From shelleyd at kdsolutionsgroup.com  Tue Dec  6 14:38:56 2011
From: shelleyd at kdsolutionsgroup.com (Shelley Dong)
Date: Tue, 6 Dec 2011 14:38:56 -0800
Subject: [splint-discuss] How to ignore multiple files for SPLINT checking?
Message-ID: <2F6468CE4F975A4AA94EF1A4EDAFBECCBB6C237EBF@KDS-MAIL-2009.Silvatechfluidpower.com>

Hi Everyone,

I got a bunch of reported errors on some auto generated codes which we want to separate from the current work scope and come back to later. They are located in one folder directory. I know I can use /*@ignore@*/ and /*@end@*/ to suppress one file or part of it. Is there a way I can suppress all the files in one directory at one time instead of going into each one to insert the annotation.

Thanks for your coming answers,

Shelley

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20111206/4a9c6bc9/attachment.html 

From lholzheid at bihl-wiedemann.de  Tue Dec  6 23:54:01 2011
From: lholzheid at bihl-wiedemann.de (Ludolf Holzheid)
Date: Wed, 7 Dec 2011 08:54:01 +0100
Subject: [splint-discuss] How to ignore multiple files for
	SPLINT	checking?
In-Reply-To: <2F6468CE4F975A4AA94EF1A4EDAFBECCBB6C237EBF@KDS-MAIL-2009.Silvatechfluidpower.com>
References: <2F6468CE4F975A4AA94EF1A4EDAFBECCBB6C237EBF@KDS-MAIL-2009.Silvatechfluidpower.com>
Message-ID: <20111207075400.GA1451@shadow.bihl-wiedemann.de>

On Tue, 2011-12-06 14:38:56 -0800, Shelley Dong wrote:
> Hi Everyone,
> 
> I got a bunch of reported errors on some auto generated codes which
> we want to separate from the current work scope and come back to
> later. They are located in one folder directory.

Shelley,

in case the auto-generated files are modules (i.e. not #included by
other modules), simply skip calling splint on them.

Else, if the auto-generated are #included by some modules you want to
be checked by splint, take a look at the `-sys-dirs? and
`-sys-dir-errors? flags.

HTH,

Ludolf

-- 

---------------------------------------------------------------
Ludolf Holzheid             Tel:    +49 621 339960
Bihl+Wiedemann GmbH         Fax:    +49 621 3392239
Flo?w?rthstra?e 41          e-mail: lholzheid at bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------


From ron.kamzol at atusbv.com  Mon Dec 12 02:50:00 2011
From: ron.kamzol at atusbv.com (Ron Kamzol (Atus B.V.))
Date: Mon, 12 Dec 2011 11:50:00 +0100
Subject: [splint-discuss] Problem using Splint
Message-ID: <CED8601A967FE240A2D4632CB6B2D242016704B687C3@SBSSRV.atusbv.local>

I'm trying to get Splint working with the Keil compiler, but it's given me some problems

In http://www.cs.virginia.edu/pipermail/splint-discuss/2009-August/001389.html two solutions are given for getting rid of the error of the sbit and sfr.

I prefer the solution by adding the following definitions in the splint.rc file:

-Dsfr=volatile unsigned char
-Dsbit=volatile bool

But when implementing this solution I get the following errors when running splint:

Splint 3.1.2 --- 25 Aug 2010

crx.splintrc(3,21): Cannot list files in .splintrc files:
                       unsigned, char, bool (probable missing + or -)
  A flag is not recognized or used in an incorrect way (Use -badflag to inhibit
  warning)
include\CRX.h(154,27): Parse Error: Non-function declaration: code :
    extern byte. (For help on parse errors, see splint -help parseerrors.)
*** Cannot continue.


The content of my crx.plintrc:

-Iinclude
-Dsfr=volatile unsigned char
-Dsbit=volatile bool

Where include is the directory where my header files are located.

What am I missing here?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20111212/272610a5/attachment.html 

From lholzheid at bihl-wiedemann.de  Mon Dec 12 10:04:31 2011
From: lholzheid at bihl-wiedemann.de (Ludolf Holzheid)
Date: Mon, 12 Dec 2011 19:04:31 +0100
Subject: [splint-discuss] Problem using Splint
In-Reply-To: <CED8601A967FE240A2D4632CB6B2D242016704B687C3@SBSSRV.atusbv.local>
References: <CED8601A967FE240A2D4632CB6B2D242016704B687C3@SBSSRV.atusbv.local>
Message-ID: <20111212180431.GA32131@shadow.bihl-wiedemann.de>

On Mon, 2011-12-12 11:50:00 +0100, Ron Kamzol (Atus B.V.) wrote:
> -Iinclude
> -Dsfr=volatile unsigned char
> -Dsbit=volatile bool
> 
> [..]
> 
> What am I missing here?

