| 9645dee1 |
1 | <html> |
| 2 | <head> |
| 3 | <meta content= |
| 4 | "HTML Tidy for Solaris (vers 1st March 2003), see www.w3.org" |
| 5 | name="generator"> |
| 6 | <link rel="stylesheet" type="text/css" href= |
| 7 | "../manual.css" title="style1"> |
| 8 | <title>Splint Manual</title> |
| 9 | <style type="text/css"> |
| 10 | <!-- |
| 11 | /* Font Definitions */ |
| 12 | @font-face |
| 13 | {font-family:Helvetica; |
| 14 | panose-1:2 11 5 4 2 2 2 2 2 4;} |
| 15 | @font-face |
| 16 | {font-family:Courier; |
| 17 | panose-1:2 7 4 9 2 2 5 2 4 4;} |
| 18 | @font-face |
| 19 | {font-family:"Tms Rmn"; |
| 20 | panose-1:2 2 6 3 4 5 5 2 3 4;} |
| 21 | @font-face |
| 22 | {font-family:Helv; |
| 23 | panose-1:2 11 6 4 2 2 2 3 2 4;} |
| 24 | @font-face |
| 25 | {font-family:"New York"; |
| 26 | panose-1:2 4 5 3 6 5 6 2 3 4;} |
| 27 | @font-face |
| 28 | {font-family:System; |
| 29 | panose-1:0 0 0 0 0 0 0 0 0 0;} |
| 30 | @font-face |
| 31 | {font-family:Wingdings; |
| 32 | panose-1:5 0 0 0 0 0 0 0 0 0;} |
| 33 | @font-face |
| 34 | {font-family:"MS Mincho"; |
| 35 | panose-1:2 2 6 9 4 2 5 8 3 4;} |
| 36 | @font-face |
| 37 | {font-family:Batang; |
| 38 | panose-1:2 3 6 0 0 1 1 1 1 1;} |
| 39 | @font-face |
| 40 | {font-family:SimSun; |
| 41 | panose-1:2 1 6 0 3 1 1 1 1 1;} |
| 42 | @font-face |
| 43 | {font-family:PMingLiU; |
| 44 | panose-1:2 1 6 1 0 1 1 1 1 1;} |
| 45 | @font-face |
| 46 | {font-family:"MS Gothic"; |
| 47 | panose-1:2 11 6 9 7 2 5 8 2 4;} |
| 48 | @font-face |
| 49 | {font-family:Dotum; |
| 50 | panose-1:2 11 6 0 0 1 1 1 1 1;} |
| 51 | @font-face |
| 52 | {font-family:SimHei; |
| 53 | panose-1:2 1 6 0 3 1 1 1 1 1;} |
| 54 | @font-face |
| 55 | {font-family:MingLiU; |
| 56 | panose-1:2 1 6 9 0 1 1 1 1 1;} |
| 57 | @font-face |
| 58 | {font-family:Mincho; |
| 59 | panose-1:2 2 6 9 4 3 5 8 3 5;} |
| 60 | @font-face |
| 61 | {font-family:Gulim; |
| 62 | panose-1:2 11 6 0 0 1 1 1 1 1;} |
| 63 | @font-face |
| 64 | {font-family:Century; |
| 65 | panose-1:2 4 6 3 5 7 5 2 3 3;} |
| 66 | @font-face |
| 67 | {font-family:"Angsana New"; |
| 68 | panose-1:2 2 6 3 5 4 5 2 3 4;} |
| 69 | @font-face |
| 70 | {font-family:"Cordia New"; |
| 71 | panose-1:2 11 3 4 2 2 2 2 2 4;} |
| 72 | @font-face |
| 73 | {font-family:Mangal; |
| 74 | panose-1:0 0 4 0 0 0 0 0 0 0;} |
| 75 | @font-face |
| 76 | {font-family:Latha; |
| 77 | panose-1:0 0 4 0 0 0 0 0 0 0;} |
| 78 | @font-face |
| 79 | {font-family:Sylfaen; |
| 80 | panose-1:1 10 5 2 5 3 6 3 3 3;} |
| 81 | @font-face |
| 82 | {font-family:Vrinda; |
| 83 | panose-1:0 0 4 0 0 0 0 0 0 0;} |
| 84 | @font-face |
| 85 | {font-family:Raavi; |
| 86 | panose-1:0 0 4 0 0 0 0 0 0 0;} |
| 87 | @font-face |
| 88 | {font-family:Shruti; |
| 89 | panose-1:0 0 4 0 0 0 0 0 0 0;} |
| 90 | @font-face |
| 91 | {font-family:Sendnya; |
| 92 | panose-1:0 0 4 0 0 0 0 0 0 0;} |
| 93 | @font-face |
| 94 | {font-family:Gautami; |
| 95 | panose-1:0 0 4 0 0 0 0 0 0 0;} |
| 96 | @font-face |
| 97 | {font-family:Tunga; |
| 98 | panose-1:0 0 4 0 0 0 0 0 0 0;} |
| 99 | @font-face |
| 100 | {font-family:"Estrangella Edessa"; |
| 101 | panose-1:0 0 0 0 0 0 0 0 0 0;} |
| 102 | @font-face |
| 103 | {font-family:"Arial Unicode MS"; |
| 104 | panose-1:0 0 0 0 0 0 0 0 0 0;} |
| 105 | @font-face |
| 106 | {font-family:Tahoma; |
| 107 | panose-1:2 11 6 4 3 5 4 4 2 4;} |
| 108 | @font-face |
| 109 | {font-family:"Book Antiqua"; |
| 110 | panose-1:2 4 6 2 5 3 5 3 3 4;} |
| 111 | @font-face |
| 112 | {font-family:"Arial Narrow"; |
| 113 | panose-1:2 11 5 6 2 2 2 3 2 4;} |
| 114 | @font-face |
| 115 | {font-family:Times; |
| 116 | panose-1:0 0 0 0 0 0 0 0 0 0;} |
| 117 | @font-face |
| 118 | {font-family:Marlett; |
| 119 | panose-1:0 0 0 0 0 0 0 0 0 0;} |
| 120 | @font-face |
| 121 | {font-family:"News Gothic MT"; |
| 122 | panose-1:2 11 5 4 2 2 3 2 2 4;} |
| 123 | @font-face |
| 124 | {font-family:"Lucida Sans Unicode"; |
| 125 | panose-1:2 11 6 2 3 5 4 2 2 4;} |
| 126 | @font-face |
| 127 | {font-family:"Century Gothic"; |
| 128 | panose-1:2 11 5 2 2 2 2 2 2 4;} |
| 129 | @font-face |
| 130 | {font-family:"Abadi MT Condensed Light"; |
| 131 | panose-1:2 11 3 6 3 1 1 1 1 3;} |
| 132 | @font-face |
| 133 | {font-family:"Matisse ITC"; |
| 134 | panose-1:4 4 4 3 3 13 2 2 7 4;} |
| 135 | @font-face |
| 136 | {font-family:Westminster; |
| 137 | panose-1:4 4 5 6 3 15 2 2 7 2;} |
| 138 | @font-face |
| 139 | {font-family:"Lucida Console"; |
| 140 | panose-1:2 11 6 9 4 5 4 2 2 4;} |
| 141 | @font-face |
| 142 | {font-family:"Arial Black"; |
| 143 | panose-1:2 11 10 4 2 1 2 2 2 4;} |
| 144 | @font-face |
| 145 | {font-family:"Comic Sans MS"; |
| 146 | panose-1:3 15 7 2 3 3 2 2 2 4;} |
| 147 | @font-face |
| 148 | {font-family:Verdana; |
| 149 | panose-1:2 11 6 4 3 5 4 4 2 4;} |
| 150 | @font-face |
| 151 | {font-family:Webdings; |
| 152 | panose-1:5 3 1 2 1 5 9 6 7 3;} |
| 153 | @font-face |
| 154 | {font-family:"Verdana Ref"; |
| 155 | panose-1:2 11 6 4 3 5 4 4 2 4;} |
| 156 | @font-face |
| 157 | {font-family:"Georgia Ref"; |
| 158 | panose-1:2 4 5 2 5 4 5 2 3 3;} |
| 159 | @font-face |
| 160 | {font-family:RefSpecialty; |
| 161 | panose-1:2 0 5 0 0 0 0 0 0 0;} |
| 162 | @font-face |
| 163 | {font-family:"MS Reference 1"; |
| 164 | panose-1:5 0 0 0 0 0 0 0 0 0;} |
| 165 | @font-face |
| 166 | {font-family:"MS Reference 2"; |
| 167 | panose-1:0 0 0 0 0 0 0 0 0 0;} |
| 168 | @font-face |
| 169 | {font-family:Money; |
| 170 | panose-1:0 0 4 0 0 0 0 0 0 0;} |
| 171 | @font-face |
| 172 | {font-family:"Mediascape OSD Icon"; |
| 173 | panose-1:2 11 6 3 5 3 2 2 2 4;} |
| 174 | @font-face |
| 175 | {font-family:Pronto; |
| 176 | panose-1:2 11 7 3 3 0 0 0 0 7;} |
| 177 | @font-face |
| 178 | {font-family:"Agency FB"; |
| 179 | panose-1:0 1 6 6 4 0 0 4 0 3;} |
| 180 | @font-face |
| 181 | {font-family:Algerian; |
| 182 | panose-1:4 2 7 5 4 10 2 6 7 2;} |
| 183 | @font-face |
| 184 | {font-family:"Arial Rounded MT Bold"; |
| 185 | panose-1:2 15 7 4 3 5 4 3 2 4;} |
| 186 | @font-face |
| 187 | {font-family:"Baskerville Old Face"; |
| 188 | panose-1:2 2 6 2 8 5 5 2 3 3;} |
| 189 | @font-face |
| 190 | {font-family:"Bauhaus 93"; |
| 191 | panose-1:4 3 9 5 2 11 2 2 12 2;} |
| 192 | @font-face |
| 193 | {font-family:"Bell MT"; |
| 194 | panose-1:2 2 5 3 6 3 5 2 3 3;} |
| 195 | @font-face |
| 196 | {font-family:"Berlin Sans FB"; |
| 197 | panose-1:2 14 6 2 2 5 2 2 3 6;} |
| 198 | @font-face |
| 199 | {font-family:"Bernard MT Condensed"; |
| 200 | panose-1:2 5 8 6 6 9 5 2 4 4;} |
| 201 | @font-face |
| 202 | {font-family:"Blackadder ITC"; |
| 203 | panose-1:4 2 5 5 5 16 7 2 13 2;} |
| 204 | @font-face |
| 205 | {font-family:"Bookman Old Style"; |
| 206 | panose-1:2 5 6 4 5 5 5 2 2 4;} |
| 207 | @font-face |
| 208 | {font-family:"Bradley Hand ITC"; |
| 209 | panose-1:3 7 4 2 5 3 2 3 2 3;} |
| 210 | @font-face |
| 211 | {font-family:"Britannic Bold"; |
| 212 | panose-1:2 11 9 3 6 7 3 2 2 4;} |
| 213 | @font-face |
| 214 | {font-family:Broadway; |
| 215 | panose-1:4 4 9 5 8 11 2 2 5 2;} |
| 216 | @font-face |
| 217 | {font-family:"Brush Script MT"; |
| 218 | panose-1:3 6 8 2 4 4 6 7 3 4;} |
| 219 | @font-face |
| 220 | {font-family:"Californian FB"; |
| 221 | panose-1:2 7 4 3 6 8 11 3 2 4;} |
| 222 | @font-face |
| 223 | {font-family:"Calisto MT"; |
| 224 | panose-1:2 4 6 3 5 5 5 3 3 4;} |
| 225 | @font-face |
| 226 | {font-family:Castellar; |
| 227 | panose-1:2 10 4 2 6 4 6 1 3 1;} |
| 228 | @font-face |
| 229 | {font-family:Centaur; |
| 230 | panose-1:2 3 5 4 5 2 5 2 3 4;} |
| 231 | @font-face |
| 232 | {font-family:"Century Schoolbook"; |
| 233 | panose-1:2 4 6 4 5 5 5 2 3 4;} |
| 234 | @font-face |
| 235 | {font-family:Chiller; |
| 236 | panose-1:4 2 4 4 3 16 7 2 6 2;} |
| 237 | @font-face |
| 238 | {font-family:"Colonna MT"; |
| 239 | panose-1:4 2 8 5 6 2 2 3 2 3;} |
| 240 | @font-face |
| 241 | {font-family:"Cooper Black"; |
| 242 | panose-1:2 8 9 4 4 3 11 2 4 4;} |
| 243 | @font-face |
| 244 | {font-family:"Copperplate Gothic Bold"; |
| 245 | panose-1:2 14 7 5 2 2 6 2 4 4;} |
| 246 | @font-face |
| 247 | {font-family:"Copperplate Gothic Light"; |
| 248 | panose-1:2 14 5 7 2 2 6 2 4 4;} |
| 249 | @font-face |
| 250 | {font-family:"Curlz MT"; |
| 251 | panose-1:4 4 4 4 5 7 2 2 2 2;} |
| 252 | @font-face |
| 253 | {font-family:"Edwardian Script ITC"; |
| 254 | panose-1:3 3 3 2 4 7 7 13 8 4;} |
| 255 | @font-face |
| 256 | {font-family:Elephant; |
| 257 | panose-1:2 2 9 4 9 5 5 2 3 3;} |
| 258 | @font-face |
| 259 | {font-family:"Engravers MT"; |
| 260 | panose-1:2 9 7 7 8 5 5 2 3 4;} |
| 261 | @font-face |
| 262 | {font-family:"Eras Bold ITC"; |
| 263 | panose-1:2 11 9 7 3 5 4 2 2 4;} |
| 264 | @font-face |
| 265 | {font-family:"Eras Demi ITC"; |
| 266 | panose-1:2 11 8 5 3 5 4 2 8 4;} |
| 267 | @font-face |
| 268 | {font-family:"Eras Light ITC"; |
| 269 | panose-1:2 11 4 2 3 5 4 2 8 4;} |
| 270 | @font-face |
| 271 | {font-family:"Eras Medium ITC"; |
| 272 | panose-1:2 11 6 2 3 5 4 2 8 4;} |
| 273 | @font-face |
| 274 | {font-family:"Felix Titling"; |
| 275 | panose-1:4 6 5 5 6 2 2 2 10 4;} |
| 276 | @font-face |
| 277 | {font-family:"Footlight MT Light"; |
| 278 | panose-1:2 4 6 2 6 3 10 2 3 4;} |
| 279 | @font-face |
| 280 | {font-family:Forte; |
| 281 | panose-1:3 6 9 2 4 5 2 7 2 3;} |
| 282 | @font-face |
| 283 | {font-family:"Franklin Gothic Book"; |
| 284 | panose-1:2 11 5 3 2 1 2 2 2 4;} |
| 285 | @font-face |
| 286 | {font-family:"Franklin Gothic Demi"; |
| 287 | panose-1:2 11 7 3 2 1 2 2 2 4;} |
| 288 | @font-face |
| 289 | {font-family:"Franklin Gothic Demi Cond"; |
| 290 | panose-1:2 11 7 6 3 4 2 2 2 4;} |
| 291 | @font-face |
| 292 | {font-family:"Franklin Gothic Heavy"; |
| 293 | panose-1:2 11 9 3 2 1 2 2 2 4;} |
| 294 | @font-face |
| 295 | {font-family:"Franklin Gothic Medium"; |
| 296 | panose-1:2 11 6 3 2 1 2 2 2 4;} |
| 297 | @font-face |
| 298 | {font-family:"Franklin Gothic Medium Cond"; |
| 299 | panose-1:2 11 6 6 3 4 2 2 2 4;} |
| 300 | @font-face |
| 301 | {font-family:"Freestyle Script"; |
| 302 | panose-1:3 8 4 2 3 2 5 11 4 4;} |
| 303 | @font-face |
| 304 | {font-family:"French Script MT"; |
| 305 | panose-1:3 2 4 2 4 6 7 4 6 5;} |
| 306 | @font-face |
| 307 | {font-family:Garamond; |
| 308 | panose-1:2 2 4 4 3 3 1 1 8 3;} |
| 309 | @font-face |
| 310 | {font-family:Gigi; |
| 311 | panose-1:4 4 5 4 6 16 7 2 13 2;} |
| 312 | @font-face |
| 313 | {font-family:"Gill Sans MT"; |
| 314 | panose-1:2 11 5 2 2 1 4 2 2 3;} |
| 315 | @font-face |
| 316 | {font-family:"Gill Sans MT Condensed"; |
| 317 | panose-1:2 11 5 6 2 1 4 2 2 3;} |
| 318 | @font-face |
| 319 | {font-family:"Gill Sans Ultra Bold"; |
| 320 | panose-1:2 11 10 2 2 1 4 2 2 3;} |
| 321 | @font-face |
| 322 | {font-family:"Gill Sans Ultra Bold Condensed"; |
| 323 | panose-1:2 11 10 6 2 1 4 2 2 3;} |
| 324 | @font-face |
| 325 | {font-family:"Gill Sans MT Ext Condensed Bold"; |
| 326 | panose-1:2 11 9 2 2 1 4 2 2 3;} |
| 327 | @font-face |
| 328 | {font-family:"Gloucester MT Extra Condensed"; |
| 329 | panose-1:2 3 8 8 2 6 1 1 1 1;} |
| 330 | @font-face |
| 331 | {font-family:"Goudy Old Style"; |
| 332 | panose-1:2 2 5 2 5 3 5 2 3 3;} |
| 333 | @font-face |
| 334 | {font-family:"Goudy Stout"; |
| 335 | panose-1:2 2 9 4 7 3 11 2 4 1;} |
| 336 | @font-face |
| 337 | {font-family:Haettenschweiler; |
| 338 | panose-1:2 11 7 6 4 9 2 6 2 4;} |
| 339 | @font-face |
| 340 | {font-family:"Harlow Solid Italic"; |
| 341 | panose-1:4 3 6 4 2 15 2 2 13 2;} |
| 342 | @font-face |
| 343 | {font-family:Harrington; |
| 344 | panose-1:4 4 5 5 5 10 2 2 7 2;} |
| 345 | @font-face |
| 346 | {font-family:"High Tower Text"; |
| 347 | panose-1:2 4 5 2 5 5 6 3 3 3;} |
| 348 | @font-face |
| 349 | {font-family:"Imprint MT Shadow"; |
| 350 | panose-1:4 2 6 5 6 3 3 3 2 2;} |
| 351 | @font-face |
| 352 | {font-family:Jokerman; |
| 353 | panose-1:4 9 6 5 6 13 6 2 7 2;} |
| 354 | @font-face |
| 355 | {font-family:"Juice ITC"; |
| 356 | panose-1:4 4 4 3 4 10 2 2 2 2;} |
| 357 | @font-face |
| 358 | {font-family:"Kristen ITC"; |
| 359 | panose-1:3 5 5 2 4 2 2 3 2 2;} |
| 360 | @font-face |
| 361 | {font-family:"Kunstler Script"; |
| 362 | panose-1:3 3 4 2 2 6 7 13 13 6;} |
| 363 | @font-face |
| 364 | {font-family:"Lucida Bright"; |
| 365 | panose-1:2 4 6 2 5 5 5 2 3 4;} |
| 366 | @font-face |
| 367 | {font-family:"Lucida Calligraphy"; |
| 368 | panose-1:3 1 1 1 1 1 1 1 1 1;} |
| 369 | @font-face |
| 370 | {font-family:"Lucida Fax"; |
| 371 | panose-1:2 6 6 2 5 5 5 2 2 4;} |
| 372 | @font-face |
| 373 | {font-family:"Lucida Handwriting"; |
| 374 | panose-1:3 1 1 1 1 1 1 1 1 1;} |
| 375 | @font-face |
| 376 | {font-family:"Lucida Sans"; |
| 377 | panose-1:2 11 6 2 3 5 4 2 2 4;} |
| 378 | @font-face |
| 379 | {font-family:"Lucida Sans Typewriter"; |
| 380 | panose-1:2 11 5 9 3 5 4 3 2 4;} |
| 381 | @font-face |
| 382 | {font-family:Magneto; |
| 383 | panose-1:4 3 8 5 5 8 2 2 13 2;} |
| 384 | @font-face |
| 385 | {font-family:"Maiandra GD"; |
| 386 | panose-1:2 14 5 2 3 3 8 2 2 4;} |
| 387 | @font-face |
| 388 | {font-family:"Matura MT Script Capitals"; |
| 389 | panose-1:3 2 8 2 6 6 2 7 2 2;} |
| 390 | @font-face |
| 391 | {font-family:Mistral; |
| 392 | panose-1:3 9 7 2 3 4 7 2 4 3;} |
| 393 | @font-face |
| 394 | {font-family:"Modern No\. 20"; |
| 395 | panose-1:2 7 7 4 7 5 5 2 3 3;} |
| 396 | @font-face |
| 397 | {font-family:"Niagara Engraved"; |
| 398 | panose-1:4 2 5 2 7 7 3 3 2 2;} |
| 399 | @font-face |
| 400 | {font-family:"Niagara Solid"; |
| 401 | panose-1:4 2 5 2 7 7 2 2 2 2;} |
| 402 | @font-face |
| 403 | {font-family:"OCR A Extended"; |
| 404 | panose-1:2 1 5 9 2 1 2 1 3 3;} |
| 405 | @font-face |
| 406 | {font-family:"Old English Text MT"; |
| 407 | panose-1:3 4 9 2 4 5 8 3 8 6;} |
| 408 | @font-face |
| 409 | {font-family:Onyx; |
| 410 | panose-1:4 5 6 2 8 7 2 2 2 3;} |
| 411 | @font-face |
| 412 | {font-family:"Palace Script MT"; |
| 413 | panose-1:3 3 3 2 2 6 7 12 11 5;} |
| 414 | @font-face |
| 415 | {font-family:Papyrus; |
| 416 | panose-1:3 7 5 2 6 5 2 3 2 5;} |
| 417 | @font-face |
| 418 | {font-family:Parchment; |
| 419 | panose-1:3 4 6 2 4 7 8 4 8 4;} |
| 420 | @font-face |
| 421 | {font-family:Perpetua; |
| 422 | panose-1:2 2 5 2 6 4 1 2 3 3;} |
| 423 | @font-face |
| 424 | {font-family:"Perpetua Titling MT"; |
| 425 | panose-1:2 2 5 2 6 5 5 2 8 4;} |
| 426 | @font-face |
| 427 | {font-family:Playbill; |
| 428 | panose-1:4 5 6 3 10 6 2 2 2 2;} |
| 429 | @font-face |
| 430 | {font-family:"Poor Richard"; |
| 431 | panose-1:2 8 5 2 5 5 5 2 7 2;} |
| 432 | @font-face |
| 433 | {font-family:Pristina; |
| 434 | panose-1:3 6 4 2 4 4 6 8 2 4;} |
| 435 | @font-face |
| 436 | {font-family:"Rage Italic"; |
| 437 | panose-1:3 7 5 2 4 5 7 7 3 4;} |
| 438 | @font-face |
| 439 | {font-family:Ravie; |
| 440 | panose-1:4 4 8 5 5 8 9 2 6 2;} |
| 441 | @font-face |
| 442 | {font-family:Rockwell; |
| 443 | panose-1:2 6 6 3 2 2 5 2 4 3;} |
| 444 | @font-face |
| 445 | {font-family:"Rockwell Condensed"; |
| 446 | panose-1:2 6 6 3 5 4 5 2 1 4;} |
| 447 | @font-face |
| 448 | {font-family:"Rockwell Extra Bold"; |
| 449 | panose-1:2 6 9 3 4 5 5 2 4 3;} |
| 450 | @font-face |
| 451 | {font-family:"Informal Roman"; |
| 452 | panose-1:3 6 4 2 3 4 6 11 2 4;} |
| 453 | @font-face |
| 454 | {font-family:"Script MT Bold"; |
| 455 | panose-1:3 4 6 2 4 6 7 8 9 4;} |
| 456 | @font-face |
| 457 | {font-family:"Showcard Gothic"; |
| 458 | panose-1:4 2 9 4 2 1 2 2 6 4;} |
| 459 | @font-face |
| 460 | {font-family:"Snap ITC"; |
| 461 | panose-1:4 4 10 7 6 10 2 2 2 2;} |
| 462 | @font-face |
| 463 | {font-family:Stencil; |
| 464 | panose-1:4 4 9 5 13 8 2 2 4 4;} |
| 465 | @font-face |
| 466 | {font-family:"Tempus Sans ITC"; |
| 467 | panose-1:4 2 4 4 3 13 7 2 2 2;} |
| 468 | @font-face |
| 469 | {font-family:"Trebuchet MS"; |
| 470 | panose-1:2 11 6 3 2 2 2 2 2 4;} |
| 471 | @font-face |
| 472 | {font-family:"Tw Cen MT"; |
| 473 | panose-1:2 11 6 2 2 1 4 2 6 3;} |
| 474 | @font-face |
| 475 | {font-family:"Tw Cen MT Condensed"; |
| 476 | panose-1:2 11 6 6 2 1 4 2 2 3;} |
| 477 | @font-face |
| 478 | {font-family:"Viner Hand ITC"; |
| 479 | panose-1:3 7 5 2 3 5 2 2 2 3;} |
| 480 | @font-face |
| 481 | {font-family:Vivaldi; |
| 482 | panose-1:3 2 6 2 5 5 6 9 8 4;} |
| 483 | @font-face |
| 484 | {font-family:"Vladimir Script"; |
| 485 | panose-1:3 5 4 2 4 4 7 7 3 5;} |
| 486 | @font-face |
| 487 | {font-family:"Wide Latin"; |
| 488 | panose-1:2 10 10 7 5 5 5 2 4 4;} |
| 489 | @font-face |
| 490 | {font-family:"Wingdings 2"; |
| 491 | panose-1:5 2 1 2 1 5 7 7 7 7;} |
| 492 | @font-face |
| 493 | {font-family:"Wingdings 3"; |
| 494 | panose-1:5 4 1 2 1 8 7 7 7 7;} |
| 495 | @font-face |
| 496 | {font-family:"Berlin Sans FB Demi"; |
| 497 | panose-1:2 14 8 2 2 5 2 2 3 6;} |
| 498 | @font-face |
| 499 | {font-family:"Tw Cen MT Condensed Extra Bold"; |
| 500 | panose-1:2 11 8 3 2 0 0 0 0 4;} |
| 501 | @font-face |
| 502 | {font-family:"Almanac MT"; |
| 503 | panose-1:5 1 1 1 1 1 1 1 1 1;} |
| 504 | @font-face |
| 505 | {font-family:"Beesknees ITC"; |
| 506 | panose-1:4 4 10 5 5 13 2 2 5 2;} |
| 507 | @font-face |
| 508 | {font-family:"Holidays MT"; |
| 509 | panose-1:5 1 1 1 1 1 1 1 1 1;} |
| 510 | @font-face |
| 511 | {font-family:"Monotype Sorts"; |
| 512 | panose-1:1 1 6 1 1 1 1 1 1 1;} |
| 513 | @font-face |
| 514 | {font-family:"Monotype Sorts 2"; |
| 515 | panose-1:5 2 1 2 1 2 8 2 8 8;} |
| 516 | @font-face |
| 517 | {font-family:"Pepita MT"; |
| 518 | panose-1:3 6 4 2 4 5 2 7 8 4;} |
| 519 | @font-face |
| 520 | {font-family:"Vacation MT"; |
| 521 | panose-1:5 1 1 1 1 1 1 1 1 1;} |
| 522 | @font-face |
| 523 | {font-family:"Map Symbols"; |
| 524 | panose-1:0 5 1 2 1 7 6 2 5 7;} |
| 525 | @font-face |
| 526 | {font-family:"Bookshelf Symbol 3"; |
| 527 | panose-1:5 5 1 2 1 7 6 2 5 7;} |
| 528 | @font-face |
| 529 | {font-family:Georgia; |
| 530 | panose-1:2 4 5 2 5 4 5 2 3 3;} |
| 531 | @font-face |
| 532 | {font-family:"MS Outlook"; |
| 533 | panose-1:5 0 0 0 0 0 0 0 0 0;} |
| 534 | @font-face |
| 535 | {font-family:"Berling Antiqua"; |
| 536 | panose-1:2 2 6 2 6 4 5 3 4 2;} |
| 537 | @font-face |
| 538 | {font-family:Bookdings; |
| 539 | panose-1:5 0 0 0 0 0 0 0 0 0;} |
| 540 | @font-face |
| 541 | {font-family:"Frutiger Linotype"; |
| 542 | panose-1:2 11 6 4 3 5 4 4 2 4;} |
| 543 | @font-face |
| 544 | {font-family:"Andale Mono"; |
| 545 | panose-1:2 11 5 9 0 0 0 0 0 4;} |
| 546 | @font-face |
| 547 | {font-family:Impact; |
| 548 | panose-1:2 11 8 6 3 9 2 5 2 4;} |
| 549 | @font-face |
| 550 | {font-family:"Monotype Corsiva"; |
| 551 | panose-1:3 1 1 1 1 2 1 1 1 1;} |
| 552 | @font-face |
| 553 | {font-family:"MT Extra"; |
| 554 | panose-1:5 5 1 2 1 2 5 2 2 2;} |
| 555 | @font-face |
| 556 | {font-family:ProgramTwo; |
| 557 | panose-1:0 0 0 0 0 0 0 0 0 0;} |
| 558 | /* Style Definitions */ |
| 559 | p.MsoNormal, li.MsoNormal, div.MsoNormal |
| 560 | {margin:0in; |
| 561 | margin-bottom:.0001pt; |
| 562 | text-align:justify; |
| 563 | font-size:11.0pt; |
| 564 | font-family:"Times New Roman";} |
| 565 | h1 |
| 566 | {margin-top:12.0pt; |
| 567 | margin-right:0in; |
| 568 | margin-bottom:3.0pt; |
| 569 | margin-left:0in; |
| 570 | text-align:justify; |
| 571 | text-indent:0in; |
| 572 | page-break-before:always; |
| 573 | page-break-after:avoid; |
| 574 | font-size:16.0pt; |
| 575 | font-family:"Times New Roman";} |
| 576 | h2 |
| 577 | {margin-top:12.0pt; |
| 578 | margin-right:0in; |
| 579 | margin-bottom:3.0pt; |
| 580 | margin-left:0in; |
| 581 | text-align:justify; |
| 582 | text-indent:0in; |
| 583 | page-break-after:avoid; |
| 584 | font-size:14.0pt; |
| 585 | font-family:"Times New Roman";} |
| 586 | h3 |
| 587 | {margin-top:12.0pt; |
| 588 | margin-right:0in; |
| 589 | margin-bottom:3.0pt; |
| 590 | margin-left:0in; |
| 591 | text-align:justify; |
| 592 | text-indent:0in; |
| 593 | page-break-after:avoid; |
| 594 | font-size:12.0pt; |
| 595 | font-family:"Times New Roman";} |
| 596 | h4 |
| 597 | {margin-top:12.0pt; |
| 598 | margin-right:0in; |
| 599 | margin-bottom:3.0pt; |
| 600 | margin-left:0in; |
| 601 | text-align:justify; |
| 602 | text-indent:0in; |
| 603 | page-break-after:avoid; |
| 604 | font-size:12.0pt; |
| 605 | font-family:"Times New Roman";} |
| 606 | h5 |
| 607 | {margin-top:12.0pt; |
| 608 | margin-right:0in; |
| 609 | margin-bottom:3.0pt; |
| 610 | margin-left:0in; |
| 611 | text-align:justify; |
| 612 | text-indent:0in; |
| 613 | font-size:11.0pt; |
| 614 | font-family:"Times New Roman"; |
| 615 | font-weight:normal;} |
| 616 | h6 |
| 617 | {margin-top:12.0pt; |
| 618 | margin-right:0in; |
| 619 | margin-bottom:3.0pt; |
| 620 | margin-left:0in; |
| 621 | text-align:justify; |
| 622 | text-indent:0in; |
| 623 | font-size:11.0pt; |
| 624 | font-family:"Times New Roman"; |
| 625 | font-weight:normal; |
| 626 | font-style:italic;} |
| 627 | p.MsoHeading7, li.MsoHeading7, div.MsoHeading7 |
| 628 | {margin-top:12.0pt; |
| 629 | margin-right:0in; |
| 630 | margin-bottom:3.0pt; |
| 631 | margin-left:0in; |
| 632 | text-align:justify; |
| 633 | text-indent:0in; |
| 634 | page-break-before:always; |
| 635 | page-break-after:avoid; |
| 636 | font-size:16.0pt; |
| 637 | font-family:"Times New Roman"; |
| 638 | font-weight:bold;} |
| 639 | p.MsoHeading8, li.MsoHeading8, div.MsoHeading8 |
| 640 | {margin-top:12.0pt; |
| 641 | margin-right:0in; |
| 642 | margin-bottom:3.0pt; |
| 643 | margin-left:0in; |
| 644 | text-align:justify; |
| 645 | text-indent:0in; |
| 646 | page-break-after:avoid; |
| 647 | font-size:14.0pt; |
| 648 | font-family:"Times New Roman"; |
| 649 | font-weight:bold;} |
| 650 | p.MsoHeading9, li.MsoHeading9, div.MsoHeading9 |
| 651 | {margin-top:12.0pt; |
| 652 | margin-right:0in; |
| 653 | margin-bottom:3.0pt; |
| 654 | margin-left:0in; |
| 655 | text-align:justify; |
| 656 | text-indent:0in; |
| 657 | page-break-after:avoid; |
| 658 | font-size:12.0pt; |
| 659 | font-family:"Times New Roman"; |
| 660 | font-weight:bold;} |
| 661 | p.MsoIndex1, li.MsoIndex1, div.MsoIndex1 |
| 662 | {margin-top:0in; |
| 663 | margin-right:0in; |
| 664 | margin-bottom:0in; |
| 665 | margin-left:10.0pt; |
| 666 | margin-bottom:.0001pt; |
| 667 | text-align:justify; |
| 668 | text-indent:-10.0pt; |
| 669 | font-size:11.0pt; |
| 670 | font-family:"Times New Roman";} |
| 671 | p.MsoIndex2, li.MsoIndex2, div.MsoIndex2 |
| 672 | {margin-top:0in; |
| 673 | margin-right:0in; |
| 674 | margin-bottom:0in; |
| 675 | margin-left:20.0pt; |
| 676 | margin-bottom:.0001pt; |
| 677 | text-align:justify; |
| 678 | text-indent:-10.0pt; |
| 679 | font-size:11.0pt; |
| 680 | font-family:"Times New Roman";} |
| 681 | p.MsoIndex3, li.MsoIndex3, div.MsoIndex3 |
| 682 | {margin-top:0in; |
| 683 | margin-right:0in; |
| 684 | margin-bottom:0in; |
| 685 | margin-left:30.0pt; |
| 686 | margin-bottom:.0001pt; |
| 687 | text-align:justify; |
| 688 | text-indent:-10.0pt; |
| 689 | font-size:11.0pt; |
| 690 | font-family:"Times New Roman";} |
| 691 | p.MsoIndex4, li.MsoIndex4, div.MsoIndex4 |
| 692 | {margin-top:0in; |
| 693 | margin-right:0in; |
| 694 | margin-bottom:0in; |
| 695 | margin-left:40.0pt; |
| 696 | margin-bottom:.0001pt; |
| 697 | text-align:justify; |
| 698 | text-indent:-10.0pt; |
| 699 | font-size:11.0pt; |
| 700 | font-family:"Times New Roman";} |
| 701 | p.MsoIndex5, li.MsoIndex5, div.MsoIndex5 |
| 702 | {margin-top:0in; |
| 703 | margin-right:0in; |
| 704 | margin-bottom:0in; |
| 705 | margin-left:50.0pt; |
| 706 | margin-bottom:.0001pt; |
| 707 | text-align:justify; |
| 708 | text-indent:-10.0pt; |
| 709 | font-size:11.0pt; |
| 710 | font-family:"Times New Roman";} |
| 711 | p.MsoIndex6, li.MsoIndex6, div.MsoIndex6 |
| 712 | {margin-top:0in; |
| 713 | margin-right:0in; |
| 714 | margin-bottom:0in; |
| 715 | margin-left:60.0pt; |
| 716 | margin-bottom:.0001pt; |
| 717 | text-align:justify; |
| 718 | text-indent:-10.0pt; |
| 719 | font-size:11.0pt; |
| 720 | font-family:"Times New Roman";} |
| 721 | p.MsoIndex7, li.MsoIndex7, div.MsoIndex7 |
| 722 | {margin-top:0in; |
| 723 | margin-right:0in; |
| 724 | margin-bottom:0in; |
| 725 | margin-left:70.0pt; |
| 726 | margin-bottom:.0001pt; |
| 727 | text-align:justify; |
| 728 | text-indent:-10.0pt; |
| 729 | font-size:11.0pt; |
| 730 | font-family:"Times New Roman";} |
| 731 | p.MsoIndex8, li.MsoIndex8, div.MsoIndex8 |
| 732 | {margin-top:0in; |
| 733 | margin-right:0in; |
| 734 | margin-bottom:0in; |
| 735 | margin-left:80.0pt; |
| 736 | margin-bottom:.0001pt; |
| 737 | text-align:justify; |
| 738 | text-indent:-10.0pt; |
| 739 | font-size:11.0pt; |
| 740 | font-family:"Times New Roman";} |
| 741 | p.MsoIndex9, li.MsoIndex9, div.MsoIndex9 |
| 742 | {margin-top:0in; |
| 743 | margin-right:0in; |
| 744 | margin-bottom:0in; |
| 745 | margin-left:1.25in; |
| 746 | margin-bottom:.0001pt; |
| 747 | text-align:justify; |
| 748 | text-indent:-10.0pt; |
| 749 | font-size:11.0pt; |
| 750 | font-family:"Times New Roman";} |
| 751 | p.MsoToc1, li.MsoToc1, div.MsoToc1 |
| 752 | {margin-top:9.0pt; |
| 753 | margin-right:0in; |
| 754 | margin-bottom:4.0pt; |
| 755 | margin-left:0in; |
| 756 | text-align:justify; |
| 757 | font-size:11.0pt; |
| 758 | font-family:"Times New Roman"; |
| 759 | font-weight:bold;} |
| 760 | p.MsoToc2, li.MsoToc2, div.MsoToc2 |
| 761 | {margin-top:4.0pt; |
| 762 | margin-right:0in; |
| 763 | margin-bottom:0in; |
| 764 | margin-left:.15in; |
| 765 | margin-bottom:.0001pt; |
| 766 | text-align:justify; |
| 767 | font-size:11.0pt; |
| 768 | font-family:"Times New Roman";} |
| 769 | p.MsoToc3, li.MsoToc3, div.MsoToc3 |
| 770 | {margin-top:0in; |
| 771 | margin-right:0in; |
| 772 | margin-bottom:0in; |
| 773 | margin-left:22.3pt; |
| 774 | margin-bottom:.0001pt; |
| 775 | text-align:justify; |
| 776 | font-size:11.0pt; |
| 777 | font-family:"Times New Roman";} |
| 778 | p.MsoToc4, li.MsoToc4, div.MsoToc4 |
| 779 | {margin-top:0in; |
| 780 | margin-right:0in; |
| 781 | margin-bottom:0in; |
| 782 | margin-left:30.0pt; |
| 783 | margin-bottom:.0001pt; |
| 784 | text-align:justify; |
| 785 | font-size:11.0pt; |
| 786 | font-family:"Times New Roman";} |
| 787 | p.MsoToc5, li.MsoToc5, div.MsoToc5 |
| 788 | {margin-top:0in; |
| 789 | margin-right:0in; |
| 790 | margin-bottom:0in; |
| 791 | margin-left:40.0pt; |
| 792 | margin-bottom:.0001pt; |
| 793 | text-align:justify; |
| 794 | font-size:11.0pt; |
| 795 | font-family:"Times New Roman";} |
| 796 | p.MsoToc6, li.MsoToc6, div.MsoToc6 |
| 797 | {margin-top:0in; |
| 798 | margin-right:0in; |
| 799 | margin-bottom:0in; |
| 800 | margin-left:50.0pt; |
| 801 | margin-bottom:.0001pt; |
| 802 | text-align:justify; |
| 803 | font-size:11.0pt; |
| 804 | font-family:"Times New Roman";} |
| 805 | p.MsoToc7, li.MsoToc7, div.MsoToc7 |
| 806 | {margin-top:0in; |
| 807 | margin-right:0in; |
| 808 | margin-bottom:0in; |
| 809 | margin-left:60.0pt; |
| 810 | margin-bottom:.0001pt; |
| 811 | text-align:justify; |
| 812 | font-size:11.0pt; |
| 813 | font-family:"Times New Roman";} |
| 814 | p.MsoToc8, li.MsoToc8, div.MsoToc8 |
| 815 | {margin-top:0in; |
| 816 | margin-right:0in; |
| 817 | margin-bottom:0in; |
| 818 | margin-left:70.0pt; |
| 819 | margin-bottom:.0001pt; |
| 820 | text-align:justify; |
| 821 | font-size:11.0pt; |
| 822 | font-family:"Times New Roman";} |
| 823 | p.MsoToc9, li.MsoToc9, div.MsoToc9 |
| 824 | {margin-top:0in; |
| 825 | margin-right:0in; |
| 826 | margin-bottom:0in; |
| 827 | margin-left:80.0pt; |
| 828 | margin-bottom:.0001pt; |
| 829 | text-align:justify; |
| 830 | font-size:11.0pt; |
| 831 | font-family:"Times New Roman";} |
| 832 | p.MsoFootnoteText, li.MsoFootnoteText, div.MsoFootnoteText |
| 833 | {margin:0in; |
| 834 | margin-bottom:.0001pt; |
| 835 | text-align:justify; |
| 836 | font-size:10.0pt; |
| 837 | font-family:"Times New Roman";} |
| 838 | p.MsoCommentText, li.MsoCommentText, div.MsoCommentText |
| 839 | {margin:0in; |
| 840 | margin-bottom:.0001pt; |
| 841 | text-align:justify; |
| 842 | font-size:20.0pt; |
| 843 | font-family:"Times New Roman";} |
| 844 | p.MsoHeader, li.MsoHeader, div.MsoHeader |
| 845 | {margin:0in; |
| 846 | margin-bottom:.0001pt; |
| 847 | text-align:justify; |
| 848 | font-size:11.0pt; |
| 849 | font-family:"Times New Roman"; |
| 850 | font-weight:bold; |
| 851 | font-style:italic;} |
| 852 | p.MsoFooter, li.MsoFooter, div.MsoFooter |
| 853 | {margin:0in; |
| 854 | margin-bottom:.0001pt; |
| 855 | text-align:justify; |
| 856 | font-size:20.0pt; |
| 857 | font-family:"Times New Roman";} |
| 858 | p.MsoIndexHeading, li.MsoIndexHeading, div.MsoIndexHeading |
| 859 | {margin:0in; |
| 860 | margin-bottom:.0001pt; |
| 861 | text-align:justify; |
| 862 | font-size:11.0pt; |
| 863 | font-family:"Times New Roman";} |
| 864 | p.MsoCaption, li.MsoCaption, div.MsoCaption |
| 865 | {margin-top:6.0pt; |
| 866 | margin-right:0in; |
| 867 | margin-bottom:6.0pt; |
| 868 | margin-left:0in; |
| 869 | text-align:center; |
| 870 | font-size:10.0pt; |
| 871 | font-family:"Times New Roman"; |
| 872 | font-weight:bold;} |
| 873 | p.MsoTof, li.MsoTof, div.MsoTof |
| 874 | {margin-top:0in; |
| 875 | margin-right:0in; |
| 876 | margin-bottom:0in; |
| 877 | margin-left:22.0pt; |
| 878 | margin-bottom:.0001pt; |
| 879 | text-align:justify; |
| 880 | text-indent:-22.0pt; |
| 881 | font-size:11.0pt; |
| 882 | font-family:"Times New Roman";} |
| 883 | span.MsoFootnoteReference |
| 884 | {vertical-align:super;} |
| 885 | span.MsoPageNumber |
| 886 | {vertical-align:baseline;} |
| 887 | p.MsoListBullet, li.MsoListBullet, div.MsoListBullet |
| 888 | {margin-top:0in; |
| 889 | margin-right:0in; |
| 890 | margin-bottom:0in; |
| 891 | margin-left:12.95pt; |
| 892 | margin-bottom:.0001pt; |
| 893 | text-align:justify; |
| 894 | text-indent:-12.95pt; |
| 895 | font-size:11.0pt; |
| 896 | font-family:"Times New Roman";} |
| 897 | p.MsoTitle, li.MsoTitle, div.MsoTitle |
| 898 | {margin-top:12.0pt; |
| 899 | margin-right:0in; |
| 900 | margin-bottom:3.0pt; |
| 901 | margin-left:0in; |
| 902 | text-align:center; |
| 903 | font-size:16.0pt; |
| 904 | font-family:Arial; |
| 905 | font-weight:bold;} |
| 906 | p.MsoSubtitle, li.MsoSubtitle, div.MsoSubtitle |
| 907 | {margin-top:0in; |
| 908 | margin-right:0in; |
| 909 | margin-bottom:3.0pt; |
| 910 | margin-left:0in; |
| 911 | text-align:center; |
| 912 | font-size:12.0pt; |
| 913 | font-family:Arial;} |
| 914 | p.MsoPlainText, li.MsoPlainText, div.MsoPlainText |
| 915 | {margin:0in; |
| 916 | margin-bottom:.0001pt; |
| 917 | line-height:200%; |
| 918 | font-size:11.0pt; |
| 919 | font-family:"Times New Roman";} |
| 920 | pre |
| 921 | {margin:0in; |
| 922 | margin-bottom:.0001pt; |
| 923 | font-size:10.0pt; |
| 924 | font-family:"Courier New";} |
| 925 | p.TextFontCX, li.TextFontCX, div.TextFontCX |
| 926 | {margin:0in; |
| 927 | margin-bottom:.0001pt; |
| 928 | text-align:justify; |
| 929 | font-size:11.0pt; |
| 930 | font-family:"Times New Roman";} |
| 931 | p.Appendix, li.Appendix, div.Appendix |
| 932 | {margin-top:12.0pt; |
| 933 | margin-right:0in; |
| 934 | margin-bottom:3.0pt; |
| 935 | margin-left:0in; |
| 936 | text-align:justify; |
| 937 | page-break-after:avoid; |
| 938 | font-size:14.0pt; |
| 939 | font-family:"Times New Roman"; |
| 940 | font-weight:bold;} |
| 941 | p.Heading10, li.Heading10, div.Heading10 |
| 942 | {margin-top:12.0pt; |
| 943 | margin-right:0in; |
| 944 | margin-bottom:3.0pt; |
| 945 | margin-left:0in; |
| 946 | text-align:justify; |
| 947 | page-break-after:avoid; |
| 948 | font-size:12.0pt; |
| 949 | font-family:"Times New Roman"; |
| 950 | letter-spacing:-.4pt; |
| 951 | font-weight:bold;} |
| 952 | p.Heading11, li.Heading11, div.Heading11 |
| 953 | {margin-top:12.0pt; |
| 954 | margin-right:0in; |
| 955 | margin-bottom:3.0pt; |
| 956 | margin-left:0in; |
| 957 | text-align:justify; |
| 958 | page-break-after:avoid; |
| 959 | font-size:11.0pt; |
| 960 | font-family:"Times New Roman"; |
| 961 | letter-spacing:-.4pt; |
| 962 | font-weight:bold; |
| 963 | font-style:italic;} |
| 964 | span.Flag |
| 965 | {font-family:Tahoma; |
| 966 | } |
| 967 | span.Annot |
| 968 | {font-family:Tahoma; |
| 969 | } |
| 970 | span.PlainText |
| 971 | {font-family:"Courier New";} |
| 972 | span.Keyword |
| 973 | {font-family:"Courier New"; |
| 974 | } |
| 975 | span.Line |
| 976 | {font-family:Arial; |
| 977 | font-style:italic;} |
| 978 | span.implicit |
| 979 | {font-family:"Courier New"; |
| 980 | color:gray; |
| 981 | font-style:italic;} |
| 982 | span.HeadingNote |
| 983 | {font-family:"Times New Roman"; |
| 984 | font-style:italic;} |
| 985 | p.Author, li.Author, div.Author |
| 986 | {margin-top:0in; |
| 987 | margin-right:0in; |
| 988 | margin-bottom:3.0pt; |
| 989 | margin-left:0in; |
| 990 | text-align:center; |
| 991 | font-size:14.0pt; |
| 992 | font-family:Arial; |
| 993 | font-style:italic;} |
| 994 | p.Verbatim, li.Verbatim, div.Verbatim |
| 995 | {margin:0in; |
| 996 | margin-bottom:.0001pt; |
| 997 | font-size:10.0pt; |
| 998 | font-family:"Courier New"; |
| 999 | text-align:left} |
| 1000 | p.lclintrun, li.lclintrun, div.lclintrun |
| 1001 | {margin:0in; |
| 1002 | margin-bottom:.0001pt; |
| 1003 | font-size:11.0pt; |
| 1004 | font-family:"Arial Narrow";} |
| 1005 | p.IndentText, li.IndentText, div.IndentText |
| 1006 | {margin-top:0in; |
| 1007 | margin-right:.2in; |
| 1008 | margin-bottom:0in; |
| 1009 | margin-left:.2in; |
| 1010 | margin-bottom:.0001pt; |
| 1011 | text-align:left; |
| 1012 | font-size:11.0pt; |
| 1013 | font-family:"Times New Roman";} |
| 1014 | p.beforelist, li.beforelist, div.beforelist |
| 1015 | {margin-top:0in; |
| 1016 | margin-right:0in; |
| 1017 | margin-bottom:6.0pt; |
| 1018 | margin-left:0in; |
| 1019 | text-align:justify; |
| 1020 | font-size:11.0pt; |
| 1021 | font-family:"Times New Roman";} |
| 1022 | p.example, li.example, div.example |
| 1023 | {margin-top:6.0pt; |
| 1024 | margin-right:.2in; |
| 1025 | margin-bottom:6.0pt; |
| 1026 | margin-left:.2in; |
| 1027 | font-size:9.5pt; |
| 1028 | font-family:"Courier New"; |
| 1029 | text-align=left} |
| 1030 | p.skiplist, li.skiplist, div.skiplist |
| 1031 | {margin-top:6.0pt; |
| 1032 | margin-right:0in; |
| 1033 | margin-bottom:0in; |
| 1034 | margin-left:0in; |
| 1035 | margin-bottom:.0001pt; |
| 1036 | text-align:justify; |
| 1037 | font-size:11.0pt; |
| 1038 | font-family:"Times New Roman";} |
| 1039 | p.afterlist, li.afterlist, div.afterlist |
| 1040 | {margin-top:6.0pt; |
| 1041 | margin-right:0in; |
| 1042 | margin-bottom:0in; |
| 1043 | margin-left:0in; |
| 1044 | margin-bottom:.0001pt; |
| 1045 | text-align:justify; |
| 1046 | font-size:11.0pt; |
| 1047 | font-family:"Times New Roman";} |
| 1048 | p.betweenlists, li.betweenlists, div.betweenlists |
| 1049 | {margin-top:6.0pt; |
| 1050 | margin-right:0in; |
| 1051 | margin-bottom:6.0pt; |
| 1052 | margin-left:0in; |
| 1053 | text-align:justify; |
| 1054 | font-size:11.0pt; |
| 1055 | font-family:"Times New Roman";} |
| 1056 | p.indentbefore, li.indentbefore, div.indentbefore |
| 1057 | {margin-top:0in; |
| 1058 | margin-right:.2in; |
| 1059 | margin-bottom:6.0pt; |
| 1060 | margin-left:.2in; |
| 1061 | font-size:11.0pt; |
| 1062 | text-align:left; |
| 1063 | font-family:"Times New Roman";} |
| 1064 | p.indentbefore0, li.indentbefore0, div.indentbefore0 |
| 1065 | {margin-top:0in; |
| 1066 | margin-right:.2in; |
| 1067 | margin-bottom:6.0pt; |
| 1068 | margin-left:.2in; |
| 1069 | font-size:11.0pt; |
| 1070 | text-align:left; |
| 1071 | font-family:"Times New Roman";} |
| 1072 | span.CodeText |
| 1073 | {font-family:Arial; |
| 1074 | } |
| 1075 | p.Sidebar, li.Sidebar, div.Sidebar |
| 1076 | {margin:0in; |
| 1077 | margin-bottom:.0001pt; |
| 1078 | font-size:9.0pt; |
| 1079 | font-family:"Times New Roman";} |
| 1080 | p.URL, li.URL, div.URL |
| 1081 | {margin:0in; |
| 1082 | margin-bottom:.0001pt; |
| 1083 | text-align:justify; |
| 1084 | font-size:10.0pt; |
| 1085 | font-family:Arial;} |
| 1086 | span.StyleKeywordBold |
| 1087 | {font-family:"Courier New"; |
| 1088 | color:white; |
| 1089 | font-weight:bold;} |
| 1090 | p.ProgramName, li.ProgramName, div.ProgramName |
| 1091 | {margin:0in; |
| 1092 | margin-bottom:.0001pt; |
| 1093 | text-align:justify; |
| 1094 | font-size:10.0pt; |
| 1095 | font-family:Arial;} |
| 1096 | span.Style1 |
| 1097 | {font-family:"Courier New";} |
| 1098 | span.ProgramNameChar |
| 1099 | {font-family:Arial;} |
| 1100 | span.ProgramCode |
| 1101 | {font-family:ProgramTwo; |
| 1102 | } |
| 1103 | p.fileName, li.fileName, div.fileName |
| 1104 | {margin-top:0in; |
| 1105 | margin-right:.2in; |
| 1106 | margin-bottom:0in; |
| 1107 | margin-left:.2in; |
| 1108 | margin-bottom:.0001pt; |
| 1109 | font-size:10.0pt; |
| 1110 | font-family:Arial;} |
| 1111 | p.FileName0, li.FileName0, div.FileName0 |
| 1112 | {margin-top:0in; |
| 1113 | margin-right:.2in; |
| 1114 | margin-bottom:0in; |
| 1115 | margin-left:.2in; |
| 1116 | margin-bottom:.0001pt; |
| 1117 | font-size:10.0pt; |
| 1118 | font-family:Arial;} |
| 1119 | span.FileNameChar |
| 1120 | {font-family:Arial;} |
| 1121 | ins |
| 1122 | {text-decoration:none;} |
| 1123 | span.msoIns |
| 1124 | {text-decoration:underline;} |
| 1125 | span.msoDel |
| 1126 | {text-decoration:line-through; |
| 1127 | color:red;} |
| 1128 | /* Page Definitions */ |
| 1129 | @page Section1 |
| 1130 | {size:8.5in 11.0in; |
| 1131 | margin:1.0in 1.25in .75in 1.25in;} |
| 1132 | div.Section1 |
| 1133 | {page:Section1;} |
| 1134 | @page Section2 |
| 1135 | {size:8.5in 11.0in; |
| 1136 | margin:1.0in 1.25in 1.0in 99.35pt;} |
| 1137 | div.Section2 |
| 1138 | {page:Section2;} |
| 1139 | @page Section3 |
| 1140 | {size:8.5in 11.0in; |
| 1141 | margin:1.0in 1.25in 1.0in 99.35pt;} |
| 1142 | div.Section3 |
| 1143 | {page:Section3;} |
| 1144 | @page Section4 |
| 1145 | {size:8.5in 11.0in; |
| 1146 | margin:1.0in 1.25in 1.0in 99.0pt;} |
| 1147 | div.Section4 |
| 1148 | {page:Section4;} |
| 1149 | @page Section5 |
| 1150 | {size:8.5in 11.0in; |
| 1151 | margin:1.0in 1.25in 1.0in 1.25in;} |
| 1152 | div.Section5 |
| 1153 | {page:Section5;} |
| 1154 | @page Section6 |
| 1155 | {size:8.5in 11.0in; |
| 1156 | margin:1.0in 1.25in 1.0in 1.25in;} |
| 1157 | div.Section6 |
| 1158 | {page:Section6;} |
| 1159 | @page Section7 |
| 1160 | {size:8.5in 11.0in; |
| 1161 | margin:1.0in 1.25in 1.0in 1.25in;} |
| 1162 | div.Section7 |
| 1163 | {page:Section7;} |
| 1164 | @page Section8 |
| 1165 | {size:8.5in 11.0in; |
| 1166 | margin:1.0in 1.25in 1.0in 1.25in;} |
| 1167 | div.Section8 |
| 1168 | {page:Section8;} |
| 1169 | /* List Definitions */ |
| 1170 | ol |
| 1171 | {margin-bottom:0in;} |
| 1172 | ul |
| 1173 | {margin-bottom:0in;} |
| 1174 | --> |
| 1175 | </style> |
| 1176 | </head> |
| 1177 | <body> |
| 1178 | <!--#include virtual="header.html"--> |
| 1179 | <div class="Section1"> |
| 1180 | <p class="MsoTitle"><img width="189" height="219" src= |
| 1181 | "manual-301_files/image001.jpg" hspace="12"><a name= |
| 1182 | "_Ref533872469"></a></p> |
| 1183 | <p class="MsoTitle"><a name="_Ref483663680"></a><span class= |
| 1184 | "MsoCommentReference"><span style= |
| 1185 | 'font-size:20.0pt'> </span></span></p> |
| 1186 | <p class="MsoTitle"><span class= |
| 1187 | "MsoCommentReference"><span style='font-size:26.0pt; font-family:"Book Antiqua"'> |
| 1188 | </span></span></p> |
| 1189 | <p class="MsoTitle"><span class= |
| 1190 | "MsoCommentReference"><span style='font-size:26.0pt; font-family:"Book Antiqua"'> |
| 1191 | </span></span></p> |
| 1192 | <p class="MsoTitle"><span class= |
| 1193 | "MsoCommentReference"><span style='font-size:26.0pt; font-family:"Book Antiqua"'> |
| 1194 | </span></span></p> |
| 1195 | <p class="MsoTitle"><span class= |
| 1196 | "MsoCommentReference"><span style='font-size:26.0pt; font-family:"Book Antiqua"'> |
| 1197 | Splint Manual</span></span></p> |
| 1198 | <p class="MsoTitle"><span class= |
| 1199 | "MsoCommentReference"><span style='font-size:26.0pt; font-family:"Book Antiqua"'> |
| 1200 | </span></span></p> |
| 1201 | <p class="MsoSubtitle"><span class= |
| 1202 | "MsoCommentReference"><span style= |
| 1203 | 'font-size: 18.0pt;font-family:"Book Antiqua"'>Version |
| 36ba812d |
1204 | 3.1.1</span></span></p> |
| 9645dee1 |
1205 | <p class="MsoSubtitle"><span class= |
| 1206 | "MsoCommentReference"><span style= |
| 36ba812d |
1207 | 'font-size: 18.0pt;font-family:"Book Antiqua"'>27 April 2003 |
| ed62d3fb |
1208 | </span></span></p> |
| 9645dee1 |
1209 | <p class="MsoSubtitle"><span class= |
| 1210 | "MsoCommentReference"><span style= |
| 1211 | 'font-size: 15.5pt'> </span></span></p> |
| 1212 | <p class="MsoSubtitle"><span class= |
| 1213 | "MsoCommentReference"><span style= |
| 1214 | 'font-size: 15.5pt'> </span></span></p> |
| 1215 | <p class="MsoSubtitle"><span class= |
| 1216 | "MsoCommentReference"><span style= |
| 1217 | 'font-size: 15.5pt'> </span></span></p> |
| 1218 | <p class="MsoNormal"><span class= |
| 1219 | "MsoCommentReference"><span style='font-size:14.0pt; font-family:"Book Antiqua"'> |
| 1220 | </span></span></p> |
| 1221 | <p class="MsoNormal"><span class= |
| 1222 | "MsoCommentReference"><span style='font-size:14.0pt; font-family:"Book Antiqua"'> |
| 1223 | </span></span></p> |
| 1224 | <p class="MsoNormal"><span class= |
| 1225 | "MsoCommentReference"><span style='font-size:14.0pt; font-family:"Book Antiqua"'> |
| 1226 | </span></span></p> |
| 1227 | <p class="MsoNormal"><span class= |
| 1228 | "MsoCommentReference"><span style='font-size:14.0pt; font-family:"Book Antiqua"'> |
| 1229 | </span></span></p> |
| 1230 | <p class="TextFontCX"><span class= |
| 1231 | "MsoCommentReference"><span style='font-size:15.5pt'> </span></span></p> |
| 1232 | <p class="TextFontCX" align="right" style= |
| 1233 | 'margin-right: -58.5pt;text-align:right'><img width="364" |
| 1234 | height="181" src="manual-301_files/image002.gif" align="left" |
| 1235 | hspace="12" alt="Text Box: |
| 1236 | Secure Programming Group |
| 1237 | University of Virginia |
| 1238 | Department of Computer Science |
| 1239 | |
| 1240 | "></p> |
| 1241 | <p class="TextFontCX" style= |
| 1242 | 'margin-left:28.35pt; text-indent:-14.15pt'><span class= |
| 1243 | "MsoCommentReference"><span style= |
| 1244 | 'font-size: 15.5pt'> </span></span></p> |
| 1245 | <p class="TextFontCX" align="right" style= |
| 1246 | 'margin-right: 9.0pt;text-align:right'><span class= |
| 1247 | "MsoCommentReference"><i><span style= |
| 1248 | 'font-size:14.0pt'> </span></i></span></p></div> |
| 1249 | <span class="MsoCommentReference"><b><i><span style= |
| 1250 | 'font-size:14.0pt;font-family: Arial'><br clear="all" style= |
| 1251 | 'page-break-before:auto'></span></i></b></span> |
| 1252 | <div class="Section2"><span class= |
| 1253 | "MsoCommentReference"><span style='font-size: 15.5pt;font-family:"Times New Roman"'> |
| 1254 | <br clear="all" style='page-break-before: always'></span></span> |
| 1255 | <p class="TextFontCX"><span class= |
| 1256 | "MsoCommentReference"><b><span style= |
| 1257 | 'font-size:14.0pt;font-family:Arial'> </span></b></span></p> |
| 1258 | <h4 style='margin-left:0in;text-indent:0in'><span class= |
| 1259 | "MsoCommentReference"><span style= |
| 1260 | 'font-size:14.0pt'>Authors</span></span></h4> |
| 1261 | <p class="TextFontCX">This manual was written by David Evans, |
| 1262 | except for Section 9 and Appendix B which were written by David |
| 1263 | Larochelle and David Evans.</p> |
| 1264 | <h4 style='margin-left:0in;text-indent:0in'><span class= |
| 1265 | "MsoCommentReference"><span style= |
| 1266 | 'font-size:14.0pt'>Credits</span></span></h4> |
| 1267 | <p class="TextFontCX">Splint is developed and maintained by the |
| 1268 | Secure Programming Group at the University of Virginia Department |
| 1269 | of Computer Science. David Evans is the project leader and |
| 1270 | the primary developer of Splint. David Larochelle developed |
| 1271 | the memory bounds checking. University of Virginia students |
| 1272 | Chris Barker, David Friedman, Mike Lanouette and Hien Phan all |
| 1273 | contributed significantly to the development of Splint.</p> |
| 1274 | <p class="TextFontCX"> </p> |
| 1275 | <p class="TextFontCX">Splint is the successor to LCLint, a tool |
| 1276 | originally developed as a joint research project between the |
| 1277 | Massachusetts Institute of Technology and Digital Equipment |
| 1278 | Corporation’s System Research Center. David Evans was |
| 1279 | the primary designed and developer of LCLint. John Guttag and |
| 1280 | Jim Horning had the original idea for a static checking tool for |
| 1281 | detecting inconsistencies between LCL specifications and their C |
| 1282 | implementations. They provided valuable advice on its |
| 1283 | functionality and design and were instrumental in its |
| 1284 | development. </p> |
| 1285 | <p class="TextFontCX"> </p> |
| 1286 | <p class="TextFontCX">Splint incorporates the original LCL checker |
| 1287 | developed by Yang Meng Tan. This was built on the DECspec |
| 1288 | Project (Joe Wild, Gary Feldman, Steve Garland, and Bill |
| 1289 | McKeeman). The LSL checker used by LCLint was developed by |
| 1290 | Steve Garland. The original C grammar for LCLint was provided |
| 1291 | by Nate Osgood. This work has also benefited greatly from |
| 1292 | discussions with Mike Burrows, David Friedman, Stephen Garland, |
| 1293 | Colin Godfrey, Steve Harrison, Yanlin Huang, Daniel Jackson, John |
| 1294 | Knight, David Larochelle, Angelika Leeb, Ulana Legedza, Gary |
| 1295 | McGraw, Anya Pogosyants, Avneesh Saxena, Seejo Sebastine, Navneet |
| 1296 | Singh, Raymie Stata, Yang Meng Tan, and Mark Vandevoorde. I |
| 1297 | especially thank Angelika Leeb for many constructive comments on |
| 1298 | improving an early version of this document, Raymie Stata and Mark |
| 1299 | Vandevoorde for technical assistance, and Dorothy Curtis, Paco |
| 1300 | Hope, Scott Ruffner, Christina Jackson, David Ladd, and Jessica |
| 1301 | Greer for systems assistance.</p> |
| 1302 | <p class="TextFontCX"> </p> |
| 1303 | <p class="TextFontCX">Much of Splint’s development has been |
| 1304 | driven by feedback from users in academia and industry. Many |
| 1305 | more people than I can mention here have made contributions by |
| 1306 | suggesting improvements, reporting bugs, porting early versions of |
| 1307 | Splint to other platforms. Particularly heroic contributions |
| 1308 | have been made by Nelson Beebe, Eric Bloodworth, Jutta Degener, |
| 1309 | Rick Farnbach, Chris Flatters, Huver Hu, Alexander Mai, John Gerard |
| 1310 | Malecki, Thomas G. McWilliams, Michael Meskes, Richard |
| 1311 | O’Keefe, Jens Schweikhardt, Albert L. Ting and Jim Zelenka. |
| 1312 | Martin “Herbert” Dietze and Mike Smith performed |
| 1313 | valiantly in producing the original Win32 and OS2 ports. Tim |
| 1314 | Van Holder produced the <span class="Keyword"><span style= |
| 1315 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>automake</span></span> |
| 1316 | and <span class="Keyword"><span style= |
| 1317 | 'font-size:10.0pt;font-family:Arial; color:windowtext'>autoconf</span></span> |
| 1318 | distribution. </p> |
| 1319 | <p class="TextFontCX"> </p> |
| ed62d3fb |
1320 | <p class="TextFontCX"> |
| 1321 | Splint research at the University of Virginia is currently funded in part by an NSF CAREER Award and an NSF CCLI Award for using analysis to teach software engineering. Splint has been previously supported by a grant from NASA and David Larochelle was funded by a USENIX student research grant. |
| 1322 | <span style='font-size:20.0pt'> </span></p></div> |
| 9645dee1 |
1323 | <span class="MsoCommentReference"><span style= |
| 1324 | 'font-size:15.5pt;font-family:"Times New Roman"'><br clear="all" |
| 1325 | style='page-break-before:right'></span></span> |
| 1326 | <div class="Section3"> |
| 1327 | <p class="MsoToc1" align="center" style='text-align:center'> |
| 1328 | <span class="MsoCommentReference"><span style= |
| 1329 | 'font-size:15.5pt'>Contents</span></span></p> |
| 1330 | <p class="MsoToc1">1<span style= |
| 1331 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1332 | <a href=#operation>Operation</a>................................................................................................................ |
| 1333 | 11</p> |
| 1334 | <p class="MsoToc2">1.1<span style= |
| 1335 | 'font-size:12.0pt'> </span> |
| 1336 | Warnings............................................................................................................. |
| 1337 | 11</p> |
| 1338 | <p class="MsoToc2">1.2<span style= |
| 1339 | 'font-size:12.0pt'> </span> |
| 1340 | Flags.................................................................................................................... |
| 1341 | 12</p> |
| 1342 | <p class="MsoToc2">1.3<span style= |
| 1343 | 'font-size:12.0pt'> </span> Stylized |
| 1344 | Comments............................................................................................... |
| 1345 | 12</p> |
| 1346 | <p class="MsoToc3">1.3.1<span style= |
| 1347 | 'font-size:12.0pt'> </span> |
| 1348 | Annotations................................................................................................... |
| 1349 | 13</p> |
| 1350 | <p class="MsoToc3">1.3.2<span style= |
| 1351 | 'font-size:12.0pt'> </span> Setting |
| 1352 | Flags.................................................................................................. |
| 1353 | 13</p> |
| 1354 | <p class="MsoToc1">2<span style= |
| 1355 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1356 | <a href=#null>Null |
| 1357 | Dereferences</a>................................................................................................... |
| 1358 | 14</p> |
| 1359 | <p class="MsoToc3">2.1.1<span style= |
| 1360 | 'font-size:12.0pt'> </span> Predicate |
| 1361 | Functions........................................................................................ |
| 1362 | 14</p> |
| 1363 | <p class="MsoToc3">2.1.2<span style= |
| 1364 | 'font-size:12.0pt'> </span> Notnull |
| 1365 | Annotations........................................................................................ |
| 1366 | 15</p> |
| 1367 | <p class="MsoToc3">2.1.3<span style= |
| 1368 | 'font-size:12.0pt'> </span> Relaxing Null |
| 1369 | Checking.................................................................................. |
| 1370 | 15</p> |
| 1371 | <p class="MsoToc1">3<span style= |
| 1372 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1373 | <a href=#undefined> |
| 1374 | Undefined |
| 1375 | Values</a>.................................................................................................... |
| 1376 | 17</p> |
| 1377 | <p class="MsoToc3">3.1.1<span style= |
| 1378 | 'font-size:12.0pt'> </span> Undefined |
| 1379 | Parameters................................................................................... |
| 1380 | 17</p> |
| 1381 | <p class="MsoToc3">3.1.2<span style= |
| 1382 | 'font-size:12.0pt'> </span> Relaxing |
| 1383 | Checking......................................................................................... |
| 1384 | 18</p> |
| 1385 | <p class="MsoToc3">3.1.3<span style= |
| 1386 | 'font-size:12.0pt'> </span> Partially |
| 1387 | Defined |
| 1388 | Structures............................................................................ |
| 1389 | 18</p> |
| 1390 | <p class="MsoToc1">4<span style= |
| 1391 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1392 | <a href=#types> |
| 1393 | Types</a>....................................................................................................................... |
| 1394 | 19</p> |
| 1395 | <p class="MsoToc2">4.1<span style= |
| 1396 | 'font-size:12.0pt'> </span> Built in C |
| 1397 | Types.................................................................................................... |
| 1398 | 19</p> |
| 1399 | <p class="MsoToc3">4.1.1<span style= |
| 1400 | 'font-size:12.0pt'> </span> |
| 1401 | Characters.................................................................................................... |
| 1402 | 19</p> |
| 1403 | <p class="MsoToc3">4.1.2<span style= |
| 1404 | 'font-size:12.0pt'> </span> |
| 1405 | Enumerators.................................................................................................. |
| 1406 | 19</p> |
| 1407 | <p class="MsoToc3">4.1.3<span style= |
| 1408 | 'font-size:12.0pt'> </span> Numeric |
| 1409 | Types.............................................................................................. |
| 1410 | 19</p> |
| 1411 | <p class="MsoToc3">4.1.4<span style= |
| 1412 | 'font-size:12.0pt'> </span> Arbitrary |
| 1413 | Integral |
| 1414 | Types................................................................................. |
| 1415 | 19</p> |
| 1416 | <p class="MsoToc2">4.2<span style= |
| 1417 | 'font-size:12.0pt'> </span> Boolean |
| 1418 | Types..................................................................................................... |
| 1419 | 20</p> |
| 1420 | <p class="MsoToc2">4.3<span style= |
| 1421 | 'font-size:12.0pt'> </span> Abstract |
| 1422 | Types..................................................................................................... |
| 1423 | 21</p> |
| 1424 | <p class="MsoToc3">4.3.1<span style= |
| 1425 | 'font-size:12.0pt'> </span> Controlling |
| 1426 | Access......................................................................................... |
| 1427 | 22</p> |
| 1428 | <p class="MsoToc3">4.3.2<span style= |
| 1429 | 'font-size:12.0pt'> </span> |
| 1430 | Mutability...................................................................................................... |
| 1431 | 23</p> |
| 1432 | <p class="MsoToc2">4.4<span style= |
| 1433 | 'font-size:12.0pt'> </span> |
| 1434 | Polymorphism....................................................................................................... |
| 1435 | 24</p> |
| 1436 | <p class="MsoToc1">5<span style= |
| 1437 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1438 | <a href=#memory> |
| 1439 | Memory |
| 1440 | Management</a>............................................................................................ |
| 1441 | 25</p> |
| 1442 | <p class="MsoToc2">5.1<span style= |
| 1443 | 'font-size:12.0pt'> </span> Storage |
| 1444 | Model...................................................................................................... |
| 1445 | 25</p> |
| 1446 | <p class="MsoToc2">5.2<span style= |
| 1447 | 'font-size:12.0pt'> </span> Deallocation |
| 1448 | Errors............................................................................................... |
| 1449 | 26</p> |
| 1450 | <p class="MsoToc3">5.2.1<span style= |
| 1451 | 'font-size:12.0pt'> </span> Unshared |
| 1452 | References.................................................................................... |
| 1453 | 26</p> |
| 1454 | <p class="MsoToc3">5.2.2<span style= |
| 1455 | 'font-size:12.0pt'> </span> Temporary |
| 1456 | Parameters.................................................................................. |
| 1457 | 27</p> |
| 1458 | <p class="MsoToc3">5.2.3<span style= |
| 1459 | 'font-size:12.0pt'> </span> Owned and |
| 1460 | Dependent |
| 1461 | References................................................................. |
| 1462 | 27</p> |
| 1463 | <p class="MsoToc3">5.2.4<span style= |
| 1464 | 'font-size:12.0pt'> </span> Keep |
| 1465 | Parameters........................................................................................... |
| 1466 | 28</p> |
| 1467 | <p class="MsoToc3">5.2.5<span style= |
| 1468 | 'font-size:12.0pt'> </span> Shared |
| 1469 | References........................................................................................ |
| 1470 | 28</p> |
| 1471 | <p class="MsoToc3">5.2.6<span style= |
| 1472 | 'font-size:12.0pt'> </span> Stack |
| 1473 | References.......................................................................................... |
| 1474 | 28</p> |
| 1475 | <p class="MsoToc3">5.2.7<span style= |
| 1476 | 'font-size:12.0pt'> </span> Inner |
| 1477 | Storage................................................................................................. |
| 1478 | 28</p> |
| 1479 | <p class="MsoToc2">5.3<span style= |
| 1480 | 'font-size:12.0pt'> </span> Implicit Memory |
| 1481 | Annotations................................................................................. |
| 1482 | 29</p> |
| 1483 | <p class="MsoToc2">5.4<span style= |
| 1484 | 'font-size:12.0pt'> </span> Reference |
| 1485 | Counting.............................................................................................. |
| 1486 | 30</p> |
| 1487 | <p class="MsoToc1">6<span style= |
| 1488 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1489 | <a href=#sharing> |
| 1490 | Sharing</a>.................................................................................................................... |
| 1491 | 31</p> |
| 1492 | <p class="MsoToc2">6.1<span style= |
| 1493 | 'font-size:12.0pt'> </span> |
| 1494 | Aliasing................................................................................................................ |
| 1495 | 31</p> |
| 1496 | <p class="MsoToc3">6.1.1<span style= |
| 1497 | 'font-size:12.0pt'> </span> Unique |
| 1498 | Parameters........................................................................................ |
| 1499 | 31</p> |
| 1500 | <p class="MsoToc3">6.1.2<span style= |
| 1501 | 'font-size:12.0pt'> </span> Returned |
| 1502 | Parameters..................................................................................... |
| 1503 | 31</p> |
| 1504 | <p class="MsoToc2">6.2<span style= |
| 1505 | 'font-size:12.0pt'> </span> |
| 1506 | Exposure.............................................................................................................. |
| 1507 | 32</p> |
| 1508 | <p class="MsoToc3">6.2.1<span style= |
| 1509 | 'font-size:12.0pt'> </span> Read-Only |
| 1510 | Storage........................................................................................ |
| 1511 | 32</p> |
| 1512 | <p class="MsoToc3">6.2.2<span style= |
| 1513 | 'font-size:12.0pt'> </span> Exposed |
| 1514 | Storage............................................................................................ |
| 1515 | 33</p> |
| 1516 | <p class="MsoToc1">7<span style= |
| 1517 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1518 | <a href=#function> |
| 1519 | Function |
| 1520 | Interfaces</a>................................................................................................. |
| 1521 | 35</p> |
| 1522 | <p class="MsoToc2">7.1<span style= |
| 1523 | 'font-size:12.0pt'> </span> |
| 1524 | Modifications........................................................................................................ |
| 1525 | 35</p> |
| 1526 | <p class="MsoToc3">7.1.1<span style= |
| 1527 | 'font-size:12.0pt'> </span> State |
| 1528 | Modifications........................................................................................ |
| 1529 | 36</p> |
| 1530 | <p class="MsoToc3">7.1.2<span style= |
| 1531 | 'font-size:12.0pt'> </span> Missing Modifies |
| 1532 | Clauses............................................................................... |
| 1533 | 36</p> |
| 1534 | <p class="MsoToc2">7.2<span style= |
| 1535 | 'font-size:12.0pt'> </span> Global |
| 1536 | Variables................................................................................................... |
| 1537 | 37</p> |
| 1538 | <p class="MsoToc3">7.2.1<span style= |
| 1539 | 'font-size:12.0pt'> </span> Controlling |
| 1540 | Globals |
| 1541 | Checking.......................................................................... |
| 1542 | 37</p> |
| 1543 | <p class="MsoToc3">7.2.2<span style= |
| 1544 | 'font-size:12.0pt'> </span> Definition |
| 1545 | State.............................................................................................. |
| 1546 | 38</p> |
| 1547 | <p class="MsoToc2">7.3<span style= |
| 1548 | 'font-size:12.0pt'> </span> Declaration |
| 1549 | Consistency........................................................................................ |
| 1550 | 38</p> |
| 1551 | <p class="MsoToc2">7.4<span style= |
| 1552 | 'font-size:12.0pt'> </span> State |
| 1553 | Clauses....................................................................................................... |
| 1554 | 39</p> |
| 1555 | <p class="MsoToc2">7.5<span style= |
| 1556 | 'font-size:12.0pt'> </span> Requires and |
| 1557 | Ensures |
| 1558 | Clauses............................................................................... |
| 1559 | 41</p> |
| 1560 | <p class="MsoToc1">8<span style= |
| 1561 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1562 | <a href=#control> |
| 1563 | Control |
| 1564 | Flow</a>........................................................................................................... |
| 1565 | 43</p> |
| 1566 | <p class="MsoToc2">8.1<span style= |
| 1567 | 'font-size:12.0pt'> </span> |
| 1568 | Execution............................................................................................................. |
| 1569 | 43</p> |
| 1570 | <p class="MsoToc2">8.2<span style= |
| 1571 | 'font-size:12.0pt'> </span> Undefined |
| 1572 | Behavior.............................................................................................. |
| 1573 | 44</p> |
| 1574 | <p class="MsoToc2">8.3<span style= |
| 1575 | 'font-size:12.0pt'> </span> Problematic |
| 1576 | Control |
| 1577 | Structures.............................................................................. |
| 1578 | 45</p> |
| 1579 | <p class="MsoToc3">8.3.1<span style= |
| 1580 | 'font-size:12.0pt'> </span> Likely Infinite |
| 1581 | Loops...................................................................................... |
| 1582 | 45</p> |
| 1583 | <p class="MsoToc3">8.3.2<span style= |
| 1584 | 'font-size:12.0pt'> </span> |
| 1585 | Switches....................................................................................................... |
| 1586 | 46</p> |
| 1587 | <p class="MsoToc3">8.3.3<span style= |
| 1588 | 'font-size:12.0pt'> </span> Deep |
| 1589 | Breaks................................................................................................. |
| 1590 | 46</p> |
| 1591 | <p class="MsoToc3">8.3.4<span style= |
| 1592 | 'font-size:12.0pt'> </span> Loop and If |
| 1593 | Bodies........................................................................................ |
| 1594 | 47</p> |
| 1595 | <p class="MsoToc3">8.3.5<span style= |
| 1596 | 'font-size:12.0pt'> </span> Complete |
| 1597 | Logic............................................................................................. |
| 1598 | 47</p> |
| 1599 | <p class="MsoToc2">8.4<span style= |
| 1600 | 'font-size:12.0pt'> </span> Suspicious |
| 1601 | Statements........................................................................................... |
| 1602 | 47</p> |
| 1603 | <p class="MsoToc3">8.4.1<span style= |
| 1604 | 'font-size:12.0pt'> </span> Statements with |
| 1605 | No |
| 1606 | Effects............................................................................ |
| 1607 | 47</p> |
| 1608 | <p class="MsoToc3">8.4.2<span style= |
| 1609 | 'font-size:12.0pt'> </span> Ignored Return |
| 1610 | Values................................................................................... |
| 1611 | 48</p> |
| 1612 | <p class="MsoToc1">9<span style= |
| 1613 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1614 | <a href=#buffer> |
| 1615 | Buffer |
| 1616 | Sizes</a>............................................................................................................. |
| 1617 | 49</p> |
| 1618 | <p class="MsoToc2">9.1<span style= |
| 1619 | 'font-size:12.0pt'> </span> Checking |
| 1620 | Accesses.............................................................................................. |
| 1621 | 49</p> |
| 1622 | <p class="MsoToc2">9.2<span style= |
| 1623 | 'font-size:12.0pt'> </span> Annotating |
| 1624 | Buffer |
| 1625 | Sizes........................................................................................ |
| 1626 | 49</p> |
| 1627 | <p class="MsoToc2">9.3<span style= |
| 1628 | 'font-size:12.0pt'> </span> |
| 1629 | Warnings............................................................................................................. |
| 1630 | 50</p> |
| 1631 | <p class="MsoToc1">10<span style= |
| 1632 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1633 | <a href=#extensible> |
| 1634 | Extensible |
| 1635 | Checking</a>............................................................................................ |
| 1636 | 52</p> |
| 1637 | <p class="MsoToc2">10.1<span style= |
| 1638 | 'font-size:12.0pt'> </span> |
| 1639 | Defining |
| 1640 | Attributes............................................................................................ |
| 1641 | 52</p> |
| 1642 | <p class="MsoToc2">10.2<span style= |
| 1643 | 'font-size:12.0pt'> </span> |
| 1644 | Annotations...................................................................................................... |
| 1645 | 54</p> |
| 1646 | <p class="MsoToc2">10.3<span style= |
| 1647 | 'font-size:12.0pt'> </span> |
| 1648 | Example........................................................................................................... |
| 1649 | 54</p> |
| 1650 | <p class="MsoToc1">11<span style= |
| 1651 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1652 | <a href=#macros> |
| 1653 | Macros</a>.................................................................................................................. |
| 1654 | 55</p> |
| 1655 | <p class="MsoToc2">11.1<span style= |
| 1656 | 'font-size:12.0pt'> </span> |
| 1657 | Constant |
| 1658 | Macros............................................................................................... |
| 1659 | 55</p> |
| 1660 | <p class="MsoToc2">11.2<span style= |
| 1661 | 'font-size:12.0pt'> </span> |
| 1662 | Function-like |
| 1663 | Macros......................................................................................... |
| 1664 | 55</p> |
| 1665 | <p class="MsoToc3">11.2.1<span style= |
| 1666 | 'font-size:12.0pt'> </span> Side |
| 1667 | Effect Free |
| 1668 | Parameters....................................................................... |
| 1669 | 56</p> |
| 1670 | <p class="MsoToc2">11.3<span style= |
| 1671 | 'font-size:12.0pt'> </span> |
| 1672 | Controlling Macro |
| 1673 | Checking............................................................................... |
| 1674 | 57</p> |
| 1675 | <p class="MsoToc2">11.4<span style= |
| 1676 | 'font-size:12.0pt'> </span> |
| 1677 | Iterators........................................................................................................... |
| 1678 | 58</p> |
| 1679 | <p class="MsoToc3">11.4.1<span style= |
| 1680 | 'font-size:12.0pt'> </span> |
| 1681 | Defining |
| 1682 | Iterators....................................................................................... |
| 1683 | 58</p> |
| 1684 | <p class="MsoToc3">11.4.2<span style= |
| 1685 | 'font-size:12.0pt'> </span> |
| 1686 | Using |
| 1687 | Iterators........................................................................................... |
| 1688 | 58</p> |
| 1689 | <p class="MsoToc1">12<span style= |
| 1690 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1691 | <a href=#naming> |
| 1692 | Naming |
| 1693 | Conventions</a>............................................................................................ |
| 1694 | 60</p> |
| 1695 | <p class="MsoToc2">12.1<span style= |
| 1696 | 'font-size:12.0pt'> </span> |
| 1697 | Type-Based Naming |
| 1698 | Conventions...................................................................... |
| 1699 | 60</p> |
| 1700 | <p class="MsoToc3">12.1.1<span style= |
| 1701 | 'font-size:12.0pt'> </span> |
| 1702 | Czech |
| 1703 | Names............................................................................................. |
| 1704 | 60</p> |
| 1705 | <p class="MsoToc3">12.1.2<span style= |
| 1706 | 'font-size:12.0pt'> </span> |
| 1707 | Slovak |
| 1708 | Names............................................................................................ |
| 1709 | 61</p> |
| 1710 | <p class="MsoToc3">12.1.3<span style= |
| 1711 | 'font-size:12.0pt'> </span> |
| 1712 | Czechoslovak |
| 1713 | Names.................................................................................. |
| 1714 | 61</p> |
| 1715 | <p class="MsoToc2">12.2<span style= |
| 1716 | 'font-size:12.0pt'> </span> |
| 1717 | Namespace |
| 1718 | Prefixes......................................................................................... |
| 1719 | 61</p> |
| 1720 | <p class="MsoToc2">12.3<span style= |
| 1721 | 'font-size:12.0pt'> </span> |
| 1722 | Naming |
| 1723 | Restrictions.......................................................................................... |
| 1724 | 63</p> |
| 1725 | <p class="MsoToc3">12.3.1<span style= |
| 1726 | 'font-size:12.0pt'> </span> |
| 1727 | Reserved |
| 1728 | Names........................................................................................ |
| 1729 | 63</p> |
| 1730 | <p class="MsoToc3">12.3.2<span style= |
| 1731 | 'font-size:12.0pt'> </span> |
| 1732 | Distinct |
| 1733 | Names........................................................................................... |
| 1734 | 63</p> |
| 1735 | <p class="MsoToc1">13<span style= |
| 1736 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1737 | <a href=#completeness> |
| 1738 | Completeness</a>....................................................................................................... |
| 1739 | 65</p> |
| 1740 | <p class="MsoToc2">13.1<span style= |
| 1741 | 'font-size:12.0pt'> </span> |
| 1742 | Unused |
| 1743 | Declarations......................................................................................... |
| 1744 | 65</p> |
| 1745 | <p class="MsoToc2">13.2<span style= |
| 1746 | 'font-size:12.0pt'> </span> |
| 1747 | Complete |
| 1748 | Programs........................................................................................... |
| 1749 | 65</p> |
| 1750 | <p class="MsoToc3">13.2.1<span style= |
| 1751 | 'font-size:12.0pt'> </span> |
| 1752 | Unnecessarily External |
| 1753 | Names.................................................................... |
| 1754 | 65</p> |
| 1755 | <p class="MsoToc3">13.2.2<span style= |
| 1756 | 'font-size:12.0pt'> </span> |
| 1757 | Declarations Missing from |
| 1758 | Headers............................................................. |
| 1759 | 65</p> |
| 1760 | <p class="MsoToc1">14<span style= |
| 1761 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1762 | <a href=#libraries> |
| 1763 | Libraries and Header File |
| 1764 | Inclusion</a>.................................................................... |
| 1765 | 66</p> |
| 1766 | <p class="MsoToc2">14.1<span style= |
| 1767 | 'font-size:12.0pt'> </span> |
| 1768 | Standard |
| 1769 | Libraries............................................................................................. |
| 1770 | 66</p> |
| 1771 | <p class="MsoToc3">14.1.1<span style= |
| 1772 | 'font-size:12.0pt'> </span> ISO |
| 1773 | Standard |
| 1774 | Library.................................................................................. |
| 1775 | 66</p> |
| 1776 | <p class="MsoToc3">14.1.2<span style= |
| 1777 | 'font-size:12.0pt'> </span> |
| 1778 | POSIX |
| 1779 | Library........................................................................................... |
| 1780 | 66</p> |
| 1781 | <p class="MsoToc3">14.1.3<span style= |
| 1782 | 'font-size:12.0pt'> </span> UNIX |
| 1783 | Library............................................................................................ |
| 1784 | 66</p> |
| 1785 | <p class="MsoToc3">14.1.4<span style= |
| 1786 | 'font-size:12.0pt'> </span> |
| 1787 | Strict |
| 1788 | Libraries............................................................................................ |
| 1789 | 66</p> |
| 1790 | <p class="MsoToc2">14.2<span style= |
| 1791 | 'font-size:12.0pt'> </span> |
| 1792 | Generating |
| 1793 | Libraries.......................................................................................... |
| 1794 | 67</p> |
| 1795 | <p class="MsoToc3">14.2.1<span style= |
| 1796 | 'font-size:12.0pt'> </span> |
| 1797 | Generating the Standard |
| 1798 | Libraries................................................................ |
| 1799 | 67</p> |
| 1800 | <p class="MsoToc2">14.3<span style= |
| 1801 | 'font-size:12.0pt'> </span> |
| 1802 | Header File |
| 1803 | Inclusion......................................................................................... |
| 1804 | 68</p> |
| 1805 | <p class="MsoToc3">14.3.1<span style= |
| 1806 | 'font-size:12.0pt'> </span> |
| 1807 | Preprocessing |
| 1808 | Constants............................................................................. |
| 1809 | 68</p> |
| 1810 | <p class="MsoToc1">Appendix A<span style= |
| 1811 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1812 | <a href=#availability> |
| 1813 | Availability</a>............................................................................................... |
| 1814 | 71</p> |
| 1815 | <p class="MsoToc1">Appendix B<span style= |
| 1816 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1817 | <a href=#flags> |
| 1818 | Flags</a>........................................................................................................ |
| 1819 | 72</p> |
| 1820 | <p class="MsoToc2">Global |
| 1821 | Flags................................................................................................................... |
| 1822 | 72</p> |
| 1823 | <p class="MsoToc3"> |
| 1824 | Help.......................................................................................................................... |
| 1825 | 72</p> |
| 1826 | <p class="MsoToc3"> |
| 1827 | Initialization................................................................................................................ |
| 1828 | 72</p> |
| 1829 | <p class="MsoToc3"> |
| 1830 | Pre-processor............................................................................................................ |
| 1831 | 73</p> |
| 1832 | <p class="MsoToc3"> |
| 1833 | Libraries.................................................................................................................... |
| 1834 | 73</p> |
| 1835 | <p class="MsoToc3"> |
| 1836 | Output....................................................................................................................... |
| 1837 | 74</p> |
| 1838 | <p class="MsoToc3">Expected |
| 1839 | Errors......................................................................................................... |
| 1840 | 75</p> |
| 1841 | <p class="MsoToc2">Message |
| 1842 | Format............................................................................................................ |
| 1843 | 75</p> |
| 1844 | <p class="MsoToc2">Mode Selector |
| 1845 | Flags....................................................................................................... |
| 1846 | 75</p> |
| 1847 | <p class="MsoToc2">Checking |
| 1848 | Flags............................................................................................................... |
| 1849 | 76</p> |
| 1850 | <p class="MsoToc3"> |
| 1851 | Key........................................................................................................................... |
| 1852 | 76</p> |
| 1853 | <p class="MsoToc3"> |
| 1854 | Types........................................................................................................................ |
| 1855 | 76</p> |
| 1856 | <p class="MsoToc3">Function |
| 1857 | Interfaces..................................................................................................... |
| 1858 | 79</p> |
| 1859 | <p class="MsoToc3">Memory |
| 1860 | Management................................................................................................ |
| 1861 | 81</p> |
| 1862 | <p class="MsoToc3"> |
| 1863 | Sharing...................................................................................................................... |
| 1864 | 84</p> |
| 1865 | <p class="MsoToc3">Use Before Definition <i>(Section |
| 1866 | 3)</i>............................................................................... |
| 1867 | 85</p> |
| 1868 | <p class="MsoToc3">Null Dereferences <i>(Section |
| 1869 | 2)</i>.................................................................................... |
| 1870 | 85</p> |
| 1871 | <p class="MsoToc3">Macros <i>(Section |
| 1872 | 7)</i>.................................................................................................... |
| 1873 | 85</p> |
| 1874 | <p class="MsoToc3"> |
| 1875 | Iterators..................................................................................................................... |
| 1876 | 86</p> |
| 1877 | <p class="MsoToc3">Naming |
| 1878 | Conventions................................................................................................... |
| 1879 | 86</p> |
| 1880 | <p class="MsoToc3">Other |
| 1881 | Checks............................................................................................................. |
| 1882 | 90</p> |
| 1883 | <p class="MsoToc2">Flag Name |
| 1884 | Abbreviations................................................................................................ |
| 1885 | 95</p> |
| 1886 | <p class="MsoToc1">Appendix C<span style= |
| 1887 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1888 | <a href=#annotations> |
| 1889 | Annotations</a>............................................................................................. |
| 1890 | 97</p> |
| 1891 | <p class="MsoToc3">Suppressing |
| 1892 | Warnings................................................................................................. |
| 1893 | 97</p> |
| 1894 | <p class="MsoToc2">Syntactic |
| 1895 | Annotations..................................................................................................... |
| 1896 | 97</p> |
| 1897 | <p class="MsoToc3"> |
| 1898 | Functions................................................................................................................... |
| 1899 | 97</p> |
| 1900 | <p class="MsoToc3">Iterators (Section |
| 1901 | 11.4)............................................................................................... |
| 1902 | 98</p> |
| 1903 | <p class="MsoToc3">Constants (Section |
| 1904 | 11.1)............................................................................................. |
| 1905 | 98</p> |
| 1906 | <p class="MsoToc3">Alternate Types (Section |
| 1907 | 4.4)...................................................................................... |
| 1908 | 98</p> |
| 1909 | <p class="MsoToc3">Declarator |
| 1910 | Annotations............................................................................................... |
| 1911 | 98</p> |
| 1912 | <p class="MsoToc3">Type |
| 1913 | Access.............................................................................................................. |
| 1914 | 98</p> |
| 1915 | <p class="MsoToc3">Macro |
| 1916 | Expansion...................................................................................................... |
| 1917 | 101</p> |
| 1918 | <p class="MsoToc3">Arbitrary Integral |
| 1919 | Types............................................................................................ |
| 1920 | 102</p> |
| 1921 | <p class="MsoToc3">Traditional Lint |
| 1922 | Comments........................................................................................ |
| 1923 | 102</p> |
| 1924 | <p class="MsoToc2">Metastate |
| 1925 | Definitions.................................................................................................... |
| 1926 | 103</p> |
| 1927 | <p class="MsoToc1">Appendix D<span style= |
| 1928 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1929 | <a href=#specifications> |
| 1930 | Specifications<a/>......................................................................................... |
| 1931 | 104</p> |
| 1932 | <p class="MsoToc3">Specification |
| 1933 | Flags.................................................................................................... |
| 1934 | 104</p> |
| 1935 | <p class="MsoToc1"> |
| 1936 | Appendix E<span style= |
| 1937 | 'font-size:12.0pt;font-weight:normal'> </span> |
| 1938 | <a href=#annotated> |
| 1939 | Annotated |
| 1940 | Bibliography</a>........................................................................ |
| 1941 | 107</p> |
| 1942 | |
| 1943 | <p class="TextFontCX"> </p></div> |
| 1944 | <span class="MsoCommentReference"><b><i><span style= |
| 1945 | 'font-size:15.5pt;font-family: "Times New Roman";text-transform:uppercase'> |
| 1946 | <br clear="all" style= |
| 1947 | 'page-break-before: right'></span></i></b></span> |
| 1948 | <div class="Section4"> |
| 1949 | <p class="TextFontCX"><span style= |
| 1950 | 'font-size:16.0pt'> </span></p> |
| 1951 | <p class="MsoNormal" align="center" style='text-align:center'> |
| 1952 | <b><span style='font-size:16.0pt'>Splint User’s |
| 1953 | Manual</span></b></p> |
| 1954 | <p class="MsoNormal" align="center" style='text-align:center'> |
| 1955 | </p> |
| 1956 | <p class="MsoNormal" align="center" style='text-align:center'> |
| 36ba812d |
1957 | Version 3.1.1</p> |
| 9645dee1 |
1958 | <p class="MsoNormal" align="center" style='text-align:center'>7 |
| 36ba812d |
1959 | 27 April 2003</p> |
| 9645dee1 |
1960 | <p class="TextFontCX"> </p> |
| 1961 | <p class="TextFontCX">Splint<a href="#_ftn1" name="_ftnref1" |
| 1962 | title=""><span class="MsoFootnoteReference"><span class= |
| 1963 | "MsoFootnoteReference"><span style= |
| 1964 | 'font-size:11.0pt;font-family:"Times New Roman"'>[1]</span></span></span></a> |
| 1965 | is a tool for statically checking C programs for security |
| 1966 | vulnerabilities and programming mistakes. Splint does many |
| 1967 | of the traditional lint checks including unused declarations, |
| 1968 | type inconsistencies, use before definition, unreachable code, |
| 1969 | ignored return values, execution paths with no return, likely |
| 1970 | infinite loops, and fall through cases. More powerful |
| 1971 | checks are made possible by additional information given in |
| 1972 | source code annotations. Annotations are stylized |
| 1973 | comments that document assumptions about functions, variables, |
| 1974 | parameters and types. In addition to the checks |
| 1975 | specifically enabled by annotations, many of the traditional |
| 1976 | lint checks are improved by exploiting this additional |
| 1977 | information.</p> |
| 1978 | <p class="TextFontCX"> </p> |
| 1979 | <p class="TextFontCX">As more effort is put into annotating |
| 1980 | programs, better checking results. A representational |
| 1981 | effort-benefit curve for using Splint is shown in Figure 1. |
| 1982 | Splint is designed to be flexible and allow programmers to select |
| 1983 | appropriate points on the effort-benefit curve for particular |
| 1984 | projects. As different checks are turned on and more |
| 1985 | information is given in code annotations the number of bugs that |
| 1986 | can be detected increases dramatically.</p> |
| 1987 | <p class="TextFontCX"> </p> |
| 1988 | <p class="beforelist">Problems detected by Splint include:</p> |
| 1989 | <p class="TextFontCX" style= |
| 1990 | 'margin-left:12.95pt; text-indent:-12.95pt'><span style= |
| 1991 | 'font-family:Symbol'>·<span style= |
| 1992 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 1993 | Dereferencing a possibly null pointer (Section 2);</p> |
| 1994 | <p class="TextFontCX" style= |
| 1995 | 'margin-left:12.95pt; text-indent:-12.95pt'><span style= |
| 1996 | 'font-family:Symbol'>·<span style= |
| 1997 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 1998 | Using possibly undefined storage or returning storage that is not |
| 1999 | properly defined (Section 3);</p> |
| 2000 | <p class="MsoListBullet"><span style= |
| 2001 | 'font-family:Symbol'>·<span style= |
| 2002 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 2003 | Type mismatches, with greater precision and flexibility than |
| 2004 | provided by C compilers (Section 4.1–4.2);</p> |
| 2005 | <p class="MsoListBullet"><span style= |
| 2006 | 'font-family:Symbol'>·<span style= |
| 2007 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 2008 | Violations of information hiding (Section 4.3);</p> |
| 2009 | <p class="TextFontCX" style= |
| 2010 | 'margin-left:12.95pt; text-indent:-12.95pt'><span style= |
| 2011 | 'font-family:Symbol'>·<span style= |
| 2012 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 2013 | Memory management errors including uses of dangling references and |
| 2014 | memory leaks (Section 5);</p> |
| 2015 | <p class="TextFontCX" style= |
| 2016 | 'margin-left:12.95pt; text-indent:-12.95pt'><span style= |
| 2017 | 'font-family:Symbol'>·<span style= |
| 2018 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 2019 | Dangerous aliasing (Section 6);</p> |
| 2020 | <p class="TextFontCX" style= |
| 2021 | 'margin-left:12.95pt; text-indent:-12.95pt'><span style= |
| 2022 | 'font-family:Symbol'>·<span style= |
| 2023 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 2024 | Modifications and global variable uses that are inconsistent with |
| 2025 | specified interfaces (Section 7);</p> |
| 2026 | <p class="TextFontCX" style= |
| 2027 | 'margin-left:12.95pt; text-indent:-12.95pt'><span style= |
| 2028 | 'font-family:Symbol'>·<span style= |
| 2029 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 2030 | Problematic control flow such as likely infinite loops (Section |
| 2031 | 8.3.1), fall through cases or incomplete switches (Section 8.3.2), |
| 2032 | and suspicious statements (Section 8.4);</p> |
| 2033 | <p class="TextFontCX" style= |
| 2034 | 'margin-left:12.95pt; text-indent:-12.95pt'><span style= |
| 2035 | 'font-family:Symbol'>·<span style= |
| 2036 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 2037 | Buffer overflow vulnerabilities (Section 9);</p> |
| 2038 | <p class="TextFontCX" style= |
| 2039 | 'margin-left:12.95pt; text-indent:-12.95pt'><span style= |
| 2040 | 'font-family:Symbol'>·<span style= |
| 2041 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 2042 | Dangerous macro implementations or invocations (Section 11); |
| 2043 | and</p> |
| 2044 | <p class="TextFontCX" style= |
| 2045 | 'margin-left:12.95pt; text-indent:-12.95pt'><span style= |
| 2046 | 'font-family:Symbol'>·<span style= |
| 2047 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 2048 | Violations of customized naming conventions. (Section |
| 2049 | 12).</p> |
| 2050 | <p class="TextFontCX"> </p> |
| 2051 | <p class="MsoCaption"> </p> |
| 2052 | <center><img width="572" height="350" src= |
| 2053 | "manual-301_files/image003.gif"> |
| 2054 | <center><br> |
| 2055 | <br> |
| 2056 | |
| 2057 | <p class="MsoCaption"><a name="_Toc534824605"></a><a name= |
| 2058 | "_Ref534821281">Figure</a> 1. Typical Effort-Benefit |
| 2059 | Curve</p> |
| 2060 | <p class="TextFontCX"> </p> |
| 2061 | <p class="TextFontCX">Splint checking can be customized to select |
| 2062 | what classes of errors are reported using command line flags and |
| 2063 | stylized comments in the code. In addition, users can define |
| 2064 | new annotations and associated checks to extend Splint’s |
| 2065 | checking or to enforce application specific properties (Section |
| 2066 | 10).</p> |
| 2067 | <p class="TextFontCX"><a name="_Ref343085763"></a><a name= |
| 2068 | "_Ref343065516"> </a></p> |
| 2069 | <p class="TextFontCX"><b>About This Document</b></p> |
| 2070 | <p class="TextFontCX">This document is a guide to using |
| 2071 | Splint. Section 1 explains how to run Splint, interpret |
| 2072 | messages and control checking. Sections 2–13 describe |
| 2073 | particular checks done by Splint. There are some minor |
| 2074 | dependencies between sections, but in general they can be read in |
| 2075 | any order. Section 14 covers issues involving libraries and |
| 2076 | header file inclusion important for running Splint on large |
| 2077 | systems.</p> |
| 2078 | <p class="TextFontCX"> </p> |
| 2079 | <p class="TextFontCX">This document does not describe technical |
| 2080 | details of the checking. For technical background and |
| 2081 | analysis of Splint’s effectiveness in practice, see the |
| 2082 | papers available at <a href= |
| 2083 | "http://www.splint.org/"><span style='font-size:10.0pt;font-family:Arial'> |
| 2084 | http://www.splint.org</span></a>. </p> |
| 2085 | <center> |
| 2086 | <table cellspacing="0" cellpadding="0" hspace="0" width="80%" |
| 2087 | style="border-collapse: collapse" bordercolor="#111111"> |
| 2088 | <tr> |
| 2089 | <td valign="top" align="left" style= |
| 2090 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 2091 | <p class="TextFontCX" align="right" style='text-align:right'> |
| 2092 | <a name="_Ref349497354"></a><a name= |
