From nido at foxserver.be Wed Apr 8 03:27:01 2009 From: nido at foxserver.be (Nido Media) Date: Wed, 08 Apr 2009 12:27:01 +0200 Subject: [splint-discuss] Unrecognized identifiers and other definitions Message-ID: <49DC7BF5.9040100@foxserver.be> Hello all, I've been a splint user on and off for the last few years. I'm pretty happy with it, but the main reason I tend to ditch it is the fact that it doesn't recognize a lot of the functions found in the modern C library; and there's no elegant way to fix this in the code in an elegant manner. This time; I decided to take another route. I've looked into the splint package and noticed the .lcd packages; and corresponding .h file. With that and a bit of browsing through the manual; I got the idea to create a posix.1-2008 compatible library. For convenience sake; I've created a file std.h, in which I define the unrecognised identifiers and alike. I've attached this file as an email. The command I used for testing this idea is as follows: splint std.h -dump std && splint -warnposix +load std test.c Right now I've got a near-trivial test case working this way and I've defined four functions this way. You are welcome to give any feedback on the std. file as it is now; or to use it yourself, or to include it, or portions in splint itself. I wonder if there is anyone interested in what happens to this file. I can type up my findings and updates to this file in this mailing list, but if nobody cares, it'd just be a waste of bandwidth and time. So please let me know if you care about this. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: std.h Url: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20090408/4c9cc0f8/attachment.h From jholland at fastsoft.com Wed Apr 8 10:26:06 2009 From: jholland at fastsoft.com (Jake Holland) Date: Wed, 8 Apr 2009 10:26:06 -0700 Subject: [splint-discuss] Unrecognized identifiers and other definitions In-Reply-To: <49DC7BF5.9040100@foxserver.be> References: <49DC7BF5.9040100@foxserver.be> Message-ID: This sounded quite interesting to me, so I looked in the manual and found section 14, broadly describing how this worked. This was a feature I hadn't noticed, and one which I think could help significantly reduce the splint-specific maintenance for the project I'm on. So personally, I'm grateful you decided to post this. I don't want to ask you to spend a lot of time, and now that I've read section 14 of the manual, I think I get the general idea, but if you have anything to add beyond what it says there, I'd be interested to read it. Especially if you ran into any undocumented problems on the way. I also think the header itself looks like a fine start on a noble cause. One thing I'd like to see (and would be happy to work towards if I can get the time for it) is a splint release that works well with the latest C and POSIX standards. In that context, this looks to me like a contribution in the right direction. So on that note, I encourage you to post any further updates and comments, in the hopes that it will pay off eventually. From nido at foxserver.be Wed Apr 8 14:07:37 2009 From: nido at foxserver.be (Nido) Date: Wed, 8 Apr 2009 23:07:37 +0200 Subject: [splint-discuss] Unrecognized identifiers and other definitions In-Reply-To: References: <49DC7BF5.9040100@foxserver.be> Message-ID: 2009/4/8 Jake Holland : > This sounded quite interesting to me, so I looked in the manual and > found section 14, broadly describing how this worked. > > This was a feature I hadn't noticed, and one which I think could help > significantly reduce the splint-specific maintenance for the project I'm > on. ?So personally, I'm grateful you decided to post this. you are welcome > I don't want to ask you to spend a lot of time, and now that I've read > section 14 of the manual, I think I get the general idea, but if you > have anything to add beyond what it says there, I'd be interested to > read it. ?Especially if you ran into any undocumented problems on the > way. In that case I will continue posting additions when they occur until I've found a better place to put this. > I also think the header itself looks like a fine start on a noble cause. > One thing I'd like to see (and would be happy to work towards if I can > get the time for it) is a splint release that works well with the latest > C and POSIX standards. You are welcome to use the file as it is now; and I'd love to incorporate your modifications when you have them. When the file is sufficiently complete, the splint maintainers are welcome to use the file to add/replace the now default library files. > In that context, this looks to me like a contribution in the right > direction. ?So on that note, I encourage you to post any further updates > and comments, in the hopes that it will pay off eventually. > > > _______________________________________________ > splint-discuss mailing list > splint-discuss at mail.cs.virginia.edu > http://www.cs.virginia.edu/mailman/listinfo/splint-discuss From jholland at fastsoft.com Wed Apr 8 14:52:33 2009 From: jholland at fastsoft.com (Jake Holland) Date: Wed, 8 Apr 2009 14:52:33 -0700 Subject: [splint-discuss] Unrecognized identifiers and other definitions In-Reply-To: References: <49DC7BF5.9040100@foxserver.be> Message-ID: > You are welcome to use the file as it is now; and I'd love to > incorporate your modifications when you have them. When the file is > sufficiently complete, the splint maintainers are welcome to use the > file to add/replace the now default library files. I'll keep an eye out for any problems I have that would be an excuse to include/extend this, and if I make any changes, I'll post them. Good luck on a response from the splint maintainers, but I can't advise you to have much hope. As far as I've been able to discover since last July, splint is currently an orphaned project. From nido at foxserver.be Wed Apr 8 23:29:05 2009 From: nido at foxserver.be (Nido) Date: Thu, 9 Apr 2009 08:29:05 +0200 Subject: [splint-discuss] Unrecognized identifiers and other definitions In-Reply-To: References: <49DC7BF5.9040100@foxserver.be>

