annos) _At_impl_(target, annos _SAL_nop_impl_)
237
238// _At_buffer_(target, iter, bound, annos) is similar to _At_, except that
239// target names a buffer, and each annotation in annos is applied to each
240// element of target up to bound, with the variable named in iter usable
241// by the annotations to refer to relevant offsets within target.
242#define _At_buffer_(target, iter, bound, annos) _At_buffer_impl_(target, iter, bound, annos _SAL_nop_impl_)
243
244// _When_(expr, annos) specifies that the annotations listed in 'annos' only
245// apply when 'expr' evaluates to non-zero.
246#define _When_(expr, annos) _When_impl_(expr, annos _SAL_nop_impl_)
247#define _Group_(annos) _Group_impl_(annos _SAL_nop_impl_)
248#define _GrouP_(annos) _GrouP_impl_(annos _SAL_nop_impl_)
249
250// <expr> indicates whether normal post conditions apply to a function
251#define _Success_(expr) _SAL2_Source_(_Success_, (expr), _Success_impl_(expr))
252
253// <expr> indicates whether post conditions apply to a function returning
254// the type that this annotation is applied to
255#define _Return_type_success_(expr) _SAL2_Source_(_Return_type_success_, (expr), _Success_impl_(expr))
256
257// Establish postconditions that apply only if the function does not succeed
258#define _On_failure_(annos) _On_failure_impl_(annos _SAL_nop_impl_)
259
260// Establish postconditions that apply in both success and failure cases.
261// Only applicable with functions that have _Success_ or _Return_type_succss_.
262#define _Always_(annos) _Always_impl_(annos _SAL_nop_impl_)
263
264// Usable on a function defintion. Asserts that a function declaration is
265// in scope, and its annotations are to be used. There are no other annotations
266// allowed on the function definition.
267#define _Use_decl_annotations_ _Use_decl_anno_impl_
268
269// _Notref_ may precede a _Deref_ or "real" annotation, and removes one
270// level of dereference if the parameter is a C++ reference (&). If the
271// net deref on a "real" annotation is negative, it is simply discarded.
272#define _Notref_ _Notref_impl_
273
274// Annotations for defensive programming styles.
275#define _Pre_defensive_ _SA_annotes0(SAL_pre_defensive)
276#define _Post_defensive_ _SA_annotes0(SAL_post_defensive)
277
278#define _In_defensive_(annotes) _Pre_defensive_ _Group_(annotes)
279#define _Out_defensive_(annotes) _Post_defensive_ _Group_(annotes)
280#define _Inout_defensive_(annotes) _Pre_defensive_ _Post_defensive_ _Group_(annotes)
281
282//============================================================================
283// _In_\_Out_ Layer:
284//============================================================================
285
286// Reserved pointer parameters, must always be NULL.
287#define _Reserved_ _SAL2_Source_(_Reserved_, (), _Pre1_impl_(__null_impl))
288
289// _Const_ allows specification that any namable memory location is considered
290// readonly for a given call.
291#define _Const_ _SAL2_Source_(_Const_, (), _Pre1_impl_(__readaccess_impl_notref))
292
293
294// Input parameters --------------------------
295
296// _In_ - Annotations for parameters where data is passed into the function, but not modified.
297// _In_ by itself can be used with non-pointer types (although it is redundant).
298
299// e.g. void SetPoint( _In_ const POINT* pPT );
300#define _In_ _SAL2_Source_(_In_, (), _Pre1_impl_(__notnull_impl_notref) _Pre_valid_impl_ _Deref_pre1_impl_(__readaccess_impl_notref))
301#define _In_opt_ _SAL2_Source_(_In_opt_, (), _Pre1_impl_(__maybenull_impl_notref) _Pre_valid_impl_ _Deref_pre_readonly_)
302
303// nullterminated 'in' parameters.
304// e.g. void CopyStr( _In_z_ const char* szFrom, _Out_z_cap_(cchTo) char* szTo, size_t cchTo );
305#define _In_z_ _SAL2_Source_(_In_z_, (), _In_ _Pre1_impl_(__zterm_impl))
306#define _In_opt_z_ _SAL2_Source_(_In_opt_z_, (), _In_opt_ _Pre1_impl_(__zterm_impl))
307
308
309// 'input' buffers with given size
310
311#define _In_reads_(size) _SAL2_Source_(_In_reads_, (size), _Pre_count_(size) _Deref_pre_readonly_)
312#define _In_reads_opt_(size) _SAL2_Source_(_In_reads_opt_, (size), _Pre_opt_count_(size) _Deref_pre_readonly_)
313#define _In_reads_bytes_(size) _SAL2_Source_(_In_reads_bytes_, (size), _Pre_bytecount_(size) _Deref_pre_readonly_)
314#define _In_reads_bytes_opt_(size) _SAL2_Source_(_In_reads_bytes_opt_, (size), _Pre_opt_bytecount_(size) _Deref_pre_readonly_)
315#define _In_reads_z_(size) _SAL2_Source_(_In_reads_z_, (size), _In_reads_(size) _Pre_z_)
316#define _In_reads_opt_z_(size) _SAL2_Source_(_In_reads_opt_z_, (size), _Pre_opt_count_(size) _Deref_pre_readonly_ _Pre_opt_z_)
317#define _In_reads_or_z_(size) _SAL2_Source_(_In_reads_or_z_, (size), _In_ _When_(_String_length_(_Curr_) < (size), _Pre_z_) _When_(_String_length_(_Curr_) >= (size), _Pre1_impl_(__count_impl(size))))
318#define _In_reads_or_z_opt_(size) _SAL2_Source_(_In_reads_or_z_opt_, (size), _In_opt_ _When_(_String_length_(_Curr_) < (size), _Pre_z_) _When_(_String_length_(_Curr_) >= (size), _Pre1_impl_(__count_impl(size))))
319
320
321// 'input' buffers valid to the given end pointer
322
323#define _In_reads_to_ptr_(ptr) _SAL2_Source_(_In_reads_to_ptr_, (ptr), _Pre_ptrdiff_count_(ptr) _Deref_pre_readonly_)
324#define _In_reads_to_ptr_opt_(ptr) _SAL2_Source_(_In_reads_to_ptr_opt_, (ptr), _Pre_opt_ptrdiff_count_(ptr) _Deref_pre_readonly_)
325#define _In_reads_to_ptr_z_(ptr) _SAL2_Source_(_In_reads_to_ptr_z_, (ptr), _In_reads_to_ptr_(ptr) _Pre_z_)
326#define _In_reads_to_ptr_opt_z_(ptr) _SAL2_Source_(_In_reads_to_ptr_opt_z_, (ptr), _Pre_opt_ptrdiff_count_(ptr) _Deref_pre_readonly_ _Pre_opt_z_)
327
328
329
330// Output parameters --------------------------
331
332// _Out_ - Annotations for pointer or reference parameters where data passed back to the caller.
333// These are mostly used where the pointer/reference is to a non-pointer type.
334// _Outptr_/_Outref) (see below) are typically used to return pointers via parameters.
335
336// e.g. void GetPoint( _Out_ POINT* pPT );
337#define _Out_ _SAL2_Source_(_Out_, (), _Out_impl_)
338#define _Out_opt_ _SAL2_Source_(_Out_opt_, (), _Out_opt_impl_)
339
340#define _Out_writes_(size) _SAL2_Source_(_Out_writes_, (size), _Pre_cap_(size) _Post_valid_impl_)
341#define _Out_writes_opt_(size) _SAL2_Source_(_Out_writes_opt_, (size), _Pre_opt_cap_(size) _Post_valid_impl_)
342#define _Out_writes_bytes_(size) _SAL2_Source_(_Out_writes_bytes_, (size), _Pre_bytecap_(size) _Post_valid_impl_)
343#define _Out_writes_bytes_opt_(size) _SAL2_Source_(_Out_writes_bytes_opt_, (size), _Pre_opt_bytecap_(size) _Post_valid_impl_)
344#define _Out_writes_z_(size) _SAL2_Source_(_Out_writes_z_, (size), _Pre_cap_(size) _Post_valid_impl_ _Post_z_)
345#define _Out_writes_opt_z_(size) _SAL2_Source_(_Out_writes_opt_z_, (size), _Pre_opt_cap_(size) _Post_valid_impl_ _Post_z_)
346
347#define _Out_writes_to_(size,count) _SAL2_Source_(_Out_writes_to_, (size,count), _Pre_cap_(size) _Post_valid_impl_ _Post_count_(count))
348#define _Out_writes_to_opt_(size,count) _SAL2_Source_(_Out_writes_to_opt_, (size,count), _Pre_opt_cap_(size) _Post_valid_impl_ _Post_count_(count))
349#define _Out_writes_all_(size) _SAL2_Source_(_Out_writes_all_, (size), _Out_writes_to_(_Old_(size), _Old_(size)))
350#define _Out_writes_all_opt_(size) _SAL2_Source_(_Out_writes_all_opt_, (size), _Out_writes_to_opt_(_Old_(size), _Old_(size)))
351
352#define _Out_writes_bytes_to_(size,count) _SAL2_Source_(_Out_writes_bytes_to_, (size,count), _Pre_bytecap_(size) _Post_valid_impl_ _Post_bytecount_(count))
353#define _Out_writes_bytes_to_opt_(size,count) _SAL2_Source_(_Out_writes_bytes_to_opt_, (size,count), _Pre_opt_bytecap_(size) _Post_valid_impl_ _Post_bytecount_(count))
354#define _Out_writes_bytes_all_(size) _SAL2_Source_(_Out_writes_bytes_all_, (size), _Out_writes_bytes_to_(_Old_(size), _Old_(size)))
355#define _Out_writes_bytes_all_opt_(size) _SAL2_Source_(_Out_writes_bytes_all_opt_, (size), _Out_writes_bytes_to_opt_(_Old_(size), _Old_(size)))
356
357#define _Out_writes_to_ptr_(ptr) _SAL2_Source_(_Out_writes_to_ptr_, (ptr), _Pre_ptrdiff_cap_(ptr) _Post_valid_impl_)
358#define _Out_writes_to_ptr_opt_(ptr) _SAL2_Source_(_Out_writes_to_ptr_opt_, (ptr), _Pre_opt_ptrdiff_cap_(ptr) _Post_valid_impl_)
359#define _Out_writes_to_ptr_z_(ptr) _SAL2_Source_(_Out_writes_to_ptr_z_, (ptr), _Pre_ptrdiff_cap_(ptr) _Post_valid_impl_ Post_z_)
360#define _Out_writes_to_ptr_opt_z_(ptr) _SAL2_Source_(_Out_writes_to_ptr_opt_z_, (ptr), _Pre_opt_ptrdiff_cap_(ptr) _Post_valid_impl_ Post_z_)
361
362
363// Inout parameters ----------------------------
364
365// _Inout_ - Annotations for pointer or reference parameters where data is passed in and
366// potentially modified.
367// void ModifyPoint( _Inout_ POINT* pPT );
368// void ModifyPointByRef( _Inout_ POINT& pPT );
369
370#define _Inout_ _SAL2_Source_(_Inout_, (), _Prepost_valid_)
371#define _Inout_opt_ _SAL2_Source_(_Inout_opt_, (), _Prepost_opt_valid_)
372
373// For modifying string buffers
374// void toupper( _Inout_z_ char* sz );
375#define _Inout_z_ _SAL2_Source_(_Inout_z_, (), _Prepost_z_)
376#define _Inout_opt_z_ _SAL2_Source_(_Inout_opt_z_, (), _Prepost_opt_z_)
377
378// For modifying buffers with explicit element size
379#define _Inout_updates_(size) _SAL2_Source_(_Inout_updates_, (size), _Pre_cap_(size) _Pre_valid_impl_ _Post_valid_impl_)
380#define _Inout_updates_opt_(size) _SAL2_Source_(_Inout_updates_opt_, (size), _Pre_opt_cap_(size) _Pre_valid_impl_ _Post_valid_impl_)
381#define _Inout_updates_z_(size) _SAL2_Source_(_Inout_updates_z_, (size), _Pre_cap_(size) _Pre_valid_impl_ _Post_valid_impl_ _Pre1_impl_(__zterm_impl) _Post1_impl_(__zterm_impl))
382#define _Inout_updates_opt_z_(size) _SAL2_Source_(_Inout_updates_opt_z_, (size), _Pre_opt_cap_(size) _Pre_valid_impl_ _Post_valid_impl_ _Pre1_impl_(__zterm_impl) _Post1_impl_(__zterm_impl))
383
384#define _Inout_updates_to_(size,count) _SAL2_Source_(_Inout_updates_to_, (size,count), _Out_writes_to_(size,count) _Pre_valid_impl_ _Pre1_impl_(__count_impl(count)))
385#define _Inout_updates_to_opt_(size,count) _SAL2_Source_(_Inout_updates_to_opt_, (size,count), _Out_writes_to_opt_(size,count) _Pre_valid_impl_ _Pre1_impl_(__count_impl(count)))
386
387#define _Inout_updates_all_(size) _SAL2_Source_(_Inout_updates_all_, (size), _Inout_updates_to_(_Old_(size), _Old_(size)))
388#define _Inout_updates_all_opt_(size) _SAL2_Source_(_Inout_updates_all_opt_, (size), _Inout_updates_to_opt_(_Old_(size), _Old_(size)))
389
390// For modifying buffers with explicit byte size
391#define _Inout_updates_bytes_(size) _SAL2_Source_(_Inout_updates_bytes_, (size), _Pre_bytecap_(size) _Pre_valid_impl_ _Post_valid_impl_)
392#define _Inout_updates_bytes_opt_(size) _SAL2_Source_(_Inout_updates_bytes_opt_, (size), _Pre_opt_bytecap_(size) _Pre_valid_impl_ _Post_valid_impl_)
393
394#define _Inout_updates_bytes_to_(size,count) _SAL2_Source_(_Inout_updates_bytes_to_, (size,count), _Out_writes_bytes_to_(size,count) _Pre_valid_impl_ _Pre1_impl_(__bytecount_impl(count)))
395#define _Inout_updates_bytes_to_opt_(size,count) _SAL2_Source_(_Inout_updates_bytes_to_opt_, (size,count), _Out_writes_bytes_to_opt_(size,count) _Pre_valid_impl_ _Pre1_impl_(__bytecount_impl(count)))
396
397#define _Inout_updates_bytes_all_(size) _SAL2_Source_(_Inout_updates_bytes_all_, (size), _Inout_updates_bytes_to_(_Old_(size), _Old_(size)))
398#define _Inout_updates_bytes_all_opt_(size) _SAL2_Source_(_Inout_updates_bytes_all_opt_, (size), _Inout_updates_bytes_to_opt_(_Old_(size), _Old_(size)))
399
400
401// Pointer to pointer parameters -------------------------
402
403// _Outptr_ - Annotations for output params returning pointers
404// These describe parameters where the called function provides the buffer:
405// HRESULT SHStrDupW(_In_ LPCWSTR psz, _Outptr_ LPWSTR *ppwsz);
406// The caller passes the address of an LPWSTR variable as ppwsz, and SHStrDupW allocates
407// and initializes memory and returns the pointer to the new LPWSTR in *ppwsz.
408//
409// _Outptr_opt_ - describes parameters that are allowed to be NULL.
410// _Outptr_*_result_maybenull_ - describes parameters where the called function might return NULL to the caller.
411//
412// Example:
413// void MyFunc(_Outptr_opt_ int **ppData1, _Outptr_result_maybenull_ int **ppData2);
414// Callers:
415// MyFunc(NULL, NULL); // error: parameter 2, ppData2, should not be NULL
416// MyFunc(&pData1, &pData2); // ok: both non-NULL
417// if (*pData1 == *pData2) ... // error: pData2 might be NULL after call
418
419#define _Outptr_ _SAL2_Source_(_Outptr_, (), _Out_impl_ _Deref_post2_impl_(__notnull_impl_notref, __count_impl(1)))
420#define _Outptr_result_maybenull_ _SAL2_Source_(_Outptr_result_maybenull_, (), _Out_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __count_impl(1)))
421#define _Outptr_opt_ _SAL2_Source_(_Outptr_opt_, (), _Out_opt_impl_ _Deref_post2_impl_(__notnull_impl_notref, __count_impl(1)))
422#define _Outptr_opt_result_maybenull_ _SAL2_Source_(_Outptr_opt_result_maybenull_, (), _Out_opt_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __count_impl(1)))
423
424// Annotations for _Outptr_ parameters returning pointers to null terminated strings.
425
426#define _Outptr_result_z_ _SAL2_Source_(_Outptr_result_z_, (), _Out_impl_ _Deref_post_z_)
427#define _Outptr_opt_result_z_ _SAL2_Source_(_Outptr_opt_result_z_, (), _Out_opt_impl_ _Deref_post_z_)
428#define _Outptr_result_maybenull_z_ _SAL2_Source_(_Outptr_result_maybenull_z_, (), _Out_impl_ _Deref_post_opt_z_)
429#define _Outptr_opt_result_maybenull_z_ _SAL2_Source_(_Outptr_opt_result_maybenull_z_, (), _Out_opt_impl_ _Deref_post_opt_z_)
430
431// Annotations for _Outptr_ parameters where the output pointer is set to NULL if the function fails.
432
433#define _Outptr_result_nullonfailure_ _SAL2_Source_(_Outptr_result_nullonfailure_, (), _Outptr_ _On_failure_(_Deref_post_null_))
434#define _Outptr_opt_result_nullonfailure_ _SAL2_Source_(_Outptr_opt_result_nullonfailure_, (), _Outptr_opt_ _On_failure_(_Deref_post_null_))
435
436// Annotations for _Outptr_ parameters which return a pointer to a ref-counted COM object,
437// following the COM convention of setting the output to NULL on failure.
438// The current implementation is identical to _Outptr_result_nullonfailure_.
439// For pointers to types that are not COM objects, _Outptr_result_nullonfailure_ is preferred.
440
441#define _COM_Outptr_ _SAL2_Source_(_COM_Outptr_, (), _Outptr_ _On_failure_(_Deref_post_null_))
442#define _COM_Outptr_result_maybenull_ _SAL2_Source_(_COM_Outptr_result_maybenull_, (), _Outptr_result_maybenull_ _On_failure_(_Deref_post_null_))
443#define _COM_Outptr_opt_ _SAL2_Source_(_COM_Outptr_opt_, (), _Outptr_opt_ _On_failure_(_Deref_post_null_))
444#define _COM_Outptr_opt_result_maybenull_ _SAL2_Source_(_COM_Outptr_opt_result_maybenull_, (), _Outptr_opt_result_maybenull_ _On_failure_(_Deref_post_null_))
445
446// Annotations for _Outptr_ parameters returning a pointer to buffer with a specified number of elements/bytes
447
448#define _Outptr_result_buffer_(size) _SAL2_Source_(_Outptr_result_buffer_, (size), _Out_impl_ _Deref_post2_impl_(__notnull_impl_notref, __cap_impl(size)))
449#define _Outptr_opt_result_buffer_(size) _SAL2_Source_(_Outptr_opt_result_buffer_, (size), _Out_opt_impl_ _Deref_post2_impl_(__notnull_impl_notref, __cap_impl(size)))
450#define _Outptr_result_buffer_to_(size, count) _SAL2_Source_(_Outptr_result_buffer_to_, (size, count), _Out_impl_ _Deref_post3_impl_(__notnull_impl_notref, __cap_impl(size), __count_impl(count)))
451#define _Outptr_opt_result_buffer_to_(size, count) _SAL2_Source_(_Outptr_opt_result_buffer_to_, (size, count), _Out_opt_impl_ _Deref_post3_impl_(__notnull_impl_notref, __cap_impl(size), __count_impl(count)))
452
453#define _Outptr_result_buffer_all_(size) _SAL2_Source_(_Outptr_result_buffer_all_, (size), _Out_impl_ _Deref_post2_impl_(__notnull_impl_notref, __count_impl(size)))
454#define _Outptr_opt_result_buffer_all_(size) _SAL2_Source_(_Outptr_opt_result_buffer_all_, (size), _Out_opt_impl_ _Deref_post2_impl_(__notnull_impl_notref, __count_impl(size)))
455
456#define _Outptr_result_buffer_maybenull_(size) _SAL2_Source_(_Outptr_result_buffer_maybenull_, (size), _Out_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __cap_impl(size)))
457#define _Outptr_opt_result_buffer_maybenull_(size) _SAL2_Source_(_Outptr_opt_result_buffer_maybenull_, (size), _Out_opt_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __cap_impl(size)))
458#define _Outptr_result_buffer_to_maybenull_(size, count) _SAL2_Source_(_Outptr_result_buffer_to_maybenull_, (size, count), _Out_impl_ _Deref_post3_impl_(__maybenull_impl_notref, __cap_impl(size), __count_impl(count)))
459#define _Outptr_opt_result_buffer_to_maybenull_(size, count) _SAL2_Source_(_Outptr_opt_result_buffer_to_maybenull_, (size, count), _Out_opt_impl_ _Deref_post3_impl_(__maybenull_impl_notref, __cap_impl(size), __count_impl(count)))
460
461#define _Outptr_result_buffer_all_maybenull_(size) _SAL2_Source_(_Outptr_result_buffer_all_maybenull_, (size), _Out_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __count_impl(size)))
462#define _Outptr_opt_result_buffer_all_maybenull_(size) _SAL2_Source_(_Outptr_opt_result_buffer_all_maybenull_, (size), _Out_opt_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __count_impl(size)))
463
464#define _Outptr_result_bytebuffer_(size) _SAL2_Source_(_Outptr_result_bytebuffer_, (size), _Out_impl_ _Deref_post2_impl_(__notnull_impl_notref, __bytecap_impl(size)))
465#define _Outptr_opt_result_bytebuffer_(size) _SAL2_Source_(_Outptr_opt_result_bytebuffer_, (size), _Out_opt_impl_ _Deref_post2_impl_(__notnull_impl_notref, __bytecap_impl(size)))
466#define _Outptr_result_bytebuffer_to_(size, count) _SAL2_Source_(_Outptr_result_bytebuffer_to_, (size, count), _Out_impl_ _Deref_post3_impl_(__notnull_impl_notref, __bytecap_impl(size), __bytecount_impl(count)))
467#define _Outptr_opt_result_bytebuffer_to_(size, count) _SAL2_Source_(_Outptr_opt_result_bytebuffer_to_, (size, count), _Out_opt_impl_ _Deref_post3_impl_(__notnull_impl_notref, __bytecap_impl(size), __bytecount_impl(count)))
468
469#define _Outptr_result_bytebuffer_all_(size) _SAL2_Source_(_Outptr_result_bytebuffer_all_, (size), _Out_impl_ _Deref_post2_impl_(__notnull_impl_notref, __bytecount_impl(size)))
470#define _Outptr_opt_result_bytebuffer_all_(size) _SAL2_Source_(_Outptr_opt_result_bytebuffer_all_, (size), _Out_opt_impl_ _Deref_post2_impl_(__notnull_impl_notref, __bytecount_impl(size)))
471
472#define _Outptr_result_bytebuffer_maybenull_(size) _SAL2_Source_(_Outptr_result_bytebuffer_maybenull_, (size), _Out_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __bytecap_impl(size)))
473#define _Outptr_opt_result_bytebuffer_maybenull_(size) _SAL2_Source_(_Outptr_opt_result_bytebuffer_maybenull_, (size), _Out_opt_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __bytecap_impl(size)))
474#define _Outptr_result_bytebuffer_to_maybenull_(size, count) _SAL2_Source_(_Outptr_result_bytebuffer_to_maybenull_, (size, count), _Out_impl_ _Deref_post3_impl_(__maybenull_impl_notref, __bytecap_impl(size), __bytecount_impl(count)))
475#define _Outptr_opt_result_bytebuffer_to_maybenull_(size, count) _SAL2_Source_(_Outptr_opt_result_bytebuffer_to_maybenull_, (size, count), _Out_opt_impl_ _Deref_post3_impl_(__maybenull_impl_notref, __bytecap_impl(size), __bytecount_impl(count)))
476
477#define _Outptr_result_bytebuffer_all_maybenull_(size) _SAL2_Source_(_Outptr_result_bytebuffer_all_maybenull_, (size), _Out_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __bytecount_impl(size)))
478#define _Outptr_opt_result_bytebuffer_all_maybenull_(size) _SAL2_Source_(_Outptr_opt_result_bytebuffer_all_maybenull_, (size), _Out_opt_impl_ _Deref_post2_impl_(__maybenull_impl_notref, __bytecount_impl(size)))
479
480// Annotations for output reference to pointer parameters.
481
482#define _Outref_ _SAL2_Source_(_Outref_, (), _Out_impl_ _Post_notnull_)
483#define _Outref_result_maybenull_ _SAL2_Source_(_Outref_result_maybenull_, (), _Pre2_impl_(__notnull_impl_notref, __cap_c_one_notref_impl) _Post_maybenull_ _Post_valid_impl_)
484
485#define _Outref_result_buffer_(size) _SAL2_Source_(_Outref_result_buffer_, (size), _Outref_ _Post1_impl_(__cap_impl(size)))
486#define _Outref_result_bytebuffer_(size) _SAL2_Source_(_Outref_result_bytebuffer_, (size), _Outref_ _Post1_impl_(__bytecap_impl(size)))
487#define _Outref_result_buffer_to_(size, count) _SAL2_Source_(_Outref_result_buffer_to_, (size, count), _Outref_result_buffer_(size) _Post1_impl_(__count_impl(count)))
488#define _Outref_result_bytebuffer_to_(size, count) _SAL2_Source_(_Outref_result_bytebuffer_to_, (size, count), _Outref_result_bytebuffer_(size) _Post1_impl_(__bytecount_impl(count)))
489#define _Outref_result_buffer_all_(size) _SAL2_Source_(_Outref_result_buffer_all_, (size), _Outref_result_buffer_to_(size, _Old_(size)))
490#define _Outref_result_bytebuffer_all_(size) _SAL2_Source_(_Outref_result_bytebuffer_all_, (size), _Outref_result_bytebuffer_to_(size, _Old_(size)))
491
492#define _Outref_result_buffer_maybenull_(size) _SAL2_Source_(_Outref_result_buffer_maybenull_, (size), _Outref_result_maybenull_ _Post1_impl_(__cap_impl(size)))
493#define _Outref_result_bytebuffer_maybenull_(size) _SAL2_Source_(_Outref_result_bytebuffer_maybenull_, (size), _Outref_result_maybenull_ _Post1_impl_(__bytecap_impl(size)))
494#define _Outref_result_buffer_to_maybenull_(size, count) _SAL2_Source_(_Outref_result_buffer_to_maybenull_, (size, count), _Outref_result_buffer_maybenull_(size) _Post1_impl_(__count_impl(count)))
495#define _Outref_result_bytebuffer_to_maybenull_(size, count) _SAL2_Source_(_Outref_result_bytebuffer_to_maybenull_, (size, count), _Outref_result_bytebuffer_maybenull_(size) _Post1_impl_(__bytecount_impl(count)))
496#define _Outref_result_buffer_all_maybenull_(size) _SAL2_Source_(_Outref_result_buffer_all_maybenull_, (size), _Outref_result_buffer_to_maybenull_(size, _Old_(size)))
497#define _Outref_result_bytebuffer_all_maybenull_(size) _SAL2_Source_(_Outref_result_bytebuffer_all_maybenull_, (size), _Outref_result_bytebuffer_to_maybenull_(size, _Old_(size)))
498
499// Annotations for output reference to pointer parameters that guarantee
500// that the pointer is set to NULL on failure.
501#define _Outref_result_nullonfailure_ _SAL2_Source_(_Outref_result_nullonfailure_, (), _Outref_ _On_failure_(_Post_null_))
502
503// Generic annotations to set output value of a by-pointer or by-reference parameter to null/zero on failure.