| 2093 | "_Ref348079997"><i><span style='font-size:9.0pt'>Since human |
| 2094 | beings themselves are not fully debugged yet, there will be |
| 2095 | bugs in your code no matter what you do.</span></i></a></p> |
| 2096 | <p class="TextFontCX" align="right" style= |
| 2097 | 'margin-left:4.5pt;text-align:right'><span style= |
| 2098 | 'font-size:9.0pt'>Chris Mason,</span><i><span style= |
| 2099 | 'font-size:9.0pt'>Zero-defects memo</span></i> |
| 2100 | <span style='font-size:9.0pt'>(quoted in <i>Microsoft |
| 2101 | Secrets</i>, Cusumano and |
| 2102 | Selby)</span></p></td></tr></table></center> |
| 2103 | <h1 style='margin-left:0in;text-indent:0in'><a name= |
| 2104 | "Section1"></a><a name="_Toc534974932"></a><a name= |
| 2105 | "_Ref348785755">1<span style= |
| 2106 | 'font:7.0pt "Times New Roman"'> </span> |
| 2107 | <a id="operation" name="operation"> Operation</a></h1> |
| 2108 | <p class="TextFontCX">Splint is invoked by listing files to be |
| 2109 | checked. Initialization files, command line flags, and |
| 2110 | stylized comments may be used to customize checking globally and |
| 2111 | locally.</p> |
| 2112 | <p class="TextFontCX"> </p> |
| 2113 | <p class="TextFontCX">The best way to learn to use Splint, of |
| 2114 | course, is to actually use it (if you don’t already have |
| 2115 | Splint installed on your system, see Appendix A). Before you |
| 2116 | read much further in this document, I recommend finding a small C |
| 2117 | program. Then, try running:</p> |
| 2118 | <p class="example" align="left">splint *.c</p> |
| 2119 | <center> |
| 2120 | <center> |
| 2121 | <p class="TextFontCX">For the most C programs, this will produce a |
| 2122 | large number of warnings. To turn off reporting for some of |
| 2123 | the warnings, try:<a name="_Ref347468509"></a><a name= |
| 2124 | "_Ref345591726"></a><a name="_Ref345568136"></a><a name= |
| 2125 | "_Ref345515100"></a><a name="_Ref345497041"></a><a name= |
| 2126 | "_Ref345435155"></a><a name="_Ref345257971"></a><a name= |
| 2127 | "_Ref344916723"></a><a name="_Ref344907348"></a><a name= |
| 2128 | "_Ref344891202"></a><a name="_Toc344355397"></a></p> |
| 2129 | <p class="example" align="left">splint -weak *.c</p> |
| 2130 | <center> |
| 2131 | <center> |
| 2132 | <p class="TextFontCX">The <span class="Flag"><span style= |
| 2133 | 'font-size:10.0pt'>-weak</span></span> flag is a mode flag that |
| 2134 | sets many checking parameters to select weaker checking than is |
| 2135 | done in the default mode. Other Splint flags will be |
| 2136 | introduced in the following sections; a complete list is given in |
| 2137 | Appendix B.</p> |
| 2138 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 2139 | "_Toc534974933"></a><a name="_Toc344355435">1.1<span style= |
| 2140 | 'font:7.0pt "Times New Roman"'> </span> |
| 2141 | Warnings</a></h2> |
| 2142 | <p class="beforelist">A typical warning message is:</p> |
| 2143 | <p class="IndentText" align="left" style="margin-bottom: 0.0003pt"> |
| 2144 | <span style='font-size:10.0pt;font-family:Arial'>sample.c: (in |
| 2145 | function faucet)</span></p> |
| 2146 | <p class="IndentText" align="left"><span style= |
| 2147 | 'font-size:10.0pt;font-family:Arial'>sample.c:11:12</span><span style='font-size:10.0pt; font-family:Arial'> |
| 2148 | : Fresh storage x not released before return</span></p> |
| 2149 | <p class="IndentText" align="left"><span style= |
| 2150 | 'font-size:10.0pt;font-family:Arial'> A memory leak has been |
| 2151 | detected. Storage allocated locally is not released</span></p> |
| 2152 | <p class="IndentText" align="left"><span style= |
| 2153 | 'font-size:10.0pt;font-family:Arial'> before the last |
| 2154 | reference to it is lost. (Use -mustfreefresh to inhibit</span></p> |
| 2155 | <p class="IndentText" align="left"><span style= |
| 2156 | 'font-size:10.0pt;font-family:Arial'> warning)</span></p> |
| 2157 | <p class="IndentText" align="left"><span style= |
| 2158 | 'font-size:10.0pt;font-family:Arial'> sample.c:5:47: |
| 2159 | Fresh storage x allocated</span></p> |
| 2160 | <center> |
| 2161 | <center> |
| 2162 | <p class="afterlist">The first line gives the name of the function |
| 2163 | in which the error is found. This is printed before the first |
| 2164 | message reported for a function. The second line is the text |
| 2165 | of the message. This message reports a memory |
| 2166 | leak—storage allocated in a function is not deallocated |
| 2167 | before the function returns. The file name, line and column |
| 2168 | number where the error is located precedes the text. </p> |
| 2169 | <p class="TextFontCX"> </p> |
| 2170 | <p class="TextFontCX">The next line is a hint giving more |
| 2171 | information about the suspected error, including information on how |
| 2172 | the warning message may be suppressed. For this message, |
| 2173 | using the <span class="Flag"><span style= |
| 2174 | 'font-size:10.0pt'>‑mustfreefresh</span></span> flag |
| 2175 | would prevent this warning from being reported. This flag can |
| 2176 | be set at the command line, or more precisely just around the code |
| 2177 | point in question by using annotations (see Section 1.3.2).</p> |
| 2178 | <p class="TextFontCX"> </p> |
| 2179 | <p class="TextFontCX">The final line of the message gives |
| 2180 | additional location information. For this message, it tells |
| 2181 | where the leaking storage was allocated.</p> |
| 2182 | <p class="TextFontCX"> </p> |
| 2183 | <p class="beforelist">The generic message format is (parts enclosed |
| 2184 | in square brackets are optional):</p> |
| 2185 | <p class="Verbatim" align="left"><span style= |
| 2186 | 'font-family:Arial'> [<file>:<line> (in |
| 2187 | <context>)]</span></p> |
| 2188 | <p class="Verbatim" align="left"><span style= |
| 2189 | 'font-family:Arial'> |
| 2190 | <file>:<line>[,<column>]: |
| 2191 | <i>message</i></span></p> |
| 2192 | <p class="Verbatim" align="left"><span style= |
| 2193 | 'font-family:Arial'> |
| 2194 | [<i>hint</i>]</span></p> |
| 2195 | <p class="Verbatim" align="left"><span style= |
| 2196 | 'font-family:Arial'> |
| 2197 | <file>:<line>,<column>: <i>extra location |
| 2198 | information, if appropriate</i></span></p> |
| 2199 | <center> |
| 2200 | <center> |
| 2201 | <p class="afterlist">Users can customize the format and content of |
| 2202 | messages printed by Splint. The function context is not |
| 2203 | printed if <span class="Flag"><span style= |
| 2204 | 'font-size:10.0pt'>-showfunc</span></span> is used. |
| 2205 | Column numbers are not printed if <span class= |
| 2206 | "Flag"><span style='font-size:10.0pt'>‑showcol</span></span> is |
| 2207 | used. The <span class="Flag"><span style= |
| 2208 | 'font-size:10.0pt'>+parenfileformat</span></span> flag |
| 2209 | can be used to generate file locations in the format |
| 2210 | recognized by Microsoft Visual Studio. If <span class= |
| 2211 | "Flag"><span style= |
| 2212 | 'font-size:10.0pt'>+parenfileformat</span></span> is set, the |
| 2213 | line number follows the file name in parentheses (e.g., |
| 2214 | <span class="PlainText"><span style= |
| 2215 | 'font-size:10.0pt;font-family:Arial'>sample.c(11)</span></span>.) |
| 2216 | Messages are split into lines of length less than the |
| 2217 | value set using <span class="Flag"><span style= |
| 2218 | 'font-size:10.0pt'>-linelen |
| 2219 | <i><number></i></span></span>. The default line |
| 2220 | length is 80 characters. Splint attempts to split lines |
| 2221 | in a sensible place as near to the line length limit as |
| 2222 | possible. </p> |
| 2223 | <p class="afterlist" style='margin-top:0in'> </p> |
| 2224 | <p class="afterlist" style='margin-top:0in'>The <span class= |
| 2225 | "Flag"><span style= |
| 2226 | 'font-size:10.0pt'>‑hints</span></span> prevents any |
| 2227 | hints from being printed. Normally, a hint is given only the |
| 2228 | first time a class of error is reported. To have Splint print |
| 2229 | a hint for every message regardless, use <span class= |
| 2230 | "Flag"><span style= |
| 2231 | 'font-size:10.0pt'>+forcehints</span></span>.</p> |
| 2232 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 2233 | "_Toc534974934"></a><a name="_Ref348343333"></a><a name= |
| 2234 | "_Ref348343330"></a><a name="_Ref348092990"></a><a name= |
| 2235 | "_Ref344882148"></a><a name="_Ref344870278"></a><a name= |
| 2236 | "_Toc344355436">1.2<span style= |
| 2237 | 'font:7.0pt "Times New Roman"'> </span> |
| 2238 | Flags</a></h2> |
| 2239 | <p class="TextFontCX">So that many programming styles can be |
| 2240 | supported, Splint provides several hundred flags for controlling |
| 2241 | checking and message reporting. Some of the flags are |
| 2242 | introduced in the body of this document. Appendix B describes |
| 2243 | every flag. Modes and shortcut flags are provided for setting |
| 2244 | many flags at once. Individual flags can override the mode |
| 2245 | settings.</p> |
| 2246 | <p class="TextFontCX"> </p> |
| 2247 | <p class="TextFontCX">Flags are preceded by <span class= |
| 2248 | "Flag"><span style='font-size:10.0pt'>+</span></span> or |
| 2249 | <span class="Flag"><span style= |
| 2250 | 'font-size:10.0pt'>-</span></span>. When a flag is preceded |
| 2251 | by <span class="Flag"><span style= |
| 2252 | 'font-size:10.0pt'>+</span></span> we say it is <i>on</i>; when it |
| 2253 | is preceded by <span class="Flag"><span style= |
| 2254 | 'font-size:10.0pt'>-</span></span> it is <i>off</i>. The precise |
| 2255 | meaning of on and off depends on the type of flag. </p> |
| 2256 | <p class="TextFontCX"> </p> |
| 2257 | <p class="TextFontCX">The <span class="Flag"><span style= |
| 2258 | 'font-size:10.0pt'>+</span></span>/<span class= |
| 2259 | "Flag"><span style='font-size:10.0pt'>-</span></span> flag |
| 2260 | settings are used for consistency and clarity, but contradict |
| 2261 | standard UNIX usage and it is easy to accidentally use the |
| 2262 | wrong one. To reduce the likelihood of using the wrong |
| 2263 | flag, Splint issues warnings when a flag is set in an unusual |
| 2264 | way. Warnings are issued when a flag is redundantly set |
| 2265 | to the value it already had (these errors are not reported if |
| 2266 | the flag is set using a stylized comment), if a mode flag or |
| 2267 | special flag is set after a more specific flag that will be |
| 2268 | set by the general flag was already set, if value flags are |
| 2269 | given unreasonable values, of if flags are set in an |
| 2270 | inconsistent way. The <span class="Flag"><span style= |
| 2271 | 'font-size: 10.0pt'>-warnflags</span></span> flag |
| 2272 | suppresses these warnings.</p> |
| 2273 | <p class="TextFontCX"> </p> |
| 2274 | <p class="TextFontCX">Default flag settings will be read from |
| 2275 | <span class="Keyword"><span style= |
| 2276 | 'font-size:10.0pt;font-family: Arial;color:windowtext'>~/.splintrc</span></span> if |
| 2277 | it is readable. If there is a <span class= |
| 2278 | "Keyword"><span style= |
| 2279 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.splintrc</span></span> file |
| 2280 | in the working directory, settings in this file will be read next |
| 2281 | and its settings will override those in <span class= |
| 2282 | "Keyword"><span style= |
| 2283 | 'font-size:10.0pt;font-family:Arial; color:windowtext'>~/.splintrc</span></span>. |
| 2284 | Command-line flags override settings in either file. The |
| 2285 | syntax of the <span class="Keyword"><span style= |
| 2286 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.splintrc</span></span> file |
| 2287 | is the same as that of command-line flags, except that flags may be |
| 2288 | on separate lines and the <span class="CodeText"><span style= |
| 2289 | 'font-size:10.0pt'>#</span></span> character may be used to |
| 2290 | indicate that the remainder of the line is a comment. The |
| 2291 | <span class="Flag"><span style= |
| 2292 | 'font-size:10.0pt'>-nof</span></span> flag prevents the |
| 2293 | <span class="Keyword"><span style= |
| 2294 | 'font-size:10.0pt;font-family: Arial;color:windowtext'>~/.splintrc</span></span> file |
| 2295 | from being loaded. The <span class="Flag"><span style= |
| 2296 | 'font-size:10.0pt'>-f</span></span> <span class= |
| 2297 | "Flag"><span style= |
| 2298 | 'font-size:10.0pt'><i><filename></i></span></span> flag |
| 2299 | loads options from <i>filename</i>.</p> |
| 2300 | <p class="TextFontCX"> </p> |
| 2301 | <p class="TextFontCX">To make flag names more readable, hyphens |
| 2302 | (<span class="Flag"><span style= |
| 2303 | 'font-size:10.0pt'>-</span></span>), underscores |
| 2304 | (<span class="Flag"><span style= |
| 2305 | 'font-size:10.0pt'>_</span></span>) and spaces in flags at |
| 2306 | the command line are ignored. Hence, <span class= |
| 2307 | "Flag"><span style= |
| 2308 | 'font-size:10.0pt'>warnflags</span></span>, <span class= |
| 2309 | "Flag"><span style= |
| 2310 | 'font-size:10.0pt'>warn-flags</span></span> and <span class= |
| 2311 | "Flag"><span style= |
| 2312 | 'font-size:10.0pt'>warn_flags</span></span> all select the |
| 2313 | <span class="Flag"><span style= |
| 2314 | 'font-size:10.0pt'>warnflags</span></span> option.</p> |
| 2315 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 2316 | "_Toc534974935"></a><a name="_Toc344355442"></a><a name= |
| 2317 | "_Ref343086686">1.3<span style= |
| 2318 | 'font:7.0pt "Times New Roman"'> </span> |
| 2319 | Stylized Comments</a></h2> |
| 2320 | <p class="TextFontCX">Stylized comments are used to provide extra |
| 2321 | information about a type, variable or function interface to improve |
| 2322 | checking, or to control flag settings locally.</p> |
| 2323 | <p class="TextFontCX"> </p> |
| 2324 | <p class="TextFontCX">All stylized comments begin with |
| 2325 | <span class="CodeText"><span style= |
| 2326 | 'font-size:10.0pt'>/*@</span></span> and are closed by the |
| 2327 | end of the comment. The role of the <span class= |
| 2328 | "CodeText"><span style= |
| 2329 | 'font-size:10.0pt'>@</span></span> may be played by any |
| 2330 | printable character. Use <span class= |
| 2331 | "Flag"><span style='font-size:10.0pt'>-commentchar</span></span><span class="Flag"> |
| 2332 | <span style= |
| 2333 | 'font-size:10.0pt'> <i><char></i></span></span> to |
| 2334 | select a different stylized comment marker.</p> |
| 2335 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 2336 | "_Toc534974936">1.3.1<span style= |
| 2337 | 'font:7.0pt "Times New Roman"'> </span> |
| 2338 | Annotations</a></h3> |
| 2339 | <p class="TextFontCX">Annotations are stylized comments that follow |
| 2340 | a definite syntax. Although they are comments, they may only |
| 2341 | be used in fixed grammatical contexts (e.g., like a type |
| 2342 | qualifier).</p> |
| 2343 | <p class="TextFontCX"> </p> |
| 2344 | <p class="TextFontCX">Sections 2–6­ describe |
| 2345 | annotations for expressing assumptions about variables, |
| 2346 | parameters, return values, structure fields and |
| 2347 | type definitions. For example, <span class= |
| 2348 | "Annot"><span style='font-size:10.0pt'>/*@null@*/</span></span> is |
| 2349 | used to express an assumption that a parameter may be NULL. |
| 2350 | Section 7 describes annotations for describing function |
| 2351 | interfaces. Other annotations are described in later sections |
| 2352 | and Section 10 describes mechanisms users can employ to define new |
| 2353 | annotations. A summary of annotations is found in Appendix |
| 2354 | C.</p> |
| 2355 | <p class="TextFontCX"> </p> |
| 2356 | <p class="TextFontCX">Some annotations, known as control comments, |
| 2357 | may appear between any two tokens in a C program (unlike regular C |
| 2358 | comments, control comments should not be used within a single token |
| 2359 | as they introduce new separators in the code). Syntactically, |
| 2360 | they are no different from standard comments. Control |
| 2361 | comments are used to provide source-level control of Splint |
| 2362 | checking. They may be used to suppress spurious messages, set |
| 2363 | flags, and control checking locally in other ways.</p> |
| 2364 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 2365 | "_Toc534974937"></a><a name="_Ref534648584">1.3.2<span style= |
| 2366 | 'font:7.0pt "Times New Roman"'> </span> |
| 2367 | Setting Flags</a></h3> |
| 2368 | <p class="TextFontCX">Most flags (all except those characterized as |
| 2369 | “global” in Appendix B) can be set locally using |
| 2370 | control comments. A control comment can set flags locally to |
| 2371 | override the command line settings. The original flag |
| 2372 | settings are restored before processing the next file. The syntax |
| 2373 | for setting flags in control comments is the same as that of the |
| 2374 | command line, except that flags may also be preceded by |
| 2375 | <span class="CodeText"><span style= |
| 2376 | 'font-size:10.0pt'>=</span></span> to restore their setting |
| 2377 | to the original command-line value. For instance,</p> |
| 2378 | <p class="example"><span class="Annot"><span style= |
| 2379 | 'font-size:10.0pt'>/*@+charint</span></span> <span class= |
| 2380 | "Annot"><span style= |
| 2381 | 'font-size:10.0pt'>-modifies</span></span><span class= |
| 2382 | "Annot"><span style= |
| 2383 | 'font-size:10.0pt'>=showfunc</span></span><span class= |
| 2384 | "Annot"><span style='font-size:10.0pt'>@*/</span></span></p> |
| 2385 | <p class="TextFontCX">sets <span class="Flag"><span style= |
| 2386 | 'font-size:10.0pt'>charint</span></span> on (this makes |
| 2387 | <span class="CodeText"><span style= |
| 2388 | 'font-size:10.0pt'>char</span></span> and <span class= |
| 2389 | "CodeText"><span style='font-size:10.0pt'>int</span></span> |
| 2390 | indistinguishable types), sets <span class= |
| 2391 | "Flag"><span style='font-size:10.0pt'>modifies</span></span> |
| 2392 | off (this prevents reporting of modification errors), and |
| 2393 | sets <span class="Flag"><span style= |
| 2394 | 'font-size:10.0pt'>showfunc</span></span> to its |
| 2395 | original setting (this controls whether or not the name |
| 2396 | of a function <a name="_Toc344355449">is displayed before a |
| 2397 | message).</a><a name="_Ref348845205"></a><a name= |
| 2398 | "_Ref348845200"></a> <a name="_Ref348785779"></a></p> |
| 2399 | <h1 style='margin-left:0in;text-indent:0in'><a name= |
| 2400 | "_Toc534974938"></a><a name="_Ref534641443"></a><a name= |
| 2401 | "_Ref534093860"></a><a name="_Ref534050017"></a><a name= |
| 2402 | "_Ref534008843">2<span style= |
| 2403 | 'font:7.0pt "Times New Roman"'> </span> |
| 2404 | <a id="null" name="null">Null Dereferences</a></a></h1> |
| 2405 | <p class="TextFontCX">A common cause of program failures is when a |
| 2406 | null pointer is dereferenced. Splint detects these |
| 2407 | errors by distinguishing possibly <span class= |
| 2408 | "CodeText"><span style='font-size:10.0pt'>NULL</span></span> |
| 2409 | pointers at interface boundaries.</p> |
| 2410 | <p class="TextFontCX"> </p> |
| 2411 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 2412 | 'font-size:10.0pt'>null</span></span> annotation is used to |
| 2413 | indicate that a pointer value may be <span class= |
| 2414 | "CodeText"><span style='font-size:10.0pt'>NULL</span></span>. |
| 2415 | A pointer declared with no <span class="Annot"><span style= |
| 2416 | 'font-size:10.0pt'>null</span></span> annotation, may not be |
| 2417 | <span class="CodeText"><span style= |
| 2418 | 'font-size:10.0pt'>NULL</span></span>. If null checking is |
| 2419 | turned on (controlled by <span class="Flag"><span style= |
| 2420 | 'font-size:10.0pt'>null</span></span>), Splint will report an error |
| 2421 | when a possibly null pointer is passed as a parameter, returned as |
| 2422 | a result, or assigned to an external reference with no |
| 2423 | <span class="Annot"><span style= |
| 2424 | 'font-size:10.0pt'>null</span></span> qualifier.</p> |
| 2425 | <p class="TextFontCX"> </p> |
| 2426 | <p class="TextFontCX">If a pointer is declared with the |
| 2427 | <span class="Annot"><span style= |
| 2428 | 'font-size:10.0pt'>null</span></span> annotation, the code |
| 2429 | must check that it is not <span class="CodeText"><span style= |
| 2430 | 'font-size:10.0pt'>NULL</span></span> on all paths leading to |
| 2431 | a dereference of the pointer (or the pointer being returned |
| 2432 | or passed as a value with no <span class="Annot"><span style= |
| 2433 | 'font-size:10.0pt'>null</span></span> annotation). |
| 2434 | Dereferences of possibly null pointers may be protected by |
| 2435 | conditional statements or <span class="CodeText"><span style= |
| 2436 | 'font-size:10.0pt'>assert</span></span>ions (to see how |
| 2437 | <span class="CodeText"><span style= |
| 2438 | 'font-size:10.0pt'>assert</span></span> is declared see |
| 2439 | Section 8.1) that check the pointer is not <span class= |
| 2440 | "CodeText"><span style= |
| 2441 | 'font-size:10.0pt'>NULL</span></span>.</p> |
| 2442 | <p class="TextFontCX"> </p> |
| 2443 | <p class="TextFontCX">Consider two implementations of |
| 2444 | <span class="CodeText"><span style= |
| 2445 | 'font-size:10.0pt'>firstChar</span></span> in Figure 2. For |
| 2446 | <span class="CodeText"><span style= |
| 2447 | 'font-size:10.0pt'>firstChar1</span></span>, Splint reports |
| 2448 | an error since the pointer that is dereferenced is declared |
| 2449 | with a <span class="Annot"><span style= |
| 2450 | 'font-size:10.0pt'>null</span></span> annotation. |
| 2451 | For <span class="CodeText"><span style= |
| 2452 | 'font-size:10.0pt'>firstChar2</span></span>, no error is |
| 2453 | reported since the true branch of the <span class= |
| 2454 | "CodeText"><span style='font-size:10.0pt'>s == |
| 2455 | NULL</span></span> if statement returns, so the dereference |
| 2456 | of <span class="CodeText"><span style= |
| 2457 | 'font-size:10.0pt'>s</span></span> is only reached if |
| 2458 | <span class="CodeText"><span style= |
| 2459 | 'font-size:10.0pt'>s</span></span> is not <span class= |
| 2460 | "CodeText"><span style= |
| 2461 | 'font-size:10.0pt'>NULL</span></span>.</p> |
| 2462 | <center> |
| 2463 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 2464 | cellpadding="0" style= |
| 2465 | 'margin-left:5.4pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'> |
| 2466 | <tr> |
| 2467 | <td valign="top" style= |
| 2468 | 'width:207.0pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 2469 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 2470 | <span class="Keyword"><b><span style= |
| 2471 | 'font-size:10.0pt; color:white'>null.c</span></b></span></p></td> |
| 2472 | <td valign="top" style= |
| 2473 | 'width:220.5pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 2474 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 2475 | <b><span style='color:white'>Running |
| 2476 | Splint</span></b></p></td></tr> |
| 2477 | <tr> |
| 2478 | <td valign="top" style= |
| 2479 | 'width:207.0pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'> |
| 2480 | <p class="Verbatim"><span style='font-size:9.0pt'> </span></p> |
| 2481 | <p class="Verbatim"><span style='font-size:9.0pt'>char firstChar1 |
| 2482 | (/*@null@*/ char *s)</span></p> |
| 2483 | <p class="Verbatim"><span style='font-size:9.0pt'>{<br></span> |
| 2484 | <span class="Line"><span style= |
| 2485 | 'font-size:8.0pt'>3</span></span><span style= |
| 2486 | 'font-size:9.0pt'> return *s;</span></p> |
| 2487 | <p class="Verbatim"><span style='font-size:9.0pt'>}</span></p> |
| 2488 | <p class="Verbatim"><span style='font-size:9.0pt'> </span></p> |
| 2489 | <p class="Verbatim"><span style='font-size:9.0pt'>char firstChar2 |
| 2490 | (/*@null@*/ char *s)</span></p> |
| 2491 | <p class="Verbatim"><span style='font-size:9.0pt'>{</span></p> |
| 2492 | <p class="Verbatim"><span style='font-size:9.0pt'> if |
| 2493 | (s == NULL) return ‘\0’;<br></span> <span class= |
| 2494 | "Line"><span style= |
| 2495 | 'font-size:8.0pt'>9</span></span><span style='font-size:9.0pt'> |
| 2496 | return *s;</span></p> |
| 2497 | <p class="Verbatim"><span style='font-size:9.0pt'>}</span></p></td> |
| 2498 | <td valign="top" style= |
| 2499 | 'width:220.5pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 2500 | <p class="lclintrun">> splint null.c</p> |
| 2501 | <p class="lclintrun">Splint 3.0.1</p> |
| 2502 | <p class="lclintrun"> </p> |
| 2503 | <p class="lclintrun">null.c: (in function firstChar1)</p> |
| 2504 | <p class="lclintrun">null.c:3:11: Dereference of possibly null |
| 2505 | pointer s: *s</p> |
| 2506 | <p class="lclintrun"> null.c:1:35: Storage s may become |
| 2507 | null</p> |
| 2508 | <p class="lclintrun"> </p> |
| 2509 | <p class="lclintrun">Finished checking --- 1 code warning found</p> |
| 2510 | <p class="TextFontCX"> </p></td></tr></table> |
| 2511 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 2512 | style="border-collapse: collapse" bordercolor="#111111"> |
| 2513 | <tr> |
| 2514 | <td valign="top" align="left" style= |
| 2515 | 'padding-top:6.5pt;padding-right: 9.35pt;padding-bottom:6.5pt;padding-left:9.35pt'> |
| 2516 | <p class="MsoCaption"><a name="_Ref534981289"></a><a name= |
| 2517 | "_Toc534824606"></a><a name="_Ref534981293">Figure 2</a>. |
| 2518 | Null Checking</p> |
| 2519 | <p class="MsoNormal" align="left" style= |
| 2520 | 'margin-top:0in;margin-right:26.55pt; margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;text-align:left; background:white'> |
| 2521 | <span style='font-size:10.0pt'>Output from running Splint is |
| 2522 | displayed in</span> <span style= |
| 2523 | 'font-size:10.0pt;font-family:"Arial Narrow"'>sans-serif</span> |
| 2524 | <span style='font-size:10.0pt'>font. The command line is |
| 2525 | preceded by</span> <span style= |
| 2526 | 'font-size:10.0pt;font-family:Arial'>></span><span style= |
| 2527 | 'font-size: 10.0pt'>, the rest is output from Splint. |
| 2528 | Explanations added to the code or splint output are shown in |
| 2529 | <i>italics</i>. Code shown in the figures in this document is |
| 2530 | available from the splint web site,</span> <span style= |
| 2531 | 'font-size:10.0pt;font-family:Arial'>http://www.splint.org</span><span style='font-size:10.0pt'> |
| 2532 | . No error is reported for line 9, since the dereference is |
| 2533 | reached only if</span> <span class="CodeText"><span style= |
| 2534 | 'font-size:10.0pt'>s</span></span> <span style= |
| 2535 | 'font-size:10.0pt'>is non-null. For most of the figures, the |
| 2536 | options</span> <span class="Flag"><span style= |
| 2537 | 'font-size:9.0pt'>-linelen 55 -hints –showcol</span></span> |
| 2538 | <span style='font-size:10.0pt'>were used to produce condensed |
| 2539 | output, and</span> <span class="Flag"><span style= |
| 2540 | 'font-size:9.0pt'>–exportlocal</span></span> |
| 2541 | <span style='font-size:10.0pt'>to inhibit warnings about |
| 2542 | exported |
| 2543 | declarations. </span></p></td></tr></table></center> |
| 2544 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 2545 | "_Toc534974939"></a><a name="_Ref344185475">2.1.1<span style= |
| 2546 | 'font:7.0pt "Times New Roman"'> </span> |
| 2547 | Predicate Functions</a></h3> |
| 2548 | <p class="TextFontCX">Another way to protect null dereference, is |
| 2549 | to declare a function using <span class="Annot"><span style= |
| 2550 | 'font-size:10.0pt'>nullwhentrue</span></span> or <span class= |
| 2551 | "Annot"><span style= |
| 2552 | 'font-size:10.0pt'>falsewhennull</span></span>(these annotations |
| 2553 | where originally <span class="Annot"><span style= |
| 2554 | 'font-size:10.0pt'>falsenull</span></span> and <span class= |
| 2555 | "Annot"><span style='font-size:10.0pt'>truenull</span></span>, but |
| 2556 | were renamed to clarify the logical asymmetry; <span class= |
| 2557 | "Annot"><span style='font-size:10.0pt'>falsenull</span></span> and |
| 2558 | <span class="Annot"><span style= |
| 2559 | 'font-size:10.0pt'>truenull</span></span> may still be used) and |
| 2560 | call the function in a conditional statement before the |
| 2561 | <span class="Annot"><span style= |
| 2562 | 'font-size:10.0pt'>null</span></span>-annotated pointer is |
| 2563 | dereferenced. </p> |
| 2564 | <p class="TextFontCX"> </p> |
| 2565 | <p class="TextFontCX">If a function annotated with |
| 2566 | <span class="Annot"><span style= |
| 2567 | 'font-size:10.0pt'>nullwhentrue</span></span> returns true it |
| 2568 | means its first passed parameter is <span class= |
| 2569 | "CodeText"><span style='font-size:10.0pt'>NULL</span></span>. |
| 2570 | If it returns false, the parameter is not <span class= |
| 2571 | "CodeText"><span style= |
| 2572 | 'font-size:10.0pt'>NULL</span></span>. Note that it may |
| 2573 | return true for a parameter that is not <span class= |
| 2574 | "CodeText"><span style= |
| 2575 | 'font-size:10.0pt'>NULL</span></span>. A more |
| 2576 | descriptive name for <span class="Annot"><span style= |
| 2577 | 'font-size:10.0pt'>nullwhentrue</span></span> would be |
| 2578 | “if the result is false, the parameter was not |
| 2579 | null”. For example, if <span class= |
| 2580 | "CodeText"><span style= |
| 2581 | 'font-size:10.0pt'>isNull</span></span> is declared as,</p> |
| 2582 | <p class="example"> /*@nullwhentrue@*/ bool isNull |
| 2583 | (/*@null@*/ char *x);</p> |
| 2584 | <p class="beforelist">we could write <span class= |
| 2585 | "CodeText"><span style= |
| 2586 | 'font-size: 10.0pt'>firstChar2</span></span>:</p> |
| 2587 | <p class="Verbatim"> char firstChar2 (/*@null@*/ char |
| 2588 | *s)</p> |
| 2589 | <p class="Verbatim"> {</p> |
| 2590 | <p class="Verbatim" style='margin-left:.5in'>if (isNull (s)) return |
| 2591 | '\0';<br> |
| 2592 | return *s;</p> |
| 2593 | <p class="Verbatim"> }</p> |
| 2594 | <p class="afterlist">No error is reported since the dereference of |
| 2595 | <span class="CodeText"><span style= |
| 2596 | 'font-size:10.0pt'>s</span></span> is only reached if |
| 2597 | <span class="CodeText"><span style= |
| 2598 | 'font-size:10.0pt'>isNull(s)</span></span> is false, and |
| 2599 | since <span class="CodeText"><span style= |
| 2600 | 'font-size:10.0pt'>isNull</span></span> is declared with the |
| 2601 | <span class="Annot"><span style= |
| 2602 | 'font-size:10.0pt'>nullwhentrue</span></span> annotation this |
| 2603 | means <span class="CodeText"><span style= |
| 2604 | 'font-size:10.0pt'>s</span></span> must not be null.</p> |
| 2605 | <p class="TextFontCX"> </p> |
| 2606 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 2607 | 'font-size:10.0pt'>falsewhennull</span></span> annotation is not |
| 2608 | quite the logical opposite of <span class= |
| 2609 | "Annot"><span style='font-size:10.0pt'>nullwhentrue</span></span>. |
| 2610 | If a function declared with <span class="Annot"><span style= |
| 2611 | 'font-size:10.0pt'>falsewhennull</span></span> returns true, |
| 2612 | it means its parameter is definitely not <span class= |
| 2613 | "CodeText"><span style= |
| 2614 | 'font-size:10.0pt'>NULL</span></span>. If it returns |
| 2615 | false, the parameter may or may not be <span class= |
| 2616 | "CodeText"><span style= |
| 2617 | 'font-size:10.0pt'>NULL</span></span>. That is a |
| 2618 | <span class="Annot"><span style= |
| 2619 | 'font-size:10.0pt'>falsewhennull</span></span> always returns |
| 2620 | false when passed a <span class="CodeText"><span style= |
| 2621 | 'font-size: 10.0pt'>NULL</span></span> parameter; it may |
| 2622 | sometimes return false when passed a non-<span class= |
| 2623 | "CodeText"><span style='font-size:10.0pt'>NULL</span></span> |
| 2624 | parameter.</p> |
| 2625 | <p class="TextFontCX"> </p> |
| 2626 | <p class="beforelist">For example, we could define |
| 2627 | <span class="CodeText"><span style= |
| 2628 | 'font-size:10.0pt'>isNonEmpty</span></span> to return true if |
| 2629 | its parameter is not <span class="CodeText"><span style= |
| 2630 | 'font-size:10.0pt'>NULL</span></span> and has least one |
| 2631 | character before the <span class="CodeText"><span style= |
| 2632 | 'font-size:10.0pt'>NUL</span></span> terminator:</p> |
| 2633 | <p class="Verbatim"> /*@falsewhennull@*/ bool |
| 2634 | isNonEmpty (/*@null@*/ char *x)</p> |
| 2635 | <p class="Verbatim"> {</p> |
| 2636 | <p class="Verbatim"> return (x != NULL |
| 2637 | && *x != ‘\0’);</p> |
| 2638 | <p class="Verbatim"> }</p> |
| 2639 | <p class="afterlist">Splint does not check that the implementation |
| 2640 | of a function declared with <span class="Annot"><span style= |
| 2641 | 'font-size:10.0pt'>nullwhentrue</span></span> or <span class= |
| 2642 | "Annot"><span style='font-size:10.0pt'>falsewhennull</span></span> |
| 2643 | is consistent with its annotation, but assumes the annotation is |
| 2644 | correct when code that calls the function is checked.</p> |
| 2645 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 2646 | "_Toc534974940">2.1.2<span style= |
| 2647 | 'font:7.0pt "Times New Roman"'> </span> |
| 2648 | Notnull Annotations</a></h3> |
| 2649 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 2650 | 'font-size:10.0pt'>notnull</span></span> annotation specifies that |
| 2651 | a declarator is definitely not <span class= |
| 2652 | "CodeText"><span style='font-size:10.0pt'>NULL</span></span>. |
| 2653 | By default, this is assumed, but it may be necessary to use |
| 2654 | <span class="Annot"><span style= |
| 2655 | 'font-size:10.0pt'>notnull</span></span> to override a |
| 2656 | <span class="Annot"><span style= |
| 2657 | 'font-size:10.0pt'>null</span></span> in a type |
| 2658 | definition. The <span class="Annot"><span style= |
| 2659 | 'font-size:10.0pt'>null</span></span> annotation may be used |
| 2660 | in a type definition to indicate that all instances of the |
| 2661 | type may be <span class="CodeText"><span style= |
| 2662 | 'font-size:10.0pt'>NULL</span></span>. For declarations |
| 2663 | of a type declared using <span class="Annot"><span style= |
| 2664 | 'font-size:10.0pt'>null</span></span>, the <span class= |
| 2665 | "Annot"><span style='font-size:10.0pt'>null</span></span> |
| 2666 | annotation in the type definition may be overridden with |
| 2667 | <span class="Annot"><span style= |
| 2668 | 'font-size:10.0pt'>notnull</span></span>. This is |
| 2669 | particularly useful for parameters to hidden <span class= |
| 2670 | "CodeText"><span style= |
| 2671 | 'font-size:10.0pt'>static</span></span> operations of |
| 2672 | abstract types (see Section 4.3) where the null test has |
| 2673 | already been done before the function is called, or function |
| 2674 | results known to never be <span class="CodeText"><span style= |
| 2675 | 'font-size:10.0pt'>NULL</span></span>. For an abstract |
| 2676 | type, <span class="Flag"><span style= |
| 2677 | 'font-size:10.0pt'>notnull</span></span> may not be used for |
| 2678 | parameters to external functions, since clients should not be |
| 2679 | aware of when the concrete representation may by <span class= |
| 2680 | "CodeText"><span style= |
| 2681 | 'font-size:10.0pt'>NULL</span></span>. Parameters to |
| 2682 | static functions in the implementation module, however, may |
| 2683 | be declared using <span class="Annot"><span style= |
| 2684 | 'font-size:10.0pt'>notnull</span></span>, since they may only |
| 2685 | be called from places where the representation is |
| 2686 | accessible. Return values for <span class= |
| 2687 | "CodeText"><span style= |
| 2688 | 'font-size:10.0pt'>static</span></span> or external functions |
| 2689 | may be declared using <span class="Annot"><span style= |
| 2690 | 'font-size:10.0pt'>notnull</span></span>. </p> |
| 2691 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 2692 | "_Toc534974941"></a><a name="_Ref347853058">2.1.3<span style= |
| 2693 | 'font:7.0pt "Times New Roman"'> </span> |
| 2694 | Relaxing Null Checking</a></h3> |
| 2695 | <p class="TextFontCX">An additional annotation, <span class= |
| 2696 | "Annot"><span style='font-size:10.0pt'>relnull</span></span> may be |
| 2697 | used to relax null checking. No error is reported when a |
| 2698 | <span class="Annot"><span style= |
| 2699 | 'font-size:10.0pt'>relnull</span></span> value is dereferenced, or |
| 2700 | when a possibly null value is assigned to an identifier declared |
| 2701 | using <span class="Annot"><span style= |
| 2702 | 'font-size:10.0pt'>relnull</span></span>.</p> |
| 2703 | <p class="TextFontCX"> </p> |
| 2704 | <p class="TextFontCX">This is generally used for structure fields |
| 2705 | that may or may not be null depending on some other |
| 2706 | constraint. Splint does not report and error when |
| 2707 | <span class="CodeText"><span style= |
| 2708 | 'font-size:10.0pt'>NULL</span></span> is assigned to a |
| 2709 | <span class="Annot"><span style= |
| 2710 | 'font-size:10.0pt'>relnull</span></span> reference, or when a |
| 2711 | <span class="Annot"><span style= |
| 2712 | 'font-size:10.0pt'>relnull</span></span> reference is |
| 2713 | dereferenced. It is up to the programmer to ensure that |
| 2714 | this constraint is satisfied before the pointer is |
| 2715 | dereferenced.</p> |
| 2716 | <h1 style='margin-left:0in;text-indent:0in'><a name= |
| 2717 | "_Ref348845237"></a><a name="_Ref347254431"></a><a name= |
| 2718 | "_Ref347169350"></a><a name="_Ref344916590"></a><a name= |
| 2719 | "_Ref344907893"></a><a name="_Toc344355407"></a><a name= |
| 2720 | "_Toc534974942"></a><a name="_Ref534641444"></a><a name= |
| 2721 | "_Ref534093775"></a><a name="_Ref534093769"></a><a name= |
| 2722 | "_Ref534049950">3<span style= |
| 2723 | 'font:7.0pt "Times New Roman"'> </span> |
| 2724 | <a id="undefined" name="undefined">Undefined Values</a></a></h1> |
| 2725 | <p class="TextFontCX">Like many static checkers, Splint detects |
| 2726 | instances where the value of a location is used before it is |
| 2727 | defined. This analysis is done at the procedural level. |
| 2728 | If there is a path through the procedure that uses a local variable |
| 2729 | before it is defined, a use before definition error is |
| 2730 | reported. The <span class="Flag"><span style= |
| 2731 | 'font-size:10.0pt'>usedef</span></span> flag controls use before |
| 2732 | definition checking.</p> |
| 2733 | <p class="TextFontCX"> </p> |
| 2734 | <p class="TextFontCX">Splint can do more checking than standard |
| 2735 | checkers though, because the annotations can be used to describe |
| 2736 | what storage must be defined and what storage may be undefined at |
| 2737 | interface points. Unannotated references are expected to be |
| 2738 | completely defined at interface points. This means all |
| 2739 | storage reachable from a global variable, parameter to a function, |
| 2740 | or function return value is defined before and after a function |
| 2741 | call.</p> |
| 2742 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 2743 | "_Toc534974943"></a><a name="_Ref347811030"></a><a name= |
| 2744 | "_Ref347204458">3.1.1<span style= |
| 2745 | 'font:7.0pt "Times New Roman"'> </span> |
| 2746 | Undefined Parameters</a></h3> |
| 2747 | <p class="TextFontCX">Sometimes, function parameters or return |
| 2748 | values are expected to reference undefined or partially defined |
| 2749 | storage. For example, a pointer parameter may be intended |
| 2750 | only as an address to store a result, or a memory allocator may |
| 2751 | return allocated but undefined storage. The |
| 2752 | <span class="Annot"><span style= |
| 2753 | 'font-size:10.0pt'>out</span></span> annotation denotes |
| 2754 | a pointer to storage that may be undefined.</p> |
| 2755 | <p class="TextFontCX"> </p> |
| 2756 | <p class="TextFontCX">Splint does not report an error when a |
| 2757 | pointer to allocated but undefined storage is passed as an |
| 2758 | <span class="Annot"><span style= |
| 2759 | 'font-size:10.0pt'>out</span></span> parameter. Within the |
| 2760 | body of a function, Splint will assume an <span class= |
| 2761 | "Annot"><span style='font-size:10.0pt'>out</span></span> parameter |
| 2762 | is allocated but not necessarily bound to a value, so an error is |
| 2763 | reported if its value is used before it is defined. </p> |
| 2764 | <p class="TextFontCX"> </p> |
| 2765 | <p class="TextFontCX">Splint reports an error if storage reachable |
| 2766 | by the caller after the call is not defined when the function |
| 2767 | returns. This can be suppressed by <span class= |
| 2768 | "Flag"><span style= |
| 2769 | 'font-size: 10.0pt'>-must-define</span></span>. After a call |
| 2770 | returns, an actual parameter corresponding to an <span class= |
| 2771 | "Annot"><span style='font-size:10.0pt'>out</span></span> parameter |
| 2772 | is assumed to be completely defined.</p> |
| 2773 | <p class="TextFontCX"> </p> |
| 2774 | <p class="TextFontCX">When checking unannotated programs, many |
| 2775 | spurious use before definition errors may be reported |
| 2776 | If <span class="Flag"><span style= |
| 2777 | 'font-size:10.0pt'>impouts</span></span> is on, no error is |
| 2778 | reported when an incompletely-defined parameter is passed to a |
| 2779 | formal parameter with no definition annotation, and the actual |
| 2780 | parameter is assumed to be defined after the call. The |
| 2781 | <span class="Annot"><span style= |
| 2782 | 'font-size:10.0pt'>/*@in@*/</span></span> annotation can be |
| 2783 | used to denote a parameter that must be completely defined, even if |
| 2784 | <span class="Flag"><span style= |
| 2785 | 'font-size:10.0pt'>imp-outs</span></span> is on. If |
| 2786 | <span class="Flag"><span style= |
| 2787 | 'font-size:10.0pt'>imp-outs</span></span> is off, there is an |
| 2788 | implicit <span class="Annot"><span style= |
| 2789 | 'font-size:10.0pt'>in</span></span> annotation on every parameter |
| 2790 | with no definition annotation.</p> |
| 2791 | <p class="TextFontCX"> </p> |
| 2792 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 2793 | cellpadding="0" style='margin-left:.9pt;border-collapse:collapse'> |
| 2794 | <tr> |
| 2795 | <td width="40%" valign="top" style= |
| 2796 | 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 2797 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 2798 | <span class="Keyword"><b><span style= |
| 2799 | 'font-size:10.0pt; color:white'>usedef.c</span></b></span></p></td> |
| 2800 | <td valign="top" style= |
| 2801 | 'border-top:1.5pt solid black; border-left:medium none;border-bottom:medium none;border-right:1.5pt solid black; background:black;padding-left:5.4pt; padding-right:5.4pt; padding-top:0in; padding-bottom:0in'> |
| 2802 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 2803 | <b><span style='color:white'>Running |
| 2804 | Splint</span></b></p></td></tr> |
| 2805 | <tr> |
| 2806 | <td valign="top" style= |
| 2807 | 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'> |
| 2808 | <p class="MsoNormal"><span class="Keyword"><span style= |
| 2809 | 'font-size:10.0pt; color:windowtext'>extern void</span></span></p> |
| 2810 | <p class="MsoNormal"><span class="Keyword"><span style= |
| 2811 | 'font-size:10.0pt; color:windowtext'> setVal (/*@out@*/ int |
| 2812 | *x);</span></span></p> |
| 2813 | <p class="MsoNormal"><span class="Keyword"><span style= |
| 2814 | 'font-size:10.0pt; color:windowtext'>extern int</span></span></p> |
| 2815 | <p class="MsoNormal"><span class="Keyword"><span style= |
| 2816 | 'font-size:10.0pt; color:windowtext'> getVal (/*@in@*/ int |
| 2817 | *x);</span></span></p> |
| 2818 | <p class="MsoNormal"><span class="Keyword"><span style= |
| 2819 | 'font-size:10.0pt; color:windowtext'>extern int |
| 2820 | mysteryVal</span></span></p> |
| 2821 | <p class="MsoNormal"><span class="Keyword"><span style= |
| 2822 | 'font-size:10.0pt; color:windowtext'> (int |
| 2823 | *x);</span></span></p> |
| 2824 | <p class="MsoNormal"><span class="Keyword"><span style= |
| 2825 | 'font-size:10.0pt; color:windowtext'> </span></span></p> |
| 2826 | <p class="MsoNormal" align="left" style='text-align:left'> |
| 2827 | <span class="Keyword"><span style= |
| 2828 | 'font-size:10.0pt;color:windowtext'>int dumbfunc</span></span></p> |
| 2829 | <p class="MsoNormal" align="left" style='text-align:left'> |
| 2830 | <span class="Keyword"><span style= |
| 2831 | 'font-size:10.0pt;color:windowtext'> (/*@out@*/ int *x, |
| 2832 | int i)</span></span></p> |
| 2833 | <p class="MsoNormal"><span class="Keyword"><span style= |
| 2834 | 'font-size:10.0pt; color:windowtext'>{</span></span></p> |
| 2835 | <p class="MsoNormal"><span class="Keyword"><span style= |
| 2836 | 'font-size:10.0pt; color:windowtext'> if (i > |
| 2837 | 3)</span></span></p> |
| 2838 | <p class="MsoNormal"><span class="Line"><span style= |
| 2839 | 'font-size:8.0pt'>11</span></span><span class= |
| 2840 | "Keyword"><span style='font-size:10.0pt;color:windowtext'> |
| 2841 | return *x;</span></span></p> |
| 2842 | <p class="MsoNormal"><span class="Keyword"><span style= |
| 2843 | 'font-size:10.0pt; color:windowtext'> else if (i > |
| 2844 | 1)</span></span></p> |
| 2845 | <p class="MsoNormal"><span class="Line"><span style= |
| 2846 | 'font-size:8.0pt'>13</span></span><span class= |
| 2847 | "Keyword"><span style='font-size:10.0pt;color:windowtext'> |
| 2848 | return getVal (x);</span></span></p> |
| 2849 | <p class="MsoNormal"><span class="Keyword"><span style= |
| 2850 | 'font-size:10.0pt; color:windowtext'> else if (i == |
| 2851 | 0)</span></span></p> |
| 2852 | <p class="MsoNormal"><span class="Line"><span style= |
| 2853 | 'font-size:8.0pt'>15</span></span><span class= |
| 2854 | "Keyword"><span style='font-size:10.0pt;color:windowtext'> |
| 2855 | return mysteryVal (x);</span></span></p> |
| 2856 | <p class="MsoNormal"><span class="Keyword"><span style= |
| 2857 | 'font-size:10.0pt; color:windowtext'> else</span></span></p> |
| 2858 | <p class="MsoNormal"><span class="Keyword"><span style= |
| 2859 | 'font-size:10.0pt; color:windowtext'> |
| 2860 | {</span></span></p> |
| 2861 | <p class="MsoNormal"><span class="Line"><span style= |
| 2862 | 'font-size:8.0pt'>18</span></span><span class= |
| 2863 | "Keyword"><span style='font-size:10.0pt;color:windowtext'> |
| 2864 | setVal (x);</span></span></p> |
| 2865 | <p class="MsoNormal"><span class="Line"><span style= |
| 2866 | 'font-size:8.0pt'>19</span></span><span class= |
| 2867 | "Keyword"><span style='font-size:10.0pt;color:windowtext'> |
| 2868 | return *x;</span></span></p> |
| 2869 | <p class="MsoNormal"><span class="Keyword"><span style= |
| 2870 | 'font-size:10.0pt; color:windowtext'> |
| 2871 | }</span></span></p> |
| 2872 | <p class="Verbatim"><span class="Keyword"><span style= |
| 2873 | 'color:windowtext'>}</span></span></p></td> |
| 2874 | <td valign="top" style= |
| 2875 | 'border-top:medium none;border-left:medium none; border-bottom:1.5pt solid black;border-right:1.5pt solid black;padding-left:5.4pt; padding-right:5.4pt; padding-top:0in; padding-bottom:0in'> |
| 2876 | <p class="lclintrun">> splint usedef.c</p> |
| 2877 | <p class="lclintrun">usedef.c:11: Value *x used before |
| 2878 | definition</p> |
| 2879 | <p class="lclintrun">usedef.c:13: Passed storage x not completely |
| 2880 | defined</p> |
| 2881 | <p class="lclintrun"> |
| 2882 | |
| 2883 | (*x is undefined): getVal (x)</p> |
| 2884 | <p class="lclintrun">usedef.c:15: Passed storage x not completely |
| 2885 | defined</p> |
| 2886 | <p class="lclintrun"> |
| 2887 | |
| 2888 | (*x is undefined): mysteryVal (x)</p> |
| 2889 | <p class="lclintrun"> </p> |
| 2890 | <p class="lclintrun">Finished checking --- 3 code warnings</p> |
| 2891 | <p class="TextFontCX"><i> </i></p> |
| 2892 | <p class="IndentText" style= |
| 2893 | 'margin-top:0in;margin-right:.85pt;margin-bottom: 0in;margin-left:0in;margin-bottom:.0001pt;page-break-after:avoid'> |
| 2894 | <i>No error is reported for line 18, since the incompletely defined |
| 2895 | storage</i> <span class="CodeText"><span style= |
| 2896 | 'font-size:10.0pt'>x</span></span> <i>is passed as an</i> |
| 2897 | <span class="CodeText"><span style= |
| 2898 | 'font-size:10.0pt'>out</span></span> <i>parameter. After the |
| 2899 | call,</i> <span class="CodeText"><span style= |
| 2900 | 'font-size: 10.0pt'>x</span></span> <i>may be dereferenced, |
| 2901 | since</i> <span class="Annot"><span style= |
| 2902 | 'font-size:10.0pt'>setVal</span></span> <i>is assumed to completely |
| 2903 | define its</i> <span class="Annot"><span style= |
| 2904 | 'font-size:10.0pt'>out</span></span> <i>parameter. The |
| 2905 | warning for line 15 would not appear if</i> <span class= |
| 2906 | "Flag"><span style='font-size:10.0pt'>+impouts</span></span> |
| 2907 | <i>were used since there is no</i> <span class= |
| 2908 | "Annot"><span style='font-size:10.0pt'>in</span></span> |
| 2909 | <i>annotation on the parameter to</i> <span class= |
| 2910 | "Flag"><span style= |
| 2911 | 'font-size: 10.0pt'>mysteryVal</span></span><i>.</i></p></td></tr></table> |
| 2912 | <div> |
| 2913 | <div align="center"> |
| 2914 | <center> |
| 2915 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 2916 | style="border-collapse: collapse" bordercolor="#111111"> |
| 2917 | <tr> |
| 2918 | <td valign="top" align="left" style= |
| 2919 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 2920 | <p class="MsoCaption"><a name="_Ref347764461"></a><a name= |
| 2921 | "_Ref347853047"></a><a name="_Toc534824607">Figure 3. Use |
| 2922 | before Definition</a></p></td></tr></table></center></div></div> |
| 2923 | <br clear="all"> |
| 2924 | |
| 2925 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 2926 | "_Toc534974944">3.1.2<span style= |
| 2927 | 'font:7.0pt "Times New Roman"'> </span> |
| 2928 | Relaxing Checking</a></h3> |
| 2929 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 2930 | 'font-size:10.0pt'>reldef</span></span> annotation relaxes |
| 2931 | definition checking for a particular declaration. Storage |
| 2932 | declared with a <span class="Annot"><span style= |
| 2933 | 'font-size:10.0pt'>reldef</span></span> annotation is assumed to be |
| 2934 | defined when it is used, but no error is reported if it is not |
| 2935 | defined before it is returned or passed as a parameter.</p> |
| 2936 | <p class="TextFontCX"> </p> |
| 2937 | <p class="TextFontCX">It is up to the programmer to check |
| 2938 | <span class="Annot"><span style= |
| 2939 | 'font-size:10.0pt'>reldef</span></span> fields are used |
| 2940 | correctly. They should be avoided in most cases, but |
| 2941 | may be useful for fields of structures that may or may not be |
| 2942 | defined depending on other constraints. </p> |
| 2943 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 2944 | "_Toc534974945"></a><a name="_Ref347853043">3.1.3<span style= |
| 2945 | 'font:7.0pt "Times New Roman"'> </span> |
| 2946 | Partially Defined Structures</a></h3> |
| 2947 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 2948 | 'font-size:10.0pt'>partial</span></span> annotation can be used to |
| 2949 | relax checking of structure fields. A structure with |
| 2950 | undefined fields may be passed as a <span class= |
| 2951 | "Annot"><span style='font-size: 10.0pt'>partial</span></span> |
| 2952 | parameter or returned as a <span class="Annot"><span style= |
| 2953 | 'font-size:10.0pt'>partial</span></span> result. Inside |
| 2954 | a function body, no error is reported when the field of a |
| 2955 | <span class="Annot"><span style= |
| 2956 | 'font-size:10.0pt'>partial</span></span> structure is |
| 2957 | used. After a call, all fields of a structure that is |
| 2958 | passed as a <span class="Annot"><span style= |
| 2959 | 'font-size:10.0pt'>partial</span></span> parameter are |
| 2960 | assumed to be completely defined.</p> |
| 2961 | <h1 style='margin-left:0in;text-indent:0in'><a name= |
| 2962 | "_Ref534977413"></a><a name="_Toc534974946">4<span style= |
| 2963 | 'font:7.0pt "Times New Roman"'> </span> |
| 2964 | <a id="types" name="types"> |
| 2965 | Types</a></a></h1> |
| 2966 | <p class="TextFontCX">Strong type checking often reveals |
| 2967 | programming errors. Splint can check primitive C types more |
| 2968 | strictly and flexibly than typical compilers (4.1) and provides |
| 2969 | support a Boolean type (4.2). In addition, users can define |
| 2970 | abstract types that provide information hiding (0).</p> |
| 2971 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 2972 | "_Toc534974947"></a><a name="_Ref534642132"></a><a name= |
| 2973 | "_Ref533964147"></a><a name="_Toc344355401">4.1<span style= |
| 2974 | 'font:7.0pt "Times New Roman"'> </span> |
| 2975 | Built in C Types</a></h2> |
| 2976 | <p align="right"><span style='font-size:9.0pt'><i>Two types |
| 2977 | have</i> compatible <i>type if their types are the |
| 2978 | same.</i></span></p> |
| 2979 | <p class="TextFontCX" align="right" style='text-align:right'> |
| 2980 | <span style='font-size:9.0pt'><span style='font-size:9.0pt'>ANSI C, |
| 2981 | 3.1.2.6.</span></span></p> |
| 2982 | <p class="Sidebar"> </p> |
| 2983 | <br> |
| 2984 | <br> |
| 2985 | |
| 2986 | <p class="MsoListBullet" style='margin-left:0in;text-indent:0in'> |
| 2987 | Splint supports stricter checking of built in C types. The |
| 2988 | <span class="CodeText"><span style= |
| 2989 | 'font-size:10.0pt'>char</span></span> and <span class= |
| 2990 | "CodeText"><span style='font-size:10.0pt'>enum</span></span> types |
| 2991 | can be checked as distinct types, and the different numeric types |
| 2992 | can be type-checked strictly.</p> |
| 2993 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 2994 | "_Toc534974948">4.1.1<span style= |
| 2995 | 'font:7.0pt "Times New Roman"'> </span> |
| 2996 | Characters</a></h3> |
| 2997 | <p class="TextFontCX">The primitive <span class= |
| 2998 | "CodeText"><span style='font-size:10.0pt'>char</span></span> type |
| 2999 | can be type-checked as a distinct type. If <span class= |
| 3000 | "CodeText"><span style='font-size:10.0pt'>char</span></span> is |
| 3001 | used as a distinct type, common errors involving assigning |
| 3002 | <span class="CodeText"><span style= |
| 3003 | 'font-size:10.0pt'>int</span></span>s to <span class= |
| 3004 | "CodeText"><span style='font-size:10.0pt'>char</span></span>s are |
| 3005 | detected.</p> |
| 3006 | <p class="TextFontCX"> </p> |
| 3007 | <p class="TextFontCX">The <span class="Flag"><span style= |
| 3008 | 'font-size:10.0pt'>+charint</span></span> flag can be used for |
| 3009 | checking legacy programs where <span class= |
| 3010 | "CodeText"><span style='font-size:10.0pt'>char</span></span> |
| 3011 | and <span class="CodeText"><span style= |
| 3012 | 'font-size:10.0pt'>int</span></span> are used |
| 3013 | interchangeably. If <span class="Flag"><span style= |
| 3014 | 'font-size:10.0pt'>charint</span></span> is on, <span class= |
| 3015 | "CodeText"><span style='font-size:10.0pt'>char</span></span> |
| 3016 | types indistinguishable from <span class= |
| 3017 | "CodeText"><span style= |
| 3018 | 'font-size:10.0pt'>int</span></span>s. To keep |
| 3019 | <span class="CodeText"><span style= |
| 3020 | 'font-size:10.0pt'>char</span></span> and <span class= |
| 3021 | "Keyword"><span style='font-size:10.0pt'>int</span></span> as |
| 3022 | distinct types, but allow chars to be used to index arrays, |
| 3023 | use <span class="Flag"><span style= |
| 3024 | 'font-size:10.0pt'>+charindex</span></span>.</p> |
| 3025 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 3026 | "_Toc534974949">4.1.2<span style= |
| 3027 | 'font:7.0pt "Times New Roman"'> </span> |
| 3028 | Enumerators</a></h3> |
| 3029 | <p class="TextFontCX">Standard C treats user-declared |
| 3030 | <span class="CodeText"><span style= |
| 3031 | 'font-size:10.0pt'>enum</span></span> types just like |
| 3032 | integers. An arbitrary integral value may be assigned |
| 3033 | to an <span class="CodeText"><span style= |
| 3034 | 'font-size:10.0pt'>enum</span></span> type, whether or not it |
| 3035 | was listed as an enumerator member. Splint checks each |
| 3036 | user-defined <span class="CodeText"><span style= |
| 3037 | 'font-size:10.0pt'>enum</span></span> type as distinct |
| 3038 | type. An error is reported if a value that is not an |
| 3039 | enumerator member is assigned to the <span class= |
| 3040 | "CodeText"><span style='font-size:10.0pt'>enum</span></span> |
| 3041 | type, or if an <span class="CodeText"><span style= |
| 3042 | 'font-size:10.0pt'>enum</span></span> type is used as an |
| 3043 | operand to an arithmetic operator. If the <span class= |
| 3044 | "Flag"><span style='font-size:10.0pt'>enumint</span></span> |
| 3045 | flag is on, <span class="CodeText"><span style= |
| 3046 | 'font-size:10.0pt'>enum</span></span> and <span class= |
| 3047 | "CodeText"><span style='font-size:10.0pt'>int</span></span> |
| 3048 | types may be used interchangeably. Like <span class= |
| 3049 | "Flag"><span style= |
| 3050 | 'font-size:10.0pt'>charindex</span></span>, if the |
| 3051 | <span class="Flag"><span style= |
| 3052 | 'font-size:10.0pt'>enumindex</span></span> flag is on, |
| 3053 | <span class="CodeText"><span style= |
| 3054 | 'font-size:10.0pt'>enum</span></span> types may be used to |
| 3055 | index arrays.</p> |
| 3056 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 3057 | "_Toc534974950">4.1.3<span style= |
| 3058 | 'font:7.0pt "Times New Roman"'> </span> |
| 3059 | Numeric Types</a></h3> |
| 3060 | <p class="TextFontCX">Splint reports where numeric types are |
| 3061 | used in dangerous or inconsistent ways. With the strictest |
| 3062 | checking, Splint will report an error anytime numeric types do not |
| 3063 | match exactly. If the <span class="Flag"><span style= |
| 3064 | 'font-size:10.0pt'>relax-quals</span></span> flag is on, only those |
| 3065 | inconsistencies that may corrupt values are reported. For |
| 3066 | example, if an <span class="CodeText"><span style= |
| 3067 | 'font-size:10.0pt'>int</span></span> is assigned to a variable of |
| 3068 | type <span class="CodeText"><span style= |
| 3069 | 'font-size: 10.0pt'>long</span></span> (or passed as a |
| 3070 | <span class="CodeText"><span style= |
| 3071 | 'font-size:10.0pt'>long</span></span> formal parameter), |
| 3072 | Splint will not report an error if <span class= |
| 3073 | "Flag"><span style= |
| 3074 | 'font-size:10.0pt'>relax-quals</span></span> is on since a |
| 3075 | <span class="CodeText"><span style= |
| 3076 | 'font-size:10.0pt'>long</span></span> must have at least |
| 3077 | enough bits to store an <span class="CodeText"><span style= |
| 3078 | 'font-size:10.0pt'>int</span></span> without data loss. |
| 3079 | On the other hand, an error would be reported if the |
| 3080 | <span class="CodeText"><span style= |
| 3081 | 'font-size:10.0pt'>long</span></span> were assigned to an |
| 3082 | <span class="CodeText"><span style= |
| 3083 | 'font-size:10.0pt'>int</span></span>, since the <span class= |
| 3084 | "CodeText"><span style='font-size:10.0pt'>int</span></span> |
| 3085 | type may not have enough bits to store the <span class= |
| 3086 | "CodeText"><span style='font-size:10.0pt'>long</span></span> |
| 3087 | value.</p> |
| 3088 | <p class="TextFontCX"> </p> |
| 3089 | <p class="TextFontCX">Similarly, if a <span class= |
| 3090 | "CodeText"><span style='font-size:10.0pt'>signed</span></span> |
| 3091 | value is assigned to an <span class="CodeText"><span style= |
| 3092 | 'font-size:10.0pt'>unsigned</span></span>, Splint will report an |
| 3093 | error since an <span class="CodeText"><span style= |
| 3094 | 'font-size:10.0pt'>unsigned</span></span> type cannot represent all |
| 3095 | <span class="CodeText"><span style= |
| 3096 | 'font-size:10.0pt'>signed</span></span> values correctly. If |
| 3097 | the <span class="Flag"><span style= |
| 3098 | 'font-size:10.0pt'>+ignore-signs</span></span> flag is on, checking |
| 3099 | is relaxed to ignore all sign qualifiers in type comparisons (this |
| 3100 | is not recommended, since it will suppress reporting of real bugs, |
| 3101 | but may be necessary for quickly checking certain legacy |
| 3102 | code). </p> |
| 3103 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 3104 | "_Toc534974951">4.1.4<span style= |
| 3105 | 'font:7.0pt "Times New Roman"'> </span> |
| 3106 | Arbitrary Integral Types</a></h3> |
| 3107 | <p class="TextFontCX">Some types are declared to be integral types, |
| 3108 | but the concrete type may be implementation dependent. For |
| 3109 | example, the standard library declares the types <span class= |
| 3110 | "CodeText"><span style='font-size:10.0pt'>size_t</span></span>, |
| 3111 | <span class="CodeText"><span style= |
| 3112 | 'font-size:10.0pt'>ptr_diff</span></span> and <span class= |
| 3113 | "CodeText"><span style='font-size:10.0pt'>wchar_t</span></span>, |
| 3114 | but does not constrain their types other than limiting them to |
| 3115 | integral types. Programs may rely on them being integral |
| 3116 | types (e.g., can use <span class="CodeText"><span style= |
| 3117 | 'font-size:10.0pt'>+</span></span> operator on two |
| 3118 | <span class="CodeText"><span style= |
| 3119 | 'font-size:10.0pt'>size_t</span></span> operands), but should |
| 3120 | not rely on a particular representation (e.g., <span class= |
| 3121 | "CodeText"><span style='font-size: 10.0pt'>long |
| 3122 | unsigned</span></span>). </p> |
| 3123 | <p class="TextFontCX"> </p> |
| 3124 | <p class="TextFontCX">Splint supports three different kinds of |
| 3125 | arbitrary integral types:</p> |
| 3126 | <p class="TextFontCX"> </p> |
| 3127 | <p class="TextFontCX"><span class="Annot"><span style= |
| 3128 | 'font-size:10.0pt'>/*@integraltype@*/</span></span></p> |
| 3129 | <p class="TextFontCX"><span class="Annot"><font size= |
| 3130 | "2"> </font></span> An arbitrary integral |
| 3131 | type. The actual type may be any one of <span class= |
| 3132 | "CodeText"><span style='font-size:10.0pt'>short</span></span>, |
| 3133 | <span class="CodeText"><span style= |
| 3134 | 'font-size:10.0pt'>int</span></span>, <span class= |
| 3135 | "CodeText"><span style='font-size:10.0pt'>long</span></span>, |
| 3136 | <span class="CodeText"><span style='font-size:10.0pt'>unsigned |
| 3137 | short</span></span>, <span class="CodeText"><span style= |
| 3138 | 'font-size:10.0pt'>unsigned</span></span>, or <span class= |
| 3139 | "CodeText"><span style='font-size:10.0pt'>unsigned |
| 3140 | long</span></span>.</p> |
| 3141 | <p class="TextFontCX"><span class="Annot"><span style= |
| 3142 | 'font-size:10.0pt'>/*@unsignedintegraltype@*/</span></span></p> |
| 3143 | <p class="TextFontCX"><span class="Annot"><font size= |
| 3144 | "2"> </font></span> An arbitrary unsigned integral |
| 3145 | type. The actual type may be any one of <span class= |
| 3146 | "CodeText"><span style='font-size:10.0pt'>unsigned |
| 3147 | short</span></span>, <span class="CodeText"><span style= |
| 3148 | 'font-size:10.0pt'>unsigned</span></span>, or <span class= |
| 3149 | "CodeText"><span style='font-size:10.0pt'>unsigned |
| 3150 | long</span></span>.</p> |
| 3151 | <p class="TextFontCX"><span class="Annot"><span style= |
| 3152 | 'font-size:10.0pt'>/*@signedintegraltype@*/</span></span></p> |
| 3153 | <p class="TextFontCX"><span class="Annot"><font size= |
| 3154 | "2"> </font></span> An arbitrary signed integral |
| 3155 | type. The actual type may be any one of <span class= |
| 3156 | "CodeText"><span style='font-size:10.0pt'>short</span></span>, |
| 3157 | <span class="CodeText"><span style= |
| 3158 | 'font-size:10.0pt'>int</span></span>, or <span class= |
| 3159 | "CodeText"><span style='font-size:10.0pt'>long</span></span>.</p> |
| 3160 | <p class="TextFontCX"> </p> |
| 3161 | <p class="TextFontCX">Splint reports an error if the code depends |
| 3162 | on the actual representation of a type declared as an arbitrary |
| 3163 | integral. The <span class="Flag"><span style= |
| 3164 | 'font-size:10.0pt'>match-any-integral</span></span> flag |
| 3165 | relaxes checking and allows an arbitrary integral type is allowed |
| 3166 | to match any integral type.</p> |
| 3167 | <p class="TextFontCX"> </p> |
| 3168 | <p class="TextFontCX">Other flags set the arbitrary integral types |
| 3169 | to a concrete type. These should only be used if portability |
| 3170 | to platforms that may use different representations is not |
| 3171 | important. The <span class="Flag"><span style= |
| 3172 | 'font-size:10.0pt'>long-integral</span></span> and |
| 3173 | <span class="Flag"><span style= |
| 3174 | 'font-size:10.0pt'>long-unsigned-integral</span></span> flags |
| 3175 | set the type corresponding to <span class= |
| 3176 | "Annot"><span style='font-size: 10.0pt'>/*@integraltype@*/</span></span> to |
| 3177 | be <span class="CodeText"><span style= |
| 3178 | 'font-size:10.0pt'>unsigned long</span></span> and |
| 3179 | <span class="CodeText"><span style= |
| 3180 | 'font-size:10.0pt'>long</span></span> respectively. The |
| 3181 | <span class="Flag"><span style= |
| 3182 | 'font-size:10.0pt'>long-unsigned-unsigned-integral</span></span> flag |
| 3183 | sets the type corresponding to <span class= |
| 3184 | "Annot"><span style= |
| 3185 | 'font-size: 10.0pt'>/*@unsignedintegraltype@*/</span></span> |
| 3186 | to be <span class="CodeText"><span style= |
| 3187 | 'font-size:10.0pt'>unsigned long</span></span>. The |
| 3188 | <span class="Flag"><span style= |
| 3189 | 'font-size:10.0pt'>long-signed-integral</span></span> flag |
| 3190 | sets the type corresponding to <span class= |
| 3191 | "Annot"><span style= |
| 3192 | 'font-size:10.0pt'>/*@signedintegraltype@*/</span></span> to |
| 3193 | be <span class="CodeText"><span style= |
| 3194 | 'font-size:10.0pt'>long</span></span>.</p> |
| 3195 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 3196 | "_Toc534974952"></a><a name="_Ref534642133"></a><a name= |
| 3197 | "_Ref533964143"></a><a name="_Ref344892413"></a><a name= |
| 3198 | "_Toc344355400">4.2<span style= |
| 3199 | 'font:7.0pt "Times New Roman"'> </span> |
| 3200 | Boolean Types</a></h2> |
| 3201 | <p class="TextFontCX">Pre-ISO99 C had no Boolean representation |
| 3202 | – the result of a comparison operator was an integer, and no |
| 3203 | type checking is done for test expressions. C99 introduced a |
| 3204 | Boolean type (<span class="CodeText"><span style= |
| 3205 | 'font-size:10.0pt'>_Bool</span></span> and <span class= |
| 3206 | "CodeText"><span style='font-size:10.0pt'>bool</span></span>, |
| 3207 | <span class="CodeText"><span style= |
| 3208 | 'font-size:10.0pt'>true</span></span> and <span class= |
| 3209 | "CodeText"><span style='font-size:10.0pt'>false</span></span> |
| 3210 | macros in <span style= |
| 3211 | 'font-size:10.0pt;font-family:Arial'>stdbool.h</span>), but did not |
| 3212 | strengthen the type checking. Splint supports a Boolean type |
| 3213 | that can be checked distinctly from integral types. Many |
| 3214 | common errors can be detected by introducing a distinct Boolean |
| 3215 | type and stronger type checking.</p> |
| 3216 | <p class="TextFontCX"> </p> |
| 3217 | <p class="TextFontCX">Splint checks that the test expression in an |
| 3218 | <span class="CodeText"><span style= |
| 3219 | 'font-size:10.0pt'>if</span></span>, <span class= |
| 3220 | "CodeText"><span style='font-size:10.0pt'>while</span></span>, or |
| 3221 | <span class="CodeText"><span style= |
| 3222 | 'font-size:10.0pt'>for</span></span> statement or an operand of a |
| 3223 | <span class="CodeText"><span style= |
| 3224 | 'font-size:10.0pt'>&&</span></span>, <span class= |
| 3225 | "CodeText"><span style='font-size:10.0pt'>||</span></span> or |
| 3226 | <span class="CodeText"><span style= |
| 3227 | 'font-size:10.0pt'>!</span></span>operator is a Boolean. If |
| 3228 | the type of a test expression is not a Boolean, Splint will produce |
| 3229 | a warning depending on the type of the test expression and flag |
| 3230 | settings. If the test expression has pointer type, the |
| 3231 | warning is inhibited by <span class="Flag"><span style= |
| 3232 | 'font-size:10.0pt'>–predboolptr</span></span> (this can be |
| 3233 | used to prevent messages for the idiom of testing if a pointer is |
| 3234 | not null without a comparison). If it is type |
| 3235 | <span class="CodeText"><span style= |
| 3236 | 'font-size:10.0pt'>int</span></span>, the warnings is |
| 3237 | inhibited by <span class="Flag"><span style= |
| 3238 | 'font-size:10.0pt'>-pred-bool-int</span></span>. For |
| 3239 | all other types, Splint warns unless <span class= |
| 3240 | "Flag"><span style= |
| 3241 | 'font-size: 10.0pt'>-pred-bool-others</span></span> is |
| 3242 | set. Relations, comparisons and certain standard |
| 3243 | library functions are declared to return Booleans.</p> |
| 3244 | <p class="TextFontCX"> </p> |
| 3245 | <p class="TextFontCX">Since using <span class= |
| 3246 | "CodeText"><span style='font-size:10.0pt'>=</span></span> instead |
| 3247 | of <span class="CodeText"><span style= |
| 3248 | 'font-size:10.0pt'>==</span></span> is such a common bug, reporting |
| 3249 | of test expressions that are assignments is controlled by the |
| 3250 | separate <span class="Flag"><span style= |
| 3251 | 'font-size:10.0pt'>pred-assign</span></span> flag. The |
| 3252 | message can be suppressed by adding extra parentheses around the |
| 3253 | test expression.</p> |
| 3254 | <p class="TextFontCX"> </p> |
| 3255 | <p class="TextFontCX">Use the <span class="Flag"><span style= |
| 3256 | 'font-size:10.0pt'>–booltype |
| 3257 | <name></span></span> flag to select the type name is |
| 3258 | used to represent Boolean values. There is no default Boolean |
| 3259 | type, although <span class="CodeText"><span style= |
| 3260 | 'font-size: 10.0pt'>bool</span></span> is used by convention. |
| 3261 | The names <span class="CodeText"><span style= |
| 3262 | 'font-size:10.0pt'>TRUE</span></span> and <span class= |
| 3263 | "CodeText"><span style='font-size:10.0pt'>FALSE</span></span> are |
| 3264 | assumed to represent true and false Boolean values. To change |
| 3265 | the names of true and false, use <span class= |
| 3266 | "Flag"><span style='font-size:10.0pt'>-booltrue</span></span> |
| 3267 | and <span class="Flag"><span style= |
| 3268 | 'font-size:10.0pt'>-boolfalse</span></span>. (The |
| 3269 | Splint distribution includes an implementation of |
| 3270 | <span class="CodeText"><span style= |
| 3271 | 'font-size:10.0pt'>bool</span></span>, in <span class= |
| 3272 | "CodeText"><span style= |
| 3273 | 'font-size:10.0pt;color:windowtext'>lib/bool.h</span></span>. |
| 3274 | However, it isn’t necessary to use this implementation |
| 3275 | to get the benefits of Boolean checking.)</p> |
| 3276 | <p class="TextFontCX"> </p> |
| 3277 | <p class="TextFontCX">Figure 4 illustrates some of the Boolean |
| 3278 | checking done by Splint. </p> |
| 3279 | <p class="TextFontCX"> </p> |
| 3280 | <center> |
| 3281 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 3282 | cellpadding="0" style= |
| 3283 | 'margin-left:5.4pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'> |
| 3284 | <tr style='height:13.3pt'> |
| 3285 | <td valign="top" style= |
| 3286 | 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt;height:13.3pt'> |
| 3287 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 3288 | <span class="Keyword"><b><span style= |
| 3289 | 'font-size:10.0pt; color:white'>bool.c</span></b></span></p></td> |
| 3290 | <td valign="top" style= |
| 3291 | 'border-top:1.5pt solid black; border-left:medium none;border-bottom:medium none;border-right:1.5pt solid black; background:black;padding-left:5.4pt; padding-right:5.4pt; padding-top:0in; padding-bottom:0in'> |
| 3292 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 3293 | <b><span style='color:white'>Running |
| 3294 | Splint</span></b></p></td></tr> |
| 3295 | <tr> |
| 3296 | <td valign="top" style= |
| 3297 | 'width:2.0in;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt;height:156.15pt'> |
| 3298 | <p class="Verbatim"># include "bool.h"</p> |
| 3299 | <p class="Verbatim">int f (int i, char *s,</p> |
| 3300 | <p class="Verbatim"> bool b1, bool b2)</p> |
| 3301 | <p class="Verbatim">{</p> |
| 3302 | <p class="Verbatim"><span class="Line"><span style= |
| 3303 | 'font-size:8.0pt'> 6</span></span> if (i = 3)</p> |
| 3304 | <p class="Verbatim"><span class="Line"><span style= |
| 3305 | 'font-size:8.0pt'> 7</span></span> return |
| 3306 | b1;</p> |
| 3307 | <p class="Verbatim"><span class="Line"><span style= |
| 3308 | 'font-size:8.0pt'> 8</span></span> if (!i || s)</p> |
| 3309 | <p class="Verbatim"><span class="Line"><span style= |
| 3310 | 'font-size:8.0pt'> 9</span></span> return |
| 3311 | i;</p> |
| 3312 | <p class="Verbatim"><span class="Line"><span style= |
| 3313 | 'font-size:8.0pt'>10</span></span> if (s)</p> |
| 3314 | <p class="Verbatim"><span class="Line"><span style= |
| 3315 | 'font-size:8.0pt'>11</span></span> return 7;</p> |
| 3316 | <p class="Verbatim"><span class="Line"><span style= |
| 3317 | 'font-size:8.0pt'>12</span></span> if (b1 == b2)</p> |
| 3318 | <p class="Verbatim"><span class="Line"><span style= |
| 3319 | 'font-size:8.0pt'>13</span></span> return 3;</p> |
| 3320 | <p class="Verbatim"><span class="Line"><span style= |
| 3321 | 'font-size:8.0pt'>14</span></span> return 2;</p> |
| 3322 | <p class="Verbatim">}</p></td> |
| 3323 | <td valign="top" style= |
| 3324 | 'border-top:medium none;border-left: medium none;border-bottom:1.5pt solid black;border-right:1.5pt solid black; padding-left:5.4pt; padding-right:5.4pt; padding-top:0in; padding-bottom:0in'> |
| 3325 | <p class="lclintrun">> splint bool.c +predboolptr |
| 3326 | –booltype bool</p> |
| 3327 | <p class="lclintrun"> </p> |
| 3328 | <p class="lclintrun">bool.c:6: Test expression for if is assignment |
| 3329 | expression: i = 3</p> |
| 3330 | <p class="lclintrun">bool.c:6: Test expression for if not bool, |
| 3331 | type int: i = 3</p> |
| 3332 | <p class="lclintrun">bool.c:7: Return value type bool does not |
| 3333 | match declared type int: b1</p> |
| 3334 | <p class="lclintrun">bool.c:8: Operand of ! is non-boolean (int): |
| 3335 | !i</p> |
| 3336 | <p class="lclintrun">bool.c:8: Right operand of || is non-boolean |
| 3337 | (char *): !i || s</p> |
| 3338 | <p class="lclintrun">bool.c:10: Test expression for if not bool, |
| 3339 | type char *: s</p> |
| 3340 | <p class="lclintrun">bool.c:12: Use of == with bool variables |
| 3341 | (risks inconsistency because</p> |
| 3342 | <p class="lclintrun"> |
| 3343 | |
| 3344 | of multiple true values): b1 == b2</p> |
| 3345 | <p class="lclintrun"> </p> |
| 3346 | <p class="lclintrun" style='page-break-after:avoid'>Finished |
| 3347 | checking --- 7 code warnings found</p></td></tr></table> |
| 3348 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 3349 | <tr> |
| 3350 | <td valign="top" align="left" style= |
| 3351 | 'padding-top:.1in;padding-right: 9.35pt;padding-bottom:.1in;padding-left:9.35pt'> |
| 3352 | <p class="MsoCaption"><a name="_Ref533964137"></a><a name= |
| 3353 | "_Toc534824608"></a><a name="_Ref534821769">Figure 4</a>. |
| 3354 | Boolean Checking</p></td></tr></table></center> |
| 3355 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 3356 | "_Toc534974953"></a><a name="_Ref534970776">4.3<span style= |
| 3357 | 'font:7.0pt "Times New Roman"'> </span> |
| 3358 | Abstract Types</a></h2> |
| 3359 | <p class="TextFontCX">Information hiding is a technique for |
| 3360 | handling complexity. By hiding implementation details, |
| 3361 | programs can be understood and developed in distinct modules and |
| 3362 | the effects of a change can be localized. One technique for |
| 3363 | information hiding is data abstraction. An |
| 3364 | abstract type is used to represent some natural program |
| 3365 | abstraction. It provides functions for manipulating instances |
| 3366 | of the type. The module that implements these functions is |
| 3367 | called the <i>implementation</i> module. We call the |
| 3368 | functions that are part of the implementation of an abstract type |
| 3369 | the <i>operations</i> of the type. Other modules that use the |
| 3370 | abstract type are called <i>clients</i>.</p> |
| 3371 | <p class="TextFontCX"> </p> |
| 3372 | <p class="TextFontCX">Clients may use the type name and operations, |
| 3373 | but should not manipulate or rely on the actual representation of |
| 3374 | the type. Only the implementation module may manipulate the |
| 3375 | representation of an abstract type. This hides information, |
| 3376 | since implementers and maintainers of client modules should not |
| 3377 | need to know anything about how the abstract type is implemented. |
| 3378 | It provides modularity, since the representation of an abstract |
| 3379 | type can be changed without having to change any client code.</p> |
| 3380 | <p class="TextFontCX"> </p> |
| 3381 | <p class="TextFontCX">Splint supports abstract types by detecting |
| 3382 | places where client code depends on the concrete representation of |
| 3383 | an abstract type. Some examples of abstraction violations |
| 3384 | detected by Splint are shown in Figure 5.</p> |
| 3385 | <p class="beforelist"> </p> |
| 3386 | <p class="beforelist">To declare an abstract type, the |
| 3387 | <span class="Annot"><span style= |
| 3388 | 'font-size:10.0pt'>abstract</span></span> annotation is |
| 3389 | added to a <span class="CodeText"><span style= |
| 3390 | 'font-size:10.0pt'>typedef</span></span>. For example |
| 3391 | (in <span class="Keyword"><span style= |
| 3392 | 'font-size:10.0pt;font-family: Arial;color:windowtext'>mstring.h</span></span>),</p> |
| 3393 | <p class="example">typedef /*@abstract@*/ char *mstring;</p> |
| 3394 | <p class="TextFontCX">declares <span class= |
| 3395 | "CodeText"><span style='font-size:10.0pt'>mstring</span></span> |
| 3396 | as an abstract type. It is implemented using a |
| 3397 | <span class="CodeText"><span style='font-size:10.0pt'>char |
| 3398 | *</span></span>, but clients of the type should not depend on |
| 3399 | or need to be aware of this. If it later becomes |
| 3400 | apparent that a better representation such as a string table |
| 3401 | should be used, we should be able to change the |
| 3402 | implementation of <span class="CodeText"><span style= |
| 3403 | 'font-size: 10.0pt'>mstring</span></span> without having to |
| 3404 | change or inspect any client code.</p> |
| 3405 | <p class="TextFontCX"> </p> |
| 3406 | <p class="TextFontCX">In a client module, abstract types are |
| 3407 | checked by name, not structure. Splint reports an error if an |
| 3408 | instance of <span class="CodeText"><span style= |
| 3409 | 'font-size:10.0pt'>mstring</span></span> is passed as a |
| 3410 | <span class="CodeText"><span style='font-size:10.0pt'>char |
| 3411 | *</span></span> (for instance, as an argument to <span class= |
| 3412 | "CodeText"><span style= |
| 3413 | 'font-size: 10.0pt'>strlen</span></span>), since the |
| 3414 | correctness of this call depends on the representation of the |
| 3415 | abstract type. Splint also reports errors if any C |
| 3416 | operator except assignment (<span class= |
| 3417 | "CodeText"><span style='font-size:10.0pt'>=</span></span>) or |
| 3418 | <span class="CodeText"><span style= |
| 3419 | 'font-size:10.0pt'>sizeof</span></span> is used on an |
| 3420 | abstract type. The assignment operator is allowed since |
| 3421 | its semantics do not depend on the representation of the type |
| 3422 | (for abstract types whose instances can change value, a |
| 3423 | client does need to know if assignment has copy or sharing |
| 3424 | semantics as discussed in Section 4.3.2). The use of |
| 3425 | <span class="CodeText"><span style= |
| 3426 | 'font-size:10.0pt'>sizeof</span></span> is also |
| 3427 | permitted, since this is the only way for clients to allocate |
| 3428 | pointers to the abstract type. Type casting objects to |
| 3429 | or from abstract types in a client module is an abstraction |
| 3430 | violation and will generate a warning message.</p> |
| 3431 | <p class="TextFontCX"> </p> |
| 3432 | <p class="TextFontCX">Normally, Splint will assume a type |
| 3433 | definition is not abstract unless the <span class= |
| 3434 | "Annot"><span style='font-size:10.0pt'>/*@abstract@*/</span></span> |
| 3435 | qualifier is used. If instead you want all user-defined types |
| 3436 | to be abstract types unless they are marked as <span class= |
| 3437 | "Annot"><span style='font-size:10.0pt'>concrete</span></span>, the |
| 3438 | <span class="Flag"><span style= |
| 3439 | 'font-size:10.0pt'>+imp-abstract</span></span> flag can be |
| 3440 | used. This adds an implicit <span class= |
| 3441 | "Annot"><span style='font-size:10.0pt'>abstract</span></span> |
| 3442 | annotation to any <span class="CodeText"><span style= |
| 3443 | 'font-size:10.0pt'>typedef</span></span> that is not marked |
| 3444 | with <span class="Annot"><span style= |
| 3445 | 'font-size:10.0pt'>/*@concrete@*/</span></span>.</p> |
| 3446 | <p class="TextFontCX"> </p> |
| 3447 | <center> |
| 3448 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 3449 | cellpadding="0" style= |
| 3450 | 'width:418.5pt;margin-left:.9pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'> |
| 3451 | <tr style='height:13.45pt'> |
| 3452 | <td valign="top" style= |
| 3453 | 'width:211.5pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt;height:13.45pt'> |
| 3454 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 3455 | <span class="Keyword"><b><span style= |
| 3456 | 'font-size:10.0pt; color:white'>palindrome.c</span></b></span></p></td> |
| 3457 | <td valign="top" style= |
| 3458 | 'width:207.0pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt;height:13.45pt'> |
| 3459 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 3460 | <b><span style='color:white'>Running |
| 3461 | Splint</span></b></p></td></tr> |
| 3462 | <tr style='height:196.2pt'> |
| 3463 | <td valign="top" style= |
| 3464 | 'width:211.5pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt;height:196.2pt'> |
| 3465 | <p class="Verbatim"><span style='font-size:9.0pt'># include |
| 3466 | "bool.h"</span></p> |
| 3467 | <p class="Verbatim"><span style='font-size:9.0pt'># include |
| 3468 | "mstring.h"</span></p> |
| 3469 | <p class="Verbatim"><span style='font-size:9.0pt'> </span></p> |
| 3470 | <p class="Verbatim"><span style='font-size:9.0pt'>bool isPalindrome |
| 3471 | (mstring s)</span></p> |
| 3472 | <p class="Verbatim"><span style='font-size:9.0pt'>{</span></p> |
| 3473 | <p class="Verbatim"><span class="Line"><span style= |
| 3474 | 'font-size:8.0pt'> 6</span></span> <span style= |
| 3475 | 'font-size:9.0pt'>char *current = (char *) s;</span></p> |
| 3476 | <p class="Verbatim"><span class="Line"><span style= |
| 3477 | 'font-size:8.0pt'> 7</span></span> <span style= |
| 3478 | 'font-size:9.0pt'>int i, len = (int) strlen (s);</span></p> |
| 3479 | <p class="Verbatim"><span style='font-size:9.0pt'> </span></p> |
| 3480 | <p class="Verbatim"><span style='font-size:9.0pt'> for (i = |
| 3481 | 0; i <= (len+1) / 2; i++)</span></p> |
| 3482 | <p class="Verbatim"><span style= |
| 3483 | 'font-size:9.0pt'> {</span></p> |
| 3484 | <p class="Verbatim"><span class="Line"><span style= |
| 3485 | 'font-size:8.0pt'>11</span></span><span style= |
| 3486 | 'font-size:9.0pt'> if (current[i] != |
| 3487 | s[len-i-1])</span></p> |
| 3488 | <p class="Verbatim"><span style= |
| 3489 | 'font-size:9.0pt'> return |
| 3490 | FALSE;</span></p> |
| 3491 | <p class="Verbatim"><span style= |
| 3492 | 'font-size:9.0pt'> }</span></p> |
| 3493 | <p class="Verbatim"><span style='font-size:9.0pt'> return |
| 3494 | TRUE;</span></p> |
| 3495 | <p class="Verbatim"><span style='font-size:9.0pt'>}</span></p> |
| 3496 | <p class="Verbatim"><span style='font-size:9.0pt'> </span></p> |
| 3497 | <p class="Verbatim"><span style='font-size:9.0pt'>bool callPal |
| 3498 | (void)</span></p> |
| 3499 | <p class="Verbatim"><span style='font-size:9.0pt'>{</span></p> |
| 3500 | <p class="Verbatim"><span class="Line"><span style= |
| 3501 | 'font-size:8.0pt'>19</span></span><i><span style= |
| 3502 | 'font-size:9.0pt;font-family:Arial'> </span></i> |
| 3503 | <span style='font-size:9.0pt'>return (isPalindrome |
| 3504 | ("bob"));</span></p> |
| 3505 | <p class="Verbatim"><span style='font-size:9.0pt'>}</span></p></td> |
| 3506 | <td valign="top" style= |
| 3507 | 'width:207.0pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt;height:196.2pt'> |
| 3508 | <p class="lclintrun">> splint palindrome.c</p> |
| 3509 | <p class="lclintrun"> </p> |
| 3510 | <p class="lclintrun">palindrome.c:6: Cast from underlying</p> |
| 3511 | <p class="lclintrun"> abstract type mstring: |
| 3512 | (char *)s</p> |
| 3513 | <p class="lclintrun">palindrome.c:7: Function strlen expects |
| 3514 | arg</p> |
| 3515 | <p class="lclintrun"> 1 to be char * gets |
| 3516 | mstring: s</p> |
| 3517 | <p class="lclintrun">palindrome.c:11: Array fetch from |
| 3518 | non-array</p> |
| 3519 | <p class="lclintrun"> (mstring): s[len - i - |
| 3520 | 1]</p> |
| 3521 | <p class="lclintrun">palindrome.c:19: Function isPalindrome</p> |
| 3522 | <p class="lclintrun"> expects arg 1 to be mstring |
| 3523 | gets char *:</p> |
| 3524 | <p class="lclintrun"> "bob"</p> |
| 3525 | <p class="TextFontCX"> </p> |
| 3526 | <p class="lclintrun">Finished checking --- 4 code warnings</p> |
| 3527 | <p class="TextFontCX"><span style= |
| 3528 | 'font-size: 9.0pt;font-family:Times'> </span></p></td></tr></table> |
| 3529 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 3530 | <tr> |
| 3531 | <td valign="top" style= |
| 3532 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 3533 | <p class="MsoCaption"><a name="_Toc534824609"></a><a name= |
| 3534 | "_Toc347255385"></a><a name="_Ref344908730"></a><a name= |
| 3535 | "_Ref344908735">Figure 5</a>. Information Hiding |
| 3536 | Violations</p></td></tr></table></center> |
| 3537 | <p align="right"><i><span style= |
| 3538 | 'font-size:9.0pt'> Traditionally, programming books wax |
| 3539 | mathematical when they arrive at the topic of abstract data |
| 3540 | types…<br> |
| 3541 | Such books make it seem as if you’d never actually use an |
| 3542 | abstract data type except as a sleep aid.</span></i></p> |
| 3543 | |
| 3544 | <p class="TextFontCX" align="right" style='text-align:right'> |
| 3545 | <i><span style= |
| 3546 | 'font-size:9.0pt'> </span></i> |
| 3547 | <span style='font-size:9.0pt'> Steve |
| 3548 | McConnell</span></p> |
| 3549 | <p class="TextFontCX"><i> </i></p> |
| 3550 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 3551 | "_Toc534974954"></a><a name="_Ref344892422"></a><a name= |
| 3552 | "_Ref344870884"></a><a name="_Toc344355398">4.3.1<span style= |
| 3553 | 'font:7.0pt "Times New Roman"'> </span> |
| 3554 | Controlling Access</a></h3> |
| 3555 | <p class="TextFontCX">Where code may manipulate the representation |
| 3556 | of an abstract type, we say the code has <i>access</i> to that |
| 3557 | type. If code has access to an abstract type, the |
| 3558 | representation of the type and the abstract type are |
| 3559 | indistinguishable. Usually, a single program module that is |
| 3560 | the only code that has access to the type representation implements |
| 3561 | an abstract type. Sometimes, more complicated access control |
| 3562 | is desired if the implementation of an abstract type is split |
| 3563 | across program files, or particular client code needs to access the |
| 3564 | representation.</p> |
| 3565 | <p class="TextFontCX"> </p> |
| 3566 | <p class="beforelist">There are a several ways of selecting what |
| 3567 | code has access the representation of an abstract type:</p> |
| 3568 | <p class="TextFontCX" style= |
| 3569 | 'margin-left:12.95pt; text-indent:-12.95pt'><span style= |
| 3570 | 'font-family:Symbol'>·<span style= |
| 3571 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 3572 | Modules. An abstract type defined in <i><span style= |
| 3573 | 'font-size: 10.0pt;font-family:Arial'>M</span></i><span class="Keyword"> |
| 3574 | <span style= |
| 3575 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span> |
| 3576 | is accessible in <i><span style= |
| 3577 | 'font-size:10.0pt;font-family:Arial'>M</span></i><span class= |
| 3578 | "Keyword"><span style= |
| 3579 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.c</span></span>. |
| 3580 | Controlled by the <span class="Flag"><span style= |
| 3581 | 'font-size:10.0pt'>accessmodule</span></span> flag. This |
| 3582 | means when <span class="Flag"><span style= |
| 3583 | 'font-size:10.0pt'>accessmodule</span></span> is on, as it is by |
| 3584 | default, the module access rule is in effect. If |
| 3585 | <span class="Flag"><span style= |
| 3586 | 'font-size:10.0pt'>accessmodule</span></span> is off (when |
| 3587 | <span class="Flag"><span style= |
| 3588 | 'font-size:10.0pt'>-access-module</span></span> is used), the |
| 3589 | module access rule is not in effect and an abstract type |
| 3590 | defined in <i><span style= |
| 3591 | 'font-size:10.0pt;font-family:Arial'>M</span></i><span class= |
| 3592 | "Keyword"><span style= |
