From gyozo.papp at thyssenkrupp.com Wed Jun 1 09:52:51 2011 From: gyozo.papp at thyssenkrupp.com (=?windows-1250?B?R3n1evUgUGFwcA==?=) Date: Wed, 1 Jun 2011 15:52:51 +0200 Subject: [splint-discuss] custom annotation to check nonlocal pointers Message-ID: Hi everyone, in an already running project we have to select all memory write operations for further analysis where the destination address is pointed by a 'global' pointer without const qualifier. Warnings should be generated whenever a write operation to an address pointed by a non-const global pointer is detected unless it is protected otherwise. Background: the purpose of this analysis is to fulfill ISO26262 requirements (it is an automotive safety standard, currently in working draft phase). In our system, we have to deal with the pain that some third party SW components are not qualified against any safety standard at all. Unfortunately no access to the source of those third party modules, so annotation cannot be added to them. So instead, various tricky countermeasures must be added to our code in order to prevent any corruption of our own variables by those third parties or at least detect such mishaps. Due to whatever reasons (satisfying customer, meets the safety standard, previous experience, etc) we cannot exclude that an unqualified part of the software may overwrite a memory location where a safety-critical variable is happened to be stored. Fortunately,'const' qualified variables are sorted out into the read-only memory segment (ie. flash ROM) by the compiler / linker, so adding "const" (whenever is possible) is considered as a cheap safety countermeasure. Example for better understanding: int * cont safe = (int *)0x1000U; int *risky = NULL; int main (int argc, char* dontcare1[]) { char *dontcare2 = ...; *safe = -1; *risky = 1; } Some rules are (sloppily phrased in hurry): * Variables on stack (eg. dontcares above) are not relevant because the OS is non-preemptive. * Focus on 'global' variables first, that is defined outside of any function (either static or extern), and particularly pointers this time. * A write attempt to a location pointed by const pointer (safe) is OK because the correctness of the content of that pointer can be guaranteed. (It is stored in ROM, cannot be damaged by other SW component.) * A write attempt to a location pointed by non-const pointer (risky) must emit a warning because the content of that variable may be tampered previously by an untrustworthy third party. (Note: a write attempt to a location pointed by non-const pointer (risky) is allowed only if the pointer is guarded by other countermeasures, eg. bitwise inverted storage of the memory address somewhere else.) I'd like to know if it or something similar can be accomplished by splint and splint itself is suitable enough to do such things. Please admit that I'm trying to find a solution which has the least possible source code impact because the implementation is nearly finished. Although I had no deep knowledge how to use splint, my first thought was it could be the right tool because of its capability of transfering, merging various attributes and transitions, so less direct cases can be discovered easily. Any help is welcome and appreciated. -- Best regards, Gyozo Papp As you are aware, messages sent by eMail can be manipulated or diverted by third parties. If not mentioned otherwise our eMail messages are generally not legally binding. This electronic message (including any attachments) contains confidential information and may be legally privileged or otherwise protected from disclosure and as such is intended only for the use by the intended recipients. Please be aware that any unauthorized disclosure, copy, distribution or use of the contents of this message is expressly prohibited. If you have received this eMail in error please understand that you must not copy this eMail or any attachment or disclose the contents to any other person. Please notify me immediately by reply eMail and delete this message and any attachments from your system. Thank you for your cooperation. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20110601/e8005d5a/attachment.html From Forrest.Sun at med.ge.com Wed Jun 1 19:14:35 2011 From: Forrest.Sun at med.ge.com (Sun, Forrest (GE Healthcare)) Date: Wed, 1 Jun 2011 19:14:35 -0400 Subject: [splint-discuss] static analysis tool Message-ID: <8BC7D3BD84751245B2EF0731B37F02F20EE43EB3@ALPMLVEM07.e2k.ad.ge.com> > Take a look at SciTools Understand - http://www.scitools.com/ Have seen the result of understand tool recently. Report metrics show code complexity which gives a start point where to tackle. > Would that be: United States Patent 7,900,193 "System and method for detecting defects in a computer program using data and control flow analysis"? > I cannot see anything new here. I had a typo in original email. It's "pattern-based" rather than "patent(rule)-based". Forrest From Forrest.Sun at med.ge.com Wed Jun 1 19:14:35 2011 From: Forrest.Sun at med.ge.com (Sun, Forrest (GE Healthcare)) Date: Wed, 1 Jun 2011 19:14:35 -0400 Subject: [splint-discuss] static analysis tool Message-ID: <8BC7D3BD84751245B2EF0731B37F02F20EE43EB3@ALPMLVEM07.e2k.ad.ge.com> > Take a look at SciTools Understand - http://www.scitools.com/ Have seen the result of understand tool recently. Report metrics show code complexity which gives a start point where to tackle. > Would that be: United States Patent 7,900,193 "System and method for detecting defects in a computer program using data and control flow analysis"? > I cannot see anything new here. I had a typo in original email. It's "pattern-based" rather than "patent(rule)-based". Forrest From ok at cs.otago.ac.nz Thu Jun 2 00:05:36 2011 From: ok at cs.otago.ac.nz (Richard O'Keefe) Date: Thu, 2 Jun 2011 16:05:36 +1200 Subject: [splint-discuss] custom annotation to check nonlocal pointers In-Reply-To: References: Message-ID: <60494DD6-B953-4600-A1A1-1D2F83E92DF5@cs.otago.ac.nz> On 2/06/2011, at 1:52 AM, Gy?z? Papp wrote: > Hi everyone, > > in an already running project we have to select all memory write operations for further analysis where the destination address is pointed by a 'global' pointer without const qualifier. Warnings should be generated whenever a write operation to an address pointed by a non-const global pointer is detected unless it is protected otherwise. > > Background: the purpose of this analysis is to fulfill ISO26262 requirements (it is an automotive safety standard, currently in working draft phase). You might also find Ivy CC (http://ivy.cs.berkeley.edu/ivywiki/index.php/Main/Ivy) of interest. You might be able to find someone to help you add the check you want to that. Some rules are (sloppily phrased in hurry): > > * Variables on stack (eg. dontcares above) are not relevant because the OS is non-preemptive. > * Focus on 'global' variables first, that is defined outside of any function (either static or extern), and particularly pointers this time. > * A write attempt to a location pointed by const pointer (safe) is OK because the correctness of the content of that pointer can be guaranteed. (It is stored in ROM, cannot be damaged by other SW component.) Which is surely why such a write attempt is *NOT* ok. It cannot work. From ok at cs.otago.ac.nz Thu Jun 2 00:05:36 2011 From: ok at cs.otago.ac.nz (Richard O'Keefe) Date: Thu, 2 Jun 2011 16:05:36 +1200 Subject: [splint-discuss] custom annotation to check nonlocal pointers In-Reply-To: References: Message-ID: <60494DD6-B953-4600-A1A1-1D2F83E92DF5@cs.otago.ac.nz> On 2/06/2011, at 1:52 AM, Gy?z? Papp wrote: > Hi everyone, > > in an already running project we have to select all memory write operations for further analysis where the destination address is pointed by a 'global' pointer without const qualifier. Warnings should be generated whenever a write operation to an address pointed by a non-const global pointer is detected unless it is protected otherwise. > > Background: the purpose of this analysis is to fulfill ISO26262 requirements (it