From FrankRoland at kuka-controls.de Fri Sep 10 06:46:57 2004 From: FrankRoland at kuka-controls.de (Roland Frank) Date: Wed Mar 22 17:10:41 2006 Subject: [splint-discuss] Namespace prefix Message-ID: Skipped content of type multipart/alternative From john.carter at tait.co.nz Sun Sep 12 20:54:03 2004 From: john.carter at tait.co.nz (John Carter) Date: Wed Mar 22 17:10:42 2006 Subject: [splint-discuss] Speeding splint. ccache/distcc for splint. Message-ID: Current, by a largish factor, splint is the slowest part of our build process. So I'm looking for ways to speed that up. Question 1: ___________ Are any flags intrinsically computationally expensive? (ie. What, apart from the ones mentioned in... splint --help flags performance could I switch off to increase speed? Question 2: ----------- Is there anyway to use ccache / distcc with splint? Question 3: ----------- Is there, anywhere, a "splint oracle". For example a server somewhere on the LAN that when given a hash number either replies AYE or NAY. If the clieant recieves an AYE, it doesn't run splint. If it recieves a NAY, it runs splint. If splint runs succesfully, it tells the server that that hash is an AYE, and the server stores it. Question 3b: ----------- I always compile first then splint. Thus I already have something, ie the object file, that is a distillation of the .c file and all the header files that went into it. Thus is there a way of extracting out of an ELF object file a hash that would include information on changes in splint annotations in the source files. Thank you, John Carter Phone : (64)(3) 358 6639 Tait Electronics Fax : (64)(3) 359 4632 PO Box 1645 Christchurch Email : john.carter@tait.co.nz New Zealand The universe is absolutely plastered with the dashed lines exactly one space long. From evans at cs.virginia.edu Sun Sep 12 21:11:05 2004 From: evans at cs.virginia.edu (David Evans) Date: Wed Mar 22 17:10:42 2006 Subject: [splint-discuss] Speeding splint. ccache/distcc for splint. In-Reply-To: References: Message-ID: On Mon, 13 Sep 2004, John Carter wrote: > Current, by a largish factor, splint is the slowest part of our build > process. > > So I'm looking for ways to speed that up. > > Question 1: > ___________ > > Are any flags intrinsically computationally expensive? (ie. What, apart > from the ones mentioned in... > splint --help flags performance > could I switch off to increase speed? > The easiest way to improve speed is to change header inclusion. If you use the +single-include flag, splint will only process each header file once (instead of everywhere it is included). This could cause problems if a header file is included in contexts where the define variables are set differently. The other approach to scaling is to use libraries so groups of files can be checked independently. See http://www.splint.org/manual/html/sec14.html (section 14.3). > Question 2: > ----------- > > Is there anyway to use ccache / distcc with splint? > I'm not aware of anyone trying this. ccache would probably not be possible, at least without lost of effort. distcc should be doable if you use libraries to get the header information and then check source files in a distributed way. > Question 3: > ----------- > > Is there, anywhere, a "splint oracle". For example a server somewhere on > the LAN that when given a hash number either replies AYE or NAY. If the > clieant recieves an AYE, it doesn't run splint. If it recieves a NAY, it > runs splint. If splint runs succesfully, it tells the server that that > hash is an AYE, and the server stores it. > Nothing like this exists --- I'm not sure I follow the need for it though. If you have makefile dependencies and use libraries, they could prevent re-splinting check files; otherwise, if other parts of the software have