Ron,

You are missing the double quotation marks (") around
'volatile unsigned char' and 'volatile bool'.

HTH,

Ludolf

-- 

---------------------------------------------------------------
Ludolf Holzheid             Tel:    +49 621 339960
Bihl+Wiedemann GmbH         Fax:    +49 621 3392239
Flo?w?rthstra?e 41          e-mail: lholzheid at bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------


From ycrespin at e-quartz.fr  Wed Dec 21 02:12:21 2011
From: ycrespin at e-quartz.fr (Yves Crespin)
Date: Wed, 21 Dec 2011 11:12:21 +0100
Subject: [splint-discuss] Unreachable code
Message-ID: <CAO4bWbgSQkz2TK0TMkNBatpwr_SEa+7LggS9EFGqhuxpJ=ZpCQ@mail.gmail.com>

Hello,

splint identify some "Unreachable code".
But, this seems incorrect.
How to fix it ?

Thanks and regards,

Yves

$ splint a.c
Splint 3.1.2 --- 03 May 2009

a.c: (in function main)
a.c:75:2: Unreachable code: for (i = 1; i < ...
 This code will never be reached on any possible execution. (Use -unreachable
 to inhibit warning)

Finished checking --- 1 code warning
$

 #include <stdio.h>
1 #include <stdlib.h>
2 #include <stdbool.h>
3 #include <limits.h>
4 #include <errno.h>
5
6 typedef char const *          char_ptr;
7 typedef const char_ptr                const_char_ptr;
8 typedef struct error_messages {
9       /*@observer@*/ const_char_ptr   msg;
10 } error_messages_t;
11
12 static error_messages_t const error_messages[] = {
13      {  "No error" },
14      {  "Operation not permitted" },
15      {  "No such file or directory" },
16      {  "No such process" }
17 };
18
19 /*@alwaysreturns@*/ /*@null@*/ /*@observer@*/ static const_char_ptr
GetErrorMessage(const long errorNumber)
20 /*@globals error_messages@*/
21 {
22      const long nb_messages = (long)(sizeof(error_messages) /
sizeof(*error_messages));
23      if (0<=errorNumber && errorNumber<nb_messages){
24              return error_messages[errorNumber].msg;
25      }
26      return NULL;
27 }
28
29 /*@noreturn@*/ static void DisplayMessage(const long errorNumber)
30 /*@globals error_messages,fileSystem@*/
31 /*@modifies fileSystem@*/
32 {
33     const_char_ptr msg = GetErrorMessage(errorNumber);
34     if(msg != NULL){
35         printf("%s\n", msg);
36     }else{
37      printf("%ld unknown error\n", errorNumber);
38     }
39 }
40
41 /*@alwaysreturns@*/static bool StringToLong(/*@notnull@*/
/*@in@*/const_char_ptr value,/*@returned@*//*out*/long *number)
42 /*@globals errno@*/
43 /*@modifies *number@*/
44 /*@modifies errno@*/
45 {
46      char *  endptr;
47      long    n;
48      *number = 0;
49
50      errno = 0;
51     n = strtol(value, &endptr, 10);
52     if ((errno == ERANGE && (n==LONG_MAX || n==LONG_MIN)) ||
(errno!=0 && n==0)){
53      return false;
54     }
55     if (endptr == value || *endptr != '\0'){
56      return false;
57     }
58     *number = n;
59     return true;
60 }
61
62 /*@alwaysreturns@*/int main(int argc,/*@notnull@*/ /*@in@*/char *argv[])
63 /*@globals error_messages,fileSystem@*/
64 /*@modifies fileSystem@*/
65 /*@requires maxRead(argv) == argc@*/
66 {
67      int i;
68      DisplayMessage(1L);
69      for (i=1;i<argc;i++){
70              long    val = 0;
71              if (StringToLong(argv[i],&val) == true){
72                      DisplayMessage(val);
73              }
74      }
75      return EXIT_SUCCESS;
76 }