is an automotive safety standard, currently in working draft phase). You might also find Ivy CC (http://ivy.cs.berkeley.edu/ivywiki/index.php/Main/Ivy) of interest. You might be able to find someone to help you add the check you want to that. Some rules are (sloppily phrased in hurry): > > * Variables on stack (eg. dontcares above) are not relevant because the OS is non-preemptive. > * Focus on 'global' variables first, that is defined outside of any function (either static or extern), and particularly pointers this time. > * A write attempt to a location pointed by const pointer (safe) is OK because the correctness of the content of that pointer can be guaranteed. (It is stored in ROM, cannot be damaged by other SW component.) Which is surely why such a write attempt is *NOT* ok. It cannot work. From ok at cs.otago.ac.nz Thu Jun 2 19:07:45 2011 From: ok at cs.otago.ac.nz (Richard O'Keefe) Date: Fri, 3 Jun 2011 11:07:45 +1200 Subject: [splint-discuss] static analysis tool In-Reply-To: <8BC7D3BD84751245B2EF0731B37F02F20EE43EB3@ALPMLVEM07.e2k.ad.ge.com> References: <8BC7D3BD84751245B2EF0731B37F02F20EE43EB3@ALPMLVEM07.e2k.ad.ge.com> Message-ID: <155AE45F-487A-4505-AD50-C1E64CE14833@cs.otago.ac.nz> On 2/06/2011, at 11:14 AM, Sun, Forrest (GE Healthcare) wrote: >> Take a look at SciTools Understand - http://www.scitools.com/ > > Have seen the result of understand tool recently. Report metrics show > code complexity which gives a start point where to tackle. On the strength of this recommendation to look at 'Understand', I downloaded an evaluation copy yesterday. I was extremely disappointed. It checks conformance to a large number of extremely superficial style rules while providing little or no assistance in finding real bugs. Indeed, some of the advice is totally wrong. For example, seeing #define BUFF_SIZE (16*1024) static unsigned char buffer[BUFF_SIZE]; it recommended that the #define should be replaced by a const or an inline function. Now int const BUFF_SIZE = 16*1024; static unsigned char buffer[BUFF_SIZE]; is legal C++, but it is NOT legal C89 or legal C99. So its advice was to change a legal C program into an illegal one! There does not seem to be any way of checking against a particular C standard: you cannot say C89 or C99, you cannot allow or forbid GCC or Microsoft extensions, you cannot say C only or C+POSIX, &c. Not in the evaluation copy, at any rate. Then there was the switch statement with a /*FALLTHROUGH*/, at which point Understand screamed about a switch with no default. But there _was_ a default. Indeed, out of about six switches where it complained about a missing default, only one really was missing a default. And that was enum {Unix, Astc, User} whence = User; ... various assignments of enumerals to whence ... switch (whence) { case Unix: ...; break; case Astc: ...; break; case User: ...; break; } Every possible value of the variable is covered, so what's a default needed for? The real prize was the one where it said 'Potential Const' about an file-scope variable that had a rather obvious assignment later in the file. And if you've ever been annoyed by a parse error in Splint, here's one for you: *** Script Error*** File: /Volumes/scitools/scitools/conf/plugin/SciTools/Codecheck/SciTools' Recommended Checks/unreachableCode.upl: Error: Could not finish parsing control flow for parse in 'Smalltalk/syn.c', either it is too large or parsing is in an infinite loop at /Volumes/scitools/scitools/bin/macosx/Perl/STI/Maintain//Understand/Flowchart.pm line 1541. It processed other, larger, files without complaint. The program is compiled often with three different compilers (SPARCompile C, gcc-4.