From antongraf at aon.at Mon Nov 1 07:18:46 2004 From: antongraf at aon.at (Anton Graf) Date: Wed Mar 22 17:10:48 2006 Subject: [splint-discuss] Re: Bogus warnings when assigning literals to uint8_t Message-ID: <001201c4c00c$f4d3d380$8c00000a@anton> I got rid of the warning by switching on charint, /*@+charint@*/ static uint8_t n; void foo(void) { n = 5; } but I do not know exactly which other errors may be hidden by this. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.Virginia.EDU/pipermail/splint-discuss/attachments/20041101/f53d762d/attachment.htm From grante at visi.com Mon Nov 1 10:22:25 2004 From: grante at visi.com (Grant Edwards) Date: Wed Mar 22 17:10:49 2006 Subject: [splint-discuss] Re: Bogus warnings when assigning literals to uint8_t In-Reply-To: <001201c4c00c$f4d3d380$8c00000a@anton> References: <001201c4c00c$f4d3d380$8c00000a@anton> Message-ID: <20041101152224.GA7401@grante.dsl.visi.com> On Mon, Nov 01, 2004 at 01:18:46PM +0100, Anton Graf wrote: > I got rid of the warning by switching on charint, > > /*@+charint@*/ > > static uint8_t n; > > void foo(void) > { > n = 5; > } > but I do not know exactly which other errors may be hidden by this. It hides the other example I gave in my post where I think a warning is warrented: uint8_t n; uint16_t u; static foo(void) { n = u; } -- Grant Edwards grante@visi.com From dave at safe-mail.net Fri Nov 12 14:40:54 2004 From: dave at safe-mail.net (Dave) Date: Wed Mar 22 17:10:49 2006 Subject: [splint-discuss] A memory leak has been detected. Storage allocated locally is not released... Message-ID: <1100288454.25452.11.camel@t21jt> Hi all. Please excuse my ignorance, but I'm just starting out with C. I have a simple program which splint throws an error with: #include #include int main(void){ struct if_nameindex *idx; idx = if_nameindex (); if_freenameindex (idx); return 0; } When I run splint against this, I get: test1.c: (in function main) test1.c:8:12: Fresh storage idx not released before return A memory leak has been detected. Storage allocated locally is not released before the last reference to it is lost. (Use -mustfreefresh to inhibit warning) test1.c:5:3: Fresh storage idx created Finished checking --- 1 code warning I've had a read of the manuals, which (I think) indicate that this should be valid. (The docs say that I need to call if_freenameindex() once I've finished with the return value from if_nameindex() - if_nameindex() mallocs the storage and if_freenameindex() frees it). Could someone please let me know whether this is a "bug", and if so, is there anything I can do about it _without_ modifying the glibc code (i.e. could I permanently get rid of the warning by using "memory allocation" annotations)? Many thanks Dave From Ralf.Wildenhues at gmx.de Mon Nov 15 11:08:27 2004 From: Ralf.Wildenhues at gmx.de (Ralf Wildenhues) Date: Wed Mar 22 17:10:49 2006 Subject: [splint-discuss] A memory leak has been detected. Storage allocated locally is not released... In-Reply-To: <1100288454.25452.11.camel@t21jt> References: <1100288454.25452.11.camel@t21jt> Message-ID: <20041115160827.GA1355@iam.uni-bonn.de> * Dave wrote on Fri, Nov 12, 2004 at 08:40:54PM CET: > > Please excuse my ignorance, but I'm just starting out with C. I have a > simple program which splint throws an error with: > > #include > #include > int main(void){ > struct if_nameindex *idx; > idx = if_nameindex (); > if_freenameindex (idx); > return 0; > } > > When I run splint against this, I get: > > test1.c: (in function main) > test1.c:8:12: Fresh storage idx not released before return > A memory leak has been detected. Storage allocated locally is not > released > before the last reference to it is lost. (Use -mustfreefresh to > inhibit > warning) > test1.c:5:3: Fresh storage idx created > Finished checking --- 1 code warning > > > I've had a read of the manuals, which (I think) indicate that this > should be valid. (The docs say that I need to call if_freenameindex() > once I've finished with the return value from if_nameindex() - > if_nameindex() mallocs the storage and if_freenameindex() frees it). This is because splint has not been taught the semantics of the if_*nameindex() functions (yet). > Could someone please let me know whether this is a "bug", and if so, is > there anything I can do about it _without_ modifying the glibc code > (i.e. could I permanently get rid of the warning by using "memory > allocation" annotations)? Splint needs to be taught the semantics of the net/if.h functions. As they are POSIX, they