From F.Giavarini at cobra.it Sat May 24 09:34:01 2003 From: F.Giavarini at cobra.it (F.Giavarini@cobra.it) Date: Wed Mar 22 17:10:06 2006 Subject: Rif: Re: [splint-discuss] Code for embedded processor Message-ID: Thanks for Your suggestions, I hoped in one more general solution because for every register of micro-processor I have one structure like that; and in total they are hundred. I would have preferred to avoid source modifications. In any case I have now rearranged the code with some compiler switch and all @"modifier" are removed; unfortunately I have new problems with the use of bool and bit field. I think that it's a long way.... Best Regards Flavio Giavarini -------------------------------------------------------------- Flavio Giavarini Software Designer - Development Department Delta Elettronica S.p.a. Via Astico, 41 21100 Varese Italy Tel +39 0332 82.51.11 Fax +39 0332 22.20.05 F.Giavarini@cobra.it wrote: > typedef union > { > unsigned char BYTE; > struct > { > unsigned char PA0:1; [...] AFAIK, char is not allowed in bitfields (another "embedded" peculiarity). > @tiny volatile PADR_H _PADR @0x00; /* Port A Data Register */ [...] > The compiler that I'm using recognize the modifier @tiny and @0x00 in order > to assign one specific memory location. > I don't know how to tell Splint to ignore this kind of indications. BTW: You might have a look at the archives of this list. Four weeks ago there was the last thread about this topic, and there were many other threads. You have to hide both from Splint. Roland showed how to do it for @tiny. For the second, use something like #define PORT(x) @(x). You might encounter problems also for constant assignments to char variables, e.g. unsigned char foo; foo = 1; results in "Assignment of int to unsigned char". No satisfactory solution available for this. Harder to hide are assembler blocks (#pragma asm/#pragma endasm), the Splint parser can't handle it. Maybe you look at PC-Lint, commercial (220EUR) capable of handling non-ANSI-stuff of nearly all compilers, and also checking for MISRA rules, indentation and much more... I finally bought it for my commercial work but still had no time to make extensive tests. Oliver -- Oliver Betz DUOmetric GmbH Buero Muenchen Stockdorfer Str. 54 D-81475 Muenchen Tel ++49-89-75967390 Fax ++49-89-75967391 From hirose.tatsuo at jp.panasonic.com Thu May 1 06:11:09 2003 From: hirose.tatsuo at jp.panasonic.com (=?ISO-2022-JP?B?GyRCVyJAJU41Q0sbKEI=?=) Date: Wed Mar 22 17:10:07 2006 Subject: [splint-discuss] splintrc messages Message-ID: <200305011013.TAA02480@tve.tvrl.mei.co.jp> Hello, I do not want to display the following messages . Splint 3.1.1 --- 28 Apr 2003 /home/.splintrc:102:19: Setting -redundantconstraints redundant with current value /home/.splintrc:102:19: Setting +gnuextensions redundant with current value /home/.splintrc:102:19: Setting +lintcomments redundant with current value /home/.splintrc:102:19: Setting -warnlintcomments redundant with current value /home.splintrc:102:19: Setting -exportlocal redundant with current value . ???????? . . Please tell me What is necessary is just to do how. From roland.illig at gmx.de Thu May 1 07:09:13 2003 From: roland.illig at gmx.de (roland.illig@gmx.de) Date: Wed Mar 22 17:10:08 2006 Subject: [splint-discuss] joining splint-bugs Message-ID: <20030501110912.GA19063@burse.uni-hamburg.de> Hi, how can I join the splint-bugs mailing list? I want to discuss (possible?) bugs or feature enhancements directly instead of feeling like submitting my bug reports to /dev/null. Roland From roland.illig at gmx.de Sat May 17 14:44:24 2003 From: roland.illig at gmx.de (Roland Illig) Date: Wed Mar 22 17:10:08 2006 Subject: [splint-discuss] [BUG] too relaxed header control Message-ID: <20030517184424.GB24521@burse.uni-hamburg.de> $ cat >bug-header-inclusion.c /** * This program SHOULD NOT be allowed to pass splint without * warnings, because the identifiers `exit' and `EXIT_SUCCESS' * are not guaranteed to be declared. */ extern int main(void) { exit(EXIT_SUCCESS); /*@notreached@*/ } $ splint +strict +quiet bug-header-inclusion.c $ gcc -W -Wall -Werror bug-header-inclusion.c cc1: warnings being treated as errors