{0,2,5}, and clang). The user interface looks good, although there are some annoyances there. > > >> Would that be: United States Patent 7,900,193 "System and method for > detecting defects in a computer program using data and control flow > analysis"? >> I cannot see anything new here. > > I had a typo in original email. It's "pattern-based" rather than > "patent(rule)-based". > > Forrest > > > _______________________________________________ > splint-discuss mailing list > splint-discuss at mail.cs.virginia.edu > http://www.cs.virginia.edu/mailman/listinfo/splint-discuss From ok at cs.otago.ac.nz Thu Jun 2 19:07:45 2011 From: ok at cs.otago.ac.nz (Richard O'Keefe) Date: Fri, 3 Jun 2011 11:07:45 +1200 Subject: [splint-discuss] static analysis tool In-Reply-To: <8BC7D3BD84751245B2EF0731B37F02F20EE43EB3@ALPMLVEM07.e2k.ad.ge.com> References: <8BC7D3BD84751245B2EF0731B37F02F20EE43EB3@ALPMLVEM07.e2k.ad.ge.com> Message-ID: <155AE45F-487A-4505-AD50-C1E64CE14833@cs.otago.ac.nz> On 2/06/2011, at 11:14 AM, Sun, Forrest (GE Healthcare) wrote: >> Take a look at SciTools Understand - http://www.scitools.com/ > > Have seen the result of understand tool recently. Report metrics show > code complexity which gives a start point where to tackle. On the strength of this recommendation to look at 'Understand', I downloaded an evaluation copy yesterday. I was extremely disappointed. It checks conformance to a large number of extremely superficial style rules while providing little or no assistance in finding real bugs. Indeed, some of the advice is totally wrong. For example, seeing #define BUFF_SIZE (16*1024) static unsigned char buffer[BUFF_SIZE]; it recommended that the #define should be replaced by a const or an inline function. Now int const BUFF_SIZE = 16*1024; static unsigned char buffer[BUFF_SIZE]; is legal C++, but it is NOT legal C89 or legal C99. So its advice was to change a legal C program into an illegal one! There does not seem to be any way of checking against a particular C standard: you cannot say C89 or C99, you cannot allow or forbid GCC or Microsoft extensions, you cannot say C only or C+POSIX, &c. Not in the evaluation copy, at any rate. Then there was the switch statement with a /*FALLTHROUGH*/, at which point Understand screamed about a switch with no default. But there _was_ a default. Indeed, out of about six switches where it complained about a missing default, only one really was missing a default. And that was enum {Unix, Astc, User} whence = User; ... various assignments of enumerals to whence ... switch (whence) { case Unix: ...; break; case Astc: ...; break; case User: ...; break; } Every possible value of the variable is covered, so what's a default needed for? The real prize was the one where it said 'Potential Const' about an file-scope variable that had a rather obvious assignment later in the file. And if you've ever been annoyed by a parse error in Splint, here's one for you: *** Script Error*** File: /Volumes/scitools/scitools/conf/plugin/SciTools/Codecheck/SciTools' Recommended Checks/unreachableCode.upl: Error: Could not finish parsing control flow for parse in 'Smalltalk/syn.c', either it is too large or parsing is in an infinite loop at /Volumes/scitools/scitools/bin/macosx/Perl/STI/Maintain//Understand/Flowchart.pm line 1541. It processed other, larger, files without complaint. The program is compiled often with three different compilers (SPARCompile C, gcc-4.{0,2,5}, and clang). The user interface looks good, although there are some annoyances there. > > >> Would that be: United States Patent 7,900,193 "System and method for > detecting defects in a computer program using data and control flow > analysis"? >> I cannot see anything new here. > > I had a typo in original email. It's "pattern-based" rather than > "patent(rule)-based". > > Forrest > > > _______________________________________________ > splint-discuss mailing list > splint-discuss at mail.cs.virginia.edu > http://www.cs.virginia.edu/mailman/listinfo/splint-discuss From splint at sympatico.ca Fri Jun 3 21:25:57 2011 From: splint at sympatico.ca (Bill Pringlemeir) Date: Fri, 3 Jun 2011 21:25:57 -0400 Subject: [splint-discuss] Odd if/then block behavior In-Reply-To: <8341D66CE19FA347AA897AEC0755E8370111137F@swan.rivers.zai.com> (Michael Banks's message of "Wed, 25 May 2011 18:01:42 -0400") References: <8341D66CE19FA347AA897AEC0755E8370111137F@swan.rivers.zai.com> Message-ID: On 25 May 2011, banks-michael at zai.com wrote: > I'm still getting up to speed, but I did find one thing that I think > may be a bug, and wanted to bring it up. > I've tried to make a minimal code sample that exhibits this behavior. > I'll append it below. > Many thanks for any pointers. I have a few other strange behaviors > I'm seeing, but those I'm still running to ground to make sure it > isn't just my lack of understanding of Splint's memory model. Most likely it is a bug. The structure of splint is ok at checking simple functions. However, it mixes YACC and Lex production rules with source code checking. It is easy to miss something in one of these rules and having 'if stmt;' differ from 'if { stmt;}'. Sometime changing these thing might break parsing. Dr Evan's has made suggestions about how to better handle this. Source analysis should be done on an intermediate structure and not directly at the lexing/parsing layer. More to the point, many people have noted that splint is not good at handling complex functions. This is due to the way it is structured. There are many other issues that need to be fixed. However, this one is probably part of a bigger issue. You can submit your findings to the bugs on source forge. http://sourceforge.net/tracker/?group_id=34302&atid=459911 It is more likely that other people will find it there. Thanks, Bill Pringlemeir. -- Yow! Legally-imposed CULTURE-reduction is CABBAGE-BRAINED! From splint at sympatico.ca Fri Jun 3 21:57:51 2011 From: splint at sympatico.ca (Bill Pringlemeir) Date: Fri, 3 Jun 2011 21:57:51 -0400 Subject: [splint-discuss] splint PC_MAX_CANON bug on Linux/Gnome In-Reply-To: <20110526082934.432743hvwkimvja6@webmail.netcom.co.uk> (cwr@netcom.co.uk's message of "Thu, 26 May 2011 08:29:34 +0100") References: <20110520173559.51772y3guhi7792c@webmail.netcom.co.uk> <20110526082934.432743hvwkimvja6@webmail.netcom.co.uk> Message-ID: On 26 May 2011, cwr at netcom.co.uk wrote: > Quoting Bill Pringlemeir : >> I spent some time on it and it doesn't reproduce for me. You need to >> say what version of 'confname.h' you have. It is from some glibc >> version. As well, the splint command options are useful. Try to get a >> minimum file with '+nof'. >> > Thanks for the cross-check; I've tried again, with Splint 3.1.2, and > the failure has nothing to do with Gnome. It's triggered by unistd.h, > and there's a workaround. > I ran the command: > splint -weak +posixlib b.c I run the command './splint +nof +posixlib b.c and I have no issues. Do you have anything in '~/.splintrc'? I do get an error if I have some options set in my own '.splintrc'. You need to use '+nof' and find what option is causing this. PC_MAX_CANON is an enum and a define. Splint has special macro processing/parsing, but I thought someone else had fixed this when I was tracing through the source and saw a comment in regard to macro processing. The parse error may only happen with particular splint options. Especially relevant are splint macro options like '+fnc-macro', etc. Otherwise, you headers may be significantly different than mine. Thanks, Bill Pringlemeir. bpringle at pvr:/home/src/splint.HEAD/src$ ./splint +nof +posixlib b.c Splint 3.1.2 --- 14 Nov 2010 Finished checking --- no warnings bpringle at pvr:/home/src/splint.HEAD/src$ mv /home/bpringle/.splintrc /home/bpringle/splint.rc.tmp bpringle at pvr:/home/src/splint.HEAD/src$ ./splint +posixlib b.c Splint 3.1.2 --- 14 Nov 2010 < loading standard library /home/src/splint.HEAD/lib/posix.lcd .... > < preprocessing > < checking b.c > < checking macros /usr/include/unistd.h > < checking macros /usr/include/bits/posix_opt.h > < checking macros /usr/include/unistd.h > < checking macros /usr/include/bits/confname.h > < global checks > Error Type Reported Suppressed =================== ======== ========= incondefs 0 36 fixedformalarray 0 1 formalarray 0 7 macroredef 0 17 czechfcns 0 2 czechtypes 0 56 globalprefix 0 5 uncheckedmacroprefix 0 57 protoparamprefix 