From michael.winkler at lvf.liebherr.com  Wed Jun  2 05:02:55 2004
From: michael.winkler at lvf.liebherr.com (Winkler Michael (LVF))
Date: Wed Mar 22 17:10:34 2006
Subject: [splint-discuss] Options file Suffix
Message-ID: <50750E91AE69D3118A5E0000E85F01AA027B94AC@LVF-MAIL>

What is the right suffix for an options file included with flag +f ???
 

 

Mit freundlichen Gr??en

 

Michael Winkler

Systemtechnik / Elektronik

LIEBHERR-TRANSPORTATION SYSTEMS GMBH

Liebherrstra?e 1
A-2100 Korneuburg



Phone: +43 (0) 2262 602 364

Fax:     +43 (0) 2262 602 503
michael.winkler@lvf.liebherr.com
 <http://www.liebherr.com/> www.liebherr.com

 

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.cs.Virginia.EDU/pipermail/splint-discuss/attachments/20040602/12783eaa/attachment.htm
From ngbmoreau at yahoo.com.au  Wed Jun  2 07:47:19 2004
From: ngbmoreau at yahoo.com.au (NGB)
Date: Wed Mar 22 17:10:35 2006
Subject: [splint-discuss] C99 types
Message-ID: <1086176839.40bdbe472daee@localhost:2000>

I'm tryong to get splint to handle my C99 types 
uint8_t etc ..
I have tried putting 
-Duint8_t=unsigned char

But that doesn't work.
Also is there a more elegant way to actually 
specify how many bits are available in a type ?

Thanks

Nic





-------------------------------------------------


From michael.winkler at lvf.liebherr.com  Wed Jun  2 08:13:50 2004
From: michael.winkler at lvf.liebherr.com (Winkler Michael (LVF))
Date: Wed Mar 22 17:10:35 2006
Subject: AW: [splint-discuss] C99 types
Message-ID: <50750E91AE69D3118A5E0000E85F01AA027B94AE@LVF-MAIL>

Try -Duint8_t=unsignedchar

Splint needs it like this.

Mit freundlichen Gr??en
Michael Winkler


-----Urspr?ngliche Nachricht-----
Von: splint-discuss-bounces@cs.virginia.edu [mailto:splint-discuss-bounces@cs.virginia.edu] 
Gesendet: Mittwoch, 02. Juni 2004 13:47
An: splint-discuss@cs.virginia.edu
Betreff: [splint-discuss] C99 types


I'm tryong to get splint to handle my C99 types 
uint8_t etc ..
I have tried putting 
-Duint8_t=unsigned char

But that doesn't work.
Also is there a more elegant way to actually 
specify how many bits are available in a type ?

Thanks

Nic





-------------------------------------------------

_______________________________________________
splint-discuss mailing list
splint-discuss@cs.virginia.edu http://www.splint.org/mailman/listinfo/splint-discuss


From roland.illig at gmx.de  Wed Jun  2 09:45:08 2004
From: roland.illig at gmx.de (Roland Illig)
Date: Wed Mar 22 17:10:35 2006
Subject: [splint-discuss] Options file Suffix
In-Reply-To: <50750E91AE69D3118A5E0000E85F01AA027B94AC@LVF-MAIL>
References: <50750E91AE69D3118A5E0000E85F01AA027B94AC@LVF-MAIL>
Message-ID: <40BDD9E4.3090406@gmx.de>

Winkler Michael (LVF) wrote:
> 
> What is the right suffix for an options file included with flag +f ???

Any suffix (including nothing) is right. You might call it splint.conf 
or splint.rc or my-program.splint-options. The suffix does not say 
anything about the file's contents.

Roland

From ngbmoreau at yahoo.com.au  Wed Jun  2 18:54:50 2004
From: ngbmoreau at yahoo.com.au (NGB)
Date: Wed Mar 22 17:10:35 2006
Subject: AW: [splint-discuss] C99 types
In-Reply-To: <50750E91AE69D3118A5E0000E85F01AA027B94AE@LVF-MAIL>
References: <50750E91AE69D3118A5E0000E85F01AA027B94AE@LVF-MAIL>
Message-ID: <1086216890.40be5abaa000d@tiger.enttec>

Doesn't work, I get a parse errors !!
Any other ideas ?