changed, it may be necessary to re-splint a source file that has not changed. > Question 3b: > ----------- > > I always compile first then splint. Thus I already have something, ie the > object file, that is a distillation of the .c file and all the header > files that went into it. > > Thus is there a way of extracting out of an ELF object file a hash that > would include information on changes in splint annotations in the source > files. > No --- the splint annotations are ignored as comments by the C compiler, so they are not in the object file. If splint were embedded into a compiler, it could do this, but nothing like that exists. Hopefully, the header file inclusion flag will be enough to speed up your build process. For most programs, it has a very substantial impact. Regards, --- Dave From john.carter at tait.co.nz Sun Sep 12 22:43:28 2004 From: john.carter at tait.co.nz (John Carter) Date: Wed Mar 22 17:10:42 2006 Subject: [splint-discuss] Speeding splint. ccache/distcc for splint. In-Reply-To: References: Message-ID: On Sun, 12 Sep 2004, David Evans wrote: >> Question 3: >> ----------- >> >> Is there, anywhere, a "splint oracle". For example a server somewhere on >> the LAN that when given a hash number either replies AYE or NAY. If the >> clieant recieves an AYE, it doesn't run splint. If it recieves a NAY, it >> runs splint. If splint runs succesfully, it tells the server that that >> hash is an AYE, and the server stores it. >> > > Nothing like this exists --- I'm not sure I follow the need for it though. I have makefile dependencies, the problem is I have about.. * 20 developers * working on different machines on different branches of the code. * and a background "clean build on checkin" process that does a clean compile, splint and links all 13 product variants. This currently takes about 2 hours. The problem will only get worse as the number of variants increases. John Carter Phone : (64)(3) 358 6639 Tait Electronics Fax : (64)(3) 359 4632 PO Box 1645 Christchurch Email : john.carter@tait.co.nz New Zealand The universe is absolutely plastered with the dashed lines exactly one space long. From roland.illig at gmx.de Sun Sep 19 06:46:08 2004 From: roland.illig at gmx.de (Roland Illig) Date: Wed Mar 22 17:10:42 2006 Subject: [splint-discuss] memory management Message-ID: <414D6370.8040408@gmx.de> /** Hi, I didn't manage to completely splint the following program using: splint +strict +posixstrictlib +quiet -exportlocal -exportfcn \ -exporttype Is it a bug in splint? Roland */ struct buffer { /*@only@*/ /*@null@*/ void *data; size_t size; }; static void buffer_free(/*@special@*/ struct buffer *buf) /*@modifies *buf; @*/ /*@releases buf->data; @*/ /*@ensures isnull buf->data; @*/ { if (buf->data != NULL) { free(buf->data); buf->data = NULL; } buf->size = 0; } From evans at cs.virginia.edu Sun Sep 19 09:46:09 2004 From: evans at cs.virginia.edu (David Evans) Date: Wed Mar 22 17:10:42 2006 Subject: [splint-discuss] memory management In-Reply-To: <414D6370.8040408@gmx.de> References: <414D6370.8040408@gmx.de> Message-ID: Yes, splint's analysis merges the null state after the if, but loses the information from the predicate test (to know that buf->data was already NULL), so you get the spurious warnings. If you change the code to, if (buf->data != NULL) { free(buf->data); } buf->data = NULL; the warning will go away (although you may rightly prefer the original code and need to use syntactic comments to supress the spurious warnings. --- Dave On Sun, 19 Sep 2004, Roland Illig wrote: > /** > Hi, > > I didn't manage to completely splint the following program using: > > splint +strict +posixstrictlib +quiet -exportlocal -exportfcn \ > -exporttype > > Is it a bug in splint? > > Roland > */ > > struct buffer { > /*@only@*/ /*@null@*/ void *data; > size_t size; > }; > > static void buffer_free(/*@special@*/ struct buffer *buf) > /*@modifies *buf; @*/ > /*@releases buf->data; @*/ > /*@ensures isnull buf->data; @*/ > { > if (buf->data != NULL) { > free(buf->data); > buf->data = NULL; > } > buf->size = 0; > } > _______________________________________________ > splint-discuss mailing list > splint-discuss@cs.virginia.edu > http://www.splint.org/mailman/listinfo/splint-discuss > From cbfalconer at yahoo.com Mon Sep 20 07:59:01 2004 From: cbfalconer at yahoo.com (CBFalconer) Date: Wed Mar 22 17:10:42 2006 Subject: [splint-discuss] memory management References: <414D6370.8040408@gmx.de> Message-ID: <414EC605.8F760EA0@yahoo.com> David Evans wrote: > > Yes, splint's analysis merges the null state after the if, but > loses the information from the predicate test (to know that > buf->data was already NULL), so you get the spurious warnings. > > If you change the code to, > > if (buf->data != NULL) { > free(buf->data); > } > buf->data = NULL; > > the warning will go away (although you may rightly prefer the > original code and need to use syntactic comments to supress the > spurious warnings. Since free(NULL) is defined to be a no-op, why bother with the gyrations, when a simple: free(buf->data); buf->data = NULL; will do. No tests required. -- Chuck F (cbfalconer@yahoo.com) (cbfalconer@worldnet.att.net) Available for consulting/temporary embedded and systems. USE worldnet address! From roland.illig at gmx.de Wed Sep 22 19:51:00 2004 From: roland.illig at gmx.de (Roland Illig) Date: Wed Mar 22 17:10:42 2006 Subject: [splint-discuss] SPlint should recognize POSIX select(2) Message-ID: <41520FE4.4050807@gmx.de> I have written an interface definition for select(2). I would like to see it included in the next release of SPlint. Greetings, Roland -------------- next part -------------- typedef struct FD_SET_IMPL *fd_set; /*@-protoparamname@*/ /*@external@*/ extern void FD_ZERO(/*@out@*/ fd_set *fds) /*@modifies *fds; @*/; /*@external@*/ extern void FD_SET(int, fd_set *fds) /*@modifies *fds; @*/; /*@external@*/ extern bool FD_ISSET(int, const fd_set *) /*@*/; /*@external@*/ extern int select(int, /*@null@*/ fd_set *readfds, /*@null@*/ fd_set *writefds, /*@null@*/ fd_set *errfds, /*@null@*/ void *timeout) /*@globals errno; @*/ /*@modifies errno, *readfds, *writefds, *errfds, *timeout; @*/; From roland.illig at gmx.de Wed Sep 22 21:51:28 2004 From: roland.illig at gmx.de (Roland Illig) Date: Wed Mar 22 17:10:42 2006 Subject: [splint-discuss] SPlint should recognize POSIX select(2) In-Reply-To: <41520FE4.4050807@gmx.de> References: <41520FE4.4050807@gmx.de> Message-ID: <41522C20.4000109@gmx.de> Roland Illig wrote: > I have written an interface definition for select(2). I would like to > see it included in the next release of SPlint. Forget it. ;) I just found it in the +unixstrictlib. Another question: Is it possible to declare a function that /*@ensures undefined foo; @*/ to mark foo object as undefined, but allocated? void Foo_finalize(Foo *foo) /*@ensures undefined foo; @*/; Roland From evans at cs.virginia.edu Wed Sep 22 22:45:26 2004 From: evans at cs.virginia.edu (David Evans) Date: Wed Mar 22 17:10:42 2006 Subject: [splint-discuss] SPlint should recognize POSIX select(2) In-Reply-To: <41522C20.4000109@gmx.de> References: <41520FE4.4050807@gmx.de> <41522C20.4000109@gmx.de> Message-ID: On Thu, 23 Sep 2004, Roland Illig wrote: > Another question: Is it possible to declare a function that /*@ensures > undefined foo; @*/ to mark foo object as undefined, but allocated? > > void Foo_finalize(Foo *foo) > /*@ensures undefined foo; @*/; > Yes, the /*@out@*/ annotation means this. You can also use /*@allocates foo;@*/ See http://www.splint.org/manual/html/sec7.html (Section 7.4) for