Message-ID: 2009/4/8 Jake Holland : > Good luck on a response from the splint maintainers, but I can't advise > you to have much hope. ?As far as I've been able to discover since last > July, splint is currently an orphaned project. We'll see what happens. For the moment; the non-compliance with the newer C standards is the biggest problem; and we can work around this problem in a fairly trivial manner. I'd guess this mailing list is _the_ place to be for splint related conversation. Should someone be working on the program; they are probably here > _______________________________________________ > splint-discuss mailing list > splint-discuss at mail.cs.virginia.edu > http://www.cs.virginia.edu/mailman/listinfo/splint-discuss > From nymaen at yahoo.com Sat Apr 18 06:38:33 2009 From: nymaen at yahoo.com (Marcus Martin) Date: Sat, 18 Apr 2009 06:38:33 -0700 (PDT) Subject: [splint-discuss] Splint usage help Message-ID: <884540.95224.qm@web33505.mail.mud.yahoo.com> I am a new splint user and am having some difficutly with the annotations. I read the documentation and looked at the examples and still have some trouble. Can someone please help me get started? I have the source code line: const char *subCmds[] = { "-file", "-stream", NULL }; This array needs to have the last element be NULL so when used a parameter in a method, the method knows when to stop reading the array. Splint produces the following errors. test.c:94:68: Index of possibly null pointer subCmds: subCmds A possibly null pointer is dereferenced. Value is either the result of a function which may return null (in which case, code should check it is not null), or a global, parameter or structure field declared with the null qualifier. (Use -nullderef to inhibit warning) test.c:94:27: Storage subCmds may become null test.c:94:61: Local subCmds[2] initialized to null value: subCmds[2] = NULL A reference with no null annotation is assigned or initialized to NULL. Use /*@null@*/ to declare the reference as a possibly null pointer. (Use -nullassign to inhibit warning) After reading the warnings I tried changing the source line in the following ways, none of which worked for me. /*@-nullderef@*/ const char *subCmds[] = { "-file", "-stream", NULL }; /*@=nullderef@*/ /*@-nullassign@*/ const char *subCmds[] = { "-file", "-stream", NULL }; /*@=nullassign@*/ const char *subCmds[] = { "-file", "-stream", /*@null@*/ NULL }; The second problem I encountered is that splint wants me to annotate the header files of exeternal packages I call to indicate out parameters and parameters that can be NULL. Since I don't own that source code,I really don't want to change it. How do I indicate to splint where I invoked the method that my parameters are correct and the method is used correctly. The third issue is that I am creating a shared library that implements the interface. At no place in my code base will I call these public interface methods. How can I tell splint that these methods are exported and not called directly, but that is okay. Can someone tell me what I am doing wrong? Once I understand these three problems, I should be able to fix the rest of my module. Marcus From nido at foxserver.be Sat Apr 18 10:09:23 2009 From: nido at foxserver.be (Nido) Date: Sat, 18 Apr 2009 19:09:23 +0200 Subject: [splint-discuss] Splint usage help In-Reply-To: <884540.95224.qm@web33505.mail.mud.yahoo.com> References: <884540.95224.qm@web33505.mail.mud.yahoo.com> Message-ID: 2009/4/18 Marcus Martin : > > > > > I > am a new splint user and am having some difficutly with the > annotations. I read the documentation and looked at the examples and > still have some trouble. Can someone please help me get started? > > I have the source code line: > const char *subCmds[] = { "-file", "-stream", NULL }; > > This > array needs to have the last element be NULL so when used a parameter > in a method, the method knows when to stop reading the array. Splint > produces the following errors. > > test.c:94:68: Index of possibly null pointer subCmds: subCmds > ?A possibly null pointer is dereferenced. ?Value is either the result of a > ?function which may return null (in which case, code should check it is not > ?null), or a global, parameter or structure field declared with the null > ?qualifier. (Use -nullderef to inhibit warning) > ? test.c:94:27: Storage subCmds may become null > test.c:94:61: Local subCmds[2] initialized to null value: subCmds[2] = NULL > ?A reference with no null annotation is assigned or initialized to NULL. ?Use > ?/*@null@*/ to declare the reference as a possibly null pointer. (Use > ?-nullassign to inhibit warning) > > After reading the warnings I tried changing the source line in the following ways, none of which worked for me. > > /*@-nullderef@*/ const char *subCmds[] = { "-file", "-stream", NULL }; ?/*@=nullderef@*/ > /*@-nullassign@*/ const char *subCmds[] = { "-file", "-stream", NULL }; ?