From egor.ryabkov at sioux.eu Tue Dec 4 07:54:03 2007 From: egor.ryabkov at sioux.eu (Yegor Ryabkov) Date: Tue, 4 Dec 2007 16:54:03 +0100 (CET) Subject: [splint-discuss] Treating different libraries in a different way Message-ID: <48931.213.126.128.209.1196783643.squirrel@webmail.onlinespamfilter.nl> Hello, I'm using Splint to check a single module in a bigger project, and the module is using some external libraries, which I don't want to check. Is there a way to set up Splint so that it will analyze only the libraries from a given directory (and its subdirectories), leaving all the outside libraries unanalized (yet included)? One way to solve this is to wrap every #include for an outside library with /*@ignore@*/ ... /*@end@*/, but I'd like to find a way to solve this issue in general, if it's possible. Splint manual, section 14 gives no clues on that. Thanks in advance, Egor. From egor.ryabkov at sioux.eu Tue Dec 4 07:24:30 2007 From: egor.ryabkov at sioux.eu (Yegor Ryabkov) Date: Tue, 4 Dec 2007 16:24:30 +0100 (CET) Subject: [splint-discuss] Treating different libraries in a different way Message-ID: <44961.213.126.128.209.1196781870.squirrel@webmail.onlinespamfilter.nl> Hello, I'm using Splint to check a single module in a bigger project, and the module is using some external libraries, which I don't want to check. Is there a way to set up Splint so that it will analyze only the libraries from a given directory (and its subdirectories), leaving all the outside libraries unanalized (yet included)? One way to solve this is to wrap every #include for an outside library with /*@ignore@*/ ... /*@end@*/, but I'd like to find a way to solve this issue in general, if it's possible. Thanks in advance, Egor. From egor.ryabkov at sioux.eu Tue Dec 4 07:53:54 2007 From: egor.ryabkov at sioux.eu (Yegor Ryabkov) Date: Tue, 4 Dec 2007 16:53:54 +0100 (CET) Subject: [splint-discuss] Selective warning disabling Message-ID: <48931.213.126.128.209.1196783634.squirrel@webmail.onlinespamfilter.nl> Hello, Is there a way to suppress a specific type of warning for a block of code? /*@i@*/ looks like a solution, but it's still not a perfect way; is there any other means to do this? "Appendix C -> Annotations -> Suppressing warnings" only contains i, i, t and t. Thanks in advance, Egor. From lyma at cct-tech.com.sg Mon Dec 10 00:14:02 2007 From: lyma at cct-tech.com.sg (Ma Li Yu) Date: Mon, 10 Dec 2007 16:14:02 +0800 Subject: [splint-discuss] About 8051 sfr in Splint Message-ID: Hi, All I just started to learn how to use Splint in my project. Currently I faced below issue: Splint 3.0.1.6 --- 11 Feb 2002 ECO_51.H(156,10): Parse Error: Inconsistent function declaration: sfr : int. (For help on parse errors, see splint -help parseerrors.) *** Cannot continue. I knew that sfr is special function register in 8051, but it is not standard for Splint. So what can I do in Splint to avoid such warning? Regards MA LIYU Mark R&D Software Engineer CCT Tech Singapore Pte Limited Tel: 65-6240 6823 Fax: 65-6444 7848 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20071210/7ac97228/attachment-0001.html From lionel_debroux at yahoo.fr Mon Dec 10 01:08:11 2007 From: lionel_debroux at yahoo.fr (Lionel Debroux) Date: Mon, 10 Dec 2007 10:08:11 +0100 (CET) Subject: [splint-discuss] About 8051 sfr in Splint In-Reply-To: Message-ID: <479160.60526.qm@web52905.mail.re2.yahoo.com> Hi, First, the version of splint you're using is old. You should upgrade to the latest version, though that won't solve your problem. Now, on to your problem. A similar issue, on a different ISA, was discussed on this ML in August. Turning the following definition: #define PCADDR (*(unsigned char volatile far*)0xFD8) into something such as #ifdef S_SPLINT_S extern unsigned char PCADDR; // Undefine "far", if that applies to your ISA, because it's non-C. #define far #else #define PCADDR (*(unsigned char volatile far*)0xFD8) #endif seemed to work. Tell us if it works for you as well :) Regards, Lionel Debroux. ____________________________________________________________________________________________ Yahoo! Mail innove : interface hyper pratique, messenger int?gr?, couleurs - http://mail.yahoo.fr From lyma at cct-tech.com.sg Mon Dec 10 01:59:15 2007 From: lyma at cct-tech.com.sg (Ma Li Yu) Date: Mon, 10 Dec 2007 17:59:15 +0800 Subject: [splint-discuss] About 8051 sfr in Splint Message-ID: Hi, Firstly, did u know which the latest version for Window platform is? It seems its new version is for Linux system. Secondly, I have solved my problem by using your method. Thank you very much!!! Below is my solution: #ifdef S_SPLINT_S #define sfr (unsigned char xdata *) #endif Regards MA LIYU Mark R&D Software Engineer CCT Tech Singapore Pte Limited Tel: 65-6240 6823 Fax: 65-6444 7848 -----Original Message----- From: splint-discuss-bounces at cs.virginia.edu [mailto:splint-discuss-bounces at cs.virginia.edu] On Behalf Of Lionel Debroux Sent: Monday, December 10, 2007 5:08 PM To: Discussions about the Splint annotation-assisted static analysis project Subject: Re: [splint-discuss] About 8051 sfr in Splint Hi, First, the version of splint you're using is old. You should upgrade to the latest version, though that won't solve your problem. Now, on to your problem. A similar issue, on a different ISA, was discussed on this ML in August. Turning the following definition: #define PCADDR (*(unsigned char volatile far*)0xFD8) into something such as #ifdef S_SPLINT_S extern unsigned char PCADDR; // Undefine "far", if that applies to your ISA, because it's non-C. #define far #else #define PCADDR (*(unsigned char volatile far*)0xFD8) #endif seemed to work. Tell us if it works for you as well :) Regards, Lionel Debroux. ____________________________________________________________________________________________ Yahoo! Mail innove : interface hyper pratique, messenger int?gr?, couleurs - http://mail.yahoo.fr _______________________________________________ splint-discuss mailing list splint-discuss at mail.cs.virginia.edu http://www.cs.virginia.edu/mailman/listinfo/splint-discuss From lholzheid at bihl-wiedemann.de Wed Dec 12 04:16:11 2007 From: lholzheid at bihl-wiedemann.de (Ludolf Holzheid) Date: Wed, 12 Dec 2007 13:16:11 +0100 Subject: [splint-discuss] yywrap missing In-Reply-To: <4f1d760b0712120327w28407564o2d0eb91e9dc44f78@mail.gmail.com> References: <4f1d760b0712120327w28407564o2d0eb91e9dc44f78@mail.gmail.com> Message-ID: <20071212121610.GA32726@svr5.bihl-wiedemann.de> On Wed, 2007-12-12 16:57:07 +0530, Pramila V wrote: > Hi, > > I too got the below mentioned error. Open the respective file for example > csanner.c goto the function yywrap as given in error message. > > if ( yywrap() ) > { > } > > Change this to as given below, > > if(yywrap) > { > } Um, what are you trying to do? You seem to replace a call to a function by the address of this function. I don't know what happens if the linker can't find yywrap(), but I *think* you used a very obscure (and non portable) way to write `if (0)' ... The right way to solve this problem was o to provide an (empty) yywrap() (see the flex man page), or o to link against libfl, or o to use `%option noyywrap' for flex. Ludolf -- --------------------------------------------------------------- Ludolf Holzheid Tel: +49 621 339960 Bihl+Wiedemann GmbH Fax: +49 621 3392239 Flo?w?rthstra?e 41 e-mail: lholzheid at bihl-wiedemann.de D-68199 Mannheim, Germany --------------------------------------------------------------- From lyma at cct-tech.com.sg Wed Dec 12 19:22:28 2007 From: lyma at cct-tech.com.sg (Ma Li Yu) Date: Thu, 13 Dec 2007 11:22:28 +0800 Subject: [splint-discuss] About onlytrans Message-ID: Hi, Currently I faced below issue: pdis.c: (in function Store_Key) pdis.c(115,3): Only storage