From webteam at cs.virginia.edu Fri Dec 13 11:33:34 2002 From: webteam at cs.virginia.edu (Web Team) Date: Wed Mar 22 17:09:57 2006 Subject: [splint-discuss] test 3 Message-ID: <200212131633.LAA13655@viper.cs.Virginia.EDU> this is a test From evans at cs.virginia.edu Tue Dec 17 13:42:06 2002 From: evans at cs.virginia.edu (David Evans) Date: Wed Mar 22 17:09:57 2006 Subject: [splint-discuss] Mailing List Changes Message-ID: You are receiving this message because you subscribe to the lclint-interest@virginia.edu mailing list. That mailing list has been renamed to splint-discuss@cs.virginia.edu and is now run using mailman. The old mailing list and administrative addresses will forward to the new list. The main advantage to switching the list to the cs.virginia.edu mail server, is we can now run it as an automatic bounce list but require manual approval for messages that are sent from addresses that do not correspond to list subscribers. So, if you send a message to splint-discuss@cs.virginia.edu from the address you are subscribed as, it will automatically be sent to all list subscribers. To modify your list preferences (or to unsubscribe from the list) visit: http://www.splint.org/mailman/listinfo/splint-discuss Best, --- Dave ======================================================================= David Evans evans@virginia.edu http://www.cs.virginia.edu/evans 434 982 2218 Assistant Professor of Computer Science University of Virginia From drl7x at cs.virginia.edu Tue Dec 17 14:12:58 2002 From: drl7x at cs.virginia.edu (David Richard Larochelle) Date: Wed Mar 22 17:09:57 2006 Subject: [splint-discuss] Re: Parse errors on Linux headers files In-Reply-To: Your message of "Tue, 17 Dec 2002 15:24:12 +0100." <5.1.0.14.0.20021217151353.00b82270@pop3.chess.nl> Message-ID: <200212171912.OAA05949@ares.cs.Virginia.EDU> The kernel makes extensive use of gcc extensions. Using +gnuextensions will help to some extent. Also try adding the following to your .splintrc file: -Dasm=__asm__ -D__signed__=signed -D__attribute=__attribute__ This is probably not enough to get the entire kernel to work but I hope it will atleast be a starting point. -- David > Hi, > > I'm interrested if anyone has being able to use splint when checking > device drivers on a Linux system wihtout getting parse errors?!? > Currently splint keeps getting a parse error in: > "/usr/src/linux-2.4/include/asm/spinlock.h". It seems that the construction > asm volatile(...) is not parseable by splint?!? > > Any suggestions are welcome without having to change/modify the system header > files... > > Nathan Huizinga. > Embedded software engineer. > From bertrand.molliniertoublet at enst-bretagne.fr Wed Dec 18 18:08:55 2002 From: bertrand.molliniertoublet at enst-bretagne.fr (Bertrand Mollinier Toublet) Date: Wed Mar 22 17:09:57 2006 Subject: [splint-discuss] undefined field in my storage Message-ID: Hi all, I am a new user of Splint, and of course already ran into my first puzzling issue. From a rapid browse of the list archive, it seems that it is ok to post such issue here. However, if it is *not* ok, please let me know. My issue is related to the following tiny bit of code: #include struct node { size_t nchildren; /*@relnull@*/ struct node **children; }; static /*@null@*/ struct node *alloc_node(unsigned int, size_t); struct node *alloc_node(size_t nchildren) { struct node *node; size_t i; node = malloc(sizeof *node); if (NULL == node) return NULL; node->nchildren = nchildren; if (0 == nchildren) { node->children = NULL; } else { node->children = malloc(nchildren * sizeof *node->children); if (NULL == node->children) { free(node); return NULL; } for (i = 0; i < nchildren; ++i) { node->children[i] = NULL; } } return node; } The idea is to allocate storage for a single node of a tree with a variable number of children per node. The function tries to allocate storage for the struct itself, and returns NULL if it fails. It then goes on allocating storage for the list of children with the following rules: - if the number of children passed to the function is zero, it is indicated by setting the list to NULL - else, storage is allocated for enough pointers to the children (de-allocating node and returning NULL is case of malloc failure), and all the children are initialized to NULL (I want them to be set later). Now my problem: Splint