<<<<<< cut here >>>>>>
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <limits.h>
#include <errno.h>

typedef char const *            char_ptr;
typedef const char_ptr          const_char_ptr;
typedef struct error_messages {
       /*@observer@*/ const_char_ptr   msg;
} error_messages_t;

static error_messages_t const error_messages[] = {
       {  "No error" },
       {  "Operation not permitted" },
       {  "No such file or directory" },
       {  "No such process" }
};

/*@alwaysreturns@*/ /*@null@*/ /*@observer@*/ static const_char_ptr
GetErrorMessage(const long errorNumber)
/*@globals error_messages@*/
{
       const long nb_messages = (long)(sizeof(error_messages) /
sizeof(*error_messages));
       if (0<=errorNumber && errorNumber<nb_messages){
               return error_messages[errorNumber].msg;
       }
       return NULL;
}

/*@noreturn@*/ static void DisplayMessage(const long errorNumber)
/*@globals error_messages,fileSystem@*/
/*@modifies fileSystem@*/
{
   const_char_ptr msg = GetErrorMessage(errorNumber);
   if(msg != NULL){
       printf("%s\n", msg);
   }else{
       printf("%ld unknown error\n", errorNumber);
   }
}

/*@alwaysreturns@*/static bool StringToLong(/*@notnull@*/
/*@in@*/const_char_ptr value,/*@returned@*//*out*/long *number)
/*@globals errno@*/
/*@modifies *number@*/
/*@modifies errno@*/
{
       char *  endptr;
       long    n;
       *number = 0;

       errno = 0;
   n = strtol(value, &endptr, 10);
   if ((errno == ERANGE && (n==LONG_MAX || n==LONG_MIN)) || (errno!=0 && n==0)){
       return false;
   }
   if (endptr == value || *endptr != '\0'){
       return false;
   }
   *number = n;
   return true;
}

/*@alwaysreturns@*/int main(int argc,/*@notnull@*/ /*@in@*/char *argv[])
/*@globals error_messages,fileSystem@*/
/*@modifies fileSystem@*/
/*@requires maxRead(argv) == argc@*/
{
       int i;
       DisplayMessage(1L);
       for (i=1;i<argc;i++){
               long    val = 0;
               if (StringToLong(argv[i],&val) == true){
                       DisplayMessage(val);
               }
       }
       return EXIT_SUCCESS;
}
<<<<<< cut here >>>>>>

From ycrespin at e-quartz.fr  Wed Dec 21 02:13:33 2011
From: ycrespin at e-quartz.fr (Yves Crespin)
Date: Wed, 21 Dec 2011 11:13:33 +0100
Subject: [splint-discuss] unable to configure maxRead and maxSet
Message-ID: <CAO4bWbgf1JTw0ru-1rJrh=MoDXWk40e3bt2m50th0SxDCZYQDQ@mail.gmail.com>

Hello,

I'm new with bounds checking.
I've solve maxRead with argv but I'm unable to setup maxRead and
maxSet for other pointer use.

May somebody provide a way to fix it ?

Thanks and regards,

Yves

$ splint +strict a.c
Splint 3.1.2 --- 03 May 2009

a.c: (in function GetErrorMessage)
a.c:25:10: Possible out-of-bounds read: error_messages[errorNumber]
   Unable to resolve constraint:
   requires maxRead(error_messages @ a.c:25:10) >= errorNumber @ a.c:25:25
    needed to satisfy precondition:
   requires maxRead(error_messages @ a.c:25:10) >= errorNumber @ a.c:25:25
 A memory read references memory beyond the allocated storage. (Use
 -boundsread to inhibit warning)
a.c: (in function StringToLong)
a.c:56:28: Possible out-of-bounds read: *endptr
   Unable to resolve constraint:
   requires maxRead(endptr @ a.c:56:29) >= 0
    needed to satisfy precondition:
   requires maxRead(endptr @ a.c:56:29) >= 0
a.c:59:5: Possible out-of-bounds store: *number
   Unable to resolve constraint:
   requires maxSet(number @ a.c:59:6) >= 0
    needed to satisfy precondition:
   requires maxSet(number @ a.c:59:6) >= 0
 A memory write may write to an address beyond the allocated buffer. (Use
 -boundswrite to inhibit warning)
a.c: (in function main)
a.c:75:2: Unreachable code: for (i = 1; i < ...
 This code will never be reached on any possible execution. (Use -unreachable
 to inhibit warning)