assigned to unqualified static: Key_ptr = (KEY_BUFFERING *)malloc(sizeof(KEY_BUFFERING)) The only reference to this storage is transferred to another reference (e.g., by returning it) that does not have the only annotation. This may lead to a memory leak, since the new reference is not necessarily released. (Use -onlytrans to inhibit warning) This is definition of Key_ptr. It was defined outside of function Store_Key: Static KEY_BUFFERING * Key_ptr; It tries to tell me that it could lead to a memory leak. But I did not understand it. The strange thing is that splint would not complain any more after I changed to below code: KEY_BUFFERING * temp_ptr; //Define inside function Store_Key .... temp_ptr = (KEY_BUFFERING *)malloc(sizeof(KEY_BUFFERING)); Key_ptr = temp_ptr; But I think it is not optimized. Above code is simpler and take less code size. What did u think? Regards MA LIYU Mark R&D Software Engineer CCT Tech Singapore Pte Limited Tel: 65-6240 6823 Fax: 65-6444 7848 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20071213/66130d2f/attachment.html From giridhar at appaji.net Fri Dec 14 02:03:14 2007 From: giridhar at appaji.net (Y Giridhar Appaji Nag) Date: Fri, 14 Dec 2007 15:33:14 +0530 Subject: [splint-discuss] Sources for the documentation Message-ID: <20071214100313.GD4296@loktak.hq.netapp.com> Hi Folks, Where can I find the sources to the manuals (manual.htm and manual.pdf in splint-3.1.2.src.tgz and http://www.splint.org/manual/) distributed with splint? I looked in the CVS and did not find anything that looked like source expect the manual.doc MS word document. Is manual.doc the source? Also, info at splint.org doesn't seem to work anymore. Wondering if it would be updated by the webmasters of splint.org :) Giridhar -- Y Giridhar Appaji Nag | http://www.appaji.net/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20071214/97a1750c/attachment.bin From lholzheid at bihl-wiedemann.de Fri Dec 14 12:11:18 2007 From: lholzheid at bihl-wiedemann.de (Ludolf Holzheid) Date: Fri, 14 Dec 2007 21:11:18 +0100 Subject: [splint-discuss] yywrap missing In-Reply-To: <4f1d760b0712140339i25b47e4bg1d92e5a98bed4653@mail.gmail.com> References: <4f1d760b0712120327w28407564o2d0eb91e9dc44f78@mail.gmail.com> <20071212121610.GA32726@svr5.bihl-wiedemann.de> <4f1d760b0712140339i25b47e4bg1d92e5a98bed4653@mail.gmail.com> Message-ID: <20071214201118.GA26897@svr5.bihl-wiedemann.de> On Fri, 2007-12-14 17:09:47 +0530, Pramila V wrote: > Hi, > > I am a new bee for splint. I would like to compile the source files which is > available in different directory and interlinked each other. One single > project. > > Eg : > > Main/source/aa.c > main/include/aa.h > > Like this many subdirectories under main. > > Can u help me regarding this. Sorry, I don't understand your question. Do you want to compile something with splint? Splint is no compiler, but a static code analyzer. It does not produce object files or executables, but may detect programming mistakes the compiler doesn't recognize. Ludolf P.S.: Please send your questions regarding splint to the splint mailing list instead of to my personal mail address. P.S.: I don't see the relation between your mail and its subject. -- --------------------------------------------------------------- Ludolf Holzheid Tel: +49 621 339960 Bihl+Wiedemann GmbH Fax: +49 621 3392239 Flo?w?rthstra?e 41 e-mail: lholzheid at bihl-wiedemann.de D-68199 Mannheim, Germany --------------------------------------------------------------- From lholzheid at bihl-wiedemann.de Fri Dec 14 12:15:25 2007 From: lholzheid at bihl-wiedemann.de (Ludolf Holzheid) Date: Fri, 14 Dec 2007 21:15:25 +0100 Subject: [splint-discuss] Selective warning disabling In-Reply-To: <48931.213.126.128.209.1196783634.squirrel@webmail.onlinespamfilter.nl> References: <48931.213.126.128.209.1196783634.squirrel@webmail.onlinespamfilter.nl> Message-ID: <20071214201525.GB26897@svr5.bihl-wiedemann.de> On Tue, 2007-12-04 16:53:54 +0100, Yegor Ryabkov wrote: > Hello, > > Is there a way to suppress a specific type of warning for a block of code? > > /*@i@*/ looks like a solution, but it's still not a perfect way; is > there any other means to do this? > > "Appendix C -> Annotations -> Suppressing warnings" only contains i, i, > t and t. You may use most (all) of the splint flags in code annotations. See section 1.3.2 of the manual. Ludolf -- --------------------------------------------------------------- Ludolf Holzheid Tel: +49 621 339960 Bihl+Wiedemann GmbH Fax: +49 621 3392239 Flo?w?rthstra?e 41 e-mail: lholzheid at bihl-wiedemann.de D-68199 Mannheim, Germany --------------------------------------------------------------- From lholzheid at bihl-wiedemann.de Fri Dec 14 12:24:02 2007 From: lholzheid at bihl-wiedemann.de (Ludolf Holzheid) Date: Fri, 14 Dec 2007 21:24:02 +0100 Subject: [splint-discuss] Treating different libraries in a different way In-Reply-To: <48931.213.126.128.209.1196783643.squirrel@webmail.onlinespamfilter.nl> References: <48931.213.126.128.209.1196783643.squirrel@webmail.onlinespamfilter.nl> Message-ID: <20071214202402.GC26897@svr5.bihl-wiedemann.de> On Tue, 2007-12-04 16:54:03 +0100, Yegor Ryabkov wrote: > Hello, > > I'm using Splint to check a single module in a bigger project, and the > module is using some external libraries, which I don't want to check. > Is there a way to set up Splint so that it will analyze only the libraries > from a given directory (and its subdirectories), leaving all the outside > libraries unanalized (yet included)? Take a look at `-sysdirs' and the `-sysdirerrors' flags. Ludolf -- --------------------------------------------------------------- Ludolf Holzheid Tel: +49 621 339960 Bihl+Wiedemann GmbH Fax: +49 621 3392239 Flo?w?rthstra?e 41 e-mail: lholzheid at bihl-wiedemann.de D-68199 Mannheim, Germany --------------------------------------------------------------- From ptp at lysator.liu.se Sat Dec 15 01:27:35 2007 From: ptp at lysator.liu.se (Tommy Pettersson) Date: Sat, 15 Dec 2007 10:27:35 +0100 Subject: [splint-discuss] About onlytrans In-Reply-To: References: Message-ID: <20071215092735.GA15645@static-81.216.50.98.addr.tdcsong.se> On Thu, Dec 13, 2007 at 11:22:28AM +0800, Ma Li Yu wrote: > Currently I faced below issue: > > pdis.c(115,3): Only storage assigned to unqualified static: > > Key_ptr = (KEY_BUFFERING*)malloc(sizeof(KEY_BUFFERING)) > > The only reference to this storage is transferred to another reference > (e.g., by returning it) that does not have the only annotation. This may lead > to a memory leak, since the new reference is not necessarily released. (Use > -onlytrans to inhibit warning) > > This is definition of Key_ptr. It was defined outside of function > Store_Key: > > Static KEY_BUFFERING * Key_ptr; > > It tries to tell me that it could lead to a memory leak. But I did not > understand it. The strange thing is that splint would not complain any > more after I changed to below code: > > > KEY_BUFFERING * temp_ptr; //Define inside function Store_Key > > .... > > temp_ptr = (KEY_BUFFERING *)malloc(sizeof(KEY_BUFFERING)); > Key_ptr = temp_ptr; > > > But I think it is not optimized. Above code is simpler and take less > code size. What did u think? I think the optimizer in the compiler will completely remove the redundant temp_ptr, but that's not the point here. If you don't put splint annotations before the pointers to tell splint how you intend to manage the memory, splint will assume some defaults, and check the code based on these assumptions. There are also limitations to how much splint can check global variables; splint checks that sanity is preserved between the entry and the exit of a function, but it knows little or nothing about the run-time call graph, and thus the state of a global