From Ralf.Wildenhues at gmx.de Fri Aug 1 03:01:53 2003 From: Ralf.Wildenhues at gmx.de (Ralf Wildenhues) Date: Wed Mar 22 17:10:12 2006 Subject: [subs] Re: [splint-discuss] Newbie question In-Reply-To: References: <20030731114912.GA10492@iam.uni-bonn.de> Message-ID: <20030801070153.GA15135@iam.uni-bonn.de> * Kenny Stuart wrote on Thu, Jul 31, 2003 at 09:36:29PM CEST: > > From: splint-discuss-admin@cs.virginia.edu *snip* Erm, if it's possible for you, please use some kind of indenting or other marking to show which text was quoted and which is yours. Thank you. > * Roland Illig wrote on Thu, Jul 31, 2003 at 01:05:43PM CEST: > > On Tue, Jul 29, 2003 at 12:16:52AM +0100, Kenny Stuart wrote: > > > > *big snip* > I'm not sure I would class conversion of an int to a pointer type as a bug > since it is described in the C99 standard as implementation defined, the way > I read it, although potentially non-portable, used properly it is likely to > yield the desired effect since the C99 standard (sorry, I've just purchased > the standard so I'm looking everything up, it'll wear off eventually ;) No, in the case mentioned (return value from malloc) relying on it /is/ a bug: an implementation with e.g. 4-byte int's and 8-byte 'void *' pointers will cause (at least!) conversion loss on the return value, and rightly so. The only thing that's guaranteed by the standard IIRC is that if you convert a pointer to some integer type large enough to hold it, and then back to a pointer, it will lead to the same pointer value. *looking it up* No, not even that. As you state: > further states that the mapping functions for converting a pointer to an > integer and vice versa are intended to be consistent with the addressing > structure of the execution environment, as my example code shows however, Now if the addressing structure of the execution environment is more involved (segments and so on), that might not even work correctly. Don't know of such an implementation, however, at least for pointers to objects (as opposed to pointers to functions). A given integer value (of any integer type), converted to a pointer, /may/ lead to a trap representation and subsequent undefined behaviour of the program. The expression (void *)0xdeadbeef is such an example, and thus not portable (in theory). > > > if( tomato != NULL ) { > > > tomato->a= tomato->b= tomato->c= 0; > > > } > > tomato->a = 0; > > tomato->b = 0; > > tomato->c = 0; *snip* > The original problem is kind of a limitation of splint[1], easily > circumvented by explicitly returning NULL in case the malloc failed. > > %% > That's a surprise since it explicitly requires multiple return statements, > which as best practice suggests, I avoid wherever possible, huh, I was > convinced I'd lost my mind and was doing something fundamentally wrong! I agree that the work-around for splint is sub-optimal. Regards, Ralf From robert.searle at tait.co.nz Mon Aug 4 22:13:35 2003 From: robert.searle at tait.co.nz (searler) Date: Wed Mar 22 17:10:12 2006 Subject: [splint-discuss] Handling parserrors with linux pthreads Message-ID: <3F2F12CF.6000708@tait.co.nz> I am compiling using gcc3.3 on Mandrake 9.1 and I have a file which includes pthread.h When I try to use splint I get the following parse error in one of the files that pthread.h includes : /usr/include/bits/sigthread.h:33:18: Parse Error: Inconsistent function parameter syntax: __sigset_t : . (For help on parse errors, see splint -help parseerrors.) The offending context from that file is: extern int pthread_sigmask (int __how, __const __sigset_t *__restrict __newmask, __sigset_t *__restrict __oldmask)__THROW; Error is -------^ here I read the -help parseerrors and I currently have the following in ~/.sprintrc : +gnuextensions -maintype -predboolint -ret-val-int +posixlib -booltype boolean -systemdirs /usr/include I have also added /*@+skipisoheaders@*/ and /*@-skipisoheaders@*/ around the inclusion of pthread.h. Is there anything else that I can try ? From riso at softstar.net.cn Wed Aug 6 04:09:08 2003 From: riso at softstar.net.cn (???) Date: Wed Mar 22 17:10:12 2006 Subject: [splint-discuss] Handling parserrors with linux pthreads Message-ID: try: +skip-sys-headers -----Original Message----- From: searler [mailto:robert.searle@tait.co.nz] Sent: Tuesday, August 05, 2003 10:14 AM To: splint-discuss@cs.virginia.edu Subject: [splint-discuss] Handling parserrors with linux pthreads I am compiling using gcc3.3 on Mandrake 9.1 and I have a file which includes pthread.h When I try to use splint I get the following parse error in one of the files that pthread.h includes : /usr/include/bits/sigthread.h:33:18: Parse Error: Inconsistent function parameter syntax: __sigset_t : . (For help on parse errors, see splint -help parseerrors.) The offending context from that file is: extern int pthread_sigmask (int __how, __const __sigset_t *__restrict __newmask, __sigset_t *__restrict __oldmask)__THROW; Error is -------^ here I read the -help parseerrors and I currently have the following in ~/.sprintrc : +gnuextensions -maintype -predboolint -ret-val-int +posixlib -booltype boolean -systemdirs /usr/include I have also added /*@+skipisoheaders@*/ and /*@-skipisoheaders@*/ around the inclusion of pthread.h. Is there anything else that I can try ? _______________________________________________ splint-discuss mailing list splint-discuss@cs.virginia.edu http://www.splint.org/mailman/listinfo/splint-discuss From enno.bartels at m.eads.net Thu Aug 21 09:02:02 2003 From: enno.bartels at m.eads.net (Enno Bartels) Date: Wed Mar 22 17:10:12 2006 Subject: [splint-discuss] Very strict cast checking Message-ID: <200308211502.02973.enno.bartels@m.eads.net> Hello Is this possible with splint: I would need a very strict cast checking. It should warn in this case: ---------------------------------- typedef int t_feet ; typedef int t_meter ; int main (int argc, char *argv []) { t_feet feet; t_meter meter; meter = 1; feet = meter * 0.3; printf ("feet %d\n", feet); printf ("meter %d\n", meter); return 1; } And It should not warn in this case: ------------------------------------- typedef int t_feet ; typedef int t_meter ; int main (int argc, char *argv []) { t_feet feet; t_meter meter; meter = 1; feet = (t_feet) meter * 0.3; printf ("feet %d\n", feet); printf ("meter %d\n", meter); return 1; } Thanks Enno From Erik.Cato at japro.se Thu Aug 21 09:53:24 2003 From: Erik.Cato at japro.se (Erik Cato) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] #defines with value... Message-ID: Hi all! Is it possible to define a constant define with splint. Would like to be able to something like this: -D__TID__ 0x5432 thee result should be same as #define __TID__ 0x5432 Is this possible? If not i have to give up splint! Regards Erik Cato From Erik.Cato at japro.se Thu Aug 21 09:49:26 2003 From: Erik.Cato at japro.se (Erik Cato) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] #defines with value Message-ID: From cbfalconer at yahoo.com Thu Aug 21 11:29:25 2003 From: cbfalconer at yahoo.com (CBFalconer) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] #defines with value... References: Message-ID: <3F44E555.24912A31@yahoo.com> Erik Cato wrote: > > Is it possible to define a constant define with splint. Would > like to be able to something like this: > > -D__TID__ 0x5432 > > thee result should be same as > #define __TID__ 0x5432 > > Is this possible? The #define is illegal. __TID__ is not an available identifier, it is reserved for the implementation. If you just want to know whether general defines can be supplied on the commandline, as with say gcc, I believe the answer is yes. The format should probably be: -Didentifier=value but this is just a guess. The help system and documentation