Thanks

Nic



Quoting "Winkler Michael (LVF)" <michael.winkler@lvf.liebherr.com>:

> Try -Duint8_t=unsignedchar
> 
> Splint needs it like this.
> 
> Mit freundlichen Gr??en
> Michael Winkler
> 


-------------------------------------------------


From roland.illig at gmx.de  Sun Jun  6 05:03:30 2004
From: roland.illig at gmx.de (Roland Illig)
Date: Wed Mar 22 17:10:35 2006
Subject: bug in llmain.c:loadrc? -- was: [splint-discuss] C99 types
In-Reply-To: <1086176839.40bdbe472daee@localhost:2000>
References: <1086176839.40bdbe472daee@localhost:2000>
Message-ID: <40C2DDE2.8020101@gmx.de>

NGB wrote:
> I'm tryong to get splint to handle my C99 types 
> uint8_t etc ..
> I have tried putting 
> -Duint8_t=unsigned char

This could be a bug in Splint. When this option is read from a 
configuration file, it is interpreted as two words: "-Duint8=unsigned" 
and "char". When you alternatively write
   -Duint8_t="unsigned char"
the configuration file parser interprets it as one word, but does not 
remove the quotes. (see llmain.c, line 2401--2436)

So I'm wondering too, how to write this argument in a configuration file.

Roland

From ned at bike-nomad.com  Wed Jun  9 12:31:29 2004
From: ned at bike-nomad.com (Ned Konz)
Date: Wed Mar 22 17:10:35 2006
Subject: [splint-discuss] Detection of 'used before set' and unions
Message-ID: <200406090931.29594.ned@bike-nomad.com>

Suppose I have a system in which:

sizeof(unsigned long) == 4

and define a union:

typedef union { unsigned long ul; unsigned char uc[4]; } Cnv;

and then later go on to use it as:

	Cnv cnv;
	cnv.uc[0] = 0;
	cnv.uc[1] = 1;
	cnv.uc[2] = 2;
	cnv.uc[3] = 3;
	doSomethingWith(cnv.ul);

Splint does not detect that cnv.ul has in fact been set.

Is there some way to get Splint to properly track this aliasing of storage in 
this case? For that matter, is there any way to tell Splint the various 
integral sizes in my system?

Thanks,
-- 
Ned Konz
http://bike-nomad.com
GPG key ID: BEEA7EFE

From wbriscoe at ponle.demon.co.uk  Wed Jun  9 14:26:40 2004
From: wbriscoe at ponle.demon.co.uk (Walter Briscoe)
Date: Wed Mar 22 17:10:35 2006
Subject: [splint-discuss] Detection of 'used before set' and unions
In-Reply-To: <200406090931.29594.ned@bike-nomad.com>
References: <200406090931.29594.ned@bike-nomad.com>
Message-ID: <ztexZsGgZ1xAFwGD@ponle.demon.co.uk>

In message <200406090931.29594.ned@bike-nomad.com> of Wed, 9 Jun 2004
09:31:29 in , Ned Konz <ned@bike-nomad.com> writes
>Suppose I have a system in which:
>
>sizeof(unsigned long) == 4
>
>and define a union:
>
>typedef union { unsigned long ul; unsigned char uc[4]; } Cnv;
>
>and then later go on to use it as:
>
>       Cnv cnv;
>       cnv.uc[0] = 0;
>       cnv.uc[1] = 1;
>       cnv.uc[2] = 2;
>       cnv.uc[3] = 3;
>       doSomethingWith(cnv.ul);
>
>Splint does not detect that cnv.ul has in fact been set.
>
>Is there some way to get Splint to properly track this aliasing of storage in
>this case? For that matter, is there any way to tell Splint the various
>integral sizes in my system?

I am sorry to say I believe you are invoking undefined behavior.
cf. c99:
6.7.2.1 Structure and union specifiers
...
14 The size of a union is sufficient to contain the largest of its members. The value of at
most one of the members can be stored in a union object at any time.