variable at function entry. Anyway, the automatic variable temp_ptr will default to Only, which makes splint happily transfer the ownership of the allocated memory from malloc to temp_ptr. I don't remember what static globals default to, but it's probably some kind of shared type, i.e., when you assign Key_ptr=temp_ptr, temp_ptr is holding on to the ownership while Key_ptr just becomes an alias. This means 1) you must free(temp_ptr) before temp_ptr goes out of scope, or pass it on to some other Only pointer 2) you can not free(Key_ptr). Whit the temp_ptr "trick" you'll get warnings from splint at the function exit that temp_ptr is not freed, and that Key_ptr may reference Null storage. So it doesn't really solve anything. In the original case, the Only pointer returned from malloc is assigned directly to the unannotated Key_ptr, which has no responsibility to free the memory, so the ownership of the memory is lost -- there are no longer any pointer you can use to free the memory (the way splint sees it, because you have not told splint that Key_ptr is an Only pointer). That is why splint reports a memory leak. If you annotate Key_ptr with /*@only@*/, things will work more like you expect, but then you will instead get a warning about "Only storage Key_ptr not released before assignment, a memory leak has been detected". This is because, as you remember, splint does not know about the state of global variables at function entry, so it assumes Key_ptr already holds a pointer to some memory, which will be lost and cause a memory leak when you overwrite it with the new pointer from malloc. There is also still the warning about Key_ptr may become Null. Try this: static /*@only@*/ /*@null@*/ buf_t * Key_ptr; ... if (Key_ptr) free( Key_ptr ); Key_ptr = malloc( BUF_SIZE ); Now splint is confident that no memory is leaked. There are other memory management models with other annotations than Only in splint, which may be more appropriate in your case, and there are ways to annotate functions to explains to splint that parameters are unassigned at function entry and must be assigned before function exit. Such annotations will catch errors where functions are called in inappropriate ways, like: ptr = malloc( size ); do_allocate( &ptr ); An if (p) free(p) trick in do_allocate would probably not be so good. It would be preferred that splint warned about do_allocate being called in a place where ptr was already assigned. Unfortunately I think there are some limitations on global variables with those kind of annotations. You should first try to learn the different ways splint thinks memory can be managed safely. This will make the warning messages much more understandable. They you must realize splint is limited in the way it can model memory management, since it can only do static checks. There are many common ways of managing memory that splint can not fully check. There is often a choice between using memory management that splint understands to get full checking, or use a more convenient model that splint can only partly check is correct. -- Tommy Pettersson From beroset at mindspring.com Mon Dec 31 06:52:20 2007 From: beroset at mindspring.com (Ed Beroset) Date: Mon, 31 Dec 2007 09:52:20 -0500 Subject: [splint-discuss] string concatenation patch Message-ID: <47790224.1020108@mindspring.com> Over the weekend I was trying to fix up splint so that it wouldn't die with a parser error for code like the following: #include #include int main(void) { printf("The answer is %" PRIu32 ".\n", 42); return 0; } For those who don't recall, the ISO C 99 standard added printf and scanf format specifiers to inttypes.h. There are two issues here. The first is that the inttypes.h that is in splint's standard.h doesn't include these definitions. I tried a few things, but failed in that attempt so far. (Maybe somebody can show me how to do this.) The second issue is that a C compiler, according to section 5.1.1.2 of the standard, should concatenate adjacent string literals. That means that even when the statement is written as printf("The answer is %" "d" ".