does not cover this, or at least does not make the documentation easily findable. The system accepts such an input on the commandline, but whether it acts on it properly I cannot say. Experiment. BTW your lines are overly long. You should limit them to about 65 chars. -- Chuck F (cbfalconer@yahoo.com) (cbfalconer@worldnet.att.net) Available for consulting/temporary embedded and systems. USE worldnet address! From cbfalconer at yahoo.com Thu Aug 21 11:39:41 2003 From: cbfalconer at yahoo.com (CBFalconer) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] Very strict cast checking References: <200308211502.02973.enno.bartels@m.eads.net> Message-ID: <3F44E7BD.1ABA57C4@yahoo.com> Enno Bartels wrote: > > Is this possible with splint: > > I would need a very strict cast checking. > > It should warn in this case: > ---------------------------------- > typedef int t_feet ; > typedef int t_meter ; > > int > main (int argc, char *argv []) > { > t_feet feet; > t_meter meter; > > meter = 1; > feet = meter * 0.3; > > printf ("feet %d\n", feet); > printf ("meter %d\n", meter); > > return 1; > } > > And It should not warn in this case: > ------------------------------------- > typedef int t_feet ; > typedef int t_meter ; > > int > main (int argc, char *argv []) > { > t_feet feet; > t_meter meter; > > meter = 1; > feet = (t_feet) meter * 0.3; > > printf ("feet %d\n", feet); > printf ("meter %d\n", meter); > > return 1; > } Why don't you try it? I think you will find that the warn conditions specified occur, but not because of the "strict typing", but because of the poor coding. typedef DOES NOT create a type in C. Only struct and enum can do so. This is fundamental to using the language. For strict typing use Ada or ISO Pascal (not Borland). -- Chuck F (cbfalconer@yahoo.com) (cbfalconer@worldnet.att.net) Available for consulting/temporary embedded and systems. USE worldnet address! From evans at cs.virginia.edu Thu Aug 21 16:01:32 2003 From: evans at cs.virginia.edu (David Evans) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] Very strict cast checking In-Reply-To: <3F44E7BD.1ABA57C4@yahoo.com> References: <200308211502.02973.enno.bartels@m.eads.net> <3F44E7BD.1ABA57C4@yahoo.com> Message-ID: On Thu, 21 Aug 2003, CBFalconer wrote: > > Why don't you try it? I think you will find that the warn > conditions specified occur, but not because of the "strict > typing", but because of the poor coding. > > typedef DOES NOT create a type in C. Only struct and enum can do > so. This is fundamental to using the language. For strict typing > use Ada or ISO Pascal (not Borland). > With splint, you can get abstract types in C. See http://www.splint.org/manual/html/sec4.html#3 for details. For this example, you probably want to do, typedef /*@numabstract@*/ int t_feet ; typedef /*@numabstract@*/ int t_meter ; /*@noaccess t_feet@*/ /*@noaccess t_meter@*/ to make t_feet and t_meter numabstract types (they are checked by name, but C numeric operators are permitted on them). You need the noaccess comments also to deny access to the representation in the file in which the types are declared (which is permitted to access the type representation directly). --- Dave From sjl at zepler.org Thu Aug 21 17:21:31 2003 From: sjl at zepler.org (Simon Liddington) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] #defines with value... In-Reply-To: References: Message-ID: <200308220921.31784.sjl@zepler.org> -D works for me, not sure how I found out as there seems to be no mention in the manual, probably just tried it! On Fri, 22 Aug 2003 01:53, Erik Cato wrote: > Hi all! > > Is it possible to define a constant define with splint. Would like to be > able to something like this: > > -D__TID__ 0x5432 > > thee result should be same as > #define __TID__ 0x5432 > > Is this possible? > > If not i have to give up splint! > > Regards Erik Cato > > _______________________________________________ > splint-discuss mailing list > splint-discuss@cs.virginia.edu > http://www.splint.org/mailman/listinfo/splint-discuss From derek at knosof.co.uk Thu Aug 21 14:50:42 2003 From: derek at knosof.co.uk (Derek M Jones) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] Very strict cast checking In-Reply-To: <3F44E7BD.1ABA57C4@yahoo.com> References: <200308211502.02973.enno.bartels@m.eads.net> Message-ID: <4.3.2.7.2.20030821194402.00aeb7e0@pop3.demon.co.uk> Chuck, >> Is this possible with splint: I wish it were. >typedef DOES NOT create a type in C. True. But having an option to make it create a distinct type would be very useful. > Only struct and enum can do >so. Actually enum does not create a new type. An enum type is compatible with some integer type. > This is fundamental to using the language. For strict typing >use Ada or ISO Pascal (not Borland). Why can't I have strict typing in C? As somebody who has learned the benefits of stricter-than-C typing in Pascal, I think I would find it useful to have a tool that enabled me to have it in C. However, simply treating typedef names as distinct types is too simplistic. Some sort of compatibility rules have to be worked out for integer constants. For instance, in: typedef int MY_INT; int x; MY_INT y; x+y; /* flag this */ x+1; /* don't flag this */ y+1; /* don't flag this */ derek -- Derek M Jones tel: +44 (0) 1252 520 667 Knowledge Software Ltd mailto:derek@knosof.co.uk Applications Standards Conformance Testing http://www.knosof.co.uk From evans at cs.virginia.edu Fri Aug 22 00:15:04 2003 From: evans at cs.virginia.edu (David Evans) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] Very strict cast checking In-Reply-To: <4.3.2.7.2.20030821194402.00aeb7e0@pop3.demon.co.uk> References: <200308211502.02973.enno.bartels@m.eads.net> <4.3.2.7.2.20030821194402.00aeb7e0@pop3.demon.co.uk> Message-ID: On Thu, 21 Aug 2003, Derek M Jones wrote: > >> Is this possible with splint: > > I wish it were. > > >typedef DOES NOT create a type in C. > > True. But having an option to make it create a distinct type > would be very useful. > Splint does support this. In fact, it providing support for abstract types was among the primary reasons splint (LCLint) was created. Of all the checking splint does, I find abstract type checking to be by far the biggest payoff for the least amount of work, both in finding bugs and producing more maintainable and understandable software. I enoucourage you to look at the Splint manual section on abstract types (http://www.splint.org/manual/html/sec4.html#3). There is also a paper that describes making types abstract (http://www.cs.virginia.edu/~evans/sigsoft94.html). Best, --- Dave From mne at mosaic-ag.com Fri Aug 22 01:55:31 2003 From: mne at mosaic-ag.com (Miroslaw Dobrzanski-Neumann) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] #defines with value... In-Reply-To: <3F44E555.24912A31@yahoo.com> References: <3F44E555.24912A31@yahoo.com> Message-ID: <20030822055531.GA7775@mailsrv.mosaic-ag.com> On Thu, Aug 21, 2003 at 11:29:25AM -0400, CBFalconer wrote: > Erik Cato wrote: > > > > Is it possible to define a constant define with splint. Would > > like to be able to something like this: > > > > -D__TID__ 0x5432 > > > > thee result should be same as > > #define __TID__ 0x5432 > > > > Is this possible? > > The #define is illegal. __TID__ is not an available identifier, > it is reserved for the implementation. > > If you just want to know whether general defines can be supplied > on the commandline, as with say gcc, I believe the answer is yes. > The format should probably be: > > -Didentifier=value Try the following #ifdef __LCLINT__ extern int const __TID__; #else #define __TID__ 0x5432 #endif Regards, -- Miros?aw Dobrza?ski-Neumann E-mail: mne@mosaic-ag.com This message is utf-8 encoded From Erik.Cato