| 3593 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span> |
| 3594 | is not necessarily accessible in <i><span style= |
| 3595 | 'font-size:10.0pt;font-family: Arial'>M</span></i><span class="Keyword"> |
| 3596 | <span style= |
| 3597 | 'font-size:10.0pt; font-family:Arial;color:windowtext'>.c</span></span>.</p> |
| 3598 | <p class="TextFontCX" style= |
| 3599 | 'margin-left:12.95pt; text-indent:-12.95pt'><span style= |
| 3600 | 'font-family:Symbol'>·<span style= |
| 3601 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 3602 | File names. An abstract type named <span class= |
| 3603 | "CodeText"><i><span style='font-size:10.0pt'>type</span></i></span> |
| 3604 | is accessible in files named <span class= |
| 3605 | "CodeText"><i><span style='font-size:10.0pt'>type.<extension></span></i></span>. |
| 3606 | For example, the representation of <span class= |
| 3607 | "CodeText"><span style= |
| 3608 | 'font-size: 10.0pt'>mstring</span></span> is accessible in |
| 3609 | <span class="CodeText"><span style= |
| 3610 | 'font-size:10.0pt'>mstring.h</span></span> and <span class= |
| 3611 | "CodeText"><span style= |
| 3612 | 'font-size:10.0pt'>mstring.c</span></span>. Controlled |
| 3613 | by the <span class="Flag"><span style= |
| 3614 | 'font-size:10.0pt'>access-file</span></span> flag.</p> |
| 3615 | <p class="MsoListBullet"><span style= |
| 3616 | 'font-family:Symbol'>·<span style= |
| 3617 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 3618 | Function names. An abstract type named <span class= |
| 3619 | "CodeText"><i><span style= |
| 3620 | 'font-size: 10.0pt'>type</span></i></span> may be accessible in a |
| 3621 | function named <span class="CodeText"><i><span style= |
| 3622 | 'font-size:10.0pt'>type_name</span></i></span> or |
| 3623 | <span class="CodeText"><i><span style= |
| 3624 | 'font-size:10.0pt'>typeName</span></i></span>. For |
| 3625 | example, <span class="CodeText"><span style= |
| 3626 | 'font-size:10.0pt'>mstring_length</span></span> and |
| 3627 | <span class="CodeText"><span style= |
| 3628 | 'font-size:10.0pt'>mstringLength</span></span> would have |
| 3629 | access to the <span class="CodeText"><span style= |
| 3630 | 'font-size:10.0pt'>mstring</span></span> abstract type. |
| 3631 | Controlled by <span class="Flag"><span style= |
| 3632 | 'font-size:10.0pt'>accessfunction</span></span> and the |
| 3633 | naming convention (see Section 12).</p> |
| 3634 | <p class="TextFontCX" style= |
| 3635 | 'margin-left:12.95pt; text-indent:-12.95pt'><span style= |
| 3636 | 'font-family:Symbol'>·<span style= |
| 3637 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 3638 | Access control comments. The syntax <span class= |
| 3639 | "Annot"><span style='font-size:10.0pt'>/*@access |
| 3640 | <i>type</i>,<sup>+</sup>@*/</span></span><a href="#_ftn2" |
| 3641 | name="_ftnref2" title=""><span class= |
| 3642 | "MsoFootnoteReference"><span class= |
| 3643 | "MsoFootnoteReference"><span style= |
| 3644 | 'font-size:11.0pt;font-family:"Times New Roman"'>[2]</span></span></span></a> |
| 3645 | allows the following code to access the representation of |
| 3646 | <span class="CodeText"><i><span style= |
| 3647 | 'font-size:10.0pt'>type</span></i></span>. Similarly, |
| 3648 | <span class="Annot"><span style= |
| 3649 | 'font-size:10.0pt'>/*@noaccess</span></span> <span class= |
| 3650 | "Annot"><span style= |
| 3651 | 'font-size:10.0pt'><i>type</i>,<sup>+</sup>@*/</span></span> |
| 3652 | restricts access to the representation of <span class= |
| 3653 | "CodeText"><i><span style= |
| 3654 | 'font-size: 10.0pt'>type</span></i></span>. The type in |
| 3655 | a <span class="Annot"><span style= |
| 3656 | 'font-size:10.0pt'>noaccess</span></span> comment must have |
| 3657 | been declared as an abstract type.</p> |
| 3658 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 3659 | "_Toc534974955"></a><a name="_Toc344355399"></a><a name= |
| 3660 | "_Ref343240525"></a><a name="_Ref343240518">4.3.2<span style= |
| 3661 | 'font:7.0pt "Times New Roman"'> </span> |
| 3662 | Mutability</a></h3> |
| 3663 | <p class="TextFontCX">We can view types as being <i>mutable</i> or |
| 3664 | <i>immutable</i>. A type is mutable if passing it as a |
| 3665 | parameter to a function call can change the value of an instance of |
| 3666 | the type. For example, the primitive type <span class= |
| 3667 | "CodeText"><span style='font-size:10.0pt'>int</span></span> is |
| 3668 | immutable. If <span class="CodeText"><span style= |
| 3669 | 'font-size:10.0pt'>i</span></span> is a local variable of type |
| 3670 | <span class="CodeText"><span style= |
| 3671 | 'font-size:10.0pt'>int</span></span> and no variables point to the |
| 3672 | location where <span class="CodeText"><span style= |
| 3673 | 'font-size:10.0pt'>i</span></span> is stored, the value of |
| 3674 | <span class="CodeText"><span style= |
| 3675 | 'font-size:10.0pt'>i</span></span> must be the same before and |
| 3676 | after the call <span class="CodeText"><span style= |
| 3677 | 'font-size:10.0pt'>f (i)</span></span>. Structure and union |
| 3678 | types are also immutable, since they are copied when they are |
| 3679 | passed as arguments. On the other hand, pointer types are |
| 3680 | mutable. If <span class="CodeText"><span style= |
| 3681 | 'font-size:10.0pt'>x</span></span> is a local variable of type |
| 3682 | <span class="CodeText"><span style='font-size:10.0pt'>int |
| 3683 | *</span></span>, the value of <span class= |
| 3684 | "CodeText"><span style='font-size:10.0pt'>*x</span></span> |
| 3685 | (and hence, the value of the object <span class= |
| 3686 | "CodeText"><span style='font-size:10.0pt'>x</span></span>) |
| 3687 | can be changed by the function call <span class= |
| 3688 | "CodeText"><span style= |
| 3689 | 'font-size:10.0pt'>g(x)</span></span>. </p> |
| 3690 | <p class="TextFontCX"> </p> |
| 3691 | <p class="TextFontCX">The mutability of a concrete type is |
| 3692 | determined by its type definition. For abstract types, mutability |
| 3693 | does not depend on the type representation but on what operations |
| 3694 | the type provides. If an abstract type has operations that may |
| 3695 | change the value of instances of the type, the type is |
| 3696 | mutable. If not, it is immutable. The value of an |
| 3697 | instance of an immutable type never changes. Since object |
| 3698 | sharing is noticeable only for mutable types, they are checked |
| 3699 | differently from immutable types.</p> |
| 3700 | <p class="TextFontCX"> </p> |
| 3701 | <p class="beforelist">The <span class="Annot"><span style= |
| 3702 | 'font-size:10.0pt'>/*@mutable@*/</span></span> and |
| 3703 | <span class="Annot"><span style= |
| 3704 | 'font-size:10.0pt'>/*@immutable@*/</span></span> annotations |
| 3705 | are used to declare an abstract type as mutable or |
| 3706 | immutable. (If neither is used, the abstract type is |
| 3707 | assumed to be mutable.) For example,</p> |
| 3708 | <p class="Verbatim"> typedef /*@abstract@*/ |
| 3709 | /*@mutable@*/ char *mstring;</p> |
| 3710 | <p class="Verbatim"> typedef /*@abstract@*/ |
| 3711 | /*@immutable@*/ int weekDay;</p> |
| 3712 | <p class="afterlist">declares <span class= |
| 3713 | "CodeText"><span style='font-size:10.0pt'>mstring</span></span> |
| 3714 | as a mutable abstract type and <span class= |
| 3715 | "CodeText"><span style= |
| 3716 | 'font-size: 10.0pt'>weekDay</span></span> as an immutable |
| 3717 | abstract type.</p> |
| 3718 | <p class="TextFontCX"> </p> |
| 3719 | <p class="TextFontCX">Clients of a mutable abstract type need to |
| 3720 | know the semantics of assignment. After the assignment |
| 3721 | expression <span class="CodeText"><span style='font-size:10.0pt'>s |
| 3722 | = t</span></span>, do <span class="CodeText"><span style= |
| 3723 | 'font-size:10.0pt'>s</span></span> and <span class= |
| 3724 | "CodeText"><span style='font-size:10.0pt'>t</span></span> refer to |
| 3725 | the same object (that is, will changes to the value of |
| 3726 | <span class="CodeText"><span style= |
| 3727 | 'font-size:10.0pt'>s</span></span> also change the value of |
| 3728 | <span class="CodeText"><span style= |
| 3729 | 'font-size:10.0pt'>t</span></span>).</p> |
| 3730 | <p class="TextFontCX"> </p> |
| 3731 | <p class="TextFontCX">Splint prescribes that all abstract types |
| 3732 | have sharing semantics, so <span class= |
| 3733 | "CodeText"><span style='font-size:10.0pt'>s</span></span> and |
| 3734 | <span class="CodeText"><span style= |
| 3735 | 'font-size:10.0pt'>t</span></span> would indeed be the same |
| 3736 | object. Splint will produce a warning if a mutable type |
| 3737 | is implemented with a representation (e.g., a <span class= |
| 3738 | "CodeText"><span style= |
| 3739 | 'font-size:10.0pt'>struct</span></span>) that does not |
| 3740 | provide sharing semantics (controlled by <span class= |
| 3741 | "Flag"><span style= |
| 3742 | 'font-size:10.0pt'>mutrep</span></span> flag). </p> |
| 3743 | <p class="TextFontCX"> </p> |
| 3744 | <p class="TextFontCX">The mutability of an abstract type is not |
| 3745 | necessarily the same as the mutability of its representation. We |
| 3746 | could use the immutable concrete type <span class= |
| 3747 | "CodeText"><span style='font-size:10.0pt'>int</span></span> to |
| 3748 | represent mutable strings using an index into a string table, or |
| 3749 | declare <span class="CodeText"><span style= |
| 3750 | 'font-size:10.0pt'>mstring</span></span> as immutable as long as no |
| 3751 | operations are provided that modify the value of an |
| 3752 | <span class="CodeText"><span style= |
| 3753 | 'font-size:10.0pt'>mstring</span></span>.</p> |
| ed62d3fb |
3754 | |
| 3755 | |
| 3756 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 3757 | "_Toc534974956"></a><a name="_Toc344355422"></a><a name= |
| 3758 | "_Ref343109614">4.3.3<span style= |
| 3759 | 'font:7.0pt "Times New Roman"'> </span> |
| 3760 | Semi-Abstract Types</a></h2> |
| 04c4d6c2 |
3761 | <p class="TextFontCX"> |
| 3762 | Sometimes it is useful to have a type that is abstract in some ways, but can be used with the standard numerical operators. Splint supports numabstract types for this purpose. The <span class="CodeText"><span style='font-size:10.0pt'>/*@numabstract@*/</span></span> annotation denotes a numabstract type. Splint will report warnings when numabstract types are used inconsistently, but allow binary numeric operators to operate on two values of the same numabstract type. |
| ed62d3fb |
3763 | |
| 36ba812d |
3764 | Several flags control the strictness of type checking for numabstract types: |
| 04c4d6c2 |
3765 | <span class="flag"><span style= |
| 3766 | 'font-size:10.0pt'>numabstract, numabstractcast, numabstractlit, numabstractindex, |
| 3767 | </span></span> |
| 36ba812d |
3768 | and |
| 04c4d6c2 |
3769 | <span class="flag"><span style= |
| 3770 | 'font-size:10.0pt'> numabstractprint |
| 3771 | </span></span>. |
| 3772 | </p> |
| 36ba812d |
3773 | |
| 36ba812d |
3774 | |
| 9645dee1 |
3775 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 3776 | "_Toc534974956"></a><a name="_Toc344355422"></a><a name= |
| 3777 | "_Ref343109614">4.4<span style= |
| 3778 | 'font:7.0pt "Times New Roman"'> </span> |
| 3779 | Polymorphism</a></h2> |
| 3780 | <p class="TextFontCX">In C, all declarators must be declared to |
| 3781 | have exactly one type. This makes it impossible to write |
| 3782 | functions that operate on more than one type of parameter – |
| 3783 | for example, we cannot use the same square function for |
| 3784 | <span class="CodeText"><span style= |
| 3785 | 'font-size:10.0pt'>int</span></span>s and <span class= |
| 3786 | "CodeText"><span style= |
| 3787 | 'font-size:10.0pt'>float</span></span>s. Because of the |
| 3788 | stricter type checking made possible by Splint, it is often |
| 3789 | useful to declare a parameter that has more than one possible |
| 3790 | type.</p> |
| 3791 | <p class="TextFontCX"> </p> |
| 3792 | <p class="TextFontCX">Splint provides alternate types to indicate |
| 3793 | that a declaration may be one of several possible types. The |
| 3794 | <span class="Annot"><span style='font-size:10.0pt'>/*@alt |
| 3795 | <i>type</i>,<sup>+</sup>@*/</span></span> annotation creates a |
| 3796 | union type. For example, <span class= |
| 3797 | "CodeText"><span style='font-size:10.0pt'>int</span></span> |
| 3798 | <a href="mailto:/*@alt"><span class="Annot"><span style= |
| 3799 | 'font-size:10.0pt'>/*@alt</span></span></a><span class= |
| 3800 | "Annot"><span style='font-size:10.0pt'>char, |
| 3801 | unsigned</span></span> <a href="mailto:char@*/"><span class= |
| 3802 | "Annot"><span style= |
| 3803 | 'font-size:10.0pt'>char@*/</span></span></a><span class= |
| 3804 | "CodeText"><span style='font-size:10.0pt'>c</span></span> |
| 3805 | declares <span class="CodeText"><span style= |
| 3806 | 'font-size:10.0pt'>c</span></span> such that either an |
| 3807 | <span class="CodeText"><span style= |
| 3808 | 'font-size:10.0pt'>int</span></span>, <span class= |
| 3809 | "CodeText"><span style='font-size:10.0pt'>char</span></span> |
| 3810 | or <span class="CodeText"><span style= |
| 3811 | 'font-size:10.0pt'>unsigned char</span></span> value may be |
| 3812 | assigned to it without warning.</p> |
| 3813 | <p class="TextFontCX"> </p> |
| 3814 | <p class="TextFontCX">One use of alternate types is to specify the |
| 3815 | type of a macro that operates on multiple types of operands (see |
| 3816 | Section 11.2.1). Alternate types are also useful for |
| 3817 | declaring functions for which the return value may be safely |
| 3818 | ignored (see Section 8.4.2). A function can be declared to |
| 3819 | return <span class="CodeText"><i><span style= |
| 3820 | 'font-size:10.0pt'>t</span></i></span> <a href= |
| 3821 | "mailto:/*@alt"><span class="Annot"><span style= |
| 3822 | 'font-size:10.0pt'>/*@alt</span></span></a><a href= |
| 3823 | "mailto:void@*/"><span class="Annot"><span style= |
| 3824 | 'font-size:10.0pt'>void@*/</span></span></a> to indicate that it |
| 3825 | returns a value of type <span class= |
| 3826 | "CodeText"><i><span style='font-size:10.0pt'>t</span></i></span>, |
| 3827 | but there should be not warning if that value is ignored.</p> |
| 3828 | <h1 style='margin-left:0in;text-indent:0in'><a name= |
| 3829 | "_Toc534974957"></a><a name="_Ref534008388">5<span style= |
| 3830 | 'font:7.0pt "Times New Roman"'> </span> |
| 3831 | <a id="memory" name="memory"> |
| 3832 | Memory Management</a> |
| 3833 | </a></h1> |
| 3834 | <p class="TextFontCX">About half the bugs in typical C programs can |
| 3835 | be attributed to memory management problems. Memory |
| 3836 | management bugs are notoriously difficult to detect through |
| 3837 | traditional techniques. Often, the symptom of the bug is far |
| 3838 | removed from its actual source. Memory management bugs often |
| 3839 | only appear sporadically and some bugs may only be apparent when |
| 3840 | compiler optimizations are turned on or the code is compiled on a |
| 3841 | different platform. Run-time tools offer some help, but are |
| 3842 | cumbersome to use and limited to detecting errors that occur when |
| 3843 | test cases are run. By detecting these errors statically, we |
| 3844 | can be confident that certain types of errors will never occur and |
| 3845 | provide verified documentation on the memory management behavior of |
| 3846 | a program. </p> |
| 3847 | <p class="TextFontCX"> </p> |
| 3848 | <p class="beforelist">Splint can detect many memory management |
| 3849 | errors at compile time including using storage that may have been |
| 3850 | deallocated (Section 5.2), memory leaks (Section 5.2), or |
| 3851 | returning a pointer to stack-allocated storage (Section |
| 3852 | 5.2.6).</p> |
| 3853 | <p align="right"><i><span style='font-size:9.0pt'>Yea, from the |
| 3854 | table of my memory I'll wipe away all trivial fond records, all |
| 3855 | saws of books,<br> |
| 3856 | all forms, all pressures past, that youth and observation copied |
| 3857 | there.</span></i><br> |
| 3858 | <span style='font-size:9.0pt'>Hamlet prefers |
| 3859 | garbage collection (Shakespeare, Hamlet. Act I, Scene |
| 3860 | v)</span></p> |
| 3861 | <p class="afterlist">Most of these checks depend on annotations |
| 3862 | added to programs to document assumptions related to memory |
| 3863 | management and pointer values. By documenting these |
| 3864 | assumptions for function interfaces, variables, type definitions |
| 3865 | and structure fields, memory management bugs can be detected at |
| 3866 | their source — where an assumption is violated. In |
| 3867 | addition, precise documentation about memory management decisions |
| 3868 | makes it easier to change code.</p> |
| 3869 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 3870 | "_Toc534974958"></a><a name="_Toc344355408">5.1<span style= |
| 3871 | 'font:7.0pt "Times New Roman"'> </span> |
| 3872 | Storage Model</a></h2> |
| 3873 | <p class="TextFontCX">This section describes execution-time |
| 3874 | concepts for describing the state of storage more precisely than |
| 3875 | can be done using standard C terminology. Certain uses of |
| 3876 | storage are likely to indicate program bugs, and are reported as |
| 3877 | anomalies.<a href="#_ftn3" name="_ftnref3" title= |
| 3878 | ""><span class="MsoFootnoteReference"><b><span class= |
| 3879 | "MsoFootnoteReference"><b><span style= |
| 3880 | 'font-size:11.0pt;font-family:"Times New Roman"'>[3]</span></b></span></b></span></a></p> |
| 3881 | <p class="TextFontCX"> </p> |
| 3882 | <p class="TextFontCX">Splint assumes a CLU-like object storage |
| 3883 | model.<a href="#_ftn4" name="_ftnref4" title=""><span class= |
| 3884 | "MsoFootnoteReference"><span class= |
| 3885 | "MsoFootnoteReference"><span style= |
| 3886 | 'font-size:11.0pt;font-family:"Times New Roman"'>[4]</span></span></span></a> |
| 3887 | An <i>object</i> is a typed region of storage. Some objects |
| 3888 | use a fixed amount of storage that is allocated and deallocated |
| 3889 | automatically by the compiler. Other objects use dynamic |
| 3890 | storage that must be managed by the program.</p> |
| 3891 | <p class="TextFontCX"> </p> |
| 3892 | <p class="TextFontCX">Storage is <i>undefined</i> if it has not |
| 3893 | been assigned a value, and <i>defined</i> after it has been |
| 3894 | assigned a value. An object is <i>completely defined</i> if |
| 3895 | all storage that may be reached from it is defined. What |
| 3896 | storage is reachable from an object depends on the type and value |
| 3897 | of the object. For example, if <span class= |
| 3898 | "CodeText"><span style='font-size:10.0pt'>p</span></span> is a |
| 3899 | pointer to a structure, <span class="CodeText"><span style= |
| 3900 | 'font-size:10.0pt'>p</span></span> is completely defined if the |
| 3901 | value of <span class="CodeText"><span style= |
| 3902 | 'font-size:10.0pt'>p</span></span> is <span class= |
| 3903 | "CodeText"><span style='font-size:10.0pt'>NULL</span></span>, or if |
| 3904 | every field of the structure <span class= |
| 3905 | "CodeText"><span style='font-size:10.0pt'>p</span></span> |
| 3906 | points to is completely defined.</p> |
| 3907 | <p class="TextFontCX"> </p> |
| 3908 | <p class="TextFontCX">When an expression is used as the left side |
| 3909 | of an assignment expression we say it is <i>used as an |
| 3910 | lvalue</i>. Its location in memory is used, but not its |
| 3911 | value. Undefined storage may be used as an lvalue since only |
| 3912 | its location is needed. When storage is used in any other |
| 3913 | way, such as on the right side of an assignment, as an operand to a |
| 3914 | primitive operator (including the indirection operator, |
| 3915 | <span class="CodeText"><span style= |
| 3916 | 'font-size:10.0pt'>*</span></span>),<a href="#_ftn5" name= |
| 3917 | "_ftnref5" title=""><span class= |
| 3918 | "MsoFootnoteReference"><span class= |
| 3919 | "MsoFootnoteReference"><span style= |
| 3920 | 'font-size:11.0pt;font-family:"Times New Roman"'>[5]</span></span></span></a> |
| 3921 | or as a function parameter, we say it is <i>used as an |
| 3922 | rvalue</i>. It is an anomaly to use undefined storage |
| 3923 | as an rvalue.</p> |
| 3924 | <p class="TextFontCX"> </p> |
| 3925 | <p class="TextFontCX">A <i>pointer</i> is a typed memory |
| 3926 | address. A pointer is either <i>live</i> or |
| 3927 | <i>dead</i>. A live pointer is either <span class= |
| 3928 | "CodeText"><span style='font-size:10.0pt'>NULL</span></span> or an |
| 3929 | address within allocated storage. A pointer that points to an |
| 3930 | object is an <i>object</i> pointer. A pointer that points |
| 3931 | inside an object (e.g., to the third element of an allocated block) |
| 3932 | is an <i>offset</i> pointer. A pointer that points to |
| 3933 | allocated storage that is not defined is an <i>allocated</i> |
| 3934 | pointer. The result of dereferencing an allocated pointer is |
| 3935 | undefined storage. Hence, it is an anomaly to use it as an |
| 3936 | rvalue. A dead (or “dangling”) pointer does not |
| 3937 | point to allocated storage. A pointer becomes dead if the |
| 3938 | storage it points to is deallocated (e.g., the pointer is passed to |
| 3939 | the <span class="CodeText"><span style= |
| 3940 | 'font-size:10.0pt'>free</span></span> library function.) It |
| 3941 | is an anomaly to use a dead pointer as an rvalue.</p> |
| 3942 | <p class="TextFontCX"> </p> |
| 3943 | <p class="TextFontCX">There is a special object <i>null</i> |
| 3944 | corresponding to the <span class="CodeText"><span style= |
| 3945 | 'font-size:10.0pt'>NULL</span></span>pointer in a C program. |
| 3946 | A pointer that may have the value <span class= |
| 3947 | "CodeText"><span style='font-size:10.0pt'>NULL</span></span> is a |
| 3948 | <i>possibly-null</i> pointer. It is an anomaly to use a |
| 3949 | possibly-null pointer where a non-null pointer is expected (e.g., |
| 3950 | certain function arguments or the indirection operator).</p> |
| 3951 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 3952 | "_Toc534974959"></a><a name="_Ref347476065"></a><a name= |
| 3953 | "_Ref347469133"></a><a name="_Ref347465595"></a><a name= |
| 3954 | "_Ref344893840"></a><a name="_Toc344355409">5.2<span style= |
| 3955 | 'font:7.0pt "Times New Roman"'> </span> |
| 3956 | Deallocation Errors</a></h2> |
| 3957 | <p class="TextFontCX">There are two kinds of deallocation errors |
| 3958 | with which we are concerned: deallocating storage when there |
| 3959 | are other live references to the same storage, or failing to |
| 3960 | deallocate storage before the last reference to it is lost. |
| 3961 | To handle these deallocation errors, we introduce a concept of an |
| 3962 | obligation to release storage. Every time storage is |
| 3963 | allocated, it creates an obligation to release the storage. |
| 3964 | This obligation is attached to the reference to which the storage |
| 3965 | is assigned.<a href="#_ftn6" name="_ftnref6" title= |
| 3966 | ""><span class="MsoFootnoteReference"><span class= |
| 3967 | "MsoFootnoteReference"><span style= |
| 3968 | 'font-size:11.0pt;font-family:"Times New Roman"'>[6]</span></span></span></a> |
| 3969 | Before the scope of the reference is exited or it is assigned |
| 3970 | to a new value, the storage to which it points must be |
| 3971 | released. Annotations can be used to indicate that |
| 3972 | this obligation is transferred through a return value, |
| 3973 | function parameter or assignment to an external |
| 3974 | reference.</p> |
| 3975 | <p align="right"><i><span style='font-size:9.0pt'>‘Tis in my |
| 3976 | memory lock’d, and you yourself shall keep the key of |
| 3977 | it.</span></i><br> |
| 3978 | <span style='font-size:9.0pt'>Ophelia prefers explicit |
| 3979 | deallocation (Hamlet. Act I, Scene iii)</span></p> |
| 3980 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 3981 | "_Toc534974960">5.2.1<span style= |
| 3982 | 'font:7.0pt "Times New Roman"'> </span> |
| 3983 | Unshared References</a></h3> |
| 3984 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 3985 | 'font-size:10.0pt'>only</span></span> annotation is used to |
| 3986 | indicate a reference is the only pointer to the object it points |
| 3987 | to. We can view the reference as having an obligation to |
| 3988 | release this storage. This obligation is satisfied by |
| 3989 | transferring it to some other reference in one of three ways:</p> |
| 3990 | <p class="MsoListBullet"><span style= |
| 3991 | 'font-family:Symbol'>·<span style= |
| 3992 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 3993 | pass it as an actual parameter corresponding to a formal parameter |
| 3994 | declared with an <span class="Annot"><span style= |
| 3995 | 'font-size:10.0pt'>only</span></span> |
| 3996 | annotation </p> |
| 3997 | <p class="MsoListBullet"><span style= |
| 3998 | 'font-family:Symbol'>·<span style= |
| 3999 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 4000 | assign it to an external reference declared with an |
| 4001 | <span class="Annot"><span style= |
| 4002 | 'font-size:10.0pt'>only</span></span> annotation</p> |
| 4003 | <p class="MsoListBullet"><span style= |
| 4004 | 'font-family:Symbol'>·<span style= |
| 4005 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 4006 | return it as a result declared with an <span class= |
| 4007 | "Annot"><span style='font-size:10.0pt'>only</span></span> |
| 4008 | annotation</p> |
| 4009 | <p class="afterlist">After the release obligation is transferred, |
| 4010 | the original reference is a dead pointer and the storage it points |
| 4011 | to may not be used.</p> |
| 4012 | <p class="TextFontCX"> </p> |
| 4013 | <p class="TextFontCX">All obligations to release storage stem from |
| 4014 | primitive allocation routines (e.g., <span class= |
| 4015 | "CodeText"><span style='font-size:10.0pt'>malloc</span></span>), |
| 4016 | and are ultimately satisfied by calls to <span class= |
| 4017 | "CodeText"><span style='font-size:10.0pt'>free</span></span>. |
| 4018 | The standard library declared the primitive allocation and |
| 4019 | deallocation routines.</p> |
| 4020 | <p class="TextFontCX"> </p> |
| 4021 | <p class="TextFontCX">The basic memory allocator, |
| 4022 | <span class="CodeText"><span style= |
| 4023 | 'font-size:10.0pt'>malloc</span></span>, is declared:</p> |
| 4024 | <p class="example"><a href="mailto:/*@only@*/">/*@only@*/</a> |
| 4025 | /*@null@*/ void *malloc (size_t size);</p> |
| 4026 | <p class="TextFontCX">It returns an object that is referenced only |
| 4027 | by the function return value. </p> |
| 4028 | <p class="TextFontCX"> </p> |
| 4029 | <p class="TextFontCX">The deallocator, <span class= |
| 4030 | "CodeText"><span style='font-size:10.0pt'>free</span></span>, is |
| 4031 | declared:<a href="#_ftn7" name="_ftnref7" title= |
| 4032 | ""><span class="MsoFootnoteReference"><span class= |
| 4033 | "MsoFootnoteReference"><span style= |
| 4034 | 'font-size:11.0pt;font-family:"Times New Roman"'>[7]</span></span></span></a></p> |
| 4035 | <p class="example">void free (/*@only@*/ <a href= |
| 4036 | "mailto:/*@out@*/">/*@out@*/</a> <a href= |
| 4037 | "mailto:/*@null@*/">/*@null@*/</a> void *ptr);</p> |
| 4038 | <center> |
| 4039 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 4040 | cellpadding="0" style= |
| 4041 | 'margin-left:5.4pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'> |
| 4042 | <tr> |
| 4043 | <td valign="top" style= |
| 4044 | 'width:193.5pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 4045 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 4046 | <a name="_Ref344990094"><span class="Keyword"><b><span style= |
| 4047 | 'font-size:10.0pt;color:white'>only.c</span></b></span></a></p></td> |
| 4048 | <td valign="top" style= |
| 4049 | 'width:225.0pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 4050 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 4051 | <b><span style='color:white'>Running |
| 4052 | Splint</span></b></p></td></tr> |
| 4053 | <tr> |
| 4054 | <td valign="top" style= |
| 4055 | 'width:193.5pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'> |
| 4056 | <p class="Verbatim"><i><span style= |
| 4057 | 'font-size:8.0pt;font-family:Arial'>1 </span></i> |
| 4058 | <span style='font-size:9.5pt'>extern /*@only@*/ int |
| 4059 | *glob;</span></p> |
| 4060 | <p class="Verbatim"><span style='font-size:9.5pt'> </span></p> |
| 4061 | <p class="Verbatim"><span style='font-size:9.5pt'>/*@only@*/ int |
| 4062 | *</span></p> |
| 4063 | <p class="Verbatim"><span style='font-size:9.5pt'>f (/*@only@*/ int |
| 4064 | *x, int *y,</span></p> |
| 4065 | <p class="Verbatim"><span style='font-size:9.5pt'> int |
| 4066 | *z)</span></p> |
| 4067 | <p class="Verbatim"><span style='font-size:9.5pt'> /*@globals |
| 4068 | glob;@*/</span></p> |
| 4069 | <p class="Verbatim"><span style='font-size:9.5pt'>{</span></p> |
| 4070 | <p class="Verbatim"><i><span style= |
| 4071 | 'font-size:8.0pt;font-family:Arial'> 8</span></i> |
| 4072 | <span style='font-size:9.5pt'>int *m = (int *)</span></p> |
| 4073 | <p class="Verbatim"><i><span style= |
| 4074 | 'font-size:8.0pt;font-family:Arial'> 9</span></i><span style='font-size:9.5pt'> |
| 4075 | malloc (sizeof (int));</span></p> |
| 4076 | <p class="Verbatim"><span style='font-size:9.5pt'> </span></p> |
| 4077 | <p class="Verbatim"><i><span style= |
| 4078 | 'font-size:8.0pt;font-family:Arial'>11</span></i> |
| 4079 | <span style='font-size:9.5pt'>glob = |
| 4080 | y; </span> <i><span style= |
| 4081 | 'font-size:9.5pt; font-family:"Times New Roman"'>Memory |
| 4082 | leak</span></i></p> |
| 4083 | <p class="Verbatim"><i><span style= |
| 4084 | 'font-size:8.0pt;font-family:Arial'>12</span></i> |
| 4085 | <span style='font-size:9.5pt'>free (x);</span></p> |
| 4086 | <p class="Verbatim"><i><span style= |
| 4087 | 'font-size:8.0pt;font-family:Arial'>13</span></i> |
| 4088 | <span style='font-size:9.5pt'>*m = |
| 4089 | *x; </span> <i><span style= |
| 4090 | 'font-size:9.5pt; font-family:"Times New Roman"'>Use after |
| 4091 | free</span></i></p> |
| 4092 | <p class="Verbatim"><i><span style= |
| 4093 | 'font-size:8.0pt;font-family:Arial'>14</span></i> |
| 4094 | <span style='font-size:9.5pt'>return |
| 4095 | z; </span> <i><span style= |
| 4096 | 'font-size:9.5pt; font-family:"Times New Roman"'>Memory leak |
| 4097 | detected</span></i><i><span style= |
| 4098 | 'font-size:9.5pt;font-family:Arial'> </span></i></p> |
| 4099 | <p class="TextFontCX"><span style= |
| 4100 | 'font-size: 9.5pt'>}</span></p></td> |
| 4101 | <td valign="top" style= |
| 4102 | 'width:225.0pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 4103 | <p class="lclintrun">> splint only.c</p> |
| 4104 | <p class="lclintrun">only.c:11: Only storage glob (type int *) not |
| 4105 | released</p> |
| 4106 | <p class="lclintrun"> |
| 4107 | |
| 4108 | before assignment: glob = y</p> |
| 4109 | <p class="lclintrun"> only.c:1: Storage glob becomes |
| 4110 | only</p> |
| 4111 | <p class="lclintrun">only.c:11: Implicitly temp storage y assigned |
| 4112 | to only:</p> |
| 4113 | <p class="lclintrun"> |
| 4114 | |
| 4115 | glob = y</p> |
| 4116 | <p class="lclintrun">only.c:13: Dereference of possibly null |
| 4117 | pointer m: *m</p> |
| 4118 | <p class="lclintrun"> only.c:8: Storage m may become |
| 4119 | null</p> |
| 4120 | <p class="lclintrun">only.c:13: Variable x used after being |
| 4121 | released</p> |
| 4122 | <p class="lclintrun"> only.c:12: Storage x released</p> |
| 4123 | <p class="lclintrun">only.c:14: Implicitly temp storage z returned |
| 4124 | as only: z</p> |
| 4125 | <p class="lclintrun">only.c:14: Fresh storage m not released before |
| 4126 | return</p> |
| 4127 | <p class="lclintrun" style='page-break-after:avoid'> |
| 4128 | only.c:9: Fresh storage m |
| 4129 | allocated </p></td></tr></table> |
| 4130 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 4131 | <tr> |
| 4132 | <td valign="top" align="left" style= |
| 4133 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 4134 | <p class="MsoCaption"><a name="_Toc534824610">Figure 6. |
| 4135 | Memory Management</a></p></td></tr></table> |
| 4136 | <p class="TextFontCX">The parameter to <span class= |
| 4137 | "CodeText"><span style='font-size:10.0pt'>free</span></span> must |
| 4138 | reference an unshared object. Since the parameter is declared |
| 4139 | using <span class="Annot"><span style= |
| 4140 | 'font-size:10.0pt'>only</span></span>, the caller may not use the |
| 4141 | referenced object after the call, and may not pass in a reference |
| 4142 | to a shared object. There is nothing special about |
| 4143 | <span class="CodeText"><span style= |
| 4144 | 'font-size:10.0pt'>malloc</span></span> and <span class= |
| 4145 | "CodeText"><span style='font-size:10.0pt'>free</span></span> |
| 4146 | — their behavior can be described entirely in terms of the |
| 4147 | provided annotations.</p> |
| 4148 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 4149 | "_Ref347468963"></a><a name="_Toc534974961"></a><a name= |
| 4150 | "_Ref347469360">5.2.2<span style= |
| 4151 | 'font:7.0pt "Times New Roman"'> </span> |
| 4152 | Temporary Parameters</a></h3> |
| 4153 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 4154 | 'font-size:10.0pt'>temp</span></span> annotation is used to |
| 4155 | declare a function parameter that is used temporarily by the |
| 4156 | function. An error is reported if the function releases the |
| 4157 | storage associated with a <span class="Annot"><span style= |
| 4158 | 'font-size:10.0pt'>temp</span></span> formal parameter or creates |
| 4159 | new aliases to it that are visible after the function |
| 4160 | returns. Any storage may be passed as a <span class= |
| 4161 | "Annot"><span style='font-size:10.0pt'>temp</span></span> |
| 4162 | parameter, and it satisfies its original memory constraints after |
| 4163 | the function returns.</p> |
| 4164 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 4165 | "_Toc534974962">5.2.3<span style= |
| 4166 | 'font:7.0pt "Times New Roman"'> </span> |
| 4167 | Owned and Dependent References</a></h3> |
| 4168 | <p class="TextFontCX">In real programs it is sometimes necessary to |
| 4169 | have storage that is shared between several possibly |
| 4170 | references. The <span class="Annot"><span style= |
| 4171 | 'font-size:10.0pt'>owned</span></span> and <span class= |
| 4172 | "Annot"><span style='font-size:10.0pt'>dependent</span></span> |
| 4173 | annotations provide a more flexible way of managing storage, at the |
| 4174 | cost of less checking. The <span class= |
| 4175 | "Annot"><span style='font-size:10.0pt'>owned</span></span> |
| 4176 | annotation denotes a reference with an obligation to release |
| 4177 | storage. Unlike <span class="Annot"><span style= |
| 4178 | 'font-size:10.0pt'>only</span></span>, however, other |
| 4179 | external references marked with <span class= |
| 4180 | "Annot"><span style= |
| 4181 | 'font-size:10.0pt'>dependent</span></span> annotations may |
| 4182 | share this object. It is up to the programmer to ensure |
| 4183 | that the lifetime of a <span class="Annot"><span style= |
| 4184 | 'font-size:10.0pt'>dependent</span></span> reference is |
| 4185 | contained within the lifetime of the corresponding |
| 4186 | <span class="Annot"><span style= |
| 4187 | 'font-size:10.0pt'>owned</span></span> reference.</p> |
| 4188 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 4189 | "_Toc534974963"></a><a name="_Ref347805800">5.2.4<span style= |
| 4190 | 'font:7.0pt "Times New Roman"'> </span> |
| 4191 | Keep Parameters</a></h3> |
| 4192 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 4193 | 'font-size:10.0pt'>keep</span></span> annotation is similar to |
| 4194 | <span class="Annot"><span style= |
| 4195 | 'font-size:10.0pt'>only</span></span>, except the caller may use |
| 4196 | the reference after the call. The called function must assign |
| 4197 | the <span class="Annot"><span style= |
| 4198 | 'font-size:10.0pt'>keep</span></span> parameter to an |
| 4199 | <span class="Annot"><span style= |
| 4200 | 'font-size:10.0pt'>only</span></span> reference, or pass it |
| 4201 | as a <span class="Annot"><span style= |
| 4202 | 'font-size:10.0pt'>keep</span></span> parameter to another |
| 4203 | function. It is up to the programmer to make sure that |
| 4204 | the calling function does not use this reference after it is |
| 4205 | released. The <span class="Annot"><span style= |
| 4206 | 'font-size:10.0pt'>keep</span></span> annotation is useful |
| 4207 | for adding an object to a collection (e.g., a symbol table), |
| 4208 | where it is known that it will not be deallocated until the |
| 4209 | collection is.</p> |
| 4210 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 4211 | "_Toc534974964"></a><a name="_Ref347469304">5.2.5<span style= |
| 4212 | 'font:7.0pt "Times New Roman"'> </span> |
| 4213 | Shared References</a></h3> |
| 4214 | <p class="TextFontCX">If Splint is used to check a program designed |
| 4215 | to be used in a garbage-collected environment, there may be storage |
| 4216 | that is shared by one or more references and never explicitly |
| 4217 | released. The <span class="Annot"><span style= |
| 4218 | 'font-size:10.0pt'>shared</span></span> annotation declares storage |
| 4219 | that may be shared arbitrarily, but never released.</p> |
| 4220 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 4221 | "_Toc534974965"></a><a name="_Ref348341639">5.2.6<span style= |
| 4222 | 'font:7.0pt "Times New Roman"'> </span> |
| 4223 | Stack References</a></h3> |
| 4224 | <p class="TextFontCX">Local variables that are not allocated |
| 4225 | dynamically are stored on a call stack. When a function |
| 4226 | returns, its stack frame is deallocated, destroying the storage |
| 4227 | associated with the function’s local variables. A |
| 4228 | memory error occurs if a pointer into this storage is live after |
| 4229 | the function returns. Splint detects errors involving stack |
| 4230 | references exported from a function through return values or |
| 4231 | assignments to references reachable from global variables or actual |
| 4232 | parameters. No annotations are needed to detect stack |
| 4233 | reference errors, since it is clear from a declaration if storage |
| 4234 | is allocated on the function stack. Figure 7 gives and |
| 4235 | example of errors reported involving stack-allocated storage.</p> |
| 4236 | <center> |
| 4237 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 4238 | cellpadding="0" style= |
| 4239 | 'margin-left:5.4pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'> |
| 4240 | <tr> |
| 4241 | <td valign="top" style= |
| 4242 | 'width:2.25in;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 4243 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 4244 | <span class="Keyword"><b><span style= |
| 4245 | 'font-size:10.0pt; color:white'>stack.c</span></b></span></p></td> |
| 4246 | <td valign="top" style= |
| 4247 | 'width:256.5pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 4248 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 4249 | <b><span style='color:white'>Running |
| 4250 | Splint</span></b></p></td></tr> |
| 4251 | <tr> |
| 4252 | <td valign="top" style= |
| 4253 | 'width:2.25in;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'> |
| 4254 | <p class="Verbatim">int *glob;</p> |
| 4255 | <p class="Verbatim"> </p> |
| 4256 | <p class="Verbatim">/*@dependent@*/ int *</p> |
| 4257 | <p class="Verbatim"> f (int **x)</p> |
| 4258 | <p class="Verbatim">{</p> |
| 4259 | <p class="Verbatim"> int sa[2] = { 0, 1 };</p> |
| 4260 | <p class="Verbatim"> int loc = 3;</p> |
| 4261 | <p class="Verbatim"> </p> |
| 4262 | <p class="Verbatim"><span class="Line"><span style= |
| 4263 | 'font-size:8.0pt'> 9</span></span> glob = &loc;</p> |
| 4264 | <p class="Verbatim"><span class="Line"><span style= |
| 4265 | 'font-size:8.0pt'>10</span></span> *x = &sa[0];</p> |
| 4266 | <p class="Verbatim"> </p> |
| 4267 | <p class="Verbatim"><span class="Line"><span style= |
| 4268 | 'font-size:8.0pt'>12</span></span> return &loc;</p> |
| 4269 | <p class="Verbatim">} </p></td> |
| 4270 | <td valign="top" style= |
| 4271 | 'width:256.5pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 4272 | <p class="lclintrun">> splint stack.c</p> |
| 4273 | <p class="lclintrun">stack.c:12: Stack-allocated storage &loc |
| 4274 | reachable</p> |
| 4275 | <p class="lclintrun"> |
| 4276 | |
| 4277 | from return value: &loc</p> |
| 4278 | <p class="lclintrun">stack.c:12: Stack-allocated storage *x |
| 4279 | reachable from</p> |
| 4280 | <p class="lclintrun"> |
| 4281 | |
| 4282 | parameter x</p> |
| 4283 | <p class="lclintrun"> stack.c:10: Storage *x becomes |
| 4284 | stack</p> |
| 4285 | <p class="lclintrun">stack.c:12: Stack-allocated storage glob |
| 4286 | reachable</p> |
| 4287 | <p class="lclintrun"> |
| 4288 | |
| 4289 | from global glob</p> |
| 4290 | <p class="lclintrun"> stack.c:9: Storage glob becomes |
| 4291 | stack</p> |
| 4292 | <p class="lclintrun"> </p> |
| 4293 | <p class="TextFontCX" align="left" style= |
| 4294 | 'text-align:left;page-break-after:avoid'><i>A</i> |
| 4295 | <span class="Annot"><span style= |
| 4296 | 'font-size:10.0pt'>dependent</span></span> <i>annotation is |
| 4297 | used on the return value. Without this, other warnings |
| 4298 | would be reported, since the result would have an |
| 4299 | implicit</i> <span class="Annot"><span style= |
| 4300 | 'font-size: 10.0pt'>only</span></span> |
| 4301 | <i>annotation.</i></p></td></tr></table> |
| 4302 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 4303 | <tr> |
| 4304 | <td valign="top" style= |
| 4305 | 'padding-top:5.05pt;padding-right: 9.35pt;padding-bottom:5.05pt;padding-left:9.35pt'> |
| 4306 | <p class="MsoCaption"><a name="_Toc534824611"></a><a name= |
| 4307 | "_Ref534821941">Figure 7</a>. Stack-Allocated |
| 4308 | Storage</p></td></tr></table></center> |
| 4309 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 4310 | "_Toc534974966">5.2.7<span style= |
| 4311 | 'font:7.0pt "Times New Roman"'> </span> |
| 4312 | Inner Storage</a></h3> |
| 4313 | <p class="TextFontCX">An annotation always applies to the outermost |
| 4314 | level of storage. For example,</p> |
| 4315 | <p class="example">/*@only@*/ int **x;</p> |
| 4316 | <p class="beforelist">declares <span class= |
| 4317 | "CodeText"><span style='font-size:10.0pt'>x</span></span> as |
| 4318 | an unshared pointer to a pointer to an <span class= |
| 4319 | "CodeText"><span style= |
| 4320 | 'font-size:10.0pt'>int</span></span>. The <span class= |
| 4321 | "Flag"><span style='font-size:10.0pt'>only</span></span> |
| 4322 | annotation applies to <span class="CodeText"><span style= |
| 4323 | 'font-size:10.0pt'>x</span></span>, but not to <span class= |
| 4324 | "CodeText"><span style= |
| 4325 | 'font-size:10.0pt'>*x</span></span>. To apply |
| 4326 | annotations to inner storage a type definition may be |
| 4327 | used:</p> |
| 4328 | <p class="Verbatim"> typedef /*@only@*/ int *oip;</p> |
| 4329 | <p class="Verbatim"> /*@only@*/ oip *x;</p> |
| 4330 | <p class="afterlist">Now, x is an <span class= |
| 4331 | "Annot"><span style='font-size:10.0pt'>only</span></span> |
| 4332 | pointer to an <span class="Annot"><span style= |
| 4333 | 'font-size:10.0pt'>oip</span></span>, which is an |
| 4334 | <span class="Annot"><span style= |
| 4335 | 'font-size:10.0pt'>only</span></span> pointer to an |
| 4336 | <span class="Annot"><span style= |
| 4337 | 'font-size:10.0pt'>int</span></span>.</p> |
| 4338 | <p class="afterlist">When annotations are used in type definitions, |
| 4339 | they may be overridden in instance declarations. For |
| 4340 | example,</p> |
| 4341 | <p class="example">/*@dependent@*/ oip x;</p> |
| 4342 | <p class="TextFontCX">makes <span class= |
| 4343 | "CodeText"><span style='font-size:10.0pt'>x</span></span> a |
| 4344 | <span class="Annot"><span style= |
| 4345 | 'font-size:10.0pt'>dependent</span></span> pointer to an |
| 4346 | <span class="CodeText"><span style= |
| 4347 | 'font-size:10.0pt'>int</span></span>. Another way to |
| 4348 | apply annotations to inner storage is to use a state clause |
| 4349 | (see Section 7.4).</p> |
| 4350 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 4351 | "_Toc534974967"></a><a name="_Ref347812243"></a><a name= |
| 4352 | "_Ref344893978"></a><a name="_Toc344355410">5.3<span style= |
| 4353 | 'font:7.0pt "Times New Roman"'> </span> |
| 4354 | Implicit Memory Annotations</a></h2> |
| 4355 | <p class="TextFontCX">Since it is important that Splint can check |
| 4356 | unannotated programs effectively, the meaning of declarations with |
| 4357 | no memory annotations is chosen to minimize the number of |
| 4358 | annotations needed to get useful checking on an unannotated |
| 4359 | program.</p> |
| 4360 | <p class="TextFontCX"> </p> |
| 4361 | <p class="TextFontCX">An implicit memory management annotation may |
| 4362 | be assumed for declarations with no explicit memory management |
| 4363 | annotation. Implicit annotations are checked identically to |
| 4364 | the corresponding explicit annotation, except error messages |
| 4365 | indicate that they result from an implicit annotation. Figure |
| 4366 | 8 illustrates some implicit annotations.</p> |
| 4367 | <p class="TextFontCX"> </p> |
| 4368 | <p class="TextFontCX">Unannotated function parameters are assumed |
| 4369 | to be <span class="Annot"><span style= |
| 4370 | 'font-size:10.0pt'>temp</span></span>. This means if memory |
| 4371 | checking is turned on for an unannotated program, all functions |
| 4372 | that release storage referenced by a parameter or assign a global |
| 4373 | variable to alias the storage will produce error messages. |
| 4374 | (Controlled by <span class="Flag"><span style= |
| 4375 | 'font-size:10.0pt'>paramimptemp</span></span>.)</p> |
| 4376 | <p class="TextFontCX"> </p> |
| 4377 | <center> |
| 4378 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 4379 | cellpadding="0" style= |
| 4380 | 'width:423.0pt;margin-left:.9pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'> |
| 4381 | <tr style='page-break-inside:avoid'> |
| 4382 | <td colspan="2" valign="top" style= |
| 4383 | 'width:423.0pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 4384 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 4385 | <span class="Keyword"><b><span style= |
| 4386 | 'font-size:10.0pt; color:white'>implicit.c</span></b></span></p></td></tr> |
| 4387 | <tr> |
| 4388 | <td valign="top" style= |
| 4389 | 'width:207.0pt;border-top:none;border-left: solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:none; padding:0in 5.4pt 0in 5.4pt'> |
| 4390 | <p class="Verbatim">typedef struct {</p> |
| 4391 | <p class="Verbatim"> <span class= |
| 4392 | "implicit"><b>only</b></span> char *name;</p> |
| 4393 | <p class="Verbatim"> int val;</p> |
| 4394 | <p class="Verbatim">} *rec;</p> |
| 4395 | <p class="Verbatim"> </p> |
| 4396 | <p class="Verbatim">extern <span class= |
| 4397 | "implicit"><b>only</b></span> rec rec_last ;</p> |
| 4398 | <p class="Verbatim"> </p> |
| 4399 | <p class="Verbatim">extern <span class= |
| 4400 | "implicit"><b>only</b></span> rec</p> |
| 4401 | <p class="Verbatim"> rec_create (<span class= |
| 4402 | "implicit"><b>temp</b></span> char *name,</p> |
| 4403 | <p class="Verbatim"> |
| 4404 | |
| 4405 | int val) ;</p> |
| 4406 | <p class="TextFontCX"><i>Annotations in</i> <span class= |
| 4407 | "Keyword"><b><i><span style= |
| 4408 | 'font-size:10.0pt;color:windowtext'>italics</span></i></b></span> |
| 4409 | <i>are not present in the code, but may be implied depending on |
| 4410 | flag settings.</i></p></td> |
| 4411 | <td valign="top" style= |
| 4412 | 'width:3.0in;border-top:none;border-left:none; border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 4413 | <p class="TextFontCX"> </p> |
| 4414 | <p class="TextFontCX" align="left" style='text-align:left'> |
| 4415 | <i>Implicit</i> <span class="Annot"><i><span style= |
| 4416 | 'font-size:10.0pt'>only</span></i></span> <i>annotation on mutable |
| 4417 | structure field if</i> <span class="Flag"><span style= |
| 4418 | 'font-size:10.0pt'>structimponly</span></span> <i>is on.</i></p> |
| 4419 | <p class="lclintrun"><i> </i></p> |
| 4420 | <p class="TextFontCX" align="left" style='text-align:left'> |
| 4421 | <i>Implicit</i> <span class="Annot"><span style= |
| 4422 | 'font-size:10.0pt'>only</span></span> <i>annotation on mutable |
| 4423 | global variables if</i> <span class="Flag"><span style= |
| 4424 | 'font-size:10.0pt'>globimponly</span></span> <i>is on.</i></p> |
| 4425 | <p class="TextFontCX" align="left" style='text-align:left'> |
| 4426 | <i> </i></p> |
| 4427 | <p class="TextFontCX" align="left" style= |
| 4428 | 'text-align:left;page-break-after:avoid'><i>Implicit</i> |
| 4429 | <span class="Annot"><span style= |
| 4430 | 'font-size:10.0pt'>only</span></span> <i>annotation on mutable |
| 4431 | function result if</i> <span class="Flag"><span style= |
| 4432 | 'font-size: 10.0pt'>retimponly</span></span> <i>is set. |
| 4433 | Implicit</i> <span class="Annot"><span style= |
| 4434 | 'font-size:10.0pt'>temp</span></span> <i>annotation on mutable |
| 4435 | parameter if</i> <span class="Flag"><span style= |
| 4436 | 'font-size:10.0pt'>paramimptemp</span></span> <i>is |
| 4437 | set.</i></p></td></tr></table> |
| 4438 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 4439 | <tr> |
| 4440 | <td valign="top" align="left" style= |
| 4441 | 'padding-top:.1in;padding-right: 9.35pt;padding-bottom:.1in;padding-left:9.35pt'> |
| 4442 | <p class="MsoCaption"><a name="_Toc534824612"></a><a name= |
| 4443 | "_Ref534822006">Figure 8</a>. Implicit |
| 4444 | Annotations</p></td></tr></table></center> |
| 4445 | <p class="TextFontCX">Unannotated return values, structure fields |
| 4446 | and global variables are assumed to be <span class= |
| 4447 | "Annot"><span style='font-size:10.0pt'>only</span></span>. |
| 4448 | With implicit annotations (on by default), turning on memory |
| 4449 | checking for an unannotated program will produce errors for any |
| 4450 | function that does not return unshared storage or assignment of |
| 4451 | shared storage to a global variable or structure field. If an |
| 4452 | exposure qualifier is used (see Section 6.2), the implied |
| 4453 | <span class="Annot"><span style= |
| 4454 | 'font-size: 10.0pt'>dependent</span></span> annotation is used |
| 4455 | instead of the more generally implied <span class= |
| 4456 | "Annot"><span style='font-size:10.0pt'>only</span></span> |
| 4457 | annotation. (Controlled by <span class= |
| 4458 | "Flag"><span style='font-size:10.0pt'>retimponly</span></span>, |
| 4459 | <span class="Flag"><span style= |
| 4460 | 'font-size:10.0pt'>structimponly</span></span> and |
| 4461 | <span class="Flag"><span style= |
| 4462 | 'font-size:10.0pt'>globimponly</span></span>. The |
| 4463 | <span class="Flag"><span style= |
| 4464 | 'font-size:10.0pt'>allimponly</span></span> flag sets |
| 4465 | all of the implicit only flags.) </p> |
| 4466 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 4467 | "_Toc534974968"></a><a name="_Ref534970957"></a><a name= |
| 4468 | "_Ref347469058"></a><a name="_Ref344907383"></a><a name= |
| 4469 | "_Toc344355411">5.4<span style= |
| 4470 | 'font:7.0pt "Times New Roman"'> </span> |
| 4471 | Reference Counting</a></h2> |
| 4472 | <p class="TextFontCX">Another approach to memory management is to |
| 4473 | add a field to a type to explicitly keep track of the number of |
| 4474 | references to that storage. Every time a reference is added |
| 4475 | or lost the reference count is adjusted accordingly; if it would |
| 4476 | become zero, the storage is released. Reference counting it |
| 4477 | difficult to do without automatic checking since it is easy to |
| 4478 | forget to increment or decrement the reference count, and |
| 4479 | exceedingly difficult to track down these errors.</p> |
| 4480 | <p class="TextFontCX"> </p> |
| 4481 | <p class="TextFontCX">Splint supports reference counting by using |
| 4482 | annotations to constrain the use of reference counted storage in a |
| 4483 | manner similar to other memory management annotations.</p> |
| 4484 | <p class="TextFontCX"> </p> |
| 4485 | <p class="TextFontCX">A reference counted type is declared using |
| 4486 | the <span class="Annot"><span style= |
| 4487 | 'font-size:10.0pt'>refcounted</span></span> annotation. Only |
| 4488 | pointer to <span class="CodeText"><span style= |
| 4489 | 'font-size:10.0pt'>struct</span></span> types may be declared as |
| 4490 | <span class="Annot"><span style= |
| 4491 | 'font-size:10.0pt'>refcounted</span></span>, since reference |
| 4492 | counted storage must have a field to count the references. |
| 4493 | One field in the structure (or integral type) is preceded by the |
| 4494 | <span class="Annot"><span style= |
| 4495 | 'font-size:10.0pt'>refs</span></span> annotation to indicate that |
| 4496 | the value of this field is the number of live references to the |
| 4497 | structure. For example (in <span class="Keyword"><span style= |
| 4498 | 'font-size:10.0pt;font-family:Arial; color:windowtext'>rstring.h</span></span>),</p> |
| 4499 | <p class="Verbatim" style='margin-top:6.0pt'> |
| 4500 | typedef /*@abstract@*/ |
| 4501 | /*@refcounted@*/ struct {</p> |
| 4502 | <p class="Verbatim"> |
| 4503 | /*@refs@*/ int refs;</p> |
| 4504 | <p class="Verbatim"> char |
| 4505 | *contents;</p> |
| 4506 | <p class="Verbatim"> } *rstring;</p> |
| 4507 | <p class="afterlist">declares <span class= |
| 4508 | "CodeText"><span style='font-size:10.0pt'>rstring</span></span> |
| 4509 | as an abstract, reference-counted type. The |
| 4510 | <span class="CodeText"><span style= |
| 4511 | 'font-size:10.0pt'>refs</span></span> field counts the number |
| 4512 | of references and the <span class="CodeText"><span style= |
| 4513 | 'font-size:10.0pt'>contents</span></span> field holds the |
| 4514 | contents of a string.</p> |
| 4515 | <p class="TextFontCX"> </p> |
| 4516 | <center> |
| 4517 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 4518 | cellpadding="0" style= |
| 4519 | 'width:425.5pt;margin-left:.2in;border-collapse:collapse'> |
| 4520 | <tr> |
| 4521 | <td valign="top" style= |
| 4522 | 'width:267.05pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 4523 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 4524 | <span class="Keyword"><b><span style= |
| 4525 | 'font-size:10.0pt; color:white'>rstring.c</span></b></span></p></td> |
| 4526 | <td valign="top" style= |
| 4527 | 'width:158.45pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 4528 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 4529 | <b><span style='color:white'>Running |
| 4530 | Splint</span></b></p></td></tr> |
| 4531 | <tr> |
| 4532 | <td valign="top" style= |
| 4533 | 'width:267.05pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'> |
| 4534 | <p class="Verbatim"><span style='font-size:9.0pt'># include |
| 4535 | "rstring.h"</span></p> |
| 4536 | <p class="Verbatim"><span style='font-size:9.0pt'> </span></p> |
| 4537 | <p class="Verbatim"><span style='font-size:9.0pt'>static rstring |
| 4538 | rstring_ref (rstring r)</span></p> |
| 4539 | <p class="Verbatim"><span style='font-size:9.0pt'>{</span></p> |
| 4540 | <p class="Verbatim"><span style='font-size:9.0pt'> |
| 4541 | r->refs++;</span></p> |
| 4542 | <p class="Verbatim"><span class="Line"><span style= |
| 4543 | 'font-size:8.0pt'>6</span></span> <span style= |
| 4544 | 'font-size:9.0pt'>return r;</span></p> |
| 4545 | <p class="Verbatim"><span style='font-size:9.0pt'>}</span></p> |
| 4546 | <p class="Verbatim"><span style='font-size:9.0pt'> </span></p> |
| 4547 | <p class="Verbatim"><span style='font-size:9.0pt'>rstring |
| 4548 | rstring_first (rstring r1, rstring r2)</span></p> |
| 4549 | <p class="Verbatim"><span style='font-size:9.0pt'>{</span></p> |
| 4550 | <p class="Verbatim"><span style='font-size:9.0pt'> if (strcmp |
| 4551 | (r1->contents, r2->contents) < 0)</span></p> |
| 4552 | <p class="Verbatim"><span class="Line"><span style= |
| 4553 | 'font-size:8.0pt'>12</span></span><span style= |
| 4554 | 'font-size:9.0pt'> return r1;</span></p> |
| 4555 | <p class="Verbatim"><span style='font-size:9.0pt'> |
| 4556 | else</span></p> |
| 4557 | <p class="Verbatim"><span class="Line"><span style= |
| 4558 | 'font-size:8.0pt'>14</span></span><span style= |
| 4559 | 'font-size:9.0pt'> return rstring_ref |
| 4560 | (r2);</span></p> |
| 4561 | <p class="Verbatim"><span style='font-size:9.0pt'>}</span></p></td> |
| 4562 | <td valign="top" style= |
| 4563 | 'width:158.45pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 4564 | <p class="lclintrun">> splint rstring.c</p> |
| 4565 | <p class="lclintrun">rstring.c:12: Reference counted </p> |
| 4566 | <p class="lclintrun"> storage returned without |
| 4567 | modifying</p> |
| 4568 | <p class="lclintrun"> reference count: r1</p> |
| 4569 | <p class="lclintrun"><i> </i></p> |
| 4570 | <p class="TextFontCX" align="left" style='text-align:left'> |
| 4571 | <i><span style='font-size:10.0pt'>No error is reported for line 6 |
| 4572 | since the reference count was incremented. No error is |
| 4573 | reported for line 14, since</span></i> <span class= |
| 4574 | "CodeText"><i><span style= |
| 4575 | 'font-size:10.0pt'>rstring_ref</span></i></span><i><span style='font-size:10.0pt'> |
| 4576 | returns a new reference.</span></i></p> |
| 4577 | <p class="TextFontCX" align="left" style= |
| 4578 | 'text-align:left;page-break-after:avoid'><span style= |
| 4579 | 'font-size:10.0pt'> </span></p></td></tr></table> |
| 4580 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 4581 | align="center"> |
| 4582 | <tr> |
| 4583 | <td valign="top" align="left" style= |
| 4584 | 'padding-top:.1in;padding-right: 0in;padding-bottom:.1in;padding-left:0in'> |
| 4585 | <p class="MsoCaption"><a name="_Toc534824613"></a><a name= |
| 4586 | "_Ref534822069">Figure 9</a>. Reference |
| 4587 | Counting</p></td></tr></table></center> |
| 4588 | <br clear="all"> |
| 4589 | |
| 4590 | <p class="TextFontCX">All functions that return <span class= |
| 4591 | "Annot"><span style='font-size:10.0pt'>refcounted</span></span> |
| 4592 | storage must increase the reference count before returning. |
| 4593 | Splint cannot determine if the reference count was increased, so |
| 4594 | any function that directly returns a reference to |
| 4595 | <span class="Annot"><span style= |
| 4596 | 'font-size:10.0pt'>refcounted</span></span> storage will |
| 4597 | produce an error. This is avoided, by using a function |
| 4598 | to return a new reference (e.g., <span class= |
| 4599 | "CodeText"><span style= |
| 4600 | 'font-size:10.0pt'>rstring_ref</span></span> in Figure |
| 4601 | 9).</p> |
| 4602 | <p class="TextFontCX"> </p> |
| 4603 | <p class="TextFontCX">A reference counted type may be passed as a |
| 4604 | <span class="Annot"><span style= |
| 4605 | 'font-size:10.0pt'>temp</span></span> or <span class= |
| 4606 | "Annot"><span style='font-size:10.0pt'>dependent</span></span> |
| 4607 | parameter. It may not be passed as an <span class= |
| 4608 | "Annot"><span style='font-size:10.0pt'>only</span></span> |
| 4609 | parameter. Instead, the <span class= |
| 4610 | "Annot"><span style='font-size:10.0pt'>killref</span></span> |
| 4611 | annotation is used to denote a parameter whose reference is |
| 4612 | eliminated by the function call. Like <span class= |
| 4613 | "Annot"><span style='font-size:10.0pt'>only</span></span> |
| 4614 | parameters, an actual parameter corresponding to a |
| 4615 | <span class="Annot"><span style= |
| 4616 | 'font-size:10.0pt'>killref</span></span> formal parameter may |
| 4617 | not be used in the calling function after the call. |
| 4618 | Splint checks that the implementation of a function releases |
| 4619 | all <span class="Annot"><span style= |
| 4620 | 'font-size:10.0pt'>killref</span></span> parameters, either |
| 4621 | by passing them as <span class="Annot"><span style= |
| 4622 | 'font-size: 10.0pt'>killref</span></span> parameters, or |
| 4623 | assigning or returning them without increasing the reference |
| 4624 | count.</p> |
| 4625 | <h1 style='margin-left:0in;text-indent:0in'><a name= |
| 4626 | "_Ref348845247"></a><a name="_Ref348796245"></a><a name= |
| 4627 | "_Toc344355413"></a><a name="_Ref344355210"></a><a name= |
| 4628 | "_Ref343064238"></a><a name="_Ref343064188"></a><a name= |
| 4629 | "_Toc534974969"></a><a name="_Ref534642796"></a><a name= |
| 4630 | "_Ref534642146">6<span style= |
| 4631 | 'font:7.0pt "Times New Roman"'> </span> |
| 4632 | <a id="sharing" name="sharing"> |
| 4633 | Sharing</a></a></h1> |
| 4634 | <p class="TextFontCX">Errors involving unexpected sharing of |
| 4635 | storage can cause serious problems. Undocumented sharing may |
| 4636 | lead to unpredictable modifications, and some library calls (e.g., |
| 4637 | <span class="CodeText"><span style= |
| 4638 | 'font-size:10.0pt'>strcpy</span></span>) have undefined behavior if |
| 4639 | parameters share storage. Another class of sharing errors |
| 4640 | occurs when clients of an abstract type may obtain a reference to |
| 4641 | mutable storage that is part of the abstract representation. |
| 4642 | This exposes the representation of the abstract type, since clients |
| 4643 | may modify an instance of the abstract type indirectly through this |
| 4644 | shared storage.</p> |
| 4645 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 4646 | "_Ref534977801"></a><a name="_Toc534974970">6.1<span style= |
| 4647 | 'font:7.0pt "Times New Roman"'> </span> |
| 4648 | Aliasing</a></h2> |
| 4649 | <p class="TextFontCX">Splint detects errors involving dangerous |
| 4650 | aliasing of parameters. Some of these errors are already |
| 4651 | detected through the standard memory annotations (e.g., |
| 4652 | <span class="Annot"><span style= |
| 4653 | 'font-size:10.0pt'>only</span></span> parameters may not |
| 4654 | be aliases.) Two additional annotations are |
| 4655 | provided for constraining aliasing of parameters and return |
| 4656 | values.</p> |
| 4657 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 4658 | "_Toc534974971"></a><a name="_Ref347469444">6.1.1<span style= |
| 4659 | 'font:7.0pt "Times New Roman"'> </span> |
| 4660 | Unique Parameters</a></h3> |
| 4661 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 4662 | 'font-size:10.0pt'>unique</span></span> annotation denotes a |
| 4663 | parameter that may not be aliased by any other storage reachable |
| 4664 | from the function implementation — that is, any storage |
| 4665 | reachable through the other parameters or global variables used by |
| 4666 | the function. The <span class="Annot"><span style= |
| 4667 | 'font-size:10.0pt'>unique</span></span> annotation places similar |
| 4668 | constraints on function parameters as the <span class= |
| 4669 | "Annot"><span style='font-size:10.0pt'>only</span></span> |
| 4670 | annotation, but it does not transfer the obligation to release |
| 4671 | storage. Splint will report an error if a <span class= |
| 4672 | "Annot"><span style='font-size:10.0pt'>unique</span></span> |
| 4673 | parameter may be aliased by another parameter or global |
| 4674 | variable.</p> |
| 4675 | <p class="TextFontCX"> </p> |
| 4676 | <p class="TextFontCX">Splint reports an error if a function returns |
| 4677 | a reference to storage reachable from one of its parameters (if |
| 4678 | <span class="Flag"><span style= |
| 4679 | 'font-size:10.0pt'>retalias</span></span> is on) since this may |
| 4680 | introduce unexpected aliases in the body of the calling function |
| 4681 | when the result is assigned.</p> |
| 4682 | <p class="TextFontCX"> </p> |
| 4683 | <p class="TextFontCX">Figure 10 illustrated sharing checks. |
| 4684 | An error is reported since the first parameter to the library |
| 4685 | function <span class="CodeText"><span style= |
| 4686 | 'font-size:10.0pt'>strcpy</span></span> is declared with |
| 4687 | unique. If a <span class="CodeText"><span style= |
| 4688 | 'font-size:10.0pt'>unique</span></span> qualifier were added to the |
| 4689 | parameter declaration for <span class="CodeText"><span style= |
| 4690 | 'font-size:10.0pt'>s</span></span> or <span class= |
| 4691 | "CodeText"><span style='font-size:10.0pt'>t</span></span>, no error |
| 4692 | would be reported. </p> |
| 4693 | <center> |
| 4694 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 4695 | cellpadding="0" style= |
| 4696 | 'margin-left:5.4pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'> |
| 4697 | <tr> |
| 4698 | <td valign="top" style= |
| 4699 | 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 4700 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 4701 | <span class="Keyword"><b><span style= |
| 4702 | 'font-size:10.0pt; color:white'>unique.c</span></b></span></p></td> |
| 4703 | <td valign="top" style= |
| 4704 | 'border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 4705 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 4706 | <b><span style='color:white'>Running |
| 4707 | Splint</span></b></p></td></tr> |
| 4708 | <tr> |
| 4709 | <td valign="top" style= |
| 4710 | 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'> |
| 4711 | <p class="Verbatim"># include <string.h></p> |
| 4712 | <p class="Verbatim"> </p> |
| 4713 | <p class="Verbatim">void </p> |
| 4714 | <p class="Verbatim">capitalize (/*@out@*/ char *s,</p> |
| 4715 | <p class="Verbatim"> |
| 4716 | char *t)</p> |
| 4717 | <p class="Verbatim">{</p> |
| 4718 | <p class="Verbatim"><span class="Line"><span style= |
| 4719 | 'font-size:8.0pt'> 7</span></span> strcpy (s, t);</p> |
| 4720 | <p class="Verbatim"> *s = toupper (*s);</p> |
| 4721 | <p class="Verbatim">}</p></td> |
| 4722 | <td valign="top" style= |
| 4723 | 'border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 4724 | <p class="lclintrun">> splint unique.c</p> |
| 4725 | <p class="lclintrun"> </p> |
| 4726 | <p class="lclintrun">unique.c: (in function capitalize)</p> |
| 4727 | <p class="lclintrun">unique.c:7: Parameter 1 (s) to function strcpy |
| 4728 | is</p> |
| 4729 | <p class="lclintrun"> declared unique but may be |
| 4730 | aliased externally by</p> |
| 4731 | <p class="lclintrun"> parameter 2 (t)</p> |
| 4732 | <p class="lclintrun"> </p></td></tr></table> |
| 4733 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 4734 | <tr> |
| 4735 | <td valign="top" align="left" style= |
| 4736 | 'padding-top:6.5pt;padding-right: 9.35pt;padding-bottom:6.5pt;padding-left:9.35pt'> |
| 4737 | <p class="MsoCaption"><a name="_Toc534824614"></a><a name= |
| 4738 | "_Ref534822167">Figure 10</a>. Unique |
| 4739 | parameters</p></td></tr></table></center> |
| 4740 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 4741 | "_Toc534974972"></a><a name="_Ref347469448">6.1.2<span style= |
| 4742 | 'font:7.0pt "Times New Roman"'> </span> |
| 4743 | Returned Parameters</a></h3> |
| 4744 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 4745 | 'font-size:10.0pt'>returned</span></span> annotation denotes a |
| 4746 | parameter that may be aliased by the return value. Splint |
| 4747 | checks the call assuming the result may be an alias to the |
| 4748 | <span class="Annot"><span style= |
| 4749 | 'font-size:10.0pt'>returned</span></span> parameter.</p> |
| 4750 | <p class="TextFontCX"> </p> |
| 4751 | <p class="TextFontCX">Consider the following code excerpt:</p> |
| 4752 | <p class="TextFontCX"> </p> |
| 4753 | <p class="Verbatim">extern intSet intSet_insert (/*@returned@*/ |
| 4754 | intSet s, int x);</p> |
| 4755 | <p class="Verbatim"> </p> |
| 4756 | <p class="Verbatim">intSet intSet_singleton (int x)</p> |
| 4757 | <p class="Verbatim">{</p> |
| 4758 | <p class="Verbatim"><span class="Line"><span style= |
| 4759 | 'font-size:8.0pt'>7</span></span> return (intSet_insert |
| 4760 | (intSet_new (), x));</p> |
| 4761 | <p class="TextFontCX">}</p> |
| 4762 | <p class="TextFontCX"> </p> |
| 4763 | <p class="TextFontCX">Without the <span class= |
| 4764 | "Annot"><span style='font-size:10.0pt'>returned</span></span> |
| 4765 | qualifier on the parameter to <span class= |
| 4766 | "CodeText"><span style= |
| 4767 | 'font-size:10.0pt'>intSet_insert</span></span>, a memory leak |
| 4768 | error would be reported for line 7, since the <span class= |
| 4769 | "Annot"><span style='font-size:10.0pt'>only</span></span> |
| 4770 | storage returned by <span class="CodeText"><span style= |
| 4771 | 'font-size:10.0pt'>intSet_new</span></span> is not |
| 4772 | released. Because of the <span class= |
| 4773 | "Annot"><span style='font-size:10.0pt'>returned</span></span> |
| 4774 | qualifier, Splint assumes the result of <span class= |
| 4775 | "CodeText"><span style= |
| 4776 | 'font-size:10.0pt'>intSet_insert</span></span> is the same |
| 4777 | storage as its first parameter, in this case the storage |
| 4778 | returned by <span class="CodeText"><span style= |
| 4779 | 'font-size:10.0pt'>intSet_new</span></span>. No error |
| 4780 | is reported, since the only storage is then transferred |
| 4781 | through the return value (which has an implicit only |
| 4782 | annotation, see Section 5.3).</p> |
| 4783 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 4784 | "_Ref344907981"></a><a name="_Ref344894258"></a><a name= |
| 4785 | "_Ref344809320"></a><a name="_Toc344355414"></a><a name= |
| 4786 | "_Toc534974973"></a><a name="_Ref345591408"></a><a name= |
| 4787 | "_Ref345591053">6.2<span style= |
| 4788 | 'font:7.0pt "Times New Roman"'> </span> |
| 4789 | Exposure</a></h2> |
| 4790 | <p class="TextFontCX">Splint detects places where the |
| 4791 | representation of an abstract type is exposed. This occurs if |
| 4792 | a client has a pointer to storage that is part of the |
| 4793 | representation of an instance of the abstract type. The |
| 4794 | client can then modify or examine the storage this points to, and |
| 4795 | manipulate the value of the abstract type instance without using |
| 4796 | its operations.</p> |
| 4797 | <p class="TextFontCX"> </p> |
| 4798 | <p class="TextFontCX">There are three ways a representation may be |
| 4799 | exposed:</p> |
| 4800 | <p class="TextFontCX" style= |
| 4801 | 'margin-left:.25in; text-indent:-.25in'>1.<span style= |
| 4802 | 'font:7.0pt "Times New Roman"'> </span> |
| 4803 | Returning (or assigning to a global variable) an object that |
| 4804 | includes a pointer to a mutable component of an abstract |
| 4805 | type representation. (Controlled by <span class= |
| 4806 | "Flag"><span style= |
| 4807 | 'font-size:10.0pt'>ret-expose</span></span>).</p> |
| 4808 | <p class="TextFontCX" style= |
| 4809 | 'margin-left:.25in; text-indent:-.25in'>2.<span style= |
| 4810 | 'font:7.0pt "Times New Roman"'> </span> |
| 4811 | Assigning a mutable component of an abstract object to storage |
| 4812 | reachable from an actual parameter or a global variable that may be |
| 4813 | used after the call. This means the client may |
| 4814 | manipulate the abstract object using the actual parameter after the |
| 4815 | call. Note that if the corresponding formal parameter is |
| 4816 | declared <span class="Annot"><span style= |
| 4817 | 'font-size:10.0pt'>only</span></span>, the caller may not use the |
| 4818 | actual parameter after the call so the representation is not |
| 4819 | exposed. (Controlled by <span class="Flag"><span style= |
| 4820 | 'font-size:10.0pt'>assign-expose</span></span>).</p> |
| 4821 | <p class="TextFontCX" style= |
| 4822 | 'margin-left:.25in; text-indent:-.25in'>3.<span style= |
| 4823 | 'font:7.0pt "Times New Roman"'> </span> |
| 4824 | Casting mutable storage to or from an abstract type. |
| 4825 | (Controlled by <span class="Flag"><span style= |
| 4826 | 'font-size:10.0pt'>cast-expose</span></span>).</p> |
| 4827 | <p class="afterlist">Annotations may be used to allow exposed |
| 4828 | storage to be returned safely by restricting how the caller may use |
| 4829 | the returned storage.</p> |
| 4830 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 4831 | "_Toc534974974"></a><a name="_Ref347469553">6.2.1<span style= |
| 4832 | 'font:7.0pt "Times New Roman"'> </span> |
| 4833 | Read-Only Storage</a></h3> |
| 4834 | <p class="beforelist">It is often useful for a function to return a |
| 4835 | pointer to internal storage (or an instance of a mutable abstract |
| 4836 | type) that is intended only as an <i>observer</i>. The caller |
| 4837 | may use the result, but should not modify the storage it points |
| 4838 | to. For example, consider a naïve implementation of the |
| 4839 | <span class="CodeText"><span style= |
| 4840 | 'font-size:10.0pt'>employee_getName</span></span> operation for the |
| 4841 | abstract <span class="CodeText"><span style= |
| 4842 | 'font-size:10.0pt'>employee</span></span> type:</p> |
| 4843 | <p class="Verbatim"> typedef /*@abstract@*/ struct |
| 4844 | {</p> |
| 4845 | <p class="Verbatim"> char *name;</p> |
| 4846 | <p class="Verbatim"> int id;</p> |
| 4847 | <p class="Verbatim"> } *employee;</p> |
| 4848 | <p class="Verbatim"> …</p> |
| 4849 | <p class="Verbatim"> char *employee_getName (employee |
| 4850 | e) { return e->name; }</p> |
| 4851 | <p class="afterlist">Splint produces a message to indicate that the |
| 4852 | return value exposes the representation. One solution would |
| 4853 | be to return a fresh copy of <span class= |
| 4854 | "CodeText"><span style='font-size:10.0pt'>e->name</span></span>. |
| 4855 | This is expensive, though, especially if we expect |
| 4856 | <span class="CodeText"><span style= |
| 4857 | 'font-size:10.0pt'>employee_getName</span></span> is used |
| 4858 | mainly just to get a string for searching or printing. |
| 4859 | Instead, we could change the declaration of <span class= |
| 4860 | "CodeText"><span style= |
| 4861 | 'font-size:10.0pt'>employee_getName</span></span> to:</p> |
| 4862 | <p class="example">extern /*@observer@*/ char *employee_getName |
| 4863 | (employee e);</p> |
| 4864 | <p class="TextFontCX">Now, the original implementation is |
| 4865 | correct. The declaration indicates that the caller may not |
| 4866 | modify the result, so it is acceptable to return shared |
| 4867 | storage. (The program must also not use the returned observer |
| 4868 | storage after any other calls to the abstract type module using the |
| 4869 | same parameter. Splint does not attempt to check this, and in |
| 4870 | practice it is rarely a problem.) Splint checks that the |
| 4871 | caller does not modify the return value. An error is reported |
| 4872 | if observer storage is modified directly, passed as a function |
| 4873 | parameter that may be modified, assigned to a global variable or |
| 4874 | reference derivable from a global variable that is not declared |
| 4875 | with an <span class="Annot"><span style= |
| 4876 | 'font-size: 10.0pt'>observer</span></span> annotation , or returned |
| 4877 | as a function result or a reference derivable from the function |
| 4878 | result that is not annotation with an <span class= |
| 4879 | "Annot"><span style='font-size:10.0pt'>observer</span></span> |
| 4880 | annotation.</p> |
| 4881 | <h4 style='margin-left:0in;text-indent:0in'><a name= |
| 4882 | "_Ref347469563"></a><a name="_Ref348017065">String |
| 4883 | Literals</a></h4> |
| 4884 | <p class="TextFontCX">A program that attempts to modify a |
| 4885 | string literal has undefined behavior [ISO, 6.4.5]. This is |
| 4886 | not enforced by most C compilers, and can lead to particularly |
| 4887 | pernicious bugs that only appear when optimizations are turned on |
| 4888 | and the compiler attempts to minimize storage for string |
| 4889 | literals. Splint can be used to check that string literals |
| 4890 | are not modified, by treating them as -<span class= |
| 4891 | "Annot"><span style= |
| 4892 | 'font-size:10.0pt'>observer</span></span> storage. If |
| 4893 | <span class="Flag"><span style= |
| 4894 | 'font-size:10.0pt'>+read-only-strings</span></span> is set (default |
| 4895 | in standard mode), Splint will report an error if a string literal |
| 4896 | is modified.</p> |
| 4897 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 4898 | "_Toc534974975">6.2.2<span style= |
| 4899 | 'font:7.0pt "Times New Roman"'> </span> |
| 4900 | Exposed Storage</a></h3> |
| 4901 | <p class="TextFontCX">Sometimes it is necessary to expose the |
| 4902 | representation of an abstract type. This may be evidence of a |
| 4903 | design flaw, but in some cases is justified for efficiency |
| 4904 | reasons. The <span class="Annot"><span style= |
| 4905 | 'font-size:10.0pt'>exposed</span></span> annotation denotes |
| 4906 | storage that is exposed. It may be used on a return value for |
| 4907 | results that reference storage internal to an abstract |
| 4908 | representation, on a parameter value to indicate a parameter that |
| 4909 | may be assigned directly to part of an abstract representation |
| 4910 | (note that if the parameter is annotated with <span class= |
| 4911 | "Annot"><span style='font-size:10.0pt'>only</span></span>, it is |
| 4912 | not an error to assign it to part of an abstract representation, |
| 4913 | since the caller may not use the storage after the call returns), |
| 4914 | or on a field of an abstract representation to indicate that |
| 4915 | external references to the storage may exist. <a name= |
| 4916 | "_Toc344355415"></a><a name="_Ref343064165"></a><a name= |
| 4917 | "_Ref347254440"></a><a name="_Ref347169365">An error is reported |
| 4918 | if</a> <span class="Annot"><span style= |
| 4919 | 'font-size:10.0pt'>exposed</span></span> storage is released, but |
| 4920 | unlike an <span class="Annot"><span style= |
| 4921 | 'font-size:10.0pt'>observer</span></span>, no error is reported if |
| 4922 | it is modified. Figure 11 shows examples of exposure problems |
| 4923 | detected by Splint.</p> |
| 4924 | <p class="TextFontCX"> </p> |
| 4925 | <center> |
| 4926 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 4927 | cellpadding="0" style= |
| 4928 | 'margin-left:6.75pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'> |
| 4929 | <tr> |
| 4930 | <td width="45%" valign="top" style= |
| 4931 | 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 4932 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 4933 | <span class="Keyword"><b><span style= |
| 4934 | 'font-size:10.0pt; color:white'>exposure.c</span></b></span></p></td> |
| 4935 | <td valign="top" style= |
| 4936 | 'border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 4937 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 4938 | <b><span style='color:white'>Running |
| 4939 | Splint</span></b></p></td></tr> |
| 4940 | <tr> |
| 4941 | <td valign="top" style= |
| 4942 | 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'> |
| 4943 | <p class="Verbatim"># include "employee.h"</p> |
| 4944 | <p class="Verbatim"> </p> |
| 4945 | <p class="Verbatim">char *</p> |
| 4946 | <p class="Verbatim">employee_getName (employee e)</p> |
| 4947 | <p class="Verbatim">{</p> |
| 4948 | <p class="Verbatim"><span class="Line"><span style= |
| 4949 | 'font-size:8.0pt'>6</span></span> return e->name;</p> |
| 4950 | <p class="Verbatim">}</p> |
| 4951 | <p class="Verbatim"> </p> |
| 4952 | <p class="Verbatim">/*@observer@*/ char *</p> |
| 4953 | <p class="Verbatim">employee_obsName (employee e)</p> |
| 4954 | <p class="Verbatim">{ return e->name; }</p> |
| 4955 | <p class="Verbatim"> </p> |
| 4956 | <p class="Verbatim">/*@exposed@*/ char *</p> |
| 4957 | <p class="Verbatim">employee_exposeName (employee e)</p> |
| 4958 | <p class="Verbatim">{ return e->name; }</p> |
| 4959 | <p class="Verbatim"> </p> |
| 4960 | <p class="Verbatim">void</p> |
| 4961 | <p class="Verbatim">employee_capName (employee e)</p> |
| 4962 | <p class="Verbatim">{</p> |
| 4963 | <p class="Verbatim"> char *name;</p> |
| 4964 | <p class="Verbatim"> </p> |
| 4965 | <p class="Verbatim"> name = employee_obsName (e);</p> |
| 4966 | <p class="Verbatim"><span class="Line"><span style= |
| 4967 | 'font-size:8.0pt'>23</span></span> *name = toupper (*name);</p> |
| 4968 | <p class="Verbatim">}</p></td> |
| 4969 | <td valign="top" style= |
| 4970 | 'border-top:none;border-left:none; border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 4971 | <p class="lclintrun">> splint exposure.c +checks</p> |
| 4972 | <p class="lclintrun"> </p> |
| 4973 | <p class="lclintrun">exposure.c:6: Function returns reference |
| 4974 | to</p> |
| 4975 | <p class="lclintrun"> |
| 4976 | |
| 4977 | parameter e: e->name</p> |
| 4978 | <p class="lclintrun">exposure.c:6: Return value exposes rep of</p> |
| 4979 | <p class="lclintrun"> |
| 4980 | |
| 4981 | employee: e->name</p> |
| 4982 | <p class="lclintrun">exposure.c:6: Released storage e->name |
| 4983 | reachable</p> |
| 4984 | <p class="lclintrun"> |
| 4985 | |
| 4986 | from parameter at return point</p> |
| 4987 | <p class="lclintrun"> exposure.c:6: Storage e->name |
| 4988 | is released</p> |
| 4989 | <p class="lclintrun">exposure.c:23: Suspect modification of |
| 4990 | observer</p> |
| 4991 | <p class="lclintrun"> |
| 4992 | |
| 4993 | name: *name = toupper(*name)</p> |
| 4994 | <p class="TextFontCX" style='page-break-after: avoid'> </p> |
| 4995 | <p class="TextFontCX" align="left" style= |
| 4996 | 'text-align:left;page-break-after:avoid'><i><span style= |
| 4997 | 'font-size: 10.0pt'>Three messages are reported for line 6 where a |
| 4998 | mutable field of an abstract type is returned with no sharing |
| 4999 | qualifier (without</span></i> <span class="Flag"><span style= |
| 5000 | 'font-size:10.0pt'>+checks</span></span><i><span style= |
| 5001 | 'font-size:10.0pt'>only the third one would be reported.) The |
| 5002 | error for line 23 reports a modification of an observer. If |
| 5003 | the call in line 22 were changed to call</span></i> |
| 5004 | <span class="CodeText"><span style= |
| 5005 | 'font-size: 10.0pt'>employee_exposeName</span></span><i><span style='font-size:10.0pt'> |
| 5006 | , no error would be reported.</span></i></p></td></tr></table> |
| 5007 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 5008 | <tr> |
| 5009 | <td valign="top" style= |
| 5010 | 'padding-top:.1in;padding-right: 9.35pt;padding-bottom:.1in;padding-left:9.35pt'> |
| 5011 | <p class="MsoCaption"><a name="_Toc534824615">Figure 11. |
| 5012 | Exposure</a></p></td></tr></table></center> |
| 5013 | <p class="TextFontCX"> </p> |
| 5014 | <h1 style='margin-left:0in;text-indent:0in'><a name= |
| 5015 | "_Ref361649198"></a><a name="_Ref361649165"></a><a name= |
| 5016 | "_Ref354415790"></a><a name="_Ref350062908"></a><a name= |
| 5017 | "_Ref348845273"></a><a name="_Ref345591297"></a><a name= |
| 5018 | "_Ref344916609"></a><a name="_Ref344894369"></a><a name= |
| 5019 | "_Ref344891459"></a><a name="_Ref344798185"></a><a name= |
| 5020 | "_Toc344355418"></a><a name="_Toc534974976"></a><a name= |
| 5021 | "_Ref534014913"></a><a name="_Ref534014715"></a><a name= |
| 5022 | "_Ref348871484">7<span style= |
| 5023 | 'font:7.0pt "Times New Roman"'> </span> |
| 5024 | <a id="function" name="function"> |
| 5025 | Function Interfaces</a></a></h1> |
| 5026 | <p class="TextFontCX">Functions communicate with their calling |
| 5027 | environment through an interface. The caller communicates the |
| 5028 | values of actual parameters and global variables to the function, |
| 5029 | and the function communicates to the caller through the return |
| 5030 | value, global variables and storage reachable from the actual |
| 5031 | parameters. By keeping interfaces narrow (restricting the |
| 5032 | amount of information visible across a function interface), we can |
| 5033 | understand and implement functions independently. </p> |
| 5034 | <p class="TextFontCX"> </p> |
| 5035 | <p class="TextFontCX">A function prototype documents the interface |
| 5036 | to a function. It serves as a contract between the function |
| 5037 | and its caller. In early versions of C, the function |
| 5038 | “prototype” was very limited. It described the |
| 5039 | type returned by the function but nothing about its |
| 5040 | parameters. ANSI C (1989) provided function prototypes with |
| 5041 | the ability to add information on the number and types of parameter |
| 5042 | to a function. Splint provides the means to express much more |
| 5043 | about a function interface such as what global variable the |
| 5044 | function may use and what values visible to the caller it may |
| 5045 | modify.</p> |
| 5046 | <p class="TextFontCX"> </p> |
| 5047 | <p class="TextFontCX">The extra interface information places |
| 5048 | constraints on both how the function may be called and how it may |
| 5049 | be implemented. Splint reports places where these constraints |
| 5050 | are not satisfied. Typically, these indicate bugs in the code |
| 5051 | or errors in the interface documentation.</p> |
| 5052 | <p class="TextFontCX"> </p> |
| 5053 | <p class="TextFontCX">This section describes annotations that may |
| 5054 | be added to a function declaration to document what global |
| 5055 | variables the function implementation may use and what values |
| 5056 | visible to its caller it may modify.</p> |
| 5057 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 5058 | "_Toc534974977"></a><a name="_Ref348845225"></a><a name= |
| 5059 | "_Ref344908335"></a><a name="_Ref344892358"></a><a name= |
| 5060 | "_Toc344355403">7.1<span style= |
| 5061 | 'font:7.0pt "Times New Roman"'> </span> |
| 5062 | Modifications</a></h2> |
| 5063 | <p class="TextFontCX">The modifies clause lists what values visible |
| 5064 | to the caller may be modified by a function. Modifies clauses |
| 5065 | limit what values a function may modify, but they do not require |
| 5066 | that listed values are always modified. The declaration,</p> |
| 5067 | <p class="example">int f (int *p, int *q) /*@modifies *p@*/;</p> |
| 5068 | <p class="TextFontCX">declares a function <span class= |
| 5069 | "CodeText"><span style='font-size:10.0pt'>f</span></span> that may |
| 5070 | modify the value pointed to by its first argument but may not |
| 5071 | modify the value of its second argument or any global state.</p> |
| 5072 | <p class="TextFontCX"> </p> |
| 5073 | <p class="TextFontCX">Splint checks that a function does not modify |
| 5074 | any caller-visible value not encompassed by its modifies clause and |
| 5075 | does modify all values listed in its modifies clause on some |
| 5076 | possible execution of the function. Figure 12 shows an |
| 5077 | example of modifies checking done by Splint.</p> |
| 5078 | <p class="TextFontCX"> </p> |
| 5079 | <center> |
| 5080 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 5081 | cellpadding="0" style='margin-left:5.4pt;border-collapse:collapse' |
| 5082 | width="80%"> |
| 5083 | <tr> |
| 5084 | <td width="40%" valign="top" style= |
| 5085 | 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt;height:13.5pt'> |
| 5086 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 5087 | <a name="_Ref344908343"><span class="Keyword"><b><span style= |
| 5088 | 'font-size:10.0pt;color:white'>modify.c</span></b></span></a></p></td> |
| 5089 | <td width="60%" valign="top" style= |
| 5090 | 'border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt;height:13.5pt'> |
| 5091 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 5092 | <b><span style='color:white'>Running |
| 5093 | Splint</span></b></p></td></tr> |
| 5094 | <tr style='height:120.9pt'> |
| 5095 | <td valign="top" style= |
| 5096 | 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt;height:120.9pt'> |
| 5097 | <p class="Verbatim">void setx (int *x, int *y)</p> |
| 5098 | <p class="Verbatim"> /*@modifies *x@*/</p> |
| 5099 | <p class="Verbatim">{</p> |
| 5100 | <p class="Verbatim"><span class="Line"><span style= |
| 5101 | 'font-size:8.0pt'>4</span></span> *y = *x;</p> |
| 5102 | <p class="Verbatim">}</p> |
| 5103 | <p class="Verbatim"> </p> |
| 5104 | <p class="Verbatim">void sety (int *x, int *y)</p> |
| 5105 | <p class="Verbatim"> /*@modifies *y@*/</p> |
| 5106 | <p class="Verbatim">{</p> |
| 5107 | <p class="Verbatim"> setx (y, x);</p> |
| 5108 | <p class="Verbatim">}</p></td> |
| 5109 | <td width="60%" valign="top" style= |
| 5110 | 'border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt;height:120.9pt'> |
| 5111 | <p class="lclintrun">> splint modify.c +checks</p> |
| 5112 | <p class="lclintrun">modify.c:4: Undocumented modification of *y: |
| 5113 | *y = *x</p> |
| 5114 | <p class="lclintrun">modify.c:5: Suspect object listed in modifies |
| 5115 | of setx</p> |
| 5116 | <p class="lclintrun"> |
| 5117 | |
| 5118 | not modified: *x</p> |
| 5119 | <p class="lclintrun"> modify.c:1: Declaration of |
| 5120 | setx</p> |
| 5121 | <p class="TextFontCX"><i><span style= |
| 5122 | 'font-size: 10.0pt'> </span></i></p> |
| 5123 | <p class="TextFontCX" style='page-break-after: avoid'> |