504#define _Result_nullonfailure_ _SAL2_Source_(_Result_nullonfailure_, (), _On_failure_(_Notref_impl_ _Deref_impl_ _Post_null_))
505#define _Result_zeroonfailure_ _SAL2_Source_(_Result_zeroonfailure_, (), _On_failure_(_Notref_impl_ _Deref_impl_ _Out_range_(==, 0)))
506
507
508// return values -------------------------------
509
510//
511// _Ret_ annotations
512//
513// describing conditions that hold for return values after the call
514
515// e.g. _Ret_z_ CString::operator const WCHAR*() const throw();
516#define _Ret_z_ _SAL2_Source_(_Ret_z_, (), _Ret2_impl_(__notnull_impl, __zterm_impl) _Ret_valid_impl_)
517#define _Ret_maybenull_z_ _SAL2_Source_(_Ret_maybenull_z_, (), _Ret2_impl_(__maybenull_impl,__zterm_impl) _Ret_valid_impl_)
518
519// used with allocated but not yet initialized objects
520#define _Ret_notnull_ _SAL2_Source_(_Ret_notnull_, (), _Ret1_impl_(__notnull_impl))
521#define _Ret_maybenull_ _SAL2_Source_(_Ret_maybenull_, (), _Ret1_impl_(__maybenull_impl))
522#define _Ret_null_ _SAL2_Source_(_Ret_null_, (), _Ret1_impl_(__null_impl))
523
524// used with allocated and initialized objects
525// returns single valid object
526#define _Ret_valid_ _SAL2_Source_(_Ret_valid_, (), _Ret1_impl_(__notnull_impl_notref) _Ret_valid_impl_)
527
528// returns pointer to initialized buffer of specified size
529#define _Ret_writes_(size) _SAL2_Source_(_Ret_writes_, (size), _Ret2_impl_(__notnull_impl, __count_impl(size)) _Ret_valid_impl_)
530#define _Ret_writes_z_(size) _SAL2_Source_(_Ret_writes_z_, (size), _Ret3_impl_(__notnull_impl, __count_impl(size), __zterm_impl) _Ret_valid_impl_)
531#define _Ret_writes_bytes_(size) _SAL2_Source_(_Ret_writes_bytes_, (size), _Ret2_impl_(__notnull_impl, __bytecount_impl(size)) _Ret_valid_impl_)
532#define _Ret_writes_maybenull_(size) _SAL2_Source_(_Ret_writes_maybenull_, (size), _Ret2_impl_(__maybenull_impl,__count_impl(size)) _Ret_valid_impl_)
533#define _Ret_writes_maybenull_z_(size) _SAL2_Source_(_Ret_writes_maybenull_z_, (size), _Ret3_impl_(__maybenull_impl,__count_impl(size),__zterm_impl) _Ret_valid_impl_)
534#define _Ret_writes_bytes_maybenull_(size) _SAL2_Source_(_Ret_writes_bytes_maybenull_, (size), _Ret2_impl_(__maybenull_impl,__bytecount_impl(size)) _Ret_valid_impl_)
535
536// returns pointer to partially initialized buffer, with total size 'size' and initialized size 'count'
537#define _Ret_writes_to_(size,count) _SAL2_Source_(_Ret_writes_to_, (size,count), _Ret3_impl_(__notnull_impl, __cap_impl(size), __count_impl(count)) _Ret_valid_impl_)
538#define _Ret_writes_bytes_to_(size,count) _SAL2_Source_(_Ret_writes_bytes_to_, (size,count), _Ret3_impl_(__notnull_impl, __bytecap_impl(size), __bytecount_impl(count)) _Ret_valid_impl_)
539#define _Ret_writes_to_maybenull_(size,count) _SAL2_Source_(_Ret_writes_to_maybenull_, (size,count), _Ret3_impl_(__maybenull_impl, __cap_impl(size), __count_impl(count)) _Ret_valid_impl_)
540#define _Ret_writes_bytes_to_maybenull_(size,count) _SAL2_Source_(_Ret_writes_bytes_to_maybenull_, (size,count), _Ret3_impl_(__maybenull_impl, __bytecap_impl(size), __bytecount_impl(count)) _Ret_valid_impl_)
541
542
543// Annotations for strict type checking
544#define _Points_to_data_ _SAL2_Source_(_Points_to_data_, (), _Pre_ _Points_to_data_impl_)
545#define _Literal_ _SAL2_Source_(_Literal_, (), _Pre_ _Literal_impl_)
546#define _Notliteral_ _SAL2_Source_(_Notliteral_, (), _Pre_ _Notliteral_impl_)
547
548// Check the return value of a function e.g. _Check_return_ ErrorCode Foo();
549#define _Check_return_ _SAL2_Source_(_Check_return_, (), _Check_return_impl_)
550#define _Must_inspect_result_ _SAL2_Source_(_Must_inspect_result_, (), _Must_inspect_impl_ _Check_return_impl_)
551
552// e.g. MyPrintF( _Printf_format_string_ const WCHAR* wzFormat, ... );
553#define _Printf_format_string_ _SAL2_Source_(_Printf_format_string_, (), _Printf_format_string_impl_)
554#define _Scanf_format_string_ _SAL2_Source_(_Scanf_format_string_, (), _Scanf_format_string_impl_)
555#define _Scanf_s_format_string_ _SAL2_Source_(_Scanf_s_format_string_, (), _Scanf_s_format_string_impl_)
556
557#define _Format_string_impl_(kind,where) _SA_annotes2(SAL_IsFormatString2, kind, where)
558#define _Printf_format_string_params_(x) _SAL2_Source_(_Printf_format_string_params_, (x), _Format_string_impl_("printf", x))
559#define _Scanf_format_string_params_(x) _SAL2_Source_(_Scanf_format_string_params_, (x), _Format_string_impl_("scanf", x))
560#define _Scanf_s_format_string_params_(x) _SAL2_Source_(_Scanf_s_format_string_params_, (x), _Format_string_impl_("scanf_s", x))
561
562// annotations to express value of integral or pointer parameter
563#define _In_range_(lb,ub) _SAL2_Source_(_In_range_, (lb,ub), _In_range_impl_(lb,ub))
564#define _Out_range_(lb,ub) _SAL2_Source_(_Out_range_, (lb,ub), _Out_range_impl_(lb,ub))
565#define _Ret_range_(lb,ub) _SAL2_Source_(_Ret_range_, (lb,ub), _Ret_range_impl_(lb,ub))
566#define _Deref_in_range_(lb,ub) _SAL2_Source_(_Deref_in_range_, (lb,ub), _Deref_in_range_impl_(lb,ub))
567#define _Deref_out_range_(lb,ub) _SAL2_Source_(_Deref_out_range_, (lb,ub), _Deref_out_range_impl_(lb,ub))
568#define _Deref_ret_range_(lb,ub) _SAL2_Source_(_Deref_ret_range_, (lb,ub), _Deref_ret_range_impl_(lb,ub))
569#define _Pre_equal_to_(expr) _SAL2_Source_(_Pre_equal_to_, (expr), _In_range_(==, expr))
570#define _Post_equal_to_(expr) _SAL2_Source_(_Post_equal_to_, (expr), _Out_range_(==, expr))
571
572// annotation to express that a value (usually a field of a mutable class)
573// is not changed by a function call
574#define _Unchanged_(e) _SAL2_Source_(_Unchanged_, (e), _At_(e, _Post_equal_to_(_Old_(e)) _Const_))
575
576// Annotations to allow expressing generalized pre and post conditions.
577// 'cond' may be any valid SAL expression that is considered to be true as a precondition
578// or postcondition (respsectively).
579#define _Pre_satisfies_(cond) _SAL2_Source_(_Pre_satisfies_, (cond), _Pre_satisfies_impl_(cond))
580#define _Post_satisfies_(cond) _SAL2_Source_(_Post_satisfies_, (cond), _Post_satisfies_impl_(cond))
581
582// Annotations to express struct, class and field invariants
583#define _Struct_size_bytes_(size) _SAL2_Source_(_Struct_size_bytes_, (size), _Writable_bytes_(size))
584
585#define _Field_size_(size) _SAL2_Source_(_Field_size_, (size), _Notnull_ _Writable_elements_(size))
586#define _Field_size_opt_(size) _SAL2_Source_(_Field_size_opt_, (size), _Maybenull_ _Writable_elements_(size))
587#define _Field_size_part_(size, count) _SAL2_Source_(_Field_size_part_, (size, count), _Notnull_ _Writable_elements_(size) _Readable_elements_(count))
588#define _Field_size_part_opt_(size, count) _SAL2_Source_(_Field_size_part_opt_, (size, count), _Maybenull_ _Writable_elements_(size) _Readable_elements_(count))
589#define _Field_size_full_(size) _SAL2_Source_(_Field_size_full_, (size), _Field_size_part_(size, size))
590#define _Field_size_full_opt_(size) _SAL2_Source_(_Field_size_full_opt_, (size), _Field_size_part_opt_(size, size))
591
592#define _Field_size_bytes_(size) _SAL2_Source_(_Field_size_bytes_, (size), _Notnull_ _Writable_bytes_(size))
593#define _Field_size_bytes_opt_(size) _SAL2_Source_(_Field_size_bytes_opt_, (size), _Maybenull_ _Writable_bytes_(size))
594#define _Field_size_bytes_part_(size, count) _SAL2_Source_(_Field_size_bytes_part_, (size, count), _Notnull_ _Writable_bytes_(size) _Readable_bytes_(count))
595#define _Field_size_bytes_part_opt_(size, count) _SAL2_Source_(_Field_size_bytes_part_opt_, (size, count), _Maybenull_ _Writable_bytes_(size) _Readable_bytes_(count))
596#define _Field_size_bytes_full_(size) _SAL2_Source_(_Field_size_bytes_full_, (size), _Field_size_bytes_part_(size, size))
597#define _Field_size_bytes_full_opt_(size) _SAL2_Source_(_Field_size_bytes_full_opt_, (size), _Field_size_bytes_part_opt_(size, size))
598
599#define _Field_z_ _SAL2_Source_(_Field_z_, (), _Null_terminated_)
600
601#define _Field_range_(min,max) _SAL2_Source_(_Field_range_, (min,max), _Field_range_impl_(min,max))
602
603//============================================================================
604// _Pre_\_Post_ Layer:
605//============================================================================
606
607//
608// Raw Pre/Post for declaring custom pre/post conditions
609//
610
611#define _Pre_ _Pre_impl_
612#define _Post_ _Post_impl_
613
614//
615// Validity property
616//
617
618#define _Valid_ _Valid_impl_
619#define _Notvalid_ _Notvalid_impl_
620#define _Maybevalid_ _Maybevalid_impl_
621
622//
623// Buffer size properties
624//
625
626// Expressing buffer sizes without specifying pre or post condition
627#define _Readable_bytes_(size) _SAL2_Source_(_Readable_bytes_, (size), _Readable_bytes_impl_(size))
628#define _Readable_elements_(size) _SAL2_Source_(_Readable_elements_, (size), _Readable_elements_impl_(size))
629#define _Writable_bytes_(size) _SAL2_Source_(_Writable_bytes_, (size), _Writable_bytes_impl_(size))
630#define _Writable_elements_(size) _SAL2_Source_(_Writable_elements_, (size), _Writable_elements_impl_(size))
631
632#define _Null_terminated_ _SAL2_Source_(_Null_terminated_, (), _Null_terminated_impl_)
633#define _NullNull_terminated_ _SAL2_Source_(_NullNull_terminated_, (), _NullNull_terminated_impl_)
634
635// Expressing buffer size as pre or post condition
636#define _Pre_readable_size_(size) _SAL2_Source_(_Pre_readable_size_, (size), _Pre1_impl_(__count_impl(size)) _Pre_valid_impl_)
637#define _Pre_writable_size_(size) _SAL2_Source_(_Pre_writable_size_, (size), _Pre1_impl_(__cap_impl(size)))
638#define _Pre_readable_byte_size_(size) _SAL2_Source_(_Pre_readable_byte_size_, (size), _Pre1_impl_(__bytecount_impl(size)) _Pre_valid_impl_)
639#define _Pre_writable_byte_size_(size) _SAL2_Source_(_Pre_writable_byte_size_, (size), _Pre1_impl_(__bytecap_impl(size)))
640
641#define _Post_readable_size_(size) _SAL2_Source_(_Post_readable_size_, (size), _Post1_impl_(__count_impl(size)) _Post_valid_impl_)
642#define _Post_writable_size_(size) _SAL2_Source_(_Post_writable_size_, (size), _Post1_impl_(__cap_impl(size)))
643#define _Post_readable_byte_size_(size) _SAL2_Source_(_Post_readable_byte_size_, (size), _Post1_impl_(__bytecount_impl(size)) _Post_valid_impl_)
644#define _Post_writable_byte_size_(size) _SAL2_Source_(_Post_writable_byte_size_, (size), _Post1_impl_(__bytecap_impl(size)))
645
646//
647// Pointer null-ness properties
648//
649#define _Null_ _Null_impl_
650#define _Notnull_ _Notnull_impl_
651#define _Maybenull_ _Maybenull_impl_
652
653//
654// _Pre_ annotations ---
655//
656// describing conditions that must be met before the call of the function
657
658// e.g. int strlen( _Pre_z_ const char* sz );
659// buffer is a zero terminated string
660#define _Pre_z_ _SAL2_Source_(_Pre_z_, (), _Pre1_impl_(__zterm_impl) _Pre_valid_impl_)
661
662// valid size unknown or indicated by type (e.g.:LPSTR)
663#define _Pre_valid_ _SAL2_Source_(_Pre_valid_, (), _Pre1_impl_(__notnull_impl_notref) _Pre_valid_impl_)
664#define _Pre_opt_valid_ _SAL2_Source_(_Pre_opt_valid_, (), _Pre1_impl_(__maybenull_impl_notref) _Pre_valid_impl_)
665
666#define _Pre_invalid_ _SAL2_Source_(_Pre_invalid_, (), _Deref_pre1_impl_(__notvalid_impl))
667
668// Overrides recursive valid when some field is not yet initialized when using _Inout_
669#define _Pre_unknown_ _SAL2_Source_(_Pre_unknown_, (), _Pre1_impl_(__maybevalid_impl))
670
671// used with allocated but not yet initialized objects
672#define _Pre_notnull_ _SAL2_Source_(_Pre_notnull_, (), _Pre1_impl_(__notnull_impl_notref))
673#define _Pre_maybenull_ _SAL2_Source_(_Pre_maybenull_, (), _Pre1_impl_(__maybenull_impl_notref))
674#define _Pre_null_ _SAL2_Source_(_Pre_null_, (), _Pre1_impl_(__null_impl_notref))
675
676//
677// _Post_ annotations ---
678//
679// describing conditions that hold after the function call
680
681// void CopyStr( _In_z_ const char* szFrom, _Pre_cap_(cch) _Post_z_ char* szFrom, size_t cchFrom );
682// buffer will be a zero-terminated string after the call
683#define _Post_z_ _SAL2_Source_(_Post_z_, (), _Post1_impl_(__zterm_impl) _Post_valid_impl_)
684
685// e.g. HRESULT InitStruct( _Post_valid_ Struct* pobj );
686#define _Post_valid_ _SAL2_Source_(_Post_valid_, (), _Post_valid_impl_)
687#define _Post_invalid_ _SAL2_Source_(_Post_invalid_, (), _Deref_post1_impl_(__notvalid_impl))
688
689// e.g. void free( _Post_ptr_invalid_ void* pv );
690#define _Post_ptr_invalid_ _SAL2_Source_(_Post_ptr_invalid_, (), _Post1_impl_(__notvalid_impl))
691
692// e.g. void ThrowExceptionIfNull( _Post_notnull_ const void* pv );
693#define _Post_notnull_ _SAL2_Source_(_Post_notnull_, (), _Post1_impl_(__notnull_impl))
694
695// e.g. HRESULT GetObject(_Outptr_ _On_failure_(_At_(*p, _Post_null_)) T **p);
696#define _Post_null_ _SAL2_Source_(_Post_null_, (), _Post1_impl_(__null_impl))
697
698#define _Post_maybenull_ _SAL2_Source_(_Post_maybenull_, (), _Post1_impl_(__maybenull_impl))
699
700#define _Prepost_z_ _SAL2_Source_(_Prepost_z_, (), _Pre_z_ _Post_z_)
701
702
703// #pragma region Input Buffer SAL 1 compatibility macros
704
705/*==========================================================================
706
707 This section contains definitions for macros defined for VS2010 and earlier.
708 Usage of these macros is still supported, but the SAL 2 macros defined above
709 are recommended instead. This comment block is retained to assist in
710 understanding SAL that still uses the older syntax.
711
712 The macros are defined in 3 layers:
713
714 _In_\_Out_ Layer:
715 ----------------
716 This layer provides the highest abstraction and its macros should be used
717 in most cases. Its macros start with _In_, _Out_ or _Inout_. For the
718 typical case they provide the most concise annotations.
719
720 _Pre_\_Post_ Layer:
721 ------------------
722 The macros of this layer only should be used when there is no suitable macro
723 in the _In_\_Out_ layer. Its macros start with _Pre_, _Post_, _Ret_,
724 _Deref_pre_ _Deref_post_ and _Deref_ret_. This layer provides the most
725 flexibility for annotations.
726
727 Implementation Abstraction Layer:
728 --------------------------------
729 Macros from this layer should never be used directly. The layer only exists
730 to hide the implementation of the annotation macros.
731
732
733 Annotation Syntax:
734 |--------------|----------|----------------|-----------------------------|
735 | Usage | Nullness | ZeroTerminated | Extent |
736 |--------------|----------|----------------|-----------------------------|
737 | _In_ | <> | <> | <> |
738 | _Out_ | opt_ | z_ | [byte]cap_[c_|x_]( size ) |
739 | _Inout_ | | | [byte]count_[c_|x_]( size ) |
740 | _Deref_out_ | | | ptrdiff_cap_( ptr ) |
741 |--------------| | | ptrdiff_count_( ptr ) |
742 | _Ret_ | | | |
743 | _Deref_ret_ | | | |
744 |--------------| | | |
745 | _Pre_ | | | |
746 | _Post_ | | | |
747 | _Deref_pre_ | | | |
748 | _Deref_post_ | | | |
749 |--------------|----------|----------------|-----------------------------|
750
751 Usage:
752 -----
753 _In_, _Out_, _Inout_, _Pre_, _Post_, _Deref_pre_, _Deref_post_ are for
754 formal parameters.
755 _Ret_, _Deref_ret_ must be used for return values.
756
757 Nullness:
758 --------
759 If the pointer can be NULL the annotation contains _opt. If the macro
760 does not contain '_opt' the pointer may not be NULL.
761
762 String Type:
763 -----------
764 _z: NullTerminated string
765 for _In_ parameters the buffer must have the specified stringtype before the call
766 for _Out_ parameters the buffer must have the specified stringtype after the call
767 for _Inout_ parameters both conditions apply
768
769 Extent Syntax:
770 |------|---------------|---------------|
771 | Unit | Writ\Readable | Argument Type |
772 |------|---------------|---------------|
773 | <> | cap_ | <> |
774 | byte | count_ | c_ |
775 | | | x_ |
776 |------|---------------|---------------|
777
778 'cap' (capacity) describes the writable size of the buffer and is typically used
779 with _Out_. The default unit is elements. Use 'bytecap' if the size is given in bytes
780 'count' describes the readable size of the buffer and is typically used with _In_.
781 The default unit is elements. Use 'bytecount' if the size is given in bytes.
782
783 Argument syntax for cap_, bytecap_, count_, bytecount_:
784 (<parameter>|return)[+n] e.g. cch, return, cb+2
785
786 If the buffer size is a constant expression use the c_ postfix.
787 E.g. cap_c_(20), count_c_(MAX_PATH), bytecount_c_(16)
788
789 If the buffer size is given by a limiting pointer use the ptrdiff_ versions
790 of the macros.
791
792 If the buffer size is neither a parameter nor a constant expression use the x_
793 postfix. e.g. bytecount_x_(num*size) x_ annotations accept any arbitrary string.
794 No analysis can be done for x_ annotations but they at least tell the tool that
795 the buffer has some sort of extent description. x_ annotations might be supported
796 by future compiler versions.
797
798============================================================================*/
799
800// e.g. void SetCharRange( _In_count_(cch) const char* rgch, size_t cch )
801// valid buffer extent described by another parameter
802#define _In_count_(size) _SAL1_1_Source_(_In_count_, (size), _Pre_count_(size) _Deref_pre_readonly_)
803#define _In_opt_count_(size) _SAL1_1_Source_(_In_opt_count_, (size), _Pre_opt_count_(size) _Deref_pre_readonly_)
804#define _In_bytecount_(size) _SAL1_1_Source_(_In_bytecount_, (size), _Pre_bytecount_(size) _Deref_pre_readonly_)
805#define _In_opt_bytecount_(size) _SAL1_1_Source_(_In_opt_bytecount_, (size), _Pre_opt_bytecount_(size) _Deref_pre_readonly_)
806
807// valid buffer extent described by a constant extression
808#define _In_count_c_(size) _SAL1_1_Source_(_In_count_c_, (size), _Pre_count_c_(size) _Deref_pre_readonly_)
809#define _In_opt_count_c_(size) _SAL1_1_Source_(_In_opt_count_c_, (size), _Pre_opt_count_c_(size) _Deref_pre_readonly_)
810#define _In_bytecount_c_(size) _SAL1_1_Source_(_In_bytecount_c_, (size), _Pre_bytecount_c_(size) _Deref_pre_readonly_)
811#define _In_opt_bytecount_c_(size) _SAL1_1_Source_(_In_opt_bytecount_c_, (size), _Pre_opt_bytecount_c_(size) _Deref_pre_readonly_)
812
813// nullterminated 'input' buffers with given size
814
815// e.g. void SetCharRange( _In_count_(cch) const char* rgch, size_t cch )
816// nullterminated valid buffer extent described by another parameter
817#define _In_z_count_(size) _SAL1_1_Source_(_In_z_count_, (size), _Pre_z_ _Pre_count_(size) _Deref_pre_readonly_)
818#define _In_opt_z_count_(size) _SAL1_1_Source_(_In_opt_z_count_, (size), _Pre_opt_z_ _Pre_opt_count_(size) _Deref_pre_readonly_)
819#define _In_z_bytecount_(size) _SAL1_1_Source_(_In_z_bytecount_, (size), _Pre_z_ _Pre_bytecount_(size) _Deref_pre_readonly_)
820#define _In_opt_z_bytecount_(size) _SAL1_1_Source_(_In_opt_z_bytecount_, (size), _Pre_opt_z_ _Pre_opt_bytecount_(size) _Deref_pre_readonly_)
821
822// nullterminated valid buffer extent described by a constant extression
823#define _In_z_count_c_(size) _SAL1_1_Source_(_In_z_count_c_, (size), _Pre_z_ _Pre_count_c_(size) _Deref_pre_readonly_)
824#define _In_opt_z_count_c_(size) _SAL1_1_Source_(_In_opt_z_count_c_, (size), _Pre_opt_z_ _Pre_opt_count_c_(size) _Deref_pre_readonly_)
825#define _In_z_bytecount_c_(size) _SAL1_1_Source_(_In_z_bytecount_c_, (size), _Pre_z_ _Pre_bytecount_c_(size) _Deref_pre_readonly_)
826#define _In_opt_z_bytecount_c_(size) _SAL1_1_Source_(_In_opt_z_bytecount_c_, (size), _Pre_opt_z_ _Pre_opt_bytecount_c_(size) _Deref_pre_readonly_)
827
828// buffer capacity is described by another pointer
829// e.g. void Foo( _In_ptrdiff_count_(pchMax) const char* pch, const char* pchMax ) { while pch < pchMax ) pch++; }
830#define _In_ptrdiff_count_(size) _SAL1_1_Source_(_In_ptrdiff_count_, (size), _Pre_ptrdiff_count_(size) _Deref_pre_readonly_)
831#define _In_opt_ptrdiff_count_(size) _SAL1_1_Source_(_In_opt_ptrdiff_count_, (size), _Pre_opt_ptrdiff_count_(size) _Deref_pre_readonly_)
832
833// 'x' version for complex expressions that are not supported by the current compiler version
834// e.g. void Set3ColMatrix( _In_count_x_(3*cRows) const Elem* matrix, int cRows );
835#define _In_count_x_(size) _SAL1_1_Source_(_In_count_x_, (size), _Pre_count_x_(size) _Deref_pre_readonly_)
836#define _In_opt_count_x_(size) _SAL1_1_Source_(_In_opt_count_x_, (size), _Pre_opt_count_x_(size) _Deref_pre_readonly_)
837#define _In_bytecount_x_(size) _SAL1_1_Source_(_In_bytecount_x_, (size), _Pre_bytecount_x_(size) _Deref_pre_readonly_)
838#define _In_opt_bytecount_x_(size) _SAL1_1_Source_(_In_opt_bytecount_x_, (size), _Pre_opt_bytecount_x_(size) _Deref_pre_readonly_)
839
840
841// 'out' with buffer size
842// e.g. void GetIndeces( _Out_cap_(cIndeces) int* rgIndeces, size_t cIndices );
843// buffer capacity is described by another parameter
844#define _Out_cap_(size) _SAL1_1_Source_(_Out_cap_, (size), _Pre_cap_(size) _Post_valid_impl_)
845#define _Out_opt_cap_(size) _SAL1_1_Source_(_Out_opt_cap_, (size), _Pre_opt_cap_(size) _Post_valid_impl_)
846#define _Out_bytecap_(size) _SAL1_1_Source_(_Out_bytecap_, (size), _Pre_bytecap_(size) _Post_valid_impl_)
847#define _Out_opt_bytecap_(size) _SAL1_1_Source_(_Out_opt_bytecap_, (size), _Pre_opt_bytecap_(size) _Post_valid_impl_)
848
849// buffer capacity is described by a constant expression
850#define _Out_cap_c_(size) _SAL1_1_Source_(_Out_cap_c_, (size), _Pre_cap_c_(size) _Post_valid_impl_)
851#define _Out_opt_cap_c_(size) _SAL1_1_Source_(_Out_opt_cap_c_, (size), _Pre_opt_cap_c_(size) _Post_valid_impl_)
852#define _Out_bytecap_c_(size) _SAL1_1_Source_(_Out_bytecap_c_, (size), _Pre_bytecap_c_(size) _Post_valid_impl_)
853#define _Out_opt_bytecap_c_(size) _SAL1_1_Source_(_Out_opt_bytecap_c_, (size), _Pre_opt_bytecap_c_(size) _Post_valid_impl_)
854
855// buffer capacity is described by another parameter multiplied by a constant expression
856#define _Out_cap_m_(mult,size) _SAL1_1_Source_(_Out_cap_m_, (mult,size), _Pre_cap_m_(mult,size) _Post_valid_impl_)
857#define _Out_opt_cap_m_(mult,size) _SAL1_1_Source_(_Out_opt_cap_m_, (mult,size), _Pre_opt_cap_m_(mult,size) _Post_valid_impl_)
858#define _Out_z_cap_m_(mult,size) _SAL1_1_Source_(_Out_z_cap_m_, (mult,size), _Pre_cap_m_(mult,size) _Post_valid_impl_ _Post_z_)
859#define _Out_opt_z_cap_m_(mult,size) _SAL1_1_Source_(_Out_opt_z_cap_m_, (mult,size), _Pre_opt_cap_m_(mult,size) _Post_valid_impl_ _Post_z_)
860
861// buffer capacity is described by another pointer
862// e.g. void Foo( _Out_ptrdiff_cap_(pchMax) char* pch, const char* pchMax ) { while pch < pchMax ) pch++; }
863#define _Out_ptrdiff_cap_(size) _SAL1_1_Source_(_Out_ptrdiff_cap_, (size), _Pre_ptrdiff_cap_(size) _Post_valid_impl_)
864#define _Out_opt_ptrdiff_cap_(size) _SAL1_1_Source_(_Out_opt_ptrdiff_cap_, (size), _Pre_opt_ptrdiff_cap_(size) _Post_valid_impl_)
865
866// buffer capacity is described by a complex expression
867#define _Out_cap_x_(size) _SAL1_1_Source_(_Out_cap_x_, (size), _Pre_cap_x_(size) _Post_valid_impl_)
868#define _Out_opt_cap_x_(size) _SAL1_1_Source_(_Out_opt_cap_x_, (size), _Pre_opt_cap_x_(size) _Post_valid_impl_)
869#define _Out_bytecap_x_(size) _SAL1_1_Source_(_Out_bytecap_x_, (size), _Pre_bytecap_x_(size) _Post_valid_impl_)
870#define _Out_opt_bytecap_x_(size) _SAL1_1_Source_(_Out_opt_bytecap_x_, (size), _Pre_opt_bytecap_x_(size) _Post_valid_impl_)
