From kumar.amit at bhartitelesoft.com  Wed Jun 21 11:02:06 2006
From: kumar.amit at bhartitelesoft.com (amit kumar)
Date: Wed Jun 21 11:02:20 2006
Subject: [splint-discuss] general query 
Message-ID: <015e01c69543$a941b140$2b0310ac@bhartitelesoft.com>

Hi,
I am new to splint .please list the flags that i can use with splint as -weak 
please tell me about this .
Document is too long to read 
Thanks 
Amit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.cs.Virginia.EDU/pipermail/splint-discuss/attachments/20060621/69d093f4/attachment.htm
From tppytel at sophrosune.org  Fri Jun 23 16:26:28 2006
From: tppytel at sophrosune.org (Todd Pytel)
Date: Fri Jun 23 16:25:13 2006
Subject: [splint-discuss] Need help understanding this storage warning...
Message-ID: <449C4E74.4080105@sophrosune.org>

Hello,

I really only dabble in programming, but I like to try to do things the 
right way. So I'm trying out splint on a little contest problem. I think 
  I've understood and accounted for the other warnings I received, but 
there's one left I don't understand. I'll just quote context, but the 
full text of the source is at http://www.sophrosune.org/grants.c if that 
helps.

The code takes sets of inputs and stores the results for each input as a 
string in one row of results (which is a char **). Each time through the 
process, memory for a new row is allocated with

results = realloc(results, (numInputs*sizeof(char *)));
NULLCHECK(results);
(line 99) results[numInputs - 1] = calloc((size_t)(3*N+1),sizeof(char));
NULLCHECK(results[numInputs - 1]);

Shortly after that comes the core of the processing function, which 
steps through a circular queue and appends to results[] whenever someone 
leaves the queue...

while (true) {
     pay(cur);
     if (cur->paid == 40) {
         prev->next = cur->next;
         (void)snprintf(str, 3, "%3d", cur->id);
         strcat(results[numInputs - 1], str);
         if (cur == prev) break;
         free(cur);
         cur = prev->next;
     } else {
         prev = cur;
         cur = cur->next;
     }
(line 140) }

Splint complains...

grants.c(140,2): Storage results[] reachable from global is fresh 
(should be unqualified)
   Storage derivable from a parameter does not match the alias kind 
expected for the formal parameter. (Use -compmempass to inhibit warning)
    grants.c(99,2): Fresh storage results[] created

Now, as I said, I'm not really a programmer so I'm probably missing 
something. But I don't get the message. I see that fresh storage is 
created at line 99, but the process can't return until a string is 
assigned there (in the strcat line). What am I missing, or how do I tell 
splint this is OK?

Thanks,
Todd
From ptp at lysator.liu.se  Sat Jun 24 14:07:48 2006
From: ptp at lysator.liu.se (Tommy Pettersson)
Date: Sat Jun 24 14:08:17 2006
Subject: [splint-discuss] Need help understanding this storage warning...
In-Reply-To: <449C4E74.4080105@sophrosune.org>
References: <449C4E74.4080105@sophrosune.org>
Message-ID: <20060624180748.GA31046@812165098-VISIT-ADSL-LKOPING-NET.host.songnetworks.se>

On Fri, Jun 23, 2006 at 03:26:28PM -0500, Todd Pytel wrote:
> I think 
>  I've understood and accounted for the other warnings I received,

Just in case you didn't notice: the function process() has a
memory leak in the "work through the queue" loop.

>  but 
> there's one left I don't understand.

I'm not sure I understand it either, but I think it goes
something like this:

The results array has both outer and inner storage. The outer
storage is the pointer to the dynamically allocated memory of
the array. The inner storage are the pointers in the array to
the dynamically allocated strings. The /*@only@*/ annotation
only applies to the outer pointer, so the inner pointers are
unqualified.

Splint by default doesn't check for many memory reference things
because most of them require the source code first be annotated,
but if it is run with the -checks option it does, and gives the
somewhat more understandable error message:

  grants.c: (in function process)
  grants.c:99: Only storage assigned to unqualified:
      results[numInputs - 1] = calloc((size_t)(3 * N + 1), sizeof(char))
    The only reference to this storage is transferred to another reference that
    does not have an aliasing annotation. This may lead to a memory leak, since
    the new reference is not necessarily released. (Use -onlyunqglobaltrans to
    inhibit warning)

I believe the warning "Storage reachable from global is fresh
(should be unqualified)" is basically the same warning, but in a
more general form detected later in some validation check. Fresh
memory (allocated within the function) that still lives after
the function ends must be stored in /*@only@*/ variables, which
the inner pointers of results[] aren't.

Section 5.2.7 of the manual explains how to annotate inner
storage, but it won't help much since the realloc() will then
cause another warning. The previous size of the array is not
generally known, so splint can't assume all previous pointers
survive the realloc (the array could be shrunken), and splint
will thus warn about inner /*@only@*/ references might be lost
without first being free():ed.


-- 
Tommy Pettersson <ptp@lysator.liu.se>
From lholzheid at bihl-wiedemann.de  Thu Jun 29 09:59:45 2006
From: lholzheid at bihl-wiedemann.de (Ludolf Holzheid)
Date: Thu Jun 29 09:59:53 2006
Subject: [splint-discuss] (How) does the 'unsignedintegraltype' annotation
	work?
Message-ID: <20060629135945.GA12619@svr5.bihl-wiedemann.de>

Hello,

the 'unsignedintegraltype' annotation does not work as I expect:

Splint warns if an unsigned integer constant is assigned to a
variable of an 'unsignedintegraltype' annotated type, and it does not
warn if a negative integer constant is assigned to such a variable.

Attached is a code snippet.

Is this behavior intended or am I missing something?

Ludolf

-- 

---------------------------------------------------------------
Ludolf Holzheid             Tel:    +49 621 339960
Bihl+Wiedemann GmbH         Fax:    +49 621 3392239
Flo?w?rthstra?e 41          e-mail: lholzheid@bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------
-------------- next part --------------

typedef /*@unsignedintegraltype@*/ uint8_t;

static uint8_t u8a;

/*@-paramuse@*/

int main (int argc, char *argv [])
{
                    // splint       expected
                    //
    u8a =  1;       // no warning   warning?
    u8a =  1u;      // warning      no warning  <---
    u8a =  1l;      // warning      warning
    u8a =  1lu;     // warning      warning?
    u8a = -1;       // no warning   warning     <---

    return (0);
}