[splint-discuss] Help with mmap() and abstract data type annotations

CBFalconer cbfalconer at yahoo.com
Sat Nov 1 17:10:23 EST 2003

David Hawkins wrote:
> > Please don't top-post.
> Enlighten me? What do you mean by 'top-post'?
> And sorry for doing it :)

Top posting is posting before the quoted material to which you are
replying, which you did before, but not this time.  It is
encouraged by brain-dead software such as Outhouse Excretion.  It
is also considered polite to retain attributions for any material
you quote, but not for quoted material you snip because it is not
germane to your reply.

> > I strongly recommend against the casual use of casts,
> > especially to shut up warnings.  The result may be
> > warning free, but can easily contain fatal errors.
> > You are immediately overriding the compilers (and
> > splint is a form of compiler) judgement with your
> > own, and stating 'ignore this'.  Unnecessary casts
> > are most likely to be a sign of faulty initial thinking.
> Ok good. I posted what I had been doing to get feedback
> on what I should be doing. So any chance you could
> indicate the appropriate way to proceed?
> I'm trying to 'improve' my coding style and work habits.
> Splint 'encourages' me to do this, so I'd like to
> work out how to use it correctly.
> So for example, when determining the length of a string,
> and assigning it to an int, then passing it off to
> a string function and getting a size_t warning,
> what should I have really done? Used a size_t right
> from the outset is one answer, but is that the

That obviously depends.  The strlen function returns a size_t, and
if it to be supplied to something requiring a size_t what possibly
purpose can there be to casting it?  Why should its value ever be
stored in an int?

> only? How about accessing register values, a hardware
> register is defined as a 'volatile unsigned int',
> but when I manipulate it, its no longer volatile
> once inside a variable ... in that case a cast
> to 'unsigned int' seems appropriate.

Volatile etc. does not define a hardware register - it simply says
that the value contained therein may spontaneously change.  The
description applies to the storage location, not to the value. 
The question by itself indicates that you need to look more deeply
into the guarantees that do and do not apply to your data and
code.  <news://comp.lang.c> would be a useful resource.  Similarly
the ISO C standard.

Splint is a tool, and usage requires judgement, just as with any
other tool.

Chuck F (cbfalconer at yahoo.com) (cbfalconer at worldnet.att.net)
   Available for consulting/temporary embedded and systems.
   <http://cbfalconer.home.att.net>  USE worldnet address!

More information about the splint-discuss mailing list