| 5124 | <i><span style='font-size:10.0pt'>There are |
| 5125 | n</span></i><i><span style='font-size:10.0pt'>o errors |
| 5126 | for</span></i> <span class="CodeText"><span style= |
| 5127 | 'font-size:10.0pt'>sety</span></span><i><span style= |
| 5128 | 'font-size:10.0pt'>– the call to</span></i> |
| 5129 | <span class="CodeText"><span style= |
| 5130 | 'font-size:10.0pt'>setx</span></span><i><span style= |
| 5131 | 'font-size:10.0pt'>modifies the value<br> |
| 5132 | pointed to by its first parameter (</span></i><span class= |
| 5133 | "CodeText"><span style= |
| 5134 | 'font-size:10.0pt'>y</span></span><i><span style= |
| 5135 | 'font-size:10.0pt'>) as documented by the<br> |
| 5136 | modifies clause. The</span></i> <span class= |
| 5137 | "Flag"><span style= |
| 5138 | 'font-size:10.0pt'>checks</span></span><i><span style= |
| 5139 | 'font-size:10.0pt'>mode turns on</span></i> <span class= |
| 5140 | "Flag"><span style= |
| 5141 | 'font-size:10.0pt'>mustmod</span></span><i><span style= |
| 5142 | 'font-size:10.0pt'>checking,<br> |
| 5143 | so the second error concerning missing documented<br> |
| 5144 | modifications is reported.</span></i></p></td></tr> |
| 5145 | <tr height="0"> |
| 5146 | <td style='border:none'></td> |
| 5147 | <td style='border:none'></td></tr></table> |
| 5148 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 5149 | <tr> |
| 5150 | <td valign="top" style= |
| 5151 | 'padding-top:4.3pt;padding-right: .3in;padding-bottom:4.3pt;padding-left:.3in'> |
| 5152 | <p class="MsoCaption"><a name="_Toc534824616"></a><a name= |
| 5153 | "_Ref534822865">Figure 12</a>. |
| 5154 | Modification</p></td></tr></table></center> |
| 5155 | <br clear="all"> |
| 5156 | |
| 5157 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 5158 | "_Toc534974978">7.1.1<span style= |
| 5159 | 'font:7.0pt "Times New Roman"'> </span> |
| 5160 | State Modifications</a></h3> |
| 5161 | <p class="beforelist">A few special names are provided for |
| 5162 | describing function modifications that effect state not |
| 5163 | identifiable through parameters or global variables:</p> |
| 5164 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5165 | 'font-size:10.0pt'>internalState</span></span></p> |
| 5166 | <p class="IndentText">The function modifies some internal state |
| 5167 | (that is, the value of a <span class="CodeText"><span style= |
| 5168 | 'font-size:10.0pt'>static</span></span> variable). Even |
| 5169 | though a client cannot access the internal state directly, it is |
| 5170 | important to know that something may be modified by the function |
| 5171 | call both for clear documentation and for checking undefined order |
| 5172 | of evaluation (Section 8.2) and side effect free parameters |
| 5173 | (Section 11.2.1).</p> |
| 5174 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5175 | 'font-size:10.0pt'>fileSystem</span></span></p> |
| 5176 | <p class="IndentText">The function modifies the file system. |
| 5177 | Any modification that may change the system state is considered a |
| 5178 | file system modification. All functions that modify an object |
| 5179 | of type pointer to <span class="CodeText"><span style= |
| 5180 | 'font-size:10.0pt'>FILE</span></span> also modify the file |
| 5181 | system. In addition, functions that do not modify a |
| 5182 | <span class="CodeText"><span style= |
| 5183 | 'font-size:10.0pt'>FILE</span></span> pointer but modify some state |
| 5184 | that is visible outside this process also modify the file system |
| 5185 | (e.g., <span class="CodeText"><span style= |
| 5186 | 'font-size:10.0pt'>rename</span></span>). The flag |
| 5187 | <span class="Flag"><span style= |
| 5188 | 'font-size:10.0pt'>mod-file-system</span></span> controls reporting |
| 5189 | of undocumented file system modifications.</p> |
| 5190 | <p class="MsoListBullet"><span class="Annot"><span style= |
| 5191 | 'font-size:10.0pt'>nothing</span></span></p> |
| 5192 | <p class="IndentText">The function modifies nothing (i.e., it is |
| 5193 | side effect free).</p> |
| 5194 | <p class="TextFontCX" style='margin-left:.5in'> </p> |
| 5195 | <p class="TextFontCX">The annotation, <span class= |
| 5196 | "Annot"><span style='font-size:10.0pt'>/*@*/</span></span> in a |
| 5197 | function declaration or definition (after the parameter list, |
| 5198 | before the semi-colon or function body) denotes a function that |
| 5199 | modifies nothing and does not use any global variables (see Section |
| 5200 | 7.2).</p> |
| 5201 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 5202 | "_Toc534974979"></a><a name="_Ref345591515">7.1.2<span style= |
| 5203 | 'font:7.0pt "Times New Roman"'> </span> |
| 5204 | Missing Modifies Clauses</a></h3> |
| 5205 | <p class="TextFontCX">Splint is designed so programs with many |
| 5206 | functions that are declared without modifies clauses can be checked |
| 5207 | effectively. Unless <span class="Flag"><span style= |
| 5208 | 'font-size:10.0pt'>modnomods</span></span> is in on, no |
| 5209 | modification errors are reported checking a function declared with |
| 5210 | no modifies clause. </p> |
| 5211 | <p class="TextFontCX"> </p> |
| 5212 | <p class="TextFontCX">A function with no modifies clause is an |
| 5213 | <i>unconstrained</i> function since there are no documented |
| 5214 | constraints on what it may modify. When an unconstrained |
| 5215 | function is called, it is checked differently from a function |
| 5216 | declared with a modifies clause. To prevent spurious errors, |
| 5217 | no modification error is reported at the call site unless the |
| 5218 | <span class="Flag"><span style= |
| 5219 | 'font-size:10.0pt'>mod-uncon</span></span> flag is on. |
| 5220 | Flags control whether errors involving unconstrained functions are |
| 5221 | reported for other checks that depend on modifications (side effect |
| 5222 | free macro parameters (Section 11.2.1), undefined evaluation |
| 5223 | order (Section 8.2), and likely infinite loops (Section |
| 5224 | 8.3.1).)</p> |
| 5225 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 5226 | "_Ref534980042"></a><a name="_Toc534974980"></a><a name= |
| 5227 | "_Ref534972121"></a><a name="_Ref348845219"></a><a name= |
| 5228 | "_Ref347475720"></a><a name="_Ref347171487"></a><a name= |
| 5229 | "_Ref344908307"></a><a name="_Ref344893725"></a><a name= |
| 5230 | "_Toc344355404">7.2<span style= |
| 5231 | 'font:7.0pt "Times New Roman"'> </span> |
| 5232 | Global Variables</a></h2> |
| 5233 | <p class="TextFontCX">Another aspect of a function’s |
| 5234 | interface, is the global variables it uses. A globals list in |
| 5235 | a function declaration lists external variables that may be used in |
| 5236 | the function body. Splint checks that global variables used |
| 5237 | in a procedure match those listed in its globals list. A global is |
| 5238 | used in a function if it appears in the body directly, or it is in |
| 5239 | the globals list of a function called in the body. Splint reports |
| 5240 | if a global that is used in a procedure is not listed in its |
| 5241 | globals list, and if a listed global is not used in the function |
| 5242 | implementation. Figure 13 shows an example function |
| 5243 | definition with a globals list and associated checking done by |
| 5244 | Splint.</p> |
| 5245 | <center> |
| 5246 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 5247 | cellpadding="0" style= |
| 5248 | 'margin-left:9.9pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'> |
| 5249 | <tr style='height:13.25pt'> |
| 5250 | <td valign="top" style= |
| 5251 | 'width:202.5pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt;height:13.25pt'> |
| 5252 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 5253 | <span class="Keyword"><b><span style= |
| 5254 | 'font-size:10.0pt; color:white'>globals.c</span></b></span></p></td> |
| 5255 | <td valign="top" style= |
| 5256 | 'width:220.5pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt;height:13.25pt'> |
| 5257 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 5258 | <b><span style='color:white'>Running |
| 5259 | Splint</span></b></p></td></tr> |
| 5260 | <tr style='height:70.65pt'> |
| 5261 | <td valign="top" style= |
| 5262 | 'width:202.5pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt;height:70.65pt'> |
| 5263 | <p class="Verbatim"><span style='font-size:9.5pt'>int glob1, |
| 5264 | glob2;</span></p> |
| 5265 | <p class="Verbatim"><span style='font-size:9.5pt'> </span></p> |
| 5266 | <p class="Verbatim"><span class="Line"><span style= |
| 5267 | 'font-size:8.0pt'>3</span></span> <span style='font-size:9.5pt'>int |
| 5268 | f (void) /*@globals glob1;@*/</span></p> |
| 5269 | <p class="Verbatim"><span style='font-size:9.5pt'>{</span></p> |
| 5270 | <p class="Verbatim"><span class="Line"><span style= |
| 5271 | 'font-size:8.0pt'>5 </span></span> <span style= |
| 5272 | 'font-size:9.5pt'>return glob2;</span></p> |
| 5273 | <p class="Verbatim"><span style='font-size:9.5pt'>}</span></p></td> |
| 5274 | <td valign="top" style= |
| 5275 | 'width:220.5pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt;height:70.65pt'> |
| 5276 | <p class="lclintrun">> splint globals.c +checks</p> |
| 5277 | <p class="lclintrun"> </p> |
| 5278 | <p class="lclintrun">globals.c:5: Undocumented use of global |
| 5279 | glob2</p> |
| 5280 | <p class="lclintrun">globals.c:3: Global glob1 listed but not |
| 5281 | used</p> |
| 5282 | <p class="lclintrun"> </p> |
| 5283 | <p class="lclintrun" style='page-break-after:avoid'> |
| 5284 | </p></td></tr></table> |
| 5285 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 5286 | <tr> |
| 5287 | <td valign="top" align="left" style= |
| 5288 | 'padding-top:8.65pt;padding-right: 9.35pt;padding-bottom:8.65pt;padding-left:9.35pt'> |
| 5289 | <p class="MsoCaption"><a name="_Ref349498221"></a><a name= |
| 5290 | "_Ref349498215"></a><a name="_Ref347468808"></a><a name= |
| 5291 | "_Ref347468791"></a><a name="_Ref344908072"></a><a name= |
| 5292 | "_Ref344908069"></a><a name="_Ref344893745"></a><a name= |
| 5293 | "_Toc344355405"></a><a name="_Toc534824617"></a><a name= |
| 5294 | "_Ref534822988">Figure 13</a>. Global |
| 5295 | Variables</p></td></tr></table></center> |
| 5296 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 5297 | "_Toc534974981">7.2.1<span style= |
| 5298 | 'font:7.0pt "Times New Roman"'> </span> |
| 5299 | Controlling Globals Checking</a></h3> |
| 5300 | <p class="TextFontCX">Whether on not an error is reported for a use |
| 5301 | of a global variable in a given function depends on the scope of |
| 5302 | the variable (file <span class="CodeText"><span style= |
| 5303 | 'font-size:10.0pt'>static</span></span> or external), the checking |
| 5304 | annotation used in the variable declaration or the implicit |
| 5305 | annotation if no checking annotation is used, whether or not the |
| 5306 | function is declared with a globals list, and flag settings.</p> |
| 5307 | <p class="TextFontCX"> </p> |
| 5308 | <p class="beforelist">A global or file static variable declaration |
| 5309 | may be preceded by an annotation to indicate how the variable |
| 5310 | should be checked. In order of decreasing checks, the |
| 5311 | annotations are:</p> |
| 5312 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5313 | 'font-size:10.0pt'>/*@checkedstrict@*/</span></span></p> |
| 5314 | <p class="IndentText">Strictest checking. Undocumented uses |
| 5315 | and modifications of the variable are reported in all functions |
| 5316 | whether or not they have a globals list (unless <span class= |
| 5317 | "Flag"><span style= |
| 5318 | 'font-size:10.0pt'>check-strict-globs</span></span> is off).</p> |
| 5319 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5320 | 'font-size:10.0pt'>/*@checked@*/</span></span></p> |
| 5321 | <p class="IndentText">Undocumented use of the variable is reported |
| 5322 | in a function with a globals list, but not in a function declared |
| 5323 | with no globals (unless <span class="Flag"><span style= |
| 5324 | 'font-size:10.0pt'>glob-noglobs</span></span> is on).<a name= |
| 5325 | "here"></a></p> |
| 5326 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5327 | 'font-size:10.0pt'>/*@checkmod@*/</span></span></p> |
| 5328 | <p class="IndentText">Undocumented uses of the variable are not |
| 5329 | reported, but undocumented modifications are reported. |
| 5330 | (If <span class="Flag"><span style= |
| 5331 | 'font-size:10.0pt'>mod-globs-nomods</span></span> is on, errors are |
| 5332 | reported even in functions declared with no modifies clause or |
| 5333 | globals list.)</p> |
| 5334 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5335 | 'font-size:10.0pt'>/*@unchecked@*/</span></span></p> |
| 5336 | <p class="IndentText">No messages are reported for undocumented use |
| 5337 | or modification of this global variable.</p> |
| 5338 | <p class="afterlist">If a variable has none of these annotations, |
| 5339 | an implicit annotation is determined by the flag |
| 5340 | settings. </p> |
| 5341 | <p class="TextFontCX"> </p> |
| 5342 | <p class="TextFontCX">Different flags control the implicit |
| 5343 | annotation for variables declared with global scope and variables |
| 5344 | declared with file scope (i.e., using the <span class= |
| 5345 | "CodeText"><span style='font-size:10.0pt'>static</span></span> |
| 5346 | storage qualifier). To set the implicit annotation for global |
| 5347 | variables declared in <span class="Flag"><i><span style= |
| 5348 | 'font-size:10.0pt'>context</span></i></span> (<span class= |
| 5349 | "Flag"><span style='font-size:10.0pt'>globs</span></span> for |
| 5350 | external variables or <span class="Flag"><span style= |
| 5351 | 'font-size:10.0pt'>statics</span></span> for file static variable) |
| 5352 | to be <span class="Flag"><i><span style= |
| 5353 | 'font-size:10.0pt'>annotation</span></i></span> (<span class= |
| 5354 | "Flag"><span style='font-size:10.0pt'>checked</span></span>, |
| 5355 | <span class="Flag"><span style= |
| 5356 | 'font-size:10.0pt'>checkmod</span></span>, <span class= |
| 5357 | "Flag"><span style='font-size:10.0pt'>checkedstrict</span></span>) |
| 5358 | use <span class="Flag"><span style= |
| 5359 | 'font-size:10.0pt'>imp<i><annotation> |
| 5360 | <context></i></span></span>. For example, |
| 5361 | <span class="Flag"><span style= |
| 5362 | 'font-size:10.0pt'>+imp-checked-strict-statics</span></span> |
| 5363 | makes the implicit checking on unqualified file static |
| 5364 | variables <span class="Flag"><span style= |
| 5365 | 'font-size:10.0pt'>checkedstrict</span></span>. See |
| 5366 | Appendix B for a complete list of globals checking flags.</p> |
| 5367 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 5368 | "_Toc534974982"></a><a name="_Ref534971010">7.2.2<span style= |
| 5369 | 'font:7.0pt "Times New Roman"'> </span></a> |
| 5370 | Definition State</h3> |
| 5371 | <p class="TextFontCX">Annotations can be used in the globals list |
| 5372 | of a function declaration to describe the states of global |
| 5373 | variables before and after the call. If a global is preceded |
| 5374 | by <span class="Annot"><span style= |
| 5375 | 'font-size:10.0pt'>undef</span></span>, it is assumed to be |
| 5376 | undefined before the call. Thus, no error is reported if the global |
| 5377 | is not defined when the function is called, but an error is |
| 5378 | reported if the global is used in the function body before it is |
| 5379 | defined. The <span class="Annot"><span style= |
| 5380 | 'font-size:10.0pt'>killed</span></span> annotation denotes a |
| 5381 | global variable that may be undefined when the call |
| 5382 | returns. For globals that contain dynamically allocated |
| 5383 | storage, a <span class="Annot"><span style= |
| 5384 | 'font-size:10.0pt'>killed</span></span> global variable is similar |
| 5385 | to an <span class="Annot"><span style= |
| 5386 | 'font-size:10.0pt'>only</span></span> parameter (Section |
| 5387 | 5.2). An error is reported if it contains the only reference |
| 5388 | to storage that is not released before the call returns. |
| 5389 | Figure 14 illustrated <span class="Annot"><span style= |
| 5390 | 'font-size:10.0pt'>killed</span></span> and <span class= |
| 5391 | "Annot"><span style='font-size:10.0pt'>undef</span></span> |
| 5392 | globals.</p> |
| 5393 | <center> |
| 5394 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 5395 | cellpadding="0" style= |
| 5396 | 'margin-left:.9pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'> |
| 5397 | <tr> |
| 5398 | <td valign="top" style= |
| 5399 | 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt;height:13.45pt'> |
| 5400 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 5401 | |
| 5402 | <span class="Keyword"><b><span style= |
| 5403 | 'font-size:10.0pt;color:white'>annotglobs.c</span></b></span></p></td> |
| 5404 | <td valign="top" style= |
| 5405 | 'width:198.8pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt;height:13.45pt'> |
| 5406 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 5407 | <b><span style='color:white'>Running |
| 5408 | Splint</span></b></p></td></tr> |
| 5409 | <tr> |
| 5410 | <td valign="top" style= |
| 5411 | 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt;height:236.7pt'> |
| 5412 | <p class="Verbatim">int globnum;</p> |
| 5413 | <p class="Verbatim"> </p> |
| 5414 | <p class="Verbatim">struct {</p> |
| 5415 | <p class="Verbatim"> char *firstname, *lastname;</p> |
| 5416 | <p class="Verbatim"> int id;</p> |
| 5417 | <p class="Verbatim">} globname;</p> |
| 5418 | <p class="Verbatim"> </p> |
| 5419 | <p class="Verbatim">void</p> |
| 5420 | <p class="Verbatim">initialize (/*@only@*/ char *name)</p> |
| 5421 | <p class="Verbatim"> /*@globals undef globnum,</p> |
| 5422 | <p class="Verbatim"> |
| 5423 | |
| 5424 | undef globname @*/</p> |
| 5425 | <p class="Verbatim">{</p> |
| 5426 | <p class="Verbatim"><span class="Line"><span style= |
| 5427 | 'font-size:8.0pt'>13</span></span> globname.id = globnum;</p> |
| 5428 | <p class="Verbatim"> globname.lastname = name;</p> |
| 5429 | <p class="Verbatim"><span class="Line"><span style= |
| 5430 | 'font-size:8.0pt'>15</span></span>}</p> |
| 5431 | <p class="Verbatim"> </p> |
| 5432 | <p class="Verbatim">void finalize (void)</p> |
| 5433 | <p class="Verbatim"> /*@globals killed globname@*/</p> |
| 5434 | <p class="Verbatim">{</p> |
| 5435 | <p class="Verbatim"> free (globname.lastname);</p> |
| 5436 | <p class="Verbatim"><span class="Line"><span style= |
| 5437 | 'font-size:8.0pt'>21</span></span> }</p></td> |
| 5438 | <td valign="top" style= |
| 5439 | 'width:198.8pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt;height:236.7pt'> |
| 5440 | <p class="lclintrun">> splint annotglobs.c</p> |
| 5441 | <p class="lclintrun"> </p> |
| 5442 | <p class="lclintrun">annotglobs.c:13: Undef global globnum used</p> |
| 5443 | <p class="lclintrun"> |
| 5444 | |
| 5445 | before definition</p> |
| 5446 | <p class="lclintrun">annotglobs.c:15: Global storage globname</p> |
| 5447 | <p class="lclintrun"> contains 1 undefined field |
| 5448 | when call</p> |
| 5449 | <p class="lclintrun"> returns: firstname</p> |
| 5450 | <p class="lclintrun">annotglobs.c:21: Only storage</p> |
| 5451 | <p class="lclintrun"> globname.firstname (type |
| 5452 | char *) derived</p> |
| 5453 | <p class="lclintrun"> from killed global is not |
| 5454 | released</p> |
| 5455 | <p class="lclintrun" style='page-break-after:avoid'> |
| 5456 | (memory leak)</p></td></tr></table> |
| 5457 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 5458 | <tr> |
| 5459 | <td valign="top" align="left" style= |
| 5460 | 'padding-top:10.1pt;padding-right: 9.35pt;padding-bottom:10.1pt;padding-left:9.35pt'> |
| 5461 | <p class="MsoCaption"><a name="_Toc534824618"></a><a name= |
| 5462 | "_Ref534823055">Figure 14</a>. Annotated Globals |
| 5463 | Lists</p></td></tr></table></center> |
| 5464 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 5465 | "_Toc534974983"></a><a name="_Ref344894947"></a><a name= |
| 5466 | "_Toc344355406">7.3<span style= |
| 5467 | 'font:7.0pt "Times New Roman"'> </span> |
| 5468 | Declaration Consistency</a></h2> |
| 5469 | <p class="TextFontCX">Splint checks that function declarations and |
| 5470 | definitions are consistent. The general rule is that the |
| 5471 | <i>first</i> declaration of a function implies all later |
| 5472 | declarations and definitions. If a function is declared in a |
| 5473 | header file, the first declaration processed is its first |
| 5474 | declaration (if it is declared in more than one header file an |
| 5475 | error is reported if <span class="Flag"><span style= |
| 5476 | 'font-size:10.0pt'>redecl</span></span> is set) |
| 5477 | <span style='display:none'>(if the same function is declared |
| 5478 | in more than one header file ???)</span>. Otherwise, |
| 5479 | the first declaration in the file defining the function is |
| 5480 | its first declaration.</p> |
| 5481 | <p class="TextFontCX"> </p> |
| 5482 | <p class="TextFontCX">Later declarations may not include variables |
| 5483 | in the globals list that were not included in the first |
| 5484 | declaration. The exception to this is when the first |
| 5485 | declaration is in a header file and the later declaration or |
| 5486 | definition includes file static variables. Since these are |
| 5487 | not visible in the header file, they can not be included in the |
| 5488 | header file declaration. Similarly, the modifies clause of a |
| 5489 | later declaration may not include objects that are not modifiable |
| 5490 | in the first declaration. The later declaration may be more |
| 5491 | specific. For example, if the header declaration is:</p> |
| 5492 | <p class="example" style='text-indent:.3in'>extern void setName |
| 5493 | (employee e, char *s) /*@modifies e@*/;</p> |
| 5494 | <p class="TextFontCX">the later declaration could be,</p> |
| 5495 | <p class="example"> void setName (employee e, char *) |
| 5496 | /*@modifies e->name@*/;</p> |
| 5497 | <p class="TextFontCX">If <span class="CodeText"><span style= |
| 5498 | 'font-size:10.0pt'>employee</span></span> is an abstract type, the |
| 5499 | declaration in the header should not refer to a particular |
| 5500 | implementation (i.e., it shouldn’t rely on there being a |
| 5501 | <span class="CodeText"><span style= |
| 5502 | 'font-size:10.0pt'>name</span></span> field), but the |
| 5503 | implementation declaration can be more specific. </p> |
| 5504 | <p class="TextFontCX"> </p> |
| 5505 | <p class="TextFontCX">This rule also applies to file static |
| 5506 | variables. The header declaration for a function that |
| 5507 | modifies a file static variable should use <span class= |
| 5508 | "Annot"><span style='font-size:10.0pt'>modifies |
| 5509 | internalState</span></span> since file static variables are not |
| 5510 | visible to clients. The implementation declaration should |
| 5511 | list the actual file static variables that may be modified.</p> |
| 5512 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 5513 | "_Toc534974984"></a><a name="_Ref354411787">7.4<span style= |
| 5514 | 'font:7.0pt "Times New Roman"'> </span> |
| 5515 | State Clauses</a></h2> |
| 5516 | <p class="TextFontCX">Sometimes it is necessary to specify function |
| 5517 | interfaces at a lower level than is possible with the standard |
| 5518 | annotations. For example, if a function defines some fields |
| 5519 | of a returned structure but does not define all the fields. |
| 5520 | The <span class="Annot"><span style= |
| 5521 | 'font-size:10.0pt'>/*@special@*/</span></span> annotation is used |
| 5522 | to mark a parameter, global variable, or return value that is |
| 5523 | described using state clauses. </p> |
| 5524 | <p class="TextFontCX"> </p> |
| 5525 | <p class="TextFontCX">State clauses may be used to constrain the |
| 5526 | state of a parameter or return value before or after a call. |
| 5527 | One or more state clauses may appear in a function declaration, |
| 5528 | before the modifies or globals clauses. State clauses may be |
| 5529 | listed in any order, but the same state clause should not be used |
| 5530 | more than once. In a state clause list, <span class= |
| 5531 | "CodeText"><span style='font-size:10.0pt'>result</span></span> is |
| 5532 | used to refer to the return value of the function. </p> |
| 5533 | <p class="TextFontCX"> </p> |
| 5534 | <p class="TextFontCX" style='margin-bottom:6.0pt'>The following |
| 5535 | state clauses are used to describe the definition state or |
| 5536 | parameters before and after the function is called and the return |
| 5537 | value after the function returns:</p> |
| 5538 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5539 | 'font-size:10.0pt'>/*@uses |
| 5540 | <i><references></i>@*/</span></span></p> |
| 5541 | <p class="indentbefore0">References in a <span class= |
| 5542 | "Annot"><span style='font-size:10.0pt'>uses</span></span> clause |
| 5543 | must be completely defined before the function is called. |
| 5544 | They are assumed to be defined at function entrance when the |
| 5545 | function is checked.</p> |
| 5546 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5547 | 'font-size:10.0pt'>/*@sets |
| 5548 | <i><references></i>@*/</span></span></p> |
| 5549 | <p class="indentbefore0">References in a <span class= |
| 5550 | "Annot"><span style='font-size:10.0pt'>sets</span></span> clause |
| 5551 | must be allocated before the function is called. They are |
| 5552 | completely defined after the function returns. They are assumed to |
| 5553 | be allocated but undefined storage at function entrance and an |
| 5554 | error is reported if there is a path on which they are not defined |
| 5555 | before the function returns.</p> |
| 5556 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5557 | 'font-size:10.0pt'>/*@defines |
| 5558 | <i><references></i>@*/</span></span></p> |
| 5559 | <p class="indentbefore0">References in a <span class= |
| 5560 | "Annot"><span style='font-size:10.0pt'>defines</span></span> clause |
| 5561 | must not refer to unshared, allocated storage before the function |
| 5562 | is called. They are completely defined after the function |
| 5563 | returns. When the function is checked, they are assumed to be |
| 5564 | undefined at function entrance and an error is reported if there is |
| 5565 | a path on which they are not defined before the function |
| 5566 | returns.</p> |
| 5567 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5568 | 'font-size:10.0pt'>/*@allocates |
| 5569 | <i><references></i>@*/</span></span></p> |
| 5570 | <p class="indentbefore0">References in an <span class= |
| 5571 | "Annot"><span style='font-size:10.0pt'>allocates</span></span> |
| 5572 | clause must be unallocated before the function is called. |
| 5573 | They are allocated but not necessarily defined after the function |
| 5574 | returns. An error is reported if there is a path through the |
| 5575 | function on which they are not allocated before the function |
| 5576 | returns.</p> |
| 5577 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5578 | 'font-size:10.0pt'>/*@releases |
| 5579 | <references>@*/</span></span></p> |
| 5580 | <p class="IndentText">References in the <span class= |
| 5581 | "Annot"><span style='font-size:10.0pt'>releases</span></span> |
| 5582 | clause are deallocated by the function. They must be storage |
| 5583 | that could be passed as an <span class="Annot"><span style= |
| 5584 | 'font-size:10.0pt'>only</span></span> parameter before the |
| 5585 | function is called, and are dead pointers after the function |
| 5586 | returns. They are assumed to be defined at function entrance |
| 5587 | and an error is reported if they refer to live, allocated storage |
| 5588 | at any return point.</p> |
| 5589 | <p class="TextFontCX"> </p> |
| 5590 | <p class="TextFontCX">Some examples of state clauses are shown in |
| 5591 | Figure 15. The <span class="Annot"><span style= |
| 5592 | 'font-size: 10.0pt'>defines</span></span> clause for |
| 5593 | <span class="CodeText"><span style= |
| 5594 | 'font-size:10.0pt'>record_new</span></span> indicates that |
| 5595 | the <span class="CodeText"><span style= |
| 5596 | 'font-size:10.0pt'>id</span></span> field of the structure |
| 5597 | pointed to by the result is defined, but the <span class= |
| 5598 | "CodeText"><span style='font-size:10.0pt'>name</span></span> |
| 5599 | field is not. So, <span class="CodeText"><span style= |
| 5600 | 'font-size:10.0pt'>record_create</span></span> needs to call |
| 5601 | <span class="CodeText"><span style= |
| 5602 | 'font-size:10.0pt'>record_setName</span></span> to define the |
| 5603 | name field. Similarly, the <span class= |
| 5604 | "Annot"><span style='font-size:10.0pt'>releases</span></span> |
| 5605 | clause for <span class="CodeText"><span style= |
| 5606 | 'font-size:10.0pt'>record_clearName</span></span> indicates |
| 5607 | that no storage is associated with the <span class= |
| 5608 | "CodeText"><span style='font-size:10.0pt'>name</span></span> |
| 5609 | field of its parameter after the return, so no failure to |
| 5610 | deallocate storage message is produced for the call to |
| 5611 | <span class="CodeText"><span style= |
| 5612 | 'font-size:10.0pt'>free</span></span> in <span class= |
| 5613 | "CodeText"><span style= |
| 5614 | 'font-size:10.0pt'>record_free</span></span>. The |
| 5615 | <span class="Annot"><span style='font-size:10.0pt'>ensures |
| 5616 | isnull</span></span> clause is described in the next |
| 5617 | section.</p> |
| 5618 | <center> |
| 5619 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 5620 | cellpadding="0" style= |
| 5621 | 'margin-left:9.9pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'> |
| 5622 | <tr> |
| 5623 | <td valign="top" style= |
| 5624 | 'width:423.0pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 5625 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 5626 | <span class="Keyword"><b><span style= |
| 5627 | 'font-size:10.0pt; color:white'>clauses.c</span></b></span></p></td></tr> |
| 5628 | <tr> |
| 5629 | <td valign="top" style= |
| 5630 | 'width:423.0pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'> |
| 5631 | <p class="Verbatim">typedef struct</p> |
| 5632 | <p class="Verbatim">{</p> |
| 5633 | <p class="Verbatim"> int id;</p> |
| 5634 | <p class="Verbatim"> /*@only@*/ char *name;</p> |
| 5635 | <p class="Verbatim">} *record;</p> |
| 5636 | <p class="Verbatim"> </p> |
| 5637 | <p class="Verbatim">static /*@special@*/ record record_new |
| 5638 | (void)</p> |
| 5639 | <p class="Verbatim"> /*@defines result->id@*/</p> |
| 5640 | <p class="Verbatim">{</p> |
| 5641 | <p class="Verbatim"> record r = (record) malloc (sizeof |
| 5642 | (*r));</p> |
| 5643 | <p class="Verbatim"> </p> |
| 5644 | <p class="Verbatim"> assert (r != NULL);</p> |
| 5645 | <p class="Verbatim"> r->id = 3;</p> |
| 5646 | <p class="Verbatim"> return r;</p> |
| 5647 | <p class="Verbatim">}</p> |
| 5648 | <p class="Verbatim"> </p> |
| 5649 | <p class="Verbatim">static void</p> |
| 5650 | <p class="Verbatim"> record_setName (/*@special@*/ |
| 5651 | record r, /*@only@*/ char *name)</p> |
| 5652 | <p class="Verbatim"> /*@defines r->name@*/</p> |
| 5653 | <p class="Verbatim">{</p> |
| 5654 | <p class="Verbatim"> r->name = name;</p> |
| 5655 | <p class="Verbatim">}</p> |
| 5656 | <p class="Verbatim"> </p> |
| 5657 | <p class="Verbatim">record record_create (/*@only@*/ char |
| 5658 | *name)</p> |
| 5659 | <p class="Verbatim">{</p> |
| 5660 | <p class="Verbatim"> record r = record_new ();</p> |
| 5661 | <p class="Verbatim"> record_setName (r, name);</p> |
| 5662 | <p class="Verbatim"> return r;</p> |
| 5663 | <p class="Verbatim">}</p> |
| 5664 | <p class="Verbatim"> </p> |
| 5665 | <p class="Verbatim">void record_clearName (/*@special@*/ record |
| 5666 | r)</p> |
| 5667 | <p class="Verbatim"> /*@releases r->name@*/</p> |
| 5668 | <p class="Verbatim"> /*@ensures isnull |
| 5669 | r->name@*/</p> |
| 5670 | <p class="Verbatim">{</p> |
| 5671 | <p class="Verbatim"> free (r->name);</p> |
| 5672 | <p class="Verbatim"> r->name = NULL;</p> |
| 5673 | <p class="Verbatim">}</p> |
| 5674 | <p class="Verbatim"> </p> |
| 5675 | <p class="Verbatim">void record_free (/*@only@*/ record r)</p> |
| 5676 | <p class="Verbatim">{</p> |
| 5677 | <p class="Verbatim"> record_clearName (r);</p> |
| 5678 | <p class="Verbatim"> free (r);</p> |
| 5679 | <p class="Verbatim">}</p> |
| 5680 | <p class="Verbatim" style='page-break-after:avoid'> |
| 5681 | </p></td></tr></table> |
| 5682 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 5683 | <tr> |
| 5684 | <td valign="top" style= |
| 5685 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 5686 | <p class="MsoCaption"><a name="_Toc534824619"></a><a name= |
| 5687 | "_Ref354412972">Figure 15</a>. State |
| 5688 | Clauses</p></td></tr></table></center> |
| 5689 | <p class="TextFontCX"><span class="Keyword"><span style= |
| 5690 | 'font-size:10.0pt'> </span></span></p> |
| 5691 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 5692 | "_Toc534974985"></a><a name="_Ref534888798">7.5<span style= |
| 5693 | 'font:7.0pt "Times New Roman"'> </span> |
| 5694 | Requires and Ensures Clauses</a></h2> |
| 5695 | <p class="TextFontCX">More general assumptions about state of |
| 5696 | parameters and globals before and after a function is called can be |
| 5697 | described using <span class="Annot"><i><span style= |
| 5698 | 'font-size:10.0pt'>requires</span></i></span> and |
| 5699 | <span class="Annot"><i><span style= |
| 5700 | 'font-size:10.0pt'>ensures</span></i></span> clauses. A |
| 5701 | <span class="Annot"><span style= |
| 5702 | 'font-size:10.0pt'>requires</span></span> clause specifies a |
| 5703 | predicate that must be true at a call site; when checking a |
| 5704 | function implementation Splint assumes the constraints given |
| 5705 | in its <span class="Annot"><span style= |
| 5706 | 'font-size:10.0pt'>requires</span></span> clauses are true at |
| 5707 | function entry. An <span class="Annot"><span style= |
| 5708 | 'font-size:10.0pt'>ensures</span></span> clause specifies a |
| 5709 | predicate that is true at a call site after the call returns; |
| 5710 | when checking a function implementation Splint warns if there |
| 5711 | is an execution path that does not return with a state that |
| 5712 | satifies the constraints given in its <span class= |
| 5713 | "Annot"><span style='font-size:10.0pt'>ensures</span></span> |
| 5714 | clauses. A function declaration can have many |
| 5715 | <span class="Annot"><span style= |
| 5716 | 'font-size:10.0pt'>requires</span></span> and <span class= |
| 5717 | "Annot"><span style='font-size:10.0pt'>ensures</span></span> |
| 5718 | clauses as long as their meanings are not contradictory.</p> |
| 5719 | <p class="TextFontCX"> </p> |
| 5720 | <p class="TextFontCX">The following constraints can be stated using |
| 5721 | <span class="Annot"><span style= |
| 5722 | 'font-size:10.0pt'>requires</span></span> and <span class= |
| 5723 | "Annot"><span style='font-size:10.0pt'>ensures</span></span> |
| 5724 | clauses:</p> |
| 5725 | <h6 style='margin-left:0in;text-indent:0in'><b>Aliasing |
| 5726 | Annotations</b></h6> |
| 5727 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5728 | 'font-size:10.0pt'>/*@requires |
| 5729 | only<i><references></i>@*/</span></span>; <span class= |
| 5730 | "Annot"><span style='font-size:10.0pt'>/*@ensures |
| 5731 | only<i><references></i>@*/</span></span></p> |
| 5732 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5733 | 'font-size:10.0pt'>/*@requires |
| 5734 | shared<i><references></i>@*/</span></span>; |
| 5735 | <span class="Annot"><span style='font-size:10.0pt'>/*@ensures |
| 5736 | shared<i><references></i>@*/</span></span></p> |
| 5737 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5738 | 'font-size:10.0pt'>/*@requires |
| 5739 | owned<i><references></i>@*/</span></span>; <span class= |
| 5740 | "Annot"><span style='font-size:10.0pt'>/*@ensures |
| 5741 | owned<i><references></i>@*/</span></span></p> |
| 5742 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5743 | 'font-size:10.0pt'>/*@requires |
| 5744 | dependent<i><references></i>@*/</span></span>; |
| 5745 | <span class="Annot"><span style='font-size:10.0pt'>/*@ensures |
| 5746 | dependent<i><references></i>@*/</span></span></p> |
| 5747 | <p class="IndentText">References refer to <span class= |
| 5748 | "Annot"><span style='font-size:10.0pt'>only</span></span>, |
| 5749 | <span class="Annot"><span style= |
| 5750 | 'font-size:10.0pt'>shared</span></span>, <span class= |
| 5751 | "Annot"><span style='font-size:10.0pt'>owned</span></span> or |
| 5752 | <span class="Annot"><span style= |
| 5753 | 'font-size:10.0pt'>dependent</span></span> storage before |
| 5754 | (<span class="Annot"><span style= |
| 5755 | 'font-size:10.0pt'>requires</span></span>) or after |
| 5756 | (<span class="Annot"><span style= |
| 5757 | 'font-size:10.0pt'>ensures</span></span>) the call.</p> |
| 5758 | <h6 style='margin-left:0in;text-indent:0in'><b>Exposure |
| 5759 | Annotations</b></h6> |
| 5760 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5761 | 'font-size:10.0pt'>/*@requires |
| 5762 | observer<i><references></i>@*/</span></span>; |
| 5763 | <span class="Annot"><span style='font-size:10.0pt'>/*@ensures |
| 5764 | observer<i><references></i>@*/</span></span></p> |
| 5765 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5766 | 'font-size:10.0pt'>/*@requires |
| 5767 | exposed<i><references></i>@*/</span></span>; |
| 5768 | <span class="Annot"><span style='font-size:10.0pt'>/*@ensures |
| 5769 | exposed <i><references></i>@*/</span></span></p> |
| 5770 | <p class="IndentText">References refer to <span class= |
| 5771 | "Annot"><span style='font-size:10.0pt'>observer</span></span> or |
| 5772 | <span class="Annot"><span style= |
| 5773 | 'font-size:10.0pt'>exposed</span></span> storage before |
| 5774 | (<span class="Annot"><span style= |
| 5775 | 'font-size:10.0pt'>requires</span></span>) or after |
| 5776 | (<span class="Annot"><span style= |
| 5777 | 'font-size:10.0pt'>ensures</span></span>) the call.</p> |
| 5778 | <h6 style='margin-left:0in;text-indent:0in'><b>Null</b> |
| 5779 | <b>State</b><b>Annotations</b></h6> |
| 5780 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5781 | 'font-size:10.0pt'>/*@requires |
| 5782 | isnull<i><references></i>@*/</span></span>; |
| 5783 | <span class="Annot"><span style='font-size:10.0pt'>/*@ensures |
| 5784 | isnull<i><references></i>@*/</span></span></p> |
| 5785 | <p class="IndentText">References have the value <span class= |
| 5786 | "CodeText"><span style='font-size:10.0pt'>NULL</span></span> before |
| 5787 | (<span class="Annot"><span style= |
| 5788 | 'font-size:10.0pt'>requires</span></span>) or after |
| 5789 | (<span class="Annot"><span style= |
| 5790 | 'font-size:10.0pt'>ensures</span></span>) the call. |
| 5791 | Note, this is not the same name or meaning as the |
| 5792 | <span class="Annot"><span style= |
| 5793 | 'font-size:10.0pt'>null</span></span> annotation (which means |
| 5794 | the value may or may not be <span class="Annot"><span style= |
| 5795 | 'font-size:10.0pt'>NULL</span></span>.)</p> |
| 5796 | <p class="TextFontCX"><span class="Annot"><span style= |
| 5797 | 'font-size:10.0pt'>/*@requires |
| 5798 | notnull<i><references></i>@*/</span></span>; |
| 5799 | <span class="Annot"><span style='font-size:10.0pt'>/*@ensures |
| 5800 | notnull<i><references></i>@*/</span></span></p> |
| 5801 | <p class="IndentText">References do not have the value |
| 5802 | <span class="CodeText"><span style= |
| 5803 | 'font-size:10.0pt'>NULL</span></span> before (<span class= |
| 5804 | "Annot"><span style= |
| 5805 | 'font-size:10.0pt'>requires</span></span>) or after |
| 5806 | (<span class="Annot"><span style= |
| 5807 | 'font-size:10.0pt'>ensures</span></span>) the call.</p> |
| 5808 | <p class="TextFontCX"> </p> |
| 5809 | <h1 style='margin-left:0in;text-indent:0in'><a name= |
| 5810 | "_Toc534974986"></a><a name="_Ref534642886"></a><a name= |
| 5811 | "_Ref483663682">8<span style= |
| 5812 | 'font:7.0pt "Times New Roman"'> </span> |
| 5813 | <a id="control" name="control"> |
| 5814 | Control Flow</a></a></h1> |
| 5815 | <p class="TextFontCX">The section describes checking done by Splint |
| 5816 | related to control flow. Many of these checks are |
| 5817 | significantly improved because of the extra information that is |
| 5818 | known about the program when annotations are provided.</p> |
| 5819 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 5820 | "_Toc534974987"></a><a name="_Ref345859337"></a><a name= |
| 5821 | "_Ref344907653"></a><a name="_Ref344894343"></a><a name= |
| 5822 | "_Ref344873752"></a><a name="_Toc344355417">8.1<span style= |
| 5823 | 'font:7.0pt "Times New Roman"'> </span> |
| 5824 | Execution</a></h2> |
| 5825 | <p class="TextFontCX">To detect certain errors and avoid spurious |
| 5826 | errors, it is important to know something about the control flow |
| 5827 | behavior of called functions. Without additional information, |
| 5828 | Splint assumes that all functions eventually return and execution |
| 5829 | continues normally at the call site. </p> |
| 5830 | <p class="TextFontCX"> </p> |
| 5831 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 5832 | 'font-size:10.0pt'>noreturn</span></span> annotation is used |
| 5833 | to denote a function that never returns<a href="#_ftn8" name= |
| 5834 | "_ftnref8" title=""><span class= |
| 5835 | "MsoFootnoteReference"><span class="MsoFootnoteReference"><span style='font-size:11.0pt;font-family:"Times New Roman"'> |
| 5836 | [8]</span></span></span></a>. For example,</p> |
| 5837 | <p class="example"><span class="Annot"><span style= |
| 5838 | 'font-size:10.0pt'>extern /*@noreturn@*/ void fatalerror |
| 5839 | (/*@observer@*/ char *s);</span></span></p> |
| 5840 | <p class="beforelist">declares <span class= |
| 5841 | "CodeText"><span style='font-size:10.0pt'>fatalerror</span></span> |
| 5842 | to never return. This enables Splint to correctly |
| 5843 | analyze code like,</p> |
| 5844 | <p class="TextFontCX"><span class="Keyword"><span style= |
| 5845 | 'font-size:10.0pt'> if (x == NULL) fatalerror |
| 5846 | ("Yikes!");</span></span></p> |
| 5847 | <p class="TextFontCX"><span class="Keyword"><span style= |
| 5848 | 'font-size:10.0pt'> *x = 3;</span></span></p> |
| 5849 | <p class="afterlist">Other functions may return, but sometimes (or |
| 5850 | usually) return normally. The <span class= |
| 5851 | "Annot"><span style='font-size:10.0pt'>maynotreturn</span></span> |
| 5852 | annotation denotes a function that may or may not |
| 5853 | return. This may be useful for documentation, but does |
| 5854 | not help checking much, since Splint must assume that a |
| 5855 | function declared with <span class="Annot"><span style= |
| 5856 | 'font-size:10.0pt'>maynotreturn</span></span> returns |
| 5857 | normally when checking the code. The <span class= |
| 5858 | "Annot"><span style= |
| 5859 | 'font-size:10.0pt'>alwaysreturns</span></span> annotation |
| 5860 | denotes a function that always returns (but Splint does no |
| 5861 | checking to verify this).</p> |
| 5862 | <p class="TextFontCX"> </p> |
| 5863 | <p class="TextFontCX">To describe non-returning functions more |
| 5864 | precisely, the <span class="Annot"><span style= |
| 5865 | 'font-size:10.0pt'>noreturnwhentrue</span></span> and |
| 5866 | <span class="Annot"><span style= |
| 5867 | 'font-size:10.0pt'>noreturnwhenfalse</span></span> annotations |
| 5868 | may be used. Similar to <span class= |
| 5869 | "Annot"><span style='font-size: 10.0pt'>nullwhentrue</span></span> |
| 5870 | and <span class="Annot"><span style= |
| 5871 | 'font-size:10.0pt'>falsewhennull</span></span> (see Section |
| 5872 | 2.1.1), <span class="Annot"><span style= |
| 5873 | 'font-size:10.0pt'>noreturnwhentrue</span></span> and |
| 5874 | <span class="Annot"><span style= |
| 5875 | 'font-size:10.0pt'>noreturnwhenfalse</span></span> mean that |
| 5876 | a function never returns if the value of its first argument |
| 5877 | is true (<span class="Annot"><span style= |
| 5878 | 'font-size:10.0pt'>noreturnwhentrue</span></span>) or false |
| 5879 | (<span class="Annot"><span style= |
| 5880 | 'font-size:10.0pt'>noreturnwhenfalse</span></span>). |
| 5881 | They may be used only on functions whose first argument is a |
| 5882 | Boolean. </p> |
| 5883 | <p class="TextFontCX"> </p> |
| 5884 | <p class="TextFontCX" style='margin-bottom:6.0pt'>Hence, a function |
| 5885 | declared with <span class="Annot"><span style= |
| 5886 | 'font-size:10.0pt'>noreturnwhenwfalse</span></span> must not return |
| 5887 | if the value of its argument is false. For example, the |
| 5888 | standard library declares <span class="Keyword"><span style= |
| 5889 | 'font-size:10.0pt'>assert</span></span> as<a href="#_ftn9" |
| 5890 | name="_ftnref9" title=""><span class= |
| 5891 | "MsoFootnoteReference"><span class= |
| 5892 | "MsoFootnoteReference"><span style= |
| 5893 | 'font-size:11.0pt;font-family:"Times New Roman"'>[9]</span></span></span></a>:</p> |
| 5894 | <p class="example" style= |
| 5895 | 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:0in;margin-bottom:.0001pt;text-indent:.5in'> |
| 5896 | /*@noreturnwhenfalse@*/ void</p> |
| 5897 | <p class="example" style= |
| 5898 | 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:0in;margin-bottom:.0001pt;text-indent:.5in'> |
| 5899 | assert (/*@sef@*/ bool /*@alt int@*/ pred);</p> |
| 5900 | <p class="beforelist" style='margin-top:6.0pt'>This way, code |
| 5901 | like,</p> |
| 5902 | <p class="Verbatim"> assert (x != NULL);</p> |
| 5903 | <p class="Verbatim"> *x = 3;</p> |
| 5904 | <p class="TextFontCX">is checked without reporting a false warning, |
| 5905 | since the <span class="Annot"><span style= |
| 5906 | 'font-size:10.0pt'>noreturnwhenwfalse</span></span> annotation on |
| 5907 | <span class="CodeText"><span style= |
| 5908 | 'font-size:10.0pt'>assert</span></span> means the deference of |
| 5909 | <span class="CodeText"><span style= |
| 5910 | 'font-size:10.0pt'>x</span></span> is not reached is |
| 5911 | <span class="CodeText"><span style='font-size:10.0pt'>x != |
| 5912 | NULL</span></span> is false.</p> |
| 5913 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 5914 | "_Toc534974988"></a><a name="_Ref350066608">8.2<span style= |
| 5915 | 'font:7.0pt "Times New Roman"'> </span> |
| 5916 | Undefined</a> Behavior</h2> |
| 5917 | <p class="TextFontCX">The order in which side effects take place in |
| 5918 | a C program is not entirely defined by the code. Certain |
| 5919 | execution points are known as <i>sequence points</i> — a |
| 5920 | function call (after the arguments have been evaluated), the end of |
| 5921 | a full expression (an initializer, expression in an expression |
| 5922 | statement, the control expression of an <span class= |
| 5923 | "CodeText"><span style='font-size:10.0pt'>if</span></span>, |
| 5924 | <span class="CodeText"><span style= |
| 5925 | 'font-size:10.0pt'>switch</span></span>, <span class= |
| 5926 | "CodeText"><span style='font-size:10.0pt'>while</span></span> or |
| 5927 | <span class="CodeText"><span style= |
| 5928 | 'font-size:10.0pt'>do</span></span> statement, each expression of a |
| 5929 | <span class="CodeText"><span style= |
| 5930 | 'font-size:10.0pt'>for</span></span> statement, and the expression |
| 5931 | in a <span class="CodeText"><span style= |
| 5932 | 'font-size: 10.0pt'>return</span></span> statement), and after the |
| 5933 | first operand or a <span class="CodeText"><span style= |
| 5934 | 'font-size:10.0pt'>&&</span></span>, <span class= |
| 5935 | "CodeText"><span style='font-size:10.0pt'>||</span></span>, |
| 5936 | <span class="CodeText"><span style= |
| 5937 | 'font-size:10.0pt'>?</span></span> or <span class= |
| 5938 | "CodeText"><span style='font-size:10.0pt'>,</span></span> |
| 5939 | operand.</p> |
| 5940 | <p class="TextFontCX"> </p> |
| 5941 | <p class="TextFontCX">All side effects before a sequence point must |
| 5942 | be complete before the sequence point, and no evaluations after the |
| 5943 | sequence point shall have taken place. Between sequence |
| 5944 | points, side effects and evaluations may take place in any |
| 5945 | order. Hence, the order in which expressions or arguments are |
| 5946 | evaluated is not specified. Compilers are free to evaluate |
| 5947 | function arguments and parts of expressions (that do not contain |
| 5948 | sequence points) in any order. The behavior of code is |
| 5949 | undefined if it uses a value that is modified by another expression |
| 5950 | that is not required to be evaluated before or after the other |
| 5951 | use.</p> |
| 5952 | <p class="TextFontCX"> </p> |
| 5953 | <p class="TextFontCX">Splint detects instances where undetermined |
| 5954 | order of evaluation produces undefined behavior. If |
| 5955 | modifies clauses and globals lists are used, this checking is |
| 5956 | enabled in expressions involving function calls. Evaluation order |
| 5957 | checking is controlled by the <span class="Flag"><span style= |
| 5958 | 'font-size:10.0pt'>eval-order</span></span> flag.</p> |
| 5959 | <center> |
| 5960 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 5961 | cellpadding="0" style= |
| 5962 | 'margin-left:13.05pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'> |
| 5963 | <tr> |
| 5964 | <td valign="top" style= |
| 5965 | 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt;height:13.45pt'> |
| 5966 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 5967 | |
| 5968 | <span class="Keyword"><b><span style= |
| 5969 | 'font-size:10.0pt;color:white'>order.c</span></b></span></p></td> |
| 5970 | <td valign="top" style= |
| 5971 | 'width:198.8pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt;height:13.45pt'> |
| 5972 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 5973 | <b><span style='color:white'>Running |
| 5974 | Splint</span></b></p></td></tr> |
| 5975 | <tr> |
| 5976 | <td valign="top" style= |
| 5977 | 'width:148.95pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'> |
| 5978 | <p class="Verbatim">extern int glob;</p> |
| 5979 | <p class="Verbatim"> </p> |
| 5980 | <p class="Verbatim">extern int mystery (void);</p> |
| 5981 | <p class="Verbatim"> </p> |
| 5982 | <p class="Verbatim">extern int modglob (void)</p> |
| 5983 | <p class="Verbatim"> /*@globals glob@*/</p> |
| 5984 | <p class="Verbatim"> /*@modifies glob@*/;</p> |
| 5985 | <p class="Verbatim"> </p> |
| 5986 | <p class="Verbatim">int f (int x, int y[])</p> |
| 5987 | <p class="Verbatim">{</p> |
| 5988 | <p class="Verbatim"><span class="Line"><span style= |
| 5989 | 'font-size:8.0pt'>11</span></span> int i = x++ * x;</p> |
| 5990 | <p class="Verbatim"> </p> |
| 5991 | <p class="Verbatim"><span class="Line"><span style= |
| 5992 | 'font-size:8.0pt'>13</span></span> y[i] = i++;</p> |
| 5993 | <p class="Verbatim"><span class="Line"><span style= |
| 5994 | 'font-size:8.0pt'>14</span></span> i += modglob() * glob;</p> |
| 5995 | <p class="Verbatim"><span class="Line"><span style= |
| 5996 | 'font-size:8.0pt'>15</span></span> i += mystery() * glob;</p> |
| 5997 | <p class="Verbatim"><span class="Line"><span style= |
| 5998 | 'font-size:8.0pt'>16</span></span> return i;</p> |
| 5999 | <p class="Verbatim">}</p></td> |
| 6000 | <td valign="top" style= |
| 6001 | 'width:275.4pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 6002 | <p class="lclintrun">> splint order.c +evalorderuncon</p> |
| 6003 | <p class="lclintrun">order.c:11: Expression has undefined behavior |
| 6004 | (value of</p> |
| 6005 | <p class="lclintrun"> right operand modified by |
| 6006 | left operand): x++ * x</p> |
| 6007 | <p class="lclintrun">order.c:13: Expression has undefined behavior |
| 6008 | (left operand</p> |
| 6009 | <p class="lclintrun"> uses i, modified by right |
| 6010 | operand): y[i] = i++</p> |
| 6011 | <p class="lclintrun">order.c:14: Expression has undefined behavior |
| 6012 | (value of</p> |
| 6013 | <p class="lclintrun"> right operand modified by |
| 6014 | left operand):</p> |
| 6015 | <p class="lclintrun"> modglob() * glob</p> |
| 6016 | <p class="lclintrun">order.c:15: Expression has undefined |
| 6017 | behavior</p> |
| 6018 | <p class="lclintrun"> (unconstrained function |
| 6019 | mystery used in left operand</p> |
| 6020 | <p class="lclintrun"> may set global variable |
| 6021 | glob used in right operand):</p> |
| 6022 | <p class="lclintrun"> mystery() * glob</p> |
| 6023 | <p class="TextFontCX" align="left" style='text-align:left'> |
| 6024 | <i> </i></p> |
| 6025 | <p class="TextFontCX" align="left" style= |
| 6026 | 'text-align:left;page-break-after:avoid'><i>The warning for line 14 |
| 6027 | is reported because the modifies clause of</i> <span class= |
| 6028 | "CodeText"><span style='font-size:10.0pt'>modglob</span></span> |
| 6029 | <i>indicated that it may modify</i> <span class= |
| 6030 | "CodeText"><span style= |
| 6031 | 'font-size:10.0pt'>glob</span></span><i>. The behavior is |
| 6032 | undefined since we don’t know if</i> <span class= |
| 6033 | "CodeText"><span style='font-size:10.0pt'>glob</span></span> <i>is |
| 6034 | evaluated before, after or during the</i> <i>modification. |
| 6035 | The line 15 warning would not be reported without</i> |
| 6036 | <span class="Flag"><span style= |
| 6037 | 'font-size:10.0pt'>+evalorderuncon</span></span><i>.</i></p></td></tr></table> |
| 6038 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 6039 | <tr> |
| 6040 | <td valign="top" style= |
| 6041 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 6042 | <p class="MsoCaption"><a name="_Toc534824620"></a><a name= |
| 6043 | "_Ref534823183">Figure 16</a>. Evaluation |
| 6044 | Order</p></td></tr></table></center> |
| 6045 | <p class="TextFontCX"> </p> |
| 6046 | <p class="TextFontCX">When checking systems without modifies and |
| 6047 | globals information (see Section 7), evaluation order checking may |
| 6048 | report errors when unconstrained functions are called in procedure |
| 6049 | arguments. Since Splint has no annotations to constrain what |
| 6050 | these functions may modify, it cannot be guaranteed that the |
| 6051 | evaluation order is defined if another argument calls an |
| 6052 | unconstrained function or uses a global variable or storage |
| 6053 | reachable from a parameter to the unconstrained function. Its |
| 6054 | best to add modifies and globals clauses to constrain the |
| 6055 | unconstrained functions in ways that eliminate the possibility of |
| 6056 | undefined behavior. For large legacy systems, this may |
| 6057 | require too much effort. Instead, the <span class= |
| 6058 | "Flag"><span style= |
| 6059 | 'font-size:10.0pt'>‑eval-order-uncon</span></span> flag may |
| 6060 | be used to prevent reporting of undefined behavior due to the order |
| 6061 | of evaluation of unconstrained functions. Figure 16 |
| 6062 | illustrates detection of undefined behavior.</p> |
| 6063 | <center> |
| 6064 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 6065 | cellpadding="0" style= |
| 6066 | 'margin-left:18.9pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'> |
| 6067 | <tr> |
| 6068 | <td valign="top" style= |
| 6069 | 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 6070 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 6071 | <span class="Keyword"><b><span style= |
| 6072 | 'font-size:10.0pt; color:white'>loop.c</span></b></span></p></td> |
| 6073 | <td valign="top" style= |
| 6074 | 'border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 6075 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 6076 | <b><span style='color:white'>Running |
| 6077 | Splint</span></b></p></td></tr> |
| 6078 | <tr style='height:143.1pt'> |
| 6079 | <td valign="top" style= |
| 6080 | 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt;height:143.1pt'> |
| 6081 | <p class="Verbatim">extern int glob1, glob2;</p> |
| 6082 | <p class="Verbatim">extern int f (void)</p> |
| 6083 | <p class="Verbatim"> /*@globals glob1@*/</p> |
| 6084 | <p class="Verbatim"> /*@modifies nothing@*/;</p> |
| 6085 | <p class="Verbatim">extern void g (void)</p> |
| 6086 | <p class="Verbatim"> /*@modifies glob2@*/ ;</p> |
| 6087 | <p class="Verbatim">extern void h (void) ;</p> |
| 6088 | <p class="Verbatim"> </p> |
| 6089 | <p class="Verbatim">void upto (int x)</p> |
| 6090 | <p class="Verbatim">{</p> |
| 6091 | <p class="Verbatim"><span class="Line"><span style= |
| 6092 | 'font-size:8.0pt'>14</span></span> while (x > f ()) |
| 6093 | g();</p> |
| 6094 | <p class="Verbatim"><span class="Line"><span style= |
| 6095 | 'font-size:8.0pt'>15</span></span> while (f () < 3) |
| 6096 | h();</p> |
| 6097 | <p class="Verbatim">}</p></td> |
| 6098 | <td valign="top" style= |
| 6099 | 'border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt;height:143.1pt'> |
| 6100 | <p class="lclintrun">> splint loop.c +infloopsuncon</p> |
| 6101 | <p class="lclintrun">loop.c:14: Suspected infinite loop. No |
| 6102 | value used in</p> |
| 6103 | <p class="lclintrun"> loop test (x, glob1) is |
| 6104 | modified by test or loop</p> |
| 6105 | <p class="lclintrun"> body.</p> |
| 6106 | <p class="lclintrun">loop.c:15: Suspected infinite loop. No |
| 6107 | condition</p> |
| 6108 | <p class="lclintrun"> values modified. |
| 6109 | Modification possible through</p> |
| 6110 | <p class="lclintrun"> unconstrained calls: h</p> |
| 6111 | <p class="TextFontCX" style='page-break-after: avoid'><i>An error |
| 6112 | is reported for line 14 since the only value modified by<br> |
| 6113 | the loop test or body if</i> <span class= |
| 6114 | "CodeText"><span style='font-size: 10.0pt'>glob2</span></span> |
| 6115 | <i>and the value of the loop test<br> |
| 6116 | does not depend on</i> <span class="CodeText"><span style= |
| 6117 | 'font-size:10.0pt'>glob2</span></span><i>. The error for line |
| 6118 | 15 would not be<br> |
| 6119 | reported without</i> <span class="Flag"><span style= |
| 6120 | 'font-size:10.0pt'>+infloopsuncon</span></span><i>.</i></p></td></tr></table> |
| 6121 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 6122 | <tr> |
| 6123 | <td valign="top" style= |
| 6124 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 6125 | <p class="MsoCaption"><a name="_Toc534824621"></a><a name= |
| 6126 | "_Ref534823256">Figure 17</a>. Infinite |
| 6127 | Loops</p></td></tr></table></center> |
| 6128 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 6129 | "_Toc534974989"></a><a name="_Ref344892701"></a><a name= |
| 6130 | "_Toc344355430">8.3<span style= |
| 6131 | 'font:7.0pt "Times New Roman"'> </span> |
| 6132 | Problematic Control Structures</a></h2> |
| 6133 | <p class="TextFontCX">A number of control structures that are |
| 6134 | syntactically legal may indicate likely bugs in programs. |
| 6135 | Splint can detect errors involving likely infinite |
| 6136 | loops (Section 8.3.1), fall through cases and missing cases in |
| 6137 | <span class="CodeText"><span style= |
| 6138 | 'font-size:10.0pt'>switch</span></span> statements (Section |
| 6139 | 8.3.2), <span class="CodeText"><span style= |
| 6140 | 'font-size:10.0pt'>break</span></span> statements within deeply |
| 6141 | nested loops or switches (Section 8.3.3), clauses of |
| 6142 | <span class="CodeText"><span style= |
| 6143 | 'font-size:10.0pt'>if</span></span>, <span class= |
| 6144 | "CodeText"><span style='font-size:10.0pt'>while</span></span> |
| 6145 | or <span class="CodeText"><span style= |
| 6146 | 'font-size:10.0pt'>for</span></span> statements that are |
| 6147 | empty statements or unblocked single statements (Section |
| 6148 | 8.3.4) and incomplete if-else logic (Section 8.3.5). |
| 6149 | Although any of these may appear in a correct program, |
| 6150 | depending on the programming style used they may indicate |
| 6151 | likely bugs or style violations that should be detected and |
| 6152 | eliminated.</p> |
| 6153 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 6154 | "_Toc534974990"></a><a name="_Ref344810086">8.3.1<span style= |
| 6155 | 'font:7.0pt "Times New Roman"'> </span> |
| 6156 | Likely Infinite Loops</a></h3> |
| 6157 | <p class="TextFontCX">Splint reports an error if it detects a loop |
| 6158 | that appears to be infinite. An error is reported for a loop |
| 6159 | that does not modify any value used in its condition test inside |
| 6160 | the body of the loop or in the condition test itself. This |
| 6161 | checking is enhanced by modifies clauses and globals lists (see |
| 6162 | Section 7) since they <a name="_Ref344818734">provide more |
| 6163 | information about what global variable may be used in the condition |
| 6164 | test and what values may be modified by function calls in the loop |
| 6165 | body.</a></p> |
| 6166 | <p class="TextFontCX"> </p> |
| 6167 | <p class="TextFontCX">Figure 17 shows examples of infinite |
| 6168 | loops detected by Splint. An error is reported for the loop in |
| 6169 | line 14, since neither of the values used in the loop condition |
| 6170 | (<span class="CodeText"><span style= |
| 6171 | 'font-size:10.0pt'>x</span></span> directly and <span class= |
| 6172 | "CodeText"><span style='font-size:10.0pt'>glob1</span></span> |
| 6173 | through the call to <span class="CodeText"><span style= |
| 6174 | 'font-size:10.0pt'>f</span></span>) is modified by the body of the |
| 6175 | loop. If the declaration of <span class= |
| 6176 | "CodeText"><span style='font-size:10.0pt'>g</span></span> is |
| 6177 | changed to include <span class="CodeText"><span style= |
| 6178 | 'font-size:10.0pt'>glob1</span></span> in the modifies clause no |
| 6179 | error is reported. (In this example, if we assume the |
| 6180 | annotations are correct, then the programmer has probably called |
| 6181 | the wrong function in the loop body. This isn’t |
| 6182 | surprising, given the horrible choices of function and variable |
| 6183 | names!)</p> |
| 6184 | <p class="TextFontCX"> </p> |
| 6185 | <p class="TextFontCX">If an unconstrained function is called within |
| 6186 | the loop body, Splint will assume that it modifies a value used in |
| 6187 | the condition test and not report an infinite loop error, unless |
| 6188 | <span class="Flag"><span style= |
| 6189 | 'font-size:10.0pt'>infloopsuncon</span></span> is on. If |
| 6190 | <span class="Flag"><span style= |
| 6191 | 'font-size:10.0pt'>infloopsuncon</span></span> is on, Splint will |
| 6192 | report infinite loop errors for loops where there is no explicit |
| 6193 | modification of a value used in the condition test, but where they |
| 6194 | may be an undetected modification through a call to an |
| 6195 | unconstrained function (e.g., line 12 in Figure 17).</p> |
| 6196 | <p class="TextFontCX"> </p> |
| 6197 | <p class="TextFontCX"> </p> |
| 6198 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 6199 | <span style='font-size:10.0pt'> </span></p> |
| 6200 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 6201 | "_Toc534974991"></a><a name="_Ref349899747"></a><a name= |
| 6202 | "_Ref345591205">8.3.2<span style= |
| 6203 | 'font:7.0pt "Times New Roman"'> </span> |
| 6204 | Switches</a></h3> |
| 6205 | <p class="TextFontCX">The automatic fall through of C switch |
| 6206 | statements is almost never the intended behavior.<a href="#_ftn10" |
| 6207 | name="_ftnref10" title=""><span class= |
| 6208 | "MsoFootnoteReference"><span class= |
| 6209 | "MsoFootnoteReference"><span style= |
| 6210 | 'font-size:11.0pt;font-family:"Times New Roman"'>[10]</span></span></span></a> |
| 6211 | Splint detects <span class="CodeText"><span style= |
| 6212 | 'font-size:10.0pt'>case</span></span> statements with code that may |
| 6213 | fall through to the next <span class="CodeText"><span style= |
| 6214 | 'font-size:10.0pt'>case</span></span>. The <span class= |
| 6215 | "Flag"><span style='font-size:10.0pt'>casebreak</span></span> flag |
| 6216 | controls reporting of fall through cases. A single fall |
| 6217 | through case may be marked by preceding the <span class= |
| 6218 | "CodeText"><span style='font-size:10.0pt'>case</span></span> |
| 6219 | keyword with <span class="Annot"><span style= |
| 6220 | 'font-size:10.0pt'>/*@fallthrough@*/</span></span> to indicate |
| 6221 | explicitly that execution falls through to this case. See |
| 6222 | Figure 18 for an example.</p> |
| 6223 | <p class="TextFontCX"> </p> |
| 6224 | <p class="TextFontCX">For switches on <span class= |
| 6225 | "CodeText"><span style='font-size:10.0pt'>enum</span></span> types, |
| 6226 | Splint reports an error if a member of the enumerator does not |
| 6227 | appear as a case in the switch body (and there is no |
| 6228 | <span class="CodeText"><span style= |
| 6229 | 'font-size:10.0pt'>default</span></span> case). |
| 6230 | (Controlled by <span class="Flag"><span style= |
| 6231 | 'font-size:10.0pt'>misscase</span></span>.)</p> |
| 6232 | <center> |
| 6233 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 6234 | cellpadding="0" style= |
| 6235 | 'margin-left:.2in;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'> |
| 6236 | <tr> |
| 6237 | <td valign="top" style= |
| 6238 | 'width:3.0in;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 6239 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 6240 | <span class="Keyword"><b><span style= |
| 6241 | 'font-size:10.0pt; color:white'>switch.c</span></b></span></p></td> |
| 6242 | <td valign="top" style= |
| 6243 | 'border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 6244 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 6245 | <b><span style='color:white'>Running |
| 6246 | Splint</span></b></p></td></tr> |
| 6247 | <tr> |
| 6248 | <td valign="top" style= |
| 6249 | 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'> |
| 6250 | <p class="Verbatim">typedef enum {</p> |
| 6251 | <p class="Verbatim"> YES, NO, DEFINITELY,</p> |
| 6252 | <p class="Verbatim"> PROBABLY, MAYBE } ynm;</p> |
| 6253 | <p class="Verbatim">void decide (ynm y)</p> |
| 6254 | <p class="Verbatim">{</p> |
| 6255 | <p class="Verbatim"> switch (y)</p> |
| 6256 | <p class="Verbatim"> {</p> |
| 6257 | <p class="Verbatim"> case PROBABLY:</p> |
| 6258 | <p class="Verbatim"> case NO: printf ("No!");</p> |
| 6259 | <p class="Verbatim"><span class="Line"><span style= |
| 6260 | 'font-size:8.0pt'>10</span></span> case MAYBE: printf |
| 6261 | ("Maybe");</p> |
| 6262 | <p class="Verbatim"> |
| 6263 | |
| 6264 | /*@fallthrough@*/</p> |
| 6265 | <p class="Verbatim"> case YES: printf |
| 6266 | ("Yes!");</p> |
| 6267 | <p class="Verbatim"><span class="Line"><span style= |
| 6268 | 'font-size:8.0pt'>13</span></span> }</p> |
| 6269 | <p class="Verbatim">}</p></td> |
| 6270 | <td valign="top" style= |
| 6271 | 'border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 6272 | <p class="lclintrun">> splint switch.c</p> |
| 6273 | <p class="lclintrun">switch.c:10: Fall through case (no preceding |
| 6274 | break)</p> |
| 6275 | <p class="lclintrun">switch.c:13: Missing case in switch: |
| 6276 | DEFINITELY</p> |
| 6277 | <p class="TextFontCX"> </p> |
| 6278 | <p class="MsoCaption" align="left" style='text-align:left'> |
| 6279 | <i><span style='font-weight:normal'>No fall through error is |
| 6280 | reported for the</span></i> <span class= |
| 6281 | "CodeText"><span style='font-weight:normal'>NO</span></span><i><span style='font-weight:normal'> |
| 6282 | case,<br> |
| 6283 | since there are no statements associated with the<br> |
| 6284 | previous case. </span></i></p> |
| 6285 | <p class="TextFontCX" style='page-break-after: avoid'><i>The</i> |
| 6286 | <span class="Annot"><span style= |
| 6287 | 'font-size:10.0pt'>/*@fallthrough@*/</span></span> <i>comment |
| 6288 | prevents<br> |
| 6289 | a message from being produced for the<br></i> <span class= |
| 6290 | "Annot"><span style='font-size:10.0pt'>YES</span></span> |
| 6291 | <i>case.</i></p></td></tr></table> |
| 6292 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 6293 | <tr> |
| 6294 | <td valign="top" style= |
| 6295 | 'padding-top:0in;padding-right: 9.0pt;padding-bottom:0in;padding-left:9.0pt'> |
| 6296 | <p class="MsoCaption"><a name="_Toc344355431"></a><a name= |
| 6297 | "_Ref344881581"></a><a name="_Toc534824622"></a><a name= |
| 6298 | "_Ref534823308">Figure 18</a>. Switch |
| 6299 | Cases</p></td></tr></table></center> |
| 6300 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 6301 | "_Toc534974992"></a><a name="_Ref534971227">8.3.3<span style= |
| 6302 | 'font:7.0pt "Times New Roman"'> </span> |
| 6303 | Deep Breaks</a></h3> |
| 6304 | <p class="TextFontCX">There is no syntax provided by C (other than |
| 6305 | <span class="CodeText"><span style= |
| 6306 | 'font-size:10.0pt'>goto</span></span>) for breaking out of a nested |
| 6307 | loop. All <span class="CodeText"><span style= |
| 6308 | 'font-size:10.0pt'>break</span></span> and <span class= |
| 6309 | "CodeText"><span style='font-size:10.0pt'>continue</span></span> |
| 6310 | statements act only on the innermost surrounding loop or |
| 6311 | switch. This can lead to serious problems<a href="#_ftn11" |
| 6312 | name="_ftnref11" title=""><span class= |
| 6313 | "MsoFootnoteReference"><span class= |
| 6314 | "MsoFootnoteReference"><span style= |
| 6315 | 'font-size:11.0pt;font-family:"Times New Roman"'>[11]</span></span></span></a> |
| 6316 | when a programmer intends to break the outer loop or switch |
| 6317 | instead. Splint optionally reports warnings for |
| 6318 | <span class="CodeText"><span style= |
| 6319 | 'font-size: 10.0pt'>break</span></span> and <span class= |
| 6320 | "CodeText"><span style= |
| 6321 | 'font-size: 10.0pt'>continue</span></span> statements in |
| 6322 | nested contexts.</p> |
| 6323 | <p class="beforelist"> </p> |
| 6324 | <p class="beforelist">Four types of <span class= |
| 6325 | "CodeText"><span style='font-size: 10.0pt'>break</span></span> |
| 6326 | warnings are reported:</p> |
| 6327 | <p class="MsoListBullet"><span style= |
| 6328 | 'font-family:Symbol'>·<span style= |
| 6329 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 6330 | <span class="CodeText"><span style= |
| 6331 | 'font-size:10.0pt'>break</span></span> inside a loop |
| 6332 | (<span class="CodeText"><span style= |
| 6333 | 'font-size:10.0pt'>while</span></span> or <span class= |
| 6334 | "CodeText"><span style='font-size:10.0pt'>for</span></span>) |
| 6335 | that is inside a loop. Controlled by <span class= |
| 6336 | "Flag"><span style= |
| 6337 | 'font-size:10.0pt'>looploopbreak</span></span>. To |
| 6338 | indicate that a <span class="CodeText"><span style= |
| 6339 | 'font-size:10.0pt'>break</span></span> is inside an inner |
| 6340 | loop, precede the <span class="CodeText"><span style= |
| 6341 | 'font-size:10.0pt'>break</span></span> by <a href= |
| 6342 | "mailto:/*@innerbreak@*/"><span class="Annot"><span style= |
| 6343 | 'font-size: 10.0pt'>/*@innerbreak@*/</span></span></a>.</p> |
| 6344 | <p class="MsoListBullet"><span style= |
| 6345 | 'font-family:Symbol'>·<span style= |
| 6346 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 6347 | <span class="CodeText"><span style= |
| 6348 | 'font-size:10.0pt'>break</span></span> inside a loop that is inside |
| 6349 | a <span class="CodeText"><span style= |
| 6350 | 'font-size:10.0pt'>switch</span></span> statement. Controlled |
| 6351 | by <span class="Flag"><span style= |
| 6352 | 'font-size:10.0pt'>switchloopbreak</span></span>. To mark the |
| 6353 | <span class="CodeText"><span style= |
| 6354 | 'font-size:10.0pt'>break</span></span> as a loop break, precede the |
| 6355 | <span class="CodeText"><span style= |
| 6356 | 'font-size:10.0pt'>break</span></span> by <span class= |
| 6357 | "Annot"><span style= |
| 6358 | 'font-size:10.0pt'>/*@loopbreak@*/</span></span>.</p> |
| 6359 | <p class="MsoListBullet"><span style= |
| 6360 | 'font-family:Symbol'>·<span style= |
| 6361 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 6362 | <span class="CodeText"><span style= |
| 6363 | 'font-size:10.0pt'>break</span></span> inside a <span class= |
| 6364 | "CodeText"><span style='font-size:10.0pt'>switch</span></span> |
| 6365 | statement that is inside a loop. Controlled by |
| 6366 | <span class="Flag"><span style= |
| 6367 | 'font-size:10.0pt'>loopswitchbreak</span></span>. To |
| 6368 | mark the <span class="CodeText"><span style= |
| 6369 | 'font-size:10.0pt'>break</span></span> as a switch break, |
| 6370 | precede the <span class="CodeText"><span style= |
| 6371 | 'font-size:10.0pt'>break</span></span> by <span class= |
| 6372 | "Annot"><span style= |
| 6373 | 'font-size:10.0pt'>/*@switchbreak@*/</span></span>.</p> |
| 6374 | <p class="MsoListBullet"><span style= |
| 6375 | 'font-family:Symbol'>·<span style= |
| 6376 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 6377 | <span class="CodeText"><span style= |
| 6378 | 'font-size:10.0pt'>break</span></span> inside a <span class= |
| 6379 | "CodeText"><span style='font-size:10.0pt'>switch</span></span> |
| 6380 | inside another <span class="CodeText"><span style= |
| 6381 | 'font-size:10.0pt'>switch</span></span>. Controlled by |
| 6382 | <span class="Flag"><span style= |
| 6383 | 'font-size:10.0pt'>switchswitchbreak</span></span>. To |
| 6384 | indicate that the <span class="CodeText"><span style= |
| 6385 | 'font-size:10.0pt'>break</span></span> is for the inner switch, use |
| 6386 | <span class="Annot"><span style= |
| 6387 | 'font-size:10.0pt'>/*@innerbreak@*/</span></span>.</p> |
| 6388 | <p class="afterlist">Since <span class= |
| 6389 | "CodeText"><span style='font-size:10.0pt'>continue</span></span> |
| ed62d3fb |
6390 | only makes sense within loops, a warning (Controlled by <span class= |
| 6391 | "Flag"><span style= |
| 6392 | 'font-size: 10.0pt'>looploopcontinue</span></span>.) |
| 6393 | is reported only for |
| 9645dee1 |
6394 | <span class="CodeText"><span style= |
| 6395 | 'font-size:10.0pt'>continue</span></span> statements within |
| ed62d3fb |
6396 | nested loops. A |
| 9645dee1 |
6397 | safe inner <span class="CodeText"><span style= |
| 6398 | 'font-size:10.0pt'>continue</span></span> may be preceded by |
| 6399 | <span class="Annot"><span style= |
| 6400 | 'font-size:10.0pt'>/*@innercontinue@*/</span></span> to |
| 6401 | suppress error messages locally. The <span class= |
| 6402 | "Flag"><span style='font-size:10.0pt'>deepbreak</span></span> |
| 6403 | flag sets all nested break and continue checking flags.</p> |
| 6404 | <p class="TextFontCX"> </p> |
| 6405 | <p class="TextFontCX">Splint warns if the marker preceding a |
| 6406 | <span class="CodeText"><span style= |
| 6407 | 'font-size:10.0pt'>break</span></span> is not consistent with its |
| 6408 | placement. A warning results if <span class= |
| 6409 | "Annot"><span style='font-size:10.0pt'>innerbreak</span></span> |
| 6410 | precedes a <span class="CodeText"><span style= |
| 6411 | 'font-size:10.0pt'>break</span></span> that is not breaking an |
| 6412 | inner loop, <span class="Annot"><span style= |
| 6413 | 'font-size:10.0pt'>switchbreak</span></span> precedes a |
| 6414 | <span class="CodeText"><span style= |
| 6415 | 'font-size:10.0pt'>break</span></span> that is not breaking a |
| 6416 | switch, or <span class="Annot"><span style= |
| 6417 | 'font-size: 10.0pt'>loopbreak</span></span> precedes a |
| 6418 | <span class="CodeText"><span style= |
| 6419 | 'font-size:10.0pt'>break</span></span> that is not breaking a |
| 6420 | loop.</p> |
| 6421 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 6422 | "_Toc534974993"></a><a name="_Ref347246280">8.3.4<span style= |
| 6423 | 'font:7.0pt "Times New Roman"'> </span></a> |
| 6424 | Loop and If Bodies</h3> |
| 6425 | <p class="beforelist">An empty statement after an |
| 6426 | <span class="CodeText"><span style= |
| 6427 | 'font-size:10.0pt'>if</span></span>, <span class= |
| 6428 | "CodeText"><span style='font-size:10.0pt'>while</span></span> |
| 6429 | or <span class="CodeText"><span style= |
| 6430 | 'font-size:10.0pt'>for</span></span> often indicates a |
| 6431 | potential bug. A single statement (i.e., not a compound |
| 6432 | block) after an <span class="CodeText"><span style= |
| 6433 | 'font-size:10.0pt'>if</span></span>, <span class= |
| 6434 | "CodeText"><span style='font-size:10.0pt'>while</span></span> |
| 6435 | or <span class="CodeText"><span style= |
| 6436 | 'font-size:10.0pt'>for</span></span> is not likely to |
| 6437 | indicate a bug, but make the code harder to read and |
| 6438 | edit. Splint can report errors for if or loop |
| 6439 | statements with empty bodies or bodies that are not compound |
| 6440 | statements. Separate flags control checking for |
| 6441 | statements following an <span class="CodeText"><span style= |
| 6442 | 'font-size:10.0pt'>if</span></span>, <span class= |
| 6443 | "CodeText"><span style='font-size:10.0pt'>while</span></span> |
| 6444 | or <span class="CodeText"><span style= |
| 6445 | 'font-size:10.0pt'>for</span></span>:</p> |
| 6446 | <p class="MsoListBullet"><span style= |
| 6447 | 'font-family:Symbol'>·<span style= |
| 6448 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 6449 | <span class="Flag"><span style= |
| 6450 | 'font-size:10.0pt'>[if</span></span>,<span class= |
| 6451 | "Flag"><span style='font-size:10.0pt'>while</span></span>,<span class="Flag"> |
| 6452 | <span style='font-size:10.0pt'>for]empty</span></span> — |
| 6453 | report errors for empty bodies (e.g., <span class= |
| 6454 | "CodeText"><span style='font-size:10.0pt'>if (x > 3) |
| 6455 | ;</span></span> )</p> |
| 6456 | <p class="MsoListBullet"><span style= |
| 6457 | 'font-family:Symbol'>·<span style= |
| 6458 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 6459 | <span class="Flag"><span style= |
| 6460 | 'font-size:10.0pt'>[if</span></span>,<span class= |
| 6461 | "Flag"><span style='font-size:10.0pt'>while</span></span>,<span class="Flag"> |
| 6462 | <span style='font-size:10.0pt'>for]block</span></span> — |
| 6463 | report errors for non-block bodies (e.g., <span class= |
| 6464 | "CodeText"><span style='font-size:10.0pt'>if (x > 3) |
| 6465 | x++;</span></span>)</p> |
| 6466 | <p class="MsoListBullet" style='margin-left:0in;text-indent:0in'> |
| 6467 | <span class="Keyword"><span style= |
| 6468 | 'font-size:10.0pt'> </span></span></p> |
| 6469 | <p class="afterlist">The <span class="CodeText"><span style= |
| 6470 | 'font-size:10.0pt'>if</span></span> statement checks also apply to |
| 6471 | the body of the <span class="CodeText"><span style= |
| 6472 | 'font-size:10.0pt'>else</span></span> clause. No |
| 6473 | <span class="Flag"><span style= |
| 6474 | 'font-size:10.0pt'>ifblock</span></span> warning is reported |
| 6475 | if the body of the <span class="CodeText"><span style= |
| 6476 | 'font-size:10.0pt'>else</span></span> clause is an |
| 6477 | <span class="CodeText"><span style= |
| 6478 | 'font-size:10.0pt'>if</span></span> statement, to allow |
| 6479 | conventional <span class="CodeText"><span style= |
| 6480 | 'font-size: 10.0pt'>else if</span></span> chains. </p> |
| 6481 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 6482 | "_Toc534974994"></a><a name="_Ref347246283">8.3.5<span style= |
| 6483 | 'font:7.0pt "Times New Roman"'> </span> |
| 6484 | Complete Logic</a></h3> |
| 6485 | <p class="beforelist">Although it may be perfectly reasonable in |
| 6486 | many contexts, an <span class="CodeText"><span style= |
| 6487 | 'font-size:10.0pt'>if</span></span>-<span class= |
| 6488 | "CodeText"><span style='font-size:10.0pt'>else</span></span> chain |
| 6489 | with no final <span class="CodeText"><span style= |
| 6490 | 'font-size:10.0pt'>else</span></span> may indicate missing logic or |
| 6491 | forgetting to check error cases. If <span class= |
| 6492 | "Flag"><span style='font-size:10.0pt'>elseif-complete</span></span> |
| 6493 | is on, Splint warns when an <span class= |
| 6494 | "CodeText"><span style='font-size:10.0pt'>if</span></span> |
| 6495 | statement that is the body of an <span class= |
| 6496 | "CodeText"><span style='font-size: 10.0pt'>else</span></span> |
| 6497 | clause does not have a matching <span class= |
| 6498 | "CodeText"><span style='font-size:10.0pt'>else</span></span> |
| 6499 | clause. For example, the code,</p> |
| 6500 | <p class="Verbatim"> if (x == 0) { return "nil"; }</p> |
| 6501 | <p class="Verbatim"> else if (x == 1) { return "many"; |
| 6502 | }</p> |
| 6503 | <p class="afterlist">results in a warning since the second |
| 6504 | <span class="CodeText"><span style= |
| 6505 | 'font-size:10.0pt'>if</span></span> has no matching |
| 6506 | <span class="CodeText"><span style= |
| 6507 | 'font-size:10.0pt'>else</span></span> branch.</p> |
| 6508 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 6509 | "_Toc534974995"></a><a name="_Ref344892802">8.4<span style= |
| 6510 | 'font:7.0pt "Times New Roman"'> </span> |
| 6511 | Suspicious Statements</a></h2> |
| 6512 | <p class="TextFontCX">Splint detects errors involving statements |
| 6513 | with no apparent effects (Section 8.4.1) and statements that ignore |
| 6514 | the result of a called function (Section 8.4.2).</p> |
| 6515 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 6516 | "_Toc534974996"></a><a name="_Ref347247824">8.4.1<span style= |
| 6517 | 'font:7.0pt "Times New Roman"'> </span> |
| 6518 | Statements with No Effects</a></h3> |
| 6519 | <p class="TextFontCX">Splint can report errors for statements that |
| 6520 | have no effect. (Controlled by <span class= |
| 6521 | "Flag"><span style='font-size:10.0pt'>no-effect</span></span>.) |
| 6522 | Because of modifies clauses, Splint can detect more errors |
| 6523 | than traditional checkers. Unless the <span class= |
| 6524 | "Flag"><span style= |
| 6525 | 'font-size:10.0pt'>no-effect-uncon</span></span> flag is |
| 6526 | on, errors are not reported for statements that involve calls |
| 6527 | to unconstrained functions since the unconstrained function |
| 6528 | may cause a modification. Figure 19 shows examples of |
| 6529 | Splint’s no effect checking.</p> |
| 6530 | <center> |
| 6531 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 6532 | cellpadding="0" style= |
| 6533 | 'margin-left:5.4pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'> |
| 6534 | <tr> |
| 6535 | <td valign="top" style= |
| 6536 | 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 6537 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 6538 | <a name="_Ref344893305"></a><a name= |
| 6539 | "_Ref344874935"><span class="StyleKeywordBold"><span style= |
| 6540 | 'font-size:10.0pt'>noeffect.c</span></span></a></p></td> |
| 6541 | <td valign="top" style= |
| 6542 | 'border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 6543 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 6544 | <b><span style='color:white'>Running |
| 6545 | Splint</span></b></p></td></tr> |
| 6546 | <tr> |
| 6547 | <td valign="top" style= |
| 6548 | 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'> |
| 6549 | <p class="Verbatim">extern void</p> |
| 6550 | <p class="Verbatim"> nomodcall (int *x) /*@*/;</p> |
| 6551 | <p class="IndentText"><i>Recall /*@*/ is shorthand for<br> |
| 6552 | modifies nothing and use<br> |
| 6553 | no globals.</i></p> |
| 6554 | <p class="Verbatim">extern void mysterycall (int *x);</p> |
| 6555 | <p class="Verbatim"> </p> |
| 6556 | <p class="Verbatim">int noeffect (int *x, int y)</p> |
| 6557 | <p class="Verbatim">{</p> |
| 6558 | <p class="Verbatim"> y == *x;</p> |
| 6559 | <p class="Verbatim"> nomodcall (x);</p> |
| 6560 | <p class="Verbatim"> mysterycall (x);</p> |
| 6561 | <p class="Verbatim"> return *x;</p> |
| 6562 | <p class="Verbatim">}</p></td> |
| 6563 | <td valign="top" style= |
| 6564 | 'border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 6565 | <p class="lclintrun">> splint noeffect.c +noeffectuncon</p> |
| 6566 | <p class="lclintrun">noeffect.c:6: Statement has no effect: y == |
| 6567 | *x</p> |
| 6568 | <p class="lclintrun">noeffect.c:7: Statement has no effect: |
| 6569 | nomodcall(x)</p> |
| 6570 | <p class="lclintrun">noeffect.c:8: Statement has no effect |
| 6571 | (possible</p> |
| 6572 | <p class="lclintrun"> undetected modification |
| 6573 | through call to</p> |
| 6574 | <p class="lclintrun"> unconstrained function |
| 6575 | mysterycall):</p> |
| 6576 | <p class="lclintrun"> mysterycall(x)</p> |
| 6577 | <p class="IndentText"><i> </i></p> |
| 6578 | <p class="IndentText" style='page-break-after:avoid'><i>The warning |
| 6579 | for line 8 would not be<br> |
| 6580 | reported without</i> <span class="Flag"><span style= |
| 6581 | 'font-size: 10.0pt'>+noeffectuncon</span></span>.</p></td></tr></table> |
| 6582 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 6583 | <tr> |
| 6584 | <td valign="top" style= |
| 6585 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 6586 | <p class="MsoCaption"><a name="_Ref534813977"></a><a name= |
| 6587 | "_Toc534824623"></a><a name="_Ref534823396">Figure 19</a>. |
| 6588 | Statements with No Effect</p></td></tr></table></center> |
| 6589 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 6590 | "_Ref534978820"></a><a name="_Toc534974997">8.4.2<span style= |
| 6591 | 'font:7.0pt "Times New Roman"'> </span> |
| 6592 | Ignored Return Values</a></h3> |
| 6593 | <p class="TextFontCX">Splint reports an error when a return value |
| 6594 | is ignored. Checking may be controlled based on the type of |
| 6595 | the return value: <span class="Flag"><span style= |
| 6596 | 'font-size:10.0pt'>ret-val-int</span></span> controls reporting of |
| 6597 | ignored return values of type <span class= |
| 6598 | "Keyword"><span style='font-size:10.0pt'>int</span></span>, |
| 6599 | and <span class="Flag"><span style= |
| 6600 | 'font-size:10.0pt'>ret-val-bool</span></span> for return |
| 6601 | values of type <span class="Keyword"><span style= |
| 6602 | 'font-size:10.0pt'>bool</span></span>, and <span class= |
| 6603 | "Flag"><span style= |
| 6604 | 'font-size:10.0pt'>ret-val-others</span></span> for all |
| 6605 | other types. A function statement may be cast to |
| 6606 | <span class="Keyword"><span style= |
| 6607 | 'font-size:10.0pt'>void</span></span> to prevent this error |
| 6608 | from being reported.</p> |
| 6609 | <p class="TextFontCX"> </p> |
| 6610 | <p class="TextFontCX">Alternate types (Section 4.4) can be |
| 6611 | used to declare functions that return values that may safely be |
| 6612 | ignored by declaring the result type to alternately be |
| 6613 | <span class="Keyword"><span style= |
| 6614 | 'font-size:10.0pt'>void</span></span>. Several |
| 6615 | functions in the standard library are specified to |
| 6616 | alternately return <span class="Keyword"><span style= |
| 6617 | 'font-size:10.0pt'>void</span></span> to prevent ignored |
| 6618 | return value errors for standard library functions (e.g., |
| 6619 | <span class="Keyword"><span style= |
| 6620 | 'font-size:10.0pt'>strcpy</span></span>) where the result may |
| 6621 | be safely ignored (see Section 14.1). Figure 20 shows |
| 6622 | examples of ignored return value errors reported by |
| 6623 | Splint.</p> |
| 6624 | <p class="MsoNormal" align="left" style= |
| 6625 | 'text-align:left;background:white'><span style= |
| 6626 | 'font-size:10.0pt'> </span></p> |
| 6627 | <center> |
| 6628 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 6629 | cellpadding="0" style='margin-left:9.9pt;border-collapse:collapse'> |
| 6630 | <tr> |
| 6631 | <td valign="top" style= |
| 6632 | 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 6633 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 6634 | <span class="Keyword"><b><span style= |
| 6635 | 'font-size:10.0pt; color:white'>ignore.c</span></b></span></p></td> |
| 6636 | <td valign="top" style= |
| 6637 | 'border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 6638 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 6639 | <b><span style='color:white'>Running |
| 6640 | Splint</span></b></p></td></tr> |
| 6641 | <tr> |
| 6642 | <td valign="top" style= |
| 6643 | 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'> |
| 6644 | <p class="Verbatim"># include “bool.h”</p> |
| 6645 | <p class="Verbatim">extern int fi (void);</p> |
| 6646 | <p class="Verbatim">extern bool fb (void);</p> |
| 6647 | <p class="Verbatim">extern int /*@alt void@*/</p> |
| 6648 | <p class="Verbatim"> fv (void);</p> |
| 6649 | <p class="Verbatim"> </p> |
| 6650 | <p class="Verbatim">int ignore (void)</p> |
| 6651 | <p class="Verbatim">{</p> |
| 6652 | <p class="Verbatim"><span class="Line"><span style= |
| 6653 | 'font-size:8.0pt'> 8</span></span> fi ();</p> |
| 6654 | <p class="Verbatim"><span class="Line"><span style= |
| 6655 | 'font-size:8.0pt'> 9</span></span> (void) fi ();</p> |
| 6656 | <p class="Verbatim"><span class="Line"><span style= |
| 6657 | 'font-size:8.0pt'>10</span></span> fb ();</p> |
| 6658 | <p class="Verbatim"><span class="Line"><span style= |