should be in splint/lib/posix.h, probably unix.h as well. The replacement should look something like this (first try, I don't have the specs at hand). While this is not integrated in splint, you could put it in a replacement header net/if.h and add the base directory as -I argument to splint's include path. Regards, Ralf extern int IF_NAMESIZE; struct if_nameindex; unsigned int if_nametoindex(const char *); /*@null@*/ /*@temp@*/ char * if_indextoname(unsigned int, char *ifname) /*@requires maxSet(ifname) >= IF_NAMESIZE; @*/ /*@modifies errno@*/ ; /*@null@*/ /*@only@*/ struct if_nameindex * if_nameindex(void) /*@modifies errno@*/ ; void if_freenameindex(/*@out@*/ /*@only@*/ struct if_nameindex *); From dirk at dirk-herrmanns-seiten.de Thu Nov 25 17:20:01 2004 From: dirk at dirk-herrmanns-seiten.de (Dirk Herrmann) Date: Wed Mar 22 17:10:49 2006 Subject: [splint-discuss] Bug report: typedef'ing abstract types Message-ID: <41A65A91.6070000@dirk-herrmanns-seiten.de> Hello, I want to report a bug in splint. For the following piece of code, I get no warnings, although I expected that the expression x + y would cause a warning about incompatible types to be issued. -------- start of test.c -------- typedef /*@abstract@*/ int foo; typedef /*@abstract@*/ int bar; int main (int /*@unused@*/ argc, char /*@unused@*/ *argv[]) { foo x = 0; bar y = 1; return x + y; } --------- end of test.c --------- The output of splint (with different flags) looks as follows: dirk(users)@trillian:~/tmp/splint > splint +strict test.c Splint 3.1.1 --- 28 Apr 2003 Finished checking --- no warnings dirk(users)@trillian:~/tmp/splint > splint test.c Splint 3.1.1 --- 28 Apr 2003 Finished checking --- no warnings dirk(users)@trillian:~/tmp/splint > splint +impabstract test.c Splint 3.1.1 --- 28 Apr 2003 Finished checking --- no warnings Best regards, Dirk Herrmann From Ralf.Wildenhues at gmx.de Fri Nov 26 02:40:48 2004 From: Ralf.Wildenhues at gmx.de (Ralf Wildenhues) Date: Wed Mar 22 17:10:49 2006 Subject: [splint-discuss] Bug report: typedef'ing abstract types In-Reply-To: <41A65A91.6070000@dirk-herrmanns-seiten.de> References: <41A65A91.6070000@dirk-herrmanns-seiten.de> Message-ID: <20041126074048.GA29321@iam.uni-bonn.de> Hi Dirk, * Dirk Herrmann wrote on Thu, Nov 25, 2004 at 11:20:01PM CET: > > I want to report a bug in splint. For the following piece of code, I > get no warnings, although I expected that the expression x + y would > cause a warning about incompatible types to be issued. I don't think this is a bug in splint, because of the access heuristics employed: If you declare an abstract type foo in some file bar.c or header bar.h, then by default code in both bar.h and bar.c are declared to have access to the abstract type. (Think of the files as the implementation of the type, if you like.) This behavior can be overridden with the annotations /*@access foo@*/ and /*@noaccess foo@*/ which hold for code following these annotations in the same file. The following example will warn unless you enable the access by replacing the ':' with '@'. Regards, Ralf /* a.c */ #include "a.h" #include "b.h" /*:access bar:*/ int main (int /*@unused@*/ argc, char /*@unused@*/ *argv[]) { foo x = 0; bar y = 1; return x + y; } ==== /* a.h */ typedef /*@abstract@*/ int foo; ==== /* b.h */ typedef /*@abstract@*/ int bar; From schonm at yahoo.com Sun Nov 28 01:54:03 2004 From: schonm at yahoo.com (J Schonberg) Date: Wed Mar 22 17:10:49 2006 Subject: [splint-discuss] Printf formating and splint Message-ID: <20041128065403.68773.qmail@web54703.mail.yahoo.com> Hello, I don't understand why splint is having difficulty with the following code. The tools suggests that I can use the +relaxtypes.flag to avoid the warning. But I'm not sure this is really the correct solution. [~/C]$ more float.c #include int main() { int num; float denom; num = 1; denom = 4.0; printf ("%f\n",num / denom); return 0; } [~/C]$ splint float.c Splint 3.1.1.2 --- 21 Oct 2004 float.c: (in function main) float.c:9:17: Format argument 1 to printf (%f) expects double gets int: num / denom To allow all numeric types to match, use +relaxtypes. float.c:9:12: Corresponding format code Finished checking --- 1 code warning Why does the compiler see int here? The expression is clearly floating point. [~/C]$ gcc -Wall -W -O2 -o run float.c [~/C]$ ./run 0.250000 I'm using gcc 3.4.1. Your suggestions would be welcome. Thanks. __________________________________ Do you Yahoo!? All your favorites on one personal page – Try My Yahoo! http://my.yahoo.com