/*@=nullassign@*/ > const char *subCmds[] = { "-file", "-stream", /*@null@*/ ?NULL }; I'm sorry; I can't really help you out here as I seem to understand the problem as well as you do. You might want to try to ignore this particular warning using -nullassign until someone can give you a better answer. This may help you: http://www.splint.org/manual/html/sec14.html > The > second problem I encountered is that splint wants me to annotate the > header files of exeternal packages I call to indicate out parameters > and parameters that can be NULL. Since I don't own that source code,I > really don't want to change it. How do I indicate to splint where I > invoked the method that my parameters are correct and the method is > used correctly. you can create .lcl files from .h files using the -dump command. You can use these dumps later using -load. I am using this functionality now to create an improved posix library that is compatible with the newer version of the standard. I have posted this a few days ago on this list so I don't think its a good idea to re-post it because it hasn't chagned since than. Should you be interrested I'd be happy to send you a copy should you contact me about that. > The third issue is that I am creating a shared > library that ?implements the interface. At no place in my code base > will I call these public interface methods. How can I tell splint that > these methods are exported and not called directly, but that is okay. /*@unused@*/ might help. > Can > someone tell me what I am doing wrong? Once I understand these three > problems, I should be able to fix the rest of my module. > > Marcus You may want to read through the splint manual a bit; I linked to chapter 14 earlier. Good luck with your module kind regards, Nido Media From nymaen at yahoo.com Sat Apr 18 06:36:17 2009 From: nymaen at yahoo.com (Marcus Martin) Date: Sat, 18 Apr 2009 06:36:17 -0700 (PDT) Subject: [splint-discuss] Splint usage help Message-ID: <773646.73964.qm@web33507.mail.mud.yahoo.com> I am a new splint user and am having some difficutly with the annotations. I read the documentation and looked at the examples and still have some trouble. Can someone please help me get started? I have the source code line: const char *subCmds[] = { "-file", "-stream", NULL }; This array needs to have the last element be NULL so when used a parameter in a method, the method knows when to stop reading the array. Splint produces the following errors. test.c:94:68: Index of possibly null pointer subCmds: subCmds A possibly null pointer is dereferenced. Value is either the result of a function which may return null (in which case, code should check it is not null), or a global, parameter or structure field declared with the null qualifier. (Use -nullderef to inhibit warning) test.c:94:27: Storage subCmds may become null test.c:94:61: Local subCmds[2] initialized to null value: subCmds[2] = NULL A reference with no null annotation is assigned or initialized to NULL. Use /*@null@*/ to declare the reference as a possibly null pointer. (Use -nullassign to inhibit warning) After reading the warnings I tried changing the source line in the following ways, none of which worked for me. /*@-nullderef@*/ const char *subCmds[] = { "-file", "-stream", NULL }; /*@=nullderef@*/ /*@-nullassign@*/ const char *subCmds[] = { "-file", "-stream", NULL }; /*@=nullassign@*/ const char *subCmds[] = { "-file", "-stream", /*@null@*/ NULL }; The second problem I encountered is that splint wants me to annotate the header files of exeternal packages I call to indicate out parameters and parameters that can be NULL. Since I don't own that source code,I really don't want to change it. How do I indicate to splint where I invoked the method that my parameters are correct and the method is used correctly. The third issue is that I am creating a shared library that implements the interface. At no place in my code base will I call these public interface methods. How can I tell splint that these methods are exported and not called directly, but that is okay. Can someone tell me what I am doing wrong? Once I understand these three problems, I should be able to fix the rest of my module. Marcus -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20090418/f7b07b38/attachment.html From plongstaff at rogers.com Sat Apr 18 10:39:49 2009 From: plongstaff at rogers.com (Phil Longstaff) Date: Sat, 18 Apr 2009 10:39:49 -0700 (PDT) Subject: [splint-discuss] Splint usage help In-Reply-To: <884540.95224.qm@web33505.mail.mud.yahoo.com> References: <884540.95224.qm@web33505.mail.mud.yahoo.com> Message-ID: <545925.30551.qm@web88103.mail.re2.yahoo.com> For routines from external libraries, I created a single file I called splintdefs.h, which was included from my source files: #ifdef S_SPLINT_S #include "splintdefs.h" #endif so that it doesn't affect normal compilation. I then copy the prototypes from the external headers into that file and annotate them. Phil ________________________________ From: Marcus Martin To: splint-discuss at mail.cs.virginia.edu Sent: Saturday, April 18, 2009 9:38:33 AM Subject: [splint-discuss] Splint usage help I am a new splint user and am having some difficutly with the annotations. I read the documentation and looked at the examples and still have some trouble. Can someone please help me get started? I have the source code line: const char *subCmds[] = { "-file", "-stream", NULL }; This array needs to have the last element be NULL so when used a parameter in a method, the method knows when to stop reading the array. Splint produces the following errors. test.c:94:68: Index of possibly null pointer subCmds: subCmds A possibly null pointer is dereferenced. Value is either the result of a function which may return null (in which case, code should check it is not null), or a global, parameter or structure field declared