[splint-discuss] pointer to pointer annotation
Wenzel at bbr-vt.de
Mon Oct 26 23:26:18 PST 2009
Not quite large projects, but it's Real Live(TM): we are using Splint on applications in embedded control which consist of some thousands lines of code.
Its warnings save more time than is needed to annotate or to work around. Especially warnings about dead code, unused variables and functions, erroneous exporting, and (most important) type errors are welcome. Our sources have to be bullet-proof to external inspection. That's why we use Splint with at least "+checks +top-use +slash-slash-comment +all-macros +all-block".
BTW, many warnings can be resolved by careful corrections without any annotation. For example, currently I work on a project with about 6700 LOCs, and it contains just 290 annotations of which 220 are constant declarations.
If you start using Splint right from the beginning, it is no pain. Trying to make Splint happy on an existing project is something I would not try.
Splint is weak in memory and array checks. We often found it reporting false, and often it does not report real errors. Arrays with more than one dimension can't be checked at all. But perhaps this is just because we don't use malloc/free in embedded control... ;-)
Splint can't handle multithreading applications. This is really sad in embedded control with interrupts, or in desktop software with multiple threads. It might be solvable if Splint could be told about multiple "roots" of executions paths. Some compiler work that way to do correct overlaying of variable spaces.
BBR - Baudis Bergmann Rösch
D - 38126 Braunschweig
@: wenzel at bbr-vt.de
AG Braunschweig HRB 3037
Dipl.-Ing. Arne Baudis
Dipl.-Ing. Thomas Bergmann
Dipl.-Ing. Frank-Michael Rösch
DE 114 877 881
More information about the splint-discuss