You write to uc but read ul. It is convenient; I would do so too; it is
still undefined. You might be better doing something like
cnv.ul = ( ( ( ( ( ( 1 >> 8 ) | 2 ) >> 8 ) | 3 ) >> 8 ) | 4;
// I can't remember relative priority of >> and | operators.
// I might prefer to do
cnv.ul = ( ( 1 * 256 + 2 ) * 256 + 3 ) * 256 + 4;
// or
cnv.ul = 0x01020304;
doSomethingWith(cnv.ul);
-- 
Walter Briscoe

From dwh at ovro.caltech.edu  Wed Jun  9 14:58:52 2004
From: dwh at ovro.caltech.edu (David Hawkins)
Date: Wed Mar 22 17:10:35 2006
Subject: [splint-discuss] Detection of 'used before set' and unions
In-Reply-To: <ztexZsGgZ1xAFwGD@ponle.demon.co.uk>
Message-ID: <MFELIBCHAGOFMKDDNLLDAEEJCGAA.dwh@ovro.caltech.edu>


Another alternative ...

> I am sorry to say I believe you are invoking undefined behavior.
> cf. c99:
> 6.7.2.1 Structure and union specifiers
> ...
> 14 The size of a union is sufficient to contain the largest of 
> its members. The value of at
> most one of the members can be stored in a union object at any time.
> 
> You write to uc but read ul. It is convenient; I would do so too; it is
> still undefined. You might be better doing something like
> cnv.ul = ( ( ( ( ( ( 1 >> 8 ) | 2 ) >> 8 ) | 3 ) >> 8 ) | 4;
> // I can't remember relative priority of >> and | operators.
> // I might prefer to do
> cnv.ul = ( ( 1 * 256 + 2 ) * 256 + 3 ) * 256 + 4;
> // or
> cnv.ul = 0x01020304;
> doSomethingWith(cnv.ul);


	unsigned long ul; 
      unsigned char *uc = &ul;

	uc[0] = 0;
	uc[1] = 1;
	uc[2] = 2;
	uc[3] = 3;
	doSomethingWith(ul);


Dave


From derek at knosof.co.uk  Wed Jun  9 19:07:39 2004
From: derek at knosof.co.uk (Derek M Jones)
Date: Wed Mar 22 17:10:36 2006
Subject: [splint-discuss] Detection of 'used before set' and unions
In-Reply-To: <ztexZsGgZ1xAFwGD@ponle.demon.co.uk>
References: <200406090931.29594.ned@bike-nomad.com>
	<200406090931.29594.ned@bike-nomad.com>
Message-ID: <4.3.2.7.2.20040610000559.00b84e60@pop3.demon.co.uk>

Walter,

>>Suppose I have a system in which:
>>
>>sizeof(unsigned long) == 4
>>
>>and define a union:
>>
>>typedef union { unsigned long ul; unsigned char uc[4]; } Cnv;
>>
>>and then later go on to use it as:
>>
>>       Cnv cnv;
>>       cnv.uc[0] = 0;
>>       cnv.uc[1] = 1;
>>       cnv.uc[2] = 2;
>>       cnv.uc[3] = 3;
>>       doSomethingWith(cnv.ul);
>>
>>Splint does not detect that cnv.ul has in fact been set.
>
>I am sorry to say I believe you are invoking undefined behavior.
>cf. c99:
>6.7.2.1 Structure and union specifiers

Actually the behavior is unspecified.  6.2.6.1 specifies a special
case for arrays of unsigned char.


derek

--
Derek M Jones                                           tel: +44 (0) 1252 520 667
Knowledge Software Ltd                            mailto:derek@knosof.co.uk
Applications Standards Conformance Testing   http://www.knosof.co.uk



From Jay.St.Pierre at Colorado.EDU  Wed Jun 30 15:42:28 2004
From: Jay.St.Pierre at Colorado.EDU (Jay A. St. Pierre)
Date: Wed Mar 22 17:10:36 2006
Subject: [splint-discuss] The "errorcode" annotation
Message-ID: <Pine.LNX.4.44.0406301331110.21861-100000@ngst.colorado.edu>

I noticed that some of the standard functions are annotated with 
an "errorcode" annotation.  For example, in standard.h, there is 
the following:

void setbuf (FILE *stream, /*@null@*/ /*@exposed@*/ /*@out@*/ char *buf)
     /*@modifies fileSystem, *stream, *buf@*/
     /*:errorcode != 0*/ ;
     /*:requires maxSet(buf) >= (BUFSIZ - 1):*/ ;

What does the "errorcode" annotation do?  I haven't found any 
documentation of it.