Finished checking --- 4 code warnings
$

 #include <stdio.h>
1 #include <stdlib.h>
2 #include <stdbool.h>
3 #include <limits.h>
4 #include <errno.h>
5
6 typedef char const *          char_ptr;
7 typedef const char_ptr                const_char_ptr;
8 typedef struct error_messages {
9       /*@observer@*/ const_char_ptr   msg;
10 } error_messages_t;
11
12 static error_messages_t const error_messages[] = {
13      {  "No error" },
14      {  "Operation not permitted" },
15      {  "No such file or directory" },
16      {  "No such process" }
17 };
18
19 /*@alwaysreturns@*/ /*@null@*/ /*@observer@*/ static const_char_ptr
GetErrorMessage(const long errorNumber)
20 /*@globals error_messages@*/
21 {
22      const long nb_messages = (long)(sizeof(error_messages) /
sizeof(*error_messages));
23      if (0<=errorNumber && errorNumber<nb_messages){
24              return error_messages[errorNumber].msg;
25      }
26      return NULL;
27 }
28
29 /*@noreturn@*/ static void DisplayMessage(const long errorNumber)
30 /*@globals error_messages,fileSystem@*/
31 /*@modifies fileSystem@*/
32 {
33     const_char_ptr msg = GetErrorMessage(errorNumber);
34     if(msg != NULL){
35         printf("%s\n", msg);
36     }else{
37      printf("%ld unknown error\n", errorNumber);
38     }
39 }
40
41 /*@alwaysreturns@*/static bool
StringToLong(/*@notnull@*//*@in@*/const_char_ptr
value,/*@returned@*//*out*/long *number)
42 /*@globals errno@*/
43 /*@modifies *number@*/
44 /*@modifies errno@*/
45 {
46      char *  endptr;
47      long    n;
48      *number = 0;
49
50      errno = 0;
51     n = strtol(value, &endptr, 10);
52     if ((errno == ERANGE && (n==LONG_MAX || n==LONG_MIN)) ||
(errno!=0 && n==0)){
53      return false;
54     }
55     if (endptr == value || *endptr != '\0'){
56      return false;
57     }
58     *number = n;
59     return true;
60 }
61
62 /*@alwaysreturns@*/int main(int argc,/*@notnull@*/ /*@in@*/char *argv[])
63 /*@globals error_messages,fileSystem@*/
64 /*@modifies fileSystem@*/
65 /*@requires maxRead(argv) == argc@*/
66 {
67      int i;
68      DisplayMessage(1L);
69      for (i=1;i<argc;i++){
70              long    val = 0;
71              if (StringToLong(argv[i],&val) == true){
72                      DisplayMessage(val);
73              }
74      }
75      return EXIT_SUCCESS;
76 }

<<<<<< cut here >>>>>>
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <limits.h>
#include <errno.h>

typedef char const *            char_ptr;
typedef const char_ptr          const_char_ptr;
typedef struct error_messages {
       /*@observer@*/ const_char_ptr   msg;
} error_messages_t;

static error_messages_t const error_messages[] = {
       {  "No error" },
       {  "Operation not permitted" },
       {  "No such file or directory" },
       {  "No such process" }
};

/*@alwaysreturns@*/ /*@null@*/ /*@observer@*/ static const_char_ptr
GetErrorMessage(const long errorNumber)
/*@globals error_messages@*/
{
       const long nb_messages = (long)(sizeof(error_messages) /
sizeof(*error_messages));
       if (0<=errorNumber && errorNumber<nb_messages){
               return error_messages[errorNumber].msg;
       }
       return NULL;
}

/*@noreturn@*/ static void DisplayMessage(const long errorNumber)
/*@globals error_messages,fileSystem@*/
/*@modifies fileSystem@*/
{
   const_char_ptr msg = GetErrorMessage(errorNumber);
   if(msg != NULL){
       printf("%s\n", msg);
   }else{
       printf("%ld unknown error\n", errorNumber);
   }
}

/*@alwaysreturns@*/static bool StringToLong(/*@notnull@*/
/*@in@*/const_char_ptr value,/*@returned@*//*out*/long *number)
/*@globals errno@*/
/*@modifies *number@*/
/*@modifies errno@*/
{
       char *  endptr;
       long    n;
       *number = 0;

       errno = 0;
   n = strtol(value, &endptr, 10);
   if ((errno == ERANGE && (n==LONG_MAX || n==LONG_MIN)) || (errno!=0
&& n==0)){
       return false;
   }
   if (endptr == value || *endptr != '\0'){
       return false;
   }
   *number = n;
   return true;
}