871
872// a zero terminated string is filled into a buffer of given capacity
873// e.g. void CopyStr( _In_z_ const char* szFrom, _Out_z_cap_(cchTo) char* szTo, size_t cchTo );
874// buffer capacity is described by another parameter
875#define _Out_z_cap_(size) _SAL1_1_Source_(_Out_z_cap_, (size), _Pre_cap_(size) _Post_valid_impl_ _Post_z_)
876#define _Out_opt_z_cap_(size) _SAL1_1_Source_(_Out_opt_z_cap_, (size), _Pre_opt_cap_(size) _Post_valid_impl_ _Post_z_)
877#define _Out_z_bytecap_(size) _SAL1_1_Source_(_Out_z_bytecap_, (size), _Pre_bytecap_(size) _Post_valid_impl_ _Post_z_)
878#define _Out_opt_z_bytecap_(size) _SAL1_1_Source_(_Out_opt_z_bytecap_, (size), _Pre_opt_bytecap_(size) _Post_valid_impl_ _Post_z_)
879
880// buffer capacity is described by a constant expression
881#define _Out_z_cap_c_(size) _SAL1_1_Source_(_Out_z_cap_c_, (size), _Pre_cap_c_(size) _Post_valid_impl_ _Post_z_)
882#define _Out_opt_z_cap_c_(size) _SAL1_1_Source_(_Out_opt_z_cap_c_, (size), _Pre_opt_cap_c_(size) _Post_valid_impl_ _Post_z_)
883#define _Out_z_bytecap_c_(size) _SAL1_1_Source_(_Out_z_bytecap_c_, (size), _Pre_bytecap_c_(size) _Post_valid_impl_ _Post_z_)
884#define _Out_opt_z_bytecap_c_(size) _SAL1_1_Source_(_Out_opt_z_bytecap_c_, (size), _Pre_opt_bytecap_c_(size) _Post_valid_impl_ _Post_z_)
885
886// buffer capacity is described by a complex expression
887#define _Out_z_cap_x_(size) _SAL1_1_Source_(_Out_z_cap_x_, (size), _Pre_cap_x_(size) _Post_valid_impl_ _Post_z_)
888#define _Out_opt_z_cap_x_(size) _SAL1_1_Source_(_Out_opt_z_cap_x_, (size), _Pre_opt_cap_x_(size) _Post_valid_impl_ _Post_z_)
889#define _Out_z_bytecap_x_(size) _SAL1_1_Source_(_Out_z_bytecap_x_, (size), _Pre_bytecap_x_(size) _Post_valid_impl_ _Post_z_)
890#define _Out_opt_z_bytecap_x_(size) _SAL1_1_Source_(_Out_opt_z_bytecap_x_, (size), _Pre_opt_bytecap_x_(size) _Post_valid_impl_ _Post_z_)
891
892// a zero terminated string is filled into a buffer of given capacity
893// e.g. size_t CopyCharRange( _In_count_(cchFrom) const char* rgchFrom, size_t cchFrom, _Out_cap_post_count_(cchTo,return)) char* rgchTo, size_t cchTo );
894#define _Out_cap_post_count_(cap,count) _SAL1_1_Source_(_Out_cap_post_count_, (cap,count), _Pre_cap_(cap) _Post_valid_impl_ _Post_count_(count))
895#define _Out_opt_cap_post_count_(cap,count) _SAL1_1_Source_(_Out_opt_cap_post_count_, (cap,count), _Pre_opt_cap_(cap) _Post_valid_impl_ _Post_count_(count))
896#define _Out_bytecap_post_bytecount_(cap,count) _SAL1_1_Source_(_Out_bytecap_post_bytecount_, (cap,count), _Pre_bytecap_(cap) _Post_valid_impl_ _Post_bytecount_(count))
897#define _Out_opt_bytecap_post_bytecount_(cap,count) _SAL1_1_Source_(_Out_opt_bytecap_post_bytecount_, (cap,count), _Pre_opt_bytecap_(cap) _Post_valid_impl_ _Post_bytecount_(count))
898
899// a zero terminated string is filled into a buffer of given capacity
900// e.g. size_t CopyStr( _In_z_ const char* szFrom, _Out_z_cap_post_count_(cchTo,return+1) char* szTo, size_t cchTo );
901#define _Out_z_cap_post_count_(cap,count) _SAL1_1_Source_(_Out_z_cap_post_count_, (cap,count), _Pre_cap_(cap) _Post_valid_impl_ _Post_z_count_(count))
902#define _Out_opt_z_cap_post_count_(cap,count) _SAL1_1_Source_(_Out_opt_z_cap_post_count_, (cap,count), _Pre_opt_cap_(cap) _Post_valid_impl_ _Post_z_count_(count))
903#define _Out_z_bytecap_post_bytecount_(cap,count) _SAL1_1_Source_(_Out_z_bytecap_post_bytecount_, (cap,count), _Pre_bytecap_(cap) _Post_valid_impl_ _Post_z_bytecount_(count))
904#define _Out_opt_z_bytecap_post_bytecount_(cap,count) _SAL1_1_Source_(_Out_opt_z_bytecap_post_bytecount_, (cap,count), _Pre_opt_bytecap_(cap) _Post_valid_impl_ _Post_z_bytecount_(count))
905
906// only use with dereferenced arguments e.g. '*pcch'
907#define _Out_capcount_(capcount) _SAL1_1_Source_(_Out_capcount_, (capcount), _Pre_cap_(capcount) _Post_valid_impl_ _Post_count_(capcount))
908#define _Out_opt_capcount_(capcount) _SAL1_1_Source_(_Out_opt_capcount_, (capcount), _Pre_opt_cap_(capcount) _Post_valid_impl_ _Post_count_(capcount))
909#define _Out_bytecapcount_(capcount) _SAL1_1_Source_(_Out_bytecapcount_, (capcount), _Pre_bytecap_(capcount) _Post_valid_impl_ _Post_bytecount_(capcount))
910#define _Out_opt_bytecapcount_(capcount) _SAL1_1_Source_(_Out_opt_bytecapcount_, (capcount), _Pre_opt_bytecap_(capcount) _Post_valid_impl_ _Post_bytecount_(capcount))
911
912#define _Out_capcount_x_(capcount) _SAL1_1_Source_(_Out_capcount_x_, (capcount), _Pre_cap_x_(capcount) _Post_valid_impl_ _Post_count_x_(capcount))
913#define _Out_opt_capcount_x_(capcount) _SAL1_1_Source_(_Out_opt_capcount_x_, (capcount), _Pre_opt_cap_x_(capcount) _Post_valid_impl_ _Post_count_x_(capcount))
914#define _Out_bytecapcount_x_(capcount) _SAL1_1_Source_(_Out_bytecapcount_x_, (capcount), _Pre_bytecap_x_(capcount) _Post_valid_impl_ _Post_bytecount_x_(capcount))
915#define _Out_opt_bytecapcount_x_(capcount) _SAL1_1_Source_(_Out_opt_bytecapcount_x_, (capcount), _Pre_opt_bytecap_x_(capcount) _Post_valid_impl_ _Post_bytecount_x_(capcount))
916
917// e.g. GetString( _Out_z_capcount_(*pLen+1) char* sz, size_t* pLen );
918#define _Out_z_capcount_(capcount) _SAL1_1_Source_(_Out_z_capcount_, (capcount), _Pre_cap_(capcount) _Post_valid_impl_ _Post_z_count_(capcount))
919#define _Out_opt_z_capcount_(capcount) _SAL1_1_Source_(_Out_opt_z_capcount_, (capcount), _Pre_opt_cap_(capcount) _Post_valid_impl_ _Post_z_count_(capcount))
920#define _Out_z_bytecapcount_(capcount) _SAL1_1_Source_(_Out_z_bytecapcount_, (capcount), _Pre_bytecap_(capcount) _Post_valid_impl_ _Post_z_bytecount_(capcount))
921#define _Out_opt_z_bytecapcount_(capcount) _SAL1_1_Source_(_Out_opt_z_bytecapcount_, (capcount), _Pre_opt_bytecap_(capcount) _Post_valid_impl_ _Post_z_bytecount_(capcount))
922
923
924// 'inout' buffers with initialized elements before and after the call
925// e.g. void ModifyIndices( _Inout_count_(cIndices) int* rgIndeces, size_t cIndices );
926#define _Inout_count_(size) _SAL1_1_Source_(_Inout_count_, (size), _Prepost_count_(size))
927#define _Inout_opt_count_(size) _SAL1_1_Source_(_Inout_opt_count_, (size), _Prepost_opt_count_(size))
928#define _Inout_bytecount_(size) _SAL1_1_Source_(_Inout_bytecount_, (size), _Prepost_bytecount_(size))
929#define _Inout_opt_bytecount_(size) _SAL1_1_Source_(_Inout_opt_bytecount_, (size), _Prepost_opt_bytecount_(size))
930
931#define _Inout_count_c_(size) _SAL1_1_Source_(_Inout_count_c_, (size), _Prepost_count_c_(size))
932#define _Inout_opt_count_c_(size) _SAL1_1_Source_(_Inout_opt_count_c_, (size), _Prepost_opt_count_c_(size))
933#define _Inout_bytecount_c_(size) _SAL1_1_Source_(_Inout_bytecount_c_, (size), _Prepost_bytecount_c_(size))
934#define _Inout_opt_bytecount_c_(size) _SAL1_1_Source_(_Inout_opt_bytecount_c_, (size), _Prepost_opt_bytecount_c_(size))
935
936// nullterminated 'inout' buffers with initialized elements before and after the call
937// e.g. void ModifyIndices( _Inout_count_(cIndices) int* rgIndeces, size_t cIndices );
938#define _Inout_z_count_(size) _SAL1_1_Source_(_Inout_z_count_, (size), _Prepost_z_ _Prepost_count_(size))
939#define _Inout_opt_z_count_(size) _SAL1_1_Source_(_Inout_opt_z_count_, (size), _Prepost_z_ _Prepost_opt_count_(size))
940#define _Inout_z_bytecount_(size) _SAL1_1_Source_(_Inout_z_bytecount_, (size), _Prepost_z_ _Prepost_bytecount_(size))
941#define _Inout_opt_z_bytecount_(size) _SAL1_1_Source_(_Inout_opt_z_bytecount_, (size), _Prepost_z_ _Prepost_opt_bytecount_(size))
942
943#define _Inout_z_count_c_(size) _SAL1_1_Source_(_Inout_z_count_c_, (size), _Prepost_z_ _Prepost_count_c_(size))
944#define _Inout_opt_z_count_c_(size) _SAL1_1_Source_(_Inout_opt_z_count_c_, (size), _Prepost_z_ _Prepost_opt_count_c_(size))
945#define _Inout_z_bytecount_c_(size) _SAL1_1_Source_(_Inout_z_bytecount_c_, (size), _Prepost_z_ _Prepost_bytecount_c_(size))
946#define _Inout_opt_z_bytecount_c_(size) _SAL1_1_Source_(_Inout_opt_z_bytecount_c_, (size), _Prepost_z_ _Prepost_opt_bytecount_c_(size))
947
948#define _Inout_ptrdiff_count_(size) _SAL1_1_Source_(_Inout_ptrdiff_count_, (size), _Pre_ptrdiff_count_(size))
949#define _Inout_opt_ptrdiff_count_(size) _SAL1_1_Source_(_Inout_opt_ptrdiff_count_, (size), _Pre_opt_ptrdiff_count_(size))
950
951#define _Inout_count_x_(size) _SAL1_1_Source_(_Inout_count_x_, (size), _Prepost_count_x_(size))
952#define _Inout_opt_count_x_(size) _SAL1_1_Source_(_Inout_opt_count_x_, (size), _Prepost_opt_count_x_(size))
953#define _Inout_bytecount_x_(size) _SAL1_1_Source_(_Inout_bytecount_x_, (size), _Prepost_bytecount_x_(size))
954#define _Inout_opt_bytecount_x_(size) _SAL1_1_Source_(_Inout_opt_bytecount_x_, (size), _Prepost_opt_bytecount_x_(size))
955
956// e.g. void AppendToLPSTR( _In_ LPCSTR szFrom, _Inout_cap_(cchTo) LPSTR* szTo, size_t cchTo );
957#define _Inout_cap_(size) _SAL1_1_Source_(_Inout_cap_, (size), _Pre_valid_cap_(size) _Post_valid_)
958#define _Inout_opt_cap_(size) _SAL1_1_Source_(_Inout_opt_cap_, (size), _Pre_opt_valid_cap_(size) _Post_valid_)
959#define _Inout_bytecap_(size) _SAL1_1_Source_(_Inout_bytecap_, (size), _Pre_valid_bytecap_(size) _Post_valid_)
960#define _Inout_opt_bytecap_(size) _SAL1_1_Source_(_Inout_opt_bytecap_, (size), _Pre_opt_valid_bytecap_(size) _Post_valid_)
961
962#define _Inout_cap_c_(size) _SAL1_1_Source_(_Inout_cap_c_, (size), _Pre_valid_cap_c_(size) _Post_valid_)
963#define _Inout_opt_cap_c_(size) _SAL1_1_Source_(_Inout_opt_cap_c_, (size), _Pre_opt_valid_cap_c_(size) _Post_valid_)
964#define _Inout_bytecap_c_(size) _SAL1_1_Source_(_Inout_bytecap_c_, (size), _Pre_valid_bytecap_c_(size) _Post_valid_)
965#define _Inout_opt_bytecap_c_(size) _SAL1_1_Source_(_Inout_opt_bytecap_c_, (size), _Pre_opt_valid_bytecap_c_(size) _Post_valid_)
966
967#define _Inout_cap_x_(size) _SAL1_1_Source_(_Inout_cap_x_, (size), _Pre_valid_cap_x_(size) _Post_valid_)
968#define _Inout_opt_cap_x_(size) _SAL1_1_Source_(_Inout_opt_cap_x_, (size), _Pre_opt_valid_cap_x_(size) _Post_valid_)
969#define _Inout_bytecap_x_(size) _SAL1_1_Source_(_Inout_bytecap_x_, (size), _Pre_valid_bytecap_x_(size) _Post_valid_)
970#define _Inout_opt_bytecap_x_(size) _SAL1_1_Source_(_Inout_opt_bytecap_x_, (size), _Pre_opt_valid_bytecap_x_(size) _Post_valid_)
971
972// inout string buffers with writable size
973// e.g. void AppendStr( _In_z_ const char* szFrom, _Inout_z_cap_(cchTo) char* szTo, size_t cchTo );
974#define _Inout_z_cap_(size) _SAL1_1_Source_(_Inout_z_cap_, (size), _Pre_z_cap_(size) _Post_z_)
975#define _Inout_opt_z_cap_(size) _SAL1_1_Source_(_Inout_opt_z_cap_, (size), _Pre_opt_z_cap_(size) _Post_z_)
976#define _Inout_z_bytecap_(size) _SAL1_1_Source_(_Inout_z_bytecap_, (size), _Pre_z_bytecap_(size) _Post_z_)
977#define _Inout_opt_z_bytecap_(size) _SAL1_1_Source_(_Inout_opt_z_bytecap_, (size), _Pre_opt_z_bytecap_(size) _Post_z_)
978
979#define _Inout_z_cap_c_(size) _SAL1_1_Source_(_Inout_z_cap_c_, (size), _Pre_z_cap_c_(size) _Post_z_)
980#define _Inout_opt_z_cap_c_(size) _SAL1_1_Source_(_Inout_opt_z_cap_c_, (size), _Pre_opt_z_cap_c_(size) _Post_z_)
981#define _Inout_z_bytecap_c_(size) _SAL1_1_Source_(_Inout_z_bytecap_c_, (size), _Pre_z_bytecap_c_(size) _Post_z_)
982#define _Inout_opt_z_bytecap_c_(size) _SAL1_1_Source_(_Inout_opt_z_bytecap_c_, (size), _Pre_opt_z_bytecap_c_(size) _Post_z_)
983
984#define _Inout_z_cap_x_(size) _SAL1_1_Source_(_Inout_z_cap_x_, (size), _Pre_z_cap_x_(size) _Post_z_)
985#define _Inout_opt_z_cap_x_(size) _SAL1_1_Source_(_Inout_opt_z_cap_x_, (size), _Pre_opt_z_cap_x_(size) _Post_z_)
986#define _Inout_z_bytecap_x_(size) _SAL1_1_Source_(_Inout_z_bytecap_x_, (size), _Pre_z_bytecap_x_(size) _Post_z_)
987#define _Inout_opt_z_bytecap_x_(size) _SAL1_1_Source_(_Inout_opt_z_bytecap_x_, (size), _Pre_opt_z_bytecap_x_(size) _Post_z_)
988
989
990// returning pointers to valid objects
991#define _Ret_ _SAL1_1_Source_(_Ret_, (), _Ret_valid_)
992#define _Ret_opt_ _SAL1_1_Source_(_Ret_opt_, (), _Ret_opt_valid_)
993
994// annotations to express 'boundedness' of integral value parameter
995#define _In_bound_ _SAL1_1_Source_(_In_bound_, (), _In_bound_impl_)
996#define _Out_bound_ _SAL1_1_Source_(_Out_bound_, (), _Out_bound_impl_)
997#define _Ret_bound_ _SAL1_1_Source_(_Ret_bound_, (), _Ret_bound_impl_)
998#define _Deref_in_bound_ _SAL1_1_Source_(_Deref_in_bound_, (), _Deref_in_bound_impl_)
999#define _Deref_out_bound_ _SAL1_1_Source_(_Deref_out_bound_, (), _Deref_out_bound_impl_)
1000#define _Deref_inout_bound_ _SAL1_1_Source_(_Deref_inout_bound_, (), _Deref_in_bound_ _Deref_out_bound_)
1001#define _Deref_ret_bound_ _SAL1_1_Source_(_Deref_ret_bound_, (), _Deref_ret_bound_impl_)
1002
1003// e.g. HRESULT HrCreatePoint( _Deref_out_opt_ POINT** ppPT );
1004#define _Deref_out_ _SAL1_1_Source_(_Deref_out_, (), _Out_ _Deref_post_valid_)
1005#define _Deref_out_opt_ _SAL1_1_Source_(_Deref_out_opt_, (), _Out_ _Deref_post_opt_valid_)
1006#define _Deref_opt_out_ _SAL1_1_Source_(_Deref_opt_out_, (), _Out_opt_ _Deref_post_valid_)
1007#define _Deref_opt_out_opt_ _SAL1_1_Source_(_Deref_opt_out_opt_, (), _Out_opt_ _Deref_post_opt_valid_)
1008
1009// e.g. void CloneString( _In_z_ const WCHAR* wzFrom, _Deref_out_z_ WCHAR** pWzTo );
1010#define _Deref_out_z_ _SAL1_1_Source_(_Deref_out_z_, (), _Out_ _Deref_post_z_)
1011#define _Deref_out_opt_z_ _SAL1_1_Source_(_Deref_out_opt_z_, (), _Out_ _Deref_post_opt_z_)
1012#define _Deref_opt_out_z_ _SAL1_1_Source_(_Deref_opt_out_z_, (), _Out_opt_ _Deref_post_z_)
1013#define _Deref_opt_out_opt_z_ _SAL1_1_Source_(_Deref_opt_out_opt_z_, (), _Out_opt_ _Deref_post_opt_z_)
1014
1015//
1016// _Deref_pre_ ---
1017//
1018// describing conditions for array elements of dereferenced pointer parameters that must be met before the call
1019
1020// e.g. void SaveStringArray( _In_count_(cStrings) _Deref_pre_z_ const WCHAR* const rgpwch[] );
1021#define _Deref_pre_z_ _SAL1_1_Source_(_Deref_pre_z_, (), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__zterm_impl) _Pre_valid_impl_)
1022#define _Deref_pre_opt_z_ _SAL1_1_Source_(_Deref_pre_opt_z_, (), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__zterm_impl) _Pre_valid_impl_)
1023
1024// e.g. void FillInArrayOfStr32( _In_count_(cStrings) _Deref_pre_cap_c_(32) _Deref_post_z_ WCHAR* const rgpwch[] );
1025// buffer capacity is described by another parameter
1026#define _Deref_pre_cap_(size) _SAL1_1_Source_(_Deref_pre_cap_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__cap_impl(size)))
1027#define _Deref_pre_opt_cap_(size) _SAL1_1_Source_(_Deref_pre_opt_cap_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__cap_impl(size)))
1028#define _Deref_pre_bytecap_(size) _SAL1_1_Source_(_Deref_pre_bytecap_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecap_impl(size)))
1029#define _Deref_pre_opt_bytecap_(size) _SAL1_1_Source_(_Deref_pre_opt_bytecap_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecap_impl(size)))
1030
1031// buffer capacity is described by a constant expression
1032#define _Deref_pre_cap_c_(size) _SAL1_1_Source_(_Deref_pre_cap_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__cap_c_impl(size)))
1033#define _Deref_pre_opt_cap_c_(size) _SAL1_1_Source_(_Deref_pre_opt_cap_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__cap_c_impl(size)))
1034#define _Deref_pre_bytecap_c_(size) _SAL1_1_Source_(_Deref_pre_bytecap_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecap_c_impl(size)))
1035#define _Deref_pre_opt_bytecap_c_(size) _SAL1_1_Source_(_Deref_pre_opt_bytecap_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecap_c_impl(size)))
1036
1037// buffer capacity is described by a complex condition
1038#define _Deref_pre_cap_x_(size) _SAL1_1_Source_(_Deref_pre_cap_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__cap_x_impl(size)))
1039#define _Deref_pre_opt_cap_x_(size) _SAL1_1_Source_(_Deref_pre_opt_cap_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__cap_x_impl(size)))
1040#define _Deref_pre_bytecap_x_(size) _SAL1_1_Source_(_Deref_pre_bytecap_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecap_x_impl(size)))
1041#define _Deref_pre_opt_bytecap_x_(size) _SAL1_1_Source_(_Deref_pre_opt_bytecap_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecap_x_impl(size)))
1042
1043// convenience macros for nullterminated buffers with given capacity
1044#define _Deref_pre_z_cap_(size) _SAL1_1_Source_(_Deref_pre_z_cap_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__cap_impl(size)) _Pre_valid_impl_)
1045#define _Deref_pre_opt_z_cap_(size) _SAL1_1_Source_(_Deref_pre_opt_z_cap_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__cap_impl(size)) _Pre_valid_impl_)
1046#define _Deref_pre_z_bytecap_(size) _SAL1_1_Source_(_Deref_pre_z_bytecap_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__bytecap_impl(size)) _Pre_valid_impl_)
1047#define _Deref_pre_opt_z_bytecap_(size) _SAL1_1_Source_(_Deref_pre_opt_z_bytecap_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__bytecap_impl(size)) _Pre_valid_impl_)
1048
1049#define _Deref_pre_z_cap_c_(size) _SAL1_1_Source_(_Deref_pre_z_cap_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__cap_c_impl(size)) _Pre_valid_impl_)
1050#define _Deref_pre_opt_z_cap_c_(size) _SAL1_1_Source_(_Deref_pre_opt_z_cap_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__cap_c_impl(size)) _Pre_valid_impl_)
1051#define _Deref_pre_z_bytecap_c_(size) _SAL1_1_Source_(_Deref_pre_z_bytecap_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__bytecap_c_impl(size)) _Pre_valid_impl_)
1052#define _Deref_pre_opt_z_bytecap_c_(size) _SAL1_1_Source_(_Deref_pre_opt_z_bytecap_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__bytecap_c_impl(size)) _Pre_valid_impl_)
1053
1054#define _Deref_pre_z_cap_x_(size) _SAL1_1_Source_(_Deref_pre_z_cap_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__cap_x_impl(size)) _Pre_valid_impl_)
1055#define _Deref_pre_opt_z_cap_x_(size) _SAL1_1_Source_(_Deref_pre_opt_z_cap_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__cap_x_impl(size)) _Pre_valid_impl_)
1056#define _Deref_pre_z_bytecap_x_(size) _SAL1_1_Source_(_Deref_pre_z_bytecap_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__bytecap_x_impl(size)) _Pre_valid_impl_)
1057#define _Deref_pre_opt_z_bytecap_x_(size) _SAL1_1_Source_(_Deref_pre_opt_z_bytecap_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre2_impl_(__zterm_impl,__bytecap_x_impl(size)) _Pre_valid_impl_)
1058
1059// known capacity and valid but unknown readable extent
1060#define _Deref_pre_valid_cap_(size) _SAL1_1_Source_(_Deref_pre_valid_cap_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__cap_impl(size)) _Pre_valid_impl_)
1061#define _Deref_pre_opt_valid_cap_(size) _SAL1_1_Source_(_Deref_pre_opt_valid_cap_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__cap_impl(size)) _Pre_valid_impl_)
1062#define _Deref_pre_valid_bytecap_(size) _SAL1_1_Source_(_Deref_pre_valid_bytecap_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecap_impl(size)) _Pre_valid_impl_)
1063#define _Deref_pre_opt_valid_bytecap_(size) _SAL1_1_Source_(_Deref_pre_opt_valid_bytecap_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecap_impl(size)) _Pre_valid_impl_)
1064
1065#define _Deref_pre_valid_cap_c_(size) _SAL1_1_Source_(_Deref_pre_valid_cap_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__cap_c_impl(size)) _Pre_valid_impl_)
1066#define _Deref_pre_opt_valid_cap_c_(size) _SAL1_1_Source_(_Deref_pre_opt_valid_cap_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__cap_c_impl(size)) _Pre_valid_impl_)
1067#define _Deref_pre_valid_bytecap_c_(size) _SAL1_1_Source_(_Deref_pre_valid_bytecap_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecap_c_impl(size)) _Pre_valid_impl_)
1068#define _Deref_pre_opt_valid_bytecap_c_(size) _SAL1_1_Source_(_Deref_pre_opt_valid_bytecap_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecap_c_impl(size)) _Pre_valid_impl_)
1069
1070#define _Deref_pre_valid_cap_x_(size) _SAL1_1_Source_(_Deref_pre_valid_cap_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__cap_x_impl(size)) _Pre_valid_impl_)
1071#define _Deref_pre_opt_valid_cap_x_(size) _SAL1_1_Source_(_Deref_pre_opt_valid_cap_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__cap_x_impl(size)) _Pre_valid_impl_)
1072#define _Deref_pre_valid_bytecap_x_(size) _SAL1_1_Source_(_Deref_pre_valid_bytecap_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecap_x_impl(size)) _Pre_valid_impl_)
1073#define _Deref_pre_opt_valid_bytecap_x_(size) _SAL1_1_Source_(_Deref_pre_opt_valid_bytecap_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecap_x_impl(size)) _Pre_valid_impl_)
1074
1075// e.g. void SaveMatrix( _In_count_(n) _Deref_pre_count_(n) const Elem** matrix, size_t n );
1076// valid buffer extent is described by another parameter
1077#define _Deref_pre_count_(size) _SAL1_1_Source_(_Deref_pre_count_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__count_impl(size)) _Pre_valid_impl_)
1078#define _Deref_pre_opt_count_(size) _SAL1_1_Source_(_Deref_pre_opt_count_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__count_impl(size)) _Pre_valid_impl_)
1079#define _Deref_pre_bytecount_(size) _SAL1_1_Source_(_Deref_pre_bytecount_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecount_impl(size)) _Pre_valid_impl_)
1080#define _Deref_pre_opt_bytecount_(size) _SAL1_1_Source_(_Deref_pre_opt_bytecount_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecount_impl(size)) _Pre_valid_impl_)
1081
1082// valid buffer extent is described by a constant expression
1083#define _Deref_pre_count_c_(size) _SAL1_1_Source_(_Deref_pre_count_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__count_c_impl(size)) _Pre_valid_impl_)
1084#define _Deref_pre_opt_count_c_(size) _SAL1_1_Source_(_Deref_pre_opt_count_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__count_c_impl(size)) _Pre_valid_impl_)
1085#define _Deref_pre_bytecount_c_(size) _SAL1_1_Source_(_Deref_pre_bytecount_c_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecount_c_impl(size)) _Pre_valid_impl_)
1086#define _Deref_pre_opt_bytecount_c_(size) _SAL1_1_Source_(_Deref_pre_opt_bytecount_c_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecount_c_impl(size)) _Pre_valid_impl_)
1087
1088// valid buffer extent is described by a complex expression
1089#define _Deref_pre_count_x_(size) _SAL1_1_Source_(_Deref_pre_count_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__count_x_impl(size)) _Pre_valid_impl_)
1090#define _Deref_pre_opt_count_x_(size) _SAL1_1_Source_(_Deref_pre_opt_count_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__count_x_impl(size)) _Pre_valid_impl_)
1091#define _Deref_pre_bytecount_x_(size) _SAL1_1_Source_(_Deref_pre_bytecount_x_, (size), _Deref_pre1_impl_(__notnull_impl_notref) _Deref_pre1_impl_(__bytecount_x_impl(size)) _Pre_valid_impl_)
1092#define _Deref_pre_opt_bytecount_x_(size) _SAL1_1_Source_(_Deref_pre_opt_bytecount_x_, (size), _Deref_pre1_impl_(__maybenull_impl_notref) _Deref_pre1_impl_(__bytecount_x_impl(size)) _Pre_valid_impl_)
1093
1094// e.g. void PrintStringArray( _In_count_(cElems) _Deref_pre_valid_ LPCSTR rgStr[], size_t cElems );
1095#define _Deref_pre_valid_ _SAL1_1_Source_(_Deref_pre_valid_, (), _Deref_pre1_impl_(__notnull_impl_notref) _Pre_valid_impl_)
1096#define _Deref_pre_opt_valid_ _SAL1_1_Source_(_Deref_pre_opt_valid_, (), _Deref_pre1_impl_(__maybenull_impl_notref) _Pre_valid_impl_)
1097#define _Deref_pre_invalid_ _SAL1_1_Source_(_Deref_pre_invalid_, (), _Deref_pre1_impl_(__notvalid_impl))