| 6659 | 'font-size:8.0pt'>11</span></span> fv ();</p> |
| 6660 | <p class="Verbatim"><span class="Line"><span style= |
| 6661 | 'font-size:8.0pt'>12</span></span> return fv ();</p> |
| 6662 | <p class="Verbatim">}</p></td> |
| 6663 | <td valign="top" style= |
| 6664 | 'border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 6665 | <p class="lclintrun">> splint ignore.c</p> |
| 6666 | <p class="lclintrun"> </p> |
| 6667 | <p class="lclintrun">ignore.c:8: Return value (type int) ignored: |
| 6668 | fi()</p> |
| 6669 | <p class="lclintrun">ignore.c:10: Return value (type bool) ignored: |
| 6670 | fb()</p> |
| 6671 | <p class="lclintrun"> </p> |
| 6672 | <p class="MsoNormal" style='background:white'><i><span style= |
| 6673 | 'font-size:10.0pt'>The message for line 8 would not be reported |
| 6674 | if</span></i> <span class="Flag"><span style= |
| 6675 | 'font-size:10.0pt'>‑retvalint</span></span><i><span style='font-size:10.0pt'> |
| 6676 | is set;<br> |
| 6677 | for line 10, if</span></i> <span class="Flag"><span style= |
| 6678 | 'font-size:10.0pt'>‑retvalbool</span></span><i><span style='font-size:10.0pt'> |
| 6679 | is set.</span></i></p> |
| 6680 | <p class="MsoNormal" style='background:white'><i><span style= |
| 6681 | 'font-size:10.0pt'> </span></i></p> |
| 6682 | <p class="MsoNormal" style='background:white'><i><span style= |
| 6683 | 'font-size:10.0pt'> No message is reported for line 9 because |
| 6684 | the result is cast to</span></i> <span class= |
| 6685 | "CodeText"><span style='font-size:10.0pt'>void</span></span><i><span style='font-size:10.0pt'> |
| 6686 | ,<br> |
| 6687 | and no message is reported for line 11 because</span></i> |
| 6688 | <span class="CodeText"><span style= |
| 6689 | 'font-size:10.0pt'>fv</span></span><i><span style= |
| 6690 | 'font-size:10.0pt'>is declared<br> |
| 6691 | to alternately return</span></i> <span class= |
| 6692 | "CodeText"><span style= |
| 6693 | 'font-size:10.0pt'>void</span></span><i><span style= |
| 6694 | 'font-size:10.0pt'>.</span></i></p> |
| 6695 | <p class="TextFontCX" style='page-break-after: avoid'> |
| 6696 | </p></td></tr></table> |
| 6697 | <div> |
| 6698 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 6699 | <tr> |
| 6700 | <td valign="top" style= |
| 6701 | 'padding-top:0in;padding-right: 9.0pt;padding-bottom:0in;padding-left:9.0pt'> |
| 6702 | <p class="MsoCaption"><a name="_Toc534824624"></a><a name= |
| 6703 | "_Ref534823436">Figure 20</a>. Ignored Return |
| 6704 | Values</p></td></tr></table></div></center> |
| 6705 | <p class="MsoNormal" align="left" style= |
| 6706 | 'text-align:left;background:white'><span style= |
| 6707 | 'font-size:10.0pt'> </span></p> |
| 6708 | <b><span style= |
| 6709 | 'font-size:16.0pt;font-family:"Times New Roman"'><br clear="all" |
| 6710 | style='page-break-before:always'></span></b> |
| 6711 | <h1 style='margin-left:0in;text-indent:0in;page-break-before:auto'> |
| 6712 | <a name="_Toc534974998"></a><a name="_Ref534963019"></a><a name= |
| 6713 | "_Ref534962975">9<span style= |
| 6714 | 'font:7.0pt "Times New Roman"'> </span> |
| 6715 | <a id="buffer" name="buffer"> |
| 6716 | Buffer Sizes</a></a></h1> |
| 6717 | <p class="TextFontCX">Buffer overflow errors are a particularly |
| 6718 | dangerous type of bug in C programs. They are directly |
| 6719 | responsible for about half of all security attacks |
| 6720 | [Larochelle01]. For performance reasons, C does not perform |
| 6721 | run time bounds checking. Referencing storage outside |
| 6722 | allocated regions can cause memory corruption and lead to strange |
| 6723 | behavior. Moreover, buffer overflow bugs are particularly |
| 6724 | insidious because they can go undetected in testing or normal use, |
| 6725 | but usually result in security critical bugs. Reads beyond |
| 6726 | the end of a buffer can cause the program to leak |
| 6727 | information. Writes beyond the end a buffer (buffer |
| 6728 | overflows) can usually be exploited make the program run arbitrary |
| 6729 | code. Attackers can exploit these programming bugs to replace |
| 6730 | the return address on the stack and place arbitrary code in memory |
| 6731 | thereby gaining full access to the machine. Splint is able to |
| 6732 | detect many memory bounds errors. <a href="#_ftn12" name= |
| 6733 | "_ftnref12" title=""><span style= |
| 6734 | 'font-size:11.0pt; font-family:"Times New Roman"'>[12]</span></a> </p> |
| 6735 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 6736 | "_Toc534974999">9.1<span style= |
| 6737 | 'font:7.0pt "Times New Roman"'> </span> |
| 6738 | Checking Accesses</a></h2> |
| 6739 | <p class="TextFontCX">Splint models blocks of contiguous memory |
| 6740 | using two properties: <span class="Annot"><span style= |
| 6741 | 'font-size:10.0pt'>maxSet</span></span> and <span class= |
| 6742 | "Annot"><span style='font-size:10.0pt'>maxRead</span></span>. |
| 6743 | Given a buffer <span class="CodeText"><i><span style= |
| 6744 | 'font-size:10.0pt'>b</span></i></span>, <span class= |
| 6745 | "Annot"><span style= |
| 6746 | 'font-size:10.0pt'>maxSet(<i>b</i>)</span></span> denotes the |
| 6747 | highest address beyond <span class="CodeText"><i><span style= |
| 6748 | 'font-size:10.0pt'>b</span></i></span> that can be safely used as |
| 6749 | an lvalue. For the declaration <span class= |
| 6750 | "CodeText"><span style='font-size:10.0pt'>char |
| 6751 | buf[MAXSIZE]</span></span> we have <span class= |
| 6752 | "Annot"><span style='font-size: 10.0pt'>maxSet(buf)</span></span> |
| 6753 | <span class="CodeText"><span style='font-size: 10.0pt'>= |
| 6754 | MAXSIZE - 1</span></span>. Similarly, <span class= |
| 6755 | "Annot"><span style='font-size:10.0pt'>maxRead</span></span> |
| 6756 | denotes the highest index of a buffer that can be safely used |
| 6757 | an rvalue. It is inappropriate to read an uninitialized |
| 6758 | element or beyond the <span class="CodeText"><span style= |
| 6759 | 'font-size:10.0pt'>NUL</span></span> terminator of a null |
| 6760 | terminated buffer.</p> |
| 6761 | <p class="TextFontCX"> </p> |
| 6762 | <p class="TextFontCX">When a buffer is accessed as an lvalue, |
| 6763 | Splint generates a precondition constraint involving the |
| 6764 | <span class="Annot"><span style= |
| 6765 | 'font-size:10.0pt'>maxSet</span></span> property. When a |
| 6766 | buffer is accessed as an rvalue, Splint generates a precondition |
| 6767 | constraint involving the <span class="Annot"><span style= |
| 6768 | 'font-size:10.0pt'>maxRead</span></span> property. For the |
| 6769 | expression <span class="CodeText"><span style= |
| 6770 | 'font-size:10.0pt'>*<i>ptr</i></span></span>, Splint generates the |
| 6771 | constraints <span class="Annot"><span style= |
| 6772 | 'font-size:10.0pt'>maxSet(<i>ptr</i>)</span></span> |
| 6773 | <span class="CodeText"><span style='font-size:10.0pt'>>= |
| 6774 | 0</span></span> or <span class="Annot"><span style= |
| 6775 | 'font-size:10.0pt'>maxRead(<i>ptr</i>)</span></span> |
| 6776 | <span class="CodeText"><span style='font-size:10.0pt'>>= |
| 6777 | 0</span></span> depending on whether <span class= |
| 6778 | "CodeText"><i><span style= |
| 6779 | 'font-size:10.0pt'>ptr</span></i></span> is used as an lvalue |
| 6780 | or rvalue. Similarly, for accesses of the form |
| 6781 | <span class="CodeText"><span style= |
| 6782 | 'font-size:10.0pt'>ptr[i]</span></span>, splint generates the |
| 6783 | constraints <span class="Annot"><span style= |
| 6784 | 'font-size:10.0pt'>maxSet(<i>ptr</i>)</span></span> |
| 6785 | <span class="CodeText"><span style='font-size:10.0pt'>>= |
| 6786 | i</span></span> or <span class="Annot"><span style= |
| 6787 | 'font-size:10.0pt'>maxRead(<i>ptr</i>)</span></span> |
| 6788 | <span class="CodeText"><span style='font-size:10.0pt'>>= |
| 6789 | i</span></span>. If <span class="Flag"><span style= |
| 6790 | 'font-size:10.0pt'>+boundswrite</span></span> is set, Splint |
| 6791 | warns if it is unable to resolve a constraint involving |
| 6792 | <span class="Annot"><span style= |
| 6793 | 'font-size:10.0pt'>maxSet</span></span>. If <span class= |
| 6794 | "Flag"><span style= |
| 6795 | 'font-size:10.0pt'>+boundsread</span></span> is set, Splint |
| 6796 | warns about unresolved <span class="Annot"><span style= |
| 6797 | 'font-size:10.0pt'>maxRead</span></span> constraints |
| 6798 | also.</p> |
| 6799 | <p class="TextFontCX"> </p> |
| 6800 | <p class="TextFontCX">Splint generates postconditions for |
| 6801 | statements to help resolve precondition constraints. When a |
| 6802 | buffer is written to we know that an element of a buffer is |
| 6803 | initialized and is safe to read. We generate the |
| 6804 | postcondition <span class="Annot"><span style= |
| 6805 | 'font-size:10.0pt'>maxRead(<i>ptr</i>)</span></span> |
| 6806 | <span class="CodeText"><span style='font-size:10.0pt'>>= |
| 6807 | 0</span></span> if the buffer is accessed using <span class= |
| 6808 | "CodeText"><span style='font-size:10.0pt'>*ptr</span></span> |
| 6809 | or <span class="Annot"><span style= |
| 6810 | 'font-size:10.0pt'>maxRead(ptr)</span></span> <span class= |
| 6811 | "CodeText"><span style='font-size:10.0pt'>>= |
| 6812 | i</span></span> if the buffer is accessed using <span class= |
| 6813 | "CodeText"><i><span style= |
| 6814 | 'font-size:10.0pt'>ptr</span></i></span><span class= |
| 6815 | "CodeText"><span style= |
| 6816 | 'font-size:10.0pt'>[<i>i</i>]</span></span>. Splint |
| 6817 | generates additional postconditions for a variety of C |
| 6818 | constructs. For assignment statements, Splint generates |
| 6819 | a postcondition equating the two operands. Splint also |
| 6820 | generates post condition constraints for the <span class= |
| 6821 | "Annot"><span style='font-size:10.0pt'>maxSet</span></span> |
| 6822 | value of fixed sized arrays.</p> |
| 6823 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 6824 | "_Toc534975000">9.2<span style= |
| 6825 | 'font:7.0pt "Times New Roman"'> </span> |
| 6826 | Annotating Buffer Sizes</a></h2> |
| 6827 | <p class="TextFontCX">Function declarations may include |
| 6828 | <span class="Annot"><span style= |
| 6829 | 'font-size:10.0pt'>requires</span></span> and <span class= |
| 6830 | "Annot"><span style='font-size:10.0pt'>ensures</span></span> |
| 6831 | clauses that specify assumptions about buffer sizes for |
| 6832 | function preconditions. They are interpreted like |
| 6833 | <span class="Annot"><span style= |
| 6834 | 'font-size:10.0pt'>requires</span></span> and <span class= |
| 6835 | "Annot"><span style='font-size:10.0pt'>ensures</span></span> |
| 6836 | clauses for simple memory states (see Section 7.5) but can be |
| 6837 | more expressive. When a function with a <span class= |
| 6838 | "Annot"><span style='font-size:10.0pt'>requires</span></span> |
| 6839 | clause is called, the call site must be checked to satisfy |
| 6840 | the constraints implied by the <span class= |
| 6841 | "Annot"><span style='font-size:10.0pt'>requires</span></span> |
| 6842 | clause. Similarly, an <span class="Annot"><span style= |
| 6843 | 'font-size:10.0pt'>ensures</span></span> clause can be used |
| 6844 | to specify function post conditions. If the |
| 6845 | <span class="Flag"><span style= |
| 6846 | 'font-size:10.0pt'>+checkpost</span></span> flag is set, |
| 6847 | Splint warns if it cannot verify that a function |
| 6848 | implementation satisfies its declared postconditions.</p> |
| 6849 | <p class="TextFontCX"> </p> |
| 6850 | <p class="TextFontCX">Constraints can contain function parameters |
| 6851 | as well as global variables and integer constants. The unary |
| 6852 | operators, <span class="Annot"><span style= |
| 6853 | 'font-size:10.0pt'>maxSet</span></span> and <span class= |
| 6854 | "Annot"><span style='font-size:10.0pt'>maxRead</span></span> which |
| 6855 | correspond to the properties described above are also supported. |
| 6856 | Multiple predicates may be conjoined using <span class= |
| 6857 | "CodeText"><span style= |
| 6858 | 'font-size: 10.0pt'>/\</span></span>. </p> |
| 6859 | <p class="TextFontCX"> </p> |
| 6860 | <p class="TextFontCX">For example, the standard library annotates |
| 6861 | <span class="CodeText"><span style= |
| 6862 | 'font-size:10.0pt'>strcpy</span></span>:</p> |
| 6863 | <p class="MsoPlainText" style='line-height:normal'> </p> |
| 6864 | <p class="Verbatim" style='margin-left:22.5pt'>void /*@alt char * |
| 6865 | @*/strcpy</p> |
| 6866 | <p class="Verbatim" style='margin-left:22.5pt;text-indent:13.5pt'> |
| 6867 | (/*@unique@*/ /*@out@*/ /*@returned@*/ char *s1, char *s2)</p> |
| 6868 | <p class="Verbatim" style='margin-left:.5in'>/*@modifies *s1@*/</p> |
| 6869 | <p class="Verbatim" style='margin-left:.5in'>/*@requires maxSet(s1) |
| 6870 | >= maxRead(s2) @*/</p> |
| 6871 | <p class="Verbatim"> /*@ensures |
| 6872 | maxRead(s1) == maxRead (s2) @*/; </p> |
| 6873 | <p class="MsoPlainText" style= |
| 6874 | 'margin-left:.5in;line-height:normal'><b> </b></p> |
| 6875 | <p class="MsoPlainText" style= |
| 6876 | 'text-align:justify;line-height:normal'>The <span class= |
| 6877 | "Annot"><span style='font-size:10.0pt'>requires</span></span> |
| 6878 | clause indicates that the buffer passed as <span class= |
| 6879 | "CodeText"><span style='font-size:10.0pt'>s1</span></span> must be |
| 6880 | large enough to hold the string passed as <span class= |
| 6881 | "CodeText"><span style='font-size:10.0pt'>s2</span></span>. |
| 6882 | The <span class="Annot"><span style= |
| 6883 | 'font-size:10.0pt'>ensures</span></span> clause specifies that |
| 6884 | <span class="Annot"><span style= |
| 6885 | 'font-size:10.0pt'>maxRead</span></span> of <span class= |
| 6886 | "CodeText"><span style='font-size:10.0pt'>s1</span></span> after |
| 6887 | the call is equal to <span class="Annot"><span style= |
| 6888 | 'font-size:10.0pt'>maxRead</span></span> of <span class= |
| 6889 | "CodeText"><span style='font-size:10.0pt'>s2</span></span>. |
| 6890 | In cases where the size of <span class= |
| 6891 | "CodeText"><span style='font-size:10.0pt'>s2</span></span> is |
| 6892 | unknown, programs should use <span class= |
| 6893 | "CodeText"><span style= |
| 6894 | 'font-size: 10.0pt'>strncpy</span></span>, annotated as:</p> |
| 6895 | <p class="Verbatim"> </p> |
| 6896 | <p class="Verbatim" style='margin-left:22.5pt'>void /*@alt char * |
| 6897 | @*/ strncpy</p> |
| 6898 | <p class="Verbatim" style='margin-left:22.5pt'> |
| 6899 | (/*@unique@*/ /*@out@*/ /*@returned@*/ char *s1, char *s2,</p> |
| 6900 | <p class="Verbatim" style='margin-left:22.5pt;text-indent:13.5pt'> |
| 6901 | size_t n)</p> |
| 6902 | <p class="Verbatim" style='margin-left:22.5pt'> |
| 6903 | /*@modifies *s1@*/ </p> |
| 6904 | <p class="Verbatim" style='margin-left:22.5pt'> /*@requires |
| 6905 | maxSet(s1) >= ( n - 1 ); @*/</p> |
| 6906 | <p class="Verbatim" style='margin-left:22.5pt'> /*@ensures |
| 6907 | maxRead (s2) >= maxRead(s1) /\ maxRead (s1) <= n;@*/;</p> |
| 6908 | <p class="TextFontCX"> </p> |
| 6909 | <p class="TextFontCX">The syntax for buffer size constraint clauses |
| 6910 | is:</p> |
| 6911 | <p class="TextFontCX"> </p> |
| 6912 | <p class="TextFontCX" align="left" style= |
| 6913 | 'margin-left: 22.5pt;text-align:left'><i><span lang= |
| 6914 | "FR">constraint</span></i> <span lang="FR"> </span> |
| 6915 | <span style='font-family:Symbol'>Þ</span> <span lang= |
| 6916 | "FR">(</span><span class="Annot"><span style= |
| 6917 | 'font-size:10.0pt'>requires</span></span> <span lang="FR">|</span> |
| 6918 | <span class="Annot"><span style= |
| 6919 | 'font-size:10.0pt'>ensures</span></span><span lang="FR">) |
| 6920 | <i>consExpr relOp consExpr</i></span></p> |
| 6921 | <p class="TextFontCX" align="left" style= |
| 6922 | 'margin-left: 22.5pt;text-align:left'><i><span lang= |
| 6923 | "FR">relOp</span></i> <span lang= |
| 6924 | "FR"> </span> <span style= |
| 6925 | 'font-family:Symbol'>Þ</span> <span class= |
| 6926 | "Annot"><span style='font-size: 10.0pt'>==</span></span> |
| 6927 | <span lang="FR">|</span> <span class="Annot"><span style= |
| 6928 | 'font-size:10.0pt'>></span></span> <span lang= |
| 6929 | "FR">|</span> <span class="Annot"><span style= |
| 6930 | 'font-size:10.0pt'>>=</span></span> <span lang= |
| 6931 | "FR">|</span> <span class="Annot"><span style= |
| 6932 | 'font-size:10.0pt'><</span></span> <span lang= |
| 6933 | "FR">|</span> <span class="Annot"><span style= |
| 6934 | 'font-size:10.0pt'><=</span></span></p> |
| 6935 | <p class="TextFontCX" align="left" style= |
| 6936 | 'margin-left: 22.5pt;text-align:left'><i><span lang= |
| 6937 | "FR">consExpr </span></i> <span style= |
| 6938 | 'font-family:Symbol'>Þ</span> <i><span lang= |
| 6939 | "FR">consExpression binOp consExpr</span></i> | <i>unaryOp</i> |
| 6940 | <span class="Annot"><span style= |
| 6941 | 'font-size:10.0pt'>(</span></span><i>consExpr</i> |
| 6942 | <span class="Annot"><span style= |
| 6943 | 'font-size:10.0pt'>)</span></span> | <i>term</i></p> |
| 6944 | <p class="TextFontCX" align="left" style= |
| 6945 | 'margin-left: 22.5pt;text-align:left'><i>binOp</i> |
| 6946 | <span style= |
| 6947 | 'font-family:Symbol'>Þ</span> <span class= |
| 6948 | "Annot"><span style='font-size:10.0pt'>+</span></span> | |
| 6949 | <span class="Annot"><span style= |
| 6950 | 'font-size:10.0pt'>-</span></span></p> |
| 6951 | <p class="TextFontCX" align="left" style= |
| 6952 | 'margin-left: 22.5pt;text-align:left'><i>unaryOp</i> |
| 6953 | <span style='font-family:Symbol'>Þ</span> <span class= |
| 6954 | "Annot"><span style='font-size:10.0pt'>maxSet</span></span> | |
| 6955 | <span class="Annot"><span style= |
| 6956 | 'font-size:10.0pt'>maxRead</span></span></p> |
| 6957 | <p class="TextFontCX" align="left" style= |
| 6958 | 'margin-left: 22.5pt;text-align:left'><i>term</i> |
| 6959 | <span style= |
| 6960 | 'font-family:Symbol'>Þ</span> <i>identifier</i> | |
| 6961 | <i>literal</i> | <span class="Annot"><span style= |
| 6962 | 'font-size: 10.0pt'>result</span></span></p> |
| 6963 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 6964 | "_Toc534975001">9.3<span style= |
| 6965 | 'font:7.0pt "Times New Roman"'> </span> |
| 6966 | Less Stringent Checking</a></h2> |
| 04c4d6c2 |
6967 | <p class="TextFontCX"> |
| 9645dee1 |
6968 | For some programs, Splint's standard bounds checking produces an |
| 6969 | unacceptably high number of warnings. Because of this, Splint now |
| 6970 | prioritizes warnings using a simple heuristic. The flags |
| 6971 | <span class="Flag"><span style= |
| 6972 | 'font-size:10.0pt'>likely-bounds</span></span>, <span class= |
| 6973 | "Flag"><span style= |
| 6974 | 'font-size:10.0pt'>likely-bounds-writes</span></span>, and |
| 6975 | <span class="Flag"><span style= |
| 6976 | 'font-size:10.0pt'>likely-bounds-read</span></span> are similar to |
| 6977 | <span class="Flag"><span style= |
| 6978 | 'font-size:10.0pt'>bounds</span></span>,<span class= |
| 6979 | "Flag"><span style='font-size:10.0pt'>bounds-write</span></span>, |
| 6980 | and <span class="Flag"><span style= |
| 6981 | 'font-size:10.0pt'>bounds-read</span></span>, but they only cause |
| 6982 | Splint to produce warnings for what it determines are likely bounds |
| 6983 | errors. Splint classifies an unresolved constraint as a likely |
| 6984 | bounds error if it can reduce the constraint to a numerical |
| 6985 | inconsistency such as <span class="Verbatim">5 >= 10</span>. |
| 6986 | Warnings for these constraints are more likely to be legitimate -- |
| 6987 | indicating real bugs or the lack of annotations. Additionally, when |
| 6988 | these warnings are false positives, it is easier for humans to |
| 6989 | recognize them as spurious. These flags generate significantly |
| 6990 | fewer errors (an order of magnitude in some cases), and the errors |
| 6991 | generated are easier to understand. However, this does not come |
| 6992 | without cost. The checking is significantly less precise and is |
| 04c4d6c2 |
6993 | likely to miss real errors.</p> |
| 9645dee1 |
6994 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 6995 | "_Toc534975001">9.4<span style= |
| 6996 | 'font:7.0pt "Times New Roman"'> </span> |
| 6997 | Warnings</a></h2> |
| 6998 | <p class="TextFontCX">Since bounds checking is more complex than |
| 6999 | other checks done by Splint, memory bounds warnings contain |
| 7000 | extensive information about the unresolved constraint. |
| 7001 | Warning messages for unresolved constraints contain both the |
| 7002 | original constraints and the simplified form of the constraint |
| 7003 | which cannot be resolved. If the constraint was derived from |
| 7004 | a function precondition, the original precondition is included in |
| 7005 | the error message. If the <span class= |
| 7006 | "Flag"><span style='font-size:10.0pt'>+showconstraintlocation</span></span> |
| 7007 | flag is set, the message includes the expression that the |
| 7008 | constraint is derived from. The <span class= |
| 7009 | "Flag"><span style= |
| 7010 | 'font-size:10.0pt'>+showconstraintparens</span></span> flag |
| 7011 | directs Splint to display fully parenthesized constraints in |
| 7012 | warnings to remove ambiguity.</p> |
| 7013 | <p class="TextFontCX"> </p> |
| 7014 | <p class="TextFontCX">Consider the code excerpt below containing a |
| 7015 | trivial out-of-bounds write:</p> |
| 7016 | <p class="Verbatim"> </p> |
| 7017 | <p class="Verbatim" style='text-indent:.5in'>int buf[10];</p> |
| 7018 | <p class="Verbatim" style='text-indent:.5in'>buf[10] = 3;</p> |
| 7019 | <p class="TextFontCX"> </p> |
| 7020 | <p class="TextFontCX" style='margin-bottom:6.0pt'>Splint warns:</p> |
| 7021 | <p align="left" class="lclintrun" style='margin-left:.5in'> |
| 7022 | setChar.c:5:4: Likely out-of-bounds store:<br> |
| 7023 | buf[10] = 3</p> |
| 7024 | <p class="lclintrun" align="left" style='margin-left:.5in'> |
| 7025 | Unable to resolve constraint: requires 9 >= |
| 7026 | 10</p> |
| 7027 | <p class="lclintrun" align="left" style= |
| 7028 | 'margin-top:0in;margin-right:0in;margin-bottom:6.0pt; margin-left:.5in'> |
| 7029 | needed to satisfy precondition: requires |
| 7030 | maxSet(buf @ setChar.c:5:4) >= 10</p> |
| 7031 | <p class="TextFontCX">Splint has simplified the constraint from the |
| 7032 | <span class="Annot"><span style= |
| 7033 | 'font-size:10.0pt'>requires</span></span> clause to |
| 7034 | <span class="CodeText"><span style='font-size:10.0pt'>9 >= |
| 7035 | 10</span></span> by substituting for the known value of |
| 7036 | <span class="Annot"><span style= |
| 7037 | 'font-size:10.0pt'>maxSet(buf)</span></span> and generated a |
| 7038 | warning because 9(the highest index of <span class= |
| 7039 | "CodeText"><span style='font-size:10.0pt'>buf</span></span> |
| 7040 | that may be safely written to) is not greater than or equal |
| 7041 | to 10.</p> |
| 7042 | <p class="TextFontCX"> </p> |
| 7043 | <p class="TextFontCX">A more realistic example is shown Figure |
| 7044 | 21. The function <span class="CodeText"><span style= |
| 7045 | 'font-size:10.0pt'>updateEnv</span></span> is a naïve |
| 7046 | implementation of a function to copy an environmental |
| 7047 | variable. There is no standard restriction on the length of |
| 7048 | the return value of <span class="CodeText"><span style= |
| 7049 | 'font-size:10.0pt'>getenv</span></span> so this can cause a buffer |
| 7050 | overflow. A safe version of <span class= |
| 7051 | "CodeText"><span style='font-size:10.0pt'>updateEnv</span></span> |
| 7052 | (such as <span class="CodeText"><span style= |
| 7053 | 'font-size:10.0pt'>updateEnvSafe</span></span> in Figure 21) would |
| 7054 | ensure that the buffer is large enough to hold the environment |
| 7055 | variable string before copying.</p> |
| 7056 | <p class="TextFontCX"> </p> |
| 7057 | <p class="TextFontCX"> </p> |
| 7058 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 7059 | 'font-size:10.0pt'>requires</span></span> clause means Splint will |
| 7060 | report a warning if a call to <span class= |
| 7061 | "CodeText"><span style='font-size:10.0pt'>updateEnvSafe</span></span> |
| 7062 | passed in a buffer as <span class="CodeText"><span style= |
| 7063 | 'font-size:10.0pt'>str</span></span> that is not big enough |
| 7064 | to hold the value passed as <span class= |
| 7065 | "CodeText"><span style= |
| 7066 | 'font-size:10.0pt'>strSize</span></span> characters.</p> |
| 7067 | <p class="TextFontCX"> </p> |
| 7068 | <p class="TextFontCX">In many cases, functions will have multiple |
| 7069 | unresolved constraints which are similar. For example, if a |
| 7070 | subsequence statement writes to the next element of a buffer. |
| 7071 | Usually all these constraints represent all real problems or are |
| 7072 | all spurious. If the <span class="Flag"><span style= |
| 7073 | 'font-size:10.0pt'>+redundantconstraints</span></span> flag is set, |
| 7074 | Splint reports even apparently redundant warning messages. |
| 7075 | Otherwise, if satisfying one unresolved constraint would imply |
| 7076 | satisfying another, Splint only prints a warning message for the |
| 7077 | stronger constraint.</p> |
| 7078 | <p class="TextFontCX"> </p> |
| 7079 | <center> |
| 7080 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 7081 | cellpadding="0" style='margin-left:9.9pt;border-collapse:collapse'> |
| 7082 | <tr> |
| 7083 | <td valign="top" style= |
| 7084 | 'width:202.5pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt;height:12.15pt'> |
| 7085 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 7086 | <span class="Keyword"><b><span style= |
| 7087 | 'font-size:10.0pt; color:white'>bounds.c</span></b></span></p></td> |
| 7088 | <td valign="top" style= |
| 7089 | 'width:3.0in;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt;height:12.15pt'> |
| 7090 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 7091 | <b><span style='color:white'>Running |
| 7092 | Splint</span></b></p></td></tr> |
| 7093 | <tr> |
| 7094 | <td valign="top" style= |
| 7095 | 'width:202.5pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'> |
| 7096 | <p class="Verbatim"><span style= |
| 7097 | 'font-family:Courier'> </span></p> |
| 7098 | <p class="Verbatim"><span style='font-family:Courier'>void |
| 7099 | updateEnv(char * str)</span></p> |
| 7100 | <p class="Verbatim"><span style='font-family:Courier'>{</span></p> |
| 7101 | <p class="Verbatim"><span style='font-family:Courier'> |
| 7102 | char * tmp;</span></p> |
| 7103 | <p class="Verbatim"><i><span style= |
| 7104 | 'font-size:9.0pt;font-family:Courier'>7</span></i><span style='font-family:Courier'> |
| 7105 | tmp = getenv(“MYENV”);</span></p> |
| 7106 | <p class="Verbatim"><span style='font-family:Courier'> |
| 7107 | if (tmp != NULL)</span></p> |
| 7108 | <p class="Verbatim"><i><span style= |
| 7109 | 'font-size:9.0pt;font-family:Courier'>9</span></i><span style='font-family:Courier'> |
| 7110 | strcpy (str, tmp);</span></p> |
| 7111 | <p class="Verbatim"><span style='font-family:Courier'>}</span></p> |
| 7112 | <p class="Verbatim"><span style= |
| 7113 | 'font-family:Courier'> </span></p> |
| 7114 | <p class="Verbatim"><span style='font-family:Courier'>void |
| 7115 | updateEnvSafe (char * str,</span></p> |
| 7116 | <p class="Verbatim"><span style= |
| 7117 | 'font-family:Courier'> |
| 7118 | size_t strSize)</span></p> |
| 7119 | <p class="Verbatim"><span style='font-family:Courier'> </span> |
| 7120 | <a href="mailto:/*@requires"><span style= |
| 7121 | 'font-family:Courier'>/*@requires</span></a> <span style= |
| 7122 | 'font-family:Courier'>maxSet(str)</span></p> |
| 7123 | <p class="Verbatim"><span style= |
| 7124 | 'font-family:Courier'> |
| 7125 | >= strSize –1@*/</span></p> |
| 7126 | <p class="Verbatim"><span style='font-family:Courier'>{</span></p> |
| 7127 | <p class="Verbatim"><span style='font-family:Courier'> |
| 7128 | char * tmp;</span></p> |
| 7129 | <p class="Verbatim"><span style='font-family:Courier'> |
| 7130 | tmp = getenv(“MYENV”);</span></p> |
| 7131 | <p class="Verbatim"><span style='font-family:Courier'> |
| 7132 | if (tmp != NULL)</span></p> |
| 7133 | <p class="Verbatim"><span style='font-family:Courier'> |
| 7134 | {</span></p> |
| 7135 | <p class="Verbatim"><span style= |
| 7136 | 'font-family:Courier'> strncpy (str, |
| 7137 | tmp,</span></p> |
| 7138 | <p class="Verbatim"><span style= |
| 7139 | 'font-family:Courier'> |
| 7140 | strSize -1);</span></p> |
| 7141 | <p class="Verbatim"><span style= |
| 7142 | 'font-family:Courier'> str[strSize |
| 7143 | -1] = ‘/0’;</span></p> |
| 7144 | <p class="Verbatim"><span style='font-family:Courier'> |
| 7145 | }</span></p> |
| 7146 | <p class="Verbatim"><span style= |
| 7147 | 'font-family:Courier'>}</span></p></td> |
| 7148 | <td valign="top" style= |
| 7149 | 'width:3.0in;border-top:none;border-left:none; border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 7150 | <p class="lclintrun">> splint bounds.c +bounds |
| 7151 | +showconstraintlocation</p> |
| 7152 | <p class="lclintrun"> </p> |
| 7153 | <p class="lclintrun">bounds.c:9: Possible out-of-bounds store:</p> |
| 7154 | <p class="lclintrun"> strcpy(str, tmp)</p> |
| 7155 | <p class="lclintrun"> Unable to resolve |
| 7156 | constraint:</p> |
| 7157 | <p class="lclintrun"> requires maxSet(str @ |
| 7158 | bounds.c:9) >=</p> |
| 7159 | <p class="lclintrun"> maxRead(getenv("MYENV") @ |
| 7160 | bounds.c:7)</p> |
| 7161 | <p class="lclintrun"> needed to satisfy |
| 7162 | precondition:</p> |
| 7163 | <p class="lclintrun"> requires maxSet(str @ |
| 7164 | bounds.c:9) >=</p> |
| 7165 | <p class="lclintrun"> maxRead(tmp @ |
| 7166 | bounds.c:9)</p> |
| 7167 | <p class="lclintrun"> derived from strcpy |
| 7168 | precondition: requires</p> |
| 7169 | <p class="lclintrun"> maxSet(<parameter 1>) |
| 7170 | >=</p> |
| 7171 | <p class="lclintrun"> maxRead(<parameter |
| 7172 | 2>)</p></td></tr></table> |
| 7173 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 7174 | <tr> |
| 7175 | <td valign="top" style= |
| 7176 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 7177 | <p class="MsoCaption"><a name="_Ref534909813"></a><a name= |
| 7178 | "_Ref534909817">Figure 21</a>. Memory |
| 7179 | Bounds</p></td></tr></table></center> |
| 7180 | <br clear="all"> |
| 7181 | |
| 7182 | <p class="TextFontCX">The <span class="Flag"><span style= |
| 7183 | 'font-size:10.0pt'>+functionpost</span></span> flag is useful for |
| 7184 | determining if array bounds warnings are spurious. If this |
| 7185 | flag is set, Splint will print the constraints that it established |
| 7186 | at the end of the function. If the warnings are spurious, |
| 7187 | localized control comments can be used to suppress them.</p> |
| 7188 | <p class="TextFontCX"> </p> |
| 7189 | <p class="TextFontCX"> </p> |
| 7190 | <p class="TextFontCX"> </p> |
| 7191 | <h1 style='margin-left:0in;text-indent:0in'><a name= |
| 7192 | "_Toc534975002"></a><a name="_Ref534642928"></a><a name= |
| 7193 | "_Ref534642285">10<span style= |
| 7194 | 'font:7.0pt "Times New Roman"'> </span> |
| 7195 | <a id="extensible" name="extensible"> |
| 7196 | Extensible Checking</a></a></h1> |
| 7197 | <p class="TextFontCX">Splint provides mechanisms for defining new |
| 7198 | checks and annotations using metastate definitions. |
| 7199 | User-defined checks can be used to check and document properties |
| 7200 | not supported by the provided checks.<a href="#_ftn13" name= |
| 7201 | "_ftnref13" title=""><span class= |
| 7202 | "MsoFootnoteReference"><span class="MsoFootnoteReference"><span style='font-size:11.0pt;font-family:"Times New Roman"'> |
| 7203 | [13]</span></span></span></a></p> |
| 7204 | <p class="TextFontCX"> </p> |
| 7205 | <p class="TextFontCX">A large class of useful checks can be |
| 7206 | described as constraints on attributes associated with program |
| 7207 | objects or the global execution state. Unlike types, however, the |
| 7208 | values of these attributes can change along an execution |
| 7209 | path. Splint provides a general language that lets users |
| 7210 | define attributes associated with different kinds of program |
| 7211 | objects as well as rules that both constrain attributes’ |
| 7212 | values at interface points and specify how attributes |
| 7213 | change. </p> |
| 7214 | <p class="TextFontCX"> </p> |
| 7215 | <p class="TextFontCX">Because user-defined attribute checking is |
| 7216 | integrated with normal checking, Splint’s analysis of |
| 7217 | user-defined attributes can take advantage of other analyses, such |
| 7218 | as alias and nullness analysis.</p> |
| 7219 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 7220 | "_Toc534975003">10.1<span style= |
| 7221 | 'font:7.0pt "Times New Roman"'> </span> |
| 7222 | Defining Attributes</a></h2> |
| 7223 | <p class="TextFontCX">To define an attribute, create a metastate |
| 7224 | file (<span class="ProgramNameChar"><span style= |
| 7225 | 'font-size: 10.0pt'>.mts</span></span>) that defined the possible |
| 7226 | values and transfer rules of the attribute. Attributes can |
| 7227 | either be associated with a particular kind of program object (for |
| 7228 | example, all <span class="CodeText"><span style= |
| 7229 | 'font-size:10.0pt'>char *</span></span>’s) or with the global |
| 7230 | state (whether or not the network has been initialized). The |
| 7231 | <span class="Flag"><span style='font-size:10.0pt'>–mts |
| 7232 | <i><file></i></span></span> flag is used to direct Splint to |
| 7233 | read a metastate file (which will be found on the |
| 7234 | <span class="CodeText"><span style= |
| 7235 | 'font-size:10.0pt'>LARCH_PATH</span></span> with default |
| 7236 | extension <span class="ProgramNameChar"><span style= |
| 7237 | 'font-size:10.0pt'>.mts</span></span>).</p> |
| 7238 | <p class="TextFontCX"> </p> |
| 7239 | <p class="TextFontCX">An example attribute definition is shown in |
| 7240 | Figure 22. It defines the <span class= |
| 7241 | "Annot"><span style='font-size:10.0pt'>taintedness</span></span> |
| 7242 | attribute for recording whether or not a <span class= |
| 7243 | "CodeText"><span style='font-size: 10.0pt'>char |
| 7244 | *</span></span> came from a possibly untrustworthy |
| 7245 | source. Knowing whether a value is possibly hostile is |
| 7246 | useful for preventing several security vulnerabilities |
| 7247 | including format string bugs.<a href="#_ftn14" name= |
| 7248 | "_ftnref14" title=""><span class= |
| 7249 | "MsoFootnoteReference"><span class= |
| 7250 | "MsoFootnoteReference"><span style= |
| 7251 | 'font-size:11.0pt;font-family:"Times New Roman"'>[14]</span></span></span></a> |
| 7252 | (A simpler way to detect format vulnerabilities is to warn |
| 7253 | for any format string that is unknown at compile time. Splint |
| 7254 | provides this checking, issuing a warning if the <span class= |
| 7255 | "Flag"><span style= |
| 7256 | 'font-size:10.0pt'>+formatconst</span></span> flag is set and |
| 7257 | finds any unknown format strings at compile time. This can |
| 7258 | produce spurious messages, however, because there might be |
| 7259 | unknown format strings that are not vulnerable to hostile |
| 7260 | input.)</p> |
| 7261 | <p class="TextFontCX"> </p> |
| 7262 | <p class="TextFontCX">The first three lines of the attribute |
| 7263 | definition define the <span class="Annot"><span style= |
| 7264 | 'font-size:10.0pt'>taintedness</span></span> attribute associated |
| 7265 | with <span class="CodeText"><span style='font-size:10.0pt'>char |
| 7266 | *</span></span> objects, which can be in one of two states: |
| 7267 | <span class="Annot"><span style= |
| 7268 | 'font-size:10.0pt'>untainted</span></span> or <span class= |
| 7269 | "Annot"><span style='font-size:10.0pt'>tainted</span></span>. |
| 7270 | The <span class="Annot"><span style= |
| 7271 | 'font-size:10.0pt'>context</span></span> clause gives a context |
| 7272 | selector for which objects have the attribute. In this |
| 7273 | case, <span class="Annot"><span style='font-size:10.0pt'>reference |
| 7274 | char *</span></span> means that every reference that is a |
| 7275 | <span class="CodeText"><span style='font-size:10.0pt'>char |
| 7276 | *</span></span> has an associated <span class= |
| 7277 | "Annot"><span style='font-size:10.0pt'>taintedness</span></span> |
| 7278 | attribute. Other contexts include <span class= |
| 7279 | "Annot"><span style= |
| 7280 | 'font-size: 10.0pt'>parameter</span></span> (only parameter |
| 7281 | declarations), <span class="Annot"><span style= |
| 7282 | 'font-size:10.0pt'>literal</span></span> (only string or |
| 7283 | number literals), and <span class="Annot"><span style= |
| 7284 | 'font-size:10.0pt'>null</span></span> (only known |
| 7285 | <span class="CodeText"><span style= |
| 7286 | 'font-size:10.0pt'>NULL</span></span> values). |
| 7287 | Attribute can also be defined that are not associated with |
| 7288 | any particular object, but instead are associated with the |
| 7289 | global state of a program execution. The <span class= |
| 7290 | "Annot"><span style='font-size:10.0pt'>global</span></span> |
| 7291 | keyword is used before <span class="Annot"><span style= |
| 7292 | 'font-size:10.0pt'>attribute</span></span> to define a global |
| 7293 | attribute.</p> |
| 7294 | <p class="TextFontCX"> </p> |
| 7295 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 7296 | 'font-size:10.0pt'>oneof</span></span> clause introduces two |
| 7297 | identifiers for representing the <span class= |
| 7298 | "Annot"><span style='font-size:10.0pt'>taintedness</span></span> |
| 7299 | value: <span class="Annot"><span style= |
| 7300 | 'font-size:10.0pt'>untainted</span></span> for references |
| 7301 | that are not derived from untrustworthy input, and |
| 7302 | <span class="Annot"><span style= |
| 7303 | 'font-size:10.0pt'>tainted</span></span> for references that |
| 7304 | may contain hostile data. </p> |
| 7305 | <p class="TextFontCX"> </p> |
| 7306 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 7307 | 'font-size:10.0pt'>annotations</span></span> clause defines two new |
| 7308 | annotations that may be used to describe <span class= |
| 7309 | "Annot"><span style='font-size:10.0pt'>taintedness</span></span> |
| 7310 | assumptions. In this case, the annotations match the names of |
| 7311 | the value choices, but they may be any identifier. The clause |
| 7312 | <span class="Annot"><span style='font-size:10.0pt'>tainted |
| 7313 | <b>reference ==></b> tainted</span></span> defines the |
| 7314 | <span class="Annot"><span style= |
| 7315 | 'font-size:10.0pt'>tainted</span></span> annotation that may be |
| 7316 | used on a reference to indicate that it has <span class= |
| 7317 | "Annot"><span style='font-size: 10.0pt'>tainted</span></span> |
| 7318 | state. </p> |
| 7319 | <center> |
| 7320 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 7321 | <tr> |
| 7322 | <td valign="top" align="left" height="264" style= |
| 7323 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 7324 | <p class="Verbatim"><span class="Annot"><b>attribute</b></span> |
| 7325 | <span class="Annot">taintedness</span></p> |
| 7326 | <p class="Verbatim"><span class="Annot"> <b>context</b> |
| 7327 | <b>reference</b> char *</span></p> |
| 7328 | <p class="Verbatim"><span class="Annot"> <b>oneof</b> |
| 7329 | untainted, tainted</span></p> |
| 7330 | <p class="Verbatim"><span class="Annot"> |
| 7331 | <b>annotations</b></span></p> |
| 7332 | <p class="Verbatim"><span class="Annot"> |
| 7333 | tainted <b>reference ==></b> tainted</span></p> |
| 7334 | <p class="Verbatim"><span class="Annot"> |
| 7335 | untainted <b>reference ==></b> untainted</span></p> |
| 7336 | <p class="Verbatim"><span class="Annot"> |
| 7337 | <b>transfers</b></span></p> |
| 7338 | <p class="Verbatim"><span class="Annot"> |
| 7339 | tainted <b>as</b> untainted <b>==> error</b> "Possibly tainted |
| 7340 | storage used where untainted required."</span></p> |
| 7341 | <p class="Verbatim"><span class="Annot"> |
| 7342 | <b>merge</b></span></p> |
| 7343 | <p class="Verbatim"><span class= |
| 7344 | "Annot"> tainted <b>+</b> untainted |
| 7345 | <b>==></b> tainted</span></p> |
| 7346 | <p class="Verbatim"><span class="Annot"> |
| 7347 | <b>defaults</b></span></p> |
| 7348 | <p class="Verbatim"><span class= |
| 7349 | "Annot"> reference <b>==></b> |
| 7350 | tainted</span></p> |
| 7351 | <p class="Verbatim"><span class="Annot"> |
| 7352 | literal <b>==></b> untainted</span></p> |
| 7353 | <p class="Verbatim"><span class= |
| 7354 | "Annot"> null <b>==></b> |
| 7355 | untainted</span></p> |
| 7356 | <p class="Verbatim"><span class="Annot"><b>end</b></span></p> |
| 7357 | <p class="MsoCaption"><a name="_Ref534921559">Figure 22</a>. |
| 7358 | Taintedness Attribute</p></td></tr></table></center> |
| 7359 | <br clear="all"> |
| 7360 | |
| 7361 | <p class="TextFontCX"> </p> |
| 7362 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 7363 | 'font-size:10.0pt'>transfers</span></span> clause defines rules for |
| 7364 | state changes and warning when objects are passed as parameters, |
| 7365 | returned, or assigned to externally visible references. The |
| 7366 | rule, <span class="Annot"><span style='font-size:10.0pt'>tainted |
| 7367 | <b>as</b> untainted <b>==> error</b> "Possibly tainted storage |
| 7368 | used where untainted required."</span></span>, means it is an error |
| 7369 | to pass a <span class="Annot"><span style= |
| 7370 | 'font-size:10.0pt'>tainted</span></span> value as a parameter that |
| 7371 | has <span class="Annot"><span style= |
| 7372 | 'font-size:10.0pt'>untainted</span></span> taintedness. All |
| 7373 | other transfers are implicitly permitted, and leave the passed |
| 7374 | storage in the same state as before the transfer. We may also |
| 7375 | use a <span class="Annot"><span style= |
| 7376 | 'font-size:10.0pt'>transfers</span></span> clause to indicate that |
| 7377 | the reference changes state after a transfer. A |
| 7378 | <span class="Annot"><span style= |
| 7379 | 'font-size:10.0pt'>losereference</span></span> clause (not |
| 7380 | used in taintedness) is similar to a <span class= |
| 7381 | "Annot"><span style= |
| 7382 | 'font-size:10.0pt'>transfers</span></span> clause, except it |
| 7383 | is used to provide rules for when a reference to storage is |
| 7384 | lost, either by leaving the scope in which it was declared, |
| 7385 | returning from a function, or assigning it to a new |
| 7386 | value.</p> |
| 7387 | <p class="TextFontCX"> </p> |
| 7388 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 7389 | 'font-size:10.0pt'>merge</span></span> clause defined rules for |
| 7390 | combining state along paths. The clause<span class= |
| 7391 | "Annot"><span style='font-size:10.0pt'>merge tainted + untainted |
| 7392 | ==> tainted</span></span> indicates that combining |
| 7393 | <span class="Annot"><span style= |
| 7394 | 'font-size:10.0pt'>tainted</span></span> and <span class= |
| 7395 | "Annot"><span style= |
| 7396 | 'font-size:10.0pt'>untainted</span></span> objects produces a |
| 7397 | <span class="Annot"><span style= |
| 7398 | 'font-size:10.0pt'>tainted</span></span> object. Thus, if a |
| 7399 | reference is <span class="Annot"><span style= |
| 7400 | 'font-size:10.0pt'>tainted</span></span> along one control |
| 7401 | path and <span class="Annot"><span style= |
| 7402 | 'font-size:10.0pt'>untainted</span></span> along another |
| 7403 | control path, checking assumes that it is <span class= |
| 7404 | "Annot"><span style= |
| 7405 | 'font-size:10.0pt'>tainted</span></span>after the two |
| 7406 | branches merge. It is also used to merge taintedness states |
| 7407 | in function specifications (see the <span class= |
| 7408 | "CodeText"><span style= |
| 7409 | 'font-size:10.0pt'>strcat</span></span> example in the next |
| 7410 | section). We can also define error combinations so that |
| 7411 | a warning is reported if the states on different paths are |
| 7412 | incompatible.</p> |
| 7413 | <p class="TextFontCX"> </p> |
| 7414 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 7415 | 'font-size:10.0pt'>defaults</span></span> clause specifies default |
| 7416 | values used for declarators without explicit attribute annotations. |
| 7417 | We choose default values to make it easy to start checking an |
| 7418 | unannotated program. Here we assume unannotated references are |
| 7419 | <span class="Annot"><span style= |
| 7420 | 'font-size:10.0pt'>tainted</span></span> and Splint will report a |
| 7421 | warning where unannotated references are passed to functions that |
| 7422 | require untainted parameters. The warnings indicate either a format |
| 7423 | bug in the code or a place where an <span class= |
| 7424 | "Annot"><span style='font-size:10.0pt'>untainted</span></span> |
| 7425 | annotation should be added. Running Splint again after adding |
| 7426 | the annotation will propagate the newly documented assumption |
| 7427 | through the program.</p> |
| 7428 | <p class="TextFontCX"> </p> |
| 7429 | <p class="TextFontCX" style='margin-bottom:6.0pt'>The full grammar |
| 7430 | for metastate definitions is given in Appendix C.</p> |
| 7431 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 7432 | "_Toc534975004">10.2<span style= |
| 7433 | 'font:7.0pt "Times New Roman"'> </span> |
| 7434 | Annotations</a></h2> |
| 7435 | <p class="TextFontCX">The annotations defined by metastate |
| 7436 | definitions can be used like normal annotations. The context |
| 7437 | specifier for an annotation indicates where it may be used. |
| 7438 | For the taintedness example, we can use <span class= |
| 7439 | "Annot"><span style='font-size:10.0pt'>tainted</span></span> and |
| 7440 | <span class="Annot"><span style= |
| 7441 | 'font-size:10.0pt'>untainted</span></span> as annotations wherever |
| 7442 | <span class="Annot"><span style= |
| 7443 | 'font-size:10.0pt'>only</span></span> could be used. This |
| 7444 | includes <span class="Annot"><span style= |
| 7445 | 'font-size:10.0pt'>ensures</span></span> and <span class= |
| 7446 | "Annot"><span style='font-size:10.0pt'>requires</span></span> |
| 7447 | clauses, which allows us to specify functions that modify state |
| 7448 | associated with metastate definitions. The syntax |
| 7449 | <span class="Annot"><i><span style= |
| 7450 | 'font-size: 10.0pt'><expr></span></i></span><span class="Annot"> |
| 7451 | <span style= |
| 7452 | 'font-size: 10.0pt'>:<i><attribute></i></span></span> is used |
| 7453 | to refer to the value of the user-defined attribute for expression |
| 7454 | <span class="Annot"><i><span style= |
| 7455 | 'font-size:10.0pt'><expr></span></i></span>. </p> |
| 7456 | <p class="TextFontCX"> </p> |
| 7457 | <p class="TextFontCX">It is often necessary to extend the library |
| 7458 | specifications with metastate annotations. We don’t |
| 7459 | want to have different versions of the library for different |
| 7460 | metastate annotations, so instead Splint provides a mechanism for |
| 7461 | adding annotations separately using an <span class= |
| 7462 | "ProgramNameChar"><span style='font-size:10.0pt'>.xh</span></span> |
| 7463 | file. For the taintedness example, we do this by providing |
| 7464 | annotated declarations in the <span class= |
| 7465 | "ProgramNameChar"><span style= |
| 7466 | 'font-size:10.0pt'>tainted.xh</span></span> file. Example |
| 7467 | specifications in this file include:</p> |
| 7468 | <p class="TextFontCX"> </p> |
| 7469 | <p class="Verbatim">int printf (/*@untainted@*/ char *fmt, |
| 7470 | ...);</p> |
| 7471 | <p class="Verbatim"> </p> |
| 7472 | <p class="Verbatim">char *fgets (char *s, int n, FILE *stream) |
| 7473 | /*@ensures tainted s@*/ ;</p> |
| 7474 | <p class="Verbatim"> </p> |
| 7475 | <p class="Verbatim">char *strcat (/*@returned@*/ char *s1, |
| 7476 | char *s2) </p> |
| 7477 | <p class="Verbatim"> /*@ensures s1:taintedness = |
| 7478 | s1:taintedness | s2:taintedness @*/</p> |
| 7479 | <p class="TextFontCX"> </p> |
| 7480 | <p class="TextFontCX">The <span class="CodeText"><span style= |
| 7481 | 'font-size:10.0pt'>strcat</span></span> specification uses |
| 7482 | <span class="Annot"><span style='font-size:10.0pt'>/*@ensures |
| 7483 | s1:taintedness = s1:taintedness | s2:taintedness @*/</span></span> |
| 7484 | to indicate that the taintedness of <span class= |
| 7485 | "CodeText"><span style='font-size:10.0pt'>s1</span></span> after |
| 7486 | <span class="CodeText"><span style= |
| 7487 | 'font-size:10.0pt'>strcat</span></span> returns is the result of |
| 7488 | merging the taintedness of <span class= |
| 7489 | "CodeText"><span style='font-size:10.0pt'>s1</span></span> |
| 7490 | and <span class="CodeText"><span style= |
| 7491 | 'font-size:10.0pt'>s2</span></span> before the call. |
| 7492 | Because the parameters lack annotations, they are implicitly |
| 7493 | tainted according to the default rules and either untainted |
| 7494 | or tainted references can be passed as parameters to |
| 7495 | <span class="CodeText"><span style= |
| 7496 | 'font-size:10.0pt'>strcat</span></span>. The <span class= |
| 7497 | "Annot"><span style='font-size:10.0pt'>ensures</span></span> |
| 7498 | clause means that after <span class="CodeText"><span style= |
| 7499 | 'font-size:10.0pt'>strcat</span></span> returns the first |
| 7500 | parameter (and the result, because of the returned annotation |
| 7501 | on <span class="CodeText"><span style= |
| 7502 | 'font-size:10.0pt'>s1</span></span>) will be tainted if |
| 7503 | either passed object was tainted. Splint merges the two |
| 7504 | taintedness states using the attribute definition |
| 7505 | rules—hence, if the <span class="CodeText"><span style= |
| 7506 | 'font-size:10.0pt'>s1</span></span> parameter is untainted |
| 7507 | and the <span class="CodeText"><span style= |
| 7508 | 'font-size:10.0pt'>s2</span></span> parameter is tainted, the |
| 7509 | result and first parameter will be tainted after <span class= |
| 7510 | "CodeText"><span style= |
| 7511 | 'font-size:10.0pt'>strcat</span></span> returns.</p> |
| 7512 | <p class="TextFontCX"> </p> |
| 7513 | <h1 style='margin-left:0in;text-indent:0in'><a name= |
| 7514 | "_Toc534975006"></a><a name="_Ref534642895"></a><a name= |
| 7515 | "_Ref534642215">11<span style= |
| 7516 | 'font:7.0pt "Times New Roman"'> </span> |
| 7517 | <a id="macros" name="macros"> |
| 7518 | Macros</a></a></h1> |
| 7519 | <p class="TextFontCX">Macros are commonly used in C programs to |
| 7520 | implement constants or to mimic functions without the overhead of a |
| 7521 | function call. Macros that are used to implement functions |
| 7522 | are a persistent source of bugs in C programs, since they may not |
| 7523 | behave like the intended function when they are invoked with |
| 7524 | certain parameters or used in certain syntactic contexts. </p> |
| 7525 | <p class="TextFontCX"> </p> |
| 7526 | <p class="TextFontCX">Splint eliminates most of the potential |
| 7527 | problems by detecting macros with dangerous implementations and |
| 7528 | dangerous macro invocations. Whether or not a macro |
| 7529 | definition is checked or expanded normally depends on flag settings |
| 7530 | and control comments (see Section 11.3). Stylized macros can |
| 7531 | also be used to define control structures for iterating through |
| 7532 | many values (see Section 11.4).</p> |
| 7533 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 7534 | "_Toc534975007"></a><a name="_Ref361651263"></a><a name= |
| 7535 | "_Ref344916524"></a><a name="_Ref344908437"></a><a name= |
| 7536 | "_Toc344355419">11.1<span style= |
| 7537 | 'font:7.0pt "Times New Roman"'> </span> |
| 7538 | Constant Macros</a></h2> |
| 7539 | <p class="TextFontCX">Macros may be used to implement |
| 7540 | constants. To get type-checking for constant macros, use the |
| 7541 | <span class="Annot"><span style= |
| 7542 | 'font-size:10.0pt'>constant</span></span> annotation. For |
| 7543 | example,</p> |
| 7544 | <p class="example">/*@constant null char *mstring_undefined@*/</p> |
| 7545 | <p class="TextFontCX">Declared constants are not expanded and are |
| 7546 | checked according to the declaration. A constant with a |
| 7547 | <span class="Annot"><span style= |
| 7548 | 'font-size:10.0pt'>null</span></span> annotation may be used as |
| 7549 | <span class="Annot"><span style= |
| 7550 | 'font-size:10.0pt'>only</span></span> storage.</p> |
| 7551 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 7552 | "_Toc534975008"></a><a name="_Toc344355420"></a><a name= |
| 7553 | "_Ref343363760">11.2<span style= |
| 7554 | 'font:7.0pt "Times New Roman"'> </span> |
| 7555 | Function-like Macros</a></h2> |
| 7556 | <p class="TextFontCX">Using macros to imitate functions is |
| 7557 | notoriously dangerous. Consider this broken macro for |
| 7558 | squaring a number:</p> |
| 7559 | <p class="example"># define square(x) x * x</p> |
| 7560 | <p class="TextFontCX">This works fine for a simple invocation like |
| 7561 | <span class="CodeText"><span style= |
| 7562 | 'font-size:10.0pt'>square(i)</span></span>. It behaves |
| 7563 | unexpectedly, though, if it is instantiated with a parameter that |
| 7564 | has a side effect. For example, <span class= |
| 7565 | "CodeText"><span style= |
| 7566 | 'font-size: 10.0pt'>square(i++)</span></span> expands to |
| 7567 | <span class="CodeText"><span style='font-size:10.0pt'>i++ * |
| 7568 | i++</span></span>. Not only does this give the incorrect |
| 7569 | result, it has undefined behavior since the order in which the |
| 7570 | operands are evaluated is not defined. (See Section 8.2 for |
| 7571 | more information on how expressions exhibiting undefined evaluation |
| 7572 | order behavior are detected by Splint.) To correct the |
| 7573 | problem we either need to rewrite the macro so that its parameter |
| 7574 | is evaluated exactly once, or prevent clients from invoking the |
| 7575 | macro with a parameter that has a side effect. </p> |
| 7576 | <p class="TextFontCX"> </p> |
| 7577 | <p class="TextFontCX">Another possible problem with macros is that |
| 7578 | they may produce unexpected results because of operator precedence |
| 7579 | rules. The instantiation, <span class= |
| 7580 | "CodeText"><span style='font-size:10.0pt'>square(i+1)</span></span> |
| 7581 | expands to <span class="CodeText"><span style= |
| 7582 | 'font-size:10.0pt'>i+1*i+1</span></span>, which evaluates to |
| 7583 | <span class="CodeText"><span style= |
| 7584 | 'font-size:10.0pt'>i+i+1</span></span> instead of the square |
| 7585 | of <span class="CodeText"><span style= |
| 7586 | 'font-size:10.0pt'>i+1</span></span>. To ensure the |
| 7587 | expected behavior, the macro parameter should be enclosed in |
| 7588 | parentheses where it is used in the macro body.</p> |
| 7589 | <p class="TextFontCX"> </p> |
| 7590 | <p class="TextFontCX">Macros may also behave unexpectedly if they |
| 7591 | are not syntactically equivalent to an expression. Consider |
| 7592 | the macro definition,</p> |
| 7593 | <p class="example"># define incCounts() ntotal++; |
| 7594 | ncurrent++;</p> |
| 7595 | <p class="TextFontCX">This works fine, unless it is used as a |
| 7596 | statement. For example,</p> |
| 7597 | <p class="example">if (x < 3) incCounts();</p> |
| 7598 | <p class="TextFontCX">increments <span class= |
| 7599 | "CodeText"><span style='font-size:10.0pt'>ntotal</span></span> |
| 7600 | if <span class="CodeText"><span style='font-size:10.0pt'>x |
| 7601 | < 3</span></span> but always increments <span class= |
| 7602 | "CodeText"><span style= |
| 7603 | 'font-size:10.0pt'>ncurrent</span></span>.</p> |
| 7604 | <p class="TextFontCX"> </p> |
| 7605 | <p class="TextFontCX">One solution is to use the comma operator to |
| 7606 | define the macro:</p> |
| 7607 | <p class="example"># define incCounts() (ntotal++, |
| 7608 | ncurrent++)</p> |
| 7609 | <p class="beforelist">More complicated macros can be written using |
| 7610 | a <span class="CodeText"><span style='font-size:10.0pt'>do … |
| 7611 | while</span></span> construction:</p> |
| 7612 | <p class="Verbatim"> # define incCounts() \</p> |
| 7613 | <p class="Verbatim"> do { ntotal++; |
| 7614 | ncurrent++; } while (FALSE)</p> |
| 7615 | <p class="afterlist">Splint detects these pitfalls in macro |
| 7616 | definitions, and checks that a macro behaves as much like a |
| 7617 | function as possible. A client should only be able to tell |
| 7618 | that a function was implemented by a macro if it attempts to use |
| 7619 | the macro as a pointer to a function.</p> |
| 7620 | <p class="MsoListBullet"> </p> |
| 7621 | <p class="beforelist">Splint does these checks on a macro |
| 7622 | definition corresponding to a function:</p> |
| 7623 | <p class="MsoListBullet"><span style= |
| 7624 | 'font-family:Symbol'>·<span style= |
| 7625 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 7626 | Each parameter to a macro (except those declared to be side effect |
| 7627 | free, see Section 11.2.1) must be used exactly once in all possible |
| 7628 | executions of the macro, so side effecting arguments behave as |
| 7629 | expected.<a href="#_ftn15" name="_ftnref15" title= |
| 7630 | ""><span class="MsoFootnoteReference"><span class= |
| 7631 | "MsoFootnoteReference"><span style= |
| 7632 | 'font-size:11.0pt;font-family:"Times New Roman"'>[15]</span></span></span></a> |
| 7633 | (Controlled by <span class="Flag"><span style= |
| 7634 | 'font-size:10.0pt'>macroparams</span></span>.)</p> |
| 7635 | <p class="MsoListBullet"><span style= |
| 7636 | 'font-family:Symbol'>·<span style= |
| 7637 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 7638 | A parameter to a macro may not be used as the left-hand side of an |
| 7639 | assignment expression or as the operand of an increment or |
| 7640 | decrement operator in the macro text, since this produces |
| 7641 | non-functional behavior. (Controlled by <span class= |
| 7642 | "Flag"><span style= |
| 7643 | 'font-size:10.0pt'>macroassign</span></span>.)</p> |
| 7644 | <p class="MsoListBullet"><span style= |
| 7645 | 'font-family:Symbol'>·<span style= |
| 7646 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 7647 | Macro parameters must be enclosed in parentheses when they are used |
| 7648 | in potentially dangerous contexts. (Controlled by |
| 7649 | <span class="Flag"><span style= |
| 7650 | 'font-size: 10.0pt'>macroparens</span></span>.)</p> |
| 7651 | <p class="MsoListBullet"><span style= |
| 7652 | 'font-family:Symbol'>·<span style= |
| 7653 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 7654 | A macro definition must be syntactically equivalent to a statement |
| 7655 | when it is invoked followed by a semicolon. (Controlled by |
| 7656 | <span class="Flag"><span style= |
| 7657 | 'font-size:10.0pt'>macrostmt</span></span>.)</p> |
| 7658 | <p class="MsoListBullet"><span style= |
| 7659 | 'font-family:Symbol'>·<span style= |
| 7660 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 7661 | The type of the macro body must match the return type of the |
| 7662 | corresponding function. If the macro is declared with type |
| 7663 | <span class="CodeText"><span style= |
| 7664 | 'font-size:10.0pt'>void</span></span>, its body may have any type |
| 7665 | but the macro value may not be used.</p> |
| 7666 | <p class="MsoListBullet"><span style= |
| 7667 | 'font-family:Symbol'>·<span style= |
| 7668 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 7669 | All variables declared in the body of a macro definition must be in |
| 7670 | the macro variable namespace, so they do not conflict with |
| 7671 | variables in the scope where the macro is invoked (which may be |
| 7672 | used in the macro parameters). By default, the macro |
| 7673 | namespace is all names prefixed by <span class= |
| 7674 | "CodeText"><span style='font-size:10.0pt'>m_</span></span>. |
| 7675 | (See Section 12.2 for information on controlling namespaces.)</p> |
| 7676 | <p class="afterlist">At the call site, a macro is checked like any |
| 7677 | other function call.</p> |
| 7678 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 7679 | "_Toc534975009"></a><a name="_Toc344355421"></a><a name= |
| 7680 | "_Ref343109609">11.2.1<span style= |
| 7681 | 'font:7.0pt "Times New Roman"'> </span> Side |
| 7682 | Effect Free Parameters</a></h3> |
| 7683 | <p class="beforelist">Suppose we really do want to implement |
| 7684 | <span class="CodeText"><span style= |
| 7685 | 'font-size:10.0pt'>square</span></span> as a macro, but want do so |
| 7686 | in a safe way. One way to do this is to require that it is |
| 7687 | never invoked with a parameter that has a side effect. Splint |
| 7688 | will check that this constraint holds, if the parameter is |
| 7689 | annotated to be side effect free. That is, the expression |
| 7690 | corresponding to this parameter must not modify any state, so it |
| 7691 | does not matter how many times it is evaluated. The |
| 7692 | <span class="Annot"><span style= |
| 7693 | 'font-size:10.0pt'>sef</span></span> annotation is used to denote a |
| 7694 | parameter that may not have any side effects:</p> |
| 7695 | <p class="Verbatim"><span style='font-size:9.5pt'> |
| 7696 | extern int square (/*@sef@*/ int x);</span></p> |
| 7697 | <p class="Verbatim"><span style='font-size:9.5pt'> # |
| 7698 | define square(x) ((x) *(x))</span></p> |
| 7699 | <p class="afterlist">Now, Splint will not report an error checking |
| 7700 | the definition of <span class="CodeText"><span style= |
| 7701 | 'font-size:10.0pt'>square</span></span> even though |
| 7702 | <span class="CodeText"><span style= |
| 7703 | 'font-size:10.0pt'>x</span></span> is used more than |
| 7704 | once.</p> |
| 7705 | <p class="TextFontCX"> </p> |
| 7706 | <p class="TextFontCX">A message will be reported, however, if |
| 7707 | <span class="CodeText"><span style= |
| 7708 | 'font-size:10.0pt'>square</span></span> is invoked with a parameter |
| 7709 | that has a side effect. For the code fragment,</p> |
| 7710 | <p class="example">square (i++)</p> |
| 7711 | <p class="beforelist">Splint produces the message:</p> |
| 7712 | <p class="Verbatim"> <span style= |
| 7713 | 'font-family:Arial'>Parameter 1 to square is declared sef,</span> |
| 7714 | <span style='font-family:Arial'>but the argument may modify: |
| 7715 | i++</span></p> |
| 7716 | <p class="betweenlists">It is also an error to pass a macro |
| 7717 | parameter that is not annotated with <span class= |
| 7718 | "Annot"><span style='font-size:10.0pt'>sef</span></span> as a |
| 7719 | <span class="Annot"><span style= |
| 7720 | 'font-size:10.0pt'>sef</span></span> macro parameter in the body of |
| 7721 | a macro definition. For example,</p> |
| 7722 | <p class="Verbatim"><span style='font-size:9.5pt'> |
| 7723 | extern int sumsquares (int x, int y);</span></p> |
| 7724 | <p class="Verbatim"><span style='font-size:9.5pt'> # |
| 7725 | define sumsquares(x,y) (square(x) + square(y))</span></p> |
| 7726 | <p class="afterlist">Although <span class= |
| 7727 | "CodeText"><span style='font-size:10.0pt'>x</span></span> |
| 7728 | only appears once in the definition of <span class= |
| 7729 | "CodeText"><span style= |
| 7730 | 'font-size:10.0pt'>sumsquares</span></span> it will be |
| 7731 | evaluated twice since <span class="CodeText"><span style= |
| 7732 | 'font-size:10.0pt'>square</span></span> is expanded.</p> |
| 7733 | <p class="TextFontCX"> </p> |
| 7734 | <p class="TextFontCX">A parameter may be passed as a |
| 7735 | <span class="Annot"><span style= |
| 7736 | 'font-size:10.0pt'>sef</span></span> parameter without an |
| 7737 | error being reported, if Splint can determine that evaluating |
| 7738 | the parameter has no side effects. For function calls, |
| 7739 | the modifies clause is used to determine if a side effect is |
| 7740 | possible.<a href="#_ftn16" name="_ftnref16" title= |
| 7741 | ""><span class="MsoFootnoteReference"><span class= |
| 7742 | "MsoFootnoteReference"><span style= |
| 7743 | 'font-size:11.0pt;font-family:"Times New Roman"'>[16]</span></span></span></a> |
| 7744 | To prevent many spurious errors, if the called function has |
| 7745 | no modifies clause, Splint will report an error only if |
| 7746 | <span class="Flag"><span style= |
| 7747 | 'font-size: 10.0pt'>sef-uncon</span></span> is on. |
| 7748 | Justifiably paranoid programmers will insist on setting |
| 7749 | <span class="Flag"><span style= |
| 7750 | 'font-size:10.0pt'>sef-uncon</span></span> on, and will add |
| 7751 | modifies clauses to unconstrained functions that are used in |
| 7752 | <span class="Annot"><span style= |
| 7753 | 'font-size:10.0pt'>sef</span></span> macro arguments.</p> |
| 7754 | <p class="TextFontCX"> </p> |
| 7755 | <p class="beforelist">One common application of macros is to get |
| 7756 | around the lack of polymorphism in C. We can use the |
| 7757 | <span class="Annot"><span style='font-size: 10.0pt'>/*@alt |
| 7758 | <type>,<sup>+</sup>@></span></span> syntax (see |
| 7759 | Section 4.4) to indicate that an alternate type may be used. |
| 7760 | For example,</p> |
| 7761 | <p class="Verbatim"><span style='font-size:9.5pt'> extern int |
| 7762 | /*@alt float@*/ square (/*@sef@*/ int /*@alt float@*/ |
| 7763 | x);</span></p> |
| 7764 | <p class="Verbatim"><span style='font-size:9.5pt'> # define |
| 7765 | square(x) ((x) *(x))</span></p> |
| 7766 | <p class="afterlist">declares <span class= |
| 7767 | "CodeText"><span style='font-size:10.0pt'>square</span></span> |
| 7768 | for both <span class="CodeText"><span style= |
| 7769 | 'font-size:10.0pt'>int</span></span>s and <span class= |
| 7770 | "CodeText"><span style= |
| 7771 | 'font-size:10.0pt'>float</span></span>s. Note however, |
| 7772 | that the return type is either <span class= |
| 7773 | "CodeText"><span style='font-size:10.0pt'>int</span></span> |
| 7774 | or <span class="CodeText"><span style= |
| 7775 | 'font-size:10.0pt'>float</span></span>, regardless of the |
| 7776 | actual parameter type. This is weaker than what is |
| 7777 | actually known about the return type.</p> |
| 7778 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 7779 | "_Toc534975010"></a><a name="_Ref347227227">11.3<span style= |
| 7780 | 'font:7.0pt "Times New Roman"'> </span> |
| 7781 | Controlling Macro Checking</a></h2> |
| 7782 | <p class="TextFontCX">By default, Splint expands macros normally |
| 7783 | and checks the resulting code after macros have been |
| 7784 | expanded. Flags and control comments may be used to control |
| 7785 | which macros are expanded and which are checked as functions or |
| 7786 | constants.</p> |
| 7787 | <p class="TextFontCX"> </p> |
| 7788 | <p class="TextFontCX">If the <span class="Flag"><span style= |
| 7789 | 'font-size:10.0pt'>fcn-macros</span></span> flag is on, Splint |
| 7790 | assumes all macros defined with parameter lists implement functions |
| 7791 | and checks them accordingly. Parameterized macros are not |
| 7792 | expanded and are checked as functions with unknown result and |
| 7793 | parameter types (or using the types in the prototype, if one is |
| 7794 | given). The analogous flag for macros that define constants |
| 7795 | is <span class="Flag"><span style= |
| 7796 | 'font-size:10.0pt'>const-macros</span></span>. If it is on, |
| 7797 | macros with no parameter lists are assumed to be constants, and |
| 7798 | checked accordingly. The <span class= |
| 7799 | "Flag"><span style='font-size:10.0pt'>all-macros</span></span> |
| 7800 | flag sets both <span class="Flag"><span style= |
| 7801 | 'font-size:10.0pt'>fcn-macros</span></span> and <span class= |
| 7802 | "Flag"><span style= |
| 7803 | 'font-size:10.0pt'>const-macros</span></span>. If the |
| 7804 | <span class="Flag"><span style= |
| 7805 | 'font-size:10.0pt'>macro-fcn-decl</span></span> flag is |
| 7806 | set, a message reports parameterized macros with no |
| 7807 | corresponding function prototype. If the <span class= |
| 7808 | "Flag"><span style= |
| 7809 | 'font-size:10.0pt'>macro-const-decl</span></span> flag |
| 7810 | is set, a similar message reports macros with no parameters |
| 7811 | that have no corresponding constant declaration.</p> |
| 7812 | <p class="TextFontCX"> </p> |
| 7813 | <p class="beforelist">The macro checks described in the previous |
| 7814 | sections make sense only for macros that are intended to replace |
| 7815 | functions or constants. When <span class= |
| 7816 | "Flag"><span style='font-size:10.0pt'>fcnmacros</span></span> |
| 7817 | or <span class="Flag"><span style= |
| 7818 | 'font-size:10.0pt'>constmacros</span></span> is on, more |
| 7819 | general macros need to be marked so they will not be checked |
| 7820 | as functions or constants, and will be expanded |
| 7821 | normally. Macros that are not meant to behave like |
| 7822 | functions should be preceded by the /<span class= |
| 7823 | "Annot"><span style= |
| 7824 | 'font-size:10.0pt'>*@notfunction@*/</span></span>comment. |
| 7825 | For example,</p> |
| 7826 | <p class="Verbatim"><span style='font-size:9.5pt'> |
| 7827 | /*@notfunction@*/</span></p> |
| 7828 | <p class="Verbatim"><span style='font-size:9.5pt'> # |
| 7829 | define forever for(;;)</span></p> |
| 7830 | <p class="afterlist">Macros preceded by <span class= |
| 7831 | "Annot"><span style='font-size: 10.0pt'>notfunction</span></span> |
| 7832 | are expanded normally before regular checking is done. If a |
| 7833 | macro that is not syntactically equivalent to a statement without a |
| 7834 | semi-colon (e.g., a macro which enters a new scope) is not preceded |
| 7835 | by <span class="Annot"><span style= |
| 7836 | 'font-size:10.0pt'>notfunction</span></span>, parse errors may |
| 7837 | result when <span class="Flag"><span style= |
| 7838 | 'font-size:10.0pt'>fcn-macros</span></span> or |
| 7839 | <span class="Flag"><span style= |
| 7840 | 'font-size:10.0pt'>const-macros</span></span> is on.</p> |
| 7841 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 7842 | "_Ref345771875"></a><a name="_Ref345489124"></a><a name= |
| 7843 | "_Toc344355423"></a><a name="_Toc534975011"></a><a name= |
| 7844 | "_Ref361651257"></a><a name="_Ref349897909"></a><a name= |
| 7845 | "_Ref344916532"></a><a name="_Ref344908410"></a><a name= |
| 7846 | "_Toc344355424">11.4<span style= |
| 7847 | 'font:7.0pt "Times New Roman"'> </span> |
| 7848 | Iterators</a></h2> |
| 7849 | <p class="TextFontCX">It is often useful to be able to execute the |
| 7850 | same code for many different values. For example, we may want |
| 7851 | to sum all elements in an <span class="CodeText"><span style= |
| 7852 | 'font-size:10.0pt'>intSet</span></span> that represents a set of |
| 7853 | integers. If <span class="CodeText"><span style= |
| 7854 | 'font-size:10.0pt'>intSet</span></span> is an abstract type, there |
| 7855 | is no easy way of doing this in a client module without depending |
| 7856 | on the concrete representation of the type. Instead, we could |
| 7857 | provide such a mechanism as part of the type’s |
| 7858 | implementation. We call a mechanism for looping through many |
| 7859 | values an <i>iterator</i>.</p> |
| 7860 | <p class="TextFontCX"> </p> |
| 7861 | <p class="TextFontCX">The C language provides no mechanism for |
| 7862 | creating user-defined iterators. Splint supports a stylized |
| 7863 | form of iterators declared using syntactic comments and defined |
| 7864 | using macros.</p> |
| 7865 | <p class="TextFontCX"> </p> |
| 7866 | <p class="TextFontCX">Iterator declarations are similar to function |
| 7867 | declarations except instead of returning a value, they assign |
| 7868 | values to their <span class="Annot"><span style= |
| 7869 | 'font-size:10.0pt'>yield</span></span> parameters in each |
| 7870 | iteration. For example, we could add this iterator |
| 7871 | declaration to <span class="Keyword"><span style= |
| 7872 | 'font-size:10.0pt;font-family: Arial;color:windowtext'>intSet.h</span></span>:</p> |
| 7873 | <p class="example">/*@iter intSet_elements (intSet s, yield int |
| 7874 | el);@*/</p> |
| 7875 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 7876 | 'font-size:10.0pt'>yield</span></span> annotation means that the |
| 7877 | variable passed as the second actual argument is declared as a |
| 7878 | local variable of type <span class="CodeText"><span style= |
| 7879 | 'font-size:10.0pt'>int</span></span> and assigned a value in each |
| 7880 | loop iteration.</p> |
| 7881 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 7882 | "_Toc534975012">11.4.1<span style= |
| 7883 | 'font:7.0pt "Times New Roman"'> </span> Defining |
| 7884 | Iterators</a></h3> |
| 7885 | <p class="beforelist">An iterator is defined using a macro. |
| 7886 | Here’s one (not particularly efficient) way of defining |
| 7887 | <span class="CodeText"><span style= |
| 7888 | 'font-size:10.0pt'>intSet_elements</span></span>:</p> |
| 7889 | <p class="Verbatim"> typedef /*@abstract@*/ struct |
| 7890 | {</p> |
| 7891 | <p class="Verbatim"> int |
| 7892 | nelements;</p> |
| 7893 | <p class="Verbatim"> int |
| 7894 | *elements;</p> |
| 7895 | <p class="Verbatim"> } intSet;</p> |
| 7896 | <p class="Verbatim"> …</p> |
| 7897 | <p class="Verbatim"> # define intSet_elements(s,m_el) |
| 7898 | \</p> |
| 7899 | <p class="Verbatim"> { int m_i; \</p> |
| 7900 | <p class="Verbatim"> for (m_i = |
| 7901 | (0); m_i <= ((s)->nelements); m_i++) { \</p> |
| 7902 | <p class="Verbatim"> |
| 7903 | int |
| 7904 | m_el = (s)->elements[(m_i)];</p> |
| 7905 | <p class="Verbatim"> </p> |
| 7906 | <p class="Verbatim"> # define end_intSet_elements |
| 7907 | }}</p> |
| 7908 | <p class="afterlist">Each time through the loop, the yield |
| 7909 | parameter <span class="CodeText"><span style= |
| 7910 | 'font-size:10.0pt'>m_el</span></span> is assigned to the next |
| 7911 | value. After each value has been assigned to |
| 7912 | <span class="CodeText"><span style= |
| 7913 | 'font-size:10.0pt'>m_el</span></span> for one iteration, the |
| 7914 | loop terminates. Variables declared by the iterator |
| 7915 | macro (including the <span class="Annot"><span style= |
| 7916 | 'font-size:10.0pt'>yield</span></span> parameter) are |
| 7917 | preceded by the macro variable namespace prefix <span class= |
| 7918 | "CodeText"><span style='font-size:10.0pt'>m_</span></span> |
| 7919 | (see Section 11.2) to avoid conflicts with variables defined |
| 7920 | in the scope where the iterator is used.</p> |
| 7921 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 7922 | "_Toc534975013">11.4.2<span style= |
| 7923 | 'font:7.0pt "Times New Roman"'> </span> Using |
| 7924 | Iterators</a></h3> |
| 7925 | <p class="TextFontCX">The general structure for using an iterator |
| 7926 | is,</p> |
| 7927 | <p class="example"><i>iter</i> (<i><params></i>) stmt; |
| 7928 | end_<i>iter</i></p> |
| 7929 | <p class="beforelist">For example, a client could use |
| 7930 | <span class="CodeText"><span style= |
| 7931 | 'font-size:10.0pt'>intSet_elements</span></span> to sum the |
| 7932 | elements of an <span class="CodeText"><span style= |
| 7933 | 'font-size:10.0pt'>intSet</span></span>:</p> |
| 7934 | <p class="Verbatim"> intSet s;</p> |
| 7935 | <p class="Verbatim"> int sum = 0;</p> |
| 7936 | <p class="Verbatim"> ...</p> |
| 7937 | <p class="Verbatim"> intSet_elements (s, el) {</p> |
| 7938 | <p class="Verbatim" style='text-indent:.5in'>sum += el;</p> |
| 7939 | <p class="Verbatim"> } end_intSet_elements;</p> |
| 7940 | <p class="afterlist">The actual parameter corresponding to a yield |
| 7941 | parameter, <span class="CodeText"><span style= |
| 7942 | 'font-size:10.0pt'>el</span></span>, is not declared in the |
| 7943 | function scope. Instead, it is declared by the iterator and |
| 7944 | assigned to an appropriate value for each iteration.</p> |
| 7945 | <p class="TextFontCX"> </p> |
| 7946 | <p class="beforelist">Splint will do the following checks for uses |
| 7947 | of stylized iterators:</p> |
| 7948 | <p class="MsoListBullet"><span style= |
| 7949 | 'font-family:Symbol'>·<span style= |
| 7950 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 7951 | An invocation of the iterator <span class= |
| 7952 | "CodeText"><i><span style='font-size:10.0pt'>iter</span></i></span> |
| 7953 | must be balanced by a corresponding end, named <span class= |
| 7954 | "CodeText"><span style= |
| 7955 | 'font-size:10.0pt'>end_<i>iter</i></span></span>.</p> |
| 7956 | <p class="MsoListBullet"><span style= |
| 7957 | 'font-family:Symbol'>·<span style= |
| 7958 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 7959 | All actual parameters must be defined, except those corresponding |
| 7960 | to yield parameters.</p> |
| 7961 | <p class="MsoListBullet"><span style= |
| 7962 | 'font-family:Symbol'>·<span style= |
| 7963 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 7964 | Yield parameters must be new identifiers, not declared in the |
| 7965 | current scope or any enclosing scope.</p> |
| 7966 | <p class="afterlist">Iterators are a bit awkward to implement, but |
| 7967 | they enable compact, easily understood client code. For |
| 7968 | abstract collection types, an iterator can be used to enable |
| 7969 | clients to operate on elements of the collection without breaking |
| 7970 | data abstraction.<a name="_Ref348845281"></a><a name= |
| 7971 | "_Toc344355425"></a><a name="_Ref343247905"></a></p> |
| 7972 | <h1 style='margin-left:0in;text-indent:0in'><a name= |
| 7973 | "_Toc534975014"></a><a name="_Ref483663681"></a><a name= |
| 7974 | "_Ref350065611">12<span style= |
| 7975 | 'font:7.0pt "Times New Roman"'> </span> |
| 7976 | <a id="naming" name="naming"> |
| 7977 | Naming Conventions</a></a></h1> |
| 7978 | <p class="TextFontCX">Naming conventions tend to be a religious |
| 7979 | issue. Generally, it doesn't matter too much what naming convention |
| 7980 | is followed as long as one is chosen and followed |
| 7981 | religiously. There are two kinds of naming conventions |
| 7982 | supported by Splint. Type-based naming conventions (Section |
| 7983 | 12.1) constrain identifier names according to the abstract |
| 7984 | types that are accessible where the identifier is |
| 7985 | defined. Prefix naming conventions (Section 12.2) constrain |
| 7986 | the initial characters of identifier names according to what is |
| 7987 | being declared and its scope. Naming conventions may be |
| 7988 | combined or different conventions may be selected for different |
| 7989 | kinds of identifiers. In addition, Splint supports checking |
| 7990 | that names do not conflict with names reserved for the standard |
| 7991 | library or implementation (Section 12.3) and are sufficiently |
| 7992 | distinguishable from other names.</p> |
| 7993 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 7994 | "_Toc534975015"></a><a name="_Ref348079373"></a><a name= |
| 7995 | "_Ref347240654"></a><a name="_Toc344355426">12.1<span style= |
| 7996 | 'font:7.0pt "Times New Roman"'> </span> |
| 7997 | Type-Based Naming Conventions</a></h2> |
| 7998 | <p class="TextFontCX">Generic naming conventions constrain valid |
| 7999 | names of identifiers. By limiting valid names, namespaces may |
| 8000 | be preserved and programs may be more easily understood since the |
| 8001 | name gives clues as to how and where the name is defined and how it |
| 8002 | should be used.</p> |
| 8003 | <p class="TextFontCX"> </p> |
| 8004 | <p class="TextFontCX">Names may be constrained by the scope of the |
| 8005 | name (external, file static, internal), the file in which the |
| 8006 | identifier is defined, the type of the identifier, and global |
| 8007 | constraints.</p> |
| 8008 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 8009 | "_Toc534975016"></a><a name= |
| 8010 | "_Ref347994687">12.1.1<span style='font:7.0pt "Times New Roman"'> </span> |
| 8011 | Czech Names</a></h3> |
| 8012 | <p class="TextFontCX">Czech<a href="#_ftn17" name="_ftnref17" |
| 8013 | title=""><span class="MsoFootnoteReference"><span class= |
| 8014 | "MsoFootnoteReference"><span style= |
| 8015 | 'font-size:11.0pt;font-family:"Times New Roman"'>[17]</span></span></span></a> |
| 8016 | names denote operations and variables of abstract types by |
| 8017 | preceding the names by <span class="CodeText"><i><span style= |
| 8018 | 'font-size:10.0pt'><type></span></i></span><span class= |
| 8019 | "CodeText"><span style='font-size:10.0pt'>_</span></span>. |
| 8020 | The remainder of the name should begin with a lowercase |
| 8021 | character, but may use any other character besides the |
| 8022 | underscore. Types may be named using any non-underscore |
| 8023 | characters.</p> |
| 8024 | <p class="TextFontCX"> </p> |
| 8025 | <p class="TextFontCX" style='margin-bottom:6.0pt'>The Czech naming |
| 8026 | convention is selected by the <span class="Flag"><span style= |
| 8027 | 'font-size:10.0pt'>czech</span></span> flag. If |
| 8028 | <span class="Flag"><span style= |
| 8029 | 'font-size:10.0pt'>access-czech</span></span> is on, a function, |
| 8030 | variable, constant or iterator named <span class= |
| 8031 | "CodeText"><i><span style= |
| 8032 | 'font-size:10.0pt'><type></span></i></span><span class= |
| 8033 | "CodeText"><span style= |
| 8034 | 'font-size:10.0pt'>_<i><name></i></span></span> has access to |
| 8035 | the abstract type <span class="CodeText"><i><span style= |
| 8036 | 'font-size:10.0pt'><type></span></i></span>. Reporting |
| 8037 | of violations of the Czech naming convention is controlled by |
| 8038 | different flags depending on what is being declared:</p> |
| 8039 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8040 | 'font-size:10.0pt'>czech-fcns</span></span></p> |
| 8041 | <p class="TextFontCX" style='margin-left:13.5pt'>Functions and |
| 8042 | iterators. An error is reported for a function name of the |
| 8043 | form <span class="CodeText"><i><span style= |
| 8044 | 'font-size:10.0pt'><prefix></span></i></span><span class="CodeText"> |
| 8045 | <span style='font-size:10.0pt'>_<i><name></i></span></span> |
| 8046 | where <span class="CodeText"><i><span style= |
| 8047 | 'font-size:10.0pt'><prefix></span></i></span> is not the name |
| 8048 | of an accessible type. Note that if <span class= |
| 8049 | "Flag"><span style='font-size:10.0pt'>accessczech</span></span> is |
| 8050 | on, a type named <span class="CodeText"><i><span style= |
| 8051 | 'font-size:10.0pt'><prefix></span></i></span> would be |
| 8052 | accessible in a function beginning with <span class= |
| 8053 | "CodeText"><i><span style= |
| 8054 | 'font-size:10.0pt'><prefix></span></i></span><span class="CodeText"> |
| 8055 | <span style='font-size:10.0pt'>_</span></span>. If |
| 8056 | <span class="Flag"><span style= |
| 8057 | 'font-size:10.0pt'>access-czech</span></span> is off, an error is |
| 8058 | reported instead. An error is reported for a function name |
| 8059 | that does not have an underscore if any abstract types are |
| 8060 | accessible where the function is defined.</p> |
| 8061 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8062 | 'font-size:10.0pt'>czech-vars</span></span></p> |
| 8063 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8064 | 'font-size:10.0pt'>czech-constants</span></span></p> |
| 8065 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8066 | 'font-size:10.0pt'>czech-macros</span></span></p> |
| 8067 | <p class="IndentText">Variables, constants and expanded macros. |
| 8068 | An error is reported if the identifier name starts with |
| 8069 | <span class="CodeText"><i><span style= |
| 8070 | 'font-size:10.0pt'><prefix></span></i></span><span class="CodeText"> |
| 8071 | <span style='font-size:10.0pt'>_</span></span>and |
| 8072 | <span class="CodeText"><i><span style= |
| 8073 | 'font-size:10.0pt'>prefix</span></i></span> is not the name |
| 8074 | of an accessible abstract type, or if an abstract type is |
| 8075 | accessible and the identifier name does not begin with |
| 8076 | <span class="CodeText"><i><span style= |
| 8077 | 'font-size:10.0pt'><type></span></i></span><span class= |
| 8078 | "CodeText"><span style='font-size:10.0pt'>_</span></span> |
| 8079 | where <span class="CodeText"><i><span style= |
| 8080 | 'font-size:10.0pt'>type</span></i></span> is the name of an |
| 8081 | accessible abstract type. If <span class= |
| 8082 | "Flag"><span style= |
| 8083 | 'font-size:10.0pt'>access-czech</span></span> is on, the |
| 8084 | representation of the type is visible in the constant or |
| 8085 | variable definition.</p> |
| 8086 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8087 | 'font-size:10.0pt'>czech-types</span></span></p> |
| 8088 | <p class="TextFontCX" style='margin-left:13.5pt'>User-defined |
| 8089 | types. An error is reported if a type name includes an |
| 8090 | underscore character.</p> |
| 8091 | <p class="Sidebar" align="right">Of course, this is a complete |
| 8092 | jumble to the uninitiated, and that’s the joke.</p> |
| 8093 | <p class="Sidebar" align="right" style='text-align:right'> |
| 8094 | <i>Charles Simonyi, on the Hungarian naming convention</i></p> |
| 8095 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 8096 | "_Toc534975017"></a><a name= |
| 8097 | "_Ref344878566">12.1.2<span style='font:7.0pt "Times New Roman"'> </span> |
| 8098 | Slovak Names</a></h3> |
| 8099 | <p class="TextFontCX">Slovak names are similar to Czech names, |
| 8100 | except they are spelled differently. A Slovak name is of the |
| 8101 | form <span class="CodeText"><i><span style= |
| 8102 | 'font-size:10.0pt'><type><Name></span></i></span>. |
| 8103 | The type prefix may not use uppercase characters. The |
| 8104 | remainder of the name starts with the first uppercase |
| 8105 | character.</p> |
| 8106 | <p class="TextFontCX"> </p> |
| 8107 | <p class="TextFontCX">The <span class="Flag"><span style= |
| 8108 | 'font-size:10.0pt'>slovak</span></span> flag selects the |
| 8109 | Slovak naming convention. Like Czech names, it may be used |
| 8110 | with <span class="Flag"><span style= |
| 8111 | 'font-size:10.0pt'>access-slovak</span></span> to control |
| 8112 | access to abstract representations. The <span class= |
| 8113 | "Flag"><span style='font-size:10.0pt'>slovak-fcns</span></span>, |
| 8114 | <span class="Flag"><span style= |
| 8115 | 'font-size:10.0pt'>slovak-vars</span></span>, <span class= |
| 8116 | "Flag"><span style= |
| 8117 | 'font-size:10.0pt'>slovak-constants</span></span>, and |
| 8118 | <span class="Flag"><span style= |
| 8119 | 'font-size:10.0pt'>slovak-macros</span></span> flags are |
| 8120 | analogous to the similar Czech flags. If <span class= |
| 8121 | "Flag"><span style= |
| 8122 | 'font-size:10.0pt'>slovak-type</span></span> is on, an error |
| 8123 | is reported if a type name includes an uppercase letter.</p> |
| 8124 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 8125 | "_Toc534975018"></a><a name= |
| 8126 | "_Ref347994743">12.1.3<span style='font:7.0pt "Times New Roman"'> </span> |
| 8127 | Czechoslovak Names</a></h3> |
| 8128 | <p class="TextFontCX">Czechoslovak names are a combination of Czech |
| 8129 | names and Slovak names. Operations may be named either |
| 8130 | <span class="CodeText"><i><span style= |
| 8131 | 'font-size:10.0pt'><type></span></i></span><span class= |
| 8132 | "CodeText"><span style='font-size:10.0pt'>_</span></span> followed |
| 8133 | by any sequence of non-underscore characters, or <span class= |
| 8134 | "CodeText"><i><span style= |
| 8135 | 'font-size:10.0pt'><type></span></i></span> followed by an |
| 8136 | uppercase letter and any sequence of characters. Czechoslovak |
| 8137 | names have been out of favor since 1993, but may be necessary for |
| 8138 | checking legacy code. The <span class="Flag"><span style= |
| 8139 | 'font-size:10.0pt'>czechoslovak-fcns</span></span>, |
| 8140 | <span class="Flag"><span style= |
| 8141 | 'font-size:10.0pt'>czechoslovak-vars</span></span>, |
| 8142 | <span class="Flag"><span style= |
| 8143 | 'font-size:10.0pt'>czechoslovak-macros</span></span>, and |
| 8144 | <span class="Flag"><span style= |
| 8145 | 'font-size:10.0pt'>czechoslovak-constants</span></span> |
| 8146 | flags are analogous to the similar Czech flags. If |
| 8147 | <span class="Flag"><span style= |
| 8148 | 'font-size:10.0pt'>czechoslovak-type</span></span> is |
| 8149 | on, an error is reported if a type name contains either an |
| 8150 | uppercase letter or an underscore character.</p> |
| 8151 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 8152 | "_Toc534975019"></a><a name="_Ref347240687"></a><a name= |
| 8153 | "_Ref347222192">12.2<span style= |
| 8154 | 'font:7.0pt "Times New Roman"'> </span> |
| 8155 | Namespace Prefixes</a></h2> |
| 8156 | <p class="TextFontCX">Another way to restrict names is to constrain |
| 8157 | the leading character sequences of various kinds of |
| 8158 | identifiers. For example, the names of all user-defined types |
| 8159 | might begin with <span class="CodeText"><span style= |
| 8160 | 'font-size:10.0pt'>T</span></span> followed by an uppercase letter |
| 8161 | and all file static names begin with an uppercase letter. |
