From vijayendra.suman at gmail.com Thu Mar 6 03:50:30 2008 From: vijayendra.suman at gmail.com (Vijayendra Suman) Date: Thu, 6 Mar 2008 17:20:30 +0530 Subject: [splint-discuss] Running Splint for Linux drivers Message-ID: <581ef6d60803060350h6afc4821rb83faf4e710165f@mail.gmail.com> Hi, I am new to splint tool, We tried to run splint on Linux drivers. Thanks in advance for your appreciated help ! Is there any way to exclude the Linux kernel headers path when we try to run splint over our driver code, I mean to say if we have any option to exclude the linux kernel header files from getting parsed by the splint tool. I just wanted to check driver files with the splint tool. Here is the errors i got when I tried to run splint on my drivers. This is the Makefile for splint: CFLAGS += $(DEBFLAGS) CFLAGS += -I.. CFLAGS += -I$(DEBUG_DIR_PATH) CFLAGS += -I$(DRIVER_DIR_PATH) CFLAGS += -I$(HW_DIR_PATH) CFLAGS += -I$(APPS_DIR_PATH) CFLAGS += -I$(OSDEP_PATH) CFLAGS += -D$(RELEASE_TYPE) SPLINTFLAGS += -I$(CFLAGS) SPLINTFLAGS += -I/lib/modules/`uname -r`/build/include splint: @$(ECHO) "Going for Splint Checking" @splint -weak \ -gnuextensions \ -macrovarprefixexclude \ -namechecks \ -skip-ansi-headers \ -preproc \ -expect 100 \ -systemdirerrors \ -hints \ +trytorecover \ +posixlib \ $(SPLINTFLAGS) $(SRC_DIR_PATH)/slim_bus_hw.c This is the O/P I got after running running this [root at localhost build]# make splint Going for Splint Checking Splint 3.0.1.7 --- 24 Jan 2003 Command Line: Setting -sysdirerrors redundant with current value /lib/modules/2.6.20/build/include/asm/types.h:13:24: Parse Error: Suspect missing struct or union keyword: __signed__ : unsigned short int. Attempting to continue. /lib/modules/2.6.20/build/include/asm/types.h:19:23: Parse Error: Suspect missing struct or union keyword: __signed__ : unsigned short int. Attempting to continue. /lib/modules/2.6.20/build/include/asm/types.h:19:23: Parse Error. Too many errors, giving up. *** Cannot continue. make: *** [splint] Error 1 I have used Red Hat Linux 2.6.20 kernel for the include file -- Regards Vijayendra Suman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20080306/2fdb99f3/attachment-0001.html From brian.quinlan at iolfree.ie Thu Mar 6 16:23:58 2008 From: brian.quinlan at iolfree.ie (Brian Quinlan) Date: Fri, 07 Mar 2008 00:23:58 +0000 Subject: [splint-discuss] Running Splint for Linux drivers In-Reply-To: <581ef6d60803060350h6afc4821rb83faf4e710165f@mail.gmail.com> References: <581ef6d60803060350h6afc4821rb83faf4e710165f@mail.gmail.com> Message-ID: <1204849438.8484.19.camel@akebono> On Thu, 2008-03-06 at 17:20 +0530, Vijayendra Suman wrote: > Hi, > > I am new to splint tool, We tried to run splint on Linux drivers. > Thanks in advance for your appreciated help ! > > Is there any way to exclude the Linux kernel headers path when we try > to run splint over our driver code, I mean to say if we have any > option to exclude the linux kernel header files from getting parsed by > the splint tool. I just wanted to check driver files with the splint > tool. Here is the errors i got when I tried to run splint on my > drivers. > > This is the Makefile for splint: > > CFLAGS += $(DEBFLAGS) > CFLAGS += -I.. > CFLAGS += -I$(DEBUG_DIR_PATH) > CFLAGS += -I$(DRIVER_DIR_PATH) > CFLAGS += -I$(HW_DIR_PATH) > CFLAGS += -I$(APPS_DIR_PATH) > CFLAGS += -I$(OSDEP_PATH) > CFLAGS += -D$(RELEASE_TYPE) > > SPLINTFLAGS += -I$(CFLAGS) > SPLINTFLAGS += -I/lib/modules/`uname -r`/build/include > > splint: > @$(ECHO) "Going for Splint Checking" > @splint -weak \ > -gnuextensions \ > -macrovarprefixexclude \ > -namechecks \ > -skip-ansi-headers \ > -preproc \ > -expect 100 \ > -systemdirerrors \ > -hints \ > +trytorecover \ > +posixlib \ > $(SPLINTFLAGS) $(SRC_DIR_PATH)/slim_bus_hw.c > > This is the O/P I got after running running this > > [root at localhost build]# make splint > Going for Splint Checking > Splint 3.0.1.7 --- 24 Jan 2003 > > Command Line: Setting -sysdirerrors redundant with current value > /lib/modules/2.6.20/build/include/asm/types.h:13:24: Parse Error: > Suspect missing struct or union keyword: __signed__ : > unsigned short int. Attempting to continue. > /lib/modules/2.6.20/build/include/asm/types.h:19:23: Parse Error: > Suspect missing struct or union keyword: __signed__ : > unsigned short int. Attempting to continue. > /lib/modules/2.6.20/build/include/asm/types.h:19:23: > Parse Error. Too many errors, giving up. > *** Cannot continue. > make: *** [splint] Error 1 > > I have used Red Hat Linux 2.6.20 kernel for the include file > > -- > Regards > Vijayendra Suman > _______________________________________________ > splint-discuss mailing list > splint-discuss at mail.cs.virginia.edu > http://www.cs.virginia.edu/mailman/listinfo/splint-discuss Hi, The fundamental problem is that the Linux kernel headers use gcc- specific features that splint can't parse, so you end up having use the preprocessor to trick splint into seeing something that it can parse. A few years back I posted this to the list: http://www.splint.org/pipermail/splint-discuss/2005-January/000531.html It explains how to do what you're asking, but for a 2.4.23 kernel. It's certainly worth trying similar things for 2.6.20, but it won't all necessarily be plain sailing: - It's quite likely that changes between 2.4.23 & 2.6.20 will break some things that my original post didn't address, but the post should give you some ideas for the kinds of things to try. - It's also possible that there are some new problems that my approach can't help with. If you succeed, please post an update. Finally, Google is your friend - the link is the first result in a search for "Splint for Linux drivers". Bye, Brian From brian.quinlan at iolfree.ie Thu Mar 6 17:02:00 2008 From: brian.quinlan at iolfree.ie (Brian Quinlan) Date: Fri, 07 Mar 2008 01:02:00 +0000 Subject: [splint-discuss] Running Splint for Linux drivers In-Reply-To: <1204849438.8484.19.camel@akebono> References: <581ef6d60803060350h6afc4821rb83faf4e710165f@mail.gmail.com> <1204849438.8484.19.camel@akebono> Message-ID: <1204851720.8484.21.camel@akebono> > > [root at localhost build]# make splint > > Going for Splint Checking > > Splint 3.0.1.7 --- 24 Jan 2003 > > One other thing that I forgot: you're using a very old version of splint. You should probably update it. BQ From vijayendra.suman at gmail.com Fri Mar 7 06:15:57 2008 From: vijayendra.suman at gmail.com (Vijayendra Suman) Date: Fri, 7 Mar 2008 19:45:57 +0530 Subject: [splint-discuss] Running Splint for Linux drivers In-Reply-To: <1204851720.8484.21.camel@akebono> References: <581ef6d60803060350h6afc4821rb83faf4e710165f@mail.gmail.com> <1204849438.8484.19.camel@akebono> <1204851720.8484.21.camel@akebono> Message-ID: <581ef6d60803070615w752aa9ceqfa9b14e2dbf0da80@mail.gmail.com> On Fri, Mar 7, 2008 at 6:32 AM, Brian Quinlan wrote: > > > [root at localhost build]# make splint > > > Going for Splint Checking > > > Splint 3.0.1.7 --- 24 Jan 2003 > > > > One other thing that I forgot: you're using a very old version of > splint. You should probably update it. > > BQ > > _______________________________________________ > splint-discuss mailing list > splint-discuss at mail.cs.virginia.edu > http://www.cs.virginia.edu/mailman/listinfo/splint-discuss > Hi, Thanks for the immediate reply, We solved the issue with the same way you suggested in , http://www.splint.org/pipermail/splint-discuss/2005-January/000531.html But we have made this driver with OS dependent file it has all os dependent functions, we included the path for this too, but still getting some annoyed errors for the same project, hope there is some options for this, Here is the options i used, Makefile -> splint: @$(ECHO) "Going for Splint Checking" @splint \ -systemdirs /lib/modules/`uname -r`/build/include:$(HOME_PATH) /hw:$(HOME_PATH)/osdep:$(HOME_PATH)/debug \ -namechecks \ -skip-ansi-headers \ -preproc \ -macrovarprefixexclude \ -gnuextensions \ -expect 100 \ -hints \ +trytorecover \ +posixlib \ +skip-sys-headers \ -systemdirerrors \ -I$(OS_DIR_PATH) \ $(HW_DIR_PATH)/slim_bus_hw.c Errors -> [root at localhost build]# make splint Going for Splint Checking Splint 3.0.1.7 --- 24 Jan 2003 Command Line: Setting -sysdirerrors redundant with current value ../hw/slim_bus_hw.c:29:17: Cannot recover from parse error. *** Cannot continue. make: *** [splint] Error 1 The Code where it checks for this is UINT debug_level = 5; UINT is defined in $(OS_DIR_PATH), I am not sure if i am clear about the problem, I shall give the update if i find one, if someone has resolved such an issue with their software please give an update for the same. Thanks -- Regards Vijayendra Suman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20080307/28961ce8/attachment.html From ujjalsaha at indiatimes.com Tue Mar 25 22:29:07 2008 From: ujjalsaha at indiatimes.com (ujjal saha) Date: Wed, 26 Mar 2008 11:59:07 +0530 (IST) Subject: [splint-discuss] How to run splint for an entire project containing many directory and subdirectories Message-ID: <1597854864.128341206512947711.JavaMail.root@mbr7.indiatimes.com> Hello, How to run splint for a project containing directories and subdirectories Each directory contains related header and C source files. Is there any way i.e. using flags, Can I run splint for the above mentioned problem? If yes, how? If not ? What might be the possible solution..? Regards, Pan From srinivas.vutukuri at gmail.com Tue Mar 25 23:19:45 2008 From: srinivas.vutukuri at gmail.com (srinivas naga vutukuri) Date: Wed, 26 Mar 2008 12:49:45 +0530 Subject: [splint-discuss] How to run splint for an entire project containing many directory and subdirectories In-Reply-To: <1597854864.128341206512947711.JavaMail.root@mbr7.indiatimes.com> References: <1597854864.128341206512947711.JavaMail.root@mbr7.indiatimes.com> Message-ID: Just defining a lint rule in your makefile would allow to achieve that, i think like this, lint:$(C_FILES) $(LINT) $(LINTFLAGS) $(C_FILES) $(LINTLIBS) $(INCLUDES) total C_FILES will get like this, specifiy FOLDERS of your project, C_FILES = $(foreach dir,$(FOLDERS),$(wildcard $(dir)/src/*.c)) LINT will be your lint application, and similarly LINTLIBS, INCLUDES, -srinivas. On Wed, Mar 26, 2008 at 11:59 AM, ujjal saha wrote: > > > > Hello, > > How to run splint for a project containing directories and subdirectories > Each directory contains related header and C source files. > > Is there any way i.e. using flags, Can I run splint for the above mentioned problem? > > If yes, how? > If not ? What might be the possible solution..? > > > Regards, > Pan > _______________________________________________ > splint-discuss mailing list > splint-discuss at mail.cs.virginia.edu > http://www.cs.virginia.edu/mailman/listinfo/splint-discuss > From deepak.bhatia at nechclst.in Wed Mar 26 03:39:38 2008 From: deepak.bhatia at nechclst.in (Deepak Bhatia) Date: Wed, 26 Mar 2008 17:09:38 +0530 Subject: [splint-discuss] Query Message-ID: <0A8CFEC45B7F4C419F7543867C4744230151944A@mailserver.nechclst.in> Dear All, In the splint manual on page 83 (PDF), we have transfer errors. We are are not able to understand the - only-trans : Only storage transferred to non-only reference. cmt_group_file = (char *) calloc (1,len+1); The splint warning for above code is file.c:837:29: Only storage assigned to unqualified static: cmt_group_file = (char *)calloc(1, len + 1) The only reference to this storage is transferred to another reference (e.g., by returning it) that does not have the only annotation. This may lead to a memory leak, since the new reference is not necessarily released. (Use -onlytrans to inhibit warning) Kindly help us in understanding the meaning of -only-trans. Regards Deepak Bhatia -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20080326/d3f5c5d3/attachment.html From brian.quinlan at iolfree.ie Wed Mar 26 13:08:56 2008 From: brian.quinlan at iolfree.ie (Brian Quinlan) Date: Wed, 26 Mar 2008 21:08:56 +0000 Subject: [splint-discuss] Query In-Reply-To: <0A8CFEC45B7F4C419F7543867C4744230151944A@mailserver.nechclst.in> References: <0A8CFEC45B7F4C419F7543867C4744230151944A@mailserver.nechclst.in> Message-ID: <1206565736.10745.46.camel@russell.home> On Wed, 2008-03-26 at 17:09 +0530, Deepak Bhatia wrote: > Dear All, > > In the splint manual on page 83 (PDF), we have transfer errors. > > We are are not able to understand the > > - only-trans : Only storage transferred to non-only reference. > > > cmt_group_file = (char *) calloc (1,len+1); > > The splint warning for above code is > > file.c:837:29: Only storage assigned to unqualified static: > cmt_group_file = (char *)calloc(1, len + 1) > The only reference to this storage is transferred to another > reference (e.g., > by returning it) that does not have the only annotation. This may > lead to a > memory leak, since the new reference is not necessarily released. > (Use > -onlytrans to inhibit warning) > > Kindly help us in understanding the meaning of -only-trans. > Hello to the splint powers-that-be, The email archive seems to have disappeared. http://www.splint.org/pipermail/splint-discuss/ currently returns a 404 error for me. Anyway, onward with the response... Hi Deepak, Splint defaults the pointer returned from calloc to only (/usr/share/splint/lib/stdlib.h on my distro). "Only" means that a pointer has the only reference to a block of memory. Your error message indicates that cmt_group_file is "unqualified". I forget what it defaults to, but the important thing is that it doesn't default to only, so splint sees an error. This is an error for the following reason (at least; there are probably others): When the (non-only) pointer goes out of scope or is overwritten with another value, splint won't force you to free or transfer ownership of the memory, so there's potential for a leak. You can annotate the code that calls calloc with -only-trans to suppress the warning, or you can annotate cmt_group_file as "only" storage. Note that in the past splint has given me a hard time about static pointers (legitimately, because my code was probably better off without them). As cmt_group_file is a static, you may have problems defining it to be "only" storage. I expect that splint won't allow it (especially if it's a global static), but even if it does, is it meaningful to describe it as only storage if the memory can be freed from any one of ten different places in the code? Bye, Brian > Regards > > Deepak Bhatia > > _______________________________________________ > splint-discuss mailing list > splint-discuss at mail.cs.virginia.edu > http://www.cs.virginia.edu/mailman/listinfo/splint-discuss From evans at cs.virginia.edu Wed Mar 26 14:14:13 2008 From: evans at cs.virginia.edu (David Evans) Date: Wed, 26 Mar 2008 18:14:13 -0400 Subject: [splint-discuss] Query Message-ID: <47EACAB5.8030200@cs.virginia.edu> Brian Quinlan wrote: >> ... > Hello to the splint powers-that-be, > The email archive seems to have disappeared. > > http://www.splint.org/pipermail/splint-discuss/ > > currently returns a 404 error for me. > I'm not sure why that link is broken and will look into it, but for now you can access the mailing list archives here: http://www.cs.virginia.edu/pipermail/splint-discuss/ --- Dave From vishal.bayskar at nechclst.in Wed Mar 26 21:55:24 2008 From: vishal.bayskar at nechclst.in (Vishal Bayskar) Date: Thu, 27 Mar 2008 11:25:24 +0530 Subject: [splint-discuss] bzero() is not recongnized Message-ID: <0A8CFEC45B7F4C419F7543867C47442301519580@mailserver.nechclst.in> Dear All, There is a problem in using bzero() when I run splint command it is not recognizing the bzero And following warning is generated by splint tool dodomo.c:1312:5 Unrecognized identifier: bzero Identifier used in code has not been declared. (Use -unrecog to inhibit warning) But there is no warning is being shown when I use memset() function And string.h header file is also included in the code as bzero() is present in the string.h Please help me in resolving the problem. Thanks in Advance Regards Vishal Bayskar -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20080327/2f50b1e5/attachment.html From Michael.Wojcik at microfocus.com Thu Mar 27 05:44:59 2008 From: Michael.Wojcik at microfocus.com (Michael Wojcik) Date: Thu, 27 Mar 2008 06:44:59 -0700 Subject: [splint-discuss] bzero() is not recongnized In-Reply-To: <0A8CFEC45B7F4C419F7543867C47442301519580@mailserver.nechclst.in> References: <0A8CFEC45B7F4C419F7543867C47442301519580@mailserver.nechclst.in> Message-ID: <11352F9641010A418AD5057945A3A6590118B392@MTV-EXCHANGE.microfocus.com> > From: splint-discuss-bounces at cs.virginia.edu [mailto:splint-discuss-bounces at cs.virginia.edu] On Behalf Of Vishal Bayskar > Sent: Thursday, 27 March, 2008 01:55 > There is a problem in using bzero() when I run splint command it is not recognizing the bzero > But there is no warning is being shown when I use memset() function > And string.h header file is also included in the code as bzero() is present in the string.h No, it's not present in string.h, as far as Splint is concerned. string.h is a standard header (it's part of the library defined by the C standard, ISO 9899). As such, it's provided by the implementation. Splint is a C implementation, and it supplies its own standard headers - it doesn't use some random file on your system just because it happens to be named "string.h". Splint's string.h conforms to the standard. The standard does not define a function (or other identifier) named "bzero". You probably have some other C implementation (or something C-like, such as GCC run in non-compliant mode) on your system, and it probably provided a string.h that includes, in addition to the standard library functions, a declaration for "bzero". Some implementations do this, for historical reasons. Splint does not. The best options for correcting this: - Replace the use of bzero with memset in your code. bzero is nonstandard. - Add the following declaration to all of your source files that contain references to bzero: extern void bzero(char *s, int n); (That assumes your implementation's bzero matches that declaration. There's no guarantee of that, since bzero is not standard.) It's best to put that declaration in a header, if bzero is used in more than one source file. -- Michael Wojcik Principal Software Systems Developer, Micro Focus From ok at cs.otago.ac.nz Thu Mar 27 16:25:04 2008 From: ok at cs.otago.ac.nz (Richard A. O'Keefe) Date: Fri, 28 Mar 2008 13:25:04 +1300 Subject: [splint-discuss] bzero() is not recongnized In-Reply-To: <0A8CFEC45B7F4C419F7543867C47442301519580@mailserver.nechclst.in> References: <0A8CFEC45B7F4C419F7543867C47442301519580@mailserver.nechclst.in> Message-ID: <354EFF0D-0190-4837-9D6D-89E29D014B09@cs.otago.ac.nz> On 27 Mar 2008, at 6:55 pm, Vishal Bayskar wrote: > Dear All, > > There is a problem in using bzero() when I run splint > command it is not recognizing the bzero > And following warning is generated by splint tool > > dodomo.c:1312:5 Unrecognized identifier: bzero > Identifier used in code has not been declared. (Use -unrecog to > inhibit > warning) > > > But there is no warning is being shown when I use memset() function > > And string.h header file is also included in the code as bzero() is > present in the string.h > memset() is a standard C function. bzero() is not. splint is using its own headers to ensure standards conformance. Why isn't bzero standard? Because it *isn't* universally available. #undef bzero #define bzero(dst, len) (void)memset(dst, 0, len) and the problem will go away. > > Please help me in resolving the problem. > > Thanks in Advance > > > Regards > > Vishal Bayskar > > > _______________________________________________ > splint-discuss mailing list > splint-discuss at mail.cs.virginia.edu > http://www.cs.virginia.edu/mailman/listinfo/splint-discuss -- Te Reo Engarihi is a taonga of Te Iwi Pakeha, ergo we should keep it pure, sans m?lange, ruat caelum. From vishal.bayskar at nechclst.in Thu Mar 27 20:34:46 2008 From: vishal.bayskar at nechclst.in (Vishal Bayskar) Date: Fri, 28 Mar 2008 10:04:46 +0530 Subject: [splint-discuss] Problem in using WIFSIGNALED(status) Message-ID: <0A8CFEC45B7F4C419F7543867C4744230151980A@mailserver.nechclst.in> Dear All, There is a problem when I use WIFSIGNALED(status) I have used the following code int ret = system (cmd) if (WIFSIGNALED (ret) && (WTERMSIG (ret) == SIGINT || WTERMSIG (ret) == SIGQUIT)) { Here cmd is some shell command string And the following warnings are being shown by splint bt_agent.c:1877:11: Left operand of >> may be negative (char): (char)((((*(int *)&(ret))) & 0x7f) + 1) >> 1 The left operand to a shift operator may be negative (behavior is implementation-defined). (Use -shiftimplementation to inhibit warning) lbt_agent.c:1877:10: Operands of > have incompatible types (char, int): ((char)((((*(int *)&(ret))) & 0x7f) + 1) >> 1) > 0 Types are incompatible. (Use -type to inhibit warning) The definition of macro WIFSIGNALED is given in the /usr/include/sys/wait.h As # define WIFSIGNALED(status) __WIFSIGNALED(__WAIT_INT(status)) And the definition of macro __WIFSIGNALED is given in /usr/include/bits/waitstatus.h As #define __WIFSIGNALED(status) \ (((signed char) (((status) & 0x7f) + 1) >> 1) > 0) I think this is a problem with the standard __WIFSIGNALED macro Is this a bug of defining __WIFSIGNALED? Please help me in resolving the problem, how could I overcome of this warning, without using -type flag with splint command Thanks in Advance Regards Vishal Bayskar -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20080328/29d144aa/attachment-0001.html From vishal.bayskar at nechclst.in Thu Mar 27 23:18:44 2008 From: vishal.bayskar at nechclst.in (Vishal Bayskar) Date: Fri, 28 Mar 2008 12:48:44 +0530 Subject: [splint-discuss] Dependency on run time function Message-ID: <0A8CFEC45B7F4C419F7543867C474423015198E4@mailserver.nechclst.in> Dear All, How does splint react for function that depend upon runtime Like read(), gettimeofday(), calloc(). Thanks in Advance Regards Vishal Gautam -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20080328/4ff59feb/attachment.html From lholzheid at bihl-wiedemann.de Fri Mar 28 10:53:31 2008 From: lholzheid at bihl-wiedemann.de (Ludolf Holzheid) Date: Fri, 28 Mar 2008 19:53:31 +0100 Subject: [splint-discuss] Problem in using WIFSIGNALED(status) In-Reply-To: <0A8CFEC45B7F4C419F7543867C4744230151980A@mailserver.nechclst.in> References: <0A8CFEC45B7F4C419F7543867C4744230151980A@mailserver.nechclst.in> Message-ID: <20080328185331.GA19223@svr5.bihl-wiedemann.de> On Fri, 2008-03-28 10:04:46 +0530, Vishal Bayskar wrote: > [..] > > And the following warnings are being shown by splint > > bt_agent.c:1877:11: Left operand of >> may be negative (char): > (char)((((*(int *)&(ret))) & 0x7f) +1) >> 1 > The left operand to a shift operator may be negative (behavior is > implementation-defined). (Use -shiftimplementation to inhibit warning) > lbt_agent.c:1877:10: Operands of > have incompatible types (char, int): > ((char)((((*(int *)&(ret))) & 0x7f) +1) >> 1) > 0 > Types are incompatible. (Use -type to inhibit warning) > > [..] > > Is this a bug of defining __WIFSIGNALED? Vishal, The definition of WIFSIGNALED is not buggy as it is part of a system header, and the system designers know what the (system) compiler does in areas marked as 'implementation-defined' by the C standard. You should exclude the system headers from checking by splint (see the -skip-posix-headers flag). You might also use the POSIX standard library in order to have a declaration for WIFSIGNALED (see the -posix-lib flag). HTH, Ludolf -- --------------------------------------------------------------- Ludolf Holzheid Tel: +49 621 339960 Bihl+Wiedemann GmbH Fax: +49 621 3392239 Flo?w?rthstra?e 41 e-mail: lholzheid at bihl-wiedemann.de D-68199 Mannheim, Germany --------------------------------------------------------------- From lholzheid at bihl-wiedemann.de Fri Mar 28 11:14:46 2008 From: lholzheid at bihl-wiedemann.de (Ludolf Holzheid) Date: Fri, 28 Mar 2008 20:14:46 +0100 Subject: [splint-discuss] Dependency on run time function In-Reply-To: <0A8CFEC45B7F4C419F7543867C474423015198E4@mailserver.nechclst.in> References: <0A8CFEC45B7F4C419F7543867C474423015198E4@mailserver.nechclst.in> Message-ID: <20080328191446.GB19223@svr5.bihl-wiedemann.de> On Fri, 2008-03-28 12:48:44 +0530, Vishal Bayskar wrote: > Dear All, > > How does splint react for function that depend upon runtime > > Like read(), gettimeofday(), calloc(). Vishal, Proper functions depend on run time, of course. You wouldn't want to invoke a program always producing the same results. ;-) Joking aside, what do you think is special with these functions (and what do you expect splint to do with them)? Ludolf -- --------------------------------------------------------------- Ludolf Holzheid Tel: +49 621 339960 Bihl+Wiedemann GmbH Fax: +49 621 3392239 Flo?w?rthstra?e 41 e-mail: lholzheid at bihl-wiedemann.de D-68199 Mannheim, Germany --------------------------------------------------------------- From vishal.bayskar at nechclst.in Sat Mar 29 22:54:10 2008 From: vishal.bayskar at nechclst.in (Vishal Bayskar) Date: Sun, 30 Mar 2008 12:24:10 +0530 Subject: [splint-discuss] Dependency on run time function Message-ID: <0A8CFEC45B7F4C419F7543867C47442301519AA6@mailserver.nechclst.in> Dear All, In my program a variable is initializing by read command As len = read (sockfd, &hdr, sizeof (HEADER)); Here hdr is a structure sockfd is a socket descriptor And after this line of code I am using a member of hdr As hdr.member == 2 And Splint is showing warning Field hdr.member used before definition An rvalue is used that may not be initialized to a value on some execution path. (Use -usedef to inhibit warning) I think as hdr initializing at runtime that's why splint is not recognizing that hdr is initialized and giving the warning Same in case of gettimeofday() In program is has been used like int var = gettimeofday(&time, &timez); here gettimeofday() function initializing the time variable. time variable is of type timeval structure and after this line of code time variable is used as time_after = time.tv_sec; in