details. --- Dave From roland.illig at gmx.de Thu Sep 23 03:50:42 2004 From: roland.illig at gmx.de (Roland Illig) Date: Wed Mar 22 17:10:42 2006 Subject: [splint-discuss] SPlint should recognize POSIX select(2) In-Reply-To: References: <41520FE4.4050807@gmx.de> <41522C20.4000109@gmx.de> Message-ID: <41528052.4000902@gmx.de> David Evans wrote: > On Thu, 23 Sep 2004, Roland Illig wrote: > > >>Another question: Is it possible to declare a function that /*@ensures >>undefined foo; @*/ to mark foo object as undefined, but allocated? >> >>void Foo_finalize(Foo *foo) >> /*@ensures undefined foo; @*/; > > Yes, the /*@out@*/ annotation means this. You can also use > /*@allocates foo;@*/ > > See http://www.splint.org/manual/html/sec7.html (Section 7.4) for details. No, that's not what I want. As the name Foo_finalize suggests, foo shall be completely defined before and is undefined, but _still_ allocated after the function call. I thought the /*@out@*/ annotation was the other way round, suited for Foo_init(). void Foo_finalize(Foo *foo) /*@requires defined foo; @*/ /*@ensures undefined foo; @*/; Roland From evans at cs.virginia.edu Thu Sep 23 16:53:45 2004 From: evans at cs.virginia.edu (David Evans) Date: Wed Mar 22 17:10:43 2006 Subject: [splint-discuss] SPlint should recognize POSIX select(2) In-Reply-To: <41528052.4000902@gmx.de> References: <41520FE4.4050807@gmx.de> <41522C20.4000109@gmx.de> <41528052.4000902@gmx.de> Message-ID: I see, you are correct about the /*@out@*/ annotation, I misunderstood your question. There's no way to express exactly what you want. I would make sense to have an /*@undefines @*/ annotation for this purpose, but it is not implemented. --- Dave On Thu, 23 Sep 2004, Roland Illig wrote: > David Evans wrote: > > On Thu, 23 Sep 2004, Roland Illig wrote: > > > > > >>Another question: Is it possible to declare a function that /*@ensures > >>undefined foo; @*/ to mark foo object as undefined, but allocated? > >> > >>void Foo_finalize(Foo *foo) > >> /*@ensures undefined foo; @*/; > > > > Yes, the /*@out@*/ annotation means this. You can also use > > /*@allocates foo;@*/ > > > > See http://www.splint.org/manual/html/sec7.html (Section 7.4) for details. > > No, that's not what I want. As the name Foo_finalize suggests, foo shall > be completely defined before and is undefined, but _still_ allocated > after the function call. > > I thought the /*@out@*/ annotation was the other way round, suited for > Foo_init(). > > void Foo_finalize(Foo *foo) > /*@requires defined foo; @*/ > /*@ensures undefined foo; @*/; > > Roland > _______________________________________________ > splint-discuss mailing list > splint-discuss@cs.virginia.edu > http://www.splint.org/mailman/listinfo/splint-discuss > From noah at allresearch.com Mon Sep 27 17:59:28 2004 From: noah at allresearch.com (Noah Silverman) Date: Wed Mar 22 17:10:43 2006 Subject: [splint-discuss] Execution Question. Message-ID: <41588D40.70803@allresearch.com> Hi, I've just downloaded and installed splint. It looks very promising. I want to use it to analyze some code written by a former employee. His code has some "weird" inclusions at the top. splint is giving me an error about not finding the proper include files, but I think that all the paths are set correctly. The includes are... #include #include #include #include #include I don't know where/how I should be asking splint to look for these. The Makefile has the followig line.... LIBS = -lz -lpcre -lpthread -lmysqlclient Does that help? Can anybody help?? Thanks... -N From john.carter at tait.co.nz Mon Sep 27 18:55:28 2004 From: john.carter at tait.co.nz (John Carter) Date: Wed Mar 22 17:10:43 2006 Subject: [splint-discuss] Execution Question. In-Reply-To: <41588D40.70803@allresearch.com> References: <41588D40.70803@allresearch.com> Message-ID: On Mon, 27 Sep 2004, Noah Silverman wrote: > His code has some "weird" inclusions at the top. splint is giving me an > error about not finding the proper include files, but I think that all the > paths are set correctly. The includes are... > #include > #include > #include > #include > #include It look s _very_ much as if this is C++ not C (those are the STL headers). Alas, splint is a C only thing. John Carter Phone : (64)(3) 358 6639 Tait Electronics Fax : (64)(3) 359 4632 PO Box 1645 Christchurch Email : john.carter@tait.co.nz New Zealand The universe is absolutely plastered with the dashed lines exactly one space long. From roland.illig at gmx.de Mon Sep 27 19:13:33 2004 From: roland.illig at gmx.de (Roland Illig) Date: Wed Mar 22 17:10:43 2006 Subject: [splint-discuss] Execution Question. In-Reply-To: <41588D40.70803@allresearch.com> References: <41588D40.70803@allresearch.com> Message-ID: <41589E9D.6000203@gmx.de> Noah Silverman wrote: > #include > #include > #include > #include > #include > Can anybody help?? Yes. The code you want to check is not C code, but C++. SPlint is currently unable to check C++ code. Perhaps there are some simple C++ programs it can check, but this code is using templates extensively (set, map, deque, vector, and string are all templates) and that is not yet implemented. Roland From noah at allresearch.com Mon Sep 27 19:17:26 2004 From: noah at allresearch.com (Noah Silverman) Date: Wed Mar 22 17:10:43 2006 Subject: [splint-discuss] Execution Question. In-Reply-To: References: <41588D40.70803@allresearch.com> Message-ID: <41589F86.6020408@allresearch.com> Ahhhh, Thanks, From what I understand, the code I'm looking at is a MIX of C and C++ Can you or someone else reccomend a similar open source tool for looking at C++?? Thanks! -N John Carter wrote: > On Mon, 27 Sep 2004, Noah Silverman wrote: > >> His code has some "weird" inclusions at the top. splint is giving me >> an error about not finding the proper include files, but I think that >> all the paths are set correctly. The includes are... >> #include >> #include >> #include >> #include >> #include > > > It look s _very_ much as if this is C++ not C (those are the STL > headers). > > Alas, splint is a C only thing. > > > > John Carter Phone : (64)(3) 358 6639 > Tait Electronics Fax : (64)(3) 359 4632 > PO Box 1645 Christchurch Email : john.carter@tait.co.nz > New Zealand > > The universe is absolutely plastered with the dashed lines exactly one > space long. > _______________________________________________ > splint-discuss mailing list > splint-discuss@cs.virginia.edu > http://www.splint.org/mailman/listinfo/splint-discuss > From noah at allresearch.com Mon Sep 27 19:44:44 2004 From: noah at allresearch.com (Noah Silverman) Date: Wed Mar 22 17:10:43 2006 Subject: [splint-discuss] Execution Question. In-Reply-To: <41589E9D.6000203@gmx.de> References: <41588D40.70803@allresearch.com> <41589E9D.6000203@gmx.de> Message-ID: <4158A5EC.2090904@allresearch.com> Thanks! Is there an open source tool I can use for checking C++ -N Roland Illig wrote: > Noah Silverman wrote: > >> #include >> #include >> #include >> #include >> #include > > >> Can anybody help?? > > > Yes. The code you want to check is not C code, but C++. SPlint is > currently unable to check C++ code. Perhaps there are some simple C++ > programs it can check, but this code is using templates extensively > (set, map, deque, vector, and string are all templates) and that is > not yet implemented. > > Roland > _______________________________________________ > splint-discuss mailing list > splint-discuss@cs.virginia.edu > http://www.splint.org/mailman/listinfo/splint-discuss > From ok at cs.otago.ac.nz Mon Sep 27 22:26:22 2004 From: ok at cs.otago.ac.nz (Richard