at japro.se Fri Aug 22 02:23:35 2003 From: Erik.Cato at japro.se (Erik Cato) Date: Wed Mar 22 17:10:13 2006 Subject: Ang: Re: [splint-discuss] #defines with value... Message-ID: Hi! I run splint under windows 2000 and it seems that it is not possible to have spaces between --D__TID__ and 0x5432 The problem is that the __TID__ identifier is definede by the compiler and its needed in a lot of source-files so defining it with preprocessor defines in the source files is not an option. Regards Erik Cato <<< sjl@zepler.org 21/8 23:26 >>> -D works for me, not sure how I found out as there seems to be no mention in the manual, probably just tried it! On Fri, 22 Aug 2003 01:53, Erik Cato wrote: > Hi all! > > Is it possible to define a constant define with splint. Would like to be > able to something like this: > > -D__TID__ 0x5432 > > thee result should be same as > #define __TID__ 0x5432 > > Is this possible? > > If not i have to give up splint! > > Regards Erik Cato > > _______________________________________________ > splint-discuss mailing list > splint-discuss@cs.virginia.edu > http://www.splint.org/mailman/listinfo/splint-discuss _______________________________________________ splint-discuss mailing list splint-discuss@cs.virginia.edu http://www.splint.org/mailman/listinfo/splint-discuss From cbfalconer at yahoo.com Fri Aug 22 02:25:44 2003 From: cbfalconer at yahoo.com (CBFalconer) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] #defines with value... References: <3F44E555.24912A31@yahoo.com> <20030822055531.GA7775@mailsrv.mosaic-ag.com> Message-ID: <3F45B768.A1A9DC4@yahoo.com> Miroslaw Dobrzanski-Neumann wrote: > On Thu, Aug 21, 2003 at 11:29:25AM -0400, CBFalconer wrote: > > Erik Cato wrote: > > > > > > Is it possible to define a constant define with splint. Would > > > like to be able to something like this: > > > > > > -D__TID__ 0x5432 > > > > > > thee result should be same as > > > #define __TID__ 0x5432 > > > > > > Is this possible? > > > > The #define is illegal. __TID__ is not an available identifier, > > it is reserved for the implementation. > > > > If you just want to know whether general defines can be supplied > > on the commandline, as with say gcc, I believe the answer is yes. > > The format should probably be: > > > > -Didentifier=value > > Try the following > > #ifdef __LCLINT__ > extern int const __TID__; > #else > #define __TID__ 0x5432 > #endif You weren't listening. Any identifier starting with two underscores is reserved for the implementation. You are not allowed to use it. This is in the C standard. So please do not give misinformation. -- Chuck F (cbfalconer@yahoo.com) (cbfalconer@worldnet.att.net) Available for consulting/temporary embedded and systems. USE worldnet address! From austin_hastings at yahoo.com Fri Aug 22 11:10:04 2003 From: austin_hastings at yahoo.com (Austin Hastings) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] #defines with value... In-Reply-To: <3F45B768.A1A9DC4@yahoo.com> Message-ID: <20030822151004.55881.qmail@web12302.mail.yahoo.com> --- CBFalconer wrote: > Miroslaw Dobrzanski-Neumann wrote: > > On Thu, Aug 21, 2003 at 11:29:25AM -0400, CBFalconer wrote: > > > Erik Cato wrote: > > > > > > > > Is it possible to define a constant define with splint. Would > > > > like to be able to something like this: > > > > > > > > -D__TID__ 0x5432 > > > > > > > > thee result should be same as > > > > #define __TID__ 0x5432 > > > > > > > > Is this possible? > > > > > > The #define is illegal. __TID__ is not an available identifier, > > > it is reserved for the implementation. > > > > > > If you just want to know whether general defines can be supplied > > > on the commandline, as with say gcc, I believe the answer is yes. > > > The format should probably be: > > > > > > -Didentifier=value > > > > Try the following > > > > #ifdef __LCLINT__ > > extern int const __TID__; > > #else > > #define __TID__ 0x5432 > > #endif > > You weren't listening. Any identifier starting with two > underscores is reserved for the implementation. You are not > allowed to use it. This is in the C standard. > > So please do not give misinformation. If the implementation uses it, he is allowed to use the standard mechanics to provide values for the implementation. This is not misinformation. If you know of some restriction imposed by splint, let us know by all means. =Austin From derek at knosof.co.uk Fri Aug 22 12:27:14 2003 From: derek at knosof.co.uk (Derek M Jones) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] Very strict cast checking In-Reply-To: References: <4.3.2.7.2.20030821194402.00aeb7e0@pop3.demon.co.uk> <200308211502.02973.enno.bartels@m.eads.net> <4.3.2.7.2.20030821194402.00aeb7e0@pop3.demon.co.uk> Message-ID: <4.3.2.7.2.20030822172405.00ae5b10@pop3.demon.co.uk> Dave, >> >typedef DOES NOT create a type in C. >> >> True. But having an option to make it create a distinct type >> would be very useful. >> > >Splint does support this. In fact, it providing support for abstract If comments are used, yes. I was after an option to unconditionally make typedefs non-synonyms. I know this runs counter to the splint way-of-doing-things, but there is no harm in asking. Splint have some competition, of sorts, from TenDRA http://www.tendra.org/ who are moving back to their source checking roots. derek -- Derek M Jones tel: +44 (0) 1252 520 667 Knowledge Software Ltd mailto:derek@knosof.co.uk Applications Standards Conformance Testing http://www.knosof.co.uk From evans at cs.virginia.edu Fri Aug 22 17:09:25 2003 From: evans at cs.virginia.edu (David Evans) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] Very strict cast checking In-Reply-To: <4.3.2.7.2.20030822172405.00ae5b10@pop3.demon.co.uk> References: <4.3.2.7.2.20030821194402.00aeb7e0@pop3.demon.co.uk> <200308211502.02973.enno.bartels@m.eads.net> <4.3.2.7.2.20030821194402.00aeb7e0@pop3.demon.co.uk> <4.3.2.7.2.20030822172405.00ae5b10@pop3.demon.co.uk> Message-ID: On Fri, 22 Aug 2003, Derek M Jones wrote: > Dave, > > >> >typedef DOES NOT create a type in C. > >> > >> True. But having an option to make it create a distinct type > >> would be very useful. > >> > > > >Splint does support this. In fact, it providing support for abstract > > If comments are used, yes. I was after an option to unconditionally > make typedefs non-synonyms. I know this runs counter to the > splint way-of-doing-things, but there is no harm in asking. > Use the +impabstract flag. That makes all user type definitions abstract types. --- Dave From ok at cs.otago.ac.nz Sun Aug 24 19:53:11 2003 From: ok at cs.otago.ac.nz (Richard A. O'Keefe) Date: Wed Mar 22 17:10:13 2006 Subject: Ang: Re: [splint-discuss] #defines with value... Message-ID: <200308242353.h7ONrBug178179@atlas.otago.ac.nz> "Erik Cato" wrote: I run splint under windows 2000 and it seems that it is not possible to have spaces between --D__TID__ and 0x5432 Of course not! The command line syntax is -D__TID__=0x5432 Don't forget the equals sign. When I ask splint for help, % splint -help flags all two of the answer lines are D --- passed to pre-processor U --- passed to pre-processor This is telling you that -D and -U are passed to the preprocessor. You read the C compiler or preprocessor documentation to find out exactly what operands -D (x=y) and -U (x) accept. If you ask for even more help, % splint -help flags full the options -D, -I, -S, and -U are the first four options to be listed; the one you need is the very first of all. Now, you don't need to know about -help flags all and -help flags full; all you need to know about is "splint -help", which _tells_ you about -help flags, and surely everyone reading this mailing list DOES know about "splint -help", no? From ok at cs.otago.ac.nz Sun Aug 