with the null qualifier. (Use -nullderef to inhibit warning) test.c:94:27: Storage subCmds may become null test.c:94:61: Local subCmds[2] initialized to null value: subCmds[2] = NULL A reference with no null annotation is assigned or initialized to NULL. Use /*@null@*/ to declare the reference as a possibly null pointer. (Use -nullassign to inhibit warning) After reading the warnings I tried changing the source line in the following ways, none of which worked for me. /*@-nullderef@*/ const char *subCmds[] = { "-file", "-stream", NULL }; /*@=nullderef@*/ /*@-nullassign@*/ const char *subCmds[] = { "-file", "-stream", NULL }; /*@=nullassign@*/ const char *subCmds[] = { "-file", "-stream", /*@null@*/ NULL }; The second problem I encountered is that splint wants me to annotate the header files of exeternal packages I call to indicate out parameters and parameters that can be NULL. Since I don't own that source code,I really don't want to change it. How do I indicate to splint where I invoked the method that my parameters are correct and the method is used correctly. The third issue is that I am creating a shared library that implements the interface. At no place in my code base will I call these public interface methods. How can I tell splint that these methods are exported and not called directly, but that is okay. Can someone tell me what I am doing wrong? Once I understand these three problems, I should be able to fix the rest of my module. Marcus _______________________________________________ splint-discuss mailing list splint-discuss at mail.cs.virginia.edu http://www.cs.virginia.edu/mailman/listinfo/splint-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20090418/bd5eba47/attachment-0001.html From plongstaff at rogers.com Sat Apr 18 10:39:49 2009 From: plongstaff at rogers.com (Phil Longstaff) Date: Sat, 18 Apr 2009 10:39:49 -0700 (PDT) Subject: [splint-discuss] Splint usage help In-Reply-To: <884540.95224.qm@web33505.mail.mud.yahoo.com> References: <884540.95224.qm@web33505.mail.mud.yahoo.com> Message-ID: <545925.30551.qm@web88103.mail.re2.yahoo.com> For routines from external libraries, I created a single file I called splintdefs.h, which was included from my source files: #ifdef S_SPLINT_S #include "splintdefs.h" #endif so that it doesn't affect normal compilation. I then copy the prototypes from the external headers into that file and annotate them. Phil ________________________________ From: Marcus Martin To: splint-discuss at mail.cs.virginia.edu Sent: Saturday, April 18, 2009 9:38:33 AM Subject: [splint-discuss] Splint usage help I am a new splint user and am having some difficutly with the annotations. I read the documentation and looked at the examples and still have some trouble. Can someone please help me get started? I have the source code line: const char *subCmds[] = { "-file", "-stream", NULL }; This array needs to have the last element be NULL so when used a parameter in a method, the method knows when to stop reading the array. Splint produces the following errors. test.c:94:68: Index of possibly null pointer subCmds: subCmds A possibly null pointer is dereferenced. Value is either the result of a function which may return null (in which case, code should check it is not null), or a global, parameter or structure field declared with the null qualifier. (Use -nullderef to inhibit warning) test.c:94:27: Storage subCmds may become null test.c:94:61: Local subCmds[2] initialized to null value: subCmds[2] = NULL A reference with no null annotation is assigned or initialized to NULL. Use /*@null@*/ to declare the reference as a possibly null pointer. (Use -nullassign to inhibit warning) After reading the warnings I tried changing the source line in the following ways, none of which worked for me. /*@-nullderef@*/ const char *subCmds[] = { "-file", "-stream", NULL }; /*@=nullderef@*/ /*@-nullassign@*/ const char *subCmds[] = { "-file", "-stream", NULL }; /*@=nullassign@*/ const char *subCmds[] = { "-file", "-stream", /*@null@*/ NULL }; The second problem I encountered is that splint wants me to annotate the header files of exeternal packages I call to indicate out parameters and parameters that can be NULL. Since I don't own that source code,I really don't want to change it. How do I indicate to splint where I invoked the method that my parameters are correct and the method is used correctly. The third issue is that I am creating a shared library that implements the interface. At no place in my code base will I call these public interface methods. How can I tell splint that these methods are exported and not called directly, but that is okay. Can someone tell me what I am doing wrong? Once I understand these three problems, I should be able to fix the rest of my module. Marcus _______________________________________________ splint-discuss mailing list splint-discuss at mail.cs.virginia.edu http://www.cs.virginia.edu/mailman/listinfo/splint-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20090418/bd5eba47/attachment-0002.html From brian.quinlan at iolfree.ie Sat Apr 18 11:59:16 2009 From: brian.quinlan at iolfree.ie (Brian Quinlan) Date: Sat, 18 Apr 2009 19:59:16 +0100 Subject: [splint-discuss] Splint usage help In-Reply-To: <884540.95224.qm@web33505.mail.mud.yahoo.com> References: <884540.95224.qm@web33505.mail.mud.yahoo.com> Message-ID: <1240081156.6898.24.camel@russell.lan> On Sat, 2009-04-18 at 06:38 -0700, Marcus Martin wrote: > > > > I > am a new splint user and am having some difficutly with the > annotations. I read the documentation and looked at the examples and > still have some trouble. Can