0 152 enummemuse 0 279 constuse 0 16 fcnuse 0 101 typeuse 0 42 varuse 0 5 declundef 0 106 exporttype 0 50 type 0 9 ======== ========= Total 0 941 Finished checking --- no warnings 3050 source lines in 0.22 s. Time distribution (percent): initialize 9.09 / pre-process 18.18 / c check 72.73 / finalize 0.00 bpringle at pvr:/home/src/splint.HEAD/src$ mv /home/bpringle/splint.rc.tmp /home/bpringle/.splintrc bpringle at pvr:/home/src/splint.HEAD/src$ ./splint +posixlib b.c Splint 3.1.2 --- 14 Nov 2010 .splintrc:88:1: Setting mode checks after setting mode flags will override set values of flags: sizeoftype, numabstractlit, numabstractindex, numabstractprint, mustmod, (12 others) ... Command line sets flag in abnormal way (Use -warnflags to inhibit warning) .splintrc:88:1: Setting +distinctinternalnames redundant with current value Cannot find standard library: posix.lcd Check LARCH_PATH environment variable. < preprocessing > < checking b.c > /usr/include/unistd.h:357:51: Parse Error: Inconsistent function parameter syntax: size_t : . (For help on parse errors, see splint -help parseerrors.) *** Cannot continue. -- Khaddafi class struggle Maple $400 million in gold bullion Echelon AFSPC analyzer keyhole Compsec JSOFC3IP Ron Brown Craig Livingstone TELINT Vickie Weaver Albania From gyozo.papp at thyssenkrupp.com Wed Jun 8 04:23:13 2011 From: gyozo.papp at thyssenkrupp.com (=?windows-1250?B?R3n1evUgUGFwcA==?=) Date: Wed, 8 Jun 2011 13:23:13 +0200 Subject: [splint-discuss] custom annotation to check nonlocal pointers In-Reply-To: <60494DD6-B953-4600-A1A1-1D2F83E92DF5@cs.otago.ac.nz> References: <60494DD6-B953-4600-A1A1-1D2F83E92DF5@cs.otago.ac.nz> Message-ID: > You might also find Ivy CC (http://ivy.cs.berkeley.edu/ivywiki/ > index.php/Main/Ivy) > of interest. You might be able to find someone to help you add the > check you want to that. Thanks for the tip, I'll get contacted with them. > > * A write attempt to a location pointed by const pointer (safe) is > OK because the correctness of the content of that pointer can be > guaranteed. (It is stored in ROM, cannot be damaged by other SW component.) > > Which is surely why such a write attempt is *NOT* ok. It cannot work. I'm afraid, my phrasing was misleading. I meant that the pointer itself is stored in ROM so its value (ie. the pointed memory address) cannot be overwritten accidentally. Nonetheless, the stored memory address may point to a writeable segment (RAM) and that part of the memory could be damaged. Probably I still miss the point. In this case, please let me know. As you are aware, messages sent by eMail can be manipulated or diverted by third parties. If not mentioned otherwise our eMail messages are generally not legally binding. This electronic message (including any attachments) contains confidential information and may be legally privileged or otherwise protected from disclosure and as such is intended only for the use by the intended recipients. Please be aware that any unauthorized disclosure, copy, distribution or use of the contents of this message is expressly prohibited. If you have received this eMail in error please understand that you must not copy this eMail or any attachment or disclose the contents to any other person. Please notify me immediately by reply eMail and delete this message and any attachments from your system. Thank you for your cooperation. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20110608/fce2dfc4/attachment.html From Forrest.Sun at med.ge.com Tue Jun 14 10:49:24 2011 From: Forrest.Sun at med.ge.com (Sun, Forrest (GE Healthcare)) Date: Tue, 14 Jun 2011 13:49:24 -0400 Subject: [splint-discuss] +show-summary Message-ID: <8BC7D3BD84751245B2EF0731B37F02F20F1080A1@ALPMLVEM07.e2k.ad.ge.com> How do you get summary output (with +show-summary) captured into a file so that it can later on be parsed by a script. It's not on stdout. Forrest -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20110614/e5f50cf6/attachment.html From beroset at mindspring.com Tue Jun 14 