/*@alwaysreturns@*/int main(int argc,/*@notnull@*/ /*@in@*/char *argv[])
/*@globals error_messages,fileSystem@*/
/*@modifies fileSystem@*/
/*@requires maxRead(argv) == argc@*/
{
       int i;
       DisplayMessage(1L);
       for (i=1;i<argc;i++){
               long    val = 0;
               if (StringToLong(argv[i],&val) == true){
                       DisplayMessage(val);
               }
       }
       return EXIT_SUCCESS;
}
<<<<<< cut here >>>>>>

From yves.crespin at e-quartz.fr  Wed Dec 21 02:10:39 2011
From: yves.crespin at e-quartz.fr (Yves Crespin)
Date: Wed, 21 Dec 2011 11:10:39 +0100
Subject: [splint-discuss] unable to configure maxRead and maxSet
Message-ID: <CAO4bWbi=4FxfHkZwVP80fYU2F49F+StYgKCR_nFDTSbhCS9CzA@mail.gmail.com>

Hello,

I'm new with bounds checking.
I've solve maxRead with argv but I'm unable to setup maxRead and
maxSet for other pointer use.

May somebody provide a way to fix it ?

Thanks and regards,

Yves

$?splint?+strict a.c
Splint?3.1.2 --- 03 May 2009

a.c: (in function GetErrorMessage)
a.c:25:10: Possible out-of-bounds read: error_messages[errorNumber]
? ?Unable to resolve constraint:
? ?requires maxRead(error_messages @ a.c:25:10) >= errorNumber @ a.c:25:25
? ? needed to satisfy precondition:
? ?requires maxRead(error_messages @ a.c:25:10) >= errorNumber @ a.c:25:25
?A memory read references memory beyond the allocated storage. (Use
?-boundsread to inhibit warning)
a.c: (in function StringToLong)
a.c:56:28: Possible out-of-bounds read: *endptr
? ?Unable to resolve constraint:
? ?requires maxRead(endptr @ a.c:56:29) >= 0
? ? needed to satisfy precondition:
? ?requires maxRead(endptr @ a.c:56:29) >= 0
a.c:59:5: Possible out-of-bounds store: *number
? ?Unable to resolve constraint:
? ?requires maxSet(number @ a.c:59:6) >= 0
? ? needed to satisfy precondition:
? ?requires maxSet(number @ a.c:59:6) >= 0
?A memory write may write to an address beyond the allocated buffer. (Use
?-boundswrite to inhibit warning)
a.c: (in function main)
a.c:75:2: Unreachable code: for (i = 1; i < ...
?This code will never be reached on any possible execution. (Use -unreachable
?to inhibit warning)

Finished checking --- 4 code warnings
$

?#include <stdio.h>
1 #include <stdlib.h>
2 #include <stdbool.h>
3 #include <limits.h>
4 #include <errno.h>
5
6 typedef char const * ? ? ? ? ?char_ptr;
7 typedef const char_ptr ? ? ? ? ? ? ? ?const_char_ptr;
8 typedef struct error_messages {
9 ? ? ? /*@observer@*/ const_char_ptr ? msg;
10 } error_messages_t;
11
12 static error_messages_t const error_messages[] = {
13 ? ? ?{ ?"No error" },
14 ? ? ?{ ?"Operation not permitted" },
15 ? ? ?{ ?"No such file or directory" },
16 ? ? ?{ ?"No such process" }
17 };
18
19 /*@alwaysreturns@*/ /*@null@*/ /*@observer@*/ static const_char_ptr
GetErrorMessage(const long errorNumber)
20 /*@globals error_messages@*/
21 {
22 ? ? ?const long nb_messages = (long)(sizeof(error_messages) /
sizeof(*error_messages));
23 ? ? ?if (0<=errorNumber && errorNumber<nb_messages){
24 ? ? ? ? ? ? ?return error_messages[errorNumber].msg;
25 ? ? ?}
26 ? ? ?return NULL;
27 }
28
29 /*@noreturn@*/ static void DisplayMessage(const long errorNumber)
30 /*@globals error_messages,fileSystem@*/
31 /*@modifies fileSystem@*/
32 {
33 ? ? const_char_ptr msg = GetErrorMessage(errorNumber);
34 ? ? if(msg != NULL){
35 ? ? ? ? printf("%s\n", msg);
36 ? ? }else{
37 ? ? ?printf("%ld unknown error\n", errorNumber);
38 ? ? }
39 }
40
41 /*@alwaysreturns@*/static bool
StringToLong(/*@notnull@*//*@in@*/const_char_ptr
value,/*@returned@*//*out*/long *number)
42 /*@globals errno@*/
43 /*@modifies *number@*/
44 /*@modifies errno@*/
45 {
46 ? ? ?char * ?endptr;
47 ? ? ?long ? ?n;
48 ? ? ?*number = 0;
49
50 ? ? ?errno = 0;
51 ? ? n = strtol(value, &endptr, 10);
52 ? ? if ((errno == ERANGE && (n==LONG_MAX || n==LONG_MIN)) ||
(errno!=0 && n==0)){
53 ? ? ?return false;
54 ? ? }
55 ? ? if (endptr == value || *endptr != '\0'){
56 ? ? ?return false;
57 ? ? }
58 ? ? *number = n;
59 ? ? return true;
60 }
61
62 /*@alwaysreturns@*/int main(int argc,/*@notnull@*/ /*@in@*/char *argv[])
63 /*@globals error_messages,fileSystem@*/
64 /*@modifies fileSystem@*/
65 /*@requires maxRead(argv) == argc@*/
66 {
67 ? ? ?int i;
68 ? ? ?DisplayMessage(1L);
69 ? ? ?for (i=1;i<argc;i++){
70 ? ? ? ? ? ? ?long ? ?val = 0;
71 ? ? ? ? ? ? ?if (StringToLong(argv[i],&val) == true){
72 ? ? ? ? ? ? ? ? ? ? ?DisplayMessage(val);
73 ? ? ? ? ? ? ?}
74 ? ? ?}
75 ? ? ?return EXIT_SUCCESS;
76 }