1098
1099#define _Deref_pre_notnull_ _SAL1_1_Source_(_Deref_pre_notnull_, (), _Deref_pre1_impl_(__notnull_impl_notref))
1100#define _Deref_pre_maybenull_ _SAL1_1_Source_(_Deref_pre_maybenull_, (), _Deref_pre1_impl_(__maybenull_impl_notref))
1101#define _Deref_pre_null_ _SAL1_1_Source_(_Deref_pre_null_, (), _Deref_pre1_impl_(__null_impl_notref))
1102
1103// restrict access rights
1104#define _Deref_pre_readonly_ _SAL1_1_Source_(_Deref_pre_readonly_, (), _Deref_pre1_impl_(__readaccess_impl_notref))
1105#define _Deref_pre_writeonly_ _SAL1_1_Source_(_Deref_pre_writeonly_, (), _Deref_pre1_impl_(__writeaccess_impl_notref))
1106
1107//
1108// _Deref_post_ ---
1109//
1110// describing conditions for array elements or dereferenced pointer parameters that hold after the call
1111
1112// e.g. void CloneString( _In_z_ const Wchar_t* wzIn _Out_ _Deref_post_z_ WCHAR** pWzOut );
1113#define _Deref_post_z_ _SAL1_1_Source_(_Deref_post_z_, (), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__zterm_impl) _Post_valid_impl_)
1114#define _Deref_post_opt_z_ _SAL1_1_Source_(_Deref_post_opt_z_, (), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__zterm_impl) _Post_valid_impl_)
1115
1116// e.g. HRESULT HrAllocateMemory( size_t cb, _Out_ _Deref_post_bytecap_(cb) void** ppv );
1117// buffer capacity is described by another parameter
1118#define _Deref_post_cap_(size) _SAL1_1_Source_(_Deref_post_cap_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__cap_impl(size)))
1119#define _Deref_post_opt_cap_(size) _SAL1_1_Source_(_Deref_post_opt_cap_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__cap_impl(size)))
1120#define _Deref_post_bytecap_(size) _SAL1_1_Source_(_Deref_post_bytecap_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecap_impl(size)))
1121#define _Deref_post_opt_bytecap_(size) _SAL1_1_Source_(_Deref_post_opt_bytecap_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecap_impl(size)))
1122
1123// buffer capacity is described by a constant expression
1124#define _Deref_post_cap_c_(size) _SAL1_1_Source_(_Deref_post_cap_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__cap_c_impl(size)))
1125#define _Deref_post_opt_cap_c_(size) _SAL1_1_Source_(_Deref_post_opt_cap_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__cap_c_impl(size)))
1126#define _Deref_post_bytecap_c_(size) _SAL1_1_Source_(_Deref_post_bytecap_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecap_c_impl(size)))
1127#define _Deref_post_opt_bytecap_c_(size) _SAL1_1_Source_(_Deref_post_opt_bytecap_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecap_c_impl(size)))
1128
1129// buffer capacity is described by a complex expression
1130#define _Deref_post_cap_x_(size) _SAL1_1_Source_(_Deref_post_cap_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__cap_x_impl(size)))
1131#define _Deref_post_opt_cap_x_(size) _SAL1_1_Source_(_Deref_post_opt_cap_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__cap_x_impl(size)))
1132#define _Deref_post_bytecap_x_(size) _SAL1_1_Source_(_Deref_post_bytecap_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecap_x_impl(size)))
1133#define _Deref_post_opt_bytecap_x_(size) _SAL1_1_Source_(_Deref_post_opt_bytecap_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecap_x_impl(size)))
1134
1135// convenience macros for nullterminated buffers with given capacity
1136#define _Deref_post_z_cap_(size) _SAL1_1_Source_(_Deref_post_z_cap_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post2_impl_(__zterm_impl,__cap_impl(size)) _Post_valid_impl_)
1137#define _Deref_post_opt_z_cap_(size) _SAL1_1_Source_(_Deref_post_opt_z_cap_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post2_impl_(__zterm_impl,__cap_impl(size)) _Post_valid_impl_)
1138#define _Deref_post_z_bytecap_(size) _SAL1_1_Source_(_Deref_post_z_bytecap_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post2_impl_(__zterm_impl,__bytecap_impl(size)) _Post_valid_impl_)
1139#define _Deref_post_opt_z_bytecap_(size) _SAL1_1_Source_(_Deref_post_opt_z_bytecap_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post2_impl_(__zterm_impl,__bytecap_impl(size)) _Post_valid_impl_)
1140
1141#define _Deref_post_z_cap_c_(size) _SAL1_1_Source_(_Deref_post_z_cap_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post2_impl_(__zterm_impl,__cap_c_impl(size)) _Post_valid_impl_)
1142#define _Deref_post_opt_z_cap_c_(size) _SAL1_1_Source_(_Deref_post_opt_z_cap_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post2_impl_(__zterm_impl,__cap_c_impl(size)) _Post_valid_impl_)
1143#define _Deref_post_z_bytecap_c_(size) _SAL1_1_Source_(_Deref_post_z_bytecap_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post2_impl_(__zterm_impl,__bytecap_c_impl(size)) _Post_valid_impl_)
1144#define _Deref_post_opt_z_bytecap_c_(size) _SAL1_1_Source_(_Deref_post_opt_z_bytecap_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post2_impl_(__zterm_impl,__bytecap_c_impl(size)) _Post_valid_impl_)
1145
1146#define _Deref_post_z_cap_x_(size) _SAL1_1_Source_(_Deref_post_z_cap_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post2_impl_(__zterm_impl,__cap_x_impl(size)) _Post_valid_impl_)
1147#define _Deref_post_opt_z_cap_x_(size) _SAL1_1_Source_(_Deref_post_opt_z_cap_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post2_impl_(__zterm_impl,__cap_x_impl(size)) _Post_valid_impl_)
1148#define _Deref_post_z_bytecap_x_(size) _SAL1_1_Source_(_Deref_post_z_bytecap_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post2_impl_(__zterm_impl,__bytecap_x_impl(size)) _Post_valid_impl_)
1149#define _Deref_post_opt_z_bytecap_x_(size) _SAL1_1_Source_(_Deref_post_opt_z_bytecap_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post2_impl_(__zterm_impl,__bytecap_x_impl(size)) _Post_valid_impl_)
1150
1151// known capacity and valid but unknown readable extent
1152#define _Deref_post_valid_cap_(size) _SAL1_1_Source_(_Deref_post_valid_cap_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__cap_impl(size)) _Post_valid_impl_)
1153#define _Deref_post_opt_valid_cap_(size) _SAL1_1_Source_(_Deref_post_opt_valid_cap_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__cap_impl(size)) _Post_valid_impl_)
1154#define _Deref_post_valid_bytecap_(size) _SAL1_1_Source_(_Deref_post_valid_bytecap_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecap_impl(size)) _Post_valid_impl_)
1155#define _Deref_post_opt_valid_bytecap_(size) _SAL1_1_Source_(_Deref_post_opt_valid_bytecap_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecap_impl(size)) _Post_valid_impl_)
1156
1157#define _Deref_post_valid_cap_c_(size) _SAL1_1_Source_(_Deref_post_valid_cap_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__cap_c_impl(size)) _Post_valid_impl_)
1158#define _Deref_post_opt_valid_cap_c_(size) _SAL1_1_Source_(_Deref_post_opt_valid_cap_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__cap_c_impl(size)) _Post_valid_impl_)
1159#define _Deref_post_valid_bytecap_c_(size) _SAL1_1_Source_(_Deref_post_valid_bytecap_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecap_c_impl(size)) _Post_valid_impl_)
1160#define _Deref_post_opt_valid_bytecap_c_(size) _SAL1_1_Source_(_Deref_post_opt_valid_bytecap_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecap_c_impl(size)) _Post_valid_impl_)
1161
1162#define _Deref_post_valid_cap_x_(size) _SAL1_1_Source_(_Deref_post_valid_cap_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__cap_x_impl(size)) _Post_valid_impl_)
1163#define _Deref_post_opt_valid_cap_x_(size) _SAL1_1_Source_(_Deref_post_opt_valid_cap_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__cap_x_impl(size)) _Post_valid_impl_)
1164#define _Deref_post_valid_bytecap_x_(size) _SAL1_1_Source_(_Deref_post_valid_bytecap_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecap_x_impl(size)) _Post_valid_impl_)
1165#define _Deref_post_opt_valid_bytecap_x_(size) _SAL1_1_Source_(_Deref_post_opt_valid_bytecap_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecap_x_impl(size)) _Post_valid_impl_)
1166
1167// e.g. HRESULT HrAllocateZeroInitializedMemory( size_t cb, _Out_ _Deref_post_bytecount_(cb) void** ppv );
1168// valid buffer extent is described by another parameter
1169#define _Deref_post_count_(size) _SAL1_1_Source_(_Deref_post_count_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__count_impl(size)) _Post_valid_impl_)
1170#define _Deref_post_opt_count_(size) _SAL1_1_Source_(_Deref_post_opt_count_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__count_impl(size)) _Post_valid_impl_)
1171#define _Deref_post_bytecount_(size) _SAL1_1_Source_(_Deref_post_bytecount_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecount_impl(size)) _Post_valid_impl_)
1172#define _Deref_post_opt_bytecount_(size) _SAL1_1_Source_(_Deref_post_opt_bytecount_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecount_impl(size)) _Post_valid_impl_)
1173
1174// buffer capacity is described by a constant expression
1175#define _Deref_post_count_c_(size) _SAL1_1_Source_(_Deref_post_count_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__count_c_impl(size)) _Post_valid_impl_)
1176#define _Deref_post_opt_count_c_(size) _SAL1_1_Source_(_Deref_post_opt_count_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__count_c_impl(size)) _Post_valid_impl_)
1177#define _Deref_post_bytecount_c_(size) _SAL1_1_Source_(_Deref_post_bytecount_c_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecount_c_impl(size)) _Post_valid_impl_)
1178#define _Deref_post_opt_bytecount_c_(size) _SAL1_1_Source_(_Deref_post_opt_bytecount_c_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecount_c_impl(size)) _Post_valid_impl_)
1179
1180// buffer capacity is described by a complex expression
1181#define _Deref_post_count_x_(size) _SAL1_1_Source_(_Deref_post_count_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__count_x_impl(size)) _Post_valid_impl_)
1182#define _Deref_post_opt_count_x_(size) _SAL1_1_Source_(_Deref_post_opt_count_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__count_x_impl(size)) _Post_valid_impl_)
1183#define _Deref_post_bytecount_x_(size) _SAL1_1_Source_(_Deref_post_bytecount_x_, (size), _Deref_post1_impl_(__notnull_impl_notref) _Deref_post1_impl_(__bytecount_x_impl(size)) _Post_valid_impl_)
1184#define _Deref_post_opt_bytecount_x_(size) _SAL1_1_Source_(_Deref_post_opt_bytecount_x_, (size), _Deref_post1_impl_(__maybenull_impl_notref) _Deref_post1_impl_(__bytecount_x_impl(size)) _Post_valid_impl_)
1185
1186// e.g. void GetStrings( _Out_count_(cElems) _Deref_post_valid_ LPSTR const rgStr[], size_t cElems );
1187#define _Deref_post_valid_ _SAL1_1_Source_(_Deref_post_valid_, (), _Deref_post1_impl_(__notnull_impl_notref) _Post_valid_impl_)
1188#define _Deref_post_opt_valid_ _SAL1_1_Source_(_Deref_post_opt_valid_, (), _Deref_post1_impl_(__maybenull_impl_notref) _Post_valid_impl_)
1189
1190#define _Deref_post_notnull_ _SAL1_1_Source_(_Deref_post_notnull_, (), _Deref_post1_impl_(__notnull_impl_notref))
1191#define _Deref_post_maybenull_ _SAL1_1_Source_(_Deref_post_maybenull_, (), _Deref_post1_impl_(__maybenull_impl_notref))
1192#define _Deref_post_null_ _SAL1_1_Source_(_Deref_post_null_, (), _Deref_post1_impl_(__null_impl_notref))
1193
1194//
1195// _Deref_ret_ ---
1196//
1197
1198#define _Deref_ret_z_ _SAL1_1_Source_(_Deref_ret_z_, (), _Deref_ret1_impl_(__notnull_impl_notref) _Deref_ret1_impl_(__zterm_impl))
1199#define _Deref_ret_opt_z_ _SAL1_1_Source_(_Deref_ret_opt_z_, (), _Deref_ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__zterm_impl))
1200
1201//
1202// special _Deref_ ---
1203//
1204#define _Deref2_pre_readonly_ _SAL1_1_Source_(_Deref2_pre_readonly_, (), _Deref2_pre1_impl_(__readaccess_impl_notref))
1205
1206//
1207// _Ret_ ---
1208//
1209
1210// e.g. _Ret_opt_valid_ LPSTR void* CloneSTR( _Pre_valid_ LPSTR src );
1211#define _Ret_opt_valid_ _SAL1_1_Source_(_Ret_opt_valid_, (), _Ret1_impl_(__maybenull_impl_notref) _Ret_valid_impl_)
1212#define _Ret_opt_z_ _SAL1_1_Source_(_Ret_opt_z_, (), _Ret2_impl_(__maybenull_impl,__zterm_impl) _Ret_valid_impl_)
1213
1214// e.g. _Ret_opt_bytecap_(cb) void* AllocateMemory( size_t cb );
1215// Buffer capacity is described by another parameter
1216#define _Ret_cap_(size) _SAL1_1_Source_(_Ret_cap_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__cap_impl(size)))
1217#define _Ret_opt_cap_(size) _SAL1_1_Source_(_Ret_opt_cap_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__cap_impl(size)))
1218#define _Ret_bytecap_(size) _SAL1_1_Source_(_Ret_bytecap_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__bytecap_impl(size)))
1219#define _Ret_opt_bytecap_(size) _SAL1_1_Source_(_Ret_opt_bytecap_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__bytecap_impl(size)))
1220
1221// Buffer capacity is described by a constant expression
1222#define _Ret_cap_c_(size) _SAL1_1_Source_(_Ret_cap_c_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__cap_c_impl(size)))
1223#define _Ret_opt_cap_c_(size) _SAL1_1_Source_(_Ret_opt_cap_c_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__cap_c_impl(size)))
1224#define _Ret_bytecap_c_(size) _SAL1_1_Source_(_Ret_bytecap_c_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__bytecap_c_impl(size)))
1225#define _Ret_opt_bytecap_c_(size) _SAL1_1_Source_(_Ret_opt_bytecap_c_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__bytecap_c_impl(size)))
1226
1227// Buffer capacity is described by a complex condition
1228#define _Ret_cap_x_(size) _SAL1_1_Source_(_Ret_cap_x_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__cap_x_impl(size)))
1229#define _Ret_opt_cap_x_(size) _SAL1_1_Source_(_Ret_opt_cap_x_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__cap_x_impl(size)))
1230#define _Ret_bytecap_x_(size) _SAL1_1_Source_(_Ret_bytecap_x_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__bytecap_x_impl(size)))
1231#define _Ret_opt_bytecap_x_(size) _SAL1_1_Source_(_Ret_opt_bytecap_x_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__bytecap_x_impl(size)))
1232
1233// return value is nullterminated and capacity is given by another parameter
1234#define _Ret_z_cap_(size) _SAL1_1_Source_(_Ret_z_cap_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret2_impl_(__zterm_impl,__cap_impl(size)) _Ret_valid_impl_)
1235#define _Ret_opt_z_cap_(size) _SAL1_1_Source_(_Ret_opt_z_cap_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret2_impl_(__zterm_impl,__cap_impl(size)) _Ret_valid_impl_)
1236#define _Ret_z_bytecap_(size) _SAL1_1_Source_(_Ret_z_bytecap_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret2_impl_(__zterm_impl,__bytecap_impl(size)) _Ret_valid_impl_)
1237#define _Ret_opt_z_bytecap_(size) _SAL1_1_Source_(_Ret_opt_z_bytecap_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret2_impl_(__zterm_impl,__bytecap_impl(size)) _Ret_valid_impl_)
1238
1239// e.g. _Ret_opt_bytecount_(cb) void* AllocateZeroInitializedMemory( size_t cb );
1240// Valid Buffer extent is described by another parameter
1241#define _Ret_count_(size) _SAL1_1_Source_(_Ret_count_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__count_impl(size)) _Ret_valid_impl_)
1242#define _Ret_opt_count_(size) _SAL1_1_Source_(_Ret_opt_count_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__count_impl(size)) _Ret_valid_impl_)
1243#define _Ret_bytecount_(size) _SAL1_1_Source_(_Ret_bytecount_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__bytecount_impl(size)) _Ret_valid_impl_)
1244#define _Ret_opt_bytecount_(size) _SAL1_1_Source_(_Ret_opt_bytecount_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__bytecount_impl(size)) _Ret_valid_impl_)
1245
1246// Valid Buffer extent is described by a constant expression
1247#define _Ret_count_c_(size) _SAL1_1_Source_(_Ret_count_c_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__count_c_impl(size)) _Ret_valid_impl_)
1248#define _Ret_opt_count_c_(size) _SAL1_1_Source_(_Ret_opt_count_c_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__count_c_impl(size)) _Ret_valid_impl_)
1249#define _Ret_bytecount_c_(size) _SAL1_1_Source_(_Ret_bytecount_c_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__bytecount_c_impl(size)) _Ret_valid_impl_)
1250#define _Ret_opt_bytecount_c_(size) _SAL1_1_Source_(_Ret_opt_bytecount_c_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__bytecount_c_impl(size)) _Ret_valid_impl_)
1251
1252// Valid Buffer extent is described by a complex expression
1253#define _Ret_count_x_(size) _SAL1_1_Source_(_Ret_count_x_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__count_x_impl(size)) _Ret_valid_impl_)
1254#define _Ret_opt_count_x_(size) _SAL1_1_Source_(_Ret_opt_count_x_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__count_x_impl(size)) _Ret_valid_impl_)
1255#define _Ret_bytecount_x_(size) _SAL1_1_Source_(_Ret_bytecount_x_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret1_impl_(__bytecount_x_impl(size)) _Ret_valid_impl_)
1256#define _Ret_opt_bytecount_x_(size) _SAL1_1_Source_(_Ret_opt_bytecount_x_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret1_impl_(__bytecount_x_impl(size)) _Ret_valid_impl_)
1257
1258// return value is nullterminated and length is given by another parameter
1259#define _Ret_z_count_(size) _SAL1_1_Source_(_Ret_z_count_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret2_impl_(__zterm_impl,__count_impl(size)) _Ret_valid_impl_)
1260#define _Ret_opt_z_count_(size) _SAL1_1_Source_(_Ret_opt_z_count_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret2_impl_(__zterm_impl,__count_impl(size)) _Ret_valid_impl_)
1261#define _Ret_z_bytecount_(size) _SAL1_1_Source_(_Ret_z_bytecount_, (size), _Ret1_impl_(__notnull_impl_notref) _Ret2_impl_(__zterm_impl,__bytecount_impl(size)) _Ret_valid_impl_)
1262#define _Ret_opt_z_bytecount_(size) _SAL1_1_Source_(_Ret_opt_z_bytecount_, (size), _Ret1_impl_(__maybenull_impl_notref) _Ret2_impl_(__zterm_impl,__bytecount_impl(size)) _Ret_valid_impl_)
1263
1264
1265// _Pre_ annotations ---
1266#define _Pre_opt_z_ _SAL1_1_Source_(_Pre_opt_z_, (), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__zterm_impl) _Pre_valid_impl_)
1267
1268// restrict access rights
1269#define _Pre_readonly_ _SAL1_1_Source_(_Pre_readonly_, (), _Pre1_impl_(__readaccess_impl_notref))
1270#define _Pre_writeonly_ _SAL1_1_Source_(_Pre_writeonly_, (), _Pre1_impl_(__writeaccess_impl_notref))
1271
1272// e.g. void FreeMemory( _Pre_bytecap_(cb) _Post_ptr_invalid_ void* pv, size_t cb );
1273// buffer capacity described by another parameter
1274#define _Pre_cap_(size) _SAL1_1_Source_(_Pre_cap_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_impl(size)))
1275#define _Pre_opt_cap_(size) _SAL1_1_Source_(_Pre_opt_cap_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_impl(size)))
1276#define _Pre_bytecap_(size) _SAL1_1_Source_(_Pre_bytecap_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecap_impl(size)))
1277#define _Pre_opt_bytecap_(size) _SAL1_1_Source_(_Pre_opt_bytecap_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecap_impl(size)))
1278
1279// buffer capacity described by a constant expression
1280#define _Pre_cap_c_(size) _SAL1_1_Source_(_Pre_cap_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_c_impl(size)))
1281#define _Pre_opt_cap_c_(size) _SAL1_1_Source_(_Pre_opt_cap_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_c_impl(size)))
1282#define _Pre_bytecap_c_(size) _SAL1_1_Source_(_Pre_bytecap_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecap_c_impl(size)))
1283#define _Pre_opt_bytecap_c_(size) _SAL1_1_Source_(_Pre_opt_bytecap_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecap_c_impl(size)))
1284#define _Pre_cap_c_one_ _SAL1_1_Source_(_Pre_cap_c_one_, (), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_c_one_notref_impl))
1285#define _Pre_opt_cap_c_one_ _SAL1_1_Source_(_Pre_opt_cap_c_one_, (), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_c_one_notref_impl))
1286
1287// buffer capacity is described by another parameter multiplied by a constant expression
1288#define _Pre_cap_m_(mult,size) _SAL1_1_Source_(_Pre_cap_m_, (mult,size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__mult_impl(mult,size)))
1289#define _Pre_opt_cap_m_(mult,size) _SAL1_1_Source_(_Pre_opt_cap_m_, (mult,size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__mult_impl(mult,size)))
1290
1291// buffer capacity described by size of other buffer, only used by dangerous legacy APIs
1292// e.g. int strcpy(_Pre_cap_for_(src) char* dst, const char* src);
1293#define _Pre_cap_for_(param) _SAL1_1_Source_(_Pre_cap_for_, (param), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_for_impl(param)))
1294#define _Pre_opt_cap_for_(param) _SAL1_1_Source_(_Pre_opt_cap_for_, (param), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_for_impl(param)))
1295
1296// buffer capacity described by a complex condition
1297#define _Pre_cap_x_(size) _SAL1_1_Source_(_Pre_cap_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_x_impl(size)))
1298#define _Pre_opt_cap_x_(size) _SAL1_1_Source_(_Pre_opt_cap_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_x_impl(size)))
1299#define _Pre_bytecap_x_(size) _SAL1_1_Source_(_Pre_bytecap_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecap_x_impl(size)))
1300#define _Pre_opt_bytecap_x_(size) _SAL1_1_Source_(_Pre_opt_bytecap_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecap_x_impl(size)))
1301
1302// buffer capacity described by the difference to another pointer parameter
1303#define _Pre_ptrdiff_cap_(ptr) _SAL1_1_Source_(_Pre_ptrdiff_cap_, (ptr), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_x_impl(__ptrdiff(ptr))))
1304#define _Pre_opt_ptrdiff_cap_(ptr) _SAL1_1_Source_(_Pre_opt_ptrdiff_cap_, (ptr), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_x_impl(__ptrdiff(ptr))))
1305
1306// e.g. void AppendStr( _Pre_z_ const char* szFrom, _Pre_z_cap_(cchTo) _Post_z_ char* szTo, size_t cchTo );
1307#define _Pre_z_cap_(size) _SAL1_1_Source_(_Pre_z_cap_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre2_impl_(__zterm_impl,__cap_impl(size)) _Pre_valid_impl_)
1308#define _Pre_opt_z_cap_(size) _SAL1_1_Source_(_Pre_opt_z_cap_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre2_impl_(__zterm_impl,__cap_impl(size)) _Pre_valid_impl_)
1309#define _Pre_z_bytecap_(size) _SAL1_1_Source_(_Pre_z_bytecap_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre2_impl_(__zterm_impl,__bytecap_impl(size)) _Pre_valid_impl_)
1310#define _Pre_opt_z_bytecap_(size) _SAL1_1_Source_(_Pre_opt_z_bytecap_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre2_impl_(__zterm_impl,__bytecap_impl(size)) _Pre_valid_impl_)
1311
1312#define _Pre_z_cap_c_(size) _SAL1_1_Source_(_Pre_z_cap_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre2_impl_(__zterm_impl,__cap_c_impl(size)) _Pre_valid_impl_)
1313#define _Pre_opt_z_cap_c_(size) _SAL1_1_Source_(_Pre_opt_z_cap_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre2_impl_(__zterm_impl,__cap_c_impl(size)) _Pre_valid_impl_)
1314#define _Pre_z_bytecap_c_(size) _SAL1_1_Source_(_Pre_z_bytecap_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre2_impl_(__zterm_impl,__bytecap_c_impl(size)) _Pre_valid_impl_)
1315#define _Pre_opt_z_bytecap_c_(size) _SAL1_1_Source_(_Pre_opt_z_bytecap_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre2_impl_(__zterm_impl,__bytecap_c_impl(size)) _Pre_valid_impl_)
1316
1317#define _Pre_z_cap_x_(size) _SAL1_1_Source_(_Pre_z_cap_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre2_impl_(__zterm_impl,__cap_x_impl(size)) _Pre_valid_impl_)