A. O'Keefe) Date: Wed Mar 22 17:10:43 2006 Subject: [splint-discuss] Execution Question. Message-ID: <200409280226.i8S2QMSs197330@atlas.otago.ac.nz> Noah Silverman wrote: I want to use [splint] to analyze some code written by a former employee. His code has some "weird" inclusions at the top. ... #include #include #include #include #include Bad news. Those are C++ headers. They are defined in the C++ standard. That file is not C code and splint, being a static checker for C, cannot handle it at all. From ok at cs.otago.ac.nz Mon Sep 27 22:30:20 2004 From: ok at cs.otago.ac.nz (Richard A. O'Keefe) Date: Wed Mar 22 17:10:43 2006 Subject: [splint-discuss] Execution Question. Message-ID: <200409280230.i8S2UKCX177349@atlas.otago.ac.nz> Noah Silverman wrote: Can you or someone else reccomend a similar open source tool for looking at C++?? The nearest thing I can think of would be to use the free compiler g++ and turn on every checking switch you can find. If you are using Windows, the Watcom C++ compiler is now open source, or at any rate a free download, and you could try every checking switch you can find for that as well. It might not cope; C++ changed a lot during the standardisation process and trying to keep up was a company-killing job. There was a "loose" parser for C++ developed as part of a metrics program or something like that by a student at one of the New Zealand universities; I have a paper copy of an article about that at home which I'll try to bring in tomorrow. From cbfalconer at yahoo.com Tue Sep 28 01:32:51 2004 From: cbfalconer at yahoo.com (CBFalconer) Date: Wed Mar 22 17:10:43 2006 Subject: [splint-discuss] Execution Question. References: <41588D40.70803@allresearch.com> Message-ID: <4158F783.3B6461B2@yahoo.com> Noah Silverman wrote: > > I've just downloaded and installed splint. It looks very promising. > > I want to use it to analyze some code written by a former employee. > > His code has some "weird" inclusions at the top. splint is giving me an > error about not finding the proper include files, but I think that all > the paths are set correctly. > The includes are... > #include > #include > #include > #include > #include That code is apparently written in C++, which splint does not handle. -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? From cbfalconer at yahoo.com Tue Sep 28 01:41:43 2004 From: cbfalconer at yahoo.com (CBFalconer) Date: Wed Mar 22 17:10:43 2006 Subject: [splint-discuss] Execution Question. References: <41588D40.70803@allresearch.com> <41589F86.6020408@allresearch.com> Message-ID: <4158F997.ACEF5E30@yahoo.com> Noah Silverman wrote: > > From what I understand, the code I'm looking at is a MIX of C and C++ > > Can you or someone else reccomend a similar open source tool for > looking at C++?? You will have to pay for it, but PCLINT will run under windoze or DOS, and a version (much more expensive) is available for Unix/Linux. That handles C++. This will cost you something in the range 200 to 1000 USD. A first, and much cheaper, alternative is to compile it with gcc (open source) with appropriate warning levels set. "-W -Wall -ansi -pedantic -Wwrite-strings -O2" is recommended. -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? From roland.illig at gmx.de Tue Sep 28 04:28:29 2004 From: roland.illig at gmx.de (Roland Illig) Date: Wed Mar 22 17:10:43 2006 Subject: [splint-discuss] Execution Question. In-Reply-To: <4158F997.ACEF5E30@yahoo.com> References: <41588D40.70803@allresearch.com> <41589F86.6020408@allresearch.com> <4158F997.ACEF5E30@yahoo.com> Message-ID: <415920AD.1040608@gmx.de> CBFalconer wrote: > You will have to pay for it, but PCLINT will run under windoze or > DOS, and a version (much more expensive) is available for > Unix/Linux. That handles C++. This will cost