bug-header-inclusion.c: In function `main': bug-header-inclusion.c:9: warning: implicit declaration of function `exit' bug-header-inclusion.c:9: `EXIT_SUCCESS' undeclared (first use in this function) bug-header-inclusion.c:9: (Each undeclared identifier is reported only once bug-header-inclusion.c:9: for each function it appears in.) As a solution I suggest to forget the .lcd libraries and create a new directory $(datadir)/include, where the usual files time.h, stdio.h, ... are placed. The preprocessor would then search for files in this directory first. Roland From roland.illig at gmx.de Sat May 17 14:51:31 2003 From: roland.illig at gmx.de (Roland Illig) Date: Wed Mar 22 17:10:08 2006 Subject: [splint-discuss] [BUG] splint source code file structure Message-ID: <20030517185131.GA24650@burse.uni-hamburg.de> the file ./LICENSE is missing. possibly unused header files: $ for i in $(cd src/Headers/; ls -1 -- *.h); do \ grep -qr -- include.'*'$i . || echo $i; \ done aliasStack.h boolStack.h constraintList2.h ctokens.h handle.h intTable.h limwr.h mtgrammar.tab.h refTable-branch.h sHerald.h sRefSetStack.h tmpname.h valueMatrix.h # grep -qr means "grep --quiet --recurse" (I used GNU grep here) Roland From iwm at doc.ic.ac.uk Sat May 17 16:10:14 2003 From: iwm at doc.ic.ac.uk (Ian Moor) Date: Wed Mar 22 17:10:08 2006 Subject: [splint-discuss] [BUG] too relaxed header control In-Reply-To: <20030517184424.GB24521@burse.uni-hamburg.de> Message-ID: <10833202.1053202214599.JavaMail.ICEMail@stavka.doc.ic.ac.uk> >$ cat >bug-header-inclusion.c >/** > * This program SHOULD NOT be allowed to pass splint without > * warnings, because the identifiers `exit' and `EXIT_SUCCESS' > * are not guaranteed to be declared. > */ > >extern int main(void) >{ > exit(EXIT_SUCCESS); > /*@notreached@*/ >} > >$ splint +strict +quiet bug-header-inclusion.c >$ gcc -W -Wall -Werror bug-header-inclusion.c >cc1: warnings being treated as errors >bug-header-inclusion.c: In function `main': >bug-header-inclusion.c:9: warning: implicit declaration of function `exit' >bug-header-inclusion.c:9: `EXIT_SUCCESS' undeclared (first use in this function) >bug-header-inclusion.c:9: (Each undeclared identifier is reported only once >bug-header-inclusion.c:9: for each function it appears in.) > Surely splint should be used after the compiler has processed the program and not reported any warnings or errors. Ian W Moor Department of Computing, iwm@doc.ic.ac.uk Imperial College. 180 Queensgate London SW7 2AZ UK. From roland.illig at gmx.de Mon May 19 06:45:08 2003 From: roland.illig at gmx.de (Roland Illig) Date: Wed Mar 22 17:10:08 2006 Subject: [splint-discuss] [BUG] too relaxed header control In-Reply-To: <10833202.1053202214599.JavaMail.ICEMail@stavka.doc.ic.ac.uk> References: <20030517184424.GB24521@burse.uni-hamburg.de> <10833202.1053202214599.JavaMail.ICEMail@stavka.doc.ic.ac.uk> Message-ID: <20030519104507.GB8911@burse.uni-hamburg.de> On Sat, May 17, 2003 at 09:10:14PM +0100, Ian Moor wrote: > Surely splint should be used after the compiler has processed the program > and not reported any warnings or errors. Well, there's another use of splint. You might want to check how portable a program is. Because the header files on different operating systems may provide some constants/functions, and some may not, it would be nice if splint would know which function comes from which header to allow even stricter checking. Roland From mhjohnson at mac.com Tue May 20 22:09:00 2003 From: mhjohnson at mac.com (Mark Johnson) Date: Wed Mar 22 17:10:08 2006 Subject: [splint-discuss] Feedback, building 3.1.1 on OSX Message-ID: <2FF9D2B8-8B31-11D7-B52F-0030653F09E8@mac.com> Something I noticed when building Splint 3.1.1 on Mac OSX. I had been running Splint 3.0.1.6 as provided by Fink (http://fink.sourceforge.net). During the build, the test suite was automatically run and used the "obsolete format" files that were already installed in /sw/share/splint. Needless to say - just about every test had problems. A few suggestions: - remove the automatic test from the build OR - run the test using the newly built files (override the default location) either would solve this particular problem. I