1318#define _Pre_opt_z_cap_x_(size) _SAL1_1_Source_(_Pre_opt_z_cap_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre2_impl_(__zterm_impl,__cap_x_impl(size)) _Pre_valid_impl_)
1319#define _Pre_z_bytecap_x_(size) _SAL1_1_Source_(_Pre_z_bytecap_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre2_impl_(__zterm_impl,__bytecap_x_impl(size)) _Pre_valid_impl_)
1320#define _Pre_opt_z_bytecap_x_(size) _SAL1_1_Source_(_Pre_opt_z_bytecap_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre2_impl_(__zterm_impl,__bytecap_x_impl(size)) _Pre_valid_impl_)
1321
1322// known capacity and valid but unknown readable extent
1323#define _Pre_valid_cap_(size) _SAL1_1_Source_(_Pre_valid_cap_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_impl(size)) _Pre_valid_impl_)
1324#define _Pre_opt_valid_cap_(size) _SAL1_1_Source_(_Pre_opt_valid_cap_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_impl(size)) _Pre_valid_impl_)
1325#define _Pre_valid_bytecap_(size) _SAL1_1_Source_(_Pre_valid_bytecap_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecap_impl(size)) _Pre_valid_impl_)
1326#define _Pre_opt_valid_bytecap_(size) _SAL1_1_Source_(_Pre_opt_valid_bytecap_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecap_impl(size)) _Pre_valid_impl_)
1327
1328#define _Pre_valid_cap_c_(size) _SAL1_1_Source_(_Pre_valid_cap_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_c_impl(size)) _Pre_valid_impl_)
1329#define _Pre_opt_valid_cap_c_(size) _SAL1_1_Source_(_Pre_opt_valid_cap_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_c_impl(size)) _Pre_valid_impl_)
1330#define _Pre_valid_bytecap_c_(size) _SAL1_1_Source_(_Pre_valid_bytecap_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecap_c_impl(size)) _Pre_valid_impl_)
1331#define _Pre_opt_valid_bytecap_c_(size) _SAL1_1_Source_(_Pre_opt_valid_bytecap_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecap_c_impl(size)) _Pre_valid_impl_)
1332
1333#define _Pre_valid_cap_x_(size) _SAL1_1_Source_(_Pre_valid_cap_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_x_impl(size)) _Pre_valid_impl_)
1334#define _Pre_opt_valid_cap_x_(size) _SAL1_1_Source_(_Pre_opt_valid_cap_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_x_impl(size)) _Pre_valid_impl_)
1335#define _Pre_valid_bytecap_x_(size) _SAL1_1_Source_(_Pre_valid_bytecap_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecap_x_impl(size)) _Pre_valid_impl_)
1336#define _Pre_opt_valid_bytecap_x_(size) _SAL1_1_Source_(_Pre_opt_valid_bytecap_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecap_x_impl(size)) _Pre_valid_impl_)
1337
1338// e.g. void AppendCharRange( _Pre_count_(cchFrom) const char* rgFrom, size_t cchFrom, _Out_z_cap_(cchTo) char* szTo, size_t cchTo );
1339// Valid buffer extent described by another parameter
1340#define _Pre_count_(size) _SAL1_1_Source_(_Pre_count_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__count_impl(size)) _Pre_valid_impl_)
1341#define _Pre_opt_count_(size) _SAL1_1_Source_(_Pre_opt_count_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__count_impl(size)) _Pre_valid_impl_)
1342#define _Pre_bytecount_(size) _SAL1_1_Source_(_Pre_bytecount_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecount_impl(size)) _Pre_valid_impl_)
1343#define _Pre_opt_bytecount_(size) _SAL1_1_Source_(_Pre_opt_bytecount_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecount_impl(size)) _Pre_valid_impl_)
1344
1345// Valid buffer extent described by a constant expression
1346#define _Pre_count_c_(size) _SAL1_1_Source_(_Pre_count_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__count_c_impl(size)) _Pre_valid_impl_)
1347#define _Pre_opt_count_c_(size) _SAL1_1_Source_(_Pre_opt_count_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__count_c_impl(size)) _Pre_valid_impl_)
1348#define _Pre_bytecount_c_(size) _SAL1_1_Source_(_Pre_bytecount_c_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecount_c_impl(size)) _Pre_valid_impl_)
1349#define _Pre_opt_bytecount_c_(size) _SAL1_1_Source_(_Pre_opt_bytecount_c_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecount_c_impl(size)) _Pre_valid_impl_)
1350
1351// Valid buffer extent described by a complex expression
1352#define _Pre_count_x_(size) _SAL1_1_Source_(_Pre_count_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__count_x_impl(size)) _Pre_valid_impl_)
1353#define _Pre_opt_count_x_(size) _SAL1_1_Source_(_Pre_opt_count_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__count_x_impl(size)) _Pre_valid_impl_)
1354#define _Pre_bytecount_x_(size) _SAL1_1_Source_(_Pre_bytecount_x_, (size), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__bytecount_x_impl(size)) _Pre_valid_impl_)
1355#define _Pre_opt_bytecount_x_(size) _SAL1_1_Source_(_Pre_opt_bytecount_x_, (size), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__bytecount_x_impl(size)) _Pre_valid_impl_)
1356
1357// Valid buffer extent described by the difference to another pointer parameter
1358#define _Pre_ptrdiff_count_(ptr) _SAL1_1_Source_(_Pre_ptrdiff_count_, (ptr), _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__count_x_impl(__ptrdiff(ptr))) _Pre_valid_impl_)
1359#define _Pre_opt_ptrdiff_count_(ptr) _SAL1_1_Source_(_Pre_opt_ptrdiff_count_, (ptr), _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__count_x_impl(__ptrdiff(ptr))) _Pre_valid_impl_)
1360
1361
1362// char * strncpy(_Out_cap_(_Count) _Post_maybez_ char * _Dest, _In_z_ const char * _Source, _In_ size_t _Count)
1363// buffer maybe zero-terminated after the call
1364#define _Post_maybez_ _SAL1_1_Source_(_Post_maybez_, (), _Post1_impl_(__maybezterm_impl))
1365
1366// e.g. SIZE_T HeapSize( _In_ HANDLE hHeap, DWORD dwFlags, _Pre_notnull_ _Post_bytecap_(return) LPCVOID lpMem );
1367#define _Post_cap_(size) _SAL1_1_Source_(_Post_cap_, (size), _Post1_impl_(__cap_impl(size)))
1368#define _Post_bytecap_(size) _SAL1_1_Source_(_Post_bytecap_, (size), _Post1_impl_(__bytecap_impl(size)))
1369
1370// e.g. int strlen( _In_z_ _Post_count_(return+1) const char* sz );
1371#define _Post_count_(size) _SAL1_1_Source_(_Post_count_, (size), _Post1_impl_(__count_impl(size)) _Post_valid_impl_)
1372#define _Post_bytecount_(size) _SAL1_1_Source_(_Post_bytecount_, (size), _Post1_impl_(__bytecount_impl(size)) _Post_valid_impl_)
1373#define _Post_count_c_(size) _SAL1_1_Source_(_Post_count_c_, (size), _Post1_impl_(__count_c_impl(size)) _Post_valid_impl_)
1374#define _Post_bytecount_c_(size) _SAL1_1_Source_(_Post_bytecount_c_, (size), _Post1_impl_(__bytecount_c_impl(size)) _Post_valid_impl_)
1375#define _Post_count_x_(size) _SAL1_1_Source_(_Post_count_x_, (size), _Post1_impl_(__count_x_impl(size)) _Post_valid_impl_)
1376#define _Post_bytecount_x_(size) _SAL1_1_Source_(_Post_bytecount_x_, (size), _Post1_impl_(__bytecount_x_impl(size)) _Post_valid_impl_)
1377
1378// e.g. size_t CopyStr( _In_z_ const char* szFrom, _Pre_cap_(cch) _Post_z_count_(return+1) char* szFrom, size_t cchFrom );
1379#define _Post_z_count_(size) _SAL1_1_Source_(_Post_z_count_, (size), _Post2_impl_(__zterm_impl,__count_impl(size)) _Post_valid_impl_)
1380#define _Post_z_bytecount_(size) _SAL1_1_Source_(_Post_z_bytecount_, (size), _Post2_impl_(__zterm_impl,__bytecount_impl(size)) _Post_valid_impl_)
1381#define _Post_z_count_c_(size) _SAL1_1_Source_(_Post_z_count_c_, (size), _Post2_impl_(__zterm_impl,__count_c_impl(size)) _Post_valid_impl_)
1382#define _Post_z_bytecount_c_(size) _SAL1_1_Source_(_Post_z_bytecount_c_, (size), _Post2_impl_(__zterm_impl,__bytecount_c_impl(size)) _Post_valid_impl_)
1383#define _Post_z_count_x_(size) _SAL1_1_Source_(_Post_z_count_x_, (size), _Post2_impl_(__zterm_impl,__count_x_impl(size)) _Post_valid_impl_)
1384#define _Post_z_bytecount_x_(size) _SAL1_1_Source_(_Post_z_bytecount_x_, (size), _Post2_impl_(__zterm_impl,__bytecount_x_impl(size)) _Post_valid_impl_)
1385
1386//
1387// _Prepost_ ---
1388//
1389// describing conditions that hold before and after the function call
1390
1391#define _Prepost_opt_z_ _SAL1_1_Source_(_Prepost_opt_z_, (), _Pre_opt_z_ _Post_z_)
1392
1393#define _Prepost_count_(size) _SAL1_1_Source_(_Prepost_count_, (size), _Pre_count_(size) _Post_count_(size))
1394#define _Prepost_opt_count_(size) _SAL1_1_Source_(_Prepost_opt_count_, (size), _Pre_opt_count_(size) _Post_count_(size))
1395#define _Prepost_bytecount_(size) _SAL1_1_Source_(_Prepost_bytecount_, (size), _Pre_bytecount_(size) _Post_bytecount_(size))
1396#define _Prepost_opt_bytecount_(size) _SAL1_1_Source_(_Prepost_opt_bytecount_, (size), _Pre_opt_bytecount_(size) _Post_bytecount_(size))
1397#define _Prepost_count_c_(size) _SAL1_1_Source_(_Prepost_count_c_, (size), _Pre_count_c_(size) _Post_count_c_(size))
1398#define _Prepost_opt_count_c_(size) _SAL1_1_Source_(_Prepost_opt_count_c_, (size), _Pre_opt_count_c_(size) _Post_count_c_(size))
1399#define _Prepost_bytecount_c_(size) _SAL1_1_Source_(_Prepost_bytecount_c_, (size), _Pre_bytecount_c_(size) _Post_bytecount_c_(size))
1400#define _Prepost_opt_bytecount_c_(size) _SAL1_1_Source_(_Prepost_opt_bytecount_c_, (size), _Pre_opt_bytecount_c_(size) _Post_bytecount_c_(size))
1401#define _Prepost_count_x_(size) _SAL1_1_Source_(_Prepost_count_x_, (size), _Pre_count_x_(size) _Post_count_x_(size))
1402#define _Prepost_opt_count_x_(size) _SAL1_1_Source_(_Prepost_opt_count_x_, (size), _Pre_opt_count_x_(size) _Post_count_x_(size))
1403#define _Prepost_bytecount_x_(size) _SAL1_1_Source_(_Prepost_bytecount_x_, (size), _Pre_bytecount_x_(size) _Post_bytecount_x_(size))
1404#define _Prepost_opt_bytecount_x_(size) _SAL1_1_Source_(_Prepost_opt_bytecount_x_, (size), _Pre_opt_bytecount_x_(size) _Post_bytecount_x_(size))
1405
1406#define _Prepost_valid_ _SAL1_1_Source_(_Prepost_valid_, (), _Pre_valid_ _Post_valid_)
1407#define _Prepost_opt_valid_ _SAL1_1_Source_(_Prepost_opt_valid_, (), _Pre_opt_valid_ _Post_valid_)
1408
1409//
1410// _Deref_<both> ---
1411//
1412// short version for _Deref_pre_<ann> _Deref_post_<ann>
1413// describing conditions for array elements or dereferenced pointer parameters that hold before and after the call
1414
1415#define _Deref_prepost_z_ _SAL1_1_Source_(_Deref_prepost_z_, (), _Deref_pre_z_ _Deref_post_z_)
1416#define _Deref_prepost_opt_z_ _SAL1_1_Source_(_Deref_prepost_opt_z_, (), _Deref_pre_opt_z_ _Deref_post_opt_z_)
1417
1418#define _Deref_prepost_cap_(size) _SAL1_1_Source_(_Deref_prepost_cap_, (size), _Deref_pre_cap_(size) _Deref_post_cap_(size))
1419#define _Deref_prepost_opt_cap_(size) _SAL1_1_Source_(_Deref_prepost_opt_cap_, (size), _Deref_pre_opt_cap_(size) _Deref_post_opt_cap_(size))
1420#define _Deref_prepost_bytecap_(size) _SAL1_1_Source_(_Deref_prepost_bytecap_, (size), _Deref_pre_bytecap_(size) _Deref_post_bytecap_(size))
1421#define _Deref_prepost_opt_bytecap_(size) _SAL1_1_Source_(_Deref_prepost_opt_bytecap_, (size), _Deref_pre_opt_bytecap_(size) _Deref_post_opt_bytecap_(size))
1422
1423#define _Deref_prepost_cap_x_(size) _SAL1_1_Source_(_Deref_prepost_cap_x_, (size), _Deref_pre_cap_x_(size) _Deref_post_cap_x_(size))
1424#define _Deref_prepost_opt_cap_x_(size) _SAL1_1_Source_(_Deref_prepost_opt_cap_x_, (size), _Deref_pre_opt_cap_x_(size) _Deref_post_opt_cap_x_(size))
1425#define _Deref_prepost_bytecap_x_(size) _SAL1_1_Source_(_Deref_prepost_bytecap_x_, (size), _Deref_pre_bytecap_x_(size) _Deref_post_bytecap_x_(size))
1426#define _Deref_prepost_opt_bytecap_x_(size) _SAL1_1_Source_(_Deref_prepost_opt_bytecap_x_, (size), _Deref_pre_opt_bytecap_x_(size) _Deref_post_opt_bytecap_x_(size))
1427
1428#define _Deref_prepost_z_cap_(size) _SAL1_1_Source_(_Deref_prepost_z_cap_, (size), _Deref_pre_z_cap_(size) _Deref_post_z_cap_(size))
1429#define _Deref_prepost_opt_z_cap_(size) _SAL1_1_Source_(_Deref_prepost_opt_z_cap_, (size), _Deref_pre_opt_z_cap_(size) _Deref_post_opt_z_cap_(size))
1430#define _Deref_prepost_z_bytecap_(size) _SAL1_1_Source_(_Deref_prepost_z_bytecap_, (size), _Deref_pre_z_bytecap_(size) _Deref_post_z_bytecap_(size))
1431#define _Deref_prepost_opt_z_bytecap_(size) _SAL1_1_Source_(_Deref_prepost_opt_z_bytecap_, (size), _Deref_pre_opt_z_bytecap_(size) _Deref_post_opt_z_bytecap_(size))
1432
1433#define _Deref_prepost_valid_cap_(size) _SAL1_1_Source_(_Deref_prepost_valid_cap_, (size), _Deref_pre_valid_cap_(size) _Deref_post_valid_cap_(size))
1434#define _Deref_prepost_opt_valid_cap_(size) _SAL1_1_Source_(_Deref_prepost_opt_valid_cap_, (size), _Deref_pre_opt_valid_cap_(size) _Deref_post_opt_valid_cap_(size))
1435#define _Deref_prepost_valid_bytecap_(size) _SAL1_1_Source_(_Deref_prepost_valid_bytecap_, (size), _Deref_pre_valid_bytecap_(size) _Deref_post_valid_bytecap_(size))
1436#define _Deref_prepost_opt_valid_bytecap_(size) _SAL1_1_Source_(_Deref_prepost_opt_valid_bytecap_, (size), _Deref_pre_opt_valid_bytecap_(size) _Deref_post_opt_valid_bytecap_(size))
1437
1438#define _Deref_prepost_valid_cap_x_(size) _SAL1_1_Source_(_Deref_prepost_valid_cap_x_, (size), _Deref_pre_valid_cap_x_(size) _Deref_post_valid_cap_x_(size))
1439#define _Deref_prepost_opt_valid_cap_x_(size) _SAL1_1_Source_(_Deref_prepost_opt_valid_cap_x_, (size), _Deref_pre_opt_valid_cap_x_(size) _Deref_post_opt_valid_cap_x_(size))
1440#define _Deref_prepost_valid_bytecap_x_(size) _SAL1_1_Source_(_Deref_prepost_valid_bytecap_x_, (size), _Deref_pre_valid_bytecap_x_(size) _Deref_post_valid_bytecap_x_(size))
1441#define _Deref_prepost_opt_valid_bytecap_x_(size) _SAL1_1_Source_(_Deref_prepost_opt_valid_bytecap_x_, (size), _Deref_pre_opt_valid_bytecap_x_(size) _Deref_post_opt_valid_bytecap_x_(size))
1442
1443#define _Deref_prepost_count_(size) _SAL1_1_Source_(_Deref_prepost_count_, (size), _Deref_pre_count_(size) _Deref_post_count_(size))
1444#define _Deref_prepost_opt_count_(size) _SAL1_1_Source_(_Deref_prepost_opt_count_, (size), _Deref_pre_opt_count_(size) _Deref_post_opt_count_(size))
1445#define _Deref_prepost_bytecount_(size) _SAL1_1_Source_(_Deref_prepost_bytecount_, (size), _Deref_pre_bytecount_(size) _Deref_post_bytecount_(size))
1446#define _Deref_prepost_opt_bytecount_(size) _SAL1_1_Source_(_Deref_prepost_opt_bytecount_, (size), _Deref_pre_opt_bytecount_(size) _Deref_post_opt_bytecount_(size))
1447
1448#define _Deref_prepost_count_x_(size) _SAL1_1_Source_(_Deref_prepost_count_x_, (size), _Deref_pre_count_x_(size) _Deref_post_count_x_(size))
1449#define _Deref_prepost_opt_count_x_(size) _SAL1_1_Source_(_Deref_prepost_opt_count_x_, (size), _Deref_pre_opt_count_x_(size) _Deref_post_opt_count_x_(size))
1450#define _Deref_prepost_bytecount_x_(size) _SAL1_1_Source_(_Deref_prepost_bytecount_x_, (size), _Deref_pre_bytecount_x_(size) _Deref_post_bytecount_x_(size))
1451#define _Deref_prepost_opt_bytecount_x_(size) _SAL1_1_Source_(_Deref_prepost_opt_bytecount_x_, (size), _Deref_pre_opt_bytecount_x_(size) _Deref_post_opt_bytecount_x_(size))
1452
1453#define _Deref_prepost_valid_ _SAL1_1_Source_(_Deref_prepost_valid_, (), _Deref_pre_valid_ _Deref_post_valid_)
1454#define _Deref_prepost_opt_valid_ _SAL1_1_Source_(_Deref_prepost_opt_valid_, (), _Deref_pre_opt_valid_ _Deref_post_opt_valid_)
1455
1456//
1457// _Deref_<miscellaneous>
1458//
1459// used with references to arrays
1460
1461#define _Deref_out_z_cap_c_(size) _SAL1_1_Source_(_Deref_out_z_cap_c_, (size), _Deref_pre_cap_c_(size) _Deref_post_z_)
1462#define _Deref_inout_z_cap_c_(size) _SAL1_1_Source_(_Deref_inout_z_cap_c_, (size), _Deref_pre_z_cap_c_(size) _Deref_post_z_)
1463#define _Deref_out_z_bytecap_c_(size) _SAL1_1_Source_(_Deref_out_z_bytecap_c_, (size), _Deref_pre_bytecap_c_(size) _Deref_post_z_)
1464#define _Deref_inout_z_bytecap_c_(size) _SAL1_1_Source_(_Deref_inout_z_bytecap_c_, (size), _Deref_pre_z_bytecap_c_(size) _Deref_post_z_)
1465#define _Deref_inout_z_ _SAL1_1_Source_(_Deref_inout_z_, (), _Deref_prepost_z_)
1466
1467// #pragma endregion Input Buffer SAL 1 compatibility macros
1468
1469
1470//============================================================================
1471// Implementation Layer:
1472//============================================================================
1473
1474
1475// Naming conventions:
1476// A symbol the begins with _SA_ is for the machinery of creating any
1477// annotations; many of those come from sourceannotations.h in the case
1478// of attributes.
1479
1480// A symbol that ends with _impl is the very lowest level macro. It is
1481// not required to be a legal standalone annotation, and in the case
1482// of attribute annotations, usually is not. (In the case of some declspec
1483// annotations, it might be, but it should not be assumed so.) Those
1484// symols will be used in the _PreN..., _PostN... and _RetN... annotations
1485// to build up more complete annotations.
1486
1487// A symbol ending in _impl_ is reserved to the implementation as well,
1488// but it does form a complete annotation; usually they are used to build
1489// up even higher level annotations.
1490
1491
1492#if _USE_ATTRIBUTES_FOR_SAL || _USE_DECLSPECS_FOR_SAL // [
1493// Sharable "_impl" macros: these can be shared between the various annotation
1494// forms but are part of the implementation of the macros. These are collected
1495// here to assure that only necessary differences in the annotations
1496// exist.
1497
1498#define _Always_impl_(annos) _Group_(annos _SAL_nop_impl_) _On_failure_impl_(annos _SAL_nop_impl_)
1499#define _Bound_impl_ _SA_annotes0(SAL_bound)
1500#define _Field_range_impl_(min,max) _Range_impl_(min,max)
1501#define _Literal_impl_ _SA_annotes1(SAL_constant, __yes)
1502#define _Maybenull_impl_ _SA_annotes1(SAL_null, __maybe)
1503#define _Maybevalid_impl_ _SA_annotes1(SAL_valid, __maybe)
1504#define _Must_inspect_impl_ _Post_impl_ _SA_annotes0(SAL_mustInspect)
1505#define _Notliteral_impl_ _SA_annotes1(SAL_constant, __no)
1506#define _Notnull_impl_ _SA_annotes1(SAL_null, __no)
1507#define _Notvalid_impl_ _SA_annotes1(SAL_valid, __no)
1508#define _NullNull_terminated_impl_ _Group_(_SA_annotes1(SAL_nullTerminated, __yes) _SA_annotes1(SAL_readableTo,inexpressibleCount("NullNull terminated string")))
1509#define _Null_impl_ _SA_annotes1(SAL_null, __yes)
1510#define _Null_terminated_impl_ _SA_annotes1(SAL_nullTerminated, __yes)
1511#define _Out_impl_ _Pre1_impl_(__notnull_impl_notref) _Pre1_impl_(__cap_c_one_notref_impl) _Post_valid_impl_
1512#define _Out_opt_impl_ _Pre1_impl_(__maybenull_impl_notref) _Pre1_impl_(__cap_c_one_notref_impl) _Post_valid_impl_
1513#define _Points_to_data_impl_ _At_(*_Curr_, _SA_annotes1(SAL_mayBePointer, __no))
1514#define _Post_satisfies_impl_(cond) _Post_impl_ _Satisfies_impl_(cond)
1515#define _Post_valid_impl_ _Post1_impl_(__valid_impl)
1516#define _Pre_satisfies_impl_(cond) _Pre_impl_ _Satisfies_impl_(cond)
1517#define _Pre_valid_impl_ _Pre1_impl_(__valid_impl)
1518#define _Range_impl_(min,max) _SA_annotes2(SAL_range, min, max)
1519#define _Readable_bytes_impl_(size) _SA_annotes1(SAL_readableTo, byteCount(size))
1520#define _Readable_elements_impl_(size) _SA_annotes1(SAL_readableTo, elementCount(size))
1521#define _Ret_valid_impl_ _Ret1_impl_(__valid_impl)
1522#define _Satisfies_impl_(cond) _SA_annotes1(SAL_satisfies, cond)
1523#define _Valid_impl_ _SA_annotes1(SAL_valid, __yes)
1524#define _Writable_bytes_impl_(size) _SA_annotes1(SAL_writableTo, byteCount(size))
1525#define _Writable_elements_impl_(size) _SA_annotes1(SAL_writableTo, elementCount(size))
1526
1527#define _In_range_impl_(min,max) _Pre_impl_ _Range_impl_(min,max)
1528#define _Out_range_impl_(min,max) _Post_impl_ _Range_impl_(min,max)
1529#define _Ret_range_impl_(min,max) _Post_impl_ _Range_impl_(min,max)
1530#define _Deref_in_range_impl_(min,max) _Deref_pre_impl_ _Range_impl_(min,max)
1531#define _Deref_out_range_impl_(min,max) _Deref_post_impl_ _Range_impl_(min,max)
1532#define _Deref_ret_range_impl_(min,max) _Deref_post_impl_ _Range_impl_(min,max)
1533
1534#define _Deref_pre_impl_ _Pre_impl_ _Notref_impl_ _Deref_impl_
1535#define _Deref_post_impl_ _Post_impl_ _Notref_impl_ _Deref_impl_
1536
1537// The following are for the implementation machinery, and are not
1538// suitable for annotating general code.
1539// We're tying to phase this out, someday. The parser quotes the param.
1540#define __AuToQuOtE _SA_annotes0(SAL_AuToQuOtE)
1541
1542// Normally the parser does some simple type checking of annotation params,
1543// defer that check to the plugin.
1544#define __deferTypecheck _SA_annotes0(SAL_deferTypecheck)
1545
1546#define _SA_SPECSTRIZE( x ) #x
1547#define _SAL_nop_impl_ /* nothing */
1548#define __nop_impl(x) x
1549#endif
1550
1551
1552#if _USE_ATTRIBUTES_FOR_SAL // [
1553
1554// Using attributes for sal
1555
1556#include "codeanalysis\sourceannotations.h"
1557
1558
1559#define _SA_annotes0(n) [SAL_annotes(Name=#n)]
1560#define _SA_annotes1(n,pp1) [SAL_annotes(Name=#n, p1=_SA_SPECSTRIZE(pp1))]
1561#define _SA_annotes2(n,pp1,pp2) [SAL_annotes(Name=#n, p1=_SA_SPECSTRIZE(pp1), p2=_SA_SPECSTRIZE(pp2))]
1562#define _SA_annotes3(n,pp1,pp2,pp3) [SAL_annotes(Name=#n, p1=_SA_SPECSTRIZE(pp1), p2=_SA_SPECSTRIZE(pp2), p3=_SA_SPECSTRIZE(pp3))]
1563
1564#define _Pre_impl_ [SAL_pre]
1565#define _Post_impl_ [SAL_post]
1566#define _Deref_impl_ [SAL_deref]
1567#define _Notref_impl_ [SAL_notref]
1568
1569
1570// Declare a function to be an annotation or primop (respectively).
1571// Done this way so that they don't appear in the regular compiler's
1572// namespace.
1573#define __ANNOTATION(fun) _SA_annotes0(SAL_annotation) void __SA_##fun;
1574#define __PRIMOP(type, fun) _SA_annotes0(SAL_primop) type __SA_##fun;
1575#define __QUALIFIER(fun) _SA_annotes0(SAL_qualifier) void __SA_##fun;
1576
1577// Benign declspec needed here for WindowsPREfast
1578#define __In_impl_ [SA_Pre(Valid=SA_Yes)] [SA_Pre(Deref=1, Notref=1, Access=SA_Read)] __declspec("SAL_pre SAL_valid")
1579
1580#elif _USE_DECLSPECS_FOR_SAL // ][
1581
1582// Using declspecs for sal
1583
1584#define _SA_annotes0(n) __declspec(#n)
1585#define _SA_annotes1(n,pp1) __declspec(#n "(" _SA_SPECSTRIZE(pp1) ")" )
1586#define _SA_annotes2(n,pp1,pp2) __declspec(#n "(" _SA_SPECSTRIZE(pp1) "," _SA_SPECSTRIZE(pp2) ")")
1587#define _SA_annotes3(n,pp1,pp2,pp3) __declspec(#n "(" _SA_SPECSTRIZE(pp1) "," _SA_SPECSTRIZE(pp2) "," _SA_SPECSTRIZE(pp3) ")")
1588
1589#define _Pre_impl_ _SA_annotes0(SAL_pre)
1590#define _Post_impl_ _SA_annotes0(SAL_post)
1591#define _Deref_impl_ _SA_annotes0(SAL_deref)
1592#define _Notref_impl_ _SA_annotes0(SAL_notref)
1593
1594// Declare a function to be an annotation or primop (respectively).
1595// Done this way so that they don't appear in the regular compiler's
1596// namespace.
1597#define __ANNOTATION(fun) _SA_annotes0(SAL_annotation) void __SA_##fun
1598
1599#define __PRIMOP(type, fun) _SA_annotes0(SAL_primop) type __SA_##fun
1600
1601#define __QUALIFIER(fun) _SA_annotes0(SAL_qualifier) void __SA_##fun;
1602
1603#define __In_impl_ _Pre_impl_ _SA_annotes0(SAL_valid) _Pre_impl_ _Deref_impl_ _Notref_impl_ _SA_annotes0(SAL_readonly)
1604
1605#else // ][
1606
1607// Using "nothing" for sal
1608
1609#define _SA_annotes0(n)
1610#define _SA_annotes1(n,pp1)
1611#define _SA_annotes2(n,pp1,pp2)
1612#define _SA_annotes3(n,pp1,pp2,pp3)
1613
1614#define __ANNOTATION(fun)
1615#define __PRIMOP(type, fun)
1616#define __QUALIFIER(type, fun)
1617
1618#endif // ]
1619
1620#if _USE_ATTRIBUTES_FOR_SAL || _USE_DECLSPECS_FOR_SAL // [
1621
1622// Declare annotations that need to be declared.