this case also splint is behaving same as in case of read() splint showing the following warning Variable time used before definition An rvalue is used that may not be initialized to a value on some execution path. (Use -usedef to inhibit warning) How does it behave for functions that really depend upon runtime? Does it initialize the variables or not? Does this function replace with macro/something? Thanks and Regards Vishal Bayskar Ext. no. 927 -----Original Message----- From: Ludolf Holzheid [mailto:lholzheid at bihl-wiedemann.de] Sent: Saturday, March 29, 2008 12:45 AM To: splint-discuss at mail.cs.virginia.edu Cc: Vishal Bayskar Subject: Re: [splint-discuss] Dependency on run time function On Fri, 2008-03-28 12:48:44 +0530, Vishal Bayskar wrote: > Dear All, > > How does splint react for function that depend upon runtime > > Like read(), gettimeofday(), calloc(). Vishal, Proper functions depend on run time, of course. You wouldn't want to invoke a program always producing the same results. ;-) Joking aside, what do you think is special with these functions (and what do you expect splint to do with them)? Ludolf -- --------------------------------------------------------------- Ludolf Holzheid Tel: +49 621 339960 Bihl+Wiedemann GmbH Fax: +49 621 3392239 Flo?w?rthstra?e 41 e-mail: lholzheid at bihl-wiedemann.de D-68199 Mannheim, Germany --------------------------------------------------------------- From vishal.bayskar at nechclst.in Sun Mar 30 00:37:14 2008 From: vishal.bayskar at nechclst.in (Vishal Bayskar) Date: Sun, 30 Mar 2008 14:07:14 +0530 Subject: [splint-discuss] warning related to -onlytrans flag Message-ID: <0A8CFEC45B7F4C419F7543867C47442301519AAC@mailserver.nechclst.in> Dear All, I am puzzled why splint is giving warning Following line of code is used in program temp_file = (char *)calloc(10, sizeof(char)) Here temp_file is static char *temp_file; And after this line, check is used like if (temp_file==NULL) { return 1; } In program memory allocation (calloc) to temp_file is used only one time But splint is showing the following warning Only storage assigned to unqualified static: temp_file = (char *)calloc(10, sizeof(char)) The only reference to this storage is transferred to another reference (e.g., by returning it) that does not have the only annotation. This may lead to a memory leak, since the new reference is not necessarily released. (Use -onlytrans to inhibit warning) Pleas help me understanding why this warning is coming how to solve this without using flag onlytrans Thanks and Regards Vishal Bayskar From lholzheid at bihl-wiedemann.de Sun Mar 30 03:14:08 2008 From: lholzheid at bihl-wiedemann.de (Ludolf Holzheid) Date: Sun, 30 Mar 2008 13:14:08 +0200 Subject: [splint-discuss] Dependency on run time function In-Reply-To: <0A8CFEC45B7F4C419F7543867C47442301519AA6@mailserver.nechclst.in> References: <0A8CFEC45B7F4C419F7543867C47442301519AA6@mailserver.nechclst.in> Message-ID: <20080330111408.GA16776@svr5.bihl-wiedemann.de> On Sun, 2008-03-30 12:24:10 +0530, Vishal Bayskar wrote: > Dear All, > > In my program a variable is initializing by read command > > As > > len = read (sockfd, &hdr, sizeof (HEADER)); > > Here hdr is a structure > sockfd is a socket descriptor > > And after this line of code I am using a member of hdr > > As > hdr.member == 2 > > And Splint is showing warning > > Field hdr.member used before definition > An rvalue is used that may not be initialized to a value on some execution > path. (Use -usedef to inhibit warning) > > > I think as hdr initializing at runtime that's why splint is not recognizing that hdr is initialized and giving the warning No. Splint is a static code checker and does not run the code. For some reasons, splint thinks hdr is possibly not initialized, maybe due to the wrong library has been selected (e.g. standard instead of POSIX) and thus splint does not know the second argument to read() is an /*@out*/ parameter. > [..] > Same in case of gettimeofday() gettimeofday() is not even POSIX. You'll have to specify the UNIX library to get this function declared for splint. > [..] > How does it behave for functions that really depend upon runtime? Again, splint does not run the code. For the functions declared in its libraries, it knows which calling parameter is /*@in@*/ and which is /*@out@*/ (besides other annotations). Other functions have to be annotated in the sources to be checked. HTH, Ludolf -- --------------------------------------------------------------- Ludolf Holzheid Tel: +49 621 339960 Bihl+Wiedemann GmbH Fax: +49 621 3392239 Flo?w?rthstra?e 41 e-mail: lholzheid at bihl-wiedemann.de D-68199 Mannheim, Germany --------------------------------------------------------------- From lholzheid at bihl-wiedemann.de Sun Mar 30 03:29:11 2008 From: lholzheid at bihl-wiedemann.de (Ludolf Holzheid) Date: Sun, 30 Mar 2008 13:29:11 +0200 Subject: [splint-discuss] warning related to -onlytrans flag In-Reply-To: <0A8CFEC45B7F4C419F7543867C47442301519AAC@mailserver.nechclst.in> References: <0A8CFEC45B7F4C419F7543867C47442301519AAC@mailserver.nechclst.in> Message-ID: <20080330112911.GB16776@svr5.bihl-wiedemann.de> On Sun, 2008-03-30 14:07:14 +0530, Vishal Bayskar wrote: > Dear All, > > I am puzzled why splint is giving warning > > > > Following line of code is used in program > > temp_file = (char *)calloc(10, sizeof(char)) > > Here temp_file is static char *temp_file; > > > And after this line, check is used like > > if (temp_file==NULL) > { > return 1; > } > > > In program memory allocation (calloc) to temp_file is used only one time > > > But splint is showing the following warning > > Only storage assigned to unqualified static: > temp_file = (char *)calloc(10, sizeof(char)) > > The only reference to this storage is transferred to another reference > (e.g., > by returning it) that does not have the only annotation. This may lead > to a > memory leak, since the new reference is not necessarily released. (Use > -onlytrans to inhibit warning) > > Pleas help me understanding why this warning is coming how to solve this > without using flag onlytrans Vishal, the concept /*@only@*/ annotation is explained in section 5.2.1 of the manual. In your case, you could declare the temp_file pointer as /*@only@*/: static char /*@only@*/ *temp_file = NULL; Ludolf -- --------------------------------------------------------------- Ludolf Holzheid Tel: +49 621 339960 Bihl+Wiedemann GmbH Fax: +49 621 3392239 Flo?w?rthstra?e 41 e-mail: lholzheid at bihl-wiedemann.de D-68199 Mannheim, Germany --------------------------------------------------------------- From lholzheid at bihl-wiedemann.de Sun Mar 30 11:47:34 2008 From: lholzheid at bihl-wiedemann.de (Ludolf Holzheid) Date: Sun, 30 Mar 2008 21:47:34 +0200 Subject: [splint-discuss] Dependency on run time function In-Reply-To: <18738acb0803301200u55778af2of489b5c2092973de@mail.gmail.com> References: <0A8CFEC45B7F4C419F7543867C47442301519AA6@mailserver.nechclst.in> <20080330111408.GA16776@svr5.bihl-wiedemann.de> <18738acb0803301200u55778af2of489b5c2092973de@mail.gmail.com> Message-ID: <20080330194733.GA15994@svr5.bihl-wiedemann.de> On Sun, 2008-03-30 12:00:27 -0700, James Dennett wrote: > On Sun, Mar 30, 2008 at 4:14 AM, Ludolf Holzheid > wrote: > > [..] > > gettimeofday() is not even POSIX. > > I think gettimeofday *is* POSIX. Searching finds many quotes saying that > "POSIX 1003.1-2001 describes gettimeofday() but not settimeofday()". > > I don't know about earlier POSIX specifications. This may be true, but at least for splint 3.1.1, you have to select the UNIX library to get the annotated prototype for gettimeofday(). Ludolf -- --------------------------------------------------------------- Ludolf Holzheid Tel: +49 621 339960 Bihl+Wiedemann GmbH Fax: +49 621 3392239 Flo?w?rthstra?e 41 e-mail: lholzheid at bihl-wiedemann.de D-68199 Mannheim, Germany --------------------------------------------------------------- From ok at cs.otago.ac.nz Sun Mar 30 17:57:52 2008 From: ok at cs.otago.ac.nz (Richard A. O'Keefe) Date: Mon, 31 Mar 2008 14:57:52 +1300 Subject: [splint-discuss] Problem in using WIFSIGNALED(status) In-Reply-To: <0A8CFEC45B7F4C419F7543867C4744230151980A@mailserver.nechclst.in> References: <0A8CFEC45B7F4C419F7543867C4744230151980A@mailserver.nechclst.in> Message-ID: <3F0E0190-F5F5-4956-80F5-EB183662C358@cs.otago.ac.nz> On 28 Mar 2008, at 5:34 pm, Vishal Bayskar wrote: > The definition of macro WIFSIGNALED is given in the /usr/include/sys/ > wait.h > As > # define WIFSIGNALED(status) __WIFSIGNALED(__WAIT_INT(status)) > > > And the definition of macro __WIFSIGNALED is given in /usr/include/ > bits/waitstatus.h > As > #define __WIFSIGNALED(status) \ > (((signed char) (((status) & 0x7f) + 1) >> 1) > 0) Let's analyse this. (status) & 0x7f can be 0..127 ((status) & 0x7f) + 1 can be 1..128 (signed char)(((status) & 0x7f) + 1) can be 1..127 or -128 (signed char)(((status) & 0x7f) + 1) >> 1 can be 0..63 or (-1 or 64) where -1 is chosen if (signed char)x >> 1 uses a signed right shift and 64 is chosen if (signed char)x >> 1 uses an unsigned right shift. Why would anyone use unsigned right shifts for signed integers of any size? I have no idea, perhaps because the hardware doesn't have a suitable shift and speed was deemed more important than usefulness, but the C standard says of E1 >> E2 that If E1 has a signed type and a negative value, the resulting value is IMPLEMENTATION-DEFINED. So in fact when I said that the possible outcome of (signed char)(127 + 1)>>1 was either -1 or 64, I was hopelessly optimistic. It could be ANYTHING. But 64 is enough to get us into trouble, and there are C compilers that do use unsigned right shifts even on signed numbers. I note that Solaris and MacOS X use different definitions for WIFSIGNALED which are completely free of this problem. So splint is *correctly* warning you that the macro is not portable between C compilers. Does this actually matter? After all, the bottom 7 bits of the status here are the signal number of the uncaught signal that killed the program. In Solaris and MacOS X, a program that has been stopped has the STOP signal number there, so they never ever have a 127 in that position, though they wouldn't have a problem if they did have one. But Linux puts 127 there to indicate a stopped program, so the intention is - reject 0 (a program that exited normally) - reject 127 (a program paused by SIGSTOP) - accept everything else and what happens to 127 matters very much. Whoever wrote that test clearly expected a signed right shift, and that's what gcc will give you. But there is no good reason to expect any other compiler to do the same. So splint has actually pointed out a a REAL portability issue: whether stopped programs are accepted by WIFSIGNALED depends on your compiler. The simplest compiler-portable definition would just be #define __WIFSIGNALED(status) ( \ ((unsigned)(status) & 0x7fu) != 0 && \ ((unsigned)(status) & 0x7fu) != 0x7fu ) which is basically the approach that Solaris and MacOS X take. The wait macros are explicitly described as macros and may evaluate their arguments as often as they wish. > > Please help me in resolving the problem, how could I overcome of > this warning, without using ?type flag with splint command The best way I can think of is to avoid WIFSIGNALED entirely and do if (WIFSTOPPED(status)) { /* it isn't actually completed, just paused */ } else if (WIFEXITED(status)) { /* it exited normally */ } else { /* it was killed by an uncaught signal */ } Next simplest, #include #undef WIFSIGNALED #define WIFSIGNALED(x) (!WIFEXITED(x) && !WIFSTOPPED(x)) which should work under Solaris and MacOS X as well. From ok at cs.otago.ac.nz Sun Mar 30 17:57:52 2008 From: ok at cs.otago.ac.nz (Richard A. O'Keefe) Date: Mon, 31 Mar 2008 14:57:52 +1300 Subject: [splint-discuss] Problem in using WIFSIGNALED(status) In-Reply-To: <0A8CFEC45B7F4C419F7543867C4744230151980A@mailserver.nechclst.in> References: <0A8CFEC45B7F4C419F7543867C4744230151980A@mailserver.nechclst.in> Message-ID: <3F0E0190-F5F5-4956-80F5-EB183662C358@cs.otago.ac.nz> On 28 Mar 2008, at 5:34 pm, Vishal Bayskar wrote: > The definition of macro WIFSIGNALED is given in the /usr/include/sys/ > wait.h > As > # define WIFSIGNALED(status) __WIFSIGNALED(__WAIT_INT(status)) > > > And the definition of macro __WIFSIGNALED is given in /usr/include/ > bits/waitstatus.h > As > #define __WIFSIGNALED(status) \ > (((signed char) (((status) & 0x7f) + 1) >> 1) > 0) Let's analyse this. (status) & 0x7f can be 0..127 ((status) & 0x7f) + 1 can be 1..128 (signed char)(((status) & 0x7f) + 1) can be 1..127 or -128 (signed char)(((status) & 0x7f) + 1) >> 1 can be 0..63 or (-1 or 64) where -1 is chosen if (signed char)x >> 1 uses a signed right shift and 64 is chosen if (signed char)x >> 1 uses an unsigned right shift. Why would anyone use unsigned right shifts for signed integers of any size? I have no idea, perhaps because the hardware doesn't have a suitable shift and speed was deemed more important than usefulness, but the C standard says of E1 >> E2 that If E1 has a signed type and