can see the value of doing the test prior to "make install", so I'd prefer the latter but can understand the former. A note in the source install guide would be helpful whenever the format of data files change would be helpful as well. Do you want this as a "bug" or "enhancement request" in SourceForge? --Mark From mhjohnson at mac.com Tue May 20 22:58:10 2003 From: mhjohnson at mac.com (Mark Johnson) Date: Wed Mar 22 17:10:08 2006 Subject: [splint-discuss] Questions / comments / bugs w/ 3.1.1 Message-ID: <0E12B126-8B38-11D7-B52F-0030653F09E8@mac.com> I have noticed a few odd items in 3.1.1 and was looking for an explanation before submitting as bugs. These are all noted with +unixlib -checks [1] I have the following code static struct timeval no_wait = {0, 0}; which complains that an initializer block is used for no_wait where struct timeval is expected. OK - I can revise it to read static struct timeval no_wait = (struct timeval){0, 0}; which gets rid of the warning. What is the value of such a warning? [2] I have a similar issue passing numbers like 1 as an unsigned int to a function. I'm sorry, 1 is a valid unsigned int, why is the type cast necessary? [3] I have a call to forkpty, declared in . It is declared as pid_t forkpty __P((int *, char *, struct termios *, struct winsize *)); The first two pointers are modified, the file descriptor of the master pty and the name of the slave tty. Needless to say, all subsequent references give me variable used before definition warnings. How should I handle this (and similar functions)? [4] I still do not understand the way to annotate a static pointer that may be NULL after calling a function. For example, fopen can return NULL. According 2.1.3 of the manual, I should be able to annotate /*@relnull@*/ to relax null checking. However, code like... /*@relnull@*/static FILE *fecho; ... (within a function) fecho = fopen("logfile", "w") (return) I get a warning that Function returns with non-null global fecho referencing null storage ... Storage fecho may become null. Is this a bug or is there some other way to annotate this situation? Thanks. --Mark From evans at cs.virginia.edu Wed May 21 12:27:47 2003 From: evans at cs.virginia.edu (David Evans) Date: Wed Mar 22 17:10:08 2006 Subject: [splint-discuss] Feedback, building 3.1.1 on OSX In-Reply-To: <2FF9D2B8-8B31-11D7-B52F-0030653F09E8@mac.com> References: <2FF9D2B8-8B31-11D7-B52F-0030653F09E8@mac.com> Message-ID: Hi Mark, Part of the point of the installation tests is to check that environment variables are set correctly to find the right files. So, I don't think it would make sent to override the default locations in the test suite (and then find that things don't work correctly when you try them on your own programs). --- Dave On Tue, 20 May 2003, Mark Johnson wrote: > Something I noticed when building Splint 3.1.1 on Mac OSX. I had been > running Splint 3.0.1.6 as provided by Fink > (http://fink.sourceforge.net). During the build, the test suite was > automatically run and used the "obsolete format" files that were > already installed in /sw/share/splint. Needless to say - just about > every test had problems. > > A few suggestions: > - remove the automatic test from the build OR > - run the test using the newly built files (override the default > location) > either would solve this particular problem. I can see the value of > doing the test prior to "make install", so I'd prefer the latter but > can understand the former. A note in the source install guide would be > helpful whenever the format of data files change would be helpful as > well. > > Do you want this as a "bug" or "enhancement request" in SourceForge? > --Mark > > _______________________________________________ > splint-discuss mailing list > splint-discuss@cs.virginia.edu > http://www.splint.org/mailman/listinfo/splint-discuss > From evans at cs.virginia.edu Wed May 21 12:39:10 2003 From: evans at cs.virginia.edu (David Evans) Date: Wed Mar 22 17:10:08 2006 Subject: [splint-discuss] Questions / comments / bugs w/ 3.1.1 In-Reply-To: <0E12B126-8B38-11D7-B52F-0030653F09E8@mac.com> References: <0E12B126-8B38-11D7-B52F-0030653F09E8@mac.com> Message-ID: On Tue, 20 May 