1623__ANNOTATION(SAL_useHeader(void));
1624__ANNOTATION(SAL_bound(void));
1625__ANNOTATION(SAL_allocator(void)); //??? resolve with PFD
1626__ANNOTATION(SAL_file_parser(__AuToQuOtE __In_impl_ char *, __In_impl_ char *));
1627__ANNOTATION(SAL_source_code_content(__In_impl_ char *));
1628__ANNOTATION(SAL_analysisHint(__AuToQuOtE __In_impl_ char *));
1629__ANNOTATION(SAL_untrusted_data_source(__AuToQuOtE __In_impl_ char *));
1630__ANNOTATION(SAL_untrusted_data_source_this(__AuToQuOtE __In_impl_ char *));
1631__ANNOTATION(SAL_validated(__AuToQuOtE __In_impl_ char *));
1632__ANNOTATION(SAL_validated_this(__AuToQuOtE __In_impl_ char *));
1633__ANNOTATION(SAL_encoded(void));
1634__ANNOTATION(SAL_adt(__AuToQuOtE __In_impl_ char *, __AuToQuOtE __In_impl_ char *));
1635__ANNOTATION(SAL_add_adt_property(__AuToQuOtE __In_impl_ char *, __AuToQuOtE __In_impl_ char *));
1636__ANNOTATION(SAL_remove_adt_property(__AuToQuOtE __In_impl_ char *, __AuToQuOtE __In_impl_ char *));
1637__ANNOTATION(SAL_transfer_adt_property_from(__AuToQuOtE __In_impl_ char *));
1638__ANNOTATION(SAL_post_type(__AuToQuOtE __In_impl_ char *));
1639__ANNOTATION(SAL_volatile(void));
1640__ANNOTATION(SAL_nonvolatile(void));
1641__ANNOTATION(SAL_entrypoint(__AuToQuOtE __In_impl_ char *, __AuToQuOtE __In_impl_ char *));
1642__ANNOTATION(SAL_blocksOn(__In_impl_ void*));
1643__ANNOTATION(SAL_mustInspect(void));
1644
1645// Only appears in model files, but needs to be declared.
1646__ANNOTATION(SAL_TypeName(__AuToQuOtE __In_impl_ char *));
1647
1648// To be declared well-known soon.
1649__ANNOTATION(SAL_interlocked(void);)
1650
1651#pragma warning (suppress: 28227 28241)
1652__ANNOTATION(SAL_name(__In_impl_ char *, __In_impl_ char *, __In_impl_ char *);)
1653
1654__PRIMOP(char *, _Macro_value_(__In_impl_ char *));
1655__PRIMOP(int, _Macro_defined_(__In_impl_ char *));
1656__PRIMOP(char *, _Strstr_(__In_impl_ char *, __In_impl_ char *));
1657
1658#endif // ]
1659
1660#if _USE_ATTRIBUTES_FOR_SAL // [
1661
1662#define _Check_return_impl_ [SA_Post(MustCheck=SA_Yes)]
1663
1664#define _Success_impl_(expr) [SA_Success(Condition=#expr)]
1665#define _On_failure_impl_(annos) [SAL_context(p1="SAL_failed")] _Group_(_Post_impl_ _Group_(annos _SAL_nop_impl_))
1666
1667#define _Printf_format_string_impl_ [SA_FormatString(Style="printf")]
1668#define _Scanf_format_string_impl_ [SA_FormatString(Style="scanf")]
1669#define _Scanf_s_format_string_impl_ [SA_FormatString(Style="scanf_s")]
1670
1671#define _In_bound_impl_ [SA_PreBound(Deref=0)]
1672#define _Out_bound_impl_ [SA_PostBound(Deref=0)]
1673#define _Ret_bound_impl_ [SA_PostBound(Deref=0)]
1674#define _Deref_in_bound_impl_ [SA_PreBound(Deref=1)]
1675#define _Deref_out_bound_impl_ [SA_PostBound(Deref=1)]
1676#define _Deref_ret_bound_impl_ [SA_PostBound(Deref=1)]
1677
1678#define __valid_impl Valid=SA_Yes
1679#define __maybevalid_impl Valid=SA_Maybe
1680#define __notvalid_impl Valid=SA_No
1681
1682#define __null_impl Null=SA_Yes
1683#define __maybenull_impl Null=SA_Maybe
1684#define __notnull_impl Null=SA_No
1685
1686#define __null_impl_notref Null=SA_Yes,Notref=1
1687#define __maybenull_impl_notref Null=SA_Maybe,Notref=1
1688#define __notnull_impl_notref Null=SA_No,Notref=1
1689
1690#define __zterm_impl NullTerminated=SA_Yes
1691#define __maybezterm_impl NullTerminated=SA_Maybe
1692#define __maybzterm_impl NullTerminated=SA_Maybe
1693#define __notzterm_impl NullTerminated=SA_No
1694
1695#define __readaccess_impl Access=SA_Read
1696#define __writeaccess_impl Access=SA_Write
1697#define __allaccess_impl Access=SA_ReadWrite
1698
1699#define __readaccess_impl_notref Access=SA_Read,Notref=1
1700#define __writeaccess_impl_notref Access=SA_Write,Notref=1
1701#define __allaccess_impl_notref Access=SA_ReadWrite,Notref=1
1702
1703#if _MSC_VER >= 1610 /*IFSTRIP=IGN*/ // [
1704
1705// For SAL2, we need to expect general expressions.
1706
1707#define __cap_impl(size) WritableElements="\n"#size
1708#define __bytecap_impl(size) WritableBytes="\n"#size
1709#define __bytecount_impl(size) ValidBytes="\n"#size
1710#define __count_impl(size) ValidElements="\n"#size
1711
1712#else // ][
1713
1714#define __cap_impl(size) WritableElements=#size
1715#define __bytecap_impl(size) WritableBytes=#size
1716#define __bytecount_impl(size) ValidBytes=#size
1717#define __count_impl(size) ValidElements=#size
1718
1719#endif // ]
1720
1721#define __cap_c_impl(size) WritableElementsConst=size
1722#define __cap_c_one_notref_impl WritableElementsConst=1,Notref=1
1723#define __cap_for_impl(param) WritableElementsLength=#param
1724#define __cap_x_impl(size) WritableElements="\n@"#size
1725
1726#define __bytecap_c_impl(size) WritableBytesConst=size
1727#define __bytecap_x_impl(size) WritableBytes="\n@"#size
1728
1729#define __mult_impl(mult,size) __cap_impl((mult)*(size))
1730
1731#define __count_c_impl(size) ValidElementsConst=size
1732#define __count_x_impl(size) ValidElements="\n@"#size
1733
1734#define __bytecount_c_impl(size) ValidBytesConst=size
1735#define __bytecount_x_impl(size) ValidBytes="\n@"#size
1736
1737
1738#define _At_impl_(target, annos) [SAL_at(p1=#target)] _Group_(annos)
1739#define _At_buffer_impl_(target, iter, bound, annos) [SAL_at_buffer(p1=#target, p2=#iter, p3=#bound)] _Group_(annos)
1740#define _When_impl_(expr, annos) [SAL_when(p1=#expr)] _Group_(annos)
1741
1742#define _Group_impl_(annos) [SAL_begin] annos [SAL_end]
1743#define _GrouP_impl_(annos) [SAL_BEGIN] annos [SAL_END]
1744
1745#define _Use_decl_anno_impl_ _SA_annotes0(SAL_useHeader) // this is a special case!
1746
1747#define _Pre1_impl_(p1) [SA_Pre(p1)]
1748#define _Pre2_impl_(p1,p2) [SA_Pre(p1,p2)]
1749#define _Pre3_impl_(p1,p2,p3) [SA_Pre(p1,p2,p3)]
1750
1751#define _Post1_impl_(p1) [SA_Post(p1)]
1752#define _Post2_impl_(p1,p2) [SA_Post(p1,p2)]
1753#define _Post3_impl_(p1,p2,p3) [SA_Post(p1,p2,p3)]
1754
1755#define _Ret1_impl_(p1) [SA_Post(p1)]
1756#define _Ret2_impl_(p1,p2) [SA_Post(p1,p2)]
1757#define _Ret3_impl_(p1,p2,p3) [SA_Post(p1,p2,p3)]
1758
1759#define _Deref_pre1_impl_(p1) [SA_Pre(Deref=1,p1)]
1760#define _Deref_pre2_impl_(p1,p2) [SA_Pre(Deref=1,p1,p2)]
1761#define _Deref_pre3_impl_(p1,p2,p3) [SA_Pre(Deref=1,p1,p2,p3)]
1762
1763
1764#define _Deref_post1_impl_(p1) [SA_Post(Deref=1,p1)]
1765#define _Deref_post2_impl_(p1,p2) [SA_Post(Deref=1,p1,p2)]
1766#define _Deref_post3_impl_(p1,p2,p3) [SA_Post(Deref=1,p1,p2,p3)]
1767
1768#define _Deref_ret1_impl_(p1) [SA_Post(Deref=1,p1)]
1769#define _Deref_ret2_impl_(p1,p2) [SA_Post(Deref=1,p1,p2)]
1770#define _Deref_ret3_impl_(p1,p2,p3) [SA_Post(Deref=1,p1,p2,p3)]
1771
1772#define _Deref2_pre1_impl_(p1) [SA_Pre(Deref=2,Notref=1,p1)]
1773#define _Deref2_post1_impl_(p1) [SA_Post(Deref=2,Notref=1,p1)]
1774#define _Deref2_ret1_impl_(p1) [SA_Post(Deref=2,Notref=1,p1)]
1775
1776// Obsolete -- may be needed for transition to attributes.
1777#define __inner_typefix(ctype) [SAL_typefix(p1=_SA_SPECSTRIZE(ctype))]
1778#define __inner_exceptthat [SAL_except]
1779
1780
1781#elif _USE_DECLSPECS_FOR_SAL // ][
1782
1783#define _Check_return_impl_ __post _SA_annotes0(SAL_checkReturn)
1784
1785#define _Success_impl_(expr) _SA_annotes1(SAL_success, expr)
1786#define _On_failure_impl_(annos) _SA_annotes1(SAL_context, SAL_failed) _Group_(_Post_impl_ _Group_(_SAL_nop_impl_ annos))
1787
1788#define _Printf_format_string_impl_ _SA_annotes1(SAL_IsFormatString, "printf")
1789#define _Scanf_format_string_impl_ _SA_annotes1(SAL_IsFormatString, "scanf")
1790#define _Scanf_s_format_string_impl_ _SA_annotes1(SAL_IsFormatString, "scanf_s")
1791
1792#define _In_bound_impl_ _Pre_impl_ _Bound_impl_
1793#define _Out_bound_impl_ _Post_impl_ _Bound_impl_
1794#define _Ret_bound_impl_ _Post_impl_ _Bound_impl_
1795#define _Deref_in_bound_impl_ _Deref_pre_impl_ _Bound_impl_
1796#define _Deref_out_bound_impl_ _Deref_post_impl_ _Bound_impl_
1797#define _Deref_ret_bound_impl_ _Deref_post_impl_ _Bound_impl_
1798
1799
1800#define __null_impl _SA_annotes0(SAL_null) // _SA_annotes1(SAL_null, __yes)
1801#define __notnull_impl _SA_annotes0(SAL_notnull) // _SA_annotes1(SAL_null, __no)
1802#define __maybenull_impl _SA_annotes0(SAL_maybenull) // _SA_annotes1(SAL_null, __maybe)
1803
1804#define __valid_impl _SA_annotes0(SAL_valid) // _SA_annotes1(SAL_valid, __yes)
1805#define __notvalid_impl _SA_annotes0(SAL_notvalid) // _SA_annotes1(SAL_valid, __no)
1806#define __maybevalid_impl _SA_annotes0(SAL_maybevalid) // _SA_annotes1(SAL_valid, __maybe)
1807
1808#define __null_impl_notref _Notref_ _Null_impl_
1809#define __maybenull_impl_notref _Notref_ _Maybenull_impl_
1810#define __notnull_impl_notref _Notref_ _Notnull_impl_
1811
1812#define __zterm_impl _SA_annotes1(SAL_nullTerminated, __yes)
1813#define __maybezterm_impl _SA_annotes1(SAL_nullTerminated, __maybe)
1814#define __maybzterm_impl _SA_annotes1(SAL_nullTerminated, __maybe)
1815#define __notzterm_impl _SA_annotes1(SAL_nullTerminated, __no)
1816
1817#define __readaccess_impl _SA_annotes1(SAL_access, 0x1)
1818#define __writeaccess_impl _SA_annotes1(SAL_access, 0x2)
1819#define __allaccess_impl _SA_annotes1(SAL_access, 0x3)
1820
1821#define __readaccess_impl_notref _Notref_ _SA_annotes1(SAL_access, 0x1)
1822#define __writeaccess_impl_notref _Notref_ _SA_annotes1(SAL_access, 0x2)
1823#define __allaccess_impl_notref _Notref_ _SA_annotes1(SAL_access, 0x3)
1824
1825#define __cap_impl(size) _SA_annotes1(SAL_writableTo,elementCount(size))
1826#define __cap_c_impl(size) _SA_annotes1(SAL_writableTo,elementCount(size))
1827#define __cap_c_one_notref_impl _Notref_ _SA_annotes1(SAL_writableTo,elementCount(1))
1828#define __cap_for_impl(param) _SA_annotes1(SAL_writableTo,inexpressibleCount(sizeof(param)))
1829#define __cap_x_impl(size) _SA_annotes1(SAL_writableTo,inexpressibleCount(#size))
1830
1831#define __bytecap_impl(size) _SA_annotes1(SAL_writableTo,byteCount(size))
1832#define __bytecap_c_impl(size) _SA_annotes1(SAL_writableTo,byteCount(size))
1833#define __bytecap_x_impl(size) _SA_annotes1(SAL_writableTo,inexpressibleCount(#size))
1834
1835#define __mult_impl(mult,size) _SA_annotes1(SAL_writableTo,(mult)*(size))
1836
1837#define __count_impl(size) _SA_annotes1(SAL_readableTo,elementCount(size))
1838#define __count_c_impl(size) _SA_annotes1(SAL_readableTo,elementCount(size))
1839#define __count_x_impl(size) _SA_annotes1(SAL_readableTo,inexpressibleCount(#size))
1840
1841#define __bytecount_impl(size) _SA_annotes1(SAL_readableTo,byteCount(size))
1842#define __bytecount_c_impl(size) _SA_annotes1(SAL_readableTo,byteCount(size))
1843#define __bytecount_x_impl(size) _SA_annotes1(SAL_readableTo,inexpressibleCount(#size))
1844
1845#define _At_impl_(target, annos) _SA_annotes0(SAL_at(target)) _Group_(annos)
1846#define _At_buffer_impl_(target, iter, bound, annos) _SA_annotes3(SAL_at_buffer, target, iter, bound) _Group_(annos)
1847#define _Group_impl_(annos) _SA_annotes0(SAL_begin) annos _SA_annotes0(SAL_end)
1848#define _GrouP_impl_(annos) _SA_annotes0(SAL_BEGIN) annos _SA_annotes0(SAL_END)
1849#define _When_impl_(expr, annos) _SA_annotes0(SAL_when(expr)) _Group_(annos)
1850
1851#define _Use_decl_anno_impl_ __declspec("SAL_useHeader()") // this is a special case!
1852
1853#define _Pre1_impl_(p1) _Pre_impl_ p1
1854#define _Pre2_impl_(p1,p2) _Pre_impl_ p1 _Pre_impl_ p2
1855#define _Pre3_impl_(p1,p2,p3) _Pre_impl_ p1 _Pre_impl_ p2 _Pre_impl_ p3
1856
1857#define _Post1_impl_(p1) _Post_impl_ p1
1858#define _Post2_impl_(p1,p2) _Post_impl_ p1 _Post_impl_ p2
1859#define _Post3_impl_(p1,p2,p3) _Post_impl_ p1 _Post_impl_ p2 _Post_impl_ p3
1860
1861#define _Ret1_impl_(p1) _Post_impl_ p1
1862#define _Ret2_impl_(p1,p2) _Post_impl_ p1 _Post_impl_ p2
1863#define _Ret3_impl_(p1,p2,p3) _Post_impl_ p1 _Post_impl_ p2 _Post_impl_ p3
1864
1865#define _Deref_pre1_impl_(p1) _Deref_pre_impl_ p1
1866#define _Deref_pre2_impl_(p1,p2) _Deref_pre_impl_ p1 _Deref_pre_impl_ p2
1867#define _Deref_pre3_impl_(p1,p2,p3) _Deref_pre_impl_ p1 _Deref_pre_impl_ p2 _Deref_pre_impl_ p3
1868
1869#define _Deref_post1_impl_(p1) _Deref_post_impl_ p1
1870#define _Deref_post2_impl_(p1,p2) _Deref_post_impl_ p1 _Deref_post_impl_ p2
1871#define _Deref_post3_impl_(p1,p2,p3) _Deref_post_impl_ p1 _Deref_post_impl_ p2 _Deref_post_impl_ p3
1872
1873#define _Deref_ret1_impl_(p1) _Deref_post_impl_ p1
1874#define _Deref_ret2_impl_(p1,p2) _Deref_post_impl_ p1 _Deref_post_impl_ p2
1875#define _Deref_ret3_impl_(p1,p2,p3) _Deref_post_impl_ p1 _Deref_post_impl_ p2 _Deref_post_impl_ p3
1876
1877#define _Deref2_pre1_impl_(p1) _Deref_pre_impl_ _Notref_impl_ _Deref_impl_ p1
1878#define _Deref2_post1_impl_(p1) _Deref_post_impl_ _Notref_impl_ _Deref_impl_ p1
1879#define _Deref2_ret1_impl_(p1) _Deref_post_impl_ _Notref_impl_ _Deref_impl_ p1
1880
1881#define __inner_typefix(ctype) _SA_annotes1(SAL_typefix, ctype)
1882#define __inner_exceptthat _SA_annotes0(SAL_except)
1883
1884#elif defined(_MSC_EXTENSIONS) && !defined( MIDL_PASS ) && !defined(__midl) && !defined(RC_INVOKED) && defined(_PFT_VER) && _MSC_VER >= 1400 /*IFSTRIP=IGN*/ // ][
1885
1886// minimum attribute expansion for foreground build
1887
1888#pragma push_macro( "SA" )
1889#pragma push_macro( "REPEATABLE" )
1890
1891#ifdef __cplusplus // [
1892#define SA( id ) id
1893#define REPEATABLE [repeatable]
1894#else // !__cplusplus // ][
1895#define SA( id ) SA_##id
1896#define REPEATABLE
1897#endif // !__cplusplus // ]
1898
1899REPEATABLE
1900[source_annotation_attribute( SA( Parameter ) )]
1901struct __P_impl
1902{
1903#ifdef __cplusplus // [
1904 __P_impl();
1905#endif // ]
1906 int __d_;
1907};
1908typedef struct __P_impl __P_impl;
1909
1910REPEATABLE
1911[source_annotation_attribute( SA( ReturnValue ) )]
1912struct __R_impl
1913{
1914#ifdef __cplusplus // [
1915 __R_impl();
1916#endif // ]
1917 int __d_;
1918};
1919typedef struct __R_impl __R_impl;
1920
1921[source_annotation_attribute( SA( Method ) )]
1922struct __M_
1923{
1924#ifdef __cplusplus // [
1925 __M_();
1926#endif // ]
1927 int __d_;
1928};
1929typedef struct __M_ __M_;
1930
1931[source_annotation_attribute( SA( All ) )]
1932struct __A_
1933{
1934#ifdef __cplusplus // [
1935 __A_();
1936#endif // ]
1937 int __d_;
1938};
1939typedef struct __A_ __A_;
1940
1941[source_annotation_attribute( SA( Field ) )]
1942struct __F_
1943{
1944#ifdef __cplusplus // [
1945 __F_();
1946#endif // ]
1947 int __d_;
1948};
1949typedef struct __F_ __F_;
1950
1951#pragma pop_macro( "REPEATABLE" )
1952#pragma pop_macro( "SA" )
1953
1954
1955#define _SAL_nop_impl_
1956
1957#define _At_impl_(target, annos) [__A_(__d_=0)]
1958#define _At_buffer_impl_(target, iter, bound, annos) [__A_(__d_=0)]
1959#define _When_impl_(expr, annos) annos
1960#define _Group_impl_(annos) annos
1961#define _GrouP_impl_(annos) annos
1962#define _Use_decl_anno_impl_ [__M_(__d_=0)]
1963
1964#define _Points_to_data_impl_ [__P_impl(__d_=0)]
1965#define _Literal_impl_ [__P_impl(__d_=0)]
1966#define _Notliteral_impl_ [__P_impl(__d_=0)]
1967
1968#define _Pre_valid_impl_ [__P_impl(__d_=0)]
1969#define _Post_valid_impl_ [__P_impl(__d_=0)]
1970#define _Ret_valid_impl_ [__R_impl(__d_=0)]
1971
1972#define _Check_return_impl_ [__R_impl(__d_=0)]
1973#define _Must_inspect_impl_ [__R_impl(__d_=0)]
1974
1975#define _Success_impl_(expr) [__M_(__d_=0)]
1976#define _On_failure_impl_(expr) [__M_(__d_=0)]
1977#define _Always_impl_(expr) [__M_(__d_=0)]
1978
1979#define _Printf_format_string_impl_ [__P_impl(__d_=0)]
1980#define _Scanf_format_string_impl_ [__P_impl(__d_=0)]
1981#define _Scanf_s_format_string_impl_ [__P_impl(__d_=0)]
1982
1983#define _Raises_SEH_exception_impl_ [__M_(__d_=0)]
1984#define _Maybe_raises_SEH_exception_impl_ [__M_(__d_=0)]
1985
1986#define _In_bound_impl_ [__P_impl(__d_=0)]
1987#define _Out_bound_impl_ [__P_impl(__d_=0)]
1988#define _Ret_bound_impl_ [__R_impl(__d_=0)]
1989#define _Deref_in_bound_impl_ [__P_impl(__d_=0)]
1990#define _Deref_out_bound_impl_ [__P_impl(__d_=0)]
1991#define _Deref_ret_bound_impl_ [__R_impl(__d_=0)]
1992
1993#define _Range_impl_(min,max) [__P_impl(__d_=0)]
1994#define _In_range_impl_(min,max) [__P_impl(__d_=0)]
1995#define _Out_range_impl_(min,max) [__P_impl(__d_=0)]
1996#define _Ret_range_impl_(min,max) [__R_impl(__d_=0)]
1997#define _Deref_in_range_impl_(min,max) [__P_impl(__d_=0)]
1998#define _Deref_out_range_impl_(min,max) [__P_impl(__d_=0)]
1999#define _Deref_ret_range_impl_(min,max) [__R_impl(__d_=0)]
2000
2001#define _Field_range_impl_(min,max) [__F_(__d_=0)]
2002
2003#define _Pre_satisfies_impl_(cond) [__A_(__d_=0)]
2004#define _Post_satisfies_impl_(cond) [__A_(__d_=0)]
2005#define _Satisfies_impl_(cond) [__A_(__d_=0)]
2006
2007#define _Null_impl_ [__A_(__d_=0)]
2008#define _Notnull_impl_ [__A_(__d_=0)]
2009#define _Maybenull_impl_ [__A_(__d_=0)]
2010
2011#define _Valid_impl_ [__A_(__d_=0)]
2012#define _Notvalid_impl_ [__A_(__d_=0)]
2013#define _Maybevalid_impl_ [__A_(__d_=0)]
2014
2015#define _Readable_bytes_impl_(size) [__A_(__d_=0)]
2016#define _Readable_elements_impl_(size) [__A_(__d_=0)]
2017#define _Writable_bytes_impl_(size) [__A_(__d_=0)]
2018#define _Writable_elements_impl_(size) [__A_(__d_=0)]
2019
2020#define _Null_terminated_impl_ [__A_(__d_=0)]
2021#define _NullNull_terminated_impl_ [__A_(__d_=0)]
2022
2023#define _Pre_impl_ [__P_impl(__d_=0)]
2024#define _Pre1_impl_(p1) [__P_impl(__d_=0)]
2025#define _Pre2_impl_(p1,p2) [__P_impl(__d_=0)]
2026#define _Pre3_impl_(p1,p2,p3) [__P_impl(__d_=0)]
2027
2028#define _Post_impl_ [__P_impl(__d_=0)]
2029#define _Post1_impl_(p1) [__P_impl(__d_=0)]
2030#define _Post2_impl_(p1,p2) [__P_impl(__d_=0)]
2031#define _Post3_impl_(p1,p2,p3) [__P_impl(__d_=0)]
2032
2033#define _Ret1_impl_(p1) [__R_impl(__d_=0)]
2034#define _Ret2_impl_(p1,p2) [__R_impl(__d_=0)]
2035#define _Ret3_impl_(p1,p2,p3) [__R_impl(__d_=0)]
2036
2037#define _Deref_pre1_impl_(p1) [__P_impl(__d_=0)]
2038#define _Deref_pre2_impl_(p1,p2) [__P_impl(__d_=0)]
2039#define _Deref_pre3_impl_(p1,p2,p3) [__P_impl(__d_=0)]
2040
2041#define _Deref_post1_impl_(p1) [__P_impl(__d_=0)]
2042#define _Deref_post2_impl_(p1,p2) [__P_impl(__d_=0)]
2043#define _Deref_post3_impl_(p1,p2,p3) [__P_impl(__d_=0)]
2044
2045#define _Deref_ret1_impl_(p1) [__R_impl(__d_=0)]
2046#define _Deref_ret2_impl_(p1,p2) [__R_impl(__d_=0)]
2047#define _Deref_ret3_impl_(p1,p2,p3) [__R_impl(__d_=0)]
2048
2049#define _Deref2_pre1_impl_(p1) //[__P_impl(__d_=0)]
2050#define _Deref2_post1_impl_(p1) //[__P_impl(__d_=0)]
2051#define _Deref2_ret1_impl_(p1) //[__P_impl(__d_=0)]
2052
2053#else // ][
2054
2055
2056#define _SAL_nop_impl_ X
2057
2058#define _At_impl_(target, annos)
2059#define _When_impl_(expr, annos)
2060#define _Group_impl_(annos)
2061#define _GrouP_impl_(annos)
2062#define _At_buffer_impl_(target, iter, bound, annos)
2063#define _Use_decl_anno_impl_
2064#define _Points_to_data_impl_
2065#define _Literal_impl_
2066#define _Notliteral_impl_
2067#define _Notref_impl_
2068
2069#define _Pre_valid_impl_
2070#define _Post_valid_impl_
2071#define _Ret_valid_impl_
2072
2073#define _Check_return_impl_
2074#define _Must_inspect_impl_
2075
2076#define _Success_impl_(expr)
2077#define _On_failure_impl_(annos)
2078#define _Always_impl_(annos)
2079
2080#define _Printf_format_string_impl_
2081#define _Scanf_format_string_impl_
2082#define _Scanf_s_format_string_impl_
2083
2084#define _In_bound_impl_
2085#define _Out_bound_impl_
2086#define _Ret_bound_impl_
2087#define _Deref_in_bound_impl_
2088#define _Deref_out_bound_impl_
2089#define _Deref_ret_bound_impl_
2090
2091#define _Range_impl_(min,max)
2092#define _In_range_impl_(min,max)
2093#define _Out_range_impl_(min,max)
2094#define _Ret_range_impl_(min,max)
2095#define _Deref_in_range_impl_(min,max)
2096#define _Deref_out_range_impl_(min,max)
2097#define _Deref_ret_range_impl_(min,max)
2098
2099#define _Satisfies_impl_(expr)
2100#define _Pre_satisfies_impl_(expr)
2101#define _Post_satisfies_impl_(expr)
2102
2103#define _Null_impl_
2104#define _Notnull_impl_
2105#define _Maybenull_impl_
2106
2107#define _Valid_impl_
2108#define _Notvalid_impl_
2109#define _Maybevalid_impl_
2110
2111#define _Field_range_impl_(min,max)
2112
2113#define _Pre_impl_
2114#define _Pre1_impl_(p1)
2115#define _Pre2_impl_(p1,p2)
2116#define _Pre3_impl_(p1,p2,p3)
2117
2118#define _Post_impl_
2119#define _Post1_impl_(p1)
2120#define _Post2_impl_(p1,p2)
2121#define _Post3_impl_(p1,p2,p3)
2122
2123#define _Ret1_impl_(p1)
2124#define _Ret2_impl_(p1,p2)
2125#define _Ret3_impl_(p1,p2,p3)
2126
2127#define _Deref_pre1_impl_(p1)
2128#define _Deref_pre2_impl_(p1,p2)
2129#define _Deref_pre3_impl_(p1,p2,p3)
2130
2131#define _Deref_post1_impl_(p1)
2132#define _Deref_post2_impl_(p1,p2)
2133#define _Deref_post3_impl_(p1,p2,p3)
2134
2135#define _Deref_ret1_impl_(p1)
2136#define _Deref_ret2_impl_(p1,p2)
2137#define _Deref_ret3_impl_(p1,p2,p3)
2138
2139#define _Deref2_pre1_impl_(p1)
2140#define _Deref2_post1_impl_(p1)
2141#define _Deref2_ret1_impl_(p1)
2142
2143#define _Readable_bytes_impl_(size)
2144#define _Readable_elements_impl_(size)
2145#define _Writable_bytes_impl_(size)
2146#define _Writable_elements_impl_(size)
2147
2148#define _Null_terminated_impl_
2149#define _NullNull_terminated_impl_
2150
2151// Obsolete -- may be needed for transition to attributes.