| 8162 | This may be useful for enforcing a namespace (e.g., all names |
| 8163 | exported by the X-windows library should begin with |
| 8164 | <span class="CodeText"><span style= |
| 8165 | 'font-size:10.0pt'>X</span></span>) or just making programs |
| 8166 | easier to understand by establishing an enforced |
| 8167 | convention. Splint can be used to constrain identifiers |
| 8168 | in this way to detect identifiers inconsistent with |
| 8169 | prefixes.</p> |
| 8170 | <p class="TextFontCX"> </p> |
| 8171 | <p class="TextFontCX">All namespace flags are of the form, |
| 8172 | <span class="Flag"><span style= |
| 8173 | 'font-size:10.0pt'>-<i><context></i>prefix |
| 8174 | <i><string></i></span></span>. For example, the macro |
| 8175 | variable namespace restricting identifiers declared in macro bodies |
| 8176 | to be preceded by <span class="CodeText"><span style= |
| 8177 | 'font-size:10.0pt'>m_</span></span> would be selected by |
| 8178 | <span class="Flag"><span style= |
| 8179 | 'font-size:10.0pt'>-macrovarprefix</span></span> <span class= |
| 8180 | "Flag"><span style='font-size:10.0pt'>"m_"</span></span>. The |
| 8181 | string may contain regular characters that may appear in a C |
| 8182 | identifier. These must match the initial characters of the |
| 8183 | identifier name. In addition, special characters (shown in |
| 8184 | Figure 23) can be used to denote a class of characters.<a href= |
| 8185 | "#_ftn18" name="_ftnref18" title=""><span class= |
| 8186 | "MsoFootnoteReference"><span class= |
| 8187 | "MsoFootnoteReference"><span style= |
| 8188 | 'font-size:11.0pt;font-family:"Times New Roman"'>[18]</span></span></span></a> |
| 8189 | The <span class="CodeText"><span style= |
| 8190 | 'font-size:10.0pt'>*</span></span> character may be used at the end |
| 8191 | of a prefix string to specify the rest of the identifier is zero or |
| 8192 | more characters matching the character immediately before the |
| 8193 | <span class="CodeText"><span style= |
| 8194 | 'font-size:10.0pt'>*</span></span>. For example, the prefix |
| 8195 | string <span class="CodeText"><span style= |
| 8196 | 'font-size:10.0pt'>T&*</span></span> matches <span class= |
| 8197 | "CodeText"><span style='font-size:10.0pt'>T</span></span> or |
| 8198 | <span class="CodeText"><span style= |
| 8199 | 'font-size:10.0pt'>TWINDOW</span></span> but not <span class= |
| 8200 | "CodeText"><span style='font-size:10.0pt'>Twin</span></span>.</p> |
| 8201 | <p class="beforelist"> </p> |
| 8202 | <p class="beforelist">Different prefixes can be selected for the |
| 8203 | following identifier contexts:</p> |
| 8204 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 8205 | cellpadding="0" style='margin-left:.45in;border-collapse:collapse'> |
| 8206 | <tr> |
| 8207 | <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'> |
| 8208 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8209 | 'font-size:10.0pt'>macro-var-prefix</span></span></p></td> |
| 8210 | <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8211 | <p class="TextFontCX">Any variable declared inside a macro |
| 8212 | body</p></td></tr> |
| 8213 | <tr> |
| 8214 | <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'> |
| 8215 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8216 | 'font-size:10.0pt'>unchecked-macro-prefix</span></span></p></td> |
| 8217 | <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8218 | <p class="TextFontCX">Any macro that is not checked as a function |
| 8219 | or constant (see Section 11.4)</p></td></tr> |
| 8220 | <tr> |
| 8221 | <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'> |
| 8222 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8223 | 'font-size:10.0pt'>tag-prefix</span></span></p></td> |
| 8224 | <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8225 | <p class="TextFontCX">Tags for <span class= |
| 8226 | "CodeText"><span style='font-size:10.0pt'>struct</span></span>, |
| 8227 | <span class="CodeText"><span style= |
| 8228 | 'font-size:10.0pt'>union</span></span> and <span class= |
| 8229 | "CodeText"><span style='font-size:10.0pt'>enum</span></span> |
| 8230 | declarations</p></td></tr> |
| 8231 | <tr> |
| 8232 | <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'> |
| 8233 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8234 | 'font-size:10.0pt'>enum-prefix</span></span></p></td> |
| 8235 | <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8236 | <p class="TextFontCX">Members of <span class= |
| 8237 | "CodeText"><span style='font-size:10.0pt'>enum</span></span> |
| 8238 | types</p></td></tr> |
| 8239 | <tr> |
| 8240 | <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'> |
| 8241 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8242 | 'font-size:10.0pt'>type-prefix</span></span></p></td> |
| 8243 | <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8244 | <p class="TextFontCX">Name of a user-defined type</p></td></tr> |
| 8245 | <tr> |
| 8246 | <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'> |
| 8247 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8248 | 'font-size:10.0pt'>file-static-prefix</span></span></p></td> |
| 8249 | <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8250 | <p class="TextFontCX">Any identifier with file static |
| 8251 | scope</p></td></tr> |
| 8252 | <tr> |
| 8253 | <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'> |
| 8254 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8255 | 'font-size:10.0pt'>glob-var-prefix</span></span></p></td> |
| 8256 | <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8257 | <p class="TextFontCX">Any variable (not of function type) with |
| 8258 | global scope</p></td></tr> |
| 8259 | <tr> |
| 8260 | <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'> |
| 8261 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8262 | 'font-size:10.0pt'>const-prefix</span></span></p></td> |
| 8263 | <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8264 | <p class="TextFontCX">Any constant (see Section 11.1)</p></td></tr> |
| 8265 | <tr> |
| 8266 | <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'> |
| 8267 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8268 | 'font-size:10.0pt'>iter-prefix</span></span></p></td> |
| 8269 | <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8270 | <p class="TextFontCX">An iterator (see Section 11.4)</p></td></tr> |
| 8271 | <tr> |
| 8272 | <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'> |
| 8273 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8274 | 'font-size:10.0pt'>proto-param-prefix</span></span></p></td> |
| 8275 | <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8276 | <p class="TextFontCX">A parameter in a function declaration |
| 8277 | prototype</p></td></tr> |
| 8278 | <tr> |
| 8279 | <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'> |
| 8280 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8281 | 'font-size:10.0pt'>external-prefix</span></span></p></td> |
| 8282 | <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8283 | <p class="TextFontCX">Any exported identifier</p></td></tr></table> |
| 8284 | <p class="afterlist">If an identifier is in more than one of the |
| 8285 | namespace contexts, the most specific defined namespace prefix is |
| 8286 | used (e.g., a global variable is also an exported identifier, |
| 8287 | so if <span class="Flag"><span style= |
| 8288 | 'font-size:10.0pt'>global-var-prefix</span></span> is set, it is |
| 8289 | checked against the variable name; if not, the identifier is |
| 8290 | checked against the <span class="Flag"><span style= |
| 8291 | 'font-size:10.0pt'>external-prefix</span></span>.)</p> |
| 8292 | <p class="TextFontCX"> </p> |
| 8293 | <p class="TextFontCX">For each prefix flag, a corresponding flag |
| 8294 | named <span class="Flag"><i><span style= |
| 8295 | 'font-size:10.0pt'><prefixname></span></i></span><span class="Flag"> |
| 8296 | <span style='font-size:10.0pt'>exclude</span></span> controls |
| 8297 | whether errors are reported if identifiers in a different namespace |
| 8298 | match the namespace prefix. For example, if |
| 8299 | <span class="Flag"><span style= |
| 8300 | 'font-size: 10.0pt'>macro-var-prefix-exclude</span></span> is |
| 8301 | on, Splint checks that no identifier that is not a variable |
| 8302 | declared inside a macro body uses the macro variable |
| 8303 | prefix.</p> |
| 8304 | <p class="TextFontCX"> </p> |
| 8305 | <p class="beforelist">Here is a (somewhat draconian) sample naming |
| 8306 | convention:</p> |
| 8307 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 8308 | cellpadding="0" style='margin-left:5.4pt;border-collapse:collapse'> |
| 8309 | <tr> |
| 8310 | <td valign="top" style= |
| 8311 | 'width:189.35pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8312 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8313 | 'font-size:10.0pt'>-unchecked-macro-prefix</span></span> |
| 8314 | <span class="Flag"><span style= |
| 8315 | 'font-size:10.0pt'>"~*"</span></span></p></td> |
| 8316 | <td valign="top" style= |
| 8317 | 'width:238.15pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8318 | <p class="TextFontCX">Unchecked macros have no lowercase |
| 8319 | letters.</p></td></tr> |
| 8320 | <tr> |
| 8321 | <td valign="top" style= |
| 8322 | 'width:189.35pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8323 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8324 | 'font-size:10.0pt'>-type-prefix</span></span> <span class= |
| 8325 | "Flag"><span style= |
| 8326 | 'font-size:10.0pt'>"T^&*"</span></span></p></td> |
| 8327 | <td valign="top" style= |
| 8328 | 'width:238.15pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8329 | <p class="TextFontCX">All type names begin with <span class= |
| 8330 | "CodeText"><span style='font-size:10.0pt'>T</span></span> followed |
| 8331 | by an uppercase letter. The rest of the name is all lowercase |
| 8332 | letters.</p></td></tr> |
| 8333 | <tr> |
| 8334 | <td valign="top" style= |
| 8335 | 'width:189.35pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8336 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8337 | 'font-size:10.0pt'>+type-prefix-exclude</span></span></p></td> |
| 8338 | <td valign="top" style= |
| 8339 | 'width:238.15pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8340 | <p class="TextFontCX">No identifier that does not name a |
| 8341 | user-defined type name begins with the type name |
| 8342 | prefix.</p></td></tr> |
| 8343 | <tr> |
| 8344 | <td valign="top" style= |
| 8345 | 'width:189.35pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8346 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8347 | 'font-size:10.0pt'>-file-static-prefix</span></span> |
| 8348 | <span class="Flag"><span style= |
| 8349 | 'font-size:10.0pt'>"^&&&"</span></span></p></td> |
| 8350 | <td valign="top" style= |
| 8351 | 'width:238.15pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8352 | <p class="TextFontCX">File static scope variables begin with an |
| 8353 | uppercase letter and three lowercase letters.</p></td></tr> |
| 8354 | <tr> |
| 8355 | <td valign="top" style= |
| 8356 | 'width:189.35pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8357 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8358 | 'font-size:10.0pt'>-proto-param-prefix "p_"</span></span></p></td> |
| 8359 | <td valign="top" style= |
| 8360 | 'width:238.15pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8361 | <p class="TextFontCX">All parameters in prototypes must begin with |
| 8362 | <span class="CodeText"><span style= |
| 8363 | 'font-size:10.0pt'>p_</span></span>.</p></td></tr> |
| 8364 | <tr> |
| 8365 | <td valign="top" style= |
| 8366 | 'width:189.35pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8367 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8368 | 'font-size:10.0pt'>-glob-var-prefix "G"</span></span></p></td> |
| 8369 | <td valign="top" style= |
| 8370 | 'width:238.15pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8371 | <p class="TextFontCX">All global variables start with |
| 8372 | <span class="CodeText"><span style= |
| 8373 | 'font-size:10.0pt'>G</span></span>.</p></td></tr> |
| 8374 | <tr> |
| 8375 | <td valign="top" style= |
| 8376 | 'width:189.35pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8377 | <p class="TextFontCX"><span class="Flag"><span style= |
| 8378 | 'font-size:10.0pt'>+glob-var-prefix-exclude</span></span></p></td> |
| 8379 | <td valign="top" style= |
| 8380 | 'width:238.15pt;padding:0in 5.4pt 0in 5.4pt'> |
| 8381 | <p class="TextFontCX">No identifier that is not a |
| 8382 | global variable starts with <span class= |
| 8383 | "CodeText"><span style='font-size:10.0pt'>G</span></span>.</p></td></tr></table> |
| 8384 | <p class="beforelist"> </p> |
| 8385 | <p class="beforelist">The prefix for parameters in function |
| 8386 | prototypes is useful for making sure parameter names are not in |
| 8387 | conflict with macros defined before the function prototype. |
| 8388 | In most cases, it may be preferable to not name prototype |
| 8389 | parameters. If the <span class="Flag"><span style= |
| 8390 | 'font-size:10.0pt'>proto-param-name</span></span> flag is set, |
| 8391 | an error is reported for any named parameter in a prototype |
| 8392 | declaration. If a <span class="Flag"><span style= |
| 8393 | 'font-size:10.0pt'>proto-param-prefix</span></span> is set, no |
| 8394 | error is reported for unnamed parameters.</p> |
| 8395 | <p class="TextFontCX">It may also be useful to check the names of |
| 8396 | prototype parameters correspond to the names in definitions. |
| 8397 | While using header files as documentation is not generally |
| 8398 | recommended, it is common enough practice that it makes sense to |
| 8399 | check that parameter names are consistent. A discrepancy may |
| 8400 | indicate an error in the parameter order in the function |
| 8401 | prototype. If <span class="Flag"><span style= |
| 8402 | 'font-size:10.0pt'>proto-param-match</span></span> is set, |
| 8403 | Splint will report an error if the name of a definition parameter |
| 8404 | does not match the corresponding prototype parameter (after |
| 8405 | removing the <span class="Flag"><span style= |
| 8406 | 'font-size:10.0pt'>protoparamprefix</span></span>).</p> |
| 8407 | <center> |
| 8408 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 8409 | cellpadding="0" style= |
| 8410 | 'margin-left:9.9pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'> |
| 8411 | <tr> |
| 8412 | <td valign="top" style= |
| 8413 | 'width:22.0pt;border-top:solid black 1.5pt; border-left:solid black 1.5pt;border-bottom:none;border-right:none; padding:0in 5.4pt 0in 5.4pt'> |
| 8414 | <p class="TextFontCX"><span class="CodeText"><span style= |
| 8415 | 'font-size:10.0pt'>^</span></span></p></td> |
| 8416 | <td valign="top" style= |
| 8417 | 'width:401.55pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 8418 | <p class="TextFontCX">Any uppercase letter, <span class= |
| 8419 | "CodeText"><span style= |
| 8420 | 'font-size:10.0pt'>A</span></span>-<span class= |
| 8421 | "CodeText"><span style= |
| 8422 | 'font-size:10.0pt'>Z</span></span></p></td></tr> |
| 8423 | <tr> |
| 8424 | <td valign="top" style= |
| 8425 | 'width:22.0pt;border:none;border-left:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 8426 | <p class="TextFontCX"><span class="CodeText"><span style= |
| 8427 | 'font-size:10.0pt'>&</span></span></p></td> |
| 8428 | <td valign="top" style= |
| 8429 | 'width:401.55pt;border:none;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 8430 | <p class="TextFontCX">Any lowercase letter, <span class= |
| 8431 | "CodeText"><span style= |
| 8432 | 'font-size:10.0pt'>a</span></span>-<span class= |
| 8433 | "CodeText"><span style= |
| 8434 | 'font-size:10.0pt'>z</span></span></p></td></tr> |
| 8435 | <tr> |
| 8436 | <td valign="top" style= |
| 8437 | 'width:22.0pt;border:none;border-left:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 8438 | <p class="TextFontCX"><span class="CodeText"><span style= |
| 8439 | 'font-size:10.0pt'>%</span></span></p></td> |
| 8440 | <td valign="top" style= |
| 8441 | 'width:401.55pt;border:none;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 8442 | <p class="TextFontCX">Any character that is not an uppercase letter |
| 8443 | (allows lowercase letters, digits and underscore)</p></td></tr> |
| 8444 | <tr> |
| 8445 | <td valign="top" style= |
| 8446 | 'width:22.0pt;border:none;border-left:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 8447 | <p class="TextFontCX"><span class="CodeText"><span style= |
| 8448 | 'font-size:10.0pt'>~</span></span></p></td> |
| 8449 | <td valign="top" style= |
| 8450 | 'width:401.55pt;border:none;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 8451 | <p class="TextFontCX">Any character that is not a lowercase letter |
| 8452 | (allows uppercase letters, digits and underscore)</p></td></tr> |
| 8453 | <tr> |
| 8454 | <td valign="top" style= |
| 8455 | 'width:22.0pt;border:none;border-left:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 8456 | <p class="TextFontCX"><span class="CodeText"><span style= |
| 8457 | 'font-size:10.0pt'>$</span></span></p></td> |
| 8458 | <td valign="top" style= |
| 8459 | 'width:401.55pt;border:none;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 8460 | <p class="TextFontCX">Any letter (<span class= |
| 8461 | "CodeText"><span style= |
| 8462 | 'font-size:10.0pt'>a</span></span>-<span class= |
| 8463 | "CodeText"><span style='font-size:10.0pt'>z</span></span>, |
| 8464 | <span class="CodeText"><span style= |
| 8465 | 'font-size:10.0pt'>A</span></span>-<span class= |
| 8466 | "CodeText"><span style= |
| 8467 | 'font-size:10.0pt'>Z</span></span>)</p></td></tr> |
| 8468 | <tr> |
| 8469 | <td valign="top" style= |
| 8470 | 'width:22.0pt;border:none;border-left:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 8471 | <p class="TextFontCX"><span class="CodeText"><span style= |
| 8472 | 'font-size:10.0pt'>/</span></span></p></td> |
| 8473 | <td valign="top" style= |
| 8474 | 'width:401.55pt;border:none;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 8475 | <p class="TextFontCX">Any letter or digit (<span class= |
| 8476 | "CodeText"><span style= |
| 8477 | 'font-size:10.0pt'>A</span></span>-<span class= |
| 8478 | "CodeText"><span style='font-size:10.0pt'>Z</span></span>, |
| 8479 | <span class="CodeText"><span style= |
| 8480 | 'font-size:10.0pt'>a</span></span>-<span class= |
| 8481 | "CodeText"><span style='font-size:10.0pt'>z</span></span>, |
| 8482 | <span class="CodeText"><span style= |
| 8483 | 'font-size:10.0pt'>0</span></span>-<span class= |
| 8484 | "CodeText"><span style= |
| 8485 | 'font-size:10.0pt'>9</span></span>)</p></td></tr> |
| 8486 | <tr> |
| 8487 | <td valign="top" style= |
| 8488 | 'width:22.0pt;border:none;border-left:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 8489 | <p class="TextFontCX"><span class="CodeText"><span style= |
| 8490 | 'font-size:10.0pt'>?</span></span></p></td> |
| 8491 | <td valign="top" style= |
| 8492 | 'width:401.55pt;border:none;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 8493 | <p class="TextFontCX">Any character valid in a C |
| 8494 | identifier</p></td></tr> |
| 8495 | <tr> |
| 8496 | <td valign="top" style= |
| 8497 | 'width:22.0pt;border-top:none;border-left:solid black 1.5pt; border-bottom:solid black 1.5pt;border-right:none;padding:0in 5.4pt 0in 5.4pt'> |
| 8498 | <p class="TextFontCX"><span class="CodeText"><span style= |
| 8499 | 'font-size:10.0pt'>#</span></span></p></td> |
| 8500 | <td valign="top" style= |
| 8501 | 'width:401.55pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 8502 | <p class="TextFontCX" style='page-break-after: avoid'>Any digit, |
| 8503 | <span class="CodeText"><span style= |
| 8504 | 'font-size:10.0pt'>0</span></span>-<span class= |
| 8505 | "CodeText"><span style= |
| 8506 | 'font-size:10.0pt'>9</span></span></p></td></tr></table> |
| 8507 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 8508 | <tr> |
| 8509 | <td valign="top" style= |
| 8510 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 8511 | <p class="MsoCaption"><a name="_Toc534824625"></a><a name= |
| 8512 | "_Ref347220245"></a><a name="_Ref347220226"></a><a name= |
| 8513 | "_Toc347255399"></a><a name="_Ref347222037"></a><a name= |
| 8514 | "_Ref347222045"></a><a name="_Ref534824531">Figure 23</a>. |
| 8515 | Prefix Character Codes</p></td></tr></table></center> |
| 8516 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 8517 | "_Toc534975020"></a><a name="_Ref348079479"></a><a name= |
| 8518 | "_Ref347240790"></a><a name="_Toc344355427">12.3<span style= |
| 8519 | 'font:7.0pt "Times New Roman"'> </span> |
| 8520 | Naming Restrictions</a></h2> |
| 8521 | <p class="TextFontCX">Additional naming restrictions can be used to |
| 8522 | check that names do no conflict with names reserved for the |
| 8523 | standard library, and that identifier are sufficiently distinct |
| 8524 | (either for the compiler and linker, or for the programmer.) |
| 8525 | Restrictions may be different for names that are needed by the |
| 8526 | linker (<i>external</i> names) and names that are only needed |
| 8527 | during compilations (<i>internal</i> names). Names of |
| 8528 | non-<span class="CodeText"><span style= |
| 8529 | 'font-size:10.0pt'>static</span></span> functions and global |
| 8530 | variables are external; all other names are internal.</p> |
| 8531 | <p class="Sidebar" align="right"><a name= |
| 8532 | "_Ref350062822"></a><a name="_Ref348845288"></a><a name= |
| 8533 | "_Toc344355429"></a><a name="_Ref343248602"> </a></p> |
| 8534 | <p class="Sidebar" align="right">The decision to retain the old |
| 8535 | six-character case-insensitive restriction on significance was most |
| 8536 | painful.</p> |
| 8537 | <p class="Sidebar" align="right" style='text-align:right'><i>ANSI C |
| 8538 | Rationale</i></p> |
| 8539 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 8540 | "_Toc534975021">12.3.1<span style= |
| 8541 | 'font:7.0pt "Times New Roman"'> </span> Reserved |
| 8542 | Names</a></h3> |
| 8543 | <p class="TextFontCX">Many names are reserved for the |
| 8544 | implementation and standard library. A complete list of |
| 8545 | reserved names can be found in [vdL, p. 126-128]. Some name |
| 8546 | prefixes such as <span class="CodeText"><span style= |
| 8547 | 'font-size:10.0pt'>str</span></span> followed by a lowercase |
| 8548 | character are reserved for future library extensions. Most C |
| 8549 | compilers do not detect naming conflicts, and they can lead to |
| 8550 | unpredictable program behavior. If <span class= |
| 8551 | "Flag"><span style='font-size:10.0pt'>ansi-reserved</span></span> |
| 8552 | is on, Splint warns about external names that conflict with |
| 8553 | reserved names. If <span class="Flag"><span style= |
| 8554 | 'font-size:10.0pt'>ansi-reserved-internal</span></span> is on, |
| 8555 | warnings are also produced for internal names.</p> |
| 8556 | <p class="TextFontCX"> </p> |
| 8557 | <p class="TextFontCX">If <span class="Flag"><span style= |
| 8558 | 'font-size:10.0pt'>+cpp-names</span></span> is set, Splint warns |
| 8559 | about identifier names that are keywords or reserved words in |
| 8560 | C++. This is useful if the code may later be compiled with a |
| 8561 | C++ compiler (of course, this is not enough to ensure the meaning |
| 8562 | of the code is not changed when it is compiled as C++.)</p> |
| 8563 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 8564 | "_Toc534975022">12.3.2<span style= |
| 8565 | 'font:7.0pt "Times New Roman"'> </span> Distinct |
| 8566 | Names</a></h3> |
| 8567 | <p class="TextFontCX">Splint can check that names differ within a |
| 8568 | given number of characters, optionally ignoring alphabetic case and |
| 8569 | differences between characters that look similar. The number |
| 8570 | of significant characters may be different for external and |
| 8571 | internal names. </p> |
| 8572 | <p class="TextFontCX"> </p> |
| 8573 | <p class="TextFontCX">Using <span class="Flag"><span style= |
| 8574 | 'font-size:10.0pt'>+distinct-external-names</span></span> sets |
| 8575 | the number of significant characters for external names to six and |
| 8576 | makes alphabetical case insignificant for external names. |
| 8577 | This is the minimum significance acceptable in an ANSI-conforming |
| 8578 | compiler. Most modern compilers exceed these minimums (which |
| 8579 | are particularly hard to follow if one uses the Czech or Slovak |
| 8580 | naming convention). The number of significant characters can |
| 8581 | be changed using the <span class="Flag"><span style= |
| 8582 | 'font-size:10.0pt'>external-name-length |
| 8583 | <i><number></i></span></span> flag. If |
| 8584 | <span class="Flag"><span style= |
| 8585 | 'font-size:10.0pt'>external-name-case-insensitive</span></span> |
| 8586 | is on, alphabetical case is ignored in comparing external |
| 8587 | names. Splint reports identifiers that differ only in |
| 8588 | alphabetic case.</p> |
| 8589 | <p class="TextFontCX">For internal identifiers, a conforming |
| 8590 | compiler must recognize at least 31 characters and treat |
| 8591 | alphabetical cases distinctly. Nevertheless, it may still be |
| 8592 | useful to check that internal names are more distinct then required |
| 8593 | by the compiler to minimize the likelihood that identifiers are |
| 8594 | confused in the program. Analogously to external names, the |
| 8595 | <span class="Flag"><span style= |
| 8596 | 'font-size:10.0pt'>internal-name-length</span></span><span class="Flag"> |
| 8597 | <span style= |
| 8598 | 'font-size:10.0pt'> <i><number></i></span></span> flag |
| 8599 | sets the number of significant characters in an internal name and |
| 8600 | <span class="Flag"><span style= |
| 8601 | 'font-size:10.0pt'>internal-name-case-insensitive</span></span> |
| 8602 | sets the case sensitivity. The <span class= |
| 8603 | "Flag"><span style='font-size:10.0pt'>internal-name-look-alike</span></span> |
| 8604 | flag further restricts distinctions between |
| 8605 | identifiers. When set, similar-looking characters match |
| 8606 | — the lowercase letter <span class= |
| 8607 | "CodeText"><span style='font-size:10.0pt'>l</span></span> |
| 8608 | matches the uppercase letter <span class= |
| 8609 | "CodeText"><span style='font-size:10.0pt'>I</span></span> and |
| 8610 | the number <span class="CodeText"><span style= |
| 8611 | 'font-size:10.0pt'>1</span></span>; the letter <span class= |
| 8612 | "CodeText"><span style='font-size:10.0pt'>O</span></span> or |
| 8613 | <span class="CodeText"><span style= |
| 8614 | 'font-size:10.0pt'>o</span></span> matches the number |
| 8615 | <span class="CodeText"><span style= |
| 8616 | 'font-size:10.0pt'>0</span></span>; <span class= |
| 8617 | "CodeText"><span style='font-size:10.0pt'>5</span></span> |
| 8618 | matches <span class="CodeText"><span style= |
| 8619 | 'font-size:10.0pt'>S</span></span>; and <span class= |
| 8620 | "CodeText"><span style='font-size:10.0pt'>2</span></span> |
| 8621 | matches <span class="CodeText"><span style= |
| 8622 | 'font-size:10.0pt'>Z</span></span>. Identifiers that |
| 8623 | are not distinct except for look-alike characters will |
| 8624 | produce an error message. External names are also |
| 8625 | internal names, so they must satisfy both the external and |
| 8626 | internal distinct identifier checks. Figure 24 provides |
| 8627 | some examples of distinct name checking.</p> |
| 8628 | <center> |
| 8629 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 8630 | cellpadding="0" style= |
| 8631 | 'margin-left:9.9pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'> |
| 8632 | <tr> |
| 8633 | <td valign="top" style= |
| 8634 | 'width:166.5pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 8635 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 8636 | <span class="Keyword"><b><span style= |
| 8637 | 'font-size:10.0pt; color:white'>names.c</span></b></span></p></td> |
| 8638 | <td valign="top" style= |
| 8639 | 'width:256.5pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'> |
| 8640 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 8641 | <b><span style='color:white'>Running |
| 8642 | Splint</span></b></p></td></tr> |
| 8643 | <tr> |
| 8644 | <td valign="top" style= |
| 8645 | 'width:166.5pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'> |
| 8646 | <p class="Verbatim"><span class="Line"><span style= |
| 8647 | 'font-size:8.0pt'> </span></span>char *stringrev (char |
| 8648 | *s);</p> |
| 8649 | <p class="Verbatim"> </p> |
| 8650 | <p class="Verbatim"><span class="Line"><span style= |
| 8651 | 'font-size:8.0pt'>3</span></span> int f (int x)</p> |
| 8652 | <p class="Verbatim"><span class="Line"><span style= |
| 8653 | 'font-size:8.0pt'> </span></span> {</p> |
| 8654 | <p class="Verbatim"><span class="Line"><span style= |
| 8655 | 'font-size:8.0pt'>5</span></span> int lookalike = 1;</p> |
| 8656 | <p class="Verbatim"><span class="Line"><span style= |
| 8657 | 'font-size:8.0pt'>6</span></span> int looka1ike = 2;</p> |
| 8658 | <p class="Verbatim"> </p> |
| 8659 | <p class="Verbatim"> if (x > 3)</p> |
| 8660 | <p class="Verbatim"> {</p> |
| 8661 | <p class="Verbatim"><span class="Line"><span style= |
| 8662 | 'font-size:8.0pt'>10</span></span> int x = |
| 8663 | lookalike;</p> |
| 8664 | <p class="Verbatim"> x += |
| 8665 | looka1ike;</p> |
| 8666 | <p class="Verbatim"> }</p> |
| 8667 | <p class="Verbatim"> </p> |
| 8668 | <p class="Verbatim"> return x;</p> |
| 8669 | <p class="Verbatim">} |
| 8670 | </p></td> |
| 8671 | <td valign="top" style= |
| 8672 | 'width:256.5pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 8673 | <p class="lclintrun">> splint names.c |
| 8674 | +distinctinternalnames </p> |
| 8675 | <p class="lclintrun"> |
| 8676 | |
| 8677 | +internalnamelookalike +isoreserved</p> |
| 8678 | <p class="lclintrun"> </p> |
| 8679 | <p class="lclintrun">names.c:1: Name stringreverse is reserved for |
| 8680 | future</p> |
| 8681 | <p class="lclintrun"> library extensions. |
| 8682 | Functions that begin with</p> |
| 8683 | <p class="lclintrun"> "str" and a lowercase |
| 8684 | letter may be added to</p> |
| 8685 | <p class="lclintrun"> <stdlib.h> or |
| 8686 | <string.h>. (ISO99:7.26.9)</p> |
| 8687 | <p class="lclintrun">names.c:6: Internal identifier looka1ike is |
| 8688 | not</p> |
| 8689 | <p class="lclintrun"> distinguishable from |
| 8690 | lookalike except by lookalike</p> |
| 8691 | <p class="lclintrun"> characters</p> |
| 8692 | <p class="lclintrun"> names.c:5: Declaration of |
| 8693 | lookalike</p> |
| 8694 | <p class="lclintrun">names.c:10: Variable x shadows outer |
| 8695 | declaration</p> |
| 8696 | <p class="lclintrun" style='page-break-after:avoid'> |
| 8697 | names.c:3: Previous declaration of x: int</p></td></tr></table> |
| 8698 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 8699 | <tr> |
| 8700 | <td valign="top" style= |
| 8701 | 'padding-top:5.05pt;padding-right: 9.35pt;padding-bottom:5.05pt;padding-left:9.35pt'> |
| 8702 | <p class="MsoCaption"><a name="_Ref343085825"></a><a name= |
| 8703 | "_Ref343085797"></a><a name="_Ref343065542"></a><a name= |
| 8704 | "_Ref349992283"></a><a name="_Ref534642902"></a><a name= |
| 8705 | "_Ref534642319"></a><a name="_Toc534824626"></a><a name= |
| 8706 | "_Ref534823650">Figure 24</a>. Distinct |
| 8707 | Names</p></td></tr></table></center> |
| 8708 | <h1 style='margin-left:0in;text-indent:0in'><a name= |
| 8709 | "_Ref534981356"></a><a name="_Ref534978939"></a><a name= |
| 8710 | "_Toc534975023">13<span style= |
| 8711 | 'font:7.0pt "Times New Roman"'> </span> |
| 8712 | <a id="completeness" name="completeness"> |
| 8713 | Completeness</a></a></h1> |
| 8714 | <p class="TextFontCX">Splint can report warnings for unused |
| 8715 | declarations and exported declarations that are not used |
| 8716 | externally.</p> |
| 8717 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 8718 | "_Toc534975024"></a><a name="_Ref534744216">13.1<span style= |
| 8719 | 'font:7.0pt "Times New Roman"'> </span> |
| 8720 | Unused Declarations</a></h2> |
| 8721 | <p class="TextFontCX">Splint detects constants, functions, |
| 8722 | parameters, variables, types, enumerator members, and structure or |
| 8723 | union fields that are declared but never used. The flags |
| 8724 | <span class="Flag"><span style= |
| 8725 | 'font-size:10.0pt'>constuse</span></span>, <span class= |
| 8726 | "Flag"><span style='font-size:10.0pt'>fcnuse</span></span>, |
| 8727 | <span class="Flag"><span style= |
| 8728 | 'font-size:10.0pt'>paramuse</span></span>, <span class= |
| 8729 | "Flag"><span style='font-size:10.0pt'>varuse</span></span>, |
| 8730 | <span class="Flag"><span style= |
| 8731 | 'font-size:10.0pt'>typeuse</span></span>, <span class= |
| 8732 | "Flag"><span style='font-size:10.0pt'>enummemuse</span></span> and |
| 8733 | <span class="Flag"><span style= |
| 8734 | 'font-size:10.0pt'>fielduse</span></span> control whether unused |
| 8735 | declaration errors are reported for each kind of declaration. |
| 8736 | Errors for exported declarations are reported only if |
| 8737 | <span class="Flag"><span style= |
| 8738 | 'font-size:10.0pt'>topuse</span></span> is on (see Section |
| 8739 | 13.2).</p> |
| 8740 | <p class="TextFontCX"><a name="_Ref349900444"></a><a name= |
| 8741 | "_Ref349850608"></a><a name="_Ref349850429"> </a></p> |
| 8742 | <p class="TextFontCX">The <span class="Annot"><span style= |
| 8743 | 'font-size:10.0pt'>/*@unused@*/</span></span> annotation can |
| 8744 | be used before a declaration to indicate that the item declared |
| 8745 | need not be used. Unused declaration errors are not reported |
| 8746 | for identifiers declared with <span class= |
| 8747 | "Annot"><span style='font-size:10.0pt'>unused</span></span><a name="_Toc344355432"> |
| 8748 | </a><a name="_Ref343110935">.</a></p> |
| 8749 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 8750 | "_Toc534975025"></a><a name="_Toc344355433"></a><a name= |
| 8751 | "_Ref343110504">13.2<span style= |
| 8752 | 'font:7.0pt "Times New Roman"'> </span> |
| 8753 | Complete</a> Programs</h2> |
| 8754 | <p class="TextFontCX">Splint can be used on both complete and |
| 8755 | partial programs. When checking complete programs, |
| 8756 | additional checks can be done to ensure that every identifier |
| 8757 | declared by the program is defined and used, and that functions |
| 8758 | that do not need to be exported are declared <span class= |
| 8759 | "CodeText"><span style='font-size:10.0pt'>static</span></span>.</p> |
| 8760 | <p class="TextFontCX"> </p> |
| 8761 | <p class="TextFontCX">Splint checks that all declared variables and |
| 8762 | functions are defined (controlled by <span class= |
| 8763 | "Flag"><span style='font-size:10.0pt'>compdef</span></span><span class="Flag"> |
| 8764 | <span style='font-size:10.0pt'>)</span></span>. Declarations |
| 8765 | of functions and variables that are defined in an external library, |
| 8766 | may be preceded by <span class="Annot"><span style= |
| 8767 | 'font-size:10.0pt'>/*@external@*/</span></span> to suppress |
| 8768 | undefined declaration errors.</p> |
| 8769 | <p class="TextFontCX"> </p> |
| 8770 | <p class="TextFontCX">Splint reports external declarations that are |
| 8771 | unused (controlled by <span class="Flag"><span style= |
| 8772 | 'font-size:10.0pt'>topuse</span></span>). Which declarations |
| 8773 | are reported also depends on the declaration use flags (Section |
| 8774 | 13.1). The <span class="Flag"><span style= |
| 8775 | 'font-size:10.0pt'>+partial</span></span> flag sets flags for |
| 8776 | checking a partial system. Top-level unused declarations, |
| 8777 | undefined declarations, and unnecessary external names are not |
| 8778 | reported if <span class="Flag"><span style= |
| 8779 | 'font-size:10.0pt'>+partial</span></span> is set.</p> |
| 8780 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 8781 | "_Toc534975026">13.2.1<span style= |
| 8782 | 'font:7.0pt "Times New Roman"'> </span> |
| 8783 | Unnecessarily External Names</a></h3> |
| 8784 | <p class="TextFontCX">Splint can report variables and functions |
| 8785 | that are declared with global scope (i.e., without using |
| 8786 | <span class="CodeText"><span style= |
| 8787 | 'font-size:10.0pt'>static</span></span>), that are not used outside |
| 8788 | the file in which they are defined. In a stand-alone system, |
| 8789 | these identifiers should usually be declared using |
| 8790 | <span class="CodeText"><span style= |
| 8791 | 'font-size:10.0pt'>static</span></span> to limit their |
| 8792 | scope. If the <span class="Flag"><span style= |
| 8793 | 'font-size:10.0pt'>export-static</span></span> flag is on, |
| 8794 | Splint will report declarations that could have file |
| 8795 | scope. It should only be used when all relevant source |
| 8796 | files are listed on the Splint command line; otherwise, |
| 8797 | variables and functions may be incorrectly identified as only |
| 8798 | used in the file scope since Splint did not process the other |
| 8799 | file in which they are used.</p> |
| 8800 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 8801 | "_Toc534975027">13.2.2<span style= |
| 8802 | 'font:7.0pt "Times New Roman"'> </span> |
| 8803 | Declarations Missing from Headers</a></h3> |
| 8804 | <p class="TextFontCX">A common practice in C programming styles, is |
| 8805 | that every function or variable exported by <span class= |
| 8806 | "Keyword"><i><span style= |
| 8807 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>M</span></i></span><span class="Keyword"> |
| 8808 | <span style= |
| 8809 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.c</span></span> |
| 8810 | is declared in <span class="Keyword"><i><span style= |
| 8811 | 'font-size:10.0pt;font-family: Arial;color:windowtext'>M</span></i></span><span class="Keyword"> |
| 8812 | <span style= |
| 8813 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>. |
| 8814 | If the <span class="Flag"><span style= |
| 8815 | 'font-size:10.0pt'>export-header</span></span> flag is on, Splint |
| 8816 | will report exported declarations in <span class= |
| 8817 | "Keyword"><i><span style= |
| 8818 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>M</span></i></span><span class="Keyword"> |
| 8819 | <span style= |
| 8820 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.c</span></span> |
| 8821 | that are not declared in <span class= |
| 8822 | "Keyword"><i><span style='font-size:10.0pt; font-family:Arial;color:windowtext'> |
| 8823 | M</span></i></span><span class="Keyword"><span style= |
| 8824 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>.</p> |
| 8825 | <h1 style='margin-left:0in;text-indent:0in'><a name= |
| 8826 | "_Toc534975028"></a><a name="_Ref534642392"></a><a name= |
| 8827 | "_Ref349900301">14<span style= |
| 8828 | 'font:7.0pt "Times New Roman"'> </span> |
| 8829 | <a id="libraries" name="libraries"> |
| 8830 | Libraries</a> and Header File Inclusion</a></h1> |
| 8831 | <p class="TextFontCX">Libraries can be used to record interface |
| 8832 | information. A library containing information about the |
| 8833 | standard C Library is used to enable checking of library |
| 8834 | calls. Program libraries can be created to enable fast |
| 8835 | checking of single modules in a large program.</p> |
| 8836 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 8837 | "_Toc534975029"></a><a name="_Ref534035506"></a><a name= |
| 8838 | "_Ref348801560"></a><a name="_Ref347465531"></a><a name= |
| 8839 | "_Ref344887939"></a><a name="_Toc344355445">14.1<span style= |
| 8840 | 'font:7.0pt "Times New Roman"'> </span> |
| 8841 | Standard Librar</a>ies</h2> |
| 8842 | <p class="TextFontCX">In order to check calls to library functions, |
| 8843 | Splint uses an annotated standard library. This contains more |
| 8844 | information about function interfaces then is available in the |
| 8845 | system header files since it uses annotations. Further, it |
| 8846 | contains only those functions documented in the ISO C99 |
| 8847 | standard. Many systems include extra functions in their |
| 8848 | system libraries; programs that use these functions cannot be |
| 8849 | compiled on other systems that do not provide them. Certain |
| 8850 | types defined by the library are treated as abstract types |
| 8851 | (e.g., a program should not rely on how the <span class= |
| 8852 | "CodeText"><span style='font-size:10.0pt'>FILE</span></span> type |
| 8853 | is implemented). When checking source code, Splint does |
| 8854 | include system headers corresponding to files in the library, but |
| 8855 | instead uses the library description of the standard library.</p> |
| 8856 | <p class="TextFontCX"> </p> |
| 8857 | <p class="TextFontCX">The Splint distribution includes several |
| 8858 | different standard libraries: the ANSI standard library, the POSIX |
| 8859 | standard library<a href="#_ftn19" name="_ftnref19" title= |
| 8860 | ""><span class="MsoFootnoteReference"><span class= |
| 8861 | "MsoFootnoteReference"><span style= |
| 8862 | 'font-size:11.0pt;font-family:"Times New Roman"'>[19]</span></span></span></a>, |
| 8863 | and a UNIX library based on the Open Group’s Single Unix |
| 8864 | Specification. Each library comes in two versions: the |
| 8865 | standard version and the strict version.</p> |
| 8866 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 8867 | "_Toc534975030">14.1.1<span style= |
| 8868 | 'font:7.0pt "Times New Roman"'> </span> ISO |
| 8869 | Standard Library</a></h3> |
| 8870 | <p class="TextFontCX">The default behavior of Splint is to use the |
| 8871 | ISO standard library (loaded from <span class= |
| 8872 | "CodeText"><span style= |
| 8873 | 'font-size:10.0pt'>standard.lcd</span></span>). This library |
| 8874 | is based on the standard library described in the ISO C99 |
| 8875 | standard.</p> |
| 8876 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 8877 | "_Toc534975031">14.1.2<span style= |
| 8878 | 'font:7.0pt "Times New Roman"'> </span> POSIX |
| 8879 | Library</a></h3> |
| 8880 | <p class="TextFontCX">The POSIX library is selected by the |
| 8881 | <span class="Flag"><span style= |
| 8882 | 'font-size:10.0pt'>+posixlib</span></span> flag. The |
| 8883 | POSIX library is based on the IEEE Std 1003.1-1990. </p> |
| 8884 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 8885 | "_Toc534975032">14.1.3<span style= |
| 8886 | 'font:7.0pt "Times New Roman"'> </span> UNIX |
| 8887 | Library</a></h3> |
| 8888 | <p class="afterlist">The UNIX library is selected by the |
| 8889 | <span class="Flag"><span style= |
| 8890 | 'font-size:10.0pt'>+unixlib</span></span> flag. This library |
| 8891 | is based on the Open Group’s Single Unix Specification, |
| 8892 | Version 2. In the UNIX library, <span class= |
| 8893 | "CodeText"><span style='font-size:10.0pt'>free</span></span> is |
| 8894 | declared with a non-null parameter. ISO specifies that |
| 8895 | <span class="CodeText"><span style= |
| 8896 | 'font-size:10.0pt'>free</span></span> should handle the argument |
| 8897 | <span class="CodeText"><span style= |
| 8898 | 'font-size:10.0pt'>NULL</span></span>, but several UNIX platforms |
| 8899 | crash if <span class="CodeText"><span style= |
| 8900 | 'font-size:10.0pt'>NULL</span></span> is passed to |
| 8901 | <span class="CodeText"><span style= |
| 8902 | 'font-size:10.0pt'>free</span></span>.</p> |
| 8903 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 8904 | "_Toc534975033">14.1.4<span style= |
| 8905 | 'font:7.0pt "Times New Roman"'> </span> Strict |
| 8906 | Libraries</a></h3> |
| 8907 | <p class="TextFontCX">Stricter versions of the libraries are used |
| 8908 | is the <span class="Flag"><span style= |
| 8909 | 'font-size:10.0pt'>-ansi-strict</span></span>, <span class= |
| 8910 | "Flag"><span style= |
| 8911 | 'font-size:10.0pt'>posix-strict-lib</span></span> or |
| 8912 | <span class="Flag"><span style= |
| 8913 | 'font-size:10.0pt'>unix-strict-lib</span></span> flag is used. |
| 8914 | These libraries use a stricter interpretation of the library. |
| 8915 | They will detect more errors in some programs, but may to produce |
| 8916 | many spurious errors for typical code.</p> |
| 8917 | <p class="TextFontCX"> </p> |
| 8918 | <p class="beforelist">The differences between the standard |
| 8919 | libraries and the strict libraries are:</p> |
| 8920 | <p class="MsoListBullet"><span style= |
| 8921 | 'font-family:Symbol'>·<span style= |
| 8922 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 8923 | The standard libraries declare the printing functions |
| 8924 | (<span class="CodeText"><span style= |
| 8925 | 'font-size:10.0pt'>fprintf</span></span>, <span class= |
| 8926 | "CodeText"><span style= |
| 8927 | 'font-size:10.0pt'>printf</span></span>, and <span class= |
| 8928 | "CodeText"><span style= |
| 8929 | 'font-size:10.0pt'>sprintf</span></span>) that may return |
| 8930 | error codes to return <span class="CodeText"><span style= |
| 8931 | 'font-size:10.0pt'>int</span></span> or <span class= |
| 8932 | "CodeText"><span style= |
| 8933 | 'font-size:10.0pt'>void</span></span>. This prevents |
| 8934 | typical programs from leading to deluge of ignored return |
| 8935 | value errors, but may mean some relevant errors are not |
| 8936 | detected. In the strict library, they are declared to |
| 8937 | return <span class="CodeText"><span style= |
| 8938 | 'font-size:10.0pt'>int</span></span>, so ignored return value |
| 8939 | errors will be reported (depending on other flag |
| 8940 | settings). Programs should check that this return value |
| 8941 | is non-negative.</p> |
| 8942 | <p class="MsoListBullet"><span style= |
| 8943 | 'font-family:Symbol'>·<span style= |
| 8944 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 8945 | The standard libraries declare some parameters and return values to |
| 8946 | be alternate types (<span class="CodeText"><span style= |
| 8947 | 'font-size:10.0pt'>int</span></span> or <span class= |
| 8948 | "CodeText"><span style='font-size:10.0pt'>bool</span></span>, or |
| 8949 | <span class="CodeText"><span style= |
| 8950 | 'font-size:10.0pt'>int</span></span> or <span class= |
| 8951 | "CodeText"><span style= |
| 8952 | 'font-size:10.0pt'>char</span></span>). The ISO C99 standard |
| 8953 | specifies these types as <span class="CodeText"><span style= |
| 8954 | 'font-size: 10.0pt'>int</span></span> to be compatible with older |
| 8955 | versions of the library, but logically they make more sense as |
| 8956 | <span class="CodeText"><span style= |
| 8957 | 'font-size:10.0pt'>bool</span></span> or <span class= |
| 8958 | "CodeText"><span style='font-size:10.0pt'>char</span></span>. |
| 8959 | In the strict library, the stronger type is used. The |
| 8960 | parameter to <span class="CodeText"><span style= |
| 8961 | 'font-size:10.0pt'>assert</span></span> is <span class= |
| 8962 | "CodeText"><span style='font-size:10.0pt'>int</span></span> or |
| 8963 | <span class="CodeText"><span style= |
| 8964 | 'font-size:10.0pt'>bool</span></span> in the standard library, and |
| 8965 | <span class="CodeText"><span style= |
| 8966 | 'font-size:10.0pt'>bool</span></span> in the strict library. |
| 8967 | The parameter to the character functions <span class= |
| 8968 | "CodeText"><span style='font-size:10.0pt'>isalnum</span></span>, |
| 8969 | <span class="CodeText"><span style= |
| 8970 | 'font-size:10.0pt'>isalpha</span></span>, <span class= |
| 8971 | "CodeText"><span style='font-size:10.0pt'>iscntrl</span></span>, |
| 8972 | <span class="CodeText"><span style= |
| 8973 | 'font-size:10.0pt'>isdigit</span></span>, <span class= |
| 8974 | "CodeText"><span style='font-size:10.0pt'>isgraph</span></span>, |
| 8975 | <span class="CodeText"><span style= |
| 8976 | 'font-size:10.0pt'>islower</span></span>, <span class= |
| 8977 | "CodeText"><span style='font-size:10.0pt'>isprint</span></span>, |
| 8978 | <span class="CodeText"><span style= |
| 8979 | 'font-size:10.0pt'>ispunct</span></span>, <span class= |
| 8980 | "CodeText"><span style='font-size:10.0pt'>isspace</span></span>, |
| 8981 | <span class="CodeText"><span style= |
| 8982 | 'font-size:10.0pt'>isupper</span></span>, <span class= |
| 8983 | "CodeText"><span style='font-size:10.0pt'>isxdigit</span></span>, |
| 8984 | <span class="CodeText"><span style= |
| 8985 | 'font-size:10.0pt'>tolower</span></span> and |
| 8986 | <span class="CodeText"><span style= |
| 8987 | 'font-size:10.0pt'>toupper</span></span> is <span class= |
| 8988 | "CodeText"><span style='font-size:10.0pt'>char</span></span> |
| 8989 | or <span class="CodeText"><span style= |
| 8990 | 'font-size:10.0pt'>unsigned char</span></span> or |
| 8991 | <span class="CodeText"><span style= |
| 8992 | 'font-size:10.0pt'>int</span></span> in the standard library |
| 8993 | and <span class="CodeText"><span style= |
| 8994 | 'font-size:10.0pt'>char</span></span> in the strict |
| 8995 | library. The type of the return value of the character |
| 8996 | classification functions (all of the previous character |
| 8997 | functions except <span class="CodeText"><span style= |
| 8998 | 'font-size:10.0pt'>tolower</span></span> and <span class= |
| 8999 | "CodeText"><span style= |
| 9000 | 'font-size:10.0pt'>toupper</span></span>) is <span class= |
| 9001 | "CodeText"><span style='font-size:10.0pt'>bool</span></span> |
| 9002 | or <span class="CodeText"><span style= |
| 9003 | 'font-size:10.0pt'>int</span></span> in the standard library |
| 9004 | and <span class="CodeText"><span style= |
| 9005 | 'font-size:10.0pt'>bool</span></span> in the strict |
| 9006 | library. The type of the first parameter to |
| 9007 | <span class="CodeText"><span style= |
| 9008 | 'font-size:10.0pt'>ungetc</span></span> is <span class= |
| 9009 | "CodeText"><span style='font-size:10.0pt'>char</span></span> |
| 9010 | or <span class="CodeText"><span style= |
| 9011 | 'font-size:10.0pt'>int</span></span> in the standard library |
| 9012 | and <span class="CodeText"><span style= |
| 9013 | 'font-size:10.0pt'>char</span></span> in the strict library |
| 9014 | (<span class="CodeText"><span style= |
| 9015 | 'font-size:10.0pt'>EOF</span></span> should not be passed to |
| 9016 | <span class="CodeText"><span style= |
| 9017 | 'font-size:10.0pt'>ungetc</span></span>). The second |
| 9018 | parameter to <span class="CodeText"><span style= |
| 9019 | 'font-size:10.0pt'>strchr</span></span> and <span class= |
| 9020 | "CodeText"><span style= |
| 9021 | 'font-size:10.0pt'>strrchr</span></span> is <span class= |
| 9022 | "CodeText"><span style='font-size:10.0pt'>char</span></span> |
| 9023 | or <span class="CodeText"><span style= |
| 9024 | 'font-size:10.0pt'>int</span></span> in the standard library |
| 9025 | and <span class="CodeText"><span style= |
| 9026 | 'font-size:10.0pt'>char</span></span> in the strict |
| 9027 | library.</p> |
| 9028 | <p class="MsoListBullet"><span style= |
| 9029 | 'font-family:Symbol'>·<span style= |
| 9030 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 9031 | The global variables <span class="CodeText"><span style= |
| 9032 | 'font-size:10.0pt'>stdin</span></span>, <span class= |
| 9033 | "CodeText"><span style= |
| 9034 | 'font-size:10.0pt'>stdout</span></span> and <span class= |
| 9035 | "CodeText"><span style= |
| 9036 | 'font-size:10.0pt'>stderr</span></span> are declared as |
| 9037 | <span class="CodeText"><span style= |
| 9038 | 'font-size:10.0pt'>unchecked</span></span> variables (see Section |
| 9039 | 7.2) in the standard libraries. In the strict libraries, they |
| 9040 | are<span class="CodeText"><span style= |
| 9041 | 'font-size:10.0pt'>checked</span></span>.</p> |
| 9042 | <p class="MsoListBullet"><span style= |
| 9043 | 'font-family:Symbol'>·<span style= |
| 9044 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 9045 | The global variable <span class="CodeText"><span style= |
| 9046 | 'font-size:10.0pt'>errno</span></span> is declared |
| 9047 | <span class="CodeText"><span style= |
| 9048 | 'font-size:10.0pt'>unchecked</span></span> in the |
| 9049 | standard libraries, but declared <span class= |
| 9050 | "CodeText"><span style= |
| 9051 | 'font-size:10.0pt'>checkedstrict</span></span> in the |
| 9052 | strict libraries.</p> |
| 9053 | <p class="TextFontCX"> </p> |
| 9054 | <p class="TextFontCX">If no library flag is used, Splint will load |
| 9055 | the standard library, <span class="Keyword"><span style= |
| 9056 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>standard.lcd</span></span>. |
| 9057 | If <span class="Flag"><span style= |
| 9058 | 'font-size:10.0pt'>+nolib</span></span> is set, no library is |
| 9059 | loaded. The library source files can easily be modified, and |
| 9060 | new libraries created to better suit a particular application.</p> |
| 9061 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 9062 | "_Toc534975034"></a><a name="_Toc344355447">14.2<span style= |
| 9063 | 'font:7.0pt "Times New Roman"'> </span> |
| 9064 | Generating Libraries</a></h2> |
| 9065 | <p class="TextFontCX">To enable running Splint on large systems, |
| 9066 | mechanisms are provided for creating libraries containing necessary |
| 9067 | information. This means source files can be checked |
| 9068 | independently, after a library has been created. The command line |
| 9069 | option <span class="Flag"><span style= |
| 9070 | 'font-size:10.0pt'>-dump</span></span> <span class= |
| 9071 | "Flag"><span style='font-size:10.0pt'><i>library</i></span></span> |
| 9072 | stores information in the file <span class= |
| 9073 | "Keyword"><i><span style='font-size:10.0pt; font-family:Arial;color:windowtext'> |
| 9074 | library</span></i></span> (the default extension <span class= |
| 9075 | "Keyword"><span style= |
| 9076 | 'font-size:10.0pt;font-family:Arial; color:windowtext'>.lcd</span></span> |
| 9077 | is added). Then, <span class="Flag"><span style= |
| 9078 | 'font-size:10.0pt'>-load</span></span> <span class= |
| 9079 | "Flag"><span style='font-size:10.0pt'><i>library</i></span></span> |
| 9080 | loads the library. The library contains interface information |
| 9081 | from the files checked when the library was created.</p> |
| 9082 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 9083 | "_Toc534975035">14.2.1<span style= |
| 9084 | 'font:7.0pt "Times New Roman"'> </span> Generating |
| 9085 | the Standard Libraries</a></h3> |
| 9086 | <p class="TextFontCX">The standard libraries are generated from |
| 9087 | header files included in the Splint distribution. Some |
| 9088 | libraries are generated from more than one header file. Since |
| 9089 | the POSIX library subsumes the standard library, the headers for |
| 9090 | the standard and POSIX libraries are combined to produce the POSIX |
| 9091 | library. Similarly, the UNIX library is composed of the |
| 9092 | standard, POSIX and UNIX headers. The header files include |
| 9093 | some sections that are conditionally selected by defining |
| 9094 | <span class="CodeText"><span style= |
| 9095 | 'font-size:10.0pt'>STRICT</span></span>. The commands to |
| 9096 | generate the standard libraries are:</p> |
| 9097 | <p class="example" style= |
| 9098 | 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:.2in;margin-bottom:.0001pt'> |
| 9099 | splint -nolib ansi.h -dump ansi</p> |
| 9100 | <p class="example" style= |
| 9101 | 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:.2in;margin-bottom:.0001pt'> |
| 9102 | splint -nolib -DSTRICT ansi.h -dump ansistrict</p> |
| 9103 | <p class="example" style= |
| 9104 | 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:.2in;margin-bottom:.0001pt'> |
| 9105 | splint -nolib ansi.h posix.h -dump posix</p> |
| 9106 | <p class="example" style= |
| 9107 | 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:.2in;margin-bottom:.0001pt'> |
| 9108 | splint -nolib -DSTRICT ansi.h posix.h -dump posixstrict</p> |
| 9109 | <p class="example" style= |
| 9110 | 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:.2in;margin-bottom:.0001pt'> |
| 9111 | splint -nolib ansi.h posix.h unix.h -dump unix</p> |
| 9112 | <p class="example" style= |
| 9113 | 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:.2in;margin-bottom:.0001pt'> |
| 9114 | splint -nolib -DSTRICT ansi.h posix.h unix.h -dump unixstrict</p> |
| 9115 | <h2 style='margin-left:0in;text-indent:0in'><a name= |
| 9116 | "_Ref534979539"></a><a name="_Toc534975036"></a><a name= |
| 9117 | "_Ref348080056"></a><a name="_Toc344355448">14.3<span style= |
| 9118 | 'font:7.0pt "Times New Roman"'> </span> |
| 9119 | Header File Inclusion</a></h2> |
| 9120 | <p class="TextFontCX">The standard behavior of Splint on |
| 9121 | encountering</p> |
| 9122 | <p class="example"><span class="Keyword"><span style= |
| 9123 | 'font-size:10.0pt'>#include <<i>X</i>.h></span></span></p> |
| 9124 | <p class="TextFontCX">is to search for a file named |
| 9125 | <span class="Keyword"><i><span style= |
| 9126 | 'font-size:10.0pt;font-family:Arial; color:windowtext'>X</span></i></span><span class="Keyword"> |
| 9127 | <span style= |
| 9128 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span> |
| 9129 | on the include search path (set using <span class= |
| 9130 | "Flag"><span style='font-size: 10.0pt'>–I</span></span>) and |
| 9131 | then the system base include path (read from the <span class= |
| 9132 | "CodeText"><span style='font-size:10.0pt'>include</span></span> |
| 9133 | environment variable if set or using a default value, usually |
| 9134 | <span class="Keyword"><span style= |
| 9135 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>/usr/include</span></span>). |
| 9136 | If <span class="Keyword"><i><span style= |
| 9137 | 'font-size:10.0pt;font-family:Arial; color:windowtext'>X</span></i></span><span class="Keyword"> |
| 9138 | <span style= |
| 9139 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span> |
| 9140 | is the name of a header file in a loaded standard library and |
| 9141 | <span class="Keyword"><i><span style= |
| 9142 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>X</span></i></span><span class="Keyword"> |
| 9143 | <span style= |
| 9144 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span> |
| 9145 | is found in a directory that is a system directory (as set by the |
| 9146 | <span class="Flag"><span style= |
| 9147 | 'font-size:10.0pt'>-sysdirs</span></span> flag; the default is |
| 9148 | <span class="Keyword"><span style= |
| 9149 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>/usr/include</span></span>), |
| 9150 | <span class="Keyword"><i><span style= |
| 9151 | 'font-size:10.0pt;font-family:Arial; color:windowtext'>X</span></i></span><span class="Keyword"> |
| 9152 | <span style= |
| 9153 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span> |
| 9154 | will not be included if <span class="Flag"><span style= |
| 9155 | 'font-size:10.0pt'>+skip-iso-headers</span></span> or |
| 9156 | <span class="Flag"><span style= |
| 9157 | 'font-size:10.0pt'>+skip-posix-headers</span></span> (depending |
| 9158 | on whether <span class="Keyword"><i><span style= |
| 9159 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>X</span></i></span><span class="Keyword"> |
| 9160 | <span style= |
| 9161 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span> |
| 9162 | is an ISO or POSIX header file) is on (both are on by |
| 9163 | default). To force all headers to be included normally, use |
| 9164 | <span class="Flag"><span style= |
| 9165 | 'font-size: 10.0pt'>‑skip-iso-headers</span></span>. </p> |
| 9166 | <p class="TextFontCX"> </p> |
| 9167 | <p class="TextFontCX">Sometimes headers in system directories |
| 9168 | contain non-standard syntax that Splint is unable to parse. |
| 9169 | The <span class="Flag"><span style= |
| 9170 | 'font-size:10.0pt'>+skip-sys-headers</span></span> flag may be |
| 9171 | used to prevent any include file in a system directory from being |
| 9172 | included.</p> |
| 9173 | <p class="TextFontCX"> </p> |
| 9174 | <p class="TextFontCX">Splint is fast enough that it can be run on |
| 9175 | medium-size (10,000 line) programs without performance |
| 9176 | concerns. Libraries can be used to enable efficient checking |
| 9177 | of small modules in large programs. To further improve |
| 9178 | performance, header file inclusion can be optimized.</p> |
| 9179 | <p class="TextFontCX"> </p> |
| 9180 | <p class="TextFontCX">When processing a complete system in which |
| 9181 | many files include the same headers, a large fraction of processing |
| 9182 | time is wasted re-reading header files unnecessarily. If you |
| 9183 | are checking a 100-file program, and every file includes |
| 9184 | <span class="Flag"><span style= |
| 9185 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>utils.h</span></span>, |
| 9186 | Splint will have to process <span class= |
| 9187 | "Keyword"><span style='font-size:10.0pt; font-family:Arial;color:windowtext'> |
| 9188 | utils.h</span></span> 100 times (as would most C compilers). |
| 9189 | If the <span class="Flag"><span style= |
| 9190 | 'font-size:10.0pt'>+single-include</span></span> flag is used, each |
| 9191 | header file is processed only once. Single header file |
| 9192 | processing produces a significant efficiency improvement when |
| 9193 | checking large programs split into many files, but is only safe if |
| 9194 | the same header file included in different contexts always has the |
| 9195 | same meaning (i.e., it does not depend on preprocessor variable |
| 9196 | defined differently at different inclusion sites).</p> |
| 9197 | <p class="TextFontCX"> </p> |
| 9198 | <p class="TextFontCX">When processing a single file in a large |
| 9199 | system, a large fraction of the time is spent processing included |
| 9200 | header files. This can be avoided if the information in the |
| 9201 | header files is stored in a library instead. If |
| 9202 | <span class="Flag"><span style= |
| 9203 | 'font-size:10.0pt'>+never-include</span></span> is set, |
| 9204 | inclusion of files ending in <span class="Flag"><span style= |
| 9205 | 'font-size: 10.0pt;font-family:Arial;color:windowtext'>.h</span></span> |
| 9206 | is prevented. Files with different suffixes are |
| 9207 | included normally. To do this the header files must not |
| 9208 | include any expanded macros. That is, the header file must be |
| 9209 | processed with <span class="Flag"><span style= |
| 9210 | 'font-size:10.0pt'>+all-macros</span></span>, and there must |
| 9211 | be no <span class="Annot"><span style= |
| 9212 | 'font-size:10.0pt'>/*@notfunction@*/</span></span> control |
| 9213 | comments in the header. Then, the <span class= |
| 9214 | "Flag"><span style= |
| 9215 | 'font-size:10.0pt'>+never-include</span></span> flag may be |
| 9216 | used to prevent inclusion of header files. Alternately, |
| 9217 | non-function macros can be moved to a different file with a |
| 9218 | name that does not end in <span class="Keyword"><span style= |
| 9219 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>. |
| 9220 | Remember, that this file must be included directly from the |
| 9221 | <span class="Keyword"><span style= |
| 9222 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.c</span></span> |
| 9223 | file, since if it is included from an <span class= |
| 9224 | "Keyword"><span style= |
| 9225 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span> |
| 9226 | file indirectly, that <span class="Keyword"><span style= |
| 9227 | 'font-size:10.0pt; font-family:Arial;color:windowtext'>.h</span></span> |
| 9228 | file is ignored so the other file is never included.</p> |
| 9229 | <p class="TextFontCX"> </p> |
| 9230 | <p class="TextFontCX">These options can be used for significant |
| 9231 | performance improvements on large systems. The performance |
| 9232 | depends on how the code is structured, but checking a single module |
| 9233 | in a large program is several times faster if libraries and |
| 9234 | <span class="Flag"><span style= |
| 9235 | 'font-size:10.0pt'>+noinclude</span></span> are used.</p> |
| 9236 | <h3 style='margin-left:0in;text-indent:0in'><a name= |
| 9237 | "_Toc534975037">14.3.1<span style= |
| 9238 | 'font:7.0pt "Times New Roman"'> </span> |
| 9239 | Preprocessing Constants</a></h3> |
| 9240 | <p class="TextFontCX">Splint defines the preprocessor constant |
| 9241 | <span class="CodeText"><span style= |
| 9242 | 'font-size:10.0pt'>S_SPLINT_S</span></span> when preprocessing |
| 9243 | source files. If you want to include code that is processed |
| 9244 | only when Splint is used, surround the code with</p> |
| 9245 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 9246 | <span class="Keyword"><span style= |
| 9247 | 'font-size:10.0pt'> </span></span></p> |
| 9248 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 9249 | <span class="Keyword"><span style='font-size:10.0pt'># ifdef |
| 9250 | S_SPLINT_S</span></span></p> |
| 9251 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 9252 | …</p> |
| 9253 | <p class="TextFontCX"><span class="Keyword"><span style= |
| 9254 | 'font-size:10.0pt'># endif</span></span></p> |
| 9255 | <p class="MsoHeading7" style='margin-left:0in;text-indent:0in'> |
| 9256 | <a name="_Toc534975038"></a><a name="_Toc344355451"></a><a name= |
| 9257 | "_Ref343065611">Appendix A<span style= |
| 9258 | 'font:7.0pt "Times New Roman"'> </span> |
| 9259 | <a id="availability" name="availability"> |
| 9260 | Availability</a></a></p> |
| 9261 | <p class="afterlist">The web home page for Splint is |
| 9262 | <span class="Keyword"><span style= |
| 9263 | 'font-size:10.0pt;font-family:Arial;color:windowtext'><a href= |
| 9264 | "http://www.splint.org/">http://www.splint.org</a></span></span>. |
| 9265 | It includes this guide in HTML format, samples demonstrating |
| 9266 | Splint, and links to related web sites. Splint is |
| 9267 | available as source code and binary executables for several |
| 9268 | platforms. Splint may be freely distributed and |
| 9269 | modified under the GNU General Public License. The |
| 9270 | latest development code is available through SourceForge.</p> |
| 9271 | <p class="TextFontCX"> </p> |
| 9272 | <p class="TextFontCX">Splint development is largely driven by |
| 9273 | suggestions and comments from users. We are also very |
| 9274 | interested in hearing about your experiences using Splint in |
| 9275 | developing or maintaining programs, enforcing coding standards, or |
| 9276 | teaching courses. For general information, suggestions, and |
| 9277 | questions on Splint send mail to <span class= |
| 9278 | "Keyword"><span style='font-size:10.0pt;font-family:Arial;color:windowtext'> |
| 9279 | splint@cs.virginia.edu</span></span>.</p> |
| 9280 | <p class="TextFontCX"> </p> |
| 9281 | <p class="TextFontCX">To report a bug in Splint send a message to |
| 9282 | <span class="Keyword"><span style= |
| 9283 | 'font-size:10.0pt;font-family: Arial;color:windowtext'>splint-bug@cs.virginia.edu</span></span>.</p> |
| 9284 | <p class="TextFontCX"> </p> |
| 9285 | <p class="beforelist">There are two mailing lists associated with |
| 9286 | Splint:</p> |
| 9287 | <p class="URL"><span class="Keyword"><span style= |
| 9288 | 'font-family:Arial;color:windowtext'>splint-announce@virginia.edu</span></span></p> |
| 9289 | <p class="IndentText">Reserved for announcements of new releases |
| 9290 | and bug fixes. All users should add themselves to this |
| 9291 | list. </p> |
| 9292 | <p class="URL"><span class="Keyword"><span style= |
| 9293 | 'font-family:Arial;color:windowtext'>splint-interest@virginia.edu</span></span></p> |
| 9294 | <p class="IndentText">Informal discussions on the use and |
| 9295 | development of Splint. </p> |
| 9296 | <p class="TextFontCX"> </p> |
| 9297 | <p class="TextFontCX"><a name="_Ref344882161"></a><a name= |
| 9298 | "_Ref344871249"></a><a name="_Ref344870532"></a><a name= |
| 9299 | "_Ref344870294">To subscribe to a mailing list, send a message |
| 9300 | to</a> <span class="PlainText"><span style= |
| 9301 | 'font-size:10.0pt;font-family:Arial'>majordomo@virginia.edu</span></span> |
| 9302 | containing the body</p> |
| 9303 | <p class="URL"><span class="Keyword"><span style= |
| 9304 | 'font-family:Arial;color:windowtext'>subscribe |
| 9305 | splint-announce</span></span><span style= |
| 9306 | 'font-size:11.0pt;font-family:"Times New Roman"'>or</span> |
| 9307 | <span class="Keyword"><span style= |
| 9308 | 'font-family:Arial;color:windowtext'>subscribe |
| 9309 | splint-interest</span></span><a name= |
| 9310 | "_Ref348343340"></a><a name="_Ref348330382">.</a></p> |
| 9311 | <p class="MsoHeading7" style='margin-left:0in;text-indent:0in'> |
| 9312 | <a name="_Toc534975039"></a><a name="_Ref397875360">Appendix |
| 9313 | B<span style= |
| 9314 | 'font:7.0pt "Times New Roman"'> </span> |
| 9315 | <a id="flags" name="flags"> |
| 9316 | Flags</a> |
| 9317 | </a><a name="_Toc344355437"></a></p> |
| 9318 | <p class="beforelist">There are four different types of flags:</p> |
| 9319 | <p class="MsoListBullet"><span style= |
| 9320 | 'font-family:Symbol'>·<span style= |
| 9321 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 9322 | Global flags for controlling initializations and global |
| 9323 | behavior</p> |
| 9324 | <p class="MsoListBullet"><span style= |
| 9325 | 'font-family:Symbol'>·<span style= |
| 9326 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 9327 | Message format flags for controlling how messages are displayed</p> |
| 9328 | <p class="MsoListBullet"><span style= |
| 9329 | 'font-family:Symbol'>·<span style= |
| 9330 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 9331 | Mode selectors for coarse control of Splint checking</p> |
| 9332 | <p class="MsoListBullet"><span style= |
| 9333 | 'font-family:Symbol'>·<span style= |
| 9334 | 'font:7.0pt "Times New Roman"'> </span></span> |
| 9335 | Checking flags that control checking and what classes of messages |
| 9336 | are reported.</p> |
| 9337 | <p class="afterlist">Global flags can be used in initialization |
| 9338 | files and at the command line; all other flags may also be used in |
| 9339 | control comments.</p> |
| 9340 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 9341 | <a name="_Toc534975050">Key</a></p> |
| 9342 | <p class="beforelist">To the left of each flag name is a flag |
| 9343 | descriptor encoding what kind of flag it is and its default |
| 9344 | value. The descriptions are:</p> |
| 9345 | <div> |
| 9346 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 9347 | height="14" align="left"> |
| 9348 | <tr> |
| 9349 | <td valign="top" align="left" height="14" style= |
| 9350 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 9351 | <p class="TextFontCX" align="center" style= |
| 9352 | 'text-align:center;background:#CCCCCC'><span style= |
| 9353 | 'font-size:10.0pt'>P:</span> <span class="Flag"><span style= |
| 9354 | 'font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 9355 | <p class="TextFontCX">A <i>plain</i> flag. The value after |
| 9356 | the colon gives the default setting (e.g., this flag is |
| 9357 | off.) </p> |
| 9358 | <p class="TextFontCX"> </p> |
| 9359 | <div> |
| 9360 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 9361 | height="14" align="left"> |
| 9362 | <tr> |
| 9363 | <td valign="top" align="left" height="14" style= |
| 9364 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 9365 | <p class="TextFontCX" align="center" style= |
| 9366 | 'text-align:center;background:#CCCCCC'><span style= |
| 9367 | 'font-size:10.0pt'>m:</span><span class="Flag"><span style= |
| 9368 | 'font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 9369 | <p class="TextFontCX">A <i>mode checking flag</i>. The value |
| 9370 | of the flag is set by the mode selector. The four signs give |
| 9371 | the setting in the weak, standard, checks and strict modes. (e.g., |
| 9372 | this flag is off in the weak and standard modes, and on in the |
| 9373 | checks and strict modes.)</p> |
| 9374 | <p class="TextFontCX"> </p> |
| 9375 | <div> |
| 9376 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 9377 | height="14" align="left"> |
| 9378 | <tr> |
| 9379 | <td valign="top" align="left" height="14" style= |
| 9380 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 9381 | <p class="TextFontCX" align="center" style= |
| 9382 | 'text-align:center;background:#CCCCCC'><span style= |
| 9383 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 9384 | <p class="TextFontCX">A <i>shortcut</i> flag. This flag sets |
| 9385 | other flags, so it has no default value.</p> |
| 9386 | <p class="MsoHeading8" style='margin-left:0in;text-indent:0in'> |
| 9387 | <a name="_Toc534975061">Flag Name Abbreviations</a></p> |
| 9388 | <p class="beforelist">Within a flag name, abbreviations may be |
| 9389 | used. Figure 25 shows the flag name abbreviations. The |
| 9390 | expanded and short forms are interchangeable in flag names.</p> |
| 9391 | <center> |
| 9392 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 9393 | cellpadding="0" style= |
| 9394 | 'margin-left:99.9pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'> |
| 9395 | <tr> |
| 9396 | <td valign="top" style= |
| 9397 | 'width:171.0pt;border:none;border-bottom:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 9398 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 9399 | Expanded Form</p></td> |
| 9400 | <td valign="top" style= |
| 9401 | 'width:67.5pt;border:none;border-bottom:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'> |
| 9402 | <p class="TextFontCX" align="center" style='text-align:center'> |
| 9403 | Short Form</p></td></tr> |
| 9404 | <tr> |
| 9405 | <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9406 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9407 | 'font-size:10.0pt'>constant</span></span></p></td> |
| 9408 | <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9409 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9410 | 'font-size:10.0pt'>const</span></span></p></td></tr> |
| 9411 | <tr> |
| 9412 | <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9413 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9414 | 'font-size:10.0pt'>declaration</span></span></p></td> |
| 9415 | <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9416 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9417 | 'font-size:10.0pt'>decl</span></span></p></td></tr> |
| 9418 | <tr> |
| 9419 | <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9420 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9421 | 'font-size:10.0pt'>function</span></span></p></td> |
| 9422 | <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9423 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9424 | 'font-size:10.0pt'>fcn</span></span></p></td></tr> |
| 9425 | <tr> |
| 9426 | <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9427 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9428 | 'font-size:10.0pt'>global</span></span></p></td> |
| 9429 | <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9430 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9431 | 'font-size:10.0pt'>glob</span></span></p></td></tr> |
| 9432 | <tr> |
| 9433 | <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9434 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9435 | 'font-size:10.0pt'>implicit</span></span><span class= |
| 9436 | "Flag"><span style= |
| 9437 | 'font-size:10.0pt;font-family:"Times New Roman"'>,</span></span> |
| 9438 | <span class="Flag"><span style= |
| 9439 | 'font-size:10.0pt'>implied</span></span></p></td> |
| 9440 | <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9441 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9442 | 'font-size:10.0pt'>imp</span></span></p></td></tr> |
| 9443 | <tr> |
| 9444 | <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9445 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9446 | 'font-size:10.0pt'>iterator</span></span></p></td> |
| 9447 | <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9448 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9449 | 'font-size:10.0pt'>iter</span></span></p></td></tr> |
| 9450 | <tr> |
| 9451 | <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9452 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9453 | 'font-size:10.0pt'>length</span></span></p></td> |
| 9454 | <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9455 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9456 | 'font-size:10.0pt'>len</span></span></p></td></tr> |
| 9457 | <tr> |
| 9458 | <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9459 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9460 | 'font-size:10.0pt'>modifies</span></span></p></td> |
| 9461 | <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9462 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9463 | 'font-size:10.0pt'>mods</span></span></p></td></tr> |
| 9464 | <tr> |
| 9465 | <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9466 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9467 | 'font-size:10.0pt'>modify</span></span></p></td> |
| 9468 | <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9469 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9470 | 'font-size:10.0pt'>mod</span></span></p></td></tr> |
| 9471 | <tr> |
| 9472 | <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9473 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9474 | 'font-size:10.0pt'>memory</span></span></p></td> |
| 9475 | <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9476 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9477 | 'font-size:10.0pt'>mem</span></span></p></td></tr> |
| 9478 | <tr> |
| 9479 | <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9480 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9481 | 'font-size:10.0pt'>parameter</span></span></p></td> |
| 9482 | <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9483 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9484 | 'font-size:10.0pt'>param</span></span></p></td></tr> |
| 9485 | <tr> |
| 9486 | <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9487 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9488 | 'font-size:10.0pt'>pointer</span></span></p></td> |
| 9489 | <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9490 | <p class="TextFontCX" style='page-break-after: avoid'> |
| 9491 | <span class="Flag"><span style= |
| 9492 | 'font-size:10.0pt'>ptr</span></span></p></td></tr> |
| 9493 | <tr> |
| 9494 | <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9495 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9496 | 'font-size:10.0pt'>return</span></span></p></td> |
| 9497 | <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9498 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9499 | 'font-size:10.0pt'>ret</span></span></p></td></tr> |
| 9500 | <tr> |
| 9501 | <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9502 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9503 | 'font-size:10.0pt'>variable</span></span></p></td> |
| 9504 | <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9505 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9506 | 'font-size:10.0pt'>var</span></span></p></td></tr> |
| 9507 | <tr> |
| 9508 | <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9509 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9510 | 'font-size:10.0pt'>unconstrained, unconst</span></span></p></td> |
| 9511 | <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9512 | <p class="TextFontCX" style='page-break-after: avoid'> |
| 9513 | <span class="Flag"><span style= |
| 9514 | 'font-size:10.0pt'>uncon</span></span></p></td></tr></table> |
| 9515 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"> |
| 9516 | <tr> |
| 9517 | <td valign="top" style= |
| 9518 | 'padding-top:.1in;padding-right: 9.35pt;padding-bottom:.1in;padding-left:9.35pt'> |
| 9519 | <p class="MsoCaption"><a name="_Toc534824627"></a><a name= |
| 9520 | "_Ref534824456">Figure 25</a>. Flag Name |
| 9521 | Abbreviations</p></td></tr></table></center> |
| 9522 | <p class="beforelist">The expanded and short forms are |
| 9523 | interchangeable in flag names.</p> |
| 9524 | <p class="beforelist">For example, <span class= |
| 9525 | "Flag"><span style='font-size:10.0pt'>globsimpmodsnothing</span></span> |
| 9526 | and <span class="Flag"><span style= |
| 9527 | 'font-size:10.0pt'>globalsimpliesmodifiesnothing</span></span> |
| 9528 | denote the same flag. Abbreviations in flag names allow |
| 9529 | pronounceable, descriptive names to be used without making |
| 9530 | flag names excessively long (although one must admit even |
| 9531 | <span class="Flag"><span style= |
| 9532 | 'font-size:10.0pt'>globsimpmodsnothing</span></span> is a bit |
| 9533 | of a mouthful.)</p> |
| 9534 | <p class="TextFontCX">To make flag names more readable, the space, |
| 9535 | dash (<span class="Flag"><span style= |
| 9536 | 'font-size:10.0pt'>-</span></span>), and underscore |
| 9537 | (<span class="Flag"><span style= |
| 9538 | 'font-size:10.0pt'>_</span></span>) characters may be used |
| 9539 | inside a flag name. Hence, <span class= |
| 9540 | "Flag"><span style= |
| 9541 | 'font-size:10.0pt'>globals-implies-modifies-nothing</span></span>, |
| 9542 | <span class="Flag"><span style= |
| 9543 | 'font-size:10.0pt'>glob_imps_­mods­nothing</span></span> |
| 9544 | and <span class="Flag"><span style= |
| 9545 | 'font-size:10.0pt'>globsimpmodsnothing</span></span> are |
| 9546 | equivalent.</p> |
| 9547 | <p class="MsoHeading8" style='margin-left:0in;text-indent:0in'> |
| 9548 | <a name="_Toc534975040">Global Flags</a></p> |
| 9549 | <p class="TextFontCX">Global flags can be set at the command line |
| 9550 | or in an options file, but cannot be set locally using stylized |
| 9551 | comments. These flags control on-line help, initialization |
| 9552 | files, pre-processor flags, libraries and output.</p> |
| 9553 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 9554 | <a name="_Toc534975041">Help</a></p> |
| 9555 | <p class="beforelist">On-line help provides documentation on Splint |
| 9556 | operation and flags. When a help flag is used, no checking is |
| 9557 | done by Splint. Help flags may be preceded by |
| 9558 | <span class="Flag"><span style= |
| 9559 | 'font-size:10.0pt'>-</span></span> or <span class= |
| 9560 | "Flag"><span style='font-size:10.0pt'>+</span></span>.</p> |
| 9561 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9562 | 'font-size:10.0pt'>help</span></span></p> |
| 9563 | <p class="IndentText">Display general help overview, including list |
| 9564 | of additional help topics.</p> |
| 9565 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9566 | 'font-size:10.0pt'>help</span></span> <span class= |
| 9567 | "Flag"><span style= |
| 9568 | 'font-size:10.0pt'><topic></span></span></p> |
| 9569 | <p class="indentbefore">Display help on <i><topic></i>. |
| 9570 | Available topics:</p> |
| 9571 | <table class="MsoNormalTable" border="0" cellspacing="0" |
| 9572 | cellpadding="0" style= |
| 9573 | 'width:400.5pt;margin-left:27.9pt;border-collapse:collapse'> |
| 9574 | <tr> |
| 9575 | <td valign="top" style= |
| 9576 | 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9577 | <p class="TextFontCX" style='text-indent:5.4pt'><span class= |
| 9578 | "Flag"><span style= |
| 9579 | 'font-size:10.0pt'>annotations</span></span></p></td> |
| 9580 | <td valign="top" style= |
| 9581 | 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9582 | <p class="TextFontCX" align="left" style='text-align:left'>describe |
| 9583 | annotations</p></td></tr> |
| 9584 | <tr> |
| 9585 | <td valign="top" style= |
| 9586 | 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9587 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9588 | 'font-size:10.0pt'>comments</span></span></p></td> |
| 9589 | <td valign="top" style= |
| 9590 | 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9591 | <p class="TextFontCX" align="left" style='text-align:left'>describe |
| 9592 | control comments</p></td></tr> |
| 9593 | <tr> |
| 9594 | <td valign="top" style= |
| 9595 | 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9596 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9597 | 'font-size:10.0pt'>flags</span></span></p></td> |
| 9598 | <td valign="top" style= |
| 9599 | 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9600 | <p class="TextFontCX" align="left" style='text-align:left'>describe |
| 9601 | flag categories</p></td></tr> |
| 9602 | <tr> |
| 9603 | <td valign="top" style= |
| 9604 | 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9605 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9606 | 'font-size:10.0pt'>flags |
| 9607 | <i><category></i></span></span></p></td> |
| 9608 | <td valign="top" style= |
| 9609 | 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9610 | <p class="TextFontCX" align="left" style='text-align:left'>all |
| 9611 | flags pertaining to <category> (one of the categories listed |
| 9612 | by <span class="Flag"><span style='font-size:10.0pt'>splint -help |
| 9613 | flags</span></span>)</p></td></tr> |
| 9614 | <tr> |
| 9615 | <td valign="top" style= |
| 9616 | 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9617 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9618 | 'font-size:10.0pt'>flags alpha</span></span> |
| 9619 | </p></td> |
| 9620 | <td valign="top" style= |
| 9621 | 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9622 | <p class="TextFontCX" align="left" style='text-align:left'>all |
| 9623 | flags in alphabetical order</p></td></tr> |
| 9624 | <tr> |
| 9625 | <td valign="top" style= |
| 9626 | 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9627 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9628 | 'font-size:10.0pt'>flags full</span></span></p></td> |
| 9629 | <td valign="top" style= |
| 9630 | 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9631 | <p class="TextFontCX" align="left" style='text-align:left'>print a |
| 9632 | full description of all flags</p></td></tr> |
| 9633 | <tr> |
| 9634 | <td valign="top" style= |
| 9635 | 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9636 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9637 | 'font-size:10.0pt'>mail</span></span></p></td> |
| 9638 | <td valign="top" style= |
| 9639 | 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9640 | <p class="TextFontCX" align="left" style='text-align:left'>print |
| 9641 | information on mailing lists</p></td></tr> |
| 9642 | <tr> |
| 9643 | <td valign="top" style= |
| 9644 | 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9645 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9646 | 'font-size:10.0pt'>modes</span></span></p></td> |
| 9647 | <td valign="top" style= |
| 9648 | 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9649 | <p class="TextFontCX" align="left" style='text-align:left'>flags |
| 9650 | settings in modes</p></td></tr> |
| 9651 | <tr> |
| 9652 | <td valign="top" style= |
| 9653 | 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9654 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9655 | 'font-size:10.0pt'>prefixcodes</span></span></p></td> |
| 9656 | <td valign="top" style= |
| 9657 | 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9658 | <p class="TextFontCX" align="left" style='text-align:left'> |
| 9659 | character codes for setting namespace prefixes</p></td></tr> |
| 9660 | <tr> |
| 9661 | <td valign="top" style= |
| 9662 | 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9663 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9664 | 'font-size:10.0pt'>references</span></span></p></td> |
| 9665 | <td valign="top" style= |
| 9666 | 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9667 | <p class="TextFontCX" align="left" style='text-align:left'>print |
| 9668 | references to relevant papers and web sites</p></td></tr> |
| 9669 | <tr> |
| 9670 | <td valign="top" style= |
| 9671 | 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9672 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9673 | 'font-size:10.0pt'>vars</span></span></p></td> |
| 9674 | <td valign="top" style= |
| 9675 | 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9676 | <p class="TextFontCX" align="left" style='text-align:left'>describe |
| 9677 | environment variables</p></td></tr> |
| 9678 | <tr> |
| 9679 | <td valign="top" style= |
| 9680 | 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9681 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9682 | 'font-size:10.0pt'>version</span></span></p></td> |
| 9683 | <td valign="top" style= |
| 9684 | 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'> |
| 9685 | <p class="TextFontCX" align="left" style='text-align:left'>print |
| 9686 | maintainer and version information</p> |
| 9687 | <p class="TextFontCX" align="left" style='text-align:left'> |
| 9688 | </p></td></tr></table> |
| 9689 | <p class="afterlist"><span class="Flag"><span style= |
| 9690 | 'font-size:10.0pt'>help</span></span> <span class= |