complains that when returning node, at the last return, the field children is undefined. Here comes the full message: test.c(37,12): Returned storage *node contains 1 undefined field: children Storage derivable from a parameter, return value or global is not defined. Use /*@out@*/ to denote passed or returned storage which need not be defined. (Use -compdef to inhibit warning) It seems to me that node->children is fully defined, either as a NULL pointer if nchildren==0, or as an array of NULL pointer in the opposite case, except if the storage allocation failed, in which case, a NULL pointer is returned. In other words, I do not understand how Splint is able to see the children field as being undefined. Anyone willing to clarify things for me, please ? Bertrand From rabe42 at web.de Fri Dec 20 03:33:44 2002 From: rabe42 at web.de (Ralf Berger) Date: Wed Mar 22 17:09:57 2006 Subject: [splint-discuss] cygwin version of splint Message-ID: <200212200833.gBK8XiX25868@mailgate5.cinetic.de> Hello, I fail to compile the CVS version of splint for an actual version of cygwin with gcc 3.2. Don't know if this is a cygwin or a gcc issue. But before digging deeper I would like to ask if anyone has similiar problems compiling the CVS tree. The compilation fails compiling cscanner.c (after flex is running with no problems). It does'nt find defines like, CCONSTANT, CTOK_ELIPSIS and so on. Any hint? Regards Ralf ______________________________________________________________________________ Die SMS direkt auf's Handy. - Die Blitz-SMS bei WEB.DE FreeMail http://freemail.web.de/features/?mc=021165 From evans at cs.virginia.edu Fri Dec 20 10:27:34 2002 From: evans at cs.virginia.edu (David Evans) Date: Wed Mar 22 17:09:57 2006 Subject: [splint-discuss] undefined field in my storage In-Reply-To: Message-ID: Hi Bertrand, The reason splint is reporting a warning about node perhaps not being completely defined at line 37, is that it cannot determine that the body of the loop which initializes it with node->children[i] = NULL actually executes. (A deeper analysis would be able to determine this because the else only executes when nchildren > 0, but splint's analyses are not deep enough to determine that.) The way to elimintate the warning is to add a syntactic comment that indicates that the loop body always executes: /*@+forloopexec@*/ for (i = 0; i < nchildren; ++i) { node->children[i] = NULL; } /*@=forloopexec@*/ If you're less paranoid, you could just add +loopexec to the command line which would make splint assume all loop bodies are executed. --- Dave On Wed, 18 Dec 2002, Bertrand Mollinier Toublet wrote: > Hi all, > > I am a new user of Splint, and of course already ran into my first > puzzling issue. From a rapid browse of the list archive, it seems that > it is ok to post such issue here. However, if it is *not* ok, please let > me know. My issue is related to the following tiny bit of code: > > #include > > struct node > { > size_t nchildren; > /*@relnull@*/ struct node **children; > }; > > static /*@null@*/ struct node *alloc_node(unsigned int, size_t); > > struct node *alloc_node(size_t nchildren) > { > struct node *node; > size_t i; > > node = malloc(sizeof *node); > if (NULL == node) return NULL; > > node->nchildren = nchildren; > if (0 == nchildren) > { > node->children = NULL; > } > else > { > node->children = malloc(nchildren * sizeof *node->children); > if (NULL == node->children) > { > free(node); > return NULL; > } > for (i = 0; i < nchildren; ++i) > { > node->children[i] = NULL; > } > } > return node; > } > > The idea is to allocate storage for a single node of a tree with a > variable number of children per node. The function tries to allocate > storage for the struct itself, and returns NULL if it fails. It then > goes on allocating storage for the list of children with the following > rules: > - if the number of children passed to the function is zero, it is > indicated by setting the list to NULL > - else, storage is allocated for enough pointers to the children > (de-allocating node and returning NULL is case of malloc failure), and > all the children are initialized to NULL (I want them to be set later). > > Now my problem: Splint complains that when returning node, at the last > return, the field children is undefined. Here comes the full message: > > test.c(37,12): Returned