[splint-discuss] Splint and malloc

Phil Longstaff plongstaff at rogers.com
Mon Feb 23 10:32:49 PST 2009 

On February 23, 2009 01:15:43 pm Phil Longstaff wrote:
> On February 23, 2009 04:35:48 am Roland Illig wrote:
> > Phil Longstaff schrieb:
> > > Is there any way of indicating to splint that if a struct with pointers
> > > is malloc'ed and the pointers are given values, that the previous
> > > values don't need to be freed because it is new memory?
> > >
> > > Example:
> > >
> > > typedef struct {
> > >
> > > char* x;
> > >
> > > } struct_t;
> > >
> > > struct_t* s = malloc( sizeof(struct_t) );
> > >
> > > s.x = malloc(10);
> > >
> > > will give a warning that s.x is implied only and hasn't been freed,
> > > leading to memory leak. However, since s is pointing to new storage,
> > > there isn't anything to be freed.
> >
> > The warning wants to tell you that you need to free s->x (not s.x)
> > later. This works for me:
> >
> > #include <assert.h>
> > #include <stdlib.h>
> >
> > typedef struct {
> >         char* x;
> > } struct_t;
> >
> > int main(void)
> > {
> >         struct_t* s;
> >
> >         s = malloc( sizeof(struct_t) );
> >         assert(s != NULL);
> >         s->x = malloc(10);
> >
> >         /* ... */
> >
> >         free(s->x);
> >         free(s);
> >
> >         return 0;
> > }
>
> Yes, I meant s->x not s.x.  I find that I'm asking the wrong question.
>
> 	s = malloc(sizeof(struct_t))
> 	s->x = ...
>
> produces no warnings, whereas
>
> 	s = g_malloc(sizeof(struct_t))
> 	s->x = ...
>
> produces the warning that implicitly only storage s->x is not freed before
> the assignment.  g_malloc() is the version of malloc included in glib on
> linux (library.gnome.org/devel/glib/). Maybe splint knows about malloc and
> that it always returns fresh storage.  Is there any way to tell it that
> g_malloc also returns fresh storage (the same way I can use -booltype to
> tell it that gboolean is a boolean type)?
>
> Phil

I may have an answer.  I downloaded the source and looked at the standard 
library definition and found the /*@out@*/ annotation.

Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20090223/ae3170ca/attachment-0001.html

More information about the splint-discuss mailing list