2152#define __inner_typefix(ctype)
2153#define __inner_exceptthat
2154
2155#endif // ]
2156
2157// This section contains the deprecated annotations
2158
2159/*
2160 -------------------------------------------------------------------------------
2161 Introduction
2162
2163 sal.h provides a set of annotations to describe how a function uses its
2164 parameters - the assumptions it makes about them, and the guarantees it makes
2165 upon finishing.
2166
2167 Annotations may be placed before either a function parameter's type or its return
2168 type, and describe the function's behavior regarding the parameter or return value.
2169 There are two classes of annotations: buffer annotations and advanced annotations.
2170 Buffer annotations describe how functions use their pointer parameters, and
2171 advanced annotations either describe complex/unusual buffer behavior, or provide
2172 additional information about a parameter that is not otherwise expressible.
2173
2174 -------------------------------------------------------------------------------
2175 Buffer Annotations
2176
2177 The most important annotations in sal.h provide a consistent way to annotate
2178 buffer parameters or return values for a function. Each of these annotations describes
2179 a single buffer (which could be a string, a fixed-length or variable-length array,
2180 or just a pointer) that the function interacts with: where it is, how large it is,
2181 how much is initialized, and what the function does with it.
2182
2183 The appropriate macro for a given buffer can be constructed using the table below.
2184 Just pick the appropriate values from each category, and combine them together
2185 with a leading underscore. Some combinations of values do not make sense as buffer
2186 annotations. Only meaningful annotations can be added to your code; for a list of
2187 these, see the buffer annotation definitions section.
2188
2189 Only a single buffer annotation should be used for each parameter.
2190
2191 |------------|------------|---------|--------|----------|----------|---------------|
2192 | Level | Usage | Size | Output | NullTerm | Optional | Parameters |
2193 |------------|------------|---------|--------|----------|----------|---------------|
2194 | <> | <> | <> | <> | _z | <> | <> |
2195 | _deref | _in | _ecount | _full | _nz | _opt | (size) |
2196 | _deref_opt | _out | _bcount | _part | | | (size,length) |
2197 | | _inout | | | | | |
2198 | | | | | | | |
2199 |------------|------------|---------|--------|----------|----------|---------------|
2200
2201 Level: Describes the buffer pointer's level of indirection from the parameter or
2202 return value 'p'.
2203
2204 <> : p is the buffer pointer.
2205 _deref : *p is the buffer pointer. p must not be NULL.
2206 _deref_opt : *p may be the buffer pointer. p may be NULL, in which case the rest of
2207 the annotation is ignored.
2208
2209 Usage: Describes how the function uses the buffer.
2210
2211 <> : The buffer is not accessed. If used on the return value or with _deref, the
2212 function will provide the buffer, and it will be uninitialized at exit.
2213 Otherwise, the caller must provide the buffer. This should only be used
2214 for alloc and free functions.
2215 _in : The function will only read from the buffer. The caller must provide the
2216 buffer and initialize it. Cannot be used with _deref.
2217 _out : The function will only write to the buffer. If used on the return value or
2218 with _deref, the function will provide the buffer and initialize it.
2219 Otherwise, the caller must provide the buffer, and the function will
2220 initialize it.
2221 _inout : The function may freely read from and write to the buffer. The caller must
2222 provide the buffer and initialize it. If used with _deref, the buffer may
2223 be reallocated by the function.
2224
2225 Size: Describes the total size of the buffer. This may be less than the space actually
2226 allocated for the buffer, in which case it describes the accessible amount.
2227
2228 <> : No buffer size is given. If the type specifies the buffer size (such as
2229 with LPSTR and LPWSTR), that amount is used. Otherwise, the buffer is one
2230 element long. Must be used with _in, _out, or _inout.
2231 _ecount : The buffer size is an explicit element count.
2232 _bcount : The buffer size is an explicit byte count.
2233
2234 Output: Describes how much of the buffer will be initialized by the function. For
2235 _inout buffers, this also describes how much is initialized at entry. Omit this
2236 category for _in buffers; they must be fully initialized by the caller.
2237
2238 <> : The type specifies how much is initialized. For instance, a function initializing
2239 an LPWSTR must NULL-terminate the string.
2240 _full : The function initializes the entire buffer.
2241 _part : The function initializes part of the buffer, and explicitly indicates how much.
2242
2243 NullTerm: States if the present of a '\0' marks the end of valid elements in the buffer.
2244 _z : A '\0' indicated the end of the buffer
2245 _nz : The buffer may not be null terminated and a '\0' does not indicate the end of the
2246 buffer.
2247 Optional: Describes if the buffer itself is optional.
2248
2249 <> : The pointer to the buffer must not be NULL.
2250 _opt : The pointer to the buffer might be NULL. It will be checked before being dereferenced.
2251
2252 Parameters: Gives explicit counts for the size and length of the buffer.
2253
2254 <> : There is no explicit count. Use when neither _ecount nor _bcount is used.
2255 (size) : Only the buffer's total size is given. Use with _ecount or _bcount but not _part.
2256 (size,length) : The buffer's total size and initialized length are given. Use with _ecount_part
2257 and _bcount_part.
2258
2259 -------------------------------------------------------------------------------
2260 Buffer Annotation Examples
2261
2262 LWSTDAPI_(BOOL) StrToIntExA(
2263 __in LPCSTR pszString,
2264 DWORD dwFlags,
2265 __out int *piRet -- A pointer whose dereference will be filled in.
2266 );
2267
2268 void MyPaintingFunction(
2269 __in HWND hwndControl, -- An initialized read-only parameter.
2270 __in_opt HDC hdcOptional, -- An initialized read-only parameter that might be NULL.
2271 __inout IPropertyStore *ppsStore -- An initialized parameter that may be freely used
2272 -- and modified.
2273 );
2274
2275 LWSTDAPI_(BOOL) PathCompactPathExA(
2276 __out_ecount(cchMax) LPSTR pszOut, -- A string buffer with cch elements that will
2277 -- be NULL terminated on exit.
2278 __in LPCSTR pszSrc,
2279 UINT cchMax,
2280 DWORD dwFlags
2281 );
2282
2283 HRESULT SHLocalAllocBytes(
2284 size_t cb,
2285 __deref_bcount(cb) T **ppv -- A pointer whose dereference will be set to an
2286 -- uninitialized buffer with cb bytes.
2287 );
2288
2289 __inout_bcount_full(cb) : A buffer with cb elements that is fully initialized at
2290 entry and exit, and may be written to by this function.
2291
2292 __out_ecount_part(count, *countOut) : A buffer with count elements that will be
2293 partially initialized by this function. The function indicates how much it
2294 initialized by setting *countOut.
2295
2296 -------------------------------------------------------------------------------
2297 Advanced Annotations
2298
2299 Advanced annotations describe behavior that is not expressible with the regular
2300 buffer macros. These may be used either to annotate buffer parameters that involve
2301 complex or conditional behavior, or to enrich existing annotations with additional
2302 information.
2303
2304 __success(expr) f :
2305 <expr> indicates whether function f succeeded or not. If <expr> is true at exit,
2306 all the function's guarantees (as given by other annotations) must hold. If <expr>
2307 is false at exit, the caller should not expect any of the function's guarantees
2308 to hold. If not used, the function must always satisfy its guarantees. Added
2309 automatically to functions that indicate success in standard ways, such as by
2310 returning an HRESULT.
2311
2312 __nullterminated p :
2313 Pointer p is a buffer that may be read or written up to and including the first
2314 NULL character or pointer. May be used on typedefs, which marks valid (properly
2315 initialized) instances of that type as being NULL-terminated.
2316
2317 __nullnullterminated p :
2318 Pointer p is a buffer that may be read or written up to and including the first
2319 sequence of two NULL characters or pointers. May be used on typedefs, which marks
2320 valid instances of that type as being double-NULL terminated.
2321
2322 __reserved v :
2323 Value v must be 0/NULL, reserved for future use.
2324
2325 __checkReturn v :
2326 Return value v must not be ignored by callers of this function.
2327
2328 __typefix(ctype) v :
2329 Value v should be treated as an instance of ctype, rather than its declared type.
2330
2331 __override f :
2332 Specify C#-style 'override' behaviour for overriding virtual methods.
2333
2334 __callback f :
2335 Function f can be used as a function pointer.
2336
2337 __format_string p :
2338 Pointer p is a string that contains % markers in the style of printf.
2339
2340 __blocksOn(resource) f :
2341 Function f blocks on the resource 'resource'.
2342
2343 __fallthrough :
2344 Annotates switch statement labels where fall-through is desired, to distinguish
2345 from forgotten break statements.
2346
2347 -------------------------------------------------------------------------------
2348 Advanced Annotation Examples
2349
2350 __success(return != FALSE) LWSTDAPI_(BOOL)
2351 PathCanonicalizeA(__out_ecount(MAX_PATH) LPSTR pszBuf, LPCSTR pszPath) :
2352 pszBuf is only guaranteed to be NULL-terminated when TRUE is returned.
2353
2354 typedef __nullterminated WCHAR* LPWSTR : Initialized LPWSTRs are NULL-terminated strings.
2355
2356 __out_ecount(cch) __typefix(LPWSTR) void *psz : psz is a buffer parameter which will be
2357 a NULL-terminated WCHAR string at exit, and which initially contains cch WCHARs.
2358
2359 -------------------------------------------------------------------------------
2360*/
2361
2362#define __specstrings
2363
2364#ifdef __cplusplus // [
2365#ifndef __nothrow // [
2366# define __nothrow __declspec(nothrow)
2367#endif // ]
2368extern "C" {
2369#else // ][
2370#ifndef __nothrow // [
2371# define __nothrow
2372#endif // ]
2373#endif /* #ifdef __cplusplus */ // ]
2374
2375
2376/*
2377 -------------------------------------------------------------------------------
2378 Helper Macro Definitions
2379
2380 These express behavior common to many of the high-level annotations.
2381 DO NOT USE THESE IN YOUR CODE.
2382 -------------------------------------------------------------------------------
2383*/
2384
2385/*
2386 The helper annotations are only understood by the compiler version used by
2387 various defect detection tools. When the regular compiler is running, they
2388 are defined into nothing, and do not affect the compiled code.
2389*/
2390
2391#if !defined(__midl) && defined(_PREFAST_) // [
2392
2393 /*
2394 In the primitive "SAL_*" annotations "SAL" stands for Standard
2395 Annotation Language. These "SAL_*" annotations are the
2396 primitives the compiler understands and high-level MACROs
2397 will decompose into these primivates.
2398 */
2399
2400 #define _SA_SPECSTRIZE( x ) #x
2401
2402 /*
2403 __null p
2404 __notnull p
2405 __maybenull p
2406
2407 Annotates a pointer p. States that pointer p is null. Commonly used
2408 in the negated form __notnull or the possibly null form __maybenull.
2409 */
2410
2411#ifndef PAL_STDCPP_COMPAT
2412 #define __null _Null_impl_
2413 #define __notnull _Notnull_impl_
2414 #define __maybenull _Maybenull_impl_
2415#endif // !PAL_STDCPP_COMPAT
2416
2417 /*
2418 __readonly l
2419 __notreadonly l
2420 __mabyereadonly l
2421
2422 Annotates a location l. States that location l is not modified after
2423 this point. If the annotation is placed on the precondition state of
2424 a function, the restriction only applies until the postcondition state
2425 of the function. __maybereadonly states that the annotated location
2426 may be modified, whereas __notreadonly states that a location must be
2427 modified.
2428 */
2429
2430 #define __readonly _Pre1_impl_(__readaccess_impl)
2431 #define __notreadonly _Pre1_impl_(__allaccess_impl)
2432 #define __maybereadonly _Pre1_impl_(__readaccess_impl)
2433
2434 /*
2435 __valid v
2436 __notvalid v
2437 __maybevalid v
2438
2439 Annotates any value v. States that the value satisfies all properties of
2440 valid values of its type. For example, for a string buffer, valid means
2441 that the buffer pointer is either NULL or points to a NULL-terminated string.
2442 */
2443
2444 #define __valid _Valid_impl_
2445 #define __notvalid _Notvalid_impl_
2446 #define __maybevalid _Maybevalid_impl_
2447
2448 /*
2449 __readableTo(extent) p
2450
2451 Annotates a buffer pointer p. If the buffer can be read, extent describes
2452 how much of the buffer is readable. For a reader of the buffer, this is
2453 an explicit permission to read up to that amount, rather than a restriction to
2454 read only up to it.
2455 */
2456
2457 #define __readableTo(extent) _SA_annotes1(SAL_readableTo, extent)
2458
2459 /*
2460
2461 __elem_readableTo(size)
2462
2463 Annotates a buffer pointer p as being readable to size elements.
2464 */
2465
2466 #define __elem_readableTo(size) _SA_annotes1(SAL_readableTo, elementCount( size ))
2467
2468 /*
2469 __byte_readableTo(size)
2470
2471 Annotates a buffer pointer p as being readable to size bytes.
2472 */
2473 #define __byte_readableTo(size) _SA_annotes1(SAL_readableTo, byteCount(size))
2474
2475 /*
2476 __writableTo(extent) p
2477
2478 Annotates a buffer pointer p. If the buffer can be modified, extent
2479 describes how much of the buffer is writable (usually the allocation
2480 size). For a writer of the buffer, this is an explicit permission to
2481 write up to that amount, rather than a restriction to write only up to it.
2482 */
2483 #define __writableTo(size) _SA_annotes1(SAL_writableTo, size)
2484
2485 /*
2486 __elem_writableTo(size)
2487
2488 Annotates a buffer pointer p as being writable to size elements.
2489 */
2490 #define __elem_writableTo(size) _SA_annotes1(SAL_writableTo, elementCount( size ))
2491
2492 /*
2493 __byte_writableTo(size)
2494
2495 Annotates a buffer pointer p as being writable to size bytes.
2496 */
2497 #define __byte_writableTo(size) _SA_annotes1(SAL_writableTo, byteCount( size))
2498
2499 /*
2500 __deref p
2501
2502 Annotates a pointer p. The next annotation applies one dereference down
2503 in the type. If readableTo(p, size) then the next annotation applies to
2504 all elements *(p+i) for which i satisfies the size. If p is a pointer
2505 to a struct, the next annotation applies to all fields of the struct.
2506 */
2507 #define __deref _Deref_impl_
2508
2509 /*
2510 __pre __next_annotation
2511
2512 The next annotation applies in the precondition state
2513 */
2514 #define __pre _Pre_impl_
2515
2516 /*
2517 __post __next_annotation
2518
2519 The next annotation applies in the postcondition state
2520 */
2521 #define __post _Post_impl_
2522
2523 /*
2524 __precond(<expr>)
2525
2526 When <expr> is true, the next annotation applies in the precondition state
2527 (currently not enabled)
2528 */
2529 #define __precond(expr) __pre
2530
2531 /*
2532 __postcond(<expr>)
2533
2534 When <expr> is true, the next annotation applies in the postcondition state
2535 (currently not enabled)
2536 */
2537 #define __postcond(expr) __post
2538
2539 /*
2540 __exceptthat
2541
2542 Given a set of annotations Q containing __exceptthat maybeP, the effect of
2543 the except clause is to erase any P or notP annotations (explicit or
2544 implied) within Q at the same level of dereferencing that the except
2545 clause appears, and to replace it with maybeP.
2546
2547 Example 1: __valid __pre_except_maybenull on a pointer p means that the
2548 pointer may be null, and is otherwise valid, thus overriding
2549 the implicit notnull annotation implied by __valid on
2550 pointers.
2551
2552 Example 2: __valid __deref __pre_except_maybenull on an int **p means
2553 that p is not null (implied by valid), but the elements
2554 pointed to by p could be null, and are otherwise valid.
2555 */
2556 #define __exceptthat __inner_exceptthat
2557
2558 /*
2559 _refparam
2560
2561 Added to all out parameter macros to indicate that they are all reference
2562 parameters.
2563 */
2564 #define __refparam _Notref_ __deref __notreadonly
2565
2566 /*
2567 __inner_*
2568
2569 Helper macros that directly correspond to certain high-level annotations.
2570
2571 */
2572
2573 /*
2574 Macros to classify the entrypoints and indicate their category.
2575
2576 Pre-defined control point categories include: RPC, LPC, DeviceDriver, UserToKernel, ISAPI, COM.
2577
2578 */
2579 #define __inner_control_entrypoint(category) _SA_annotes2(SAL_entrypoint, controlEntry, category)
2580
2581
2582 /*
2583 Pre-defined data entry point categories include: Registry, File, Network.
2584 */
2585 #define __inner_data_entrypoint(category) _SA_annotes2(SAL_entrypoint, dataEntry, category)
2586
2587 #define __inner_override _SA_annotes0(__override)
2588 #define __inner_callback _SA_annotes0(__callback)
2589 #define __inner_blocksOn(resource) _SA_annotes1(SAL_blocksOn, resource)
2590 #define __inner_fallthrough_dec __inline __nothrow void __FallThrough() {}
2591 #define __inner_fallthrough __FallThrough();
2592
2593 #define __post_except_maybenull __post __inner_exceptthat _Maybenull_impl_
2594 #define __pre_except_maybenull __pre __inner_exceptthat _Maybenull_impl_
2595
2596 #define __post_deref_except_maybenull __post __deref __inner_exceptthat _Maybenull_impl_
2597 #define __pre_deref_except_maybenull __pre __deref __inner_exceptthat _Maybenull_impl_
2598
2599 #define __inexpressible_readableTo(size) _Readable_elements_impl_(_Inexpressible_(size))
2600 #define __inexpressible_writableTo(size) _Writable_elements_impl_(_Inexpressible_(size))
2601
2602
2603#else // ][
2604#ifndef PAL_STDCPP_COMPAT
2605 #define __null
2606 #define __notnull
2607#endif // !PAL_STDCPP_COMPAT
2608 #define __maybenull
2609 #define __readonly
2610 #define __notreadonly
2611 #define __maybereadonly
2612 #define __valid
2613 #define __notvalid
2614 #define __maybevalid
2615 #define __readableTo(extent)
2616 #define __elem_readableTo(size)
2617 #define __byte_readableTo(size)
2618 #define __writableTo(size)
2619 #define __elem_writableTo(size)
2620 #define __byte_writableTo(size)
2621 #define __deref
2622 #define __pre
2623 #define __post
2624 #define __precond(expr)
2625 #define __postcond(expr)
2626 #define __exceptthat
2627 #define __inner_override
2628 #define __inner_callback
2629 #define __inner_blocksOn(resource)
2630 #define __inner_fallthrough_dec
2631 #define __inner_fallthrough
2632 #define __refparam
2633 #define __inner_control_entrypoint(category)
2634 #define __inner_data_entrypoint(category)
2635
2636 #define __post_except_maybenull
2637 #define __pre_except_maybenull
2638 #define __post_deref_except_maybenull
2639 #define __pre_deref_except_maybenull
2640
2641 #define __inexpressible_readableTo(size)
2642 #define __inexpressible_writableTo(size)
2643
2644#endif /* #if !defined(__midl) && defined(_PREFAST_) */ // ]
2645
2646/*
2647-------------------------------------------------------------------------------
2648Buffer Annotation Definitions
2649
2650Any of these may be used to directly annotate functions, but only one should
2651be used for each parameter. To determine which annotation to use for a given
2652buffer, use the table in the buffer annotations section.
2653-------------------------------------------------------------------------------
2654*/
2655
2656// These macros conflict with c++ headers.