someone please help me get started? > > I have the source code line: > const char *subCmds[] = { "-file", "-stream", NULL }; > Hi Marcus, Try the following: typedef /*@null@*/ const char *StringListElement; StringListElement subCmds[] = { "-file", "-stream", NULL }; The basic problem is that splint (reasonably) assumes const char* is non-null. In this case, you need to change this assumption by using the the /*@null@*/ annotation. Adding it directly to your line doesn't work. I think this is because this tells splint the array, rather than each array element, can be null. There might be a way of achieving the same effect without the two line hack, but I don't see it myself. Bye, Brian > This > array needs to have the last element be NULL so when used a parameter > in a method, the method knows when to stop reading the array. Splint > produces the following errors. > > test.c:94:68: Index of possibly null pointer subCmds: subCmds > A possibly null pointer is dereferenced. Value is either the result of a > function which may return null (in which case, code should check it is not > null), or a global, parameter or structure field declared with the null > qualifier. (Use -nullderef to inhibit warning) > test.c:94:27: Storage subCmds may become null > test.c:94:61: Local subCmds[2] initialized to null value: subCmds[2] = NULL > A reference with no null annotation is assigned or initialized to NULL. Use > /*@null@*/ to declare the reference as a possibly null pointer. (Use > -nullassign to inhibit warning) > > After reading the warnings I tried changing the source line in the following ways, none of which worked for me. > > /*@-nullderef@*/ const char *subCmds[] = { "-file", "-stream", NULL }; /*@=nullderef@*/ > /*@-nullassign@*/ const char *subCmds[] = { "-file", "-stream", NULL }; /*@=nullassign@*/ > const char *subCmds[] = { "-file", "-stream", /*@null@*/ NULL }; > > The > second problem I encountered is that splint wants me to annotate the > header files of exeternal packages I call to indicate out parameters > and parameters that can be NULL. Since I don't own that source code,I > really don't want to change it. How do I indicate to splint where I > invoked the method that my parameters are correct and the method is > used correctly. > > The third issue is that I am creating a shared > library that implements the interface. At no place in my code base > will I call these public interface methods. How can I tell splint that > these methods are exported and not called directly, but that is okay. > > Can > someone tell me what I am doing wrong? Once I understand these three > problems, I should be able to fix the rest of my module. > > Marcus > > > > _______________________________________________ > splint-discuss mailing list > splint-discuss at mail.cs.virginia.edu > http://www.cs.virginia.edu/mailman/listinfo/splint-discuss From cbfalconer at att.net Sat Apr 18 16:36:31 2009 From: cbfalconer at att.net (cbfalconer@maineline.net) Date: Sat, 18 Apr 2009 23:36:31 +0000 Subject: [splint-discuss] Splint usage help Message-ID: <041820092336.15862.49EA63FF00025B0B00003DF622218675169B0A02D29B9B0EBF9D0A02010C040E000D0C@att.net> Brian Quinlan wrote: > Marcus Martin wrote: > >> I am a new splint user and am having some difficutly with the >> annotations. I read the documentation and looked at the examples >> and still have some trouble. >> >> I have the source code line: >> const char *subCmds[] = { "-file", "-stream", NULL }; > > typedef /*@null@*/ const char *StringListElement; > StringListElement subCmds[] = { "-file", "-stream", NULL }; > > The basic problem is that splint (reasonably) assumes const char* > is non-null. In this case, you need to change this assumption by > using the the /*@null@*/ annotation. Adding it directly to your > line doesn't work. I think this is because this tells splint the > array, rather than each array element, can be null. There might > be a way of achieving the same effect without the two line hack, > but I don't see it myself. I'm not using splint now, but I suspect you can handle it by controlling your source. subCmds has been declared to be an array of pointers to char. Simply ensure that you initialize it with such. Try "(char*)NULL". Some headers define NULL as 0, rather than as "(void*) 0", which is fine as the default conversion converts a zero to a pointer. You don't need the typedef. -- [mail]: Chuck F (cbfalconer at maineline dot net) [page]: Try the download section. From nymaen at yahoo.com Sat Apr 18 17:48:13 2009 From: nymaen at yahoo.com (Marcus Martin) Date: Sat, 18 Apr 2009 20:48:13 -0400 Subject: [splint-discuss] Splint usage help In-Reply-To: <041820092336.15862.49EA63FF00025B0B00003DF622218675169B0A02D29B9B0EBF9D0A02010C040E000D0C@att.net> References: <041820092336.15862.49EA63FF00025B0B00003DF622218675169B0A02D29B9B0EBF9D0A02010C040E000D0C@att.net> Message-ID: <49EA74CD.9070708@yahoo.com> Brian's suggestion worked perfectly. typedef /*@null@*/ const char *StringListElement; StringListElement subCmds[] = { "-file", "-stream", NULL }; Results in no errors. When I tried Chuck's suggestion, I still got one warning. const char *subCmds[] = { "-file", "-stream", (const char*)NULL }; test.c: (in function TestMethod) test.c:103:51: Local subCmds[2] initialized to null value: subCmds[2] = (const char *)NULL A reference with no null annotation is assigned or initialized to NULL. Use /*@null@*/ to declare the reference as a possibly null pointer. (Use -nullassign to inhibit warning) Any ideas on how I misunderstood chuck? Marcus From brian.quinlan at iolfree.ie Sun Apr 19 14:15:08 2009 From: brian.quinlan at iolfree.ie (Brian Quinlan) Date: Sun, 19 Apr 2009 22:15:08 +0100 Subject: [splint-discuss] Splint usage help In-Reply-To: <49EA74CD.9070708@yahoo.com> References: <041820092336.15862.49EA63FF00025B0B00003DF622218675169B0A02D29B9B0EBF9D0A02010C040E000D0C@att.net> <49EA74CD.9070708@yahoo.com> Message-ID: <1240175708.6898.40.camel@russell.lan> On Sat, 2009-04-18 at 20:48 -0400, Marcus Martin wrote: > Brian's suggestion worked perfectly. > > typedef /*@null@*/ const char *StringListElement; > StringListElement subCmds[] = { "-file", "-stream", NULL }; > > Results in no errors. > > When I tried Chuck's suggestion, I still got one warning. > const char *subCmds[] = { "-file", "-stream", (const char*)NULL }; > > test.c: (in function TestMethod) > test.c:103:51: Local subCmds[2] initialized to null value: > subCmds[2] = (const char *)NULL > A reference with no null annotation is assigned or initialized to > NULL. Use > /*@null@*/ to declare the reference as a possibly null pointer. (Use > -nullassign to inhibit warning) > > Any ideas on how I misunderstood chuck? > > Marcus > The original problem indicated by splint was not that NULL is not char*, so casting won't have an effect. Rather, the problem was that subCmds[2] defaults to /*@notnull@*/ and therefore you can't assign null to it. I'm not convinced that the problem can be solved in a single line. However, I am convinced that, if it is possible, then the /*@null@*/ annotation will be required. BQ From jandcmoore at gmail.com Thu Apr 23 11:24:46 2009 From: jandcmoore at gmail.com (Jonathan and Caroline Moore) Date: Thu, 23 Apr 2009 19:24:46 +0100 Subject: [splint-discuss] staticinittrans Message-ID: <8bf7d05b0904231124m13678853k2f00daa30a38b176@mail.gmail.com> Splint is a wonderful tool but I could use some help with a few last +checks warnings in a project. Please go easy on me I'm not CompSci just an engineer trying to make sure the compiler is forced to do what I intend. I don't understand the unqualified static, implicitly and inconsistent way parts of the splint warning. Google hasn't helped either - just people saying use -staticinittrans or other code markup which I feel defeats the point of trying to understand WHY the static analysis is complaining. How do I get around this or initialise a pointer in a struct in a way that splint likes. Everything I've tried seems to generate an error similar to these below or warnings about losing memory pointers without deallocating them Deep thanks in advance. Jonathan P.S. I'd appreciate a cc on any replies - not sure I got the mailer set up right. WS867:Thu 23:1845:~:$ cat test.c #include typedef struct { int *x; } stL_t; static int x[2] = {5, 10}; static stL_t stL = { x }; int main(int argc, char *argv[]) { printf("%s\n", argv[argc - 1]); printf("%d\n", stL.x[0]); return 0; } WS867:Thu 23:1845:~:$ gcc -Wall -Wextra -o test test.c WS867:Thu 23:1845:~:$ ./test ./test 5 WS867:Thu 23:1845:~:$ splint +checks test.c Splint 3.1.2 --- 07 May 2008 test.c:10:2: Unqualified static storage x used as initial value for implicitly only: stL.x = x Static storage is used as an initial value in an inconsistent way. (Use -staticinittrans to inhibit warning) Finished checking --- 1 code warning -- Jonathan (and Caroline) Jonathan and Caroline Moore JandCMoore at gmail.com (Jonathan) CandJMoore at gmail.com (Caroline) http://jandcmoore.googlepages.com/ From brian.quinlan at iolfree.ie Thu Apr 23 13:51:06 2009 From: brian.quinlan at iolfree.ie (Brian Quinlan) Date: Thu, 23 Apr 2009 21:51:06 +0100 Subject: [splint-discuss] staticinittrans In-Reply-To: <8bf7d05b0904231124m13678853k2f00daa30a38b176@mail.gmail.com> References: <8bf7d05b0904231124m13678853k2f00daa30a38b176@mail.gmail.com> Message-ID: <1240519866.6898.87.camel@russell.lan> On Thu, 2009-04-23 at 19:24 +0100, Jonathan and Caroline Moore wrote: > Splint is a wonderful tool but I could use some help with a few last > +checks warnings in a project. > > Please go easy on me I'm not CompSci just an engineer trying to make > sure the compiler is forced to do what I intend. > > I don't understand the unqualified static, implicitly and inconsistent > way parts of the splint warning. > Hi Jonathan, implicitly only - the x field in the struct is a pointer, which means splint implicitly sets it as /*@only@*/ storage. Unless you explicitly annotate it to be some other storage type, then splint will issue a warning if another variable has a reference to the same memory. Clearly x and stL.x both point to the same memory, so splint complains about this. I'm not sure about the meaning of unqualified storage and inconsistent, but I expect that if you choose the right annotation (only, dependent, owned, etc.) for the source and destination when you're assigning the pointer value, then the problem will go away. The following makes the warning go away, but only you'll know if the dependent annotation is reasonable for your application: typedef struct { /*@dependent@*/int *x; } stL_t; Bye, Brian > Google hasn't helped either - just people saying use -staticinittrans > or other code markup which I feel defeats the point of trying to > understand WHY the static analysis is complaining. > > How do I get around this or initialise a pointer in a struct in a way > that splint likes. Everything I've tried seems to generate an error > similar to these below or warnings about losing memory pointers > without deallocating them > > Deep thanks in advance. > > Jonathan > > P.S. I'd appreciate a cc on any replies - not sure I got the mailer > set up right. > > WS867:Thu 23:1845:~:$ cat test.c > #include > > typedef