a negative value, the resulting value is IMPLEMENTATION-DEFINED. So in fact when I said that the possible outcome of (signed char)(127 + 1)>>1 was either -1 or 64, I was hopelessly optimistic. It could be ANYTHING. But 64 is enough to get us into trouble, and there are C compilers that do use unsigned right shifts even on signed numbers. I note that Solaris and MacOS X use different definitions for WIFSIGNALED which are completely free of this problem. So splint is *correctly* warning you that the macro is not portable between C compilers. Does this actually matter? After all, the bottom 7 bits of the status here are the signal number of the uncaught signal that killed the program. In Solaris and MacOS X, a program that has been stopped has the STOP signal number there, so they never ever have a 127 in that position, though they wouldn't have a problem if they did have one. But Linux puts 127 there to indicate a stopped program, so the intention is - reject 0 (a program that exited normally) - reject 127 (a program paused by SIGSTOP) - accept everything else and what happens to 127 matters very much. Whoever wrote that test clearly expected a signed right shift, and that's what gcc will give you. But there is no good reason to expect any other compiler to do the same. So splint has actually pointed out a a REAL portability issue: whether stopped programs are accepted by WIFSIGNALED depends on your compiler. The simplest compiler-portable definition would just be #define __WIFSIGNALED(status) ( \ ((unsigned)(status) & 0x7fu) != 0 && \ ((unsigned)(status) & 0x7fu) != 0x7fu ) which is basically the approach that Solaris and MacOS X take. The wait macros are explicitly described as macros and may evaluate their arguments as often as they wish. > > Please help me in resolving the problem, how could I overcome of > this warning, without using ?type flag with splint command The best way I can think of is to avoid WIFSIGNALED entirely and do if (WIFSTOPPED(status)) { /* it isn't actually completed, just paused */ } else if (WIFEXITED(status)) { /* it exited normally */ } else { /* it was killed by an uncaught signal */ } Next simplest, #include #undef WIFSIGNALED #define WIFSIGNALED(x) (!WIFEXITED(x) && !WIFSTOPPED(x)) which should work under Solaris and MacOS X as well. From ok at cs.otago.ac.nz Sun Mar 30 19:52:43 2008 From: ok at cs.otago.ac.nz (Richard A. O'Keefe) Date: Mon, 31 Mar 2008 16:52:43 +1300 Subject: [splint-discuss] Dependency on run time function In-Reply-To: <0A8CFEC45B7F4C419F7543867C47442301519AA6@mailserver.nechclst.in> References: <0A8CFEC45B7F4C419F7543867C47442301519AA6@mailserver.nechclst.in> Message-ID: On 30 Mar 2008, at 7:54 pm, Vishal Bayskar wrote: > In my program a variable is initializing by read command > len = read (sockfd, &hdr, sizeof (HEADER)); > > And Splint is showing warning > > Field hdr.member used before definition Splint is right. The problem is that read() does NOT have to return all you asked for. By the way, I prefer len = read(sockfd, &hdr, sizeof hdr); because that way it is *certain* that the size is the right size. Anyway, if nothing goes wrong, you'll get 0 <= len <= sizeof (HEADER). The most you can be sure of is that if all goes well and you didn't reach the end of the file, you will get at least one byte. But that is ALL you can assume from read(), especially from a socket. So Splint is quite right to warn you that the read() call might NOT initialise the whole of hdr; it really truly might not. It's nothing to do with "runtime" as such, it's to do with what might *happen* (or not happen) at run time. As for gettimeofday(), it may be that Splint doesn't have an /*out*/ annotation for it. Did you check that? From ok at cs.otago.ac.nz Sun Mar 30 19:52:43 2008 From: ok at cs.otago.ac.nz (Richard A. O'Keefe) Date: Mon, 31 Mar 2008 16:52:43 +1300 Subject: [splint-discuss] Dependency on run time function In-Reply-To: <0A8CFEC45B7F4C419F7543867C47442301519AA6@mailserver.nechclst.in> References: <0A8CFEC45B7F4C419F7543867C47442301519AA6@mailserver.nechclst.in> Message-ID: On 30 Mar 2008, at 7:54 pm, Vishal Bayskar wrote: > In my program a variable is initializing by read command > len = read (sockfd, &hdr, sizeof (HEADER)); > > And Splint is showing warning > > Field hdr.member used before definition Splint is right. The problem is that read() does NOT have to return all you asked for. By the way, I prefer len = read(sockfd, &hdr, sizeof hdr); because that way it is *certain* that the size is the right size. Anyway, if nothing goes wrong, you'll get 0 <= len <= sizeof (HEADER). The most you can be sure of is that if all goes well and you didn't reach the end of the file, you will get at least one byte. But that is ALL you can assume from read(), especially from a socket. So Splint is quite right to warn you that the read() call might NOT initialise the whole of hdr; it really truly might not. It's nothing to do with "runtime" as such, it's to do with what might *happen* (or not happen) at run time. As for gettimeofday(), it may be that Splint doesn't have an /*out*/ annotation for it. Did you check that? From vishal.bayskar at nechclst.in Sun Mar 30 20:39:33 2008 From: vishal.bayskar at nechclst.in (Vishal Bayskar) Date: Mon, 31 Mar 2008 10:09:33 +0530 Subject: [splint-discuss] Dependency on run time function Message-ID: <0A8CFEC45B7F4C419F7543867C47442301519AE8@mailserver.nechclst.in> Dear All, After read I have checked the len And execution only go to the hdr.member if read was successful len = read (sockfd, &hdr, sizeof (HEADER)); if (len < (ssize_t)sizeof (HEADER)) { return 1; } if (hdr.member == 2) { Printf(" Successful \n"); } Even then the warning is displaying Thanks and Regards Vishal Bayskar Ext. no. 927 -----Original Message----- From: splint-discuss-bounces at cs.virginia.edu [mailto:splint-discuss-bounces at cs.virginia.edu] On Behalf Of Richard A. O'Keefe Sent: Monday, March 31, 2008 9:23 AM To: Discussions about the Splint annotation-assisted static analysis project Cc: splint-discuss at mail.cs.virginia.edu Subject: Re: [splint-discuss] Dependency on run time function On 30 Mar 2008, at 7:54 pm, Vishal Bayskar wrote: > In my program a variable is initializing by read command > len = read (sockfd, &hdr, sizeof (HEADER)); > > And Splint is showing warning > > Field hdr.member used before definition Splint is right. The problem is that read() does NOT have to return all you asked for. By the way, I prefer len = read(sockfd, &hdr, sizeof hdr); because that way it is *certain* that the size