[splint-discuss] Query

Brian Quinlan brian.quinlan at iolfree.ie
Wed Mar 26 13:08:56 PST 2008 

On Wed, 2008-03-26 at 17:09 +0530, Deepak Bhatia wrote:
> Dear All,
>  
> In the splint manual on page 83 (PDF),  we have transfer errors.
>  
> We are are not able to understand the 
>  
> - only-trans : Only storage transferred to non-only reference.
>  
>  
> cmt_group_file = (char *) calloc (1,len+1);
>  
> The splint warning for above code is 
>  
> file.c:837:29: Only storage assigned to unqualified static:
>                           cmt_group_file = (char *)calloc(1, len + 1)
>   The only reference to this storage is transferred to another
> reference (e.g.,
>   by returning it) that does not have the only annotation. This may
> lead to a
>   memory leak, since the new reference is not necessarily released.
> (Use
>   -onlytrans to inhibit warning)
>  
> Kindly help us in understanding the meaning of -only-trans.
>  
Hello to the splint powers-that-be,
The email archive seems to have disappeared.

http://www.splint.org/pipermail/splint-discuss/

currently returns a 404 error for me.

Anyway, onward with the response...



Hi Deepak,
Splint defaults the pointer returned from calloc to only
(/usr/share/splint/lib/stdlib.h on my distro).

"Only" means that a pointer has the only reference to a block of memory.
Your error message indicates that cmt_group_file is "unqualified". I
forget what it defaults to, but the important thing is that it doesn't
default to only, so splint sees an error. This is an error for the
following reason (at least; there are probably others): When the
(non-only) pointer goes out of scope or is overwritten with another
value, splint won't force you to free or transfer ownership of the
memory, so there's potential for a leak.

You can annotate the code that calls calloc with -only-trans to suppress
the warning, or you can annotate cmt_group_file as "only" storage.

Note that in the past splint has given me a hard time about static
pointers (legitimately, because my code was probably better off without
them). As cmt_group_file is a static, you may have problems defining it
to be "only" storage. I expect that splint won't allow it (especially if
it's a global static), but even if it does, is it meaningful to describe
it as only storage if the memory can be freed from any one of ten
different places in the code?

Bye,
Brian

> Regards
>  
> Deepak Bhatia
>  
> _______________________________________________
> splint-discuss mailing list
> splint-discuss at mail.cs.virginia.edu
> http://www.cs.virginia.edu/mailman/listinfo/splint-discuss

More information about the splint-discuss mailing list