2657#ifndef PAL_STDCPP_COMPAT
2658#define __in _SAL1_Source_(__in, (), _In_)
2659#define __out _SAL1_Source_(__out, (), _Out_)
2660#endif // !PAL_STDCPP_COMPAT
2661
2662#define __ecount(size) _SAL1_Source_(__ecount, (size), __notnull __elem_writableTo(size))
2663#define __bcount(size) _SAL1_Source_(__bcount, (size), __notnull __byte_writableTo(size))
2664#define __in_ecount(size) _SAL1_Source_(__in_ecount, (size), _In_reads_(size))
2665#define __in_bcount(size) _SAL1_Source_(__in_bcount, (size), _In_reads_bytes_(size))
2666#define __in_z _SAL1_Source_(__in_z, (), _In_z_)
2667#define __in_ecount_z(size) _SAL1_Source_(__in_ecount_z, (size), _In_reads_z_(size))
2668#define __in_bcount_z(size) _SAL1_Source_(__in_bcount_z, (size), __in_bcount(size) __pre __nullterminated)
2669#define __in_nz _SAL1_Source_(__in_nz, (), __in)
2670#define __in_ecount_nz(size) _SAL1_Source_(__in_ecount_nz, (size), __in_ecount(size))
2671#define __in_bcount_nz(size) _SAL1_Source_(__in_bcount_nz, (size), __in_bcount(size))
2672#define __out_ecount(size) _SAL1_Source_(__out_ecount, (size), _Out_writes_(size))
2673#define __out_bcount(size) _SAL1_Source_(__out_bcount, (size), _Out_writes_bytes_(size))
2674#define __out_ecount_part(size,length) _SAL1_Source_(__out_ecount_part, (size,length), _Out_writes_to_(size,length))
2675#define __out_bcount_part(size,length) _SAL1_Source_(__out_bcount_part, (size,length), _Out_writes_bytes_to_(size,length))
2676#define __out_ecount_full(size) _SAL1_Source_(__out_ecount_full, (size), _Out_writes_all_(size))
2677#define __out_bcount_full(size) _SAL1_Source_(__out_bcount_full, (size), _Out_writes_bytes_all_(size))
2678#define __out_z _SAL1_Source_(__out_z, (), __post __valid __refparam __post __nullterminated)
2679#define __out_z_opt _SAL1_Source_(__out_z_opt, (), __post __valid __refparam __post __nullterminated __pre_except_maybenull)
2680#define __out_ecount_z(size) _SAL1_Source_(__out_ecount_z, (size), __ecount(size) __post __valid __refparam __post __nullterminated)
2681#define __out_bcount_z(size) _SAL1_Source_(__out_bcount_z, (size), __bcount(size) __post __valid __refparam __post __nullterminated)
2682#define __out_ecount_part_z(size,length) _SAL1_Source_(__out_ecount_part_z, (size,length), __out_ecount_part(size,length) __post __nullterminated)
2683#define __out_bcount_part_z(size,length) _SAL1_Source_(__out_bcount_part_z, (size,length), __out_bcount_part(size,length) __post __nullterminated)
2684#define __out_ecount_full_z(size) _SAL1_Source_(__out_ecount_full_z, (size), __out_ecount_full(size) __post __nullterminated)
2685#define __out_bcount_full_z(size) _SAL1_Source_(__out_bcount_full_z, (size), __out_bcount_full(size) __post __nullterminated)
2686#define __out_nz _SAL1_Source_(__out_nz, (), __post __valid __refparam)
2687#define __out_nz_opt _SAL1_Source_(__out_nz_opt, (), __post __valid __refparam __post_except_maybenull_)
2688#define __out_ecount_nz(size) _SAL1_Source_(__out_ecount_nz, (size), __ecount(size) __post __valid __refparam)
2689#define __out_bcount_nz(size) _SAL1_Source_(__out_bcount_nz, (size), __bcount(size) __post __valid __refparam)
2690#define __inout _SAL1_Source_(__inout, (), _Inout_)
2691#define __inout_ecount(size) _SAL1_Source_(__inout_ecount, (size), _Inout_updates_(size))
2692#define __inout_bcount(size) _SAL1_Source_(__inout_bcount, (size), _Inout_updates_bytes_(size))
2693#define __inout_ecount_part(size,length) _SAL1_Source_(__inout_ecount_part, (size,length), _Inout_updates_to_(size,length))
2694#define __inout_bcount_part(size,length) _SAL1_Source_(__inout_bcount_part, (size,length), _Inout_updates_bytes_to_(size,length))
2695#define __inout_ecount_full(size) _SAL1_Source_(__inout_ecount_full, (size), _Inout_updates_all_(size))
2696#define __inout_bcount_full(size) _SAL1_Source_(__inout_bcount_full, (size), _Inout_updates_bytes_all_(size))
2697#define __inout_z _SAL1_Source_(__inout_z, (), _Inout_z_)
2698#define __inout_ecount_z(size) _SAL1_Source_(__inout_ecount_z, (size), _Inout_updates_z_(size))
2699#define __inout_bcount_z(size) _SAL1_Source_(__inout_bcount_z, (size), __inout_bcount(size) __pre __nullterminated __post __nullterminated)
2700#define __inout_nz _SAL1_Source_(__inout_nz, (), __inout)
2701#define __inout_ecount_nz(size) _SAL1_Source_(__inout_ecount_nz, (size), __inout_ecount(size))
2702#define __inout_bcount_nz(size) _SAL1_Source_(__inout_bcount_nz, (size), __inout_bcount(size))
2703#define __ecount_opt(size) _SAL1_Source_(__ecount_opt, (size), __ecount(size) __pre_except_maybenull)
2704#define __bcount_opt(size) _SAL1_Source_(__bcount_opt, (size), __bcount(size) __pre_except_maybenull)
2705#define __in_opt _SAL1_Source_(__in_opt, (), _In_opt_)
2706#define __in_ecount_opt(size) _SAL1_Source_(__in_ecount_opt, (size), _In_reads_opt_(size))
2707#define __in_bcount_opt(size) _SAL1_Source_(__in_bcount_opt, (size), _In_reads_bytes_opt_(size))
2708#define __in_z_opt _SAL1_Source_(__in_z_opt, (), _In_opt_z_)
2709#define __in_ecount_z_opt(size) _SAL1_Source_(__in_ecount_z_opt, (size), __in_ecount_opt(size) __pre __nullterminated)
2710#define __in_bcount_z_opt(size) _SAL1_Source_(__in_bcount_z_opt, (size), __in_bcount_opt(size) __pre __nullterminated)
2711#define __in_nz_opt _SAL1_Source_(__in_nz_opt, (), __in_opt)
2712#define __in_ecount_nz_opt(size) _SAL1_Source_(__in_ecount_nz_opt, (size), __in_ecount_opt(size))
2713#define __in_bcount_nz_opt(size) _SAL1_Source_(__in_bcount_nz_opt, (size), __in_bcount_opt(size))
2714#define __out_opt _SAL1_Source_(__out_opt, (), _Out_opt_)
2715#define __out_ecount_opt(size) _SAL1_Source_(__out_ecount_opt, (size), _Out_writes_opt_(size))
2716#define __out_bcount_opt(size) _SAL1_Source_(__out_bcount_opt, (size), _Out_writes_bytes_opt_(size))
2717#define __out_ecount_part_opt(size,length) _SAL1_Source_(__out_ecount_part_opt, (size,length), __out_ecount_part(size,length) __pre_except_maybenull)
2718#define __out_bcount_part_opt(size,length) _SAL1_Source_(__out_bcount_part_opt, (size,length), __out_bcount_part(size,length) __pre_except_maybenull)
2719#define __out_ecount_full_opt(size) _SAL1_Source_(__out_ecount_full_opt, (size), __out_ecount_full(size) __pre_except_maybenull)
2720#define __out_bcount_full_opt(size) _SAL1_Source_(__out_bcount_full_opt, (size), __out_bcount_full(size) __pre_except_maybenull)
2721#define __out_ecount_z_opt(size) _SAL1_Source_(__out_ecount_z_opt, (size), __out_ecount_opt(size) __post __nullterminated)
2722#define __out_bcount_z_opt(size) _SAL1_Source_(__out_bcount_z_opt, (size), __out_bcount_opt(size) __post __nullterminated)
2723#define __out_ecount_part_z_opt(size,length) _SAL1_Source_(__out_ecount_part_z_opt, (size,length), __out_ecount_part_opt(size,length) __post __nullterminated)
2724#define __out_bcount_part_z_opt(size,length) _SAL1_Source_(__out_bcount_part_z_opt, (size,length), __out_bcount_part_opt(size,length) __post __nullterminated)
2725#define __out_ecount_full_z_opt(size) _SAL1_Source_(__out_ecount_full_z_opt, (size), __out_ecount_full_opt(size) __post __nullterminated)
2726#define __out_bcount_full_z_opt(size) _SAL1_Source_(__out_bcount_full_z_opt, (size), __out_bcount_full_opt(size) __post __nullterminated)
2727#define __out_ecount_nz_opt(size) _SAL1_Source_(__out_ecount_nz_opt, (size), __out_ecount_opt(size) __post __nullterminated)
2728#define __out_bcount_nz_opt(size) _SAL1_Source_(__out_bcount_nz_opt, (size), __out_bcount_opt(size) __post __nullterminated)
2729#define __inout_opt _SAL1_Source_(__inout_opt, (), _Inout_opt_)
2730#define __inout_ecount_opt(size) _SAL1_Source_(__inout_ecount_opt, (size), __inout_ecount(size) __pre_except_maybenull)
2731#define __inout_bcount_opt(size) _SAL1_Source_(__inout_bcount_opt, (size), __inout_bcount(size) __pre_except_maybenull)
2732#define __inout_ecount_part_opt(size,length) _SAL1_Source_(__inout_ecount_part_opt, (size,length), __inout_ecount_part(size,length) __pre_except_maybenull)
2733#define __inout_bcount_part_opt(size,length) _SAL1_Source_(__inout_bcount_part_opt, (size,length), __inout_bcount_part(size,length) __pre_except_maybenull)
2734#define __inout_ecount_full_opt(size) _SAL1_Source_(__inout_ecount_full_opt, (size), __inout_ecount_full(size) __pre_except_maybenull)
2735#define __inout_bcount_full_opt(size) _SAL1_Source_(__inout_bcount_full_opt, (size), __inout_bcount_full(size) __pre_except_maybenull)
2736#define __inout_z_opt _SAL1_Source_(__inout_z_opt, (), __inout_opt __pre __nullterminated __post __nullterminated)
2737#define __inout_ecount_z_opt(size) _SAL1_Source_(__inout_ecount_z_opt, (size), __inout_ecount_opt(size) __pre __nullterminated __post __nullterminated)
2738#define __inout_ecount_z_opt(size) _SAL1_Source_(__inout_ecount_z_opt, (size), __inout_ecount_opt(size) __pre __nullterminated __post __nullterminated)
2739#define __inout_bcount_z_opt(size) _SAL1_Source_(__inout_bcount_z_opt, (size), __inout_bcount_opt(size))
2740#define __inout_nz_opt _SAL1_Source_(__inout_nz_opt, (), __inout_opt)
2741#define __inout_ecount_nz_opt(size) _SAL1_Source_(__inout_ecount_nz_opt, (size), __inout_ecount_opt(size))
2742#define __inout_bcount_nz_opt(size) _SAL1_Source_(__inout_bcount_nz_opt, (size), __inout_bcount_opt(size))
2743#define __deref_ecount(size) _SAL1_Source_(__deref_ecount, (size), _Notref_ __ecount(1) __post _Notref_ __elem_readableTo(1) __post _Notref_ __deref _Notref_ __notnull __post __deref __elem_writableTo(size))
2744#define __deref_bcount(size) _SAL1_Source_(__deref_bcount, (size), _Notref_ __ecount(1) __post _Notref_ __elem_readableTo(1) __post _Notref_ __deref _Notref_ __notnull __post __deref __byte_writableTo(size))
2745#define __deref_out _SAL1_Source_(__deref_out, (), _Outptr_)
2746#define __deref_out_ecount(size) _SAL1_Source_(__deref_out_ecount, (size), _Outptr_result_buffer_(size))
2747#define __deref_out_bcount(size) _SAL1_Source_(__deref_out_bcount, (size), _Outptr_result_bytebuffer_(size))
2748#define __deref_out_ecount_part(size,length) _SAL1_Source_(__deref_out_ecount_part, (size,length), _Outptr_result_buffer_to_(size,length))
2749#define __deref_out_bcount_part(size,length) _SAL1_Source_(__deref_out_bcount_part, (size,length), _Outptr_result_bytebuffer_to_(size,length))
2750#define __deref_out_ecount_full(size) _SAL1_Source_(__deref_out_ecount_full, (size), __deref_out_ecount_part(size,size))
2751#define __deref_out_bcount_full(size) _SAL1_Source_(__deref_out_bcount_full, (size), __deref_out_bcount_part(size,size))
2752#define __deref_out_z _SAL1_Source_(__deref_out_z, (), _Outptr_result_z_)
2753#define __deref_out_ecount_z(size) _SAL1_Source_(__deref_out_ecount_z, (size), __deref_out_ecount(size) __post __deref __nullterminated)
2754#define __deref_out_bcount_z(size) _SAL1_Source_(__deref_out_bcount_z, (size), __deref_out_bcount(size) __post __deref __nullterminated)
2755#define __deref_out_nz _SAL1_Source_(__deref_out_nz, (), __deref_out)
2756#define __deref_out_ecount_nz(size) _SAL1_Source_(__deref_out_ecount_nz, (size), __deref_out_ecount(size))
2757#define __deref_out_bcount_nz(size) _SAL1_Source_(__deref_out_bcount_nz, (size), __deref_out_ecount(size))
2758#define __deref_inout _SAL1_Source_(__deref_inout, (), _Notref_ __notnull _Notref_ __elem_readableTo(1) __pre __deref __valid __post _Notref_ __deref __valid __refparam)
2759#define __deref_inout_z _SAL1_Source_(__deref_inout_z, (), __deref_inout __pre __deref __nullterminated __post _Notref_ __deref __nullterminated)
2760#define __deref_inout_ecount(size) _SAL1_Source_(__deref_inout_ecount, (size), __deref_inout __pre __deref __elem_writableTo(size) __post _Notref_ __deref __elem_writableTo(size))
2761#define __deref_inout_bcount(size) _SAL1_Source_(__deref_inout_bcount, (size), __deref_inout __pre __deref __byte_writableTo(size) __post _Notref_ __deref __byte_writableTo(size))
2762#define __deref_inout_ecount_part(size,length) _SAL1_Source_(__deref_inout_ecount_part, (size,length), __deref_inout_ecount(size) __pre __deref __elem_readableTo(length) __post __deref __elem_readableTo(length))
2763#define __deref_inout_bcount_part(size,length) _SAL1_Source_(__deref_inout_bcount_part, (size,length), __deref_inout_bcount(size) __pre __deref __byte_readableTo(length) __post __deref __byte_readableTo(length))
2764#define __deref_inout_ecount_full(size) _SAL1_Source_(__deref_inout_ecount_full, (size), __deref_inout_ecount_part(size,size))
2765#define __deref_inout_bcount_full(size) _SAL1_Source_(__deref_inout_bcount_full, (size), __deref_inout_bcount_part(size,size))
2766#define __deref_inout_ecount_z(size) _SAL1_Source_(__deref_inout_ecount_z, (size), __deref_inout_ecount(size) __pre __deref __nullterminated __post __deref __nullterminated)
2767#define __deref_inout_bcount_z(size) _SAL1_Source_(__deref_inout_bcount_z, (size), __deref_inout_bcount(size) __pre __deref __nullterminated __post __deref __nullterminated)
2768#define __deref_inout_nz _SAL1_Source_(__deref_inout_nz, (), __deref_inout)
2769#define __deref_inout_ecount_nz(size) _SAL1_Source_(__deref_inout_ecount_nz, (size), __deref_inout_ecount(size))
2770#define __deref_inout_bcount_nz(size) _SAL1_Source_(__deref_inout_bcount_nz, (size), __deref_inout_ecount(size))
2771#define __deref_ecount_opt(size) _SAL1_Source_(__deref_ecount_opt, (size), __deref_ecount(size) __post_deref_except_maybenull)
2772#define __deref_bcount_opt(size) _SAL1_Source_(__deref_bcount_opt, (size), __deref_bcount(size) __post_deref_except_maybenull)
2773#define __deref_out_opt _SAL1_Source_(__deref_out_opt, (), __deref_out __post_deref_except_maybenull)
2774#define __deref_out_ecount_opt(size) _SAL1_Source_(__deref_out_ecount_opt, (size), __deref_out_ecount(size) __post_deref_except_maybenull)
2775#define __deref_out_bcount_opt(size) _SAL1_Source_(__deref_out_bcount_opt, (size), __deref_out_bcount(size) __post_deref_except_maybenull)
2776#define __deref_out_ecount_part_opt(size,length) _SAL1_Source_(__deref_out_ecount_part_opt, (size,length), __deref_out_ecount_part(size,length) __post_deref_except_maybenull)
2777#define __deref_out_bcount_part_opt(size,length) _SAL1_Source_(__deref_out_bcount_part_opt, (size,length), __deref_out_bcount_part(size,length) __post_deref_except_maybenull)
2778#define __deref_out_ecount_full_opt(size) _SAL1_Source_(__deref_out_ecount_full_opt, (size), __deref_out_ecount_full(size) __post_deref_except_maybenull)
2779#define __deref_out_bcount_full_opt(size) _SAL1_Source_(__deref_out_bcount_full_opt, (size), __deref_out_bcount_full(size) __post_deref_except_maybenull)
2780#define __deref_out_z_opt _SAL1_Source_(__deref_out_z_opt, (), _Outptr_result_maybenull_z_)
2781#define __deref_out_ecount_z_opt(size) _SAL1_Source_(__deref_out_ecount_z_opt, (size), __deref_out_ecount_opt(size) __post __deref __nullterminated)
2782#define __deref_out_bcount_z_opt(size) _SAL1_Source_(__deref_out_bcount_z_opt, (size), __deref_out_bcount_opt(size) __post __deref __nullterminated)
2783#define __deref_out_nz_opt _SAL1_Source_(__deref_out_nz_opt, (), __deref_out_opt)
2784#define __deref_out_ecount_nz_opt(size) _SAL1_Source_(__deref_out_ecount_nz_opt, (size), __deref_out_ecount_opt(size))
2785#define __deref_out_bcount_nz_opt(size) _SAL1_Source_(__deref_out_bcount_nz_opt, (size), __deref_out_bcount_opt(size))
2786#define __deref_inout_opt _SAL1_Source_(__deref_inout_opt, (), __deref_inout __pre_deref_except_maybenull __post_deref_except_maybenull)
2787#define __deref_inout_ecount_opt(size) _SAL1_Source_(__deref_inout_ecount_opt, (size), __deref_inout_ecount(size) __pre_deref_except_maybenull __post_deref_except_maybenull)
2788#define __deref_inout_bcount_opt(size) _SAL1_Source_(__deref_inout_bcount_opt, (size), __deref_inout_bcount(size) __pre_deref_except_maybenull __post_deref_except_maybenull)
2789#define __deref_inout_ecount_part_opt(size,length) _SAL1_Source_(__deref_inout_ecount_part_opt, (size,length), __deref_inout_ecount_part(size,length) __pre_deref_except_maybenull __post_deref_except_maybenull)
2790#define __deref_inout_bcount_part_opt(size,length) _SAL1_Source_(__deref_inout_bcount_part_opt, (size,length), __deref_inout_bcount_part(size,length) __pre_deref_except_maybenull __post_deref_except_maybenull)
2791#define __deref_inout_ecount_full_opt(size) _SAL1_Source_(__deref_inout_ecount_full_opt, (size), __deref_inout_ecount_full(size) __pre_deref_except_maybenull __post_deref_except_maybenull)
2792#define __deref_inout_bcount_full_opt(size) _SAL1_Source_(__deref_inout_bcount_full_opt, (size), __deref_inout_bcount_full(size) __pre_deref_except_maybenull __post_deref_except_maybenull)
2793#define __deref_inout_z_opt _SAL1_Source_(__deref_inout_z_opt, (), __deref_inout_opt __pre __deref __nullterminated __post __deref __nullterminated)
2794#define __deref_inout_ecount_z_opt(size) _SAL1_Source_(__deref_inout_ecount_z_opt, (size), __deref_inout_ecount_opt(size) __pre __deref __nullterminated __post __deref __nullterminated)
2795#define __deref_inout_bcount_z_opt(size) _SAL1_Source_(__deref_inout_bcount_z_opt, (size), __deref_inout_bcount_opt(size) __pre __deref __nullterminated __post __deref __nullterminated)
2796#define __deref_inout_nz_opt _SAL1_Source_(__deref_inout_nz_opt, (), __deref_inout_opt)
2797#define __deref_inout_ecount_nz_opt(size) _SAL1_Source_(__deref_inout_ecount_nz_opt, (size), __deref_inout_ecount_opt(size))
2798#define __deref_inout_bcount_nz_opt(size) _SAL1_Source_(__deref_inout_bcount_nz_opt, (size), __deref_inout_bcount_opt(size))
2799#define __deref_opt_ecount(size) _SAL1_Source_(__deref_opt_ecount, (size), __deref_ecount(size) __pre_except_maybenull)
2800#define __deref_opt_bcount(size) _SAL1_Source_(__deref_opt_bcount, (size), __deref_bcount(size) __pre_except_maybenull)
2801#define __deref_opt_out _SAL1_Source_(__deref_opt_out, (), _Outptr_opt_)
2802#define __deref_opt_out_z _SAL1_Source_(__deref_opt_out_z, (), _Outptr_opt_result_z_)
2803#define __deref_opt_out_ecount(size) _SAL1_Source_(__deref_opt_out_ecount, (size), __deref_out_ecount(size) __pre_except_maybenull)
2804#define __deref_opt_out_bcount(size) _SAL1_Source_(__deref_opt_out_bcount, (size), __deref_out_bcount(size) __pre_except_maybenull)
2805#define __deref_opt_out_ecount_part(size,length) _SAL1_Source_(__deref_opt_out_ecount_part, (size,length), __deref_out_ecount_part(size,length) __pre_except_maybenull)
2806#define __deref_opt_out_bcount_part(size,length) _SAL1_Source_(__deref_opt_out_bcount_part, (size,length), __deref_out_bcount_part(size,length) __pre_except_maybenull)
2807#define __deref_opt_out_ecount_full(size) _SAL1_Source_(__deref_opt_out_ecount_full, (size), __deref_out_ecount_full(size) __pre_except_maybenull)
2808#define __deref_opt_out_bcount_full(size) _SAL1_Source_(__deref_opt_out_bcount_full, (size), __deref_out_bcount_full(size) __pre_except_maybenull)
2809#define __deref_opt_inout _SAL1_Source_(__deref_opt_inout, (), _Inout_opt_)
2810#define __deref_opt_inout_ecount(size) _SAL1_Source_(__deref_opt_inout_ecount, (size), __deref_inout_ecount(size) __pre_except_maybenull)
2811#define __deref_opt_inout_bcount(size) _SAL1_Source_(__deref_opt_inout_bcount, (size), __deref_inout_bcount(size) __pre_except_maybenull)
2812#define __deref_opt_inout_ecount_part(size,length) _SAL1_Source_(__deref_opt_inout_ecount_part, (size,length), __deref_inout_ecount_part(size,length) __pre_except_maybenull)
2813#define __deref_opt_inout_bcount_part(size,length) _SAL1_Source_(__deref_opt_inout_bcount_part, (size,length), __deref_inout_bcount_part(size,length) __pre_except_maybenull)
2814#define __deref_opt_inout_ecount_full(size) _SAL1_Source_(__deref_opt_inout_ecount_full, (size), __deref_inout_ecount_full(size) __pre_except_maybenull)
2815#define __deref_opt_inout_bcount_full(size) _SAL1_Source_(__deref_opt_inout_bcount_full, (size), __deref_inout_bcount_full(size) __pre_except_maybenull)
2816#define __deref_opt_inout_z _SAL1_Source_(__deref_opt_inout_z, (), __deref_opt_inout __pre __deref __nullterminated __post __deref __nullterminated)
2817#define __deref_opt_inout_ecount_z(size) _SAL1_Source_(__deref_opt_inout_ecount_z, (size), __deref_opt_inout_ecount(size) __pre __deref __nullterminated __post __deref __nullterminated)
2818#define __deref_opt_inout_bcount_z(size) _SAL1_Source_(__deref_opt_inout_bcount_z, (size), __deref_opt_inout_bcount(size) __pre __deref __nullterminated __post __deref __nullterminated)
2819#define __deref_opt_inout_nz _SAL1_Source_(__deref_opt_inout_nz, (), __deref_opt_inout)
2820#define __deref_opt_inout_ecount_nz(size) _SAL1_Source_(__deref_opt_inout_ecount_nz, (size), __deref_opt_inout_ecount(size))
2821#define __deref_opt_inout_bcount_nz(size) _SAL1_Source_(__deref_opt_inout_bcount_nz, (size), __deref_opt_inout_bcount(size))
2822#define __deref_opt_ecount_opt(size) _SAL1_Source_(__deref_opt_ecount_opt, (size), __deref_ecount_opt(size) __pre_except_maybenull)
2823#define __deref_opt_bcount_opt(size) _SAL1_Source_(__deref_opt_bcount_opt, (size), __deref_bcount_opt(size) __pre_except_maybenull)
2824#define __deref_opt_out_opt _SAL1_Source_(__deref_opt_out_opt, (), _Outptr_opt_result_maybenull_)
2825#define __deref_opt_out_ecount_opt(size) _SAL1_Source_(__deref_opt_out_ecount_opt, (size), __deref_out_ecount_opt(size) __pre_except_maybenull)
2826#define __deref_opt_out_bcount_opt(size) _SAL1_Source_(__deref_opt_out_bcount_opt, (size), __deref_out_bcount_opt(size) __pre_except_maybenull)
2827#define __deref_opt_out_ecount_part_opt(size,length) _SAL1_Source_(__deref_opt_out_ecount_part_opt, (size,length), __deref_out_ecount_part_opt(size,length) __pre_except_maybenull)
2828#define __deref_opt_out_bcount_part_opt(size,length) _SAL1_Source_(__deref_opt_out_bcount_part_opt, (size,length), __deref_out_bcount_part_opt(size,length) __pre_except_maybenull)
2829#define __deref_opt_out_ecount_full_opt(size) _SAL1_Source_(__deref_opt_out_ecount_full_opt, (size), __deref_out_ecount_full_opt(size) __pre_except_maybenull)
2830#define __deref_opt_out_bcount_full_opt(size) _SAL1_Source_(__deref_opt_out_bcount_full_opt, (size), __deref_out_bcount_full_opt(size) __pre_except_maybenull)
2831#define __deref_opt_out_z_opt _SAL1_Source_(__deref_opt_out_z_opt, (), __post __deref __valid __refparam __pre_except_maybenull __pre_deref_except_maybenull __post_deref_except_maybenull __post __deref __nullterminated)
2832#define __deref_opt_out_ecount_z_opt(size) _SAL1_Source_(__deref_opt_out_ecount_z_opt, (size), __deref_opt_out_ecount_opt(size) __post __deref __nullterminated)
2833#define __deref_opt_out_bcount_z_opt(size) _SAL1_Source_(__deref_opt_out_bcount_z_opt, (size), __deref_opt_out_bcount_opt(size) __post __deref __nullterminated)
2834#define __deref_opt_out_nz_opt _SAL1_Source_(__deref_opt_out_nz_opt, (), __deref_opt_out_opt)
2835#define __deref_opt_out_ecount_nz_opt(size) _SAL1_Source_(__deref_opt_out_ecount_nz_opt, (size), __deref_opt_out_ecount_opt(size))
2836#define __deref_opt_out_bcount_nz_opt(size) _SAL1_Source_(__deref_opt_out_bcount_nz_opt, (size), __deref_opt_out_bcount_opt(size))
2837#define __deref_opt_inout_opt _SAL1_Source_(__deref_opt_inout_opt, (), __deref_inout_opt __pre_except_maybenull)
2838#define __deref_opt_inout_ecount_opt(size) _SAL1_Source_(__deref_opt_inout_ecount_opt, (size), __deref_inout_ecount_opt(size) __pre_except_maybenull)
2839#define __deref_opt_inout_bcount_opt(size) _SAL1_Source_(__deref_opt_inout_bcount_opt, (size), __deref_inout_bcount_opt(size) __pre_except_maybenull)
2840#define __deref_opt_inout_ecount_part_opt(size,length) _SAL1_Source_(__deref_opt_inout_ecount_part_opt, (size,length), __deref_inout_ecount_part_opt(size,length) __pre_except_maybenull)
2841#define __deref_opt_inout_bcount_part_opt(size,length) _SAL1_Source_(__deref_opt_inout_bcount_part_opt, (size,length), __deref_inout_bcount_part_opt(size,length) __pre_except_maybenull)
2842#define __deref_opt_inout_ecount_full_opt(size) _SAL1_Source_(__deref_opt_inout_ecount_full_opt, (size), __deref_inout_ecount_full_opt(size) __pre_except_maybenull)
2843#define __deref_opt_inout_bcount_full_opt(size) _SAL1_Source_(__deref_opt_inout_bcount_full_opt, (size), __deref_inout_bcount_full_opt(size) __pre_except_maybenull)
2844#define __deref_opt_inout_z_opt _SAL1_Source_(__deref_opt_inout_z_opt, (), __deref_opt_inout_opt __pre __deref __nullterminated __post __deref __nullterminated)
2845#define __deref_opt_inout_ecount_z_opt(size) _SAL1_Source_(__deref_opt_inout_ecount_z_opt, (size), __deref_opt_inout_ecount_opt(size) __pre __deref __nullterminated __post __deref __nullterminated)
2846#define __deref_opt_inout_bcount_z_opt(size) _SAL1_Source_(__deref_opt_inout_bcount_z_opt, (size), __deref_opt_inout_bcount_opt(size) __pre __deref __nullterminated __post __deref __nullterminated)
2847#define __deref_opt_inout_nz_opt _SAL1_Source_(__deref_opt_inout_nz_opt, (), __deref_opt_inout_opt)
2848#define __deref_opt_inout_ecount_nz_opt(size) _SAL1_Source_(__deref_opt_inout_ecount_nz_opt, (size), __deref_opt_inout_ecount_opt(size))
2849#define __deref_opt_inout_bcount_nz_opt(size) _SAL1_Source_(__deref_opt_inout_bcount_nz_opt, (size), __deref_opt_inout_bcount_opt(size))
2850
2851/*
2852-------------------------------------------------------------------------------
2853Advanced Annotation Definitions
2854
2855Any of these may be used to directly annotate functions, and may be used in
2856combination with each other or with regular buffer macros. For an explanation
2857of each annotation, see the advanced annotations section.
2858-------------------------------------------------------------------------------
2859*/
2860
2861#define __success(expr) _Success_(expr)
2862#define __nullterminated _Null_terminated_
2863#define __nullnullterminated
2864#define __clr_reserved _SAL1_Source_(__reserved, (), _Reserved_)
2865#define __checkReturn _SAL1_Source_(__checkReturn, (), _Check_return_)
2866#define __typefix(ctype) _SAL1_Source_(__typefix, (ctype), __inner_typefix(ctype))
2867#define __override __inner_override
2868#define __callback __inner_callback
2869#define __format_string _Printf_format_string_
2870#define __blocksOn(resource) __inner_blocksOn(resource)
2871#define __control_entrypoint(category) __inner_control_entrypoint(category)
2872#define __data_entrypoint(category) __inner_data_entrypoint(category)
2873#define __useHeader _Use_decl_anno_impl_
2874#define __on_failure(annotes) _On_failure_impl_(annotes _SAL_nop_impl_)
2875
2876#ifndef __fallthrough // [
2877 __inner_fallthrough_dec
2878 #define __fallthrough __inner_fallthrough
2879#endif // ]
2880
2881#ifndef __analysis_assume // [
2882#ifdef _PREFAST_ // [
2883#define __analysis_assume(expr) __assume(expr)
2884#else // ][
2885#define __analysis_assume(expr)
2886#endif // ]
2887#endif // ]
2888
2889#ifndef _Analysis_assume_ // [
2890#ifdef _PREFAST_ // [
2891#define _Analysis_assume_(expr) __assume(expr)
2892#else // ][
2893#define _Analysis_assume_(expr)
2894#endif // ]
2895#endif // ]
2896
2897#define _Analysis_noreturn_ _SAL2_Source_(_Analysis_noreturn_, (), _SA_annotes0(SAL_terminates))
2898
2899#ifdef _PREFAST_ // [
2900__inline __nothrow
2901void __AnalysisAssumeNullterminated(_Post_ __nullterminated void *p);
2902
2903#define _Analysis_assume_nullterminated_(x) __AnalysisAssumeNullterminated(x)
2904#else // ][
2905#define _Analysis_assume_nullterminated_(x)
2906#endif // ]
2907
2908//
2909// Set the analysis mode (global flags to analysis).
2910// They take effect at the point of declaration; use at global scope
2911// as a declaration.
2912//
2913
2914// Synthesize a unique symbol.
2915#define ___MKID(x, y) x ## y
2916#define __MKID(x, y) ___MKID(x, y)
2917#define __GENSYM(x) __MKID(x, __COUNTER__)
2918
2919__ANNOTATION(SAL_analysisMode(__AuToQuOtE __In_impl_ char *mode);)
2920
2921#define _Analysis_mode_impl_(mode) _SA_annotes1(SAL_analysisMode, #mode)
2922
2923#define _Analysis_mode_(mode) \
2924 typedef _Analysis_mode_impl_(mode) int \
2925 __GENSYM(__prefast_analysis_mode_flag);
2926
2927// The following are predefined:
2928// _Analysis_operator_new_throw_ (operator new throws)
2929// _Analysis_operator_new_null_ (operator new returns null)
2930// _Analysis_operator_new_never_fails_ (operator new never fails)
2931//
2932
2933// Function class annotations.
2934__ANNOTATION(SAL_functionClassNew(__In_impl_ char*);)
2935__PRIMOP(int, _In_function_class_(__In_impl_ char*);)
2936#define _In_function_class_(x) _In_function_class_(#x)
2937
2938#define _Function_class_(x) _SA_annotes1(SAL_functionClassNew, #x)
2939
2940/*
2941 * interlocked operand used in interlocked instructions
2942 */
2943//#define _Interlocked_operand_ _Pre_ _SA_annotes0(SAL_interlocked)
2944
2945#define _Enum_is_bitflag_ _SA_annotes0(SAL_enumIsBitflag)
2946#define _Strict_type_match_ _SA_annotes0(SAL_strictType2)
2947
2948#define _Maybe_raises_SEH_exception_ _Pre_ _SA_annotes1(SAL_inTry,__yes)
2949#define _Raises_SEH_exception_ _Group_(_Maybe_raises_SEH_exception_ _Analysis_noreturn_)
2950
2951#ifdef __cplusplus // [
2952}
2953#endif // ]
2954