-Jay


From austin_hastings at yahoo.com  Wed Jun 30 16:59:36 2004
From: austin_hastings at yahoo.com (Austin Hastings)
Date: Wed Mar 22 17:10:36 2006
Subject: [splint-discuss] The "errorcode" annotation
In-Reply-To: <Pine.LNX.4.44.0406301331110.21861-100000@ngst.colorado.edu>
Message-ID: <20040630205936.43985.qmail@web12303.mail.yahoo.com>

--- "Jay A. St. Pierre" <Jay.St.Pierre@colorado.edu> wrote:
> I noticed that some of the standard functions are annotated with 
> an "errorcode" annotation.  For example, in standard.h, there is 
> the following:
> 
> void setbuf (FILE *stream, /*@null@*/ /*@exposed@*/ /*@out@*/ char
> *buf)
>      /*@modifies fileSystem, *stream, *buf@*/
>      /*:errorcode != 0*/ ;
>      /*:requires maxSet(buf) >= (BUFSIZ - 1):*/ ;
> 
> What does the "errorcode" annotation do?  I haven't found any 
> documentation of it.

Based on simple visual inspection, the overall purpose of errorcode
seems to be a description of the behavior of the function when an error
occurs. (Possibly intended to provide detection of mishandled return
values?)

Regardless, the setbuf function returns void, so in this case the
errorcode description is wrong. You've discovered an undocumented
feature and an apparent bug at the same time.

=Austin

From evans at cs.virginia.edu  Wed Jun 30 17:21:25 2004
From: evans at cs.virginia.edu (David Evans)
Date: Wed Mar 22 17:10:36 2006
Subject: [splint-discuss] The "errorcode" annotation
In-Reply-To: <Pine.LNX.4.44.0406301331110.21861-100000@ngst.colorado.edu>
References: <Pine.LNX.4.44.0406301331110.21861-100000@ngst.colorado.edu>
Message-ID: <Pine.GSO.4.58.0406301713460.4318@viper.cs.Virginia.EDU>


errorcode doesn't currently have any meaning (hence the use of /*: instead
of /*@ to make it just look like a regular comment for now).  At some
point in the future it might mean something, but for now it is just a
comment.

Some of the library functions are annotated this way to document that
certain return values indicate errors or need to be checked for.  The idea
was to deal with functions that use special return values to indicate
errors (such as fputc returning EOF or fseek returning -1) and support
checks that the calling code handle these errors.  This doesn't really
make sense for setbuf though, since there is no return value. We didn't
get around to implementing this yet, though, or clearly defining its
semantics or what checking would be useful.  It seems like something
useful could be done here, though, since C's lack of exceptions mean
returning special values is a common idiom, and callers should (in some
cases) be required to check for them.

Best,

--- Dave

On Wed, 30 Jun 2004, Jay A. St. Pierre wrote:

> I noticed that some of the standard functions are annotated with
> an "errorcode" annotation.  For example, in standard.h, there is
> the following:
>
> void setbuf (FILE *stream, /*@null@*/ /*@exposed@*/ /*@out@*/ char *buf)
>      /*@modifies fileSystem, *stream, *buf@*/
>      /*:errorcode != 0*/ ;
>      /*:requires maxSet(buf) >= (BUFSIZ - 1):*/ ;
>
> What does the "errorcode" annotation do?  I haven't found any
> documentation of it.
>
> -Jay
>
> _______________________________________________
> splint-discuss mailing list
> splint-discuss@cs.virginia.edu
> http://www.splint.org/mailman/listinfo/splint-discuss
>