<<<<<< cut here >>>>>>
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <limits.h>
#include <errno.h>

typedef char const * ? ? ? ? ? ?char_ptr;
typedef const char_ptr ? ? ? ? ?const_char_ptr;
typedef struct error_messages {
? ? ? ?/*@observer@*/ const_char_ptr ? msg;
} error_messages_t;

static error_messages_t const error_messages[] = {
? ? ? ?{ ?"No error" },
? ? ? ?{ ?"Operation not permitted" },
? ? ? ?{ ?"No such file or directory" },
? ? ? ?{ ?"No such process" }
};

/*@alwaysreturns@*/ /*@null@*/ /*@observer@*/ static const_char_ptr
GetErrorMessage(const long errorNumber)
/*@globals error_messages@*/
{
? ? ? ?const long nb_messages = (long)(sizeof(error_messages) /
sizeof(*error_messages));
? ? ? ?if (0<=errorNumber && errorNumber<nb_messages){
? ? ? ? ? ? ? ?return error_messages[errorNumber].msg;
? ? ? ?}
? ? ? ?return NULL;
}

/*@noreturn@*/ static void DisplayMessage(const long errorNumber)
/*@globals error_messages,fileSystem@*/
/*@modifies fileSystem@*/
{
? ?const_char_ptr msg = GetErrorMessage(errorNumber);
? ?if(msg != NULL){
? ? ? ?printf("%s\n", msg);
? ?}else{
? ? ? ?printf("%ld unknown error\n", errorNumber);
? ?}
}

/*@alwaysreturns@*/static bool StringToLong(/*@notnull@*/
/*@in@*/const_char_ptr value,/*@returned@*//*out*/long *number)
/*@globals errno@*/
/*@modifies *number@*/
/*@modifies errno@*/
{
? ? ? ?char * ?endptr;
? ? ? ?long ? ?n;
? ? ? ?*number = 0;

? ? ? ?errno = 0;
? ?n = strtol(value, &endptr, 10);
? ?if ((errno == ERANGE && (n==LONG_MAX || n==LONG_MIN)) || (errno!=0
&& n==0)){
? ? ? ?return false;
? ?}
? ?if (endptr == value || *endptr != '\0'){
? ? ? ?return false;
? ?}
? ?*number = n;
? ?return true;
}