is the right size. Anyway, if nothing goes wrong, you'll get 0 <= len <= sizeof (HEADER). The most you can be sure of is that if all goes well and you didn't reach the end of the file, you will get at least one byte. But that is ALL you can assume from read(), especially from a socket. So Splint is quite right to warn you that the read() call might NOT initialise the whole of hdr; it really truly might not. It's nothing to do with "runtime" as such, it's to do with what might *happen* (or not happen) at run time. As for gettimeofday(), it may be that Splint doesn't have an /*out*/ annotation for it. Did you check that? _______________________________________________ splint-discuss mailing list splint-discuss at mail.cs.virginia.edu http://www.cs.virginia.edu/mailman/listinfo/splint-discuss From vishal.bayskar at nechclst.in Sun Mar 30 20:39:33 2008 From: vishal.bayskar at nechclst.in (Vishal Bayskar) Date: Mon, 31 Mar 2008 10:09:33 +0530 Subject: [splint-discuss] Dependency on run time function Message-ID: <0A8CFEC45B7F4C419F7543867C47442301519AE8@mailserver.nechclst.in> Dear All, After read I have checked the len And execution only go to the hdr.member if read was successful len = read (sockfd, &hdr, sizeof (HEADER)); if (len < (ssize_t)sizeof (HEADER)) { return 1; } if (hdr.member == 2) { Printf(" Successful \n"); } Even then the warning is displaying Thanks and Regards Vishal Bayskar Ext. no. 927 -----Original Message----- From: splint-discuss-bounces at cs.virginia.edu [mailto:splint-discuss-bounces at cs.virginia.edu] On Behalf Of Richard A. O'Keefe Sent: Monday, March 31, 2008 9:23 AM To: Discussions about the Splint annotation-assisted static analysis project Cc: splint-discuss at mail.cs.virginia.edu Subject: Re: [splint-discuss] Dependency on run time function On 30 Mar 2008, at 7:54 pm, Vishal Bayskar wrote: > In my program a variable is initializing by read command > len = read (sockfd, &hdr, sizeof (HEADER)); > > And Splint is showing warning > > Field hdr.member used before definition Splint is right. The problem is that read() does NOT have to return all you asked for. By the way, I prefer len = read(sockfd, &hdr, sizeof hdr); because that way it is *certain* that the size is the right size. Anyway, if nothing goes wrong, you'll get 0 <= len <= sizeof (HEADER). The most you can be sure of is that if all goes well and you didn't reach the end of the file, you will get at least one byte. But that is ALL you can assume from read(), especially from a socket. So Splint is quite right to warn you that the read() call might NOT initialise the whole of hdr; it really truly might not. It's nothing to do with "runtime" as such, it's to do with what might *happen* (or not happen) at run time. As for gettimeofday(), it may be that Splint doesn't have an /*out*/ annotation for it. Did you check that? _______________________________________________ splint-discuss mailing list splint-discuss at mail.cs.virginia.edu http://www.cs.virginia.edu/mailman/listinfo/splint-discuss From vishal.bayskar at nechclst.in Mon Mar 31 05:36:45 2008 From: vishal.bayskar at nechclst.in (Vishal Bayskar) Date: Mon, 31 Mar 2008 19:06:45 +0530 Subject: [splint-discuss] problem with function inet_ntoa() Message-ID: <0A8CFEC45B7F4C419F7543867C4744230157F11E@mailserver.nechclst.in> Dear All, There is a problem with function inet_ntoa Following line is used in the code strcpy (ip_addr, inet_ntoa (((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr)); this line is not called in loop here ip_addr is declare as static char ip_addr[MAX_IPLEN]; When I run the splint, it is giving the following warning is displaying New fresh storage (type char *) passed as implicitly temp (not released): inet_ntoa(((struct sockaddr_in *)&ifr.ifr_ifru.ifru_addr)->s in_addr) A memory leak has been detected. Storage allocated locally is not released before the last reference to it is lost. (Use -mustfreefresh to inhibit Does it really do with inet_ntoa() function ? Like if we read manual of it We can find the sentence that The inet_ntoa() function converts the Internet host address in given in network byte order to a string in standard numbers-and-dots notation. The string is returned in a statically allocated buffer, which subsequent calls will overwrite. Please not that inet_ntoa() is called only ones Thank in advance I really thank for the response that I am getting on this blog. Thanks and Regards Vishal Bayskar Ext. no. 927 Disclaimer: This message and any attachment(s) contained here are information that is confidential, proprietary to NEC HCL System Technologies and its customers. Contents may be privileged or otherwise protected by law. The information is solely intended for the individual or the entity it is addressed to. If you are not the intended recipient of this message, you are not authorized to read, forward, print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender immediately by return e-mail and delete it from your computer. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20080331/72f2f701/attachment-0001.html From lholzheid at bihl-wiedemann.de Mon Mar 31 06:03:31 2008 From: lholzheid at bihl-wiedemann.de (Ludolf Holzheid) Date: Mon, 31 Mar 2008 16:03:31 +0200 Subject: [splint-discuss] problem with function inet_ntoa() In-Reply-To: <0A8CFEC45B7F4C419F7543867C4744230157F11E@mailserver.nechclst.in> References: <0A8CFEC45B7F4C419F7543867C4744230157F11E@mailserver.nechclst.in> Message-ID: <20080331140330.GA4811@svr5.bihl-wiedemann.de> On Mon, 2008-03-31 19:06:45 +0530, Vishal Bayskar wrote: > [..] > > Following line is used in the code > > strcpy (ip_addr, inet_ntoa (((struct sockaddr_in *) > &ifr.ifr_addr)->sin_addr)); > > [..] > When I run the splint, it is giving the following warning is displaying > > > New fresh storage (type char *) passed as implicitly temp > > (not released): inet_ntoa(((struct sockaddr_in > *)&ifr.ifr_ifru.ifru_addr)->s > > in_addr) > > A memory leak has been detected. Storage allocated locally is not > released > > before the last reference to it is lost. (Use -mustfreefresh to > inhibit It seems splint does not know the return value of inet_ntoa() is /*@kept@*/. Are you sure you selected the UNIX library (by specifying the +unixlib flag)? Ludolf -- --------------------------------------------------------------- Ludolf Holzheid Tel: +49 621 339960 Bihl+Wiedemann GmbH Fax: +49 621 3392239 Flo?w?rthstra?e 41 e-mail: lholzheid at bihl-wiedemann.de D-68199 Mannheim, Germany ---------------------------------------------------------------