[splint-discuss] Variable argument type checking
Richard O'Keefe
ok at cs.otago.ac.nz
Wed Mar 18 20:08:16 PST 2009
On 18 Mar 2009, at 8:05 pm, Roland Illig wrote:
> Richard O'Keefe schrieb:
>> I don't know the context in which this is used.
>> Clearly, however, there are going to be very few
>> occasions where the caller does not know what to pass.
>
> The ioctl(2) function on Unix-like systems is the primary example of
> this calling style.
>
> int ioctl(int filedes, int request, ...);
which is a perfect example of what I said:
the *caller* knows what to pass. You just don't
find arbitrary expressions for the request. The
request is always (in practice) a fixed name.
>
>
> The request argument can be from thousands of predefined constants,
> which also differ among the operating systems.
In fact this is precisely why you cannot annotate ioctl(),
and why creating your own wrapper function for each use is
the *right* thing to do.
> So it is not easy to list
> all cases in a platform-neutral program like Splint.
Nobody was suggesting that it could or should.
But each *program* can list *all the cases it uses*,
and in fact this is something you want to do *anyway*
in order to get a little bit of type checking out of
your C compiler.
It's a good rule of thumb that a C program should
never have a "bare" call to ioctl() except in the body
of a "wrapper" function or macro.
The *printf and *scanf family, of course, have their
own special rules that Splint knows about, but it would
be nice if it new about the new C99 format stuff.
More information about the splint-discuss
mailing list