/*@alwaysreturns@*/int main(int argc,/*@notnull@*/ /*@in@*/char *argv[])
/*@globals error_messages,fileSystem@*/
/*@modifies fileSystem@*/
/*@requires maxRead(argv) == argc@*/
{
? ? ? ?int i;
? ? ? ?DisplayMessage(1L);
? ? ? ?for (i=1;i<argc;i++){
? ? ? ? ? ? ? ?long ? ?val = 0;
? ? ? ? ? ? ? ?if (StringToLong(argv[i],&val) == true){
? ? ? ? ? ? ? ? ? ? ? ?DisplayMessage(val);
? ? ? ? ? ? ? ?}
? ? ? ?}
? ? ? ?return EXIT_SUCCESS;
}
<<<<<< cut here >>>>>>

yves crespin
t. +33.(0)6.86.42.86.81


From stephan.lokum at ifm.com  Wed Dec 21 03:07:01 2011
From: stephan.lokum at ifm.com (stephan.lokum at ifm.com)
Date: Wed, 21 Dec 2011 12:07:01 +0100
Subject: [splint-discuss] =?iso-8859-1?q?Stephan_Lokum_ist_au=DFer_Haus=2E?=
Message-ID: <OFA37D7A22.1BBADC20-ONC125796D.003D1167-C125796D.003D1167@ifm-electronic.com>


Ich werde ab  16.12.2011 nicht im B?ro sein. Ich kehre zur?ck am
02.01.2012.

in dringenden F?llen aber unter slok.mobile at googlemail.com erreichbar.



From Wenzel at bbr-vt.de  Wed Dec 21 03:10:52 2011
From: Wenzel at bbr-vt.de (Wenzel, Bodo)
Date: Wed, 21 Dec 2011 12:10:52 +0100
Subject: [splint-discuss] Unreachable code
In-Reply-To: <CAO4bWbgSQkz2TK0TMkNBatpwr_SEa+7LggS9EFGqhuxpJ=ZpCQ@mail.gmail.com>
References: <CAO4bWbgSQkz2TK0TMkNBatpwr_SEa+7LggS9EFGqhuxpJ=ZpCQ@mail.gmail.com>
Message-ID: <46B6459B655D7342AB97371E8B7CD8B801A51E07@sv-exch.BBR.local>

Yves,

The annotation /*@noreturn@*/ at the function DisplayMessage() means
that this function does NOT return. Therefore Splint's conclusion is
correct.

Anyway, your code looks a bit over-annotated to me...

Concerning the memory bounds checks, my experiences with Splint are
mixed. Some things work, some don't (either way, no reports on erroneous
code and reports on correct code), and so we gave up using Splint for
memory bounds checks. Additionally Splint can't handle more than one
dimension...

HTH,
Bodo



From yves.crespin at e-quartz.fr  Wed Dec 21 05:56:30 2011
From: yves.crespin at e-quartz.fr (Yves Crespin)
Date: Wed, 21 Dec 2011 14:56:30 +0100
Subject: [splint-discuss] Unreachable code
In-Reply-To: <46B6459B655D7342AB97371E8B7CD8B801A51E07@sv-exch.BBR.local>
References: <CAO4bWbgSQkz2TK0TMkNBatpwr_SEa+7LggS9EFGqhuxpJ=ZpCQ@mail.gmail.com>
	<46B6459B655D7342AB97371E8B7CD8B801A51E07@sv-exch.BBR.local>
Message-ID: <CAO4bWbgktMXiRtOabafspdWep-aUhWqVCNuPzPvod=xf72+YhQ@mail.gmail.com>

Hi Bodo,

I set a lot of annotations for test purpose. I want to check how far I can
go with splint.
So I have done some check with the -strict option.
In another hand, I can't ask to developper to add all this stuff.

Thanks for your feed-back on splint.

Do you use another static code analyzer ?

Regards,

Yves

For the message splint message, I'm not agreed with you.
It's appended in the main fonction at line 75.
And the main have the annotation "alwaysreturns" which is true.

As far as I can understand, if a sub-function have the "noreturn"
annotation, this overwrite the caller.

a.c: (in function main)
a.c:75:2: Unreachable code: for (i = 1; i < ...
 This code will never be reached on any possible execution. (Use
-unreachable
 to inhibit warning)

62 /*@alwaysreturns@*/int main(int argc,/*@notnull@*/ /*@in@*/char *argv[])
63 /*@globals error_messages,fileSystem@*/
64 /*@modifies fileSystem@*/
65 /*@requires maxRead(argv) == argc@*/
66 {
67      int i;
68      DisplayMessage(1L);
69      for (i=1;i<argc;i++){
70              long    val = 0;
71              if (StringToLong(argv[i],&val) == true){
72                      DisplayMessage(val);
73              }
74      }
75      return EXIT_SUCCESS;
76 }