11:08:29 2011 From: beroset at mindspring.com (Ed Beroset) Date: Tue, 14 Jun 2011 14:08:29 -0400 (GMT-04:00) Subject: [splint-discuss] +show-summary Message-ID: <9128565.1308074910006.JavaMail.root@elwamui-rubis.atl.sa.earthlink.net> "Sun, Forrest (GE Healthcare)" wrote: > >How do you get summary output (with +show-summary) captured into a file >so that it can later on be parsed by a script. It's not on stdout. It's on stderr, so you can redirect using something like this: splint +show-summary mycode.c 2>result.txt Ed From stephan.lokum at ifm.com Tue Jun 14 19:03:26 2011 From: stephan.lokum at ifm.com (stephan.lokum at ifm.com) Date: Wed, 15 Jun 2011 04:03:26 +0200 Subject: [splint-discuss] =?iso-8859-1?q?Stephan_Lokum_ist_au=DFer_Haus=2E?= Message-ID: Ich werde ab 10.06.2011 nicht im B?ro sein. Ich kehre zur?ck am 28.06.2011. in dringenden F?llen aber unter 0151 50 36 34 39 erreichbar. --> oder: Stephan.Lokum at arcor.de From Forrest.Sun at med.ge.com Wed Jun 22 10:06:04 2011 From: Forrest.Sun at med.ge.com (Sun, Forrest (GE Healthcare)) Date: Wed, 22 Jun 2011 13:06:04 -0400 Subject: [splint-discuss] complete list of error type Message-ID: <8BC7D3BD84751245B2EF0731B37F02F20F2C7C32@ALPMLVEM07.e2k.ad.ge.com> Is there a list of error types that splint can possibly produce? For example, summary report for one file may be: Error Type Reported Suppressed =================== ======== ========= nullpass 0 4 usedef 3 0 compdef 2 0 I'm interested in getting a list of all error types (not limited to the ones in summary report for a single file). Thanks, Forrest -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20110622/118569af/attachment.html From luca.ciciriello at gmail.com Tue Jun 28 05:09:06 2011 From: luca.ciciriello at gmail.com (luca ciciriello) Date: Tue, 28 Jun 2011 14:09:06 +0200 Subject: [splint-discuss] HELP Message-ID: Hi All. I'm trying to use splint on Windows 7 with Visual Studio 2008 installed. I've followed the splint site instruction to use this tool. I've set the environment variables as specified in the site but there is something that is still missing. My splint is unable to find the C SDK include. If I set the path where most of the includes (string.h, stdio.h, etc.) are, some other include is missing (i.e Windows.h). If I set the path where windows.h is located, then string.h, stdio.h, etc are missing. The version of splint I'm forced to use is 3.0.1.6 (this version is a must). There is someone out there that use my configuration (Windows 7 with Visual Studio 2008 )? How I have to set my splint in order to let it find the SDK include in the above configuration? Thanks in advance for any answer. Luca. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.cs.virginia.edu/pipermail/splint-discuss/attachments/20110628/732a3263/attachment.html From ok at cs.otago.ac.nz Tue Jun 28 19:00:34 2011 From: ok at cs.otago.ac.nz (Richard O'Keefe) Date: Wed, 29 Jun 2011 14:00:34 +1200 Subject: [splint-discuss] Linux #define _PC_MAX_CANON _PC_MAX_CANON Message-ID: <72355E9A-5993-46E7-98F5-E18C6F21A772@cs.otago.ac.nz> Trying to use splint 3.1.2 on a recent 64-bit Linux system, I got this message: /usr/include/bits/confname.h:31:27: *** Internal Bug at cscannerHelp.c:2428: Unexpanded macro not function or constant: int _PC_MAX_CANON [errno: 25] *** Please report bug to splint-bug at splint.org *** (attempting to continue, results may be incorrect) /usr/include/bits/confname.h:32:1: Parse Error: Non-function declaration: _PC_MAX_CANON : int. (For help on parse errors, see splint -help parseerrors.) *** Cannot continue. enum { _PC_LINK_MAX, #define _PC_LINK_MAX _PC_LINK_MAX _PC_MAX_CANON, 31>>> #define _PC_MAX_CANON _PC_MAX_CANON 32>>> _PC_MAX_INPUT, splint on Solaris 2.10 and Mac OS X Darwin 10.7.0 has no problem parsing all the files concerned. Both of those systems just do #define _PC_MAX_CANON 123456 or whatever the number is without involving an enum. I'm not in a position to change the headers on that machine, and while terminally "cute", it _is_ legal C...