struct { > int *x; > } stL_t; > > static int x[2] = {5, 10}; > > static stL_t stL = { > x > }; > > > int main(int argc, char *argv[]) { > printf("%s\n", argv[argc - 1]); > printf("%d\n", stL.x[0]); > return 0; > } > WS867:Thu 23:1845:~:$ gcc -Wall -Wextra -o test test.c > WS867:Thu 23:1845:~:$ ./test > ./test > 5 > WS867:Thu 23:1845:~:$ splint +checks test.c > Splint 3.1.2 --- 07 May 2008 > > test.c:10:2: Unqualified static storage x used as initial value for implicitly > only: stL.x = x > Static storage is used as an initial value in an inconsistent way. (Use > -staticinittrans to inhibit warning) > > Finished checking --- 1 code warning > From ok at cs.otago.ac.nz Thu Apr 23 23:41:40 2009 From: ok at cs.otago.ac.nz (Richard O'Keefe) Date: Fri, 24 Apr 2009 18:41:40 +1200 Subject: [splint-discuss] staticinittrans In-Reply-To: <8bf7d05b0904231124m13678853k2f00daa30a38b176@mail.gmail.com> References: <8bf7d05b0904231124m13678853k2f00daa30a38b176@mail.gmail.com> Message-ID: <3B239ABF-D79F-430C-B5AB-9D54D5B76C03@cs.otago.ac.nz> On 24 Apr 2009, at 6:24 am, Jonathan and Caroline Moore wrote: > typedef struct { > int *x; > } stL_t; > > static int x[2] = {5, 10}; > > static stL_t stL = { > x > }; > test.c:10:2: Unqualified static storage x used as initial value for > implicitly > only: stL.x = x > Static storage is used as an initial value in an inconsistent way. > (Use > -staticinittrans to inhibit warning) The big thing to understand is that (1) C is not a garbage collected language, so (2) SPlint takes as one of its main tasks helping you keep track of pointers. It's telling you that in the absence of any declaration to the contrary, it assumes that the .x field of an stL_t points to something that NOTHING else points to (that's what the "only" bit means: this is the only pointer to that), but in fact a static variable can always be referred to anywhere in its source file. In effect, it's asking you to (a) say that x[] is NOT supposed to be referenced anywhere else (which it can then check for you), or (b) say that an_stL_t.x is NOT a unique reference. Why does it matter whether something is an "only" pointer or not? Because if it _is_, it's safe to free() what it points to, nobody else can care, while if it isn't, someone else might have a pointer to the freed thing and try to use it. The SPlint manual has lots of material about pointer annotations, but it may pay you to read the paper that was written when they were introduced so you can understand _why_ they are there. In brief, if all your pointers are properly annotated for SPlint, there's quite a big payoff in reduced pointer mistakes, but a partly annotated program tends to give you lots of confusing messages, and it can be very hard to get all the annotations right if you didn't start off _designing_ for SPlint. partly annotated system From ok at cs.otago.ac.nz Thu Apr 23 23:41:40 2009 From: ok at cs.otago.ac.nz (Richard O'Keefe) Date: Fri, 24 Apr 2009 18:41:40 +1200 Subject: [splint-discuss] staticinittrans In-Reply-To: <8bf7d05b0904231124m13678853k2f00daa30a38b176@mail.gmail.com> References: <8bf7d05b0904231124m13678853k2f00daa30a38b176@mail.gmail.com> Message-ID: <3B239ABF-D79F-430C-B5AB-9D54D5B76C03@cs.otago.ac.nz> On 24 Apr 2009, at 6:24 am, Jonathan and Caroline Moore wrote: > typedef struct { > int *x; > } stL_t; > > static int x[2] = {5, 10}; > > static stL_t stL = { > x > }; > test.c:10:2: Unqualified static storage x used as initial value for > implicitly > only: stL.x = x > Static storage is used as an initial value in an inconsistent way. > (Use > -staticinittrans to inhibit warning) The big thing to understand is that (1) C is not a garbage collected language, so (2) SPlint takes as one of its main tasks helping you keep track of pointers. It's telling you that in the absence of any declaration to the contrary, it assumes that the .x field of an stL_t points to something that NOTHING else points to (that's what the "only" bit means: this is the only pointer to that), but in fact a static variable can always be referred to anywhere in its source file. In effect, it's asking you to (a) say that x[] is NOT supposed to be referenced anywhere else (which it can then check for you), or (b) say that an_stL_t.x is NOT a unique reference. Why does it matter whether something is an "only" pointer or not? Because if it _is_, it's safe to free() what it points to, nobody else can care, while if it isn't, someone else might have a pointer to the freed thing and try to use it. The SPlint manual has lots of material about pointer annotations, but it may pay you to read the paper that was written when they were introduced so you can understand _why_ they are there. In brief, if all your pointers are properly annotated for SPlint, there's quite a big payoff in reduced pointer mistakes, but a partly annotated program tends to give you lots of confusing messages, and it can be very hard to get all the annotations right if you didn't start off _designing_ for SPlint. partly annotated system From D.Jansen at cs.ru.nl Thu Apr 30 13:47:58 2009 From: D.Jansen at cs.ru.nl (David N. Jansen) Date: Thu, 30 Apr 2009 22:47:58 +0200 Subject: [splint-discuss] ensures isnull? Message-ID: <41995178-C172-4346-97BB-9BED85ADD90C@cs.ru.nl> Dear all, I am a bit unsure what to think about the following. Either splint is overly cautious, or there is an execution path that I didn't think of. The following function generates a warning: typedef /*@null@*/ char * char_p; void test2(char_p * param) /*@ensures isnull *param@*/ { while ( *param != NULL ) *param = NULL; return; } test.c: (in function