2011/12/21 Wenzel, Bodo <Wenzel at bbr-vt.de>

> Yves,
>
> The annotation /*@noreturn@*/ at the function DisplayMessage() means
> that this function does NOT return. Therefore Splint's conclusion is
> correct.
>
> Anyway, your code looks a bit over-annotated to me...
>
> Concerning the memory bounds checks, my experiences with Splint are
> mixed. Some things work, some don't (either way, no reports on erroneous
> code and reports on correct code), and so we gave up using Splint for
> memory bounds checks. Additionally Splint can't handle more than one
> dimension...
>
> HTH,
> Bodo
>
>
> _______________________________________________
> splint-discuss mailing list
> splint-discuss at mail.cs.virginia.edu
> http://www.cs.virginia.edu/mailman/listinfo/splint-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20111221/47e45203/attachment.html 

From Wenzel at bbr-vt.de  Wed Dec 21 06:19:29 2011
From: Wenzel at bbr-vt.de (Wenzel, Bodo)
Date: Wed, 21 Dec 2011 15:19:29 +0100
Subject: [splint-discuss] Unreachable code
In-Reply-To: <CAO4bWbgktMXiRtOabafspdWep-aUhWqVCNuPzPvod=xf72+YhQ@mail.gmail.com>
References: <CAO4bWbgSQkz2TK0TMkNBatpwr_SEa+7LggS9EFGqhuxpJ=ZpCQ@mail.gmail.com><46B6459B655D7342AB97371E8B7CD8B801A51E07@sv-exch.BBR.local>
	<CAO4bWbgktMXiRtOabafspdWep-aUhWqVCNuPzPvod=xf72+YhQ@mail.gmail.com>
Message-ID: <46B6459B655D7342AB97371E8B7CD8B801A51E70@sv-exch.BBR.local>

> In another hand, I can't ask to developper to add all this stuff.

We handle this situation like this: Splint is called with ?+checks? (and few other switches like ?+all-block?) on the full set of sources after the linker. If it moans, the developer is responsible to correct her code or to annotate the source.

 

> Do you use another static code analyzer ?

None but ?-Wall ?W ?Werror? with GCC. ;-)

 

> For the message splint message, I'm not agreed with you.

The annotation /*@noreturn@*/ tells Splint that the function does not return, regardless of the calling function or its annotation. It is needed for example when something like exit() is called. We use this annotation at the same functions that hold the GCC annotation ?__attribute__((noreturn))?. Please see section 8.1 of the manual.

 

Bodo

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20111221/d517253f/attachment-0001.html 

From yves.crespin at e-quartz.fr  Fri Dec 23 01:51:59 2011
From: yves.crespin at e-quartz.fr (Yves Crespin)
Date: Fri, 23 Dec 2011 10:51:59 +0100
Subject: [splint-discuss] Unreachable code
In-Reply-To: <46B6459B655D7342AB97371E8B7CD8B801A51E70@sv-exch.BBR.local>
References: <CAO4bWbgSQkz2TK0TMkNBatpwr_SEa+7LggS9EFGqhuxpJ=ZpCQ@mail.gmail.com>
	<46B6459B655D7342AB97371E8B7CD8B801A51E07@sv-exch.BBR.local>
	<CAO4bWbgktMXiRtOabafspdWep-aUhWqVCNuPzPvod=xf72+YhQ@mail.gmail.com>
	<46B6459B655D7342AB97371E8B7CD8B801A51E70@sv-exch.BBR.local>
Message-ID: <CAO4bWbjO66Z_BvZWG_Vt5-A42QVeN7Afyd3tkYqU-O__4Vk04Q@mail.gmail.com>

Thanks, I misunderstand the annotation /*@noreturn@*/.
Can you list the flags you used ?

Thanks again and regards,

Yves

2011/12/21 Wenzel, Bodo <Wenzel at bbr-vt.de>

> > In another hand, I can't ask to developper to add all this stuff.****
>
> We handle this situation like this: Splint is called with ?+checks? (and
> few other switches like ?+all-block?) on the full set of sources after the
> linker. If it moans, the developer is responsible to correct her code or to
> annotate the source.****
>
> ** **
>
> > Do you use another static code analyzer ?****
>
> None but ?-Wall ?W ?Werror? with GCC. ;-)****
>
> ** **
>
> > For the message splint message, I'm not agreed with you.****
>
> The annotation /*@noreturn@*/ tells Splint that the function does not
> return, regardless of the calling function or its annotation. It is needed
> for example when something like exit() is called. We use this annotation at
> the same functions that hold the GCC annotation
> ?__attribute__((noreturn))?. Please see section 8.1 of the manual.****
>
> ** **
>
> Bodo****
>
> ** **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20111223/98e20fd2/attachment.html