\n", 42); splint doesn't understand it. I believe I have solved that issue and the patch is pasted to the bottom of this email message, but here's the logic behind it. I looked and the grammar file already accepts multiple strings like that, but the format specifier checking wasn't able to handle the multiple strings. What I did was to change the exprNode_stringLiteral() function in exprNode.c so that it now merges the strings before creating the node. Since the same function is also invoked for wide strings, it should work either way if I've done things correctly. Some confirmation of that would be useful. Also, I tried running splint on its own source code, but was unable to get it to parse the original file. I think I have the annotations correct, but some hint as to how to check at least this file with splint would also be helpful to me. Thanks for the great tool. I hope the patch (which was created from the 3.1.2 source tarball) is useful. Ed --- src/exprNode.c.orig 2007-12-31 09:02:46.000000000 -0500 +++ src/exprNode.c 2007-12-31 09:14:48.000000000 -0500 @@ -865,10 +865,52 @@ size_t len = size_fromInt (size_toInt (cstring_length (t)) - 2); char *ts = cstring_toCharsSafe (t); char *s = cstring_toCharsSafe (cstring_create (len + 1)); + char *ss = s; + bool escape = FALSE; + bool betweenStrings = FALSE; + int i; llassert (*ts == '\"' && *(ts + len + 1) == '\"'); - strncpy (s, ts+1, len); - *(s + len) = '\0'; + /* from ISO/IEC 9899 5.1.1.2 Translation phases, phase 6, + "Adjacent string literal tokens are concatenated." + + This code does the concatenation as part of the copying + */ + ts++; + for (i=0; i < len; i++) + { + switch (*ts) + { + case '\\': + *ss++ = *ts++; + escape = TRUE; + /*@switchbreak@*/ break; + case '\"': + betweenStrings = !escape; + if (!betweenStrings) + { + *ss++ = *ts; + } + ts++; + escape = FALSE; + /*@switchbreak@*/ break; + case ' ': + case '\n': + case '\t': + if (!betweenStrings) + { + *ss++ = *ts; + } + ts++; + escape = FALSE; + /*@switchbreak@*/ break; + default: + *ss++ = *ts++; + escape = FALSE; + /*@switchbreak@*/ break; + } + } + *ss = '\0'; cstring_free (t); return exprNode_rawStringLiteral (cstring_fromCharsO (s), loc); } From aaron.davies at gmail.com Mon Dec 31 12:57:19 2007 From: aaron.davies at gmail.com (Aaron Davies) Date: Mon, 31 Dec 2007 15:57:19 -0500 Subject: [splint-discuss] recognize typedef'd void? Message-ID: is it just me, or should this produce no warnings? typedef void V; static V foo(){return;} int main(/*@unused@*/int argc,/*@unused@*/char**argv){foo();return 0;} -- Aaron Davies aaron.davies at gmail.com From Michael.Wojcik at MicroFocus.com Mon Dec 31 14:41:55 2007 From: Michael.Wojcik at MicroFocus.com (Michael Wojcik) Date: Mon, 31 Dec 2007 14:41:55 -0800 Subject: [splint-discuss] recognize typedef'd void? In-Reply-To: References: Message-ID: <11352F9641010A418AD5057945A3A6598B498F@MTV-EXCHANGE.microfocus.com> > From: splint-discuss-bounces at cs.virginia.edu > [mailto:splint-discuss-bounces at cs.virginia.edu] On Behalf Of > Aaron Davies > Sent: Monday, 31 December, 2007 15:57 > > is it just me, or should this produce no warnings? > > typedef void V; > static V foo(){return;} > int main(/*@unused@*/int argc,/*@unused@*/char**argv){foo();return 0;} Yes, that looks like a Splint bug; it should recognize that V is a typedef for void, and so not warn about a missing return value for foo(). Probably not a difficult fix, but I don't have the Splint source handy to check. Actually, I'm a bit surprised Splint doesn't warn about the lack of a prototype for foo() here, but that's another matter. -- Michael Wojcik Principal Software Systems Developer, Micro Focus