| 9691 | "Flag"><span style= |
| 9692 | 'font-size:10.0pt'><flag></span></span></p> |
| 9693 | <p class="IndentText">Describe flag <i><flag></i>. (May |
| 9694 | list several flags.)</p> |
| 9695 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9696 | 'font-size:10.0pt'>warn-flags</span></span></p> |
| 9697 | <p class="IndentText">Display a warning when a flag is set in a |
| 9698 | surprising way. An error is reported if an obsolete flag is |
| 9699 | set, a flag is set to its current value (i.e., the |
| 9700 | <span class="Flag"><span style= |
| 9701 | 'font-size:10.0pt'>+</span></span> or <span class= |
| 9702 | "Flag"><span style='font-size:10.0pt'>-</span></span> may be |
| 9703 | wrong), or a mode selector flag is set after mode checking |
| 9704 | flags that will be reset by the mode were set. By |
| 9705 | default, <span class="Flag"><span style= |
| 9706 | 'font-size:10.0pt'>+warn-flags</span></span> is on. To |
| 9707 | suppress flag warnings, use <span class="Flag"><span style= |
| 9708 | 'font-size:10.0pt'>‑warn-flags</span></span>.</p> |
| 9709 | <div> |
| 9710 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 9711 | height="14" align="left"> |
| 9712 | <tr> |
| 9713 | <td valign="top" align="left" height="14" style= |
| 9714 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 9715 | <p class="TextFontCX" align="center" style= |
| 9716 | 'text-align:center;background:#CCCCCC'><span style= |
| 9717 | 'font-size:10.0pt'>P:</span> <span class= |
| 9718 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 9719 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9720 | 'font-size:10.0pt'>warn-rc</span></span></p> |
| 9721 | <p class="IndentText">There was a problem reading an initialization |
| 9722 | file.</p> |
| 9723 | <div> |
| 9724 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 9725 | height="14" align="left"> |
| 9726 | <tr> |
| 9727 | <td valign="top" align="left" height="14" style= |
| 9728 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 9729 | <p class="TextFontCX" align="center" style= |
| 9730 | 'text-align:center;background:#CCCCCC'><span style= |
| 9731 | 'font-size:10.0pt'>P:</span> <span class= |
| 9732 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 9733 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9734 | 'font-size:10.0pt'>bad-flag</span></span></p> |
| 9735 | <p class="IndentText">A flag is not recognized or used in an |
| 9736 | incorrect way.</p> |
| 9737 | <div> |
| 9738 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 9739 | height="14" align="left"> |
| 9740 | <tr> |
| 9741 | <td valign="top" align="left" height="14" style= |
| 9742 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 9743 | <p class="TextFontCX" align="center" style= |
| 9744 | 'text-align:center;background:#CCCCCC'><span style= |
| 9745 | 'font-size:10.0pt'>P:</span> <span class= |
| 9746 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 9747 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9748 | 'font-size:10.0pt'>fileextensions</span></span></p> |
| 9749 | <p class="IndentText">Warn when command line file does not have a |
| 9750 | recognized extension.</p> |
| 9751 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 9752 | <a name="_Toc534975042">Initialization</a></p> |
| 9753 | <p class="beforelist">These flags control directories and files |
| 9754 | used by Splint. They may be used from the command line or in |
| 9755 | an options file, but may not be used as control comments in the |
| 9756 | source code. Except where noted. they have the same meaning |
| 9757 | preceded by <span class="Flag"><span style= |
| 9758 | 'font-size:10.0pt'>-</span></span> or <span class= |
| 9759 | "Flag"><span style='font-size:10.0pt'>+</span></span>. </p> |
| 9760 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9761 | 'font-size:10.0pt'>tmpdir</span></span> <span class= |
| 9762 | "Flag"><span style= |
| 9763 | 'font-size:10.0pt'><i><directory></i></span></span></p> |
| 9764 | <p class="IndentText">Set directory for writing temp files. |
| 9765 | Default is <span class="ProgramNameChar"><span style= |
| 9766 | 'font-size:10.0pt'>/tmp/</span></span>.</p> |
| 9767 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9768 | 'font-size:10.0pt'>I<i><directory></i></span></span></p> |
| 9769 | <p class="IndentText">Add directory to path searched for C include |
| 9770 | files. Note there is no space after the <span class= |
| 9771 | "Flag"><span style='font-size:10.0pt'>I</span></span>, to be |
| 9772 | consistent with C preprocessor flags.</p> |
| 9773 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9774 | 'font-size:10.0pt'>S<i><directory></i></span></span></p> |
| 9775 | <p class="IndentText">Add directory to path search for |
| 9776 | <span class="ProgramNameChar"><span style= |
| 9777 | 'font-size:10.0pt'>.lcl</span></span> specification |
| 9778 | files.</p> |
| 9779 | <p class="IndentText"> </p> |
| 9780 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9781 | 'font-size:10.0pt'>larchpath</span></span> <span class= |
| 9782 | "Flag"><span style= |
| 9783 | 'font-size:10.0pt'><i><path></i></span></span></p> |
| 9784 | <p class="IndentText">Set path to search for library files. |
| 9785 | Overrides <span class="CodeText"><span style= |
| 9786 | 'font-size:10.0pt'>LARCH_PATH</span></span> environment |
| 9787 | variable.</p> |
| 9788 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9789 | 'font-size:10.0pt'>lclimportdir</span></span> <span class= |
| 9790 | "Flag"><span style= |
| 9791 | 'font-size:10.0pt'><i><directory></i></span></span></p> |
| 9792 | <p class="IndentText">Set directory to search for LCL import |
| 9793 | files. Overrides<span class="CodeText"><span style= |
| 9794 | 'font-size:10.0pt'>LCLIMPORTDIR</span></span> environment |
| 9795 | variable.</p> |
| 9796 | <p class="IndentText"> </p> |
| 9797 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9798 | 'font-size:10.0pt'>f</span></span> <span class= |
| 9799 | "Flag"><span style='font-size:10.0pt'><i><file></i></span></span></p> |
| 9800 | <p class="MsoNormal" style='margin-left:13.5pt'>Load options from |
| 9801 | <span class="Flag"><i><span style= |
| 9802 | 'font-size:10.0pt'><file></span></i></span>. If this |
| 9803 | flag is used from the command line, the default <span class= |
| 9804 | "FileNameChar"><span style= |
| 9805 | 'font-size:10.0pt'>~/.splintrc</span></span> file is not |
| 9806 | loaded. This flag may be used in an options file to include |
| 9807 | another options file.</p> |
| 9808 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9809 | 'font-size:10.0pt'>i</span></span> <span class= |
| 9810 | "Flag"><span style='font-size:10.0pt'><i><file></i></span></span></p> |
| 9811 | <p class="MsoNormal" style='margin-left:13.5pt'>Set LCL |
| 9812 | initilization file.</p> |
| 9813 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9814 | 'font-size:10.0pt'>nof</span></span></p> |
| 9815 | <p class="IndentText">Prevents the default options files |
| 9816 | (<span class="FileNameChar"><span style= |
| 9817 | 'font-size:10.0pt'>./.splintrc</span></span>and <span class= |
| 9818 | "FileNameChar"><span style= |
| 9819 | 'font-size:10.0pt'>~/.splintrc</span></span>) from being |
| 9820 | loaded. (Setting <span class="Flag"><span style= |
| 9821 | 'font-size:10.0pt'>-nof</span></span> overrides <span class= |
| 9822 | "Flag"><span style='font-size:10.0pt'>+nof</span></span>, causing |
| 9823 | the options files to be loaded normally.)</p> |
| 9824 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9825 | 'font-size:10.0pt'>sys-dirs</span></span></p> |
| 9826 | <p class="IndentText">Set directories for system files (default is |
| 9827 | <span class="FileNameChar"><span style= |
| 9828 | 'font-size:10.0pt'>/usr/</span></span>). Separate directories |
| 9829 | with the path separator for your operating system (e.g., |
| 9830 | semi-colons for Windows or colons for Unix: <span class= |
| 9831 | "FileNameChar"><span style= |
| 9832 | 'font-size:10.0pt'>/usr/include:/usr/local/lib</span></span>). |
| 9833 | Flag settings propagate to files in a system directory. If |
| 9834 | <span class="Flag"><span style= |
| 9835 | 'font-size:10.0pt'>-sys-dir-errors</span></span> is set, no errors |
| 9836 | are reported for files in system directories.</p> |
| 9837 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 9838 | <a name="_Toc534975043"></a><a name= |
| 9839 | "_Ref345883190">Pre-processor</a></p> |
| 9840 | |
| 9841 | <p class="beforelist">These flags are used to define or undefine |
| 9842 | pre-processor constants. The <span class= |
| 9843 | "Flag"><span style='font-size:10.0pt'>-I<i><directory></i></span></span> |
| 9844 | flag is also passed to the C pre-processor.</p> |
| 9845 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9846 | 'font-size:10.0pt'>D<initializer></span></span></p> |
| 9847 | <p class="IndentText">Passed to the C pre-processor.</p> |
| 9848 | |
| 9849 | <p class="FileName0" style='margin-left:0in'><span class= |
| 9850 | "Flag">U<initializer></span></p> |
| 9851 | <p class="IndentText">Passed to the C pre-processor.</p> |
| 9852 | |
| 9853 | <div> |
| 9854 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 9855 | height="14" align="left"> |
| 9856 | <tr> |
| 9857 | <td valign="top" align="left" height="14" style= |
| 9858 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 9859 | <p class="TextFontCX" align="center" style= |
| 9860 | 'text-align:center;background:#CCCCCC'><span style= |
| 9861 | 'font-size:10.0pt'>P:</span> <span class= |
| 9862 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 9863 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9864 | 'font-size:10.0pt'>unrecogdirective</span></span></p> |
| 9865 | <p class="IndentText">Preprocessor directive is not recognized. |
| 9866 | </p> |
| 9867 | |
| 9868 | <div> |
| 9869 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 9870 | height="14" align="left"> |
| 9871 | <tr> |
| 9872 | <td valign="top" align="left" height="14" style= |
| 9873 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 9874 | <p class="TextFontCX" align="center" style= |
| 9875 | 'text-align:center;background:#CCCCCC'><span style= |
| 9876 | 'font-size:10.0pt'>P:</span> <span class= |
| 9877 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 9878 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9879 | 'font-size:10.0pt'>preproc</span></span></p> |
| 9880 | <p class="IndentText">Preprocessing error. |
| 9881 | </p> |
| 9882 | |
| 9883 | |
| 9884 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 9885 | <a name="_Toc534975044">Libraries</a></p> |
| 9886 | <p class="beforelist">These flags control the creation and use of |
| 9887 | libraries.</p> |
| 9888 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9889 | 'font-size:10.0pt'>dump</span></span> <span class= |
| 9890 | "Flag"><span style= |
| 9891 | 'font-size:10.0pt'><i><file></i></span></span></p> |
| 9892 | <p class="IndentText">Save state in <span class= |
| 9893 | "Flag"><i><span style= |
| 9894 | 'font-size: 10.0pt'><file></span></i></span> for |
| 9895 | loading. The default extension <span class= |
| 9896 | "ProgramNameChar"><span style='font-size:10.0pt'>.lcd</span></span> |
| 9897 | is added if <span class="Flag"><i><span style= |
| 9898 | 'font-size:10.0pt'><file></span></i></span> has no |
| 9899 | extension.</p> |
| 9900 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9901 | 'font-size:10.0pt'>load</span></span><span class= |
| 9902 | "Flag"><span style='font-size:10.0pt'> <i><file></i></span></span></p> |
| 9903 | <p class="IndentText">Load state from <span class= |
| 9904 | "Flag"><i><span style= |
| 9905 | 'font-size: 10.0pt'><file></span></i></span> (created by |
| 9906 | <span class="Flag"><span style= |
| 9907 | 'font-size:10.0pt'>-dump</span></span>). The default |
| 9908 | extension <span class="FileNameChar"><span style= |
| 9909 | 'font-size:10.0pt'>.lcd</span></span> is added if |
| 9910 | <span class="Flag"><i><span style= |
| 9911 | 'font-size:10.0pt'><file></span></i></span> has no |
| 9912 | extension. Only one library file may be loaded.</p> |
| 9913 | <p class="betweenlists">By default, the standard library is loaded |
| 9914 | if the <span class="Flag"><span style= |
| 9915 | 'font-size:10.0pt'>-load</span></span> flag is not used to load a |
| 9916 | user library. If no user library is loaded, one of the |
| 9917 | following flags may be used to select a different standard |
| 9918 | library. Precede the flag by <span class= |
| 9919 | "Flag"><span style='font-size:10.0pt'>+</span></span> to load |
| 9920 | the described library (or to prevent a library from being |
| 9921 | loaded using <span class="Flag"><span style= |
| 9922 | 'font-size:10.0pt'>no-lib</span></span>). See Section 14.1 |
| 9923 | for information on the provided libraries.</p> |
| 9924 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9925 | 'font-size:10.0pt'>no-lib</span></span></p> |
| 9926 | <p class="IndentText">Do not load any library. This prevents |
| 9927 | the standard library from being loaded.</p> |
| 9928 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9929 | 'font-size:10.0pt'>ansi-lib</span></span></p> |
| 9930 | <p class="IndentText">Use the ANSI standard library (selected by |
| 9931 | default).</p> |
| 9932 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9933 | 'font-size:10.0pt'>strict-lib</span></span></p> |
| 9934 | <p class="IndentText">Use strict version of the ANSI standard |
| 9935 | library.</p> |
| 9936 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9937 | 'font-size:10.0pt'>posix-lib</span></span></p> |
| 9938 | <p class="IndentText">Use the POSIX standard library.</p> |
| 9939 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9940 | 'font-size:10.0pt'>posix-strict-lib</span></span></p> |
| 9941 | <p class="IndentText">Use the strict version of the POSIX standard |
| 9942 | library.</p> |
| 9943 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9944 | 'font-size:10.0pt'>unix-lib</span></span></p> |
| 9945 | <p class="IndentText">Use UNIX version of standard library.</p> |
| 9946 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9947 | 'font-size:10.0pt'>unix-strict-lib</span></span></p> |
| 9948 | <p class="IndentText">Use the strict version of the UNIX standard |
| 9949 | library.</p> |
| 9950 | <p class="IndentText"> </p> |
| 9951 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9952 | 'font-size:10.0pt'>which-lib</span></span></p> |
| 9953 | <p class="IndentText">Print out the standard library filename and |
| 9954 | creation information.</p> |
| 9955 | |
| 9956 | <div> |
| 9957 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 9958 | height="14" align="left"> |
| 9959 | <tr> |
| 9960 | <td valign="top" align="left" height="14" style= |
| 9961 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 9962 | <p class="TextFontCX" align="center" style= |
| 9963 | 'text-align:center;background:#CCCCCC'><span style= |
| 9964 | 'font-size:10.0pt'>P:</span> <span class= |
| 9965 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 9966 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9967 | 'font-size:10.0pt'>newdecl</span></span></p> |
| 9968 | <p class="IndentText">There is a new declaration that is not declared in a loaded library or |
| 9969 | earlier file. (Use this flag to check for consistency against a library.) |
| 9970 | </p> |
| 9971 | |
| 9972 | |
| 9973 | <div> |
| 9974 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 9975 | height="14" align="left"> |
| 9976 | <tr> |
| 9977 | <td valign="top" align="left" height="14" style= |
| 9978 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 9979 | <p class="TextFontCX" align="center" style= |
| 9980 | 'text-align:center;background:#CCCCCC'><span style= |
| 9981 | 'font-size:10.0pt'>P:</span> <span class= |
| 9982 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 9983 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9984 | 'font-size:10.0pt'>impconj</span></span></p> |
| 9985 | <p class="IndentText">Make all alternate types implicit (useful for making system libraries). |
| 9986 | </p> |
| 9987 | |
| 9988 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 9989 | <a name="_Toc534975045">Output</a></p> |
| 9990 | <p class="beforelist">These flags control what additional |
| 9991 | information Splint prints. Setting <span class= |
| 9992 | "Flag"><span style= |
| 9993 | 'font-size:10.0pt'>+<i><flag></i></span></span> causes the |
| 9994 | described information to be printed; setting <span class= |
| 9995 | "Flag"><span style= |
| 9996 | 'font-size:10.0pt'>-<i><flag></i></span></span> prevents |
| 9997 | it. By default, all these flags are off.</p> |
| 9998 | <p class="TextFontCX"><span class="Flag"><span style= |
| 9999 | 'font-size:10.0pt'>use-stderr</span></span></p> |
| 10000 | <p class="IndentText">Send error messages to standard error |
| 10001 | (instead of standard output).</p> |
| 10002 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10003 | 'font-size:10.0pt'>show-summary</span></span></p> |
| 10004 | <p class="IndentText">Show a summary of all errors reported and |
| 10005 | suppressed. Counts of suppressed errors are not necessarily |
| 10006 | correct since turning a flag off may prevent some checking from |
| 10007 | being done to save computation, and errors that are not reported |
| 10008 | may propagate differently from when they are reported.</p> |
| 10009 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10010 | 'font-size:10.0pt'>show-scan</span></span></p> |
| 10011 | <p class="IndentText">Show file names are they are processed.</p> |
| 10012 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10013 | 'font-size:10.0pt'>show-all-uses</span></span></p> |
| 10014 | <p class="IndentText">Show list of uses of all external identifiers |
| 10015 | sorted by number of uses.</p> |
| 10016 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10017 | 'font-size:10.0pt'>stats</span></span></p> |
| 10018 | <p class="IndentText">Display number of lines processed and |
| 10019 | checking time.</p> |
| 10020 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10021 | 'font-size:10.0pt'>time-dist</span></span></p> |
| 10022 | <p class="IndentText">Display distribution of where checking time |
| 10023 | is spent.</p> |
| 10024 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10025 | 'font-size:10.0pt'>quiet</span></span></p> |
| 10026 | <p class="IndentText">Suppress herald and error count. (If |
| 10027 | <span class="Flag"><span style= |
| 10028 | 'font-size:10.0pt'>quiet</span></span> is not set, Splint prints |
| 10029 | out a herald with version information before checking begins, and a |
| 10030 | line summarizing the total number of errors reported.)</p> |
| 36ba812d |
10031 | |
| 10032 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10033 | 'font-size:10.0pt'>iso-lib</span></span></p> |
| 10034 | <p class="IndentText">Use library based on the ISO standard library specification. |
| 10035 | </p> |
| 10036 | |
| 10037 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10038 | 'font-size:10.0pt'>warn-unix-lib</span></span></p> |
| 10039 | <p class="IndentText"> |
| 10040 | Warn when the unix library is used. Unix library may not be compatible with all platforms. |
| 10041 | </p> |
| 10042 | |
| 9645dee1 |
10043 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10044 | 'font-size:10.0pt'>which-lib</span></span></p> |
| 10045 | <p class="IndentText">Print out the standard library filename and |
| 10046 | creation information.</p> |
| 36ba812d |
10047 | |
| 10048 | |
| 10049 | |
| 10050 | |
| 9645dee1 |
10051 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10052 | 'font-size:10.0pt'>limit</span></span> <span class= |
| 10053 | "Flag"><span style= |
| 10054 | 'font-size:10.0pt'><i><number></i></span></span></p> |
| 10055 | <p class="IndentText">At most <span class= |
| 10056 | "Flag"><i><span style='font-size:10.0pt'><number></span></i></span> |
| 10057 | similar errors are reported consecutively. Further |
| 10058 | errors are suppressed, and a message showing the number of |
| 10059 | suppressed messages is printed.</p> |
| 36ba812d |
10060 | |
| 10061 | |
| 10062 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10063 | 'font-size:10.0pt'>message-stream</span></span> <span class= |
| 10064 | "Flag"><span style= |
| 10065 | 'font-size:10.0pt'><i><file></i></span></span></p> |
| 10066 | <p class="IndentText"> |
| 10067 | Send status messages to <i><span style='font-size:10.0pt'><file></span></i>. |
| 10068 | </p> |
| 10069 | |
| 10070 | |
| 10071 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10072 | 'font-size:10.0pt'>message-stream-stdout</span></span> <span class= |
| 10073 | "Flag"><span style= |
| 10074 | 'font-size:10.0pt'></span></span></p> |
| 10075 | <p class="IndentText"> |
| 10076 | Send status messages to standard output stream. |
| 10077 | </p> |
| 10078 | |
| 10079 | |
| 10080 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10081 | 'font-size:10.0pt'>message-stream-stderr</span></span> <span class= |
| 10082 | "Flag"><span style= |
| 10083 | 'font-size:10.0pt'></span></span></p> |
| 10084 | <p class="IndentText"> |
| 10085 | Send status messages to standard error stream. |
| 10086 | </p> |
| 10087 | |
| 10088 | |
| 10089 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10090 | 'font-size:10.0pt'>warning-stream</span></span> <span class= |
| 10091 | "Flag"><span style= |
| 10092 | 'font-size:10.0pt'><i><file></i></span></span></p> |
| 10093 | <p class="IndentText"> |
| 10094 | Send warnings to <i><span style='font-size:10.0pt'><file></span></i>. |
| 10095 | </p> |
| 10096 | |
| 10097 | |
| 10098 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10099 | 'font-size:10.0pt'>warning-stream-stdout</span></span> <span class= |
| 10100 | "Flag"><span style= |
| 10101 | 'font-size:10.0pt'></span></span></p> |
| 10102 | <p class="IndentText"> |
| 10103 | Send warnings to standard output stream. |
| 10104 | </p> |
| 10105 | |
| 10106 | |
| 10107 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10108 | 'font-size:10.0pt'>warning-stream-stderr</span></span> <span class= |
| 10109 | "Flag"><span style= |
| 10110 | 'font-size:10.0pt'></span></span></p> |
| 10111 | <p class="IndentText"> |
| 10112 | Send warnings to standard error stream. |
| 10113 | </p> |
| 10114 | |
| 10115 | |
| 10116 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10117 | 'font-size:10.0pt'>error-stream</span></span> <span class= |
| 10118 | "Flag"><span style= |
| 10119 | 'font-size:10.0pt'><i><file></i></span></span></p> |
| 10120 | <p class="IndentText"> |
| 10121 | Send fatal errors to <i><span style='font-size:10.0pt'><file></span></i>. |
| 10122 | </p> |
| 10123 | |
| 10124 | |
| 10125 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10126 | 'font-size:10.0pt'>error-stream-stdout</span></span> <span class= |
| 10127 | "Flag"><span style= |
| 10128 | 'font-size:10.0pt'></span></span></p> |
| 10129 | <p class="IndentText"> |
| 10130 | Send fatal errors to standard output stream. |
| 10131 | </p> |
| 10132 | |
| 10133 | |
| 10134 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10135 | 'font-size:10.0pt'>error-stream-stderr</span></span> <span class= |
| 10136 | "Flag"><span style= |
| 10137 | 'font-size:10.0pt'></span></span></p> |
| 10138 | <p class="IndentText"> |
| 10139 | Send fatal errors to standard error stream. |
| 10140 | </p> |
| 10141 | |
| 04c4d6c2 |
10142 | |
| 9645dee1 |
10143 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 10144 | <a name="_Toc534975046">Expected Errors</a></p> |
| 10145 | <p class="beforelist">Normally, Splint will expect to report no |
| 10146 | errors. The exit status will be success (<span class= |
| 10147 | "Keyword"><span style='font-size:10.0pt'>0</span></span>) if no |
| 10148 | errors are reported, and failure if any errors are reported. |
| 10149 | Flags can be used to set the expected number of reported |
| 10150 | errors. Because of the provided error suppression mechanisms, |
| 10151 | these options should probably not be used for final checking real |
| 10152 | programs but may be useful in developing programs using make.</p> |
| 10153 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10154 | 'font-size:10.0pt'>expect</span></span> <span class= |
| 10155 | "Flag"><span style= |
| 10156 | 'font-size:10.0pt'><i><number></i></span></span></p> |
| 10157 | <p class="IndentText">Exactly <span class= |
| 10158 | "Flag"><i><span style='font-size:10.0pt'><number></span></i></span> |
| 10159 | code errors are expected. Splint will exit with failure |
| 10160 | exit status unless <span class="Flag"><i><span style= |
| 10161 | 'font-size:10.0pt'><number></span></i></span> code |
| 10162 | errors are detected.</p> |
| 10163 | <p class="MsoHeading8" style='margin-left:0in;text-indent:0in'> |
| 10164 | <a name="_Toc534975047">Message Format</a></p> |
| 10165 | <p class="beforelist">These flags control how messages are |
| 10166 | printed. They may be set at the command line, in options |
| 10167 | files, or locally in syntactic comments. The |
| 10168 | <span class="Flag"><span style= |
| 10169 | 'font-size:10.0pt'>line-len</span></span> and <span class= |
| 10170 | "Flag"><span style='font-size:10.0pt'>limit</span></span> |
| 10171 | flags may be preceded by <span class="Flag"><span style= |
| 10172 | 'font-size:10.0pt'>+</span></span> or <span class= |
| 10173 | "Flag"><span style='font-size:10.0pt'>-</span></span> with |
| 10174 | the same meaning; for the other flags, <span class= |
| 10175 | "Flag"><span style='font-size: 10.0pt'>+</span></span> turns |
| 10176 | on the describe printing and <span class="Flag"><span style= |
| 10177 | 'font-size:10.0pt'>-</span></span> turns it off. The |
| 10178 | box to the left of each flag gives its default value.</p> |
| 10179 | <div> |
| 10180 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10181 | height="14" align="left"> |
| 10182 | <tr> |
| 10183 | <td valign="top" align="left" height="14" style= |
| 10184 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10185 | <p class="TextFontCX" align="center" style= |
| 10186 | 'text-align:center;background:#CCCCCC'><span class= |
| 10187 | "Flag"><span style= |
| 10188 | 'font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 10189 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10190 | 'font-size:10.0pt'>show-column</span></span></p> |
| 10191 | <p class="IndentText">Show column number where error is found.</p> |
| 10192 | <div> |
| 10193 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10194 | height="14" align="left"> |
| 10195 | <tr> |
| 10196 | <td valign="top" align="left" height="14" style= |
| 10197 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10198 | <p class="TextFontCX" align="center" style= |
| 10199 | 'text-align:center;background:#CCCCCC'><span class= |
| 10200 | "Flag"><span style= |
| 10201 | 'font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 10202 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10203 | 'font-size:10.0pt'>show-func</span></span></p> |
| 10204 | <p class="IndentText">Show name of function (or macro) definition |
| 10205 | containing error. The function name is printed once before |
| 10206 | the first message detected in that function.</p> |
| 10207 | <div> |
| 10208 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10209 | height="14" align="left"> |
| 10210 | <tr> |
| 10211 | <td valign="top" align="left" height="14" style= |
| 10212 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10213 | <p class="TextFontCX" align="center" style= |
| 10214 | 'text-align:center;background:#CCCCCC'><span class= |
| 10215 | "Flag"><span style= |
| 10216 | 'font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 10217 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10218 | 'font-size:10.0pt'>show-all-conjs</span></span></p> |
| 10219 | <p class="IndentText">Show all possible alternate types (see |
| 10220 | Section 4.4).</p> |
| 10221 | <div> |
| 10222 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10223 | height="14" align="left"> |
| 10224 | <tr> |
| 10225 | <td valign="top" align="left" height="14" style= |
| 10226 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10227 | <p class="TextFontCX" align="center" style= |
| 10228 | 'text-align:center;background:#CCCCCC'><span class= |
| 10229 | "Flag"><span style= |
| 10230 | 'font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 10231 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10232 | 'font-size:10.0pt'>paren-file-format</span></span></p> |
| 10233 | <p class="IndentText">Use <span class="Flag"><i><span style= |
| 10234 | 'font-size:10.0pt'><file></span></i></span><span class= |
| 10235 | "CodeText"><span style= |
| 10236 | 'font-size:10.0pt'>(</span></span><span class= |
| 10237 | "Flag"><i><span style='font-size:10.0pt'><line></span></i></span><span class="CodeText"> |
| 10238 | <span style='font-size:10.0pt'>)</span></span> format in |
| 10239 | messages. (Default is + for Win32 for compatibility with |
| 10240 | Microsoft VisualStudio.)</p> |
| 10241 | <div> |
| 10242 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10243 | height="14" align="left"> |
| 10244 | <tr> |
| 10245 | <td valign="top" align="left" height="14" style= |
| 10246 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10247 | <p class="TextFontCX" align="center" style= |
| 10248 | 'text-align:center;background:#CCCCCC'><span class= |
| 10249 | "Flag"><span style= |
| 10250 | 'font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 10251 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10252 | 'font-size:10.0pt'>hints</span></span></p> |
| 10253 | <p class="IndentText">Provide hints describing an error and how a |
| 10254 | message may be suppressed for the first error reported in each |
| 10255 | error class.</p> |
| 10256 | <div> |
| 10257 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10258 | height="14" align="left"> |
| 10259 | <tr> |
| 10260 | <td valign="top" align="left" height="14" style= |
| 10261 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10262 | <p class="TextFontCX" align="center" style= |
| 10263 | 'text-align:center;background:#CCCCCC'><span class= |
| 10264 | "Flag"><span style= |
| 10265 | 'font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 10266 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10267 | 'font-size:10.0pt'>force-hints</span></span></p> |
| 10268 | <p class="IndentText">Provide hints for all errors reported, even |
| 10269 | if the hint has already been displayed for the same error |
| 10270 | class.</p> |
| 10271 | <div> |
| 10272 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10273 | height="14" align="left"> |
| 10274 | <tr> |
| 10275 | <td valign="top" align="left" height="14" style= |
| 10276 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10277 | <p class="TextFontCX" align="center" style= |
| 10278 | 'text-align:center;background:#CCCCCC'><span class= |
| 10279 | "Flag"><span style= |
| 10280 | 'font-size:10.0pt'>80</span></span></p></td></tr></table></div> |
| 10281 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10282 | 'font-size:10.0pt'>line-len</span></span> <span class= |
| 10283 | "Flag"><span style= |
| 10284 | 'font-size:10.0pt'><i><number></i></span></span></p> |
| 10285 | <p class="IndentText">Set length of maximum message line to |
| 10286 | <span class="Flag"><i><span style= |
| 10287 | 'font-size:10.0pt'><number></span></i></span> |
| 10288 | characters. Splint will split messages longer than |
| 10289 | <span class="Flag"><i><span style= |
| 10290 | 'font-size: 10.0pt'><number></span></i></span> characters |
| 10291 | long into multiple lines.</p> |
| 10292 | |
| 10293 | <div> |
| 10294 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10295 | height="14" align="left"> |
| 10296 | <tr> |
| 10297 | <td valign="top" align="left" height="14" style= |
| 10298 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10299 | <p class="TextFontCX" align="center" style= |
| 10300 | 'text-align:center;background:#CCCCCC'><span class= |
| 10301 | "Flag"><span style= |
| 10302 | 'font-size:10.0pt'>3</span></span></p></td></tr></table></div> |
| 10303 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10304 | 'font-size:10.0pt'>indentspaces</span></span> <span class= |
| 10305 | "Flag"><span style= |
| 10306 | 'font-size:10.0pt'><i><number></i></span></span></p> |
| 10307 | <p class="IndentText"> |
| 10308 | Set the number of spaces to indent sub-messages. |
| 10309 | </p> |
| 36ba812d |
10310 | |
| 10311 | |
| 10312 | <div> |
| 10313 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10314 | height="14" align="left"> |
| 10315 | <tr> |
| 10316 | <td valign="top" align="left" height="14" style= |
| 10317 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10318 | <p class="TextFontCX" align="center" style= |
| 10319 | 'text-align:center;background:#CCCCCC'><span class= |
| 10320 | "Flag"><span style= |
| 10321 | 'font-size:10.0pt'>3</span></span></p></td></tr></table></div> |
| 10322 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10323 | 'font-size:10.0pt'>locindentspaces</span></span> <span class= |
| 10324 | "Flag"><span style= |
| 10325 | 'font-size:10.0pt'><i><number></i></span></span></p> |
| 10326 | <p class="IndentText"> |
| 10327 | Set number of spaces to indent sub-messages that start with file locations. |
| 10328 | </p> |
| 10329 | |
| 10330 | |
| 10331 | |
| 10332 | <div> |
| 10333 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10334 | height="14" align="left"> |
| 10335 | <tr> |
| 10336 | <td valign="top" align="left" height="14" style= |
| 10337 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10338 | <p class="TextFontCX" align="center" style= |
| 10339 | 'text-align:center;background:#CCCCCC'><span class= |
| 10340 | "Flag"><span style= |
| 10341 | 'font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 10342 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10343 | 'font-size:10.0pt'>showdeephistory</span></span> <span class= |
| 10344 | "Flag"><span style= |
| 10345 | 'font-size:10.0pt'></span></span></p> |
| 10346 | <p class="IndentText"> |
| 10347 | Show all available information about storage mentioned in warnings. |
| 10348 | </p> |
| 10349 | |
| 10350 | <div> |
| 10351 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10352 | height="14" align="left"> |
| 10353 | <tr> |
| 10354 | <td valign="top" align="left" height="14" style= |
| 10355 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10356 | <p class="TextFontCX" align="center" style= |
| 10357 | 'text-align:center;background:#CCCCCC'><span class= |
| 10358 | "Flag"><span style= |
| 10359 | 'font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 10360 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10361 | 'font-size:10.0pt'>showloadloc</span></span> <span class= |
| 10362 | "Flag"><span style= |
| 10363 | 'font-size:10.0pt'></span></span></p> |
| 10364 | <p class="IndentText"> |
| 10365 | Show location information for load files. |
| 10366 | </p> |
| 10367 | |
| 10368 | |
| 10369 | <div> |
| 10370 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10371 | height="14" align="left"> |
| 10372 | <tr> |
| 10373 | <td valign="top" align="left" height="14" style= |
| 10374 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10375 | <p class="TextFontCX" align="center" style= |
| 10376 | 'text-align:center;background:#CCCCCC'><span class= |
| 10377 | "Flag"><span style= |
| 10378 | 'font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 10379 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10380 | 'font-size:10.0pt'>csv</span></span> <span class= |
| 10381 | "Flag"><span style= |
| 10382 | 'font-size:10.0pt'></span></span></p> |
| 10383 | <p class="IndentText"> |
| 10384 | Produce comma-separated values (CSV) warnings output file. |
| 10385 | </p> |
| 10386 | |
| 10387 | |
| 10388 | <div> |
| 10389 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10390 | height="14" align="left"> |
| 10391 | <tr> |
| 10392 | <td valign="top" align="left" height="14" style= |
| 10393 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10394 | <p class="TextFontCX" align="center" style= |
| 10395 | 'text-align:center;background:#CCCCCC'><span class= |
| 10396 | "Flag"><span style= |
| 10397 | 'font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 10398 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10399 | 'font-size:10.0pt'>csvoverwrite</span></span> <span class= |
| 10400 | "Flag"><span style= |
| 10401 | 'font-size:10.0pt'></span></span></p> |
| 10402 | <p class="IndentText"> |
| 10403 | Overwrite exisiting CVS output file Show location information for load files. |
| 10404 | </p> |
| 10405 | |
| 10406 | |
| 10407 | <div> |
| 10408 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10409 | height="14" align="left"> |
| 10410 | <tr> |
| 10411 | <td valign="top" align="left" height="14" style= |
| 10412 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10413 | <p class="TextFontCX" align="center" style= |
| 10414 | 'text-align:center;background:#CCCCCC'><span class= |
| 10415 | "Flag"><span style= |
| 10416 | 'font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 10417 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10418 | 'font-size:10.0pt'>htmlfileformat</span></span> <span class= |
| 10419 | "Flag"><span style= |
| 10420 | 'font-size:10.0pt'></span></span></p> |
| 10421 | <p class="IndentText"> |
| 10422 | Show file locations as links. |
| 10423 | </p> |
| 10424 | |
| 10425 | |
| 10426 | <div> |
| 10427 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10428 | height="14" align="left"> |
| 10429 | <tr> |
| 10430 | <td valign="top" align="left" height="14" style= |
| 10431 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10432 | <p class="TextFontCX" align="center" style= |
| 10433 | 'text-align:center;background:#CCCCCC'><span class= |
| 10434 | "Flag"><span style= |
| 10435 | 'font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 10436 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10437 | 'font-size:10.0pt'>streamoverwrite</span></span> <span class= |
| 10438 | "Flag"><span style= |
| 10439 | 'font-size:10.0pt'></span></span></p> |
| 10440 | <p class="IndentText"> |
| 10441 | Warn and exit if a stream output file would overwrite an existing file. |
| 10442 | </p> |
| 10443 | |
| 10444 | |
| 9645dee1 |
10445 | <p class="MsoHeading8" style='margin-left:0in;text-indent:0in'> |
| 10446 | <a name="_Toc534975048">Mode Selector Flags</a></p> |
| 10447 | <p class="TextFontCX">Mode selects flags set the mode checking |
| 10448 | flags to predefined values. They provide a quick coarse-grain |
| 10449 | way of controlling what classes of errors are reported. Specific |
| 10450 | checking flags may be set after a mode flag to override the mode |
| 10451 | settings. Mode flags may be used locally, however the mode |
| 10452 | settings will override specific command line flag settings. A |
| 10453 | warning is produced if a mode flag is used after a mode checking |
| 10454 | flag has been set.</p> |
| 10455 | <p class="TextFontCX"> </p> |
| 10456 | <p class="beforelist">These are brief descriptions to give a |
| 10457 | general idea of what each mode does. To see the complete flag |
| 10458 | settings in each mode, use <span class="Flag"><span style= |
| 10459 | 'font-size:10.0pt'>splint -help modes</span></span>. A mode flag |
| 10460 | has the same effect when used with either <span class= |
| 10461 | "Flag"><span style='font-size:10.0pt'>+</span></span> or |
| 10462 | <span class="Flag"><span style= |
| 10463 | 'font-size:10.0pt'>-</span></span>.</p> |
| 10464 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10465 | 'font-size:10.0pt'>weak</span></span></p> |
| 10466 | <p class="IndentText">Weak checking, intended for typical |
| 10467 | unannotated C code. No modifies checking, macro checking, rep |
| 10468 | exposure, or clean interface checking is done. Return values |
| 10469 | of type <span class="CodeText"><span style= |
| 10470 | 'font-size:10.0pt'>int</span></span> may be ignored. The |
| 10471 | types <span class="CodeText"><span style= |
| 10472 | 'font-size:10.0pt'>bool</span></span>, <span class= |
| 10473 | "CodeText"><span style='font-size:10.0pt'>int</span></span>, |
| 10474 | <span class="CodeText"><span style= |
| 10475 | 'font-size:10.0pt'>char</span></span> and user-defined |
| 10476 | <span class="CodeText"><span style= |
| 10477 | 'font-size:10.0pt'>enum</span></span> types are all |
| 10478 | equivalent. Old style declarations are unreported.</p> |
| 10479 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10480 | 'font-size:10.0pt'>standard</span></span></p> |
| 10481 | <p class="IndentText">The default mode. All checking done by |
| 10482 | <span class="Flag"><span style= |
| 10483 | 'font-size:10.0pt'>weak</span></span>, plus modifies checking, |
| 10484 | global, alias checking, use all parameters, using released storage, |
| 10485 | ignored return values or any type, macro checking, unreachable |
| 10486 | code, infinite loops, and fall through cases. The types |
| 10487 | <span class="CodeText"><span style= |
| 10488 | 'font-size:10.0pt'>bool</span></span>, <span class= |
| 10489 | "CodeText"><span style='font-size:10.0pt'>int</span></span> and |
| 10490 | <span class="CodeText"><span style= |
| 10491 | 'font-size:10.0pt'>char</span></span> are distinct. Old style |
| 10492 | declarations are reported.</p> |
| 10493 | <p class="TextFontCX"> <span class="Flag"><span style= |
| 10494 | 'font-size:10.0pt'>checks</span></span></p> |
| 10495 | <p class="IndentText">Moderately strict checking. All |
| 10496 | checking done by <span class="Flag"><span style= |
| 10497 | 'font-size:10.0pt'>standard</span></span>, plus must modification |
| 10498 | checking, rep exposure, return alias, memory management and |
| 10499 | complete interfaces.</p> |
| 10500 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10501 | 'font-size:10.0pt'>strict</span></span></p> |
| 10502 | <p class="IndentText">Absurdly strict checking. All checking |
| 10503 | done by <span class="Flag"><span style= |
| 10504 | 'font-size:10.0pt'>checks</span></span>, plus modifications and |
| 10505 | global variables used in unspecified functions, strict standard |
| 10506 | library, and strict typing of C operators. A special reward will be |
| 10507 | presented to the first person to produce a real program that |
| 10508 | produces no errors with <span class="Flag"><span style= |
| 10509 | 'font-size:10.0pt'>strict</span></span> checking.</p> |
| 10510 | <p class="MsoHeading8" style='margin-left:0in;text-indent:0in'> |
| 10511 | <a name="_Ref344798116"></a><a name="_Toc534975049">Checking |
| 10512 | Flags</a></p> |
| 10513 | <p class="TextFontCX">These flags control checking done by |
| 10514 | Splint. They may be set locally using syntactic comments, |
| 10515 | from the command line, or in an options file. Some flags |
| 10516 | directly control whether a certain class of message is |
| 10517 | reported. Preceding the flag by <span class= |
| 10518 | "Flag"><span style='font-size:10.0pt'>+</span></span> turns |
| 10519 | reporting on, and preceding the flag by <span class= |
| 10520 | "Flag"><span style='font-size:10.0pt'>-</span></span> turns |
| 10521 | reporting off. Other flags control checking less directly by |
| 10522 | determining default values (what annotations are implicit), making |
| 10523 | types equivalent (to prevent certain type errors), controlling |
| 10524 | representation access, etc. For these flags, the effect of |
| 10525 | <span class="Flag"><span style='font-size:10.0pt'>+</span></span> |
| 10526 | is described, and the effect of <span class= |
| 10527 | "Flag"><span style='font-size:10.0pt'>-</span></span> is the |
| 10528 | opposite (or explicitly explained if there is no clear |
| 10529 | opposite). The organization of this section mirrors |
| 10530 | Sections 2-14.</p> |
| 10531 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 10532 | <a name="_Toc534975051"></a> |
| 10533 | <a name="_Toc534975056">Null |
| 10534 | Dereferences</a> <span class="TextFontCXChar"><span style= |
| 10535 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 10536 | 2)</span></span></p> |
| 10537 | |
| 10538 | <div> |
| 10539 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10540 | height="14" align="left"> |
| 10541 | <tr> |
| 10542 | <td valign="top" align="left" height="14" style= |
| 10543 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10544 | <p class="TextFontCX" align="center" style= |
| 10545 | 'text-align:center;background:#CCCCCC'><span style= |
| 10546 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 10547 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10548 | 'font-size:10.0pt'>null</span></span></p> |
| 10549 | <p class="IndentText">A possibly null pointer may be dereferenced, |
| 10550 | or used somewhere a non-null pointer is expected. (sets nulldref, nullpass, nullassign, and nullstate</p> |
| 10551 | |
| 10552 | <div> |
| 10553 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10554 | height="14" align="left"> |
| 10555 | <tr> |
| 10556 | <td valign="top" align="left" height="14" style= |
| 10557 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10558 | <p class="TextFontCX" align="center" style= |
| 10559 | 'text-align:center;background:#CCCCCC'><span style= |
| 10560 | 'font-size:10.0pt'>m:</span><span class= |
| 10561 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 10562 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10563 | 'font-size:10.0pt'> |
| 10564 | nullderef</span> |
| 10565 | </span></p> |
| 10566 | <p class="IndentText">A possibly null pointer is dereferenced. Value is either the result of a function which may return null (in which case, |
| 10567 | code should check it is not null), or a global, parameter or structure field declared with the null qualifier. |
| 10568 | </P> |
| 10569 | |
| 10570 | |
| 10571 | |
| 10572 | <div> |
| 10573 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10574 | height="14" align="left"> |
| 10575 | <tr> |
| 10576 | <td valign="top" align="left" height="14" style= |
| 10577 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10578 | <p class="TextFontCX" align="center" style= |
| 10579 | 'text-align:center;background:#CCCCCC'><span style= |
| 10580 | 'font-size:10.0pt'>m:</span><span class= |
| 10581 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 10582 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10583 | 'font-size:10.0pt'> |
| 10584 | nullpass</span> |
| 10585 | </span></p> |
| 10586 | <p class="IndentText"> |
| 10587 | A possibly null pointer is passed as a parameter corresponding to a formal parameter with no /*@null@*/ annotation. If NULL may be |
| 10588 | used for this parameter, add a /*@null@*/ annotation to the function parameter declaration. |
| 10589 | </p> |
| 10590 | <div> |
| 10591 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10592 | height="14" align="left"> |
| 10593 | <tr> |
| 10594 | <td valign="top" align="left" height="14" style= |
| 10595 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10596 | <p class="TextFontCX" align="center" style= |
| 10597 | 'text-align:center;background:#CCCCCC'><span style= |
| 10598 | 'font-size:10.0pt'>m:</span><span class= |
| 10599 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 10600 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10601 | 'font-size:10.0pt'> |
| 10602 | nullret</span> |
| 10603 | </span></p> |
| 10604 | <p class="IndentText"> |
| 10605 | Function returns a possibly null pointer, but is not declared using /*@null@*/ annotation of result. If function may return NULL, add /*@null@*/ annotation to the return value declaration. |
| 10606 | </P> |
| 10607 | |
| 10608 | <div> |
| 10609 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10610 | height="14" align="left"> |
| 10611 | <tr> |
| 10612 | <td valign="top" align="left" height="14" style= |
| 10613 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10614 | <p class="TextFontCX" align="center" style= |
| 10615 | 'text-align:center;background:#CCCCCC'><span style= |
| 10616 | 'font-size:10.0pt'>m:</span><span class= |
| 10617 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 10618 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10619 | 'font-size:10.0pt'> |
| 10620 | nullstate</span> |
| 10621 | </span></p> |
| 10622 | <p class="IndentText"> |
| 10623 | A possibly null pointer is reachable from a parameter or global variable that is not declared using a /*@null@*/ annotation. |
| 10624 | </P> |
| 10625 | |
| 10626 | |
| 10627 | <div> |
| 10628 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10629 | height="14" align="left"> |
| 10630 | <tr> |
| 10631 | <td valign="top" align="left" height="14" style= |
| 10632 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10633 | <p class="TextFontCX" align="center" style= |
| 10634 | 'text-align:center;background:#CCCCCC'><span style= |
| 10635 | 'font-size:10.0pt'>m:</span><span class= |
| 10636 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 10637 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10638 | 'font-size:10.0pt'> |
| 10639 | nullassign</span> |
| 10640 | </span></p> |
| 10641 | <p class="IndentText"> |
| 10642 | A reference with no null annotation is assigned or initialized to NULL. Use /*@null@*/ to declare the reference as a possibly null pointer. |
| 10643 | </P> |
| 10644 | |
| 10645 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 10646 | <a name="_Toc534975055">Use Before Definition</a> |
| 10647 | <span class="TextFontCXChar"><span style= |
| 10648 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 10649 | 3)</span></span></p> |
| 10650 | <div> |
| 10651 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10652 | height="14" align="left"> |
| 10653 | <tr> |
| 10654 | <td valign="top" align="left" height="14" style= |
| 10655 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10656 | <p class="TextFontCX" align="center" style= |
| 10657 | 'text-align:center;background:#CCCCCC'><span style= |
| 10658 | 'font-size:10.0pt'>m:</span><span class= |
| 10659 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 10660 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10661 | 'font-size:10.0pt'>usedef</span></span></p> |
| 10662 | <p class="IndentText">The value of a location that may not be |
| 10663 | initialized on some execution path is used.</p> |
| 10664 | <div> |
| 10665 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10666 | height="14" align="left"> |
| 10667 | <tr> |
| 10668 | <td valign="top" align="left" height="14" style= |
| 10669 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10670 | <p class="TextFontCX" align="center" style= |
| 10671 | 'text-align:center;background:#CCCCCC'><span style= |
| 10672 | 'font-size:10.0pt'>m:</span><span class= |
| 10673 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 10674 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10675 | 'font-size:10.0pt'>impouts</span></span></p> |
| 10676 | <p class="IndentText">Allow unannotated pointer parameters to |
| 10677 | functions to be implicit out parameters.</p> |
| 10678 | <div> |
| 10679 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10680 | height="14" align="left"> |
| 10681 | <tr> |
| 10682 | <td valign="top" align="left" height="14" style= |
| 10683 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10684 | <p class="TextFontCX" align="center" style= |
| 10685 | 'text-align:center;background:#CCCCCC'><span style= |
| 10686 | 'font-size:10.0pt'>m:</span><span class= |
| 10687 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 10688 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10689 | 'font-size:10.0pt'>compdef</span></span></p> |
| 10690 | <p class="IndentText">Storage derivable from a parameter, return |
| 10691 | value or global variable is not completely defined.</p> |
| 10692 | <div> |
| 10693 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10694 | height="14" align="left"> |
| 10695 | <tr> |
| 10696 | <td valign="top" align="left" height="14" style= |
| 10697 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10698 | <p class="TextFontCX" align="center" style= |
| 10699 | 'text-align:center;background:#CCCCCC'><span style= |
| 10700 | 'font-size:10.0pt'>m:</span><span class= |
| 10701 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 10702 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10703 | 'font-size:10.0pt'>uniondef</span></span></p> |
| 10704 | <p class="IndentText">No field of a union is defined. (No |
| 10705 | error is reported if at least one union field is defined.)</p> |
| 10706 | <div> |
| 10707 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10708 | height="14" align="left"> |
| 10709 | <tr> |
| 10710 | <td valign="top" align="left" height="14" style= |
| 10711 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10712 | <p class="TextFontCX" align="center" style= |
| 10713 | 'text-align:center;background:#CCCCCC'><span style= |
| 10714 | 'font-size:10.0pt'>m:</span><span class= |
| 10715 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 10716 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10717 | 'font-size:10.0pt'>mustdefine</span></span></p> |
| 10718 | <p class="IndentText">Parameter declared with <span class= |
| 10719 | "Keyword"><span style='font-size:10.0pt'>out</span></span> is not |
| 10720 | defined before return or scope exit.</p> |
| 10721 | |
| 10722 | |
| 10723 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 10724 | |
| 10725 | <div> |
| 10726 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10727 | height="14" align="left"> |
| 10728 | <tr> |
| 10729 | <td valign="top" align="left" height="14" style= |
| 10730 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10731 | <p class="TextFontCX" align="center" style= |
| 10732 | 'text-align:center;background:#CCCCCC'><span style= |
| 10733 | 'font-size:10.0pt'>P:</span><span class= |
| 10734 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 10735 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10736 | 'font-size:10.0pt'> |
| 10737 | fullinitblock |
| 10738 | </span></span></p> |
| 10739 | <p class="IndentText"> |
| 10740 | Initializer does not set every field in the structure. |
| 10741 | </p> |
| 10742 | |
| 10743 | |
| 10744 | <div> |
| 10745 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10746 | height="14" align="left"> |
| 10747 | <tr> |
| 10748 | <td valign="top" align="left" height="14" style= |
| 10749 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10750 | <p class="TextFontCX" align="center" style= |
| 10751 | 'text-align:center;background:#CCCCCC'><span style= |
| 10752 | 'font-size:10.0pt'>P:</span><span class= |
| 10753 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 10754 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10755 | 'font-size:10.0pt'> |
| 10756 | initallelments |
| 10757 | </span></span></p> |
| 10758 | <p class="IndentText"> |
| 10759 | Initializer does not define all elements of a declared array. |
| 10760 | </p> |
| 10761 | |
| 10762 | |
| 10763 | <div> |
| 10764 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10765 | height="14" align="left"> |
| 10766 | <tr> |
| 10767 | <td valign="top" align="left" height="14" style= |
| 10768 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10769 | <p class="TextFontCX" align="center" style= |
| 10770 | 'text-align:center;background:#CCCCCC'><span style= |
| 10771 | 'font-size:10.0pt'>P:</span><span class= |
| 10772 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 10773 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10774 | 'font-size:10.0pt'> |
| 10775 | initsize |
| 10776 | </span></span></p> |
| 10777 | <p class="IndentText"> |
| 10778 | Initializer block contains more elements than the size of a declared array. |
| 10779 | </p> |
| 10780 | |
| 10781 | |
| 10782 | <div> |
| 10783 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10784 | height="14" align="left"> |
| 10785 | <tr> |
| 10786 | <td valign="top" align="left" height="14" style= |
| 10787 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10788 | <p class="TextFontCX" align="center" style= |
| 10789 | 'text-align:center;background:#CCCCCC'><span style= |
| 10790 | 'font-size:10.0pt'>m:</span><span class= |
| 10791 | "Keyword"><span style='font-size:10.0pt'>---</span></span></p></td></tr></table></div> |
| 10792 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10793 | 'font-size:10.0pt'> |
| 10794 | impouts |
| 10795 | </span></span></p> |
| 10796 | <p class="IndentText"> |
| 10797 | Pointer parameters to unspecified functions may be implicit <span class= |
| 10798 | "Keyword"><span style='font-size:10.0pt'>out</span></span> parameters. |
| 10799 | </p> |
| 10800 | |
| 10801 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 10802 | Declarations<span class="TextFontCXChar"><span style= |
| 10803 | 'font-size:11.0pt; font-weight:normal'></span></span> |
| 10804 | <span class="TextFontCXChar"> |
| 10805 | <span style= |
| 10806 | 'font-size:11.0pt; font-weight:normal'>)</span></span></p> |
| 10807 | |
| 10808 | <div> |
| 10809 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10810 | height="14" align="left"> |
| 10811 | <tr> |
| 10812 | <td valign="top" align="left" height="14" style= |
| 10813 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10814 | <p class="TextFontCX" align="center" style= |
| 10815 | 'text-align:center;background:#CCCCCC'><span style= |
| 10816 | 'font-size:10.0pt'>m:</span><span class= |
| 10817 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 10818 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10819 | 'font-size:10.0pt'> |
| 10820 | incondefs |
| 10821 | </span></span></p> |
| 10822 | <p class="IndentText"> |
| 10823 | A function, variable or constant is redefined with a different type. |
| 10824 | </p> |
| 10825 | |
| 10826 | <div> |
| 10827 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10828 | height="14" align="left"> |
| 10829 | <tr> |
| 10830 | <td valign="top" align="left" height="14" style= |
| 10831 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10832 | <p class="TextFontCX" align="center" style= |
| 10833 | 'text-align:center;background:#CCCCCC'><span style= |
| 10834 | 'font-size:10.0pt'>m:</span><span class= |
| 10835 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 10836 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10837 | 'font-size:10.0pt'> |
| 10838 | functionderef |
| 10839 | </span></span></p> |
| 10840 | <p class="IndentText"> |
| 10841 | A function type is dereferenced. The ANSI standard allows this because of |
| 10842 | implicit conversion of function designators, however the dereference is unnecessary. |
| 10843 | </p> |
| 10844 | |
| 10845 | <div> |
| 10846 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10847 | height="14" align="left"> |
| 10848 | <tr> |
| 10849 | <td valign="top" align="left" height="14" style= |
| 10850 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10851 | <p class="TextFontCX" align="center" style= |
| 10852 | 'text-align:center;background:#CCCCCC'><span style= |
| 10853 | 'font-size:10.0pt'>m:</span><span class= |
| 10854 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 10855 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10856 | 'font-size:10.0pt'> |
| 10857 | redundantsharequal |
| 10858 | </span></span></p> |
| 10859 | <p class="IndentText"> |
| 10860 | A declaration of an immutable object uses a redundant observer qualifier. |
| 10861 | </p> |
| 10862 | |
| 10863 | |
| 10864 | <div> |
| 10865 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10866 | height="14" align="left"> |
| 10867 | <tr> |
| 10868 | <td valign="top" align="left" height="14" style= |
| 10869 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10870 | <p class="TextFontCX" align="center" style= |
| 10871 | 'text-align:center;background:#CCCCCC'><span style= |
| 10872 | 'font-size:10.0pt'>m:</span><span class= |
| 10873 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 10874 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10875 | 'font-size:10.0pt'> |
| 10876 | misplacedsharequal |
| 10877 | </span></span></p> |
| 10878 | <p class="IndentText"> |
| 10879 | A declaration of an unsharable object uses a sharing annotation. |
| 10880 | </p> |
| 10881 | |
| 10882 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 10883 | Types <span class="TextFontCXChar"><span style= |
| 10884 | 'font-size:11.0pt; font-weight:normal'>(Section</span></span> |
| 10885 | <span class="TextFontCXChar"><span style= |
| 10886 | 'font-size:11.0pt; font-weight:normal'>4</span></span> |
| 10887 | <span class="TextFontCXChar"> |
| 10888 | <span style= |
| 10889 | 'font-size:11.0pt; font-weight:normal'>)</span></span></p> |
| 10890 | <p class="IndentText"> </p> |
| 10891 | |
| 10892 | <div> |
| 10893 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10894 | height="14" align="left"> |
| 10895 | <tr> |
| 10896 | <td valign="top" align="left" height="14" style= |
| 10897 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10898 | <p class="TextFontCX" align="center" style= |
| 10899 | 'text-align:center;background:#CCCCCC'><span style= |
| 10900 | 'font-size:10.0pt'>P:</span> <span class= |
| 10901 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 10902 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10903 | 'font-size:10.0pt'> |
| 10904 | type |
| 10905 | </span></span></p> |
| 10906 | <p class="IndentText">Type mismatch.</p> |
| 10907 | |
| 10908 | <div> |
| 10909 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10910 | height="14" align="left"> |
| 10911 | <tr> |
| 10912 | <td valign="top" align="left" height="14" style= |
| 10913 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10914 | <p class="TextFontCX" align="center" style= |
| 10915 | 'text-align:center;background:#CCCCCC'><span style= |
| 10916 | 'font-size:10.0pt'>P:</span> <span class= |
| 10917 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 10918 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10919 | 'font-size:10.0pt'> |
| 10920 | string-literal-too-long |
| 10921 | </span></span></p> |
| 10922 | <p class="IndentText"> |
| 10923 | A string literal is assigned to a char array too small to hold it. |
| 10924 | </p> |
| 10925 | |
| 10926 | <div> |
| 10927 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10928 | height="14" align="left"> |
| 10929 | <tr> |
| 10930 | <td valign="top" align="left" height="14" style= |
| 10931 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10932 | <p class="TextFontCX" align="center" style= |
| 10933 | 'text-align:center;background:#CCCCCC'><span style= |
| 10934 | 'font-size:10.0pt'>m:</span> <span class= |
| 10935 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 10936 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10937 | 'font-size:10.0pt'> |
| 04c4d6c2 |
10938 | string-literal-no-room |
| 9645dee1 |
10939 | </span></span></p> |
| 10940 | <p class="IndentText"> |
| 10941 | A string literal is assigned to a char array that is not big enough to hold the null terminator. |
| 10942 | </p> |
| 10943 | |
| 10944 | |
| 36ba812d |
10945 | <div> |
| 10946 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10947 | height="14" align="left"> |
| 10948 | <tr> |
| 10949 | <td valign="top" align="left" height="14" style= |
| 10950 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10951 | <p class="TextFontCX" align="center" style= |
| 10952 | 'text-align:center;background:#CCCCCC'><span style= |
| 10953 | 'font-size:10.0pt'>m:</span> <span class= |
| 10954 | "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div> |
| 10955 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10956 | 'font-size:10.0pt'> |
| 04c4d6c2 |
10957 | string-literal-no-room-final-null |
| 36ba812d |
10958 | </span></span></p> |
| 10959 | <p class="IndentText"> |
| 10960 | A string literal is assigned to a char array that is not big enough to |
| 10961 | hold the final null terminator. This may not be a problem because a null |
| 10962 | character has been explictedly included in the string literal using an |
| 10963 | escape sequence. |
| 10964 | </p> |
| 10965 | |
| 9645dee1 |
10966 | <div> |
| 10967 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10968 | height="14" align="left"> |
| 10969 | <tr> |
| 10970 | <td valign="top" align="left" height="14" style= |
| 10971 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10972 | <p class="TextFontCX" align="center" style= |
| 10973 | 'text-align:center;background:#CCCCCC'><span style= |
| 10974 | 'font-size:10.0pt'>m:</span> <span class= |
| 10975 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 10976 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10977 | 'font-size:10.0pt'> |
| 10978 | string-literal-smaller |
| 10979 | </span></span></p> |
| 10980 | <p class="IndentText"> |
| 10981 | A string literal is assigned to a char array that smaller than the string literal needs. |
| 10982 | </p> |
| 10983 | |
| 10984 | |
| 10985 | <div> |
| 10986 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 10987 | height="14" align="left"> |
| 10988 | <tr> |
| 10989 | <td valign="top" align="left" height="14" style= |
| 10990 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 10991 | <p class="TextFontCX" align="center" style= |
| 10992 | 'text-align:center;background:#CCCCCC'><span style= |
| 10993 | 'font-size:10.0pt'>m:</span> <span class= |
| 10994 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 10995 | <p class="TextFontCX"><span class="Flag"><span style= |
| 10996 | 'font-size:10.0pt'> |
| 10997 | enum-members |
| 10998 | </span></span></p> |
| 10999 | <p class="IndentText"> |
| 11000 | Type of initial values for enum members must be int. |
| 11001 | </p> |
| 11002 | |
| 11003 | <p class="Heading10">Boolean Types <span class= |
| 11004 | "HeadingNote"><span style= |
| 11005 | 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span> |
| 11006 | <span class="HeadingNote"><span style= |
| 11007 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>4.2</span></span><span class="HeadingNote"> |
| 11008 | <span style= |
| 11009 | 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p> |
| 11010 | <p class="TextFontCX">These flags control the type name used to |
| 11011 | represent Booleans, and whether the Boolean type is abstract.</p> |
| 11012 | <p class="TextFontCX"> </p> |
| 11013 | <div> |
| 11014 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11015 | height="14" align="left"> |
| 11016 | <tr> |
| 11017 | <td valign="top" align="left" height="14" style= |
| 11018 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11019 | <p class="TextFontCX" align="center" style= |
| 11020 | 'text-align:center;background:#CCCCCC'><span style= |
| 11021 | 'font-size:10.0pt'>P:</span> <span class= |
| 11022 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 11023 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11024 | 'font-size:10.0pt'>bool</span></span></p> |
| 11025 | <p class="IndentText">Boolean type is an abstract type.</p> |
| 11026 | <div> |
| 11027 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11028 | height="14" align="left"> |
| 11029 | <tr> |
| 11030 | <td valign="top" align="left" height="14" style= |
| 11031 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11032 | <p class="TextFontCX" align="center" style= |
| 11033 | 'text-align:center;background:#CCCCCC'><span style= |
| 11034 | 'font-size:10.0pt'>P:</span> <span class="Flag"><span style= |
| 11035 | 'font-size:10.0pt'>bool</span></span></p></td></tr></table></div> |
| 11036 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11037 | 'font-size:10.0pt'>booltype</span></span> <span class= |
| 11038 | "Flag"><span style= |
| 11039 | 'font-size:10.0pt'><i><name></i></span></span></p> |
| 11040 | <p class="IndentText">Set name of Boolean type to |
| 11041 | <i><name></i>.</p> |
| 11042 | <div> |
| 11043 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11044 | height="14" align="left"> |
| 11045 | <tr> |
| 11046 | <td valign="top" align="left" height="14" style= |
| 11047 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11048 | <p class="TextFontCX" align="center" style= |
| 11049 | 'text-align:center;background:#CCCCCC'><span style= |
| 11050 | 'font-size:10.0pt'>P:</span><span class="Flag"><span style= |
| 11051 | 'font-size:10.0pt'>FALSE</span></span></p></td></tr></table></div> |
| 11052 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11053 | 'font-size:10.0pt'>boolfalse</span></span> <span class= |
| 11054 | "Flag"><span style= |
| 11055 | 'font-size:10.0pt'><i><name></i></span></span></p> |
| 11056 | <p class="IndentText">Set name of Boolean false to |
| 11057 | <i><name></i>.</p> |
| 11058 | <div> |
| 11059 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11060 | height="14" align="left"> |
| 11061 | <tr> |
| 11062 | <td valign="top" align="left" height="14" style= |
| 11063 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11064 | <p class="TextFontCX" align="center" style= |
| 11065 | 'text-align:center;background:#CCCCCC'><span style= |
| 11066 | 'font-size:10.0pt'>P:</span> <span class="Flag"><span style= |
| 11067 | 'font-size:10.0pt'>TRUE</span></span></p></td></tr></table></div> |
| 11068 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11069 | 'font-size:10.0pt'>booltrue</span></span> <span class= |
| 11070 | "Flag"><span style= |
| 11071 | 'font-size:10.0pt'><i><name></i></span></span></p> |
| 11072 | <p class="IndentText">Set name of Boolean true to |
| 11073 | <i><name></i>.</p> |
| 11074 | |
| 11075 | <div> |
| 11076 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11077 | height="14" align="left"> |
| 11078 | <tr> |
| 11079 | <td valign="top" align="left" height="14" style= |
| 11080 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11081 | <p class="TextFontCX" align="center" style= |
| 11082 | 'text-align:center;background:#CCCCCC'><span style= |
| 11083 | 'font-size:10.0pt'>P:</span> <span class= |
| 11084 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 11085 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11086 | 'font-size:10.0pt'> |
| 11087 | likelybool |
| 11088 | </span></span></p> |
| 11089 | <p class="IndentText"> |
| 11090 | Splint has found a type which appears to be the boolean type. Use the -booltype, -boolfalse and -booltrue flags to change the name of the default boolean type. |
| 11091 | </p> |
| 11092 | |
| 11093 | |
| 11094 | <p class="Heading10"><a name="_Ref344871224">Predicates</a></p> |
| 11095 | <div> |
| 11096 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11097 | height="14" align="left"> |
| 11098 | <tr> |
| 11099 | <td valign="top" align="left" height="14" style= |
| 11100 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11101 | <p class="TextFontCX" align="center" style= |
| 11102 | 'text-align:center;background:#CCCCCC'><span style= |
| 11103 | 'font-size:10.0pt'>m:</span><span class= |
| 11104 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 11105 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11106 | 'font-size:10.0pt'>pred-bool-ptr</span></span></p> |
| 11107 | <p class="IndentText">Type of condition test is a pointer.</p> |
| 11108 | <div> |
| 11109 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11110 | height="14" align="left"> |
| 11111 | <tr> |
| 11112 | <td valign="top" align="left" height="14" style= |
| 11113 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11114 | <p class="TextFontCX" align="center" style= |
| 11115 | 'text-align:center;background:#CCCCCC'><span style= |
| 11116 | 'font-size:10.0pt'>m:</span><span class= |
| 11117 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 11118 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11119 | 'font-size:10.0pt'>pred-bool-int</span></span></p> |
| 11120 | <p class="IndentText">Type of condition test is an integral |
| 11121 | type.</p> |
| 11122 | <div> |
| 11123 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11124 | height="14" align="left"> |
| 11125 | <tr> |
| 11126 | <td valign="top" align="left" height="14" style= |
| 11127 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11128 | <p class="TextFontCX" align="center" style= |
| 11129 | 'text-align:center;background:#CCCCCC'><span style= |
| 11130 | 'font-size:10.0pt'>m:</span><span class= |
| 11131 | "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div> |
| 11132 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11133 | 'font-size:10.0pt'>pred-bool-others</span></span></p> |
| 11134 | <p class="IndentText">Type of condition test is not a Boolean, |
| 11135 | pointer or integral type.</p> |
| 11136 | <div> |
| 11137 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11138 | height="14" align="left"> |
| 11139 | <tr> |
| 11140 | <td valign="top" align="left" height="14" style= |
| 11141 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11142 | <p class="TextFontCX" align="center" style= |
| 11143 | 'text-align:center;background:#CCCCCC'><span style= |
| 11144 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 11145 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11146 | 'font-size:10.0pt'>pred-bool</span></span></p> |
| 11147 | <p class="IndentText">Sets <span class="Flag"><span style= |
| 11148 | 'font-size:10.0pt'>predboolint</span></span>, <span class= |
| 11149 | "Flag"><span style='font-size:10.0pt'>predboolptr</span></span> and |
| 11150 | <span class="Flag"><span style= |
| 11151 | 'font-size:10.0pt'>preboolothers</span></span>.</p> |
| 11152 | <div> |
| 11153 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11154 | height="14" align="left"> |
| 11155 | <tr> |
| 11156 | <td valign="top" align="left" height="14" style= |
| 11157 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11158 | <p class="TextFontCX" align="center" style= |
| 11159 | 'text-align:center;background:#CCCCCC'><span style= |
| 11160 | 'font-size:10.0pt'>P:</span> <span class= |
| 11161 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 11162 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11163 | 'font-size:10.0pt'>pred-assign</span></span></p> |
| 11164 | <p class="IndentText">The condition test is an assignment |
| 11165 | expression. If an assignment is intended, add an extra parentheses |
| 11166 | nesting (e.g., <span class="CodeText"><span style= |
| 11167 | 'font-size:10.0pt'>if ((a = b))</span></span> ...).</p> |
| 11168 | <p class="Heading10">Primitive Operations</p> |
| 11169 | <div> |
| 11170 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11171 | height="14" align="left"> |
| 11172 | <tr> |
| 11173 | <td valign="top" align="left" height="14" style= |
| 11174 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11175 | <p class="TextFontCX" align="center" style= |
| 11176 | 'text-align:center;background:#CCCCCC'><span style= |
| 11177 | 'font-size:10.0pt'>m:</span><span class= |
| 11178 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 11179 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11180 | 'font-size:10.0pt'>ptr-arith</span></span></p> |
| 11181 | <p class="IndentText">Arithmetic involving pointer and integer.</p> |
| 11182 | |
| 11183 | <div> |
| 11184 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11185 | height="14" align="left"> |
| 11186 | <tr> |
| 11187 | <td valign="top" align="left" height="14" style= |
| 11188 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11189 | <p class="TextFontCX" align="center" style= |
| 11190 | 'text-align:center;background:#CCCCCC'><span style= |
| 11191 | 'font-size:10.0pt'>m:</span> <span class= |
| 11192 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 11193 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11194 | 'font-size:10.0pt'> |
| 11195 | nullptrarith |
| 11196 | </span></span></p> |
| 11197 | <p class="IndentText"> |
| 11198 | Pointer arithmetic using a possibly null pointer and integer. |
| 11199 | </p> |
| 11200 | |
| 11201 | |
| 11202 | <div> |
| 11203 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11204 | height="14" align="left"> |
| 11205 | <tr> |
| 11206 | <td valign="top" align="left" height="14" style= |
| 11207 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11208 | <p class="TextFontCX" align="center" style= |
| 11209 | 'text-align:center;background:#CCCCCC'><span style= |
| 11210 | 'font-size:10.0pt'>m:</span> <span class= |
| 11211 | "Keyword"><span style='font-size:10.0pt'>++--</span></span></p></td></tr></table></div> |
| 11212 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11213 | 'font-size:10.0pt'> |
| 11214 | boolops |
| 11215 | </span></span></p> |
| 11216 | <p class="IndentText"> |
| 11217 | The operand of a boolean operator is not a boolean. Use +ptrnegate to allow ! to be used on pointers. |
| 11218 | </p> |
| 11219 | <div> |
| 11220 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11221 | height="14" align="left"> |
| 11222 | <tr> |
| 11223 | <td valign="top" align="left" height="14" style= |
| 11224 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11225 | <p class="TextFontCX" align="center" style= |
| 11226 | 'text-align:center;background:#CCCCCC'><span style= |
| 11227 | 'font-size:10.0pt'>m:</span><span class= |
| 11228 | "Keyword"><span style='font-size:10.0pt'>++--</span></span></p></td></tr></table></div> |
| 11229 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11230 | 'font-size:10.0pt'>ptr-negate</span></span></p> |
| 11231 | <p class="IndentText">Allow the operand of the <span class= |
| 11232 | "CodeText"><span style='font-size:10.0pt'>!</span></span> operator |
| 11233 | to be a pointer.</p> |
| 11234 | <div> |
| 11235 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11236 | height="14" align="left"> |
| 11237 | <tr> |
| 11238 | <td valign="top" align="left" height="14" style= |
| 11239 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11240 | <p class="TextFontCX" align="center" style= |
| 11241 | 'text-align:center;background:#CCCCCC'><span style= |
| 11242 | 'font-size:10.0pt'>m:</span><span class= |
| 11243 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 11244 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11245 | 'font-size:10.0pt'>bitwise-signed</span></span><span class= |
| 11246 | "Flag"><span style='font-size:10.0pt'> </span></span></p> |
| 11247 | <p class="IndentText">An operand to a bitwise operator is not an |
| 11248 | unsigned value. This may have unexpected results depending on the |
| 11249 | signed representations.</p> |
| 11250 | |
| 11251 | |
| 11252 | <div> |
| 11253 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11254 | height="14" align="left"> |
| 11255 | <tr> |
| 11256 | <td valign="top" align="left" height="14" style= |
| 11257 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11258 | <p class="TextFontCX" align="center" style= |
| 11259 | 'text-align:center;background:#CCCCCC'><span style= |
| 11260 | 'font-size:10.0pt'>m:</span> <span class= |
| 11261 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 11262 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11263 | 'font-size:10.0pt'> |
| 11264 | shiftimplementation |
| 11265 | </span></span></p> |
| 11266 | <p class="IndentText"> |
| 11267 | The left operand to a shift operator may be negative (behavior is implementation-defined). |
| 11268 | </p> |
| 11269 | |
| 11270 | |
| 11271 | <div> |
| 11272 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11273 | height="14" align="left"> |
| 11274 | <tr> |
| 11275 | <td valign="top" align="left" height="14" style= |
| 11276 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11277 | <p class="TextFontCX" align="center" style= |
| 11278 | 'text-align:center;background:#CCCCCC'><span style= |
| 11279 | 'font-size:10.0pt'>m:</span> <span class= |
| 11280 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 11281 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11282 | 'font-size:10.0pt'> |
| 11283 | shiftnegative |
| 11284 | </span></span></p> |
| 11285 | <p class="IndentText"> |
| 11286 | The right operand to a shift operator may be negative (behavior undefined). |
| 11287 | </p> |
| 11288 | |
| 11289 | <div> |
| 11290 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11291 | height="14" align="left"> |
| 11292 | <tr> |
| 11293 | <td valign="top" align="left" height="14" style= |
| 11294 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11295 | <p class="TextFontCX" align="center" style= |
| 11296 | 'text-align:center;background:#CCCCCC'><span style= |
| 11297 | 'font-size:10.0pt'>m:</span><span class= |
| 11298 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 11299 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11300 | 'font-size:10.0pt'>shift-signed</span></span></p> |
| 11301 | <p class="IndentText">The left operand to a shift operator is not |
| 11302 | an unsigned value.</p> |
| 11303 | <div> |
| 11304 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11305 | height="14" align="left"> |
| 11306 | <tr> |
| 11307 | <td valign="top" align="left" height="14" style= |
| 11308 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11309 | <p class="TextFontCX" align="center" style= |
| 11310 | 'text-align:center;background:#CCCCCC'><span style= |
| 11311 | 'font-size:10.0pt'>m:</span><span class= |
| 11312 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 11313 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11314 | 'font-size:10.0pt'>strict-ops</span></span></p> |
| 11315 | <p class="IndentText">Primitive operation does not type check |
| 11316 | strictly.</p> |
| 11317 | <div> |
| 11318 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11319 | height="14" align="left"> |
| 11320 | <tr> |
| 11321 | <td valign="top" align="left" height="14" style= |
| 11322 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11323 | <p class="TextFontCX" align="center" style= |
| 11324 | 'text-align:center;background:#CCCCCC'><span style= |
| 11325 | 'font-size:10.0pt'>m:</span><span class= |
| 11326 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 11327 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11328 | 'font-size:10.0pt'>sizeof-type</span></span></p> |
| 11329 | <p class="IndentText">Operand of <span class= |
| 11330 | "CodeText"><span style='font-size:10.0pt'>sizeof</span></span> |
| 11331 | operator is a type. (Safer to use <span class= |
| 11332 | "CodeText"><span style='font-size:10.0pt'>int *x = sizeof |
| 11333 | (*x);</span></span> instead of <span class= |
| 11334 | "CodeText"><span style='font-size:10.0pt'>sizeof |
| 11335 | (int)</span></span>.)</p> |
| 11336 | <p class="Heading10">Array Formal Parameters</p> |
| 11337 | <p class="TextFontCX">These flags control reporting of common |
| 11338 | errors caused by confusion about the semantics of array formal |
| 11339 | parameters.</p> |
| 11340 | <p class="TextFontCX"> </p> |
| 11341 | <div> |
| 11342 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11343 | height="14" align="left"> |
| 11344 | <tr> |
| 11345 | <td valign="top" align="left" height="14" style= |
| 11346 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11347 | <p class="TextFontCX" align="center" style= |
| 11348 | 'text-align:center;background:#CCCCCC'><span style= |
| 11349 | 'font-size:10.0pt'>P:</span> <span class= |
| 11350 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 11351 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11352 | 'font-size:10.0pt'>sizeof-formal-array</span></span></p> |
| 11353 | <p class="IndentText">The <span class="CodeText"><span style= |
| 11354 | 'font-size:10.0pt'>sizeof</span></span> operator is used on a |
| 11355 | parameter declared as an array. (In many instances this has |
| 11356 | unexpected behavior, since the result is the size of a pointer to |
| 11357 | the element type, not the number of elements in the array.)</p> |
| 11358 | <p class="IndentText"> </p> |
| 11359 | <div> |
| 11360 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11361 | height="14" align="left"> |
| 11362 | <tr> |
| 11363 | <td valign="top" align="left" height="14" style= |
| 11364 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11365 | <p class="TextFontCX" align="center" style= |
| 11366 | 'text-align:center;background:#CCCCCC'><span style= |
| 11367 | 'font-size:10.0pt'>P:</span> <span class= |
| 11368 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 11369 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11370 | 'font-size:10.0pt'>fixed-formal-array</span></span></p> |
| 11371 | <p class="IndentText">An array formal parameter is declared with a |
| 11372 | fixed size (e.g., <span class="CodeText"><span style= |
| 11373 | 'font-size:10.0pt'>int x[20]</span></span>). This is likely |
| 11374 | to be confusing, since the size is ignored.</p> |
| 11375 | <div> |
| 11376 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11377 | height="14" align="left"> |
| 11378 | <tr> |
| 11379 | <td valign="top" align="left" height="14" style= |
| 11380 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11381 | <p class="TextFontCX" align="center" style= |
| 11382 | 'text-align:center;background:#CCCCCC'><span style= |
| 11383 | 'font-size:10.0pt'>P:</span> <span class= |
| 11384 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 11385 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11386 | 'font-size:10.0pt'>formal-array</span></span></p> |
| 11387 | <p class="IndentText">A formal parameter is declared as an |
| 11388 | array. This is probably not a problem, but can be confusing |
| 11389 | since it is treated as a pointer. </p> |
| 11390 | <p class="Heading10">Format Codes</p> |
| 11391 | <div> |
| 11392 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11393 | height="14" align="left"> |
| 11394 | <tr> |
| 11395 | <td valign="top" align="left" height="14" style= |
| 11396 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11397 | <p class="TextFontCX" align="center" style= |
| 11398 | 'text-align:center;background:#CCCCCC'><span style= |
| 11399 | 'font-size:10.0pt'>P:</span> <span class= |
| 11400 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 11401 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11402 | 'font-size:10.0pt'>format-code</span></span></p> |
| 11403 | <p class="IndentText">Invalid format code in format string for |
| 11404 | <span class="Annot"><span style= |
| 11405 | 'font-size:10.0pt'>printflike</span></span> or <span class= |
| 11406 | "Annot"><span style='font-size:10.0pt'>scanflike</span></span> |
| 11407 | function.</p> |
| 11408 | <div> |
| 11409 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11410 | height="14" align="left"> |
| 11411 | <tr> |
| 11412 | <td valign="top" align="left" height="14" style= |
| 11413 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11414 | <p class="TextFontCX" align="center" style= |
| 11415 | 'text-align:center;background:#CCCCCC'><span style= |
| 11416 | 'font-size:10.0pt'>P:</span> <span class= |
| 11417 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 11418 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11419 | 'font-size:10.0pt'>format-type</span></span></p> |
| 11420 | <p class="IndentText">Type-mismatch in parameter corresponding to |
| 11421 | format code in a <span class="Annot"><span style= |
| 11422 | 'font-size:10.0pt'>printflike</span></span> or <span class= |
| 11423 | "Annot"><span style='font-size:10.0pt'>scanflike</span></span> |
| 11424 | function.</p> |
| 11425 | |
| 11426 | <div> |
| 11427 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11428 | height="14" align="left"> |
| 11429 | <tr> |
| 11430 | <td valign="top" align="left" height="14" style= |
| 11431 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11432 | <p class="TextFontCX" align="center" style= |
| 11433 | 'text-align:center;background:#CCCCCC'><span style= |
| 11434 | 'font-size:10.0pt'>P:</span> <span class= |
| 11435 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 11436 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11437 | 'font-size:10.0pt'>format-const</span></span></p> |
| 11438 | <p class="IndentText">Format parameter is not known at compile-time. This can lead to security vulnerabilities because the arguments cannot be type checked.</p> |
| 11439 | |
| 11440 | <p class="Heading10">Main</p> |
| 11441 | <div> |
| 11442 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11443 | height="14" align="left"> |
| 11444 | <tr> |
| 11445 | <td valign="top" align="left" height="14" style= |
| 11446 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11447 | <p class="TextFontCX" align="center" style= |
| 11448 | 'text-align:center;background:#CCCCCC'><span style= |
| 11449 | 'font-size:10.0pt'>P:</span> <span class= |
| 11450 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 11451 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11452 | 'font-size:10.0pt'>main-type</span></span></p> |