2003, Mark Johnson wrote: > I have noticed a few odd items in 3.1.1 and was looking for an > explanation before submitting as bugs. These are all noted with > +unixlib -checks > > [1] I have the following code > static struct timeval no_wait = {0, 0}; > which complains that an initializer block is used for no_wait where > struct timeval is expected. OK - I can revise it to read > static struct timeval no_wait = (struct timeval){0, 0}; > which gets rid of the warning. What is the value of such a warning? > Did you get the warning with +unixlib on for this one? I get the warning without +unixlib, but not with it. Without unixlib, there is no known type for struct timeval, so it is reasonable to report a warning for the initializer block. > [2] I have a similar issue passing numbers like 1 as an unsigned int to > a function. I'm sorry, 1 is a valid unsigned int, why is the type cast > necessary? > Just stricter checking when +checks is on. If you set +numliteral, it will allow 1 to match unsigned int okay. Without it, you need 1U to explicitly denote and unsigned constant. > [3] I have a call to forkpty, declared in . It is declared as > pid_t forkpty __P((int *, char *, struct termios *, struct winsize > *)); > The first two pointers are modified, the file descriptor of the master > pty and the name of the slave tty. Needless to say, all subsequent > references give me variable used before definition warnings. How should > I handle this (and similar functions)? > I think what you want is to denote the parameters that are defined by the call using the /*@out@*/ annotation. See http://www.splint.org/manual/html/sec3.html for details. > [4] I still do not understand the way to annotate a static pointer that > may be NULL after calling a function. For example, fopen can return > NULL. According 2.1.3 of the manual, I should be able to annotate > /*@relnull@*/ to relax null checking. However, code like... > /*@relnull@*/static FILE *fecho; > ... > (within a function) > fecho = fopen("logfile", "w") > (return) > I get a warning that Function returns with non-null global fecho > referencing null storage ... Storage fecho may become null. Is this a > bug or is there some other way to annotate this situation? > If you use /*@null@*/ static FILE *fecho; it means fecho may be either null or pointer to a valid FILE. There's a bug in how /*@relnull@*/ is interepreted for static/global variables --- it shouldn't produce a warning either. With the null annotation, you won't get a warning when the function returns, but everywhere fecho is used (in a way that must be non-null) you will get a warning unless there is a test in the code to make sure it is not null. --- Dave > Thanks. > --Mark > > _______________________________________________ > splint-discuss mailing list > splint-discuss@cs.virginia.edu > http://www.splint.org/mailman/listinfo/splint-discuss > From mhjohnson at mac.com Wed May 21 21:32:43 2003 From: mhjohnson at mac.com (Mark Johnson) Date: Wed Mar 22 17:10:08 2006 Subject: [splint-discuss] Questions / comments / bugs w/ 3.1.1 In-Reply-To: Message-ID: <48F78374-8BF5-11D7-9612-0030653F09E8@mac.com> On Wednesday, May 21, 2003, at 11:39 US/Central, David Evans wrote: > > On Tue, 20 May 2003, Mark Johnson wrote: >> [2] I have a similar issue passing numbers like 1 as an unsigned int >> to >> a function. I'm sorry, 1 is a valid unsigned int, why is the type cast >> necessary? >> > > Just stricter checking when +checks is on. If you set +numliteral, it > will allow 1 to match unsigned int okay. Without it, you need 1U to > explicitly denote and unsigned constant. > Hmm. I forgot about that method of defining values. In a similar manner, if the value is long, should the same apply (e.g., 1L)? There is no similar way to annotate a short (or char), what about those? >> [3] I have a call to forkpty, declared in . It is declared as >> pid_t forkpty __P((int *, char *, struct termios *, struct >> winsize >> *)); >> The first two pointers are modified, the file descriptor of the master >> pty and the name of the slave tty. Needless to say, all subsequent >> references give me variable used before definition warnings. How >> should >> I handle