24 19:58:10 2003 From: ok at cs.otago.ac.nz (Richard A. O'Keefe) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] #defines with value... Message-ID: <200308242358.h7ONwACb188608@atlas.otago.ac.nz> CBFalconer wrote: You weren't listening. Any identifier starting with two underscores is reserved for the implementation. You are not allowed to use it. This is in the C standard. It's worth pointing out that Erik Cato seems to know this. He wants to define __TID__ precisely because it *is* used in his implementation. However, the C standard does not (and could not) say that you CANNOT use __TID__, only that it is reserved to the implementation, so that strange things may happen if you try. In this case, the identifier is called __TID__ *because* it is being used by the implementation, and Erik Cato needs to change the definition. I have forgotten why; perhaps it is so that he can do his checking on another platform or something. Here is an actual transcript: f% cat foo.c #include int main(void) { printf("%x\n", __TID__); return 0; } f% splint -D__TID__=0x5432 foo.c Splint 3.0.1.6 --- 11 Feb 2002 Finished checking --- no warnings So you *can* use -D__TID__= on the command line; while splint *could* forbid this, it *doesn't*. Perhaps it would be a good idea if splint did warn about "_" identifiers -Defined on the command line, but then went ahead and did the right thing anyway. From DENNIS.J.LINSE at saic.com Sun Aug 24 22:56:13 2003 From: DENNIS.J.LINSE at saic.com (Dennis J. Linse) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] My favorite "missing" lint feature Message-ID: <5.2.1.1.2.20030824222945.00b1faa0@pax-atsg-exs02.mail.saic.com> [Briefly: New to this discussion list. Used lclint/splint for 3+ years. Love it.] We've just moved to a Mac OS X platform from an SGI where we used lint and splint both to "diagnose" our code because there was one feature that lint had that splint doesn't: Variable i set but not used. Mac OS X doesn't include lint, and I've not been able to convince gcc to show me this as a warning/error with any argument (as a pseudo-lint). Is the equivalent somewhere in splint that I've missed? It is extremely useful as it is often an indication of incorrect code nearby: the variable was set, but not used in a following equation or function. Thanks for any hints. Dennis Dennis J. Linse, Aerospace Engineer Science Applications International Corporation +1-301-866-6706, +1-301-863-0299 (fax) From sjl at zepler.org Wed Aug 27 00:20:53 2003 From: sjl at zepler.org (Simon Liddington) Date: Wed Mar 22 17:10:13 2006 Subject: [splint-discuss] releases annotation appears to remove only annotation Message-ID: <200308271620.53261.sjl@zepler.org> the code below should give an error that release() is being called on an only parameter but it doesn't: %splint -checks -declundef -exportheader test-splintonly.c Splint 3.1.1 --- 07 Jul 2003 Finished checking --- no warnings If you take the special/releases annotation off then you get the desired error: % splint -checks -declundef -exportheader test-splintonly.c Splint 3.1.1 --- 07 Jul 2003 /home/liddins/temp/test-splintonly.c: (in function fn) /home/liddins/temp/test-splintonly.c:16:12: Kept storage int_ptr passed as only param: release (int_ptr) storage is transferred to a non-temporary reference after being passed as keep parameter. The storage may be released or new aliases created. (Use -kepttrans to inhibit warning) /home/liddins/temp/test-splintonly.c:15:4: Storage int_ptr becomes kept Finished checking --- 1 code warning /*@special@*/ /*@only@*/ void *allocate(void) /*@allocates result@*/; void release(/*@special@*/ /*@only@*/ /*@null@*/ void *mem) /*@releases mem@*/; void fn(void) { /*@only@*/ /*@null@*/ static int *int_store = NULL; /*@only@*/ int *int_ptr = allocate(); *int_ptr = 0; release(int_store); int_store = int_ptr; release(int_ptr); }