test2) test.c:5:9: Non-null storage *param corresponds to storage listed in ensures isnull clause A possibly null pointer is reachable from a parameter or global variable that is not declared using a /*@null@*/ annotation. (Use -nullstate to inhibit warning) I can make the warning go away by: * placing an additional ``*param = NULL;'' after the loop * replacing the loop by a do ... while loop. Can you make the warning go away without additional code (and without switching the check off either ;) )? David Jansen. From jandcmoore at gmail.com Thu Apr 30 15:03:11 2009 From: jandcmoore at gmail.com (Jonathan and Caroline Moore) Date: Thu, 30 Apr 2009 23:03:11 +0100 Subject: [splint-discuss] ensures isnull? In-Reply-To: <41995178-C172-4346-97BB-9BED85ADD90C@cs.ru.nl> References: <41995178-C172-4346-97BB-9BED85ADD90C@cs.ru.nl> Message-ID: <8bf7d05b0904301503n3a32c302h16c6a9696be3c92a@mail.gmail.com> allington:Thu 30:2302:~:$ cat t.c #include void test2(char *param[]) { while ( *param != NULL ) { *param = NULL; } return; } allington:Thu 30:2302:~:$ gcc -c t.c allington:Thu 30:2302:~:$ splint t.c Splint 3.1.2 --- 07 Nov 2008 Finished checking --- no warnings 2009/4/30 David N. Jansen : > Dear all, > > I am a bit unsure what to think about the following. Either splint is > overly cautious, or there is an execution path that I didn't think > of. The following function generates a warning: > > typedef /*@null@*/ char * char_p; > > void test2(char_p * param) /*@ensures isnull *param@*/ { > ? ? ? ?while ( *param != NULL ) > ? ? ? ? ? ? ? ?*param = NULL; > ? ? ? ?return; > } > > test.c: (in function test2) > test.c:5:9: Non-null storage *param corresponds to storage listed > ? ? ? ? ? ? ? ? ? ? ? ? ? ? in ensures isnull clause > ? A possibly null pointer is reachable from a parameter or global > variable that > ? is not declared using a /*@null@*/ annotation. (Use -nullstate to > inhibit > ? warning) > > I can make the warning go away by: > * placing an additional ``*param = NULL;'' after the loop > * replacing the loop by a do ... while loop. > > Can you make the warning go away without additional code (and without > switching the check off either ;) )? > > David Jansen. > _______________________________________________ > splint-discuss mailing list > splint-discuss at mail.cs.virginia.edu > http://www.cs.virginia.edu/mailman/listinfo/splint-discuss > -- Jonathan (and Caroline) Jonathan and Caroline Moore JandCMoore at gmail.com (Jonathan) CandJMoore at gmail.com (Caroline) http://jandcmoore.googlepages.com/ From D.Jansen at cs.ru.nl Thu Apr 30 16:30:20 2009 From: D.Jansen at cs.ru.nl (David N. Jansen) Date: Fri, 1 May 2009 01:30:20 +0200 Subject: [splint-discuss] ensures isnull? In-Reply-To: <8bf7d05b0904301503n3a32c302h16c6a9696be3c92a@mail.gmail.com> References: <41995178-C172-4346-97BB-9BED85ADD90C@cs.ru.nl> <8bf7d05b0904301503n3a32c302h16c6a9696be3c92a@mail.gmail.com> Message-ID: <82A9D039-DE7C-46B3-9EC5-9D7051507AC3@cs.ru.nl> Caroline or Jonathan, thank you for the quick answer. I see that I simplified my program too much. Actually, the pointer is a member in a structure, so I should have written: #include struct test { int i; /*@null@*/ /*@dependent@*/ char * a; }; void test2(struct test * param) /*@ensures isnull param->a@*/ { while ( param->a != NULL ) param->a = NULL; return; } Now the trick with an array does no longer work... When I change the parameter to ``struct test param[]'', ``struct test (*param)[]'' or ``struct test *param[]'', I still get the error message: test.c:11:9: Non-null storage param[0].a corresponds to storage listed in ensures isnull clause David Jansen, Netherlands. From jandcmoore at gmail.com Thu Apr 30 22:18:00 2009 From: jandcmoore at gmail.com (Jonathan and Caroline Moore) Date: Fri, 1 May 2009 06:18:00 +0100 Subject: [splint-discuss] ensures isnull? In-Reply-To: <82A9D039-DE7C-46B3-9EC5-9D7051507AC3@cs.ru.nl> References: <41995178-C172-4346-97BB-9BED85ADD90C@cs.ru.nl> <8bf7d05b0904301503n3a32c302h16c6a9696be3c92a@mail.gmail.com> <82A9D039-DE7C-46B3-9EC5-9D7051507AC3@cs.ru.nl> Message-ID: <8bf7d05b0904302218q116abb9r167a5003b06ccd2c@mail.gmail.com> allington:Fri 01:0616:~:$ cat t.c #include struct test { int i; /*@null@*//*@dependent@*/char *a; }; void test2(struct test *param) { while ( param->a != NULL ) param->a = NULL; return; } allington:Fri 01:0617:~:$ gcc -c t.c allington:Fri 01:0617:~:$ splint t.c Splint 3.1.2 --- 07 Nov 2008 Finished checking --- no warnings Jonathan 2009/5/1 David N. Jansen : > Caroline or Jonathan, thank you for the quick answer. > I see that I simplified my program too much. Actually, the pointer is > a member in a structure, so I should have written: > > #include > > struct test { > ? ? ? ?int i; > ? ? ? ?/*@null@*/ /*@dependent@*/ char * a; > }; > > void test2(struct test * param) /*@ensures isnull param->a@*/ { > ? ? ? ?while ( param->a != NULL ) > ? ? ? ? ? ? ? ?param->a = NULL; > ? ? ? ?return; > } > > Now the trick with an array does no longer work... When I change the > parameter to ``struct test param[]'', ``struct test (*param)[]'' or > ``struct test *param[]'', I still get the error message: > test.c:11:9: Non-null storage param[0].a corresponds to storage > listed in > ? ? ? ? ? ? ? ? ensures isnull clause > > David Jansen, Netherlands. > _______________________________________________ > splint-discuss mailing list > splint-discuss at mail.cs.virginia.edu > http://www.cs.virginia.edu/mailman/listinfo/splint-discuss > -- Jonathan (and Caroline) Jonathan and Caroline Moore JandCMoore at gmail.com (Jonathan) CandJMoore at gmail.com (Caroline) http://jandcmoore.googlepages.com/