this (and similar functions)? >> > > I think what you want is to denote the parameters that are defined by > the > call using the /*@out@*/ annotation. See > http://www.splint.org/manual/html/sec3.html for details. > The function is defined in a system supplied header file. I was asking more on the style to address functions that are not in +unixlib. For example, I could hide the splint declarations in a header file "util.h" and use the preprocessor to select the local one vs. the system one. Is that a good way to do so or not? >> [4] I still do not understand the way to annotate a static pointer >> that >> may be NULL after calling a function. For example, fopen can return >> NULL. According 2.1.3 of the manual, I should be able to annotate >> /*@relnull@*/ to relax null checking. However, code like... >> /*@relnull@*/static FILE *fecho; >> ... >> (within a function) >> fecho = fopen("logfile", "w") >> (return) >> I get a warning that Function returns with non-null global fecho >> referencing null storage ... Storage fecho may become null. Is this a >> bug or is there some other way to annotate this situation? >> > If you use /*@null@*/ static FILE *fecho; it means fecho may be either > null or pointer to a valid FILE. > I saw that and that may be "good enough". Click - click - click.... It generated more warnings than with relnull, but was straight forward to fix. I guess I'll do this until relnull is fixed. -- -- Mark Johnson -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 2670 bytes Desc: not available Url : http://www.cs.Virginia.EDU/pipermail/splint-discuss/attachments/20030521/bbb89a81/attachment.bin From toddr at rpi.edu Wed May 28 17:06:35 2003 From: toddr at rpi.edu (R. Lindsay Todd) Date: Wed Mar 22 17:10:08 2006 Subject: [splint-discuss] adding printflike format codes? Message-ID: <3ED524DB.5050300@rpi.edu> Is there a way to train splint to recognize additional printflike or scanflike format codes and the associated parameter types? We need to extend a printflike logging function to be able to log additional non-primitive datatypes. It would be most useful if splint could somehow check parameters to the format string. -- R. Lindsay Todd email: toddr@rpi.edu Senior Systems Programmer phone: 518-276-2605 Rensselaer Polytechnic Institute fax: 518-276-2809 Troy, NY 12180-3590 WWW: http://www.rpi.edu/~toddr From tom at dbservice.com Thu May 29 17:10:44 2003 From: tom at dbservice.com (wereHamster) Date: Wed Mar 22 17:10:08 2006 Subject: [splint-discuss] initialize a structure Message-ID: <3ED67754.4090400@dbservice.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 i have the following code: struct foo { ~ /*@ only @*/ struct some_other_struct *pointer; }; ... foo *instance = malloc(sizeof (foo)); if (foo != NULL) { ~ foo->pointer = a_function_argument; <-- here i get an error } splint says that i've forgotten to free() foo->pointer before assign a new value to it, but thats not necessary. how can i solve this problem? thanks tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+1ndUjArE9VLwPWIRAu/OAKC/7Q5imeDsYLgKqUOAVetmUUNcWQCfYqnK XTEoTwIvkynuoDdt/oArhoA= =Ypgw -----END PGP SIGNATURE----- From cbfalconer at yahoo.com Thu May 29 18:47:19 2003 From: cbfalconer at yahoo.com (CBFalconer) Date: Wed Mar 22 17:10:08 2006 Subject: [splint-discuss] initialize a structure References: <3ED67754.4090400@dbservice.com> Message-ID: <3ED68DF7.95FE9D80@yahoo.com> wereHamster wrote: > > i have the following code: > > struct foo > { > ~ /*@ only @*/ struct some_other_struct *pointer; > }; > > ... > > foo *instance = malloc(sizeof (foo)); > if (foo != NULL) > { > ~ foo->pointer = a_function_argument; <-- here i get an error > } > > splint says that i've forgotten to free() foo->pointer before > assign a new value to it, but thats not necessary. how can i > solve this problem? By writing correct code: foo *instance; if (instance = malloc(sizeof *instance)) instance->pointer = a_function_argument; else { /* handle lack of memory */ } Surely your compiler didn't pass the original? -- Chuck F (cbfalconer@yahoo.com) (cbfalconer@worldnet.att.net) Available for consulting/temporary embedded and systems. USE worldnet address!