you something in > the range 200 to 1000 USD. > > A first, and much cheaper, alternative is to compile it with gcc > (open source) with appropriate warning levels set. "-W -Wall > -ansi -pedantic -Wwrite-strings -O2" is recommended. > not to forget -Wshadow (since at least gcc-2.95) -Wfloat-equal (since gcc-3.2). But all that doesn't help you much with memory management issues and NULL pointers. But with the memory management checking even SPlint has still some problems if the control flow is not straightforward (for example by using if (mem) { free(mem); }. But it definitely helps a lot. Roland From john.carter at tait.co.nz Tue Sep 28 17:02:30 2004 From: john.carter at tait.co.nz (John Carter) Date: Wed Mar 22 17:10:43 2006 Subject: [splint-discuss] Execution Question. In-Reply-To: <415920AD.1040608@gmx.de> References: <41588D40.70803@allresearch.com> <41589F86.6020408@allresearch.com> <4158F997.ACEF5E30@yahoo.com> <415920AD.1040608@gmx.de> Message-ID: For memory allocation woes, in a somewhat different category, namely run time memory use checking, the "valgrind" program from http://valgrind.kde.org/ is superb. It is a complementary tool to splint. Splint is purely static analysis of C programs. Valgrind is runtime checking of _any_ program. (It is complementary in that it makes eminent sense for the splint developers to run their test suite of splint under valgrind, and for the valgrind developers to "splint" the valgrind source code.) John Carter Phone : (64)(3) 358 6639 Tait Electronics Fax : (64)(3) 359 4632 PO Box 1645 Christchurch Email : john.carter@tait.co.nz New Zealand The universe is absolutely plastered with the dashed lines exactly one space long. From cbfalconer at yahoo.com Tue Sep 28 23:38:03 2004 From: cbfalconer at yahoo.com (CBFalconer) Date: Wed Mar 22 17:10:43 2006 Subject: [splint-discuss] Execution Question. References: <41588D40.70803@allresearch.com> <41589F86.6020408@allresearch.com> <4158F997.ACEF5E30@yahoo.com> <415920AD.1040608@gmx.de> Message-ID: <415A2E1B.A6C9BE@yahoo.com> Roland Illig wrote: > CBFalconer wrote: > ... snip ... >> >> A first, and much cheaper, alternative is to compile it with gcc >> (open source) with appropriate warning levels set. "-W -Wall >> -ansi -pedantic -Wwrite-strings -O2" is recommended. > > not to forget -Wshadow (since at least gcc-2.95) -Wfloat-equal > (since gcc-3.2). I can agree with float-equal, but not shadow. I have been known to use shadowing as a method of protecting 'global' variables within a function. This protective shadowing actually makes more sense in languages with nested functions, such as Pascal. -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? From st8h304 at hs.uni-hamburg.de Thu Sep 30 16:25:38 2004 From: st8h304 at hs.uni-hamburg.de (Rainer Wichmann) Date: Wed Mar 22 17:10:43 2006 Subject: [splint-discuss] macro expansion Message-ID: Hello, the manual says: "Macros preceded by notfunction are expanded normally before regular checking is done." However, the following code example results in 3 errors (2x Path with no return in function declared to return int, 1x Possibly null storage ff passed as non-null param). The problem is apparently not the macro expansion per se, but the 'do { ... } while (FALSE)' construction, as verified by manual expansion and finally replacement with a simple 'return();' - but this construction is fairly standard for macros, and even appears in the splint manual... Is there any better way to work around this problem than /*@-nullpass -noret@*/ ? #include /*@notfunction@*/ #define MY_RETURN(a) \ do { return (a); } while (1 == 0) int myprint (/*@null@*/char * ff) { if (ff == NULL) { MY_RETURN(1); } (void) fprintf(stderr, "%s\n", ff); MY_RETURN(0); } int main () { char * ff = NULL; (void) myprint (ff); MY_RETURN(0); }