storage *node contains 1 undefined field: > children > Storage derivable from a parameter, return value or global is not > defined. > Use /*@out@*/ to denote passed or returned storage which need not be > defined. > (Use -compdef to inhibit warning) > > It seems to me that node->children is fully defined, either as a NULL > pointer if nchildren==0, or as an array of NULL pointer in the opposite > case, except if the storage allocation failed, in which case, a NULL > pointer is returned. > > In other words, I do not understand how Splint is able to see the > children field as being undefined. > > Anyone willing to clarify things for me, please ? > > Bertrand > _______________________________________________ > splint-discuss mailing list > splint-discuss@cs.virginia.edu > http://www.splint.org/mailman/listinfo/splint-discuss > From drl7x at cs.virginia.edu Fri Dec 20 10:59:05 2002 From: drl7x at cs.virginia.edu (David Richard Larochelle) Date: Wed Mar 22 17:09:57 2006 Subject: [splint-discuss] cygwin version of splint In-Reply-To: Your message of "Fri, 20 Dec 2002 09:33:44 +0100." <200212200833.gBK8XiX25868@mailgate5.cinetic.de> Message-ID: <200212201559.KAA23946@ares.cs.Virginia.EDU> > Hello, > > I fail to compile the CVS version of splint for an actual version of cygwin with gcc 3.2. Don't know if this is a cygwin or a gcc issue. But before digging deeper I would like to ask if anyone has similiar problems compiling the CVS tree. > > The compilation fails compiling cscanner.c (after flex is running with no problems). It does'nt find defines like, CCONSTANT, CTOK_ELIPSIS and so on. > > Any hint? > For what its worth, gcc 3.2 on redhat 8.0 compiles the cvs version correctly. Perhaps this is a problem with flex generated code on cygwin -- David > Regards > Ralf > ______________________________________________________________________________ > Die SMS direkt auf's Handy. - Die Blitz-SMS bei WEB.DE FreeMail > http://freemail.web.de/features/?mc=021165 > > _______________________________________________ > splint-discuss mailing list > splint-discuss@cs.virginia.edu > http://www.splint.org/mailman/listinfo/splint-discuss > From rabe42 at web.de Mon Dec 23 05:17:08 2002 From: rabe42 at web.de (Ralf Berger) Date: Wed Mar 22 17:09:57 2006 Subject: [splint-discuss] splint on cygwin Message-ID: <200212231017.gBNAH8X32219@mailgate5.cinetic.de> Hi, here some informations about my experiences, compiling a recent CVS tree of splint on cygwin. 1. Running automake and autoconf on cygwin to create the right default directories. (Don't know if this is realy necessary) 2. There are two syntactical errors in cgrammar.y. a) line 220: double functionClause in this yacc type declaration b) line 847: missing semicolon in assignment $$ = sRefSet_undefined 3. One warning in Headers/osd.h, because MAXPATHLEN is defined in unistd.h. A simple #ifndef MAXPATHLENGTH resolve this problem. Hope this information is helpful to you. My splint version is now functionable, even if some regression tests fail. Maybe I go deeper into this issues later. Regards Ralf ______________________________________________________________________________ PREMIERE exklusiv bei WEB.DE: 3 Monate gratis + d-box-1 ab 1 Euro Online solange der Vorrat reicht! http://premiere.web.de/?mc=999937&lp=2 From cbfalconer at yahoo.com Mon Dec 23 10:14:32 2002 From: cbfalconer at yahoo.com (CBFalconer) Date: Wed Mar 22 17:09:57 2006 Subject: [splint-discuss] undefined field in my storage References: Message-ID: <3E072858.14800F8A@yahoo.com> David Evans wrote: > On Wed, 18 Dec 2002, Bertrand Mollinier Toublet wrote: > > > I am a new user of Splint, and of course already ran into my first > > puzzling issue. From a rapid browse of the list archive, it seems that > > it is ok to post such issue here. However, if it is *not* ok, please let > > me know. My issue is related to the following tiny bit of code: > > > > #include > > > > struct node > > { > > size_t nchildren; > > /*@relnull@*/ struct node **children; > > }; > > > > static /*@null@*/ struct node *alloc_node(unsigned int, size_t); > > > > struct node *alloc_node(size_t nchildren) > > { > > struct node *node; > > size_t i; > > > > node = malloc(sizeof *node); > > if (NULL == node) return NULL; > > > > node->nchildren = nchildren; > > if (0 == nchildren) > > { > > node->children = NULL; > > } > > else > > { > > node->children = malloc(nchildren * sizeof *node->children); > > if (NULL == node->children) > > { > > free(node); > > return NULL; > > } > > for (i = 0; i < nchildren; ++i) > > { > > node->children[i] = NULL; > > } > > } > > return node; > > } > > > > The idea is to allocate storage for a single node of a tree with a > > variable number of children per node. The function tries to allocate > > storage for the struct itself, and returns NULL if it fails. It then > > goes on allocating storage for the list of children with the following > > rules: > > - if the number of children passed to the function is zero, it is > > indicated by setting the list to NULL > > - else, storage is allocated for enough pointers to the children > > (de-allocating node and returning NULL is case of malloc failure), and > > all the children are initialized to NULL (I want them to be set later). > > > > Now my problem: Splint complains that when returning node, at the last > > return, the field children is undefined. Here comes the full message: > > > > test.c(37,12): Returned storage *node contains 1 undefined field: > > children > > Storage derivable from a parameter, return value or global is not > > defined. > > Use /*@out@*/ to denote passed or returned storage which need not be > > defined. > > (Use -compdef to inhibit warning) > > > > It seems to me that node->children is fully defined, either as a NULL > > pointer if nchildren==0, or as an array of NULL pointer in the opposite > > case, except if the storage allocation failed, in which case, a NULL > > pointer is returned. > > > > In other words, I do not understand how Splint is able to see the > > children field as being undefined. > > > > Anyone willing to clarify things for me, please ? > > The reason splint is reporting a warning about node perhaps not being > completely defined at line 37, is that it cannot determine that the > body of the loop which initializes it with node->children[i] = NULL > actually executes. (A deeper analysis would be able to determine this > because the else only executes when nchildren > 0, but splint's analyses > are not deep enough to determine that.) > > The way to elimintate the warning is to add a syntactic comment that > indicates that the loop body always executes: > > /*@+forloopexec@*/ > for (i = 0; i < nchildren; ++i) > { > node->children[i] = NULL; > } > /*@=forloopexec@*/ > > If you're less paranoid, you could just add +loopexec to the command line > which would make splint assume all loop bodies are executed. Let me suggest the following modification to your code, as being both clearer and possibly more understandable to splint: /* pasted as quote to avoid line breaks */ > #include > > struct node { > size_t nchildren; > struct node **children; > }; > > struct node *alloc_node(size_t nchildren) > { > struct node *node; > size_t i; > > if (NULL != (node = malloc(sizeof *node))) { > node->nchildren = nchildren; > if (0 == nchildren) node->children = NULL; > else { > node->children = malloc(nchildren * sizeof *node->children); > if (NULL != node->children) > for (i = 0; i < nchildren; ++i) node->children[i] = NULL; > else { > free(node); > node = NULL; > } > } > } > return node; > } at least IMNSHO :-) No 'peculiar' comments needed, single exit point, etc. Now I get: > [1] c:\c\junk>splint tsplint1.c > Splint 3.0.1.6 --- 11 Feb 2002 > > tsplint1.c: (in function alloc_node) > tsplint1.c(26,12): Possibly null storage node returned as non-null: node > Function returns a possibly null pointer, but is not declared using > /*@null@*/ annotation of result. If function may return NULL, add /*@null@*/ > annotation to the return value declaration. (Use -nullret to inhibit warning) > tsplint1.c(13,25): Storage node may become null > tsplint1.c(26,12): Returned storage *node contains 2 undefined fields: > nchildren, children > Storage derivable from a parameter, return value or global is not defined. > Use /*@out@*/ to denote passed or returned storage which need not be defined. > (Use -compdef to inhibit warning) > > Finished checking --- 2 code warnings PS: why doesn't the list include a reply-to field in the header? That would avoid many nuisance direct emails. -- Chuck F (cbfalconer@yahoo.com) (cbfalconer@worldnet.att.net) Available for consulting/temporary embedded and systems. USE worldnet address!