| 11453 | <p class="IndentText">Type of <span class= |
| 11454 | "CodeText"><span style='font-size:10.0pt'>main</span></span> |
| 11455 | does not match expected type (function returning an |
| 11456 | <span class="CodeText"><span style= |
| 11457 | 'font-size:10.0pt'>int</span></span>, taking no parameters or |
| 11458 | two parameters of type <span class="CodeText"><span style= |
| 11459 | 'font-size:10.0pt'>int</span></span> and <span class= |
| 11460 | "CodeText"><span style='font-size:10.0pt'>char |
| 11461 | **</span></span>.)</p> |
| 11462 | <p class="Heading10">Comparisons</p> |
| 11463 | <div> |
| 11464 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11465 | height="14" align="left"> |
| 11466 | <tr> |
| 11467 | <td valign="top" align="left" height="14" style= |
| 11468 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11469 | <p class="TextFontCX" align="center" style= |
| 11470 | 'text-align:center;background:#CCCCCC'><a name= |
| 11471 | "boolcompare"></a><a name="boolprose"><span style= |
| 11472 | 'font-size:10.0pt'>m:</span></a><span class= |
| 11473 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 11474 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11475 | 'font-size:10.0pt'>bool-compare</span></span></p> |
| 11476 | <p class="IndentText">Comparison between Boolean values. This |
| 11477 | is dangerous since there may be multiple true values as any |
| 11478 | non-zero value is interpreted as true.</p> |
| 11479 | <div> |
| 11480 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11481 | height="14" align="left"> |
| 11482 | <tr> |
| 11483 | <td valign="top" align="left" height="14" style= |
| 11484 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11485 | <p class="TextFontCX" align="center" style= |
| 11486 | 'text-align:center;background:#CCCCCC'><span style= |
| 11487 | 'font-size:10.0pt'>m:</span><span class= |
| 11488 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 11489 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11490 | 'font-size:10.0pt'>real-compare</span></span></p> |
| 11491 | <p class="IndentText">Comparison involving <span class= |
| 11492 | "CodeText"><span style='font-size:10.0pt'>float</span></span> or |
| 11493 | <span class="CodeText"><span style= |
| 11494 | 'font-size:10.0pt'>double</span></span> values. This is |
| 11495 | dangerous since it may produce unexpected results because floating |
| 11496 | point representations are inexact.</p> |
| 11497 | <div> |
| 11498 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11499 | height="14" align="left"> |
| 11500 | <tr> |
| 11501 | <td valign="top" align="left" height="14" style= |
| 11502 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11503 | <p class="TextFontCX" align="center" style= |
| 11504 | 'text-align:center;background:#CCCCCC'><span style= |
| 11505 | 'font-size:10.0pt'>m:</span><span class= |
| 11506 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 11507 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11508 | 'font-size:10.0pt'>ptr-compare</span></span></p> |
| 11509 | <p class="IndentText">Comparison between pointer and number.</p> |
| 11510 | |
| 11511 | <div> |
| 11512 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11513 | height="14" align="left"> |
| 11514 | <tr> |
| 11515 | <td valign="top" align="left" height="14" style= |
| 11516 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11517 | <p class="TextFontCX" align="center" style= |
| 11518 | 'text-align:center;background:#CCCCCC'><span style= |
| 11519 | 'font-size:10.0pt'>m:</span><span class= |
| 11520 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 11521 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11522 | 'font-size:10.0pt'>unsigned-compare</span></span></p> |
| 11523 | <p class="IndentText"> |
| 11524 | An unsigned value is used in a comparison with zero in a way that is either a bug or confusing. |
| 11525 | </p> |
| 11526 | |
| 11527 | <p class="Heading10">Type Equivalence</p> |
| 11528 | <div> |
| 11529 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11530 | height="14" align="left"> |
| 11531 | <tr> |
| 11532 | <td valign="top" align="left" height="14" style= |
| 11533 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11534 | <p class="TextFontCX" align="center" style= |
| 11535 | 'text-align:center;background:#CCCCCC'><a name= |
| 11536 | "globs"></a><span style= |
| 11537 | 'font-size:10.0pt'>m:</span><span class="Keyword"><span style='font-size: 10.0pt'> |
| 11538 | +---</span></span></p></td></tr></table></div> |
| 11539 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11540 | 'font-size:10.0pt'>void-abstract</span></span></p> |
| 11541 | <p class="IndentText">Allow <span class= |
| 11542 | "CodeText"><span style='font-size:10.0pt'>void |
| 11543 | *</span></span> to match pointers to abstract types. |
| 11544 | (Casting a pointer to an abstract type to a pointer to |
| 11545 | <span class="CodeText"><span style= |
| 11546 | 'font-size:10.0pt'>void</span></span> is okay if <span class= |
| 11547 | "Flag"><span style= |
| 11548 | 'font-size:10.0pt'>+void-abstract</span></span> is set.)</p> |
| 11549 | <div> |
| 11550 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11551 | height="14" align="left"> |
| 11552 | <tr> |
| 11553 | <td valign="top" align="left" height="14" style= |
| 11554 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11555 | <p class="TextFontCX" align="center" style= |
| 11556 | 'text-align:center;background:#CCCCCC'><span style= |
| 11557 | 'font-size:10.0pt'>P: +</span></p></td></tr></table></div> |
| 11558 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11559 | 'font-size:10.0pt'>cast-fcn-ptr</span></span></p> |
| 11560 | <p class="IndentText"> A pointer to a function is cast to (or |
| 11561 | used as) a pointer to void (or vice versa).</p> |
| 11562 | <div> |
| 11563 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11564 | height="14" align="left"> |
| 11565 | <tr> |
| 11566 | <td valign="top" align="left" height="14" style= |
| 11567 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11568 | <p class="TextFontCX" align="center" style= |
| 11569 | 'text-align:center;background:#CCCCCC'><span style= |
| 11570 | 'font-size:10.0pt'>m:</span><span class= |
| 11571 | "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div> |
| 11572 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11573 | 'font-size:10.0pt'>forward-decl</span></span></p> |
| 11574 | <p class="IndentText">Forward declarations of pointers to abstract |
| 11575 | representation match abstract type.</p> |
| 11576 | <div> |
| 11577 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11578 | height="14" align="left"> |
| 11579 | <tr> |
| 11580 | <td valign="top" align="left" height="14" style= |
| 11581 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11582 | <p class="TextFontCX" align="center" style= |
| 11583 | 'text-align:center;background:#CCCCCC'><span style= |
| 11584 | 'font-size:10.0pt'>m:</span><span class= |
| 11585 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 11586 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11587 | 'font-size:10.0pt'>imp-type</span></span></p> |
| 11588 | <p class="IndentText">A variable declaration has no explicit |
| 11589 | type. The type is implicitly int.</p> |
| 11590 | <div> |
| 11591 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11592 | height="14" align="left"> |
| 11593 | <tr> |
| 11594 | <td valign="top" align="left" height="14" style= |
| 11595 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11596 | <p class="TextFontCX" align="center" style= |
| 11597 | 'text-align:center;background:#CCCCCC'><span style= |
| 11598 | 'font-size:10.0pt'>P:</span> <span class= |
| 11599 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 11600 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11601 | 'font-size:10.0pt'>incomplete-type</span></span></p> |
| 11602 | <p class="IndentText">A formal parameter is declared with an |
| 11603 | incomplete type (e.g., <span class="Keyword"><span style= |
| 11604 | 'font-size:10.0pt'>int[][]</span></span>).</p> |
| 11605 | <div> |
| 11606 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11607 | height="14" align="left"> |
| 11608 | <tr> |
| 11609 | <td valign="top" align="left" height="14" style= |
| 11610 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11611 | <p class="TextFontCX" align="center" style= |
| 11612 | 'text-align:center;background:#CCCCCC'><span style= |
| 11613 | 'font-size:10.0pt'>m:</span><span class= |
| 11614 | "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div> |
| 11615 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11616 | 'font-size:10.0pt'>char-index</span></span></p> |
| 11617 | <p class="IndentText">Allow <span class= |
| 11618 | "CodeText"><span style='font-size:10.0pt'>char</span></span> |
| 11619 | to index arrays.</p> |
| 11620 | <div> |
| 11621 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11622 | height="14" align="left"> |
| 11623 | <tr> |
| 11624 | <td valign="top" align="left" height="14" style= |
| 11625 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11626 | <p class="TextFontCX" align="center" style= |
| 11627 | 'text-align:center;background:#CCCCCC'><span style= |
| 11628 | 'font-size:10.0pt'>m:</span><span class= |
| 11629 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 11630 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11631 | 'font-size:10.0pt'>enum-index</span></span></p> |
| 11632 | <p class="IndentText">Allow members of <span class= |
| 11633 | "CodeText"><span style='font-size:10.0pt'>enum</span></span>type to |
| 11634 | index arrays.</p> |
| 11635 | <div> |
| 11636 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11637 | height="14" align="left"> |
| 11638 | <tr> |
| 11639 | <td valign="top" align="left" height="14" style= |
| 11640 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11641 | <p class="TextFontCX" align="center" style= |
| 11642 | 'text-align:center;background:#CCCCCC'><span style= |
| 11643 | 'font-size:10.0pt'>m:</span><span class= |
| 11644 | "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div> |
| 11645 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11646 | 'font-size:10.0pt'>bool-int</span></span></p> |
| 11647 | <p class="IndentText">Make <span class= |
| 11648 | "CodeText"><span style='font-size:10.0pt'>bool</span></span> |
| 11649 | and <span class="CodeText"><span style= |
| 11650 | 'font-size:10.0pt'>int</span></span> are equivalent. |
| 11651 | (No type errors are reported when a Boolean is used where an |
| 11652 | integral type is expected and vice versa.)</p> |
| 11653 | <div> |
| 11654 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11655 | height="14" align="left"> |
| 11656 | <tr> |
| 11657 | <td valign="top" align="left" height="14" style= |
| 11658 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11659 | <p class="TextFontCX" align="center" style= |
| 11660 | 'text-align:center;background:#CCCCCC'><span style= |
| 11661 | 'font-size:10.0pt'>m:</span><span class= |
| 11662 | "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div> |
| 11663 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11664 | 'font-size:10.0pt'>char-int</span></span></p> |
| 11665 | <p class="IndentText">Make <span class= |
| 11666 | "CodeText"><span style='font-size:10.0pt'>char</span></span> |
| 11667 | and <span class="CodeText"><span style= |
| 11668 | 'font-size:10.0pt'>int</span></span> types equivalent</p> |
| 11669 | |
| 11670 | <div> |
| 11671 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11672 | height="14" align="left"> |
| 11673 | <tr> |
| 11674 | <td valign="top" align="left" height="14" style= |
| 11675 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11676 | <p class="TextFontCX" align="center" style= |
| 11677 | 'text-align:center;background:#CCCCCC'><span style= |
| 11678 | 'font-size:10.0pt'>m:</span><span class= |
| 11679 | "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div> |
| 11680 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11681 | 'font-size:10.0pt'>charunsignedchar</span></span></p> |
| 11682 | <p class="IndentText">To allow <span class= |
| 11683 | "CodeText"><span style='font-size:10.0pt'>char</span></span> |
| 11684 | and <span class="CodeText"><span style= |
| 11685 | 'font-size:10.0pt'>unsigned char</span></span> types to match use |
| 11686 | <span class="Flag"><span style= |
| 11687 | 'font-size:10.0pt'>+charunsignedchar</span></span> |
| 11688 | </p> |
| 11689 | |
| 11690 | <div> |
| 11691 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11692 | height="14" align="left"> |
| 11693 | <tr> |
| 11694 | <td valign="top" align="left" height="14" style= |
| 11695 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11696 | <p class="TextFontCX" align="center" style= |
| 11697 | 'text-align:center;background:#CCCCCC'><span style= |
| 11698 | 'font-size:10.0pt'>m:</span><span class= |
| 11699 | "Keyword"><span style='font-size:10.0pt'>++--</span></span></p></td></tr></table></div> |
| 11700 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11701 | 'font-size:10.0pt'>enum-int</span></span></p> |
| 11702 | <p class="IndentText">Make <span class= |
| 11703 | "CodeText"><span style='font-size:10.0pt'>enum</span></span> |
| 11704 | and <span class="CodeText"><span style= |
| 11705 | 'font-size:10.0pt'>int</span></span> types equivalent</p> |
| 11706 | <div> |
| 11707 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11708 | height="14" align="left"> |
| 11709 | <tr> |
| 11710 | <td valign="top" align="left" height="14" style= |
| 11711 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11712 | <p class="TextFontCX" align="center" style= |
| 11713 | 'text-align:center;background:#CCCCCC'><span style= |
| 11714 | 'font-size:10.0pt'>m:</span><span class= |
| 11715 | "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div> |
| 11716 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11717 | 'font-size:10.0pt'>float-double</span></span></p> |
| 11718 | <p class="IndentText">Make <span class= |
| 11719 | "CodeText"><span style='font-size:10.0pt'>float</span></span> |
| 11720 | and <span class="CodeText"><span style= |
| 11721 | 'font-size:10.0pt'>double</span></span> types equivalent</p> |
| 11722 | <div> |
| 11723 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11724 | height="14" align="left"> |
| 11725 | <tr> |
| 11726 | <td valign="top" align="left" height="14" style= |
| 11727 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11728 | <p class="TextFontCX" align="center" style= |
| 11729 | 'text-align:center;background:#CCCCCC'><span style= |
| 11730 | 'font-size:10.0pt'>m:</span><span class= |
| 11731 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 11732 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11733 | 'font-size:10.0pt'>ignore-quals</span></span></p> |
| 11734 | <p class="IndentText">Ignore type qualifiers (<span class= |
| 11735 | "CodeText"><span style='font-size:10.0pt'>long</span></span>, |
| 11736 | <span class="CodeText"><span style= |
| 11737 | 'font-size:10.0pt'>short</span></span>, <span class= |
| 11738 | "CodeText"><span style= |
| 11739 | 'font-size:10.0pt'>unsigned</span></span>).</p> |
| 11740 | <div> |
| 11741 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11742 | height="14" align="left"> |
| 11743 | <tr> |
| 11744 | <td valign="top" align="left" height="14" style= |
| 11745 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11746 | <p class="TextFontCX" align="center" style= |
| 11747 | 'text-align:center;background:#CCCCCC'><span style= |
| 11748 | 'font-size:10.0pt'>m:</span><span class= |
| 11749 | "Keyword"><span style='font-size:10.0pt'>++--</span></span></p></td></tr></table></div> |
| 11750 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11751 | 'font-size:10.0pt'>relax-quals</span></span></p> |
| 11752 | <p class="IndentText">Report qualifier mismatches only if dangerous |
| 11753 | (information may be lost since a larger type is assigned to (or |
| 11754 | passed as) a smaller one or a comparison uses <span class= |
| 11755 | "CodeText"><span style='font-size:10.0pt'>signed</span></span> and |
| 11756 | <span class="CodeText"><span style= |
| 11757 | 'font-size:10.0pt'>unsigned</span></span> values.)</p> |
| 11758 | <div> |
| 11759 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11760 | height="14" align="left"> |
| 11761 | <tr> |
| 11762 | <td valign="top" align="left" height="14" style= |
| 11763 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11764 | <p class="TextFontCX" align="center" style= |
| 11765 | 'text-align:center;background:#CCCCCC'><span style= |
| 11766 | 'font-size:10.0pt'>m:</span><span class= |
| 11767 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 11768 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11769 | 'font-size:10.0pt'>ignore-signs</span></span></p> |
| 11770 | <p class="IndentText">Ignore signs in type comparisons |
| 11771 | (<span class="CodeText"><span style= |
| 11772 | 'font-size:10.0pt'>unsigned</span></span> matches |
| 11773 | <span class="CodeText"><span style= |
| 11774 | 'font-size:10.0pt'>signed</span></span>).</p> |
| 11775 | <p class="IndentText"> </p> |
| 11776 | <div> |
| 11777 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11778 | height="14" align="left"> |
| 11779 | <tr> |
| 11780 | <td valign="top" align="left" height="14" style= |
| 11781 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11782 | <p class="TextFontCX" align="center" style= |
| 11783 | 'text-align:center;background:#CCCCCC'><span style= |
| 11784 | 'font-size:10.0pt'>P:</span> <span class= |
| 11785 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 11786 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11787 | 'font-size:10.0pt'>long-integral</span></span></p> |
| 11788 | <p class="IndentText">Allow long type to match an arbitrary |
| 11789 | integral type (e.g., <span class="CodeText"><span style= |
| 11790 | 'font-size:10.0pt'>dev_t</span></span>).</p> |
| 11791 | <div> |
| 11792 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11793 | height="14" align="left"> |
| 11794 | <tr> |
| 11795 | <td valign="top" align="left" height="14" style= |
| 11796 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11797 | <p class="TextFontCX" align="center" style= |
| 11798 | 'text-align:center;background:#CCCCCC'><span style= |
| 11799 | 'font-size:10.0pt'>m:</span><span class= |
| 11800 | "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div> |
| 11801 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11802 | 'font-size:10.0pt'>long-unsigned-integral</span></span></p> |
| 11803 | <p class="IndentText">Allow unsigned long type to match an |
| 11804 | arbitrary integral type (e.g., <span class= |
| 11805 | "CodeText"><span style='font-size:10.0pt'>dev_t</span></span>).</p> |
| 11806 | <div> |
| 11807 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11808 | height="14" align="left"> |
| 11809 | <tr> |
| 11810 | <td valign="top" align="left" height="14" style= |
| 11811 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11812 | <p class="TextFontCX" align="center" style= |
| 11813 | 'text-align:center;background:#CCCCCC'><span style= |
| 11814 | 'font-size:10.0pt'>P:</span> <span class= |
| 11815 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 11816 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11817 | 'font-size:10.0pt'>match-any-integral</span></span></p> |
| 11818 | <p class="IndentText">Allow any integral type to match an |
| 11819 | arbitrary</p> |
| 11820 | <div> |
| 11821 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11822 | height="14" align="left"> |
| 11823 | <tr> |
| 11824 | <td valign="top" align="left" height="14" style= |
| 11825 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11826 | <p class="TextFontCX" align="center" style= |
| 11827 | 'text-align:center;background:#CCCCCC'><span style= |
| 11828 | 'font-size:10.0pt'>P:</span> <span class= |
| 11829 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 11830 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11831 | 'font-size:10.0pt'>long-unsigned-unsigned-integral</span></span></p> |
| 11832 | <p class="IndentText">Allow unsigned long type to match an |
| 11833 | arbitrary unsigned integral type (e.g., <span class= |
| 11834 | "CodeText"><span style= |
| 11835 | 'font-size:10.0pt'>size_t</span></span>).</p> |
| 11836 | <div> |
| 11837 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11838 | height="14" align="left"> |
| 11839 | <tr> |
| 11840 | <td valign="top" align="left" height="14" style= |
| 11841 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11842 | <p class="TextFontCX" align="center" style= |
| 11843 | 'text-align:center;background:#CCCCCC'><span style= |
| 11844 | 'font-size:10.0pt'>m:</span><span class= |
| 11845 | "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div> |
| 11846 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11847 | 'font-size:10.0pt'>long-signed-integral</span></span></p> |
| 11848 | <p class="IndentText">Allow long type to match an arbitrary signed |
| 11849 | integral type (e.g., <span class="CodeText"><span style= |
| 11850 | 'font-size:10.0pt'>ssize_t</span></span>).</p> |
| 11851 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11852 | 'font-size:10.0pt'> </span></span></p> |
| 11853 | <div> |
| 11854 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11855 | height="14" align="left"> |
| 11856 | <tr> |
| 11857 | <td valign="top" align="left" height="14" style= |
| 11858 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11859 | <p class="TextFontCX" align="center" style= |
| 11860 | 'text-align:center;background:#CCCCCC'><span style= |
| 11861 | 'font-size:10.0pt'>P:</span> <span class= |
| 11862 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 11863 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11864 | 'font-size:10.0pt'>num-literal</span></span></p> |
| 11865 | <p class="IndentText">Integer literals can be used as floats.</p> |
| 11866 | <div> |
| 11867 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11868 | height="14" align="left"> |
| 11869 | <tr> |
| 11870 | <td valign="top" align="left" height="14" style= |
| 11871 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11872 | <p class="TextFontCX" align="center" style= |
| 11873 | 'text-align:center;background:#CCCCCC'><span style= |
| 11874 | 'font-size:10.0pt'>P:</span> <span class= |
| 11875 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 11876 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11877 | 'font-size:10.0pt'>char-int-literal</span></span></p> |
| 11878 | <p class="IndentText">A character constant may be used as an |
| 11879 | <span class="CodeText"><span style= |
| 11880 | 'font-size:10.0pt'>int</span></span>.</p> |
| 11881 | <div> |
| 11882 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11883 | height="14" align="left"> |
| 11884 | <tr> |
| 11885 | <td valign="top" align="left" height="14" style= |
| 11886 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11887 | <p class="TextFontCX" align="center" style= |
| 11888 | 'text-align:center;background:#CCCCCC'><span style= |
| 11889 | 'font-size:10.0pt'>P:</span> <span class= |
| 11890 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 11891 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11892 | 'font-size:10.0pt'>zero-ptr</span></span></p> |
| 11893 | <p class="IndentText">Literal <span class= |
| 11894 | "CodeText"><span style='font-size:10.0pt'>0</span></span> may |
| 11895 | be used as a pointer.</p> |
| 04c4d6c2 |
11896 | <div> |
| 9645dee1 |
11897 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11898 | height="14" align="left"> |
| 11899 | <tr> |
| 11900 | <td valign="top" align="left" height="14" style= |
| 11901 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11902 | <p class="TextFontCX" align="center" style= |
| 11903 | 'text-align:center;background:#CCCCCC'><span style= |
| 11904 | 'font-size:10.0pt'>P:</span> <span class= |
| 11905 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 11906 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11907 | 'font-size:10.0pt'>zero-bool</span></span></p> |
| 11908 | <p class="IndentText">Treat <span class= |
| 11909 | "CodeText"><span style='font-size:10.0pt'>0</span></span> as a boolean. |
| 11910 | </p> |
| 11911 | <div> |
| 11912 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11913 | height="14" align="left"> |
| 11914 | <tr> |
| 11915 | <td valign="top" align="left" height="14" style= |
| 11916 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11917 | <p class="TextFontCX" align="center" style= |
| 11918 | 'text-align:center;background:#CCCCCC'><span style= |
| 11919 | 'font-size:10.0pt'>P:</span> <span class= |
| 11920 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 11921 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11922 | 'font-size:10.0pt'>relax-types</span></span></p> |
| 11923 | <p class="IndentText">Allow all numeric types to match.</p> |
| 04c4d6c2 |
11924 | </p> |
| 36ba812d |
11925 | |
| 11926 | <div> |
| 11927 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11928 | height="14" align="left"> |
| 11929 | <tr> |
| 11930 | <td valign="top" align="left" height="14" style= |
| 11931 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11932 | <p class="TextFontCX" align="center" style= |
| 11933 | 'text-align:center;background:#CCCCCC'><span style= |
| 11934 | 'font-size:10.0pt'>m:</span> <span class= |
| 11935 | "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div> |
| 11936 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11937 | 'font-size:10.0pt'>shortint</span></span></p> |
| 11938 | <p class="IndentText"> |
| 11939 | Make short int and int types equivalent. |
| 11940 | </p> |
| 11941 | <p class="Heading10"><a name="_Toc534975052">Abstract Types</a> |
| 11942 | <span class="TextFontCXChar"><span style= |
| 11943 | 'font-size:11.0pt; font-weight:normal'>(Section</span></span> |
| 11944 | <span class="TextFontCXChar"><span style= |
| 11945 | 'font-size:11.0pt; font-weight:normal'>4.3</span></span><span class="TextFontCXChar"> |
| 11946 | <span style= |
| 11947 | 'font-size:11.0pt; font-weight:normal'>)</span></span></p> |
| 11948 | |
| 11949 | |
| 11950 | |
| 9645dee1 |
11951 | <div> |
| 11952 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11953 | height="14" align="left"> |
| 11954 | <tr> |
| 11955 | <td valign="top" align="left" height="14" style= |
| 11956 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11957 | <p class="TextFontCX" align="center" style= |
| 11958 | 'text-align:center;background:#CCCCCC'><span style= |
| 11959 | 'font-size:10.0pt'>P:</span> <span class= |
| 11960 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 11961 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11962 | 'font-size:10.0pt'>abstract</span></span></p> |
| 11963 | <p class="IndentText">A data abstraction barrier is violated</p> |
| 11964 | <div> |
| 11965 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11966 | height="14" align="left"> |
| 11967 | <tr> |
| 11968 | <td valign="top" align="left" height="14" style= |
| 11969 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11970 | <p class="TextFontCX" align="center" style= |
| 11971 | 'text-align:center;background:#CCCCCC'><span style= |
| 11972 | 'font-size:10.0pt'>P:</span> <span class="Flag"><span style= |
| 11973 | 'font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 11974 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11975 | 'font-size:10.0pt'>imp-abstract</span></span></p> |
| 11976 | <p class="IndentText">Implicit <span class= |
| 11977 | "Annot"><span style='font-size:10.0pt'>abstract</span></span> |
| 11978 | annotation for type declarations that do not use <span class= |
| 11979 | "Annot"><span style= |
| 11980 | 'font-size:10.0pt'>concrete</span></span>.</p> |
| 11981 | <div> |
| 11982 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 11983 | height="14" align="left"> |
| 11984 | <tr> |
| 11985 | <td valign="top" align="left" height="14" style= |
| 11986 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 11987 | <p class="TextFontCX" align="center" style= |
| 11988 | 'text-align:center;background:#CCCCCC'><span style= |
| 11989 | 'font-size:10.0pt'>m:</span><span class="Flag"><span style= |
| 11990 | 'font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 11991 | <p class="TextFontCX"><span class="Flag"><span style= |
| 11992 | 'font-size:10.0pt'>mut-rep</span></span></p> |
| 11993 | <p class="IndentText">Representation of mutable type has sharing |
| 11994 | semantics.</p> |
| 11995 | <p class="Heading10">Access <span class= |
| 11996 | "TextFontCXChar"><span style= |
| 11997 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 11998 | 4.3.1)</span></span></p> |
| 11999 | <div> |
| 12000 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12001 | height="14" align="left"> |
| 12002 | <tr> |
| 12003 | <td valign="top" align="left" height="14" style= |
| 12004 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12005 | <p class="TextFontCX" align="center" style= |
| 12006 | 'text-align:center;background:#CCCCCC'><span style= |
| 12007 | 'font-size:10.0pt'>P: +</span></p></td></tr></table></div> |
| 12008 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12009 | 'font-size:10.0pt'>access-module</span></span></p> |
| 12010 | <p class="IndentText">An abstract type defined in |
| 12011 | <span class="ProgramNameChar"><i>M</i></span><span class= |
| 12012 | "ProgramNameChar">.h</span> (or specified in <span class= |
| 12013 | "ProgramNameChar"><i>M</i></span><span class= |
| 12014 | "ProgramNameChar">.lcl</span>) is accessible in <span class= |
| 12015 | "ProgramNameChar"><i>M</i></span><span class= |
| 12016 | "ProgramNameChar">.c</span>.</p> |
| 12017 | <div> |
| 12018 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12019 | height="14" align="left"> |
| 12020 | <tr> |
| 12021 | <td valign="top" align="left" height="14" style= |
| 12022 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12023 | <p class="TextFontCX" align="center" style= |
| 12024 | 'text-align:center;background:#CCCCCC'><span style= |
| 12025 | 'font-size:10.0pt'>P:</span> <span class= |
| 12026 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 12027 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12028 | 'font-size:10.0pt'>access-file</span></span></p> |
| 12029 | <p class="IndentText">An abstract type named <span class= |
| 12030 | "CodeText"><i><span style='font-size:10.0pt'>type</span></i></span> |
| 12031 | is accessible in files named <span class= |
| 12032 | "ProgramNameChar"><i>type</i></span><span class= |
| 12033 | "ProgramNameChar">.*</span></p> |
| 12034 | <div> |
| 12035 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12036 | height="14" align="left"> |
| 12037 | <tr> |
| 12038 | <td valign="top" align="left" height="14" style= |
| 12039 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12040 | <p class="TextFontCX" align="center" style= |
| 12041 | 'text-align:center;background:#CCCCCC'><span style= |
| 12042 | 'font-size:10.0pt'>P:</span> <span class= |
| 12043 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 12044 | <p class="MsoListBullet"><span class="Flag"><span style= |
| 12045 | 'font-size:10.0pt'>access-czech</span></span></p> |
| 12046 | <p class="IndentText">An abstract type named <span class= |
| 12047 | "CodeText"><i><span style='font-size:10.0pt'>type</span></i></span> |
| 12048 | may be accessible in a function named <span class= |
| 12049 | "CodeText"><i><span style= |
| 12050 | 'font-size:10.0pt'>type_name</span></i></span>. (Section |
| 12051 | 12.1.1)</p> |
| 12052 | <div> |
| 12053 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12054 | height="14" align="left"> |
| 12055 | <tr> |
| 12056 | <td valign="top" align="left" height="14" style= |
| 12057 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12058 | <p class="TextFontCX" align="center" style= |
| 12059 | 'text-align:center;background:#CCCCCC'><span style= |
| 12060 | 'font-size:10.0pt'>P:</span> <span class= |
| 12061 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 12062 | <p class="MsoListBullet"><span class="Flag"><span style= |
| 12063 | 'font-size:10.0pt'>access-slovak</span></span></p> |
| 12064 | <p class="IndentText">An abstract type named <span class= |
| 12065 | "CodeText"><i><span style='font-size:10.0pt'>type</span></i></span> |
| 12066 | may be accessible in a function named <span class= |
| 12067 | "CodeText"><i><span style= |
| 12068 | 'font-size:10.0pt'>typeName</span></i></span>. |
| 12069 | (Section.12.1.2)</p> |
| 12070 | <div> |
| 12071 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12072 | height="14" align="left"> |
| 12073 | <tr> |
| 12074 | <td valign="top" align="left" height="14" style= |
| 12075 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12076 | <p class="TextFontCX" align="center" style= |
| 12077 | 'text-align:center;background:#CCCCCC'><span style= |
| 12078 | 'font-size:10.0pt'>P:</span> <span class= |
| 12079 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 12080 | <p class="MsoListBullet"><span class="Flag"><span style= |
| 12081 | 'font-size:10.0pt'>access-czechoslovak</span></span></p> |
| 12082 | <p class="IndentText">An abstract type named <span class= |
| 12083 | "CodeText"><i><span style='font-size:10.0pt'>type</span></i></span> |
| 12084 | may be accessible in a function named <span class= |
| 12085 | "CodeText"><i><span style= |
| 12086 | 'font-size:10.0pt'>type_name</span></i></span> or |
| 12087 | <span class="CodeText"><i><span style= |
| 12088 | 'font-size:10.0pt'>typeName</span></i></span>. (Section |
| 12089 | 12.1.3)</p> |
| 12090 | <div> |
| 12091 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12092 | height="14" align="left"> |
| 12093 | <tr> |
| 12094 | <td valign="top" align="left" height="14" style= |
| 12095 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12096 | <p class="TextFontCX" align="center" style= |
| 12097 | 'text-align:center;background:#CCCCCC'><span style= |
| 12098 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 12099 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12100 | 'font-size:10.0pt'>access-all</span></span></p> |
| 12101 | <p class="IndentText">Sets <span class="Flag"><span style= |
| 12102 | 'font-size:10.0pt'>access-module</span></span>, <span class= |
| 12103 | "Flag"><span style='font-size:10.0pt'>access-file</span></span> and |
| 12104 | <span class="Flag"><span style= |
| 12105 | 'font-size:10.0pt'>access-czech</span></span>.</p> |
| 12106 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 12107 | <a name="_Toc534975053">Memory Management</a> <span class= |
| 12108 | "TextFontCXChar"><span style= |
| 12109 | 'font-size:11.0pt; font-weight:normal'>(Section</span></span> |
| 12110 | <span class="TextFontCXChar"><span style= |
| 12111 | 'font-size:11.0pt; font-weight:normal'>5</span></span><span class="TextFontCXChar"> |
| 12112 | <span style= |
| 12113 | 'font-size:11.0pt; font-weight:normal'>)</span></span></p> |
| 12114 | <p class="TextFontCX">Reporting of memory management errors is |
| 12115 | controlled by flags setting checking and implicit annotations and |
| 12116 | code annotations. </p> |
| 12117 | <p class="Heading10">Deallocation Errors <span class= |
| 12118 | "TextFontCXChar"><span style= |
| 12119 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 12120 | 5.2)</span></span></p> |
| 12121 | <div> |
| 12122 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12123 | height="14" align="left"> |
| 12124 | <tr> |
| 12125 | <td valign="top" align="left" height="14" style= |
| 12126 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12127 | <p class="TextFontCX" align="center" style= |
| 12128 | 'text-align:center;background:#CCCCCC'><span style= |
| 12129 | 'font-size:10.0pt'>m:</span><span class= |
| 12130 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12131 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12132 | 'font-size:10.0pt'>use-released</span></span></p> |
| 12133 | <p class="IndentText">Storage used after it may have been |
| 12134 | released.</p> |
| 12135 | <div> |
| 12136 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12137 | height="14" align="left"> |
| 12138 | <tr> |
| 12139 | <td valign="top" align="left" height="14" style= |
| 12140 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12141 | <p class="TextFontCX" align="center" style= |
| 12142 | 'text-align:center;background:#CCCCCC'><span style= |
| 12143 | 'font-size:10.0pt'>m:</span><span class= |
| 12144 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 12145 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12146 | 'font-size:10.0pt'>strict-use-released</span></span></p> |
| 12147 | <p class="IndentText">An array element used after it may have been |
| 12148 | released.</p> |
| 12149 | <p class="Heading10">Inconsistent Branches</p> |
| 12150 | <div> |
| 12151 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12152 | height="14" align="left"> |
| 12153 | <tr> |
| 12154 | <td valign="top" align="left" height="14" style= |
| 12155 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12156 | <p class="TextFontCX" align="center" style= |
| 12157 | 'text-align:center;background:#CCCCCC'><span style= |
| 12158 | 'font-size:10.0pt'>m:</span><span class= |
| 12159 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12160 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12161 | 'font-size:10.0pt'>branch-state</span></span></p> |
| 12162 | <p class="IndentText">Storage has inconsistent states of alternate |
| 12163 | paths through a branch (e.g., it is released in the true branch of |
| 12164 | an if-statement, but there is no else branch.)</p> |
| 12165 | <div> |
| 12166 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12167 | height="14" align="left"> |
| 12168 | <tr> |
| 12169 | <td valign="top" align="left" height="14" style= |
| 12170 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12171 | <p class="TextFontCX" align="center" style= |
| 12172 | 'text-align:center;background:#CCCCCC'><span style= |
| 12173 | 'font-size:10.0pt'>m:</span><span class= |
| 12174 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 12175 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12176 | 'font-size:10.0pt'>strict-branch-state</span></span></p> |
| 12177 | <p class="IndentText">Storage through array fetch has inconsistent |
| 12178 | states of alternate paths through a branch. Since array |
| 12179 | elements are not checked accurately, this may lead to spurious |
| 12180 | errors.</p> |
| 12181 | <div> |
| 12182 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12183 | height="14" align="left"> |
| 12184 | <tr> |
| 12185 | <td valign="top" align="left" height="14" style= |
| 12186 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12187 | <p class="TextFontCX" align="center" style= |
| 12188 | 'text-align:center;background:#CCCCCC'><span style= |
| 12189 | 'font-size:10.0pt'>m:</span><span class= |
| 12190 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 12191 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12192 | 'font-size:10.0pt'>dep-arrays</span></span></p> |
| 12193 | <p class="IndentText">Treat array elements as <span class= |
| 12194 | "Annot"><span style='font-size:10.0pt'>dependent</span></span> |
| 12195 | storage. Checking of array elements cannot be done accurately |
| 12196 | by Splint. If <span class="Flag"><span style= |
| 12197 | 'font-size:10.0pt'>dep-arrays</span></span> is not set, array |
| 12198 | elements are assumed to be independent, so code that releases the |
| 12199 | same element more than once will produce no error. If |
| 12200 | <span class="Flag"><span style= |
| 12201 | 'font-size:10.0pt'>dep-arrays</span></span> is set, array elements |
| 12202 | are assumed to be dependent, so code that releases the same element |
| 12203 | more that once will produce an error, but code that releases |
| 12204 | different elements correctly will produce a spurious error.</p> |
| 12205 | <p class="Heading10">Memory Leaks</p> |
| 12206 | <div> |
| 12207 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12208 | height="14" align="left"> |
| 12209 | <tr> |
| 12210 | <td valign="top" align="left" height="14" style= |
| 12211 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12212 | <p class="TextFontCX" align="center" style= |
| 12213 | 'text-align:center;background:#CCCCCC'><span style= |
| 12214 | 'font-size:10.0pt'>m:</span><span class= |
| 12215 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12216 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12217 | 'font-size:10.0pt'>must-free</span></span></p> |
| 12218 | <p class="IndentText">Allocated storage was not released before |
| 12219 | return or scope exit. Errors are reported for |
| 12220 | <span class="Annot"><span style= |
| 12221 | 'font-size:10.0pt'>only</span></span>, <span class= |
| 12222 | "Annot"><span style='font-size:10.0pt'>fresh</span></span> or |
| 12223 | <span class="Annot"><span style= |
| 12224 | 'font-size:10.0pt'>owned</span></span> storage.</p> |
| 12225 | |
| 12226 | |
| 12227 | <div> |
| 12228 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12229 | height="14" align="left"> |
| 12230 | <tr> |
| 12231 | <td valign="top" align="left" height="14" style= |
| 12232 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12233 | <p class="TextFontCX" align="center" style= |
| 12234 | 'text-align:center;background:#CCCCCC'><span style= |
| 12235 | 'font-size:10.0pt'>m:</span><span class= |
| 12236 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12237 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12238 | 'font-size:10.0pt'>mustfreefresh</span></span></p> |
| 12239 | <p class="IndentText"> |
| 12240 | Allocated storage was not released before return or scope exit. Errors are reported for |
| 12241 | <span class="Annot"><span style='font-size:10.0pt'>fresh</span></span> storage |
| 12242 | </p> |
| 12243 | |
| 12244 | |
| 12245 | <div> |
| 12246 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12247 | height="14" align="left"> |
| 12248 | <tr> |
| 12249 | <td valign="top" align="left" height="14" style= |
| 12250 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12251 | <p class="TextFontCX" align="center" style= |
| 12252 | 'text-align:center;background:#CCCCCC'><span style= |
| 12253 | 'font-size:10.0pt'>m:</span><span class= |
| 12254 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12255 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12256 | 'font-size:10.0pt'>mustfreeonly</span></span></p> |
| 12257 | <p class="IndentText"> |
| 12258 | Allocated storage was not released before return or scope exit. Errors are reported for |
| 12259 | <span class="Annot"><span style='font-size:10.0pt'>only</span></span> storage |
| 12260 | </p> |
| 12261 | |
| 12262 | <div> |
| 12263 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12264 | height="14" align="left"> |
| 12265 | <tr> |
| 12266 | <td valign="top" align="left" height="14" style= |
| 12267 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12268 | <p class="TextFontCX" align="center" style= |
| 12269 | 'text-align:center;background:#CCCCCC'><span style= |
| 12270 | 'font-size:10.0pt'>shortcut</span><span class= |
| 12271 | "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div> |
| 12272 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12273 | 'font-size:10.0pt'>memchecks</span></span></p> |
| 12274 | <p class="IndentText"> |
| 12275 | Sets all dynamic memory checking flags |
| 12276 | (<span class= |
| 12277 | "Flag"><span style='font-size:10.0pt'>memimplicit, mustfree, mustdefine, mustnotalias, null, memtrans</span> </span>). |
| 12278 | </p> |
| 12279 | |
| 12280 | <div> |
| 12281 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12282 | height="14" align="left"> |
| 12283 | <tr> |
| 12284 | <td valign="top" align="left" height="14" style= |
| 12285 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12286 | <p class="TextFontCX" align="center" style= |
| 12287 | 'text-align:center;background:#CCCCCC'><span style= |
| 12288 | 'font-size:10.0pt'>m:</span><span class= |
| 12289 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12290 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12291 | 'font-size:10.0pt'>comp-destroy</span></span></p> |
| 12292 | <p class="IndentText">All only references derivable from |
| 12293 | <span class="Annot"><span style='font-size:10.0pt'>out |
| 12294 | only</span></span> parameter of type <span class= |
| 12295 | "CodeText"><span style='font-size:10.0pt'>void *</span></span> must |
| 12296 | be released. (This is the type of the parameter to |
| 12297 | <span class="CodeText"><span style= |
| 12298 | 'font-size:10.0pt'>free</span></span>, but may also be used for |
| 12299 | user-defined deallocation functions.)</p> |
| 12300 | <div> |
| 12301 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12302 | height="14" align="left"> |
| 12303 | <tr> |
| 12304 | <td valign="top" align="left" height="14" style= |
| 12305 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12306 | <p class="TextFontCX" align="center" style= |
| 12307 | 'text-align:center;background:#CCCCCC'><span style= |
| 12308 | 'font-size:10.0pt'>m:</span><span class= |
| 12309 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 12310 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12311 | 'font-size:10.0pt'>strict-destroy</span></span></p> |
| 12312 | <p class="IndentText">Report complete destruction errors for array |
| 12313 | elements that may have been released. (If <span class= |
| 12314 | "Flag"><span style='font-size:10.0pt'>strict-destroy</span></span> |
| 12315 | is not set, Splint will assume that if any array element was |
| 12316 | released, the entire array was correctly released.)</p> |
| 12317 | <p class="Heading10">Transfer Errors</p> |
| 12318 | <p class="beforelist">A transfer error is reported when storage is |
| 12319 | transferred (by an assignment, passing a parameter, or returning) |
| 12320 | in a way that is inconsistent.</p> |
| 12321 | <div> |
| 12322 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12323 | height="14" align="left"> |
| 12324 | <tr> |
| 12325 | <td valign="top" align="left" height="14" style= |
| 12326 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12327 | <p class="TextFontCX" align="center" style= |
| 12328 | 'text-align:center;background:#CCCCCC'><span style= |
| 12329 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 12330 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12331 | 'font-size:10.0pt'>mem-trans</span></span></p> |
| 12332 | <p class="IndentText">Sets all memory transfer errors flags.</p> |
| 12333 | <div> |
| 12334 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12335 | height="14" align="left"> |
| 12336 | <tr> |
| 12337 | <td valign="top" align="left" height="14" style= |
| 12338 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12339 | <p class="TextFontCX" align="center" style= |
| 12340 | 'text-align:center;background:#CCCCCC'><span style= |
| 12341 | 'font-size:10.0pt'>m:</span><span class= |
| 12342 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12343 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12344 | 'font-size:10.0pt'>only-trans</span></span></p> |
| 12345 | <p class="IndentText">Only storage transferred to non-only |
| 12346 | reference (memory leak).</p> |
| 12347 | <div> |
| 12348 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12349 | height="14" align="left"> |
| 12350 | <tr> |
| 12351 | <td valign="top" align="left" height="14" style= |
| 12352 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12353 | <p class="TextFontCX" align="center" style= |
| 12354 | 'text-align:center;background:#CCCCCC'><span style= |
| 12355 | 'font-size:10.0pt'>m:</span><span class= |
| 12356 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12357 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12358 | 'font-size:10.0pt'>ownedtrans</span></span></p> |
| 12359 | <p class="IndentText">Owned storage transferred to non-owned |
| 12360 | reference (memory leak).</p> |
| 12361 | <div> |
| 12362 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12363 | height="14" align="left"> |
| 12364 | <tr> |
| 12365 | <td valign="top" align="left" height="14" style= |
| 12366 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12367 | <p class="TextFontCX" align="center" style= |
| 12368 | 'text-align:center;background:#CCCCCC'><span style= |
| 12369 | 'font-size:10.0pt'>m:</span><span class= |
| 12370 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12371 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12372 | 'font-size:10.0pt'>fresh-trans</span></span></p> |
| 12373 | <p class="IndentText">Newly-allocated storage transferred to |
| 12374 | non-only reference (memory leak).</p> |
| 12375 | <div> |
| 12376 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12377 | height="14" align="left"> |
| 12378 | <tr> |
| 12379 | <td valign="top" align="left" height="14" style= |
| 12380 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12381 | <p class="TextFontCX" align="center" style= |
| 12382 | 'text-align:center;background:#CCCCCC'><span style= |
| 12383 | 'font-size:10.0pt'>m:</span><span class= |
| 12384 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12385 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12386 | 'font-size:10.0pt'>shared-trans</span></span></p> |
| 12387 | <p class="IndentText">Shared storage transferred to non-shared |
| 12388 | reference</p> |
| 12389 | <div> |
| 12390 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12391 | height="14" align="left"> |
| 12392 | <tr> |
| 12393 | <td valign="top" align="left" height="14" style= |
| 12394 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12395 | <p class="TextFontCX" align="center" style= |
| 12396 | 'text-align:center;background:#CCCCCC'><span style= |
| 12397 | 'font-size:10.0pt'>m:</span><span class= |
| 12398 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12399 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12400 | 'font-size:10.0pt'>dependent-trans</span></span></p> |
| 12401 | <p class="IndentText">Inconsistent <span class= |
| 12402 | "Annot"><span style='font-size:10.0pt'>dependent</span></span> |
| 12403 | transfer. Dependent storage is transferred to a non-dependent |
| 12404 | reference.</p> |
| 12405 | <div> |
| 12406 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12407 | height="14" align="left"> |
| 12408 | <tr> |
| 12409 | <td valign="top" align="left" height="14" style= |
| 12410 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12411 | <p class="TextFontCX" align="center" style= |
| 12412 | 'text-align:center;background:#CCCCCC'><span style= |
| 12413 | 'font-size:10.0pt'>m:</span><span class= |
| 12414 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12415 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12416 | 'font-size:10.0pt'>temp-trans</span></span></p> |
| 12417 | <p class="IndentText">Temporary storage (associated with a |
| 12418 | <span class="Annot"><span style= |
| 12419 | 'font-size:10.0pt'>temp</span></span> formal parameter) is |
| 12420 | transferred to a non-temporary reference. The storage may be |
| 12421 | released or new aliases created.</p> |
| 12422 | <div> |
| 12423 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12424 | height="14" align="left"> |
| 12425 | <tr> |
| 12426 | <td valign="top" align="left" height="14" style= |
| 12427 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12428 | <p class="TextFontCX" align="center" style= |
| 12429 | 'text-align:center;background:#CCCCCC'><span style= |
| 12430 | 'font-size:10.0pt'>m:</span><span class= |
| 12431 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12432 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12433 | 'font-size:10.0pt'>kept-trans</span></span></p> |
| 12434 | <p class="IndentText">Kept storage (storage what was passed as |
| 12435 | <span class="Annot"><span style= |
| 12436 | 'font-size:10.0pt'>keep</span></span>) transferred to non-temporary |
| 12437 | reference.</p> |
| 12438 | <div> |
| 12439 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12440 | height="14" align="left"> |
| 12441 | <tr> |
| 12442 | <td valign="top" align="left" height="14" style= |
| 12443 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12444 | <p class="TextFontCX" align="center" style= |
| 12445 | 'text-align:center;background:#CCCCCC'><span style= |
| 12446 | 'font-size:10.0pt'>m:</span><span class= |
| 12447 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12448 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12449 | 'font-size:10.0pt'>keep-trans</span></span></p> |
| 12450 | <p class="IndentText">Keep storage is transferred in a way that may |
| 12451 | add a new alias to it, or release it.</p> |
| 12452 | <div> |
| 12453 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12454 | height="14" align="left"> |
| 12455 | <tr> |
| 12456 | <td valign="top" align="left" height="14" style= |
| 12457 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12458 | <p class="TextFontCX" align="center" style= |
| 12459 | 'text-align:center;background:#CCCCCC'><span style= |
| 12460 | 'font-size:10.0pt'>m:</span><span class= |
| 12461 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12462 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12463 | 'font-size:10.0pt'>refcount-trans</span></span></p> |
| 12464 | <p class="IndentText">Reference counted storage is transferred in |
| 12465 | an inconsistent way.</p> |
| 12466 | <div> |
| 12467 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12468 | height="14" align="left"> |
| 12469 | <tr> |
| 12470 | <td valign="top" align="left" height="14" style= |
| 12471 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12472 | <p class="TextFontCX" align="center" style= |
| 12473 | 'text-align:center;background:#CCCCCC'><span style= |
| 12474 | 'font-size:10.0pt'>m:</span><span class= |
| 12475 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12476 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12477 | 'font-size:10.0pt'>newref-trans</span></span></p> |
| 12478 | <p class="IndentText">A new reference transferred to a reference |
| 12479 | counted reference (reference count is not set correctly).</p> |
| 12480 | <div> |
| 12481 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12482 | height="14" align="left"> |
| 12483 | <tr> |
| 12484 | <td valign="top" align="left" height="14" style= |
| 12485 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12486 | <p class="TextFontCX" align="center" style= |
| 12487 | 'text-align:center;background:#CCCCCC'><span style= |
| 12488 | 'font-size:10.0pt'>m:</span><span class= |
| 12489 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12490 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12491 | 'font-size:10.0pt'>immediate-trans</span></span></p> |
| 12492 | <p class="IndentText">An immediate address (result of |
| 12493 | <span class="CodeText"><span style= |
| 12494 | 'font-size:10.0pt'>&</span></span>) is transferred |
| 12495 | inconsistently.</p> |
| 12496 | <div> |
| 12497 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12498 | height="14" align="left"> |
| 12499 | <tr> |
| 12500 | <td valign="top" align="left" height="14" style= |
| 12501 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12502 | <p class="TextFontCX" align="center" style= |
| 12503 | 'text-align:center;background:#CCCCCC'><span style= |
| 12504 | 'font-size:10.0pt'>m:</span><span class= |
| 12505 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12506 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12507 | 'font-size:10.0pt'>static-trans</span></span></p> |
| 12508 | <p class="IndentText">Static storage is transferred in an |
| 12509 | inconsistent way.</p> |
| 12510 | <div> |
| 12511 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12512 | height="14" align="left"> |
| 12513 | <tr> |
| 12514 | <td valign="top" align="left" height="14" style= |
| 12515 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12516 | <p class="TextFontCX" align="center" style= |
| 12517 | 'text-align:center;background:#CCCCCC'><span style= |
| 12518 | 'font-size:10.0pt'>m:</span><span class= |
| 12519 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12520 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12521 | 'font-size:10.0pt'>expose-trans</span></span></p> |
| 12522 | <p class="IndentText">Inconsistent exposure transfer. Exposed |
| 12523 | storage is transferred to a non-<span class= |
| 12524 | "Annot"><span style='font-size:10.0pt'>exposed</span></span>, |
| 12525 | non-<span class="Annot"><span style= |
| 12526 | 'font-size:10.0pt'>observer</span></span> reference.</p> |
| 12527 | <div> |
| 12528 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12529 | height="14" align="left"> |
| 12530 | <tr> |
| 12531 | <td valign="top" align="left" height="14" style= |
| 12532 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12533 | <p class="TextFontCX" align="center" style= |
| 12534 | 'text-align:center;background:#CCCCCC'><span style= |
| 12535 | 'font-size:10.0pt'>m:</span><span class= |
| 12536 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12537 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12538 | 'font-size:10.0pt'>observer-trans</span></span></p> |
| 12539 | <p class="IndentText">Inconsistent <span class= |
| 12540 | "Annot"><span style='font-size:10.0pt'>observer</span></span> |
| 12541 | transfer. Observer storage is transferred to a non-observer |
| 12542 | reference.</p> |
| 12543 | <div> |
| 12544 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12545 | height="14" align="left"> |
| 12546 | <tr> |
| 12547 | <td valign="top" align="left" height="14" style= |
| 12548 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12549 | <p class="TextFontCX" align="center" style= |
| 12550 | 'text-align:center;background:#CCCCCC'><span style= |
| 12551 | 'font-size:10.0pt'>m:</span><span class= |
| 12552 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12553 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12554 | 'font-size:10.0pt'>unqualified-trans</span></span></p> |
| 12555 | <p class="IndentText">Unqualified storage is transferred in an |
| 12556 | inconsistent way.</p> |
| 12557 | <p class="Heading11">Initializers</p> |
| 12558 | <div> |
| 12559 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12560 | height="14" align="left"> |
| 12561 | <tr> |
| 12562 | <td valign="top" align="left" height="14" style= |
| 12563 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12564 | <p class="TextFontCX" align="center" style= |
| 12565 | 'text-align:center;background:#CCCCCC'><span style= |
| 12566 | 'font-size:10.0pt'>m:</span><span class= |
| 12567 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 12568 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12569 | 'font-size:10.0pt'>only-unq-global-trans</span></span></p> |
| 12570 | <p class="IndentText">Only storage transferred to an unqualified |
| 12571 | global or static reference. This may lead to a memory leak, since |
| 12572 | the new reference is not necessarily released.</p> |
| 12573 | <div> |
| 12574 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12575 | height="14" align="left"> |
| 12576 | <tr> |
| 12577 | <td valign="top" align="left" height="14" style= |
| 12578 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12579 | <p class="TextFontCX" align="center" style= |
| 12580 | 'text-align:center;background:#CCCCCC'><span style= |
| 12581 | 'font-size:10.0pt'>m:</span><span class= |
| 12582 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 12583 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12584 | 'font-size:10.0pt'>static-init-trans</span></span></p> |
| 12585 | <p class="IndentText">Static storage is used as an initial value in |
| 12586 | an inconsistent way.</p> |
| 12587 | <div> |
| 12588 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12589 | height="14" align="left"> |
| 12590 | <tr> |
| 12591 | <td valign="top" align="left" height="14" style= |
| 12592 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12593 | <p class="TextFontCX" align="center" style= |
| 12594 | 'text-align:center;background:#CCCCCC'><span style= |
| 12595 | 'font-size:10.0pt'>m:</span><span class= |
| 12596 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 12597 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12598 | 'font-size:10.0pt'>unqualified-init-trans</span></span></p> |
| 12599 | <p class="IndentText">Unqualified storage is used as an initial |
| 12600 | value in an inconsistent way.</p> |
| 12601 | <p class="Heading11">Derived Storage</p> |
| 12602 | <div> |
| 12603 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12604 | height="14" align="left"> |
| 12605 | <tr> |
| 12606 | <td valign="top" align="left" height="14" style= |
| 12607 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12608 | <p class="TextFontCX" align="center" style= |
| 12609 | 'text-align:center;background:#CCCCCC'><span style= |
| 12610 | 'font-size:10.0pt'>m:</span><span class= |
| 12611 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12612 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12613 | 'font-size:10.0pt'>comp-mem-pass</span></span></p> |
| 12614 | <p class="IndentText">Storage derivable from a parameter does not |
| 12615 | match the alias kind expected for the formal parameter.</p> |
| 12616 | <p class="Heading11">Stack References</p> |
| 12617 | <div> |
| 12618 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12619 | height="14" align="left"> |
| 12620 | <tr> |
| 12621 | <td valign="top" align="left" height="14" style= |
| 12622 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12623 | <p class="TextFontCX" align="center" style= |
| 12624 | 'text-align:center;background:#CCCCCC'><span style= |
| 12625 | 'font-size:10.0pt'>m:</span><span class= |
| 12626 | "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div> |
| 12627 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12628 | 'font-size:10.0pt'>stack-ref</span></span></p> |
| 12629 | <p class="IndentText">A stack reference is pointed to by an |
| 12630 | external reference when the function returns. Since the call |
| 12631 | frame will be destroyed when the function returns the return value |
| 12632 | will point to dead storage. (Section 5.2.6)</p> |
| 12633 | <p class="Heading10">Implicit Memory Annotations <span class= |
| 12634 | "HeadingNote"><span style= |
| 12635 | 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span> |
| 12636 | <span class="HeadingNote"><span style= |
| 12637 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>5.3</span></span><span class="HeadingNote"> |
| 12638 | <span style= |
| 12639 | 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p> |
| 12640 | |
| 12641 | |
| 12642 | <div> |
| 12643 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12644 | height="14" align="left"> |
| 12645 | <tr> |
| 12646 | <td valign="top" align="left" height="14" style= |
| 12647 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12648 | <p class="TextFontCX" align="center" style= |
| 12649 | 'text-align:center;background:#CCCCCC'><span style= |
| 12650 | 'font-size:10.0pt'>shortcut</span> <span class= |
| 12651 | "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div> |
| 12652 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12653 | 'font-size:10.0pt'>all-imp-only</span></span></p> |
| 12654 | <p class="IndentText">Sets |
| 12655 | <span class="Flag"><span style= |
| 12656 | 'font-size:10.0pt'> |
| 12657 | glob-imp-only, ret-imp-only, struct-imp-only, specglobimponly, specretimponly |
| 12658 | </span></span> |
| 12659 | and |
| 12660 | <span class="Flag"><span style= |
| 12661 | 'font-size:10.0pt'> |
| 12662 | specstructimponly |
| 12663 | </span></span>. |
| 12664 | </p> |
| 12665 | |
| 12666 | |
| 12667 | <div> |
| 12668 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12669 | height="14" align="left"> |
| 12670 | <tr> |
| 12671 | <td valign="top" align="left" height="14" style= |
| 12672 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12673 | <p class="TextFontCX" align="center" style= |
| 12674 | 'text-align:center;background:#CCCCCC'><span style= |
| 12675 | 'font-size:10.0pt'>P:</span> <span class= |
| 12676 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 12677 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12678 | 'font-size:10.0pt'>glob-imp-only</span></span></p> |
| 12679 | <p class="IndentText">Assume unannotated global storage is |
| 12680 | only.</p> |
| 12681 | |
| 12682 | |
| 12683 | <div> |
| 12684 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12685 | height="14" align="left"> |
| 12686 | <tr> |
| 12687 | <td valign="top" align="left" height="14" style= |
| 12688 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12689 | <p class="TextFontCX" align="center" style= |
| 12690 | 'text-align:center;background:#CCCCCC'><span style= |
| 12691 | 'font-size:10.0pt'>P:</span> <span class= |
| 12692 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 12693 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12694 | 'font-size:10.0pt'>param-imp-temp</span></span></p> |
| 12695 | <p class="IndentText">Assume unannotated parameter is |
| 12696 | <span class="Annot"><span style= |
| 12697 | 'font-size:10.0pt'>temp</span></span>.</p> |
| 12698 | <div> |
| 12699 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12700 | height="14" align="left"> |
| 12701 | <tr> |
| 12702 | <td valign="top" align="left" height="14" style= |
| 12703 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12704 | <p class="TextFontCX" align="center" style= |
| 12705 | 'text-align:center;background:#CCCCCC'><span style= |
| 12706 | 'font-size:10.0pt'>P:</span> <span class= |
| 12707 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 12708 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12709 | 'font-size:10.0pt'>ret-imp-only</span></span></p> |
| 12710 | <p class="IndentText">Assume unannotated returned storage is |
| 12711 | <span class="Annot"><span style= |
| 12712 | 'font-size:10.0pt'>only</span></span>.</p> |
| 12713 | <div> |
| 12714 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12715 | height="14" align="left"> |
| 12716 | <tr> |
| 12717 | <td valign="top" align="left" height="14" style= |
| 12718 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12719 | <p class="TextFontCX" align="center" style= |
| 12720 | 'text-align:center;background:#CCCCCC'><span style= |
| 12721 | 'font-size:10.0pt'>P:</span> <span class= |
| 12722 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 12723 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12724 | 'font-size:10.0pt'>struct-imp-only</span></span></p> |
| 12725 | <p class="IndentText">Assume unannotated structure or union field |
| 12726 | is <span class="Annot"><span style= |
| 12727 | 'font-size:10.0pt'>only</span></span>.</p> |
| 12728 | <div> |
| 12729 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12730 | height="14" align="left"> |
| 12731 | <tr> |
| 12732 | <td valign="top" align="left" height="14" style= |
| 12733 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12734 | <p class="TextFontCX" align="center" style= |
| 12735 | 'text-align:center;background:#CCCCCC'><span style= |
| 12736 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 12737 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12738 | 'font-size:10.0pt'>code-imp-only</span></span></p> |
| 12739 | <p class="IndentText">Sets <span class="Flag"><span style= |
| 12740 | 'font-size:10.0pt'>glob-imp-only</span></span>, <span class= |
| 12741 | "Flag"><span style='font-size:10.0pt'>ret-imp-only</span></span> |
| 12742 | and <span class="Flag"><span style= |
| 12743 | 'font-size:10.0pt'>struct-imp-only</span></span>.</p> |
| 12744 | <div> |
| 12745 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12746 | height="14" align="left"> |
| 12747 | <tr> |
| 12748 | <td valign="top" align="left" height="14" style= |
| 12749 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12750 | <p class="TextFontCX" align="center" style= |
| 12751 | 'text-align:center;background:#CCCCCC'><span style= |
| 12752 | 'font-size:10.0pt'>m:</span><span class= |
| 12753 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12754 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12755 | 'font-size:10.0pt'>mem-imp</span></span></p> |
| 12756 | <p class="IndentText">Report memory errors for unqualified |
| 12757 | storage.</p> |
| 12758 | <div> |
| 12759 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12760 | height="14" align="left"> |
| 12761 | <tr> |
| 12762 | <td valign="top" align="left" height="14" style= |
| 12763 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12764 | <p class="TextFontCX" align="center" style= |
| 12765 | 'text-align:center;background:#CCCCCC'><span style= |
| 12766 | 'font-size:10.0pt'>m:</span><span class= |
| 12767 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 12768 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12769 | 'font-size:10.0pt'>pass-unknown</span></span></p> |
| 12770 | <p class="IndentText">Passing a value as an unannotated parameter |
| 12771 | clears its annotation. This will prevent many spurious errors |
| 12772 | from being report for unannotated programs, but eliminates the |
| 12773 | possibility of detecting many errors.</p> |
| 12774 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 12775 | <a name="_Toc534975054">Sharing</a> <span class= |
| 12776 | "TextFontCXChar"><span style= |
| 12777 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 12778 | 6)</span></span></p> |
| 12779 | <p class="Heading10">Aliasing <span class= |
| 12780 | "TextFontCXChar"><span style= |
| 12781 | 'font-size:11.0pt; font-weight:normal'>(Section</span></span> |
| 12782 | <span class="TextFontCXChar"><span style= |
| 12783 | 'font-size:11.0pt; font-weight:normal'>6.1</span></span><span class="TextFontCXChar"> |
| 12784 | <span style= |
| 12785 | 'font-size:11.0pt; font-weight:normal'>)</span></span></p> |
| 12786 | <div> |
| 12787 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12788 | height="14" align="left"> |
| 12789 | <tr> |
| 12790 | <td valign="top" align="left" height="14" style= |
| 12791 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12792 | <p class="TextFontCX" align="center" style= |
| 12793 | 'text-align:center;background:#CCCCCC'><span style= |
| 12794 | 'font-size:10.0pt'>m:</span><span class= |
| 12795 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12796 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12797 | 'font-size:10.0pt'>alias-unique</span></span></p> |
| 12798 | <p class="IndentText">An actual parameter that is passed as a |
| 12799 | <span class="Annot"><span style= |
| 12800 | 'font-size:10.0pt'>unique</span></span> formal parameter is aliased |
| 12801 | by another parameter or global variable.</p> |
| 12802 | <div> |
| 12803 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12804 | height="14" align="left"> |
| 12805 | <tr> |
| 12806 | <td valign="top" align="left" height="14" style= |
| 12807 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12808 | <p class="TextFontCX" align="center" style= |
| 12809 | 'text-align:center;background:#CCCCCC'><span style= |
| 12810 | 'font-size:10.0pt'>m:</span><span class= |
| 12811 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12812 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12813 | 'font-size:10.0pt'>may-alias-unique</span></span></p> |
| 12814 | <p class="IndentText">An actual parameter that is passed as a |
| 12815 | <span class="Annot"><span style= |
| 12816 | 'font-size:10.0pt'>unique</span></span> formal parameter may be |
| 12817 | aliased by another parameter or global variable.</p> |
| 12818 | <div> |
| 12819 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12820 | height="14" align="left"> |
| 12821 | <tr> |
| 12822 | <td valign="top" align="left" height="14" style= |
| 12823 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12824 | <p class="TextFontCX" align="center" style= |
| 12825 | 'text-align:center;background:#CCCCCC'><span style= |
| 12826 | 'font-size:10.0pt'>m:</span><span class= |
| 12827 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12828 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12829 | 'font-size:10.0pt'>must-not-alias</span></span></p> |
| 12830 | <p class="IndentText">An alias has been added to a |
| 12831 | <span class="Annot"><span style= |
| 12832 | 'font-size:10.0pt'>temp</span></span>-qualifier parameter |
| 12833 | or global that is visible externally when the function |
| 12834 | returns. </p> |
| 12835 | <div> |
| 12836 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12837 | height="14" align="left"> |
| 12838 | <tr> |
| 12839 | <td valign="top" align="left" height="14" style= |
| 12840 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12841 | <p class="TextFontCX" align="center" style= |
| 12842 | 'text-align:center;background:#CCCCCC'><span style= |
| 12843 | 'font-size:10.0pt'>m:</span><span class= |
| 12844 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 12845 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12846 | 'font-size:10.0pt'>ret-alias</span></span></p> |
| 12847 | <p class="IndentText">A function returns an alias to parameter or |
| 12848 | global.</p> |
| 12849 | <p class="Heading10">Exposure <span class= |
| 12850 | "HeadingNote"><span style='font-size: 10.5pt;font-weight:normal;font-style:normal'> |
| 12851 | (Section</span></span> <span class="HeadingNote"><span style= |
| 12852 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>6.2</span></span><span class="HeadingNote"> |
| 12853 | <span style= |
| 12854 | 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p> |
| 12855 | <div> |
| 12856 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12857 | height="14" align="left"> |
| 12858 | <tr> |
| 12859 | <td valign="top" align="left" height="14" style= |
| 12860 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12861 | <p class="TextFontCX" align="center" style= |
| 12862 | 'text-align:center;background:#CCCCCC'><span style= |
| 12863 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 12864 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12865 | 'font-size:10.0pt'>rep-expose</span></span></p> |
| 12866 | <p class="IndentText">The internal representation of an abstract |
| 12867 | type is visible to the caller. This means clients may have |
| 12868 | access to a pointer into the abstract representation. (Sets |
| 12869 | <span class="Flag"><span style= |
| 12870 | 'font-size:10.0pt'>assign-expose</span></span>, <span class= |
| 12871 | "Flag"><span style='font-size:10.0pt'>ret-expose</span></span>, and |
| 12872 | <span class="Flag"><span style= |
| 12873 | 'font-size:10.0pt'>cast-expose</span></span>.)</p> |
| 12874 | <div> |
| 12875 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12876 | height="14" align="left"> |
| 12877 | <tr> |
| 12878 | <td valign="top" align="left" height="14" style= |
| 12879 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12880 | <p class="TextFontCX" align="center" style= |
| 12881 | 'text-align:center;background:#CCCCCC'><span style= |
| 12882 | 'font-size:10.0pt'>m:</span><span class= |
| 12883 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 12884 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12885 | 'font-size:10.0pt'>assign-expose</span></span></p> |
| 12886 | <p class="IndentText">Abstract representation is exposed by an |
| 12887 | assignment or passed parameter.</p> |
| 12888 | <div> |
| 12889 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12890 | height="14" align="left"> |
| 12891 | <tr> |
| 12892 | <td valign="top" align="left" height="14" style= |
| 12893 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12894 | <p class="TextFontCX" align="center" style= |
| 12895 | 'text-align:center;background:#CCCCCC'><span style= |
| 12896 | 'font-size:10.0pt'>m:</span><span class= |
| 12897 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 12898 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12899 | 'font-size:10.0pt'>cast-expose</span></span></p> |
| 12900 | <p class="IndentText">Abstract representation is exposed through a |
| 12901 | cast.</p> |
| 12902 | <div> |
| 12903 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12904 | height="14" align="left"> |
| 12905 | <tr> |
| 12906 | <td valign="top" align="left" height="14" style= |
| 12907 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12908 | <p class="TextFontCX" align="center" style= |
| 12909 | 'text-align:center;background:#CCCCCC'><span style= |
| 12910 | 'font-size:10.0pt'>m:</span><span class= |
| 12911 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 12912 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12913 | 'font-size:10.0pt'>ret-expose</span></span></p> |
| 12914 | <p class="IndentText">Abstract representation is exposed by a |
| 12915 | return value.</p> |
| 12916 | <p class="Heading11">Observer Modifications</p> |
| 12917 | <div> |
| 12918 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12919 | height="14" align="left"> |
| 12920 | <tr> |
| 12921 | <td valign="top" align="left" height="14" style= |
| 12922 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12923 | <p class="TextFontCX" align="center" style= |
| 12924 | 'text-align:center;background:#CCCCCC'><span style= |
| 12925 | 'font-size:10.0pt'>P:</span> <span class= |
| 12926 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 12927 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12928 | 'font-size:10.0pt'>mod-observer</span></span></p> |
| 12929 | <p class="IndentText">Possible modification of observer |
| 12930 | storage.</p> |
| 12931 | <div> |
| 12932 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12933 | height="14" align="left"> |
| 12934 | <tr> |
| 12935 | <td valign="top" align="left" height="14" style= |
| 12936 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12937 | <p class="TextFontCX" align="center" style= |
| 12938 | 'text-align:center;background:#CCCCCC'><span style= |
| 12939 | 'font-size:10.0pt'>m:</span><span class= |
| 12940 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 12941 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12942 | 'font-size:10.0pt'>mod-observer-uncon</span></span></p> |
| 12943 | <p class="IndentText">Storage declared with observer may be |
| 12944 | modified through a call to an unconstrained function.</p> |
| 12945 | <p class="Heading11">String Literals <span class= |
| 12946 | "TextFontCXChar"><span style= |
| 12947 | 'font-weight: normal;font-style:normal'>(Section |
| 12948 | 6.2.1)</span></span></p> |
| 12949 | <div> |
| 12950 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12951 | height="14" align="left"> |
| 12952 | <tr> |
| 12953 | <td valign="top" align="left" height="14" style= |
| 12954 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12955 | <p class="TextFontCX" align="center" style= |
| 12956 | 'text-align:center;background:#CCCCCC'><span style= |
| 12957 | 'font-size:10.0pt'>m:</span><span class= |
| 12958 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 12959 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12960 | 'font-size:10.0pt'>read-only-trans</span></span></p> |
| 12961 | <p class="IndentText">Report memory transfer errors for |
| 12962 | initializations to read-only string literals</p> |
| 12963 | <div> |
| 12964 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12965 | height="14" align="left"> |
| 12966 | <tr> |
| 12967 | <td valign="top" align="left" height="14" style= |
| 12968 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12969 | <p class="TextFontCX" align="center" style= |
| 12970 | 'text-align:center;background:#CCCCCC'><span style= |
| 12971 | 'font-size:10.0pt'>m:</span><span class= |
| 12972 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 12973 | <p class="TextFontCX"><span class="Flag"><span style= |
| 12974 | 'font-size:10.0pt'>read-only-strings</span></span></p> |
| 12975 | <p class="IndentText">String literals are read-only (ISO |
| 12976 | semantics). An error is reported if a string literal may be |
| 12977 | modified or released.</p> |
| 12978 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 12979 | Function Interfaces <span class="TextFontCXChar"><span style= |
| 12980 | 'font-size:11.0pt;font-weight:normal'>(Section</span></span> |
| 12981 | <span class="TextFontCXChar"><span style= |
| 12982 | 'font-size:11.0pt; font-weight:normal'>7</span></span><span class="TextFontCXChar"> |
| 12983 | <span style= |
| 12984 | 'font-size:11.0pt; font-weight:normal'>)</span></span></p> |
| 12985 | <p class="Heading10">Modification <span class= |
| 12986 | "TextFontCXChar"><span style= |
| 12987 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 12988 | 7.1)</span></span></p> |
| 12989 | <div> |
| 12990 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 12991 | height="14" align="left"> |
| 12992 | <tr> |
| 12993 | <td valign="top" align="left" height="14" style= |
| 12994 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 12995 | <p class="TextFontCX" align="center" style= |
| 12996 | 'text-align:center;background:#CCCCCC'><span style= |
| 12997 | 'font-size:10.0pt'>P:</span> <span class= |
| 12998 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 12999 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13000 | 'font-size:10.0pt'>modifies</span></span></p> |
| 13001 | <p class="IndentText">Undocumented modification of caller-visible |
| 13002 | state. Without <span class="Flag"><span style= |
| 13003 | 'font-size:10.0pt'>+moduncon</span></span>, modification errors are |
| 13004 | only reported in the definitions of functions declared with a |
| 13005 | modifies clause (or specified).</p> |
| 13006 | <div> |
| 13007 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13008 | height="14" align="left"> |
| 13009 | <tr> |
| 13010 | <td valign="top" align="left" height="14" style= |
| 13011 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13012 | <p class="TextFontCX" align="center" style= |
| 13013 | 'text-align:center;background:#CCCCCC'><span style= |
| 13014 | 'font-size:10.0pt'>m:</span><span class= |
| 13015 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 13016 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13017 | 'font-size:10.0pt'>must-mod</span></span></p> |
| 13018 | <p class="IndentText">Documented modification is not |
| 13019 | detected. An object listed in the modifies clause for a |
| 13020 | function, is not modified by the implementation.</p> |
| 13021 | <div> |
| 13022 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13023 | height="14" align="left"> |
| 13024 | <tr> |
| 13025 | <td valign="top" align="left" height="14" style= |
| 13026 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13027 | <p class="TextFontCX" align="center" style= |
| 13028 | 'text-align:center;background:#CCCCCC'><span style= |
| 13029 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 13030 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13031 | 'font-size:10.0pt'>mod-uncon</span></span></p> |
| 13032 | <p class="IndentText">Report modification errors in functions |
| 13033 | declared without a modifies clause.(Sets <span class= |
| 13034 | "Flag"><span style='font-size:10.0pt'>mod-nomods</span></span>, |
| 13035 | <span class="Flag"><span style= |
| 13036 | 'font-size:10.0pt'>mod-globs-nomods</span></span> and |
| 13037 | <span class="Flag"><span style= |
| 13038 | 'font-size:10.0pt'>mod-strict-globs-nomods</span></span>.)</p> |
| 13039 | <div> |
| 13040 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13041 | height="14" align="left"> |
| 13042 | <tr> |
| 13043 | <td valign="top" align="left" height="14" style= |
| 13044 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13045 | <p class="TextFontCX" align="center" style= |
| 13046 | 'text-align:center;background:#CCCCCC'><span style= |
| 13047 | 'font-size:10.0pt'>m:</span><span class= |
| 13048 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 13049 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13050 | 'font-size:10.0pt'>mod-nomods</span></span></p> |
| 13051 | <p class="IndentText">Report modification errors (not involving |
| 13052 | global variables) in functions declared without a modifies |
| 13053 | clause.</p> |
| 13054 | <div> |
| 13055 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13056 | height="14" align="left"> |
| 13057 | <tr> |
| 13058 | <td valign="top" align="left" height="14" style= |
| 13059 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13060 | <p class="TextFontCX" align="center" style= |
| 13061 | 'text-align:center;background:#CCCCCC'><span style= |
| 13062 | 'font-size:10.0pt'>m:</span><span class= |
| 13063 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 13064 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13065 | 'font-size:10.0pt'>mod-uncon-nomods</span></span></p> |
| 13066 | <p class="IndentText">An unconstrained function is called in a |
| 13067 | function body where modifications are checked. Since the |
| 13068 | unconstrained function may modify anything, there may be undetected |
| 13069 | modifications in the checked function.</p> |
| 13070 | <div> |
| 13071 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13072 | height="14" align="left"> |
| 13073 | <tr> |
| 13074 | <td valign="top" align="left" height="14" style= |
| 13075 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13076 | <p class="TextFontCX" align="center" style= |
| 13077 | 'text-align:center;background:#CCCCCC'><span style= |
| 13078 | 'font-size:10.0pt'>m:</span><span class= |
| 13079 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 13080 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13081 | 'font-size:10.0pt'>mod-internal-strict</span></span></p> |
| 13082 | <p class="IndentText">A function that modifies <span class= |
| 13083 | "Annot"><span style='font-size:10.0pt'>internalState</span></span> |
| 13084 | is called from a function that does not list <span class= |
| 13085 | "Annot"><span style='font-size:10.0pt'>internalState</span></span> |
| 13086 | in its modifies clause.</p> |
| 13087 | <div> |
| 13088 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13089 | height="14" align="left"> |
| 13090 | <tr> |
| 13091 | <td valign="top" align="left" height="14" style= |
| 13092 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13093 | <p class="TextFontCX" align="center" style= |
| 13094 | 'text-align:center;background:#CCCCCC'><span style= |
| 13095 | 'font-size:10.0pt'>m:</span><span class= |
| 13096 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 13097 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13098 | 'font-size:10.0pt'>mod-file-sys</span></span></p> |
| 13099 | <p class="IndentText">A function modifies the file system but does |
| 13100 | not list <span class="Annot"><span style= |
| 13101 | 'font-size:10.0pt'>fileSystem</span></span> in its modifies |
| 13102 | clause.</p> |
| 13103 | <p class="Heading10">Global Variables <span class= |
| 13104 | "HeadingNote"><span style= |
| 13105 | 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span> |
| 13106 | <span class="HeadingNote"><span style= |
| 13107 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>7.2</span></span><span class="HeadingNote"> |
| 13108 | <span style= |
| 13109 | 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p> |
| 13110 | <p class="beforelist"><a name="globflags"></a>Errors involving the |
| 13111 | use and modification of global and file static variables are |
| 13112 | reported depending on flag settings, annotations where the global |
| 13113 | variable is declared, and whether or not the function where the |
| 13114 | global is used was declared with a globals clause.</p> |
| 13115 | <div> |
| 13116 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13117 | height="14" align="left"> |
| 13118 | <tr> |
| 13119 | <td valign="top" align="left" height="14" style= |
| 13120 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13121 | <p class="TextFontCX" align="center" style= |
| 13122 | 'text-align:center;background:#CCCCCC'><span style= |
| 13123 | 'font-size:10.0pt'>P:</span> <span class= |
| 13124 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 13125 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13126 | 'font-size:10.0pt'>globs</span></span></p> |
| 13127 | <p class="IndentText">Undocumented use of a checked global variable |
| 13128 | in a function with a globals list.</p> |
| 13129 | <div> |
| 13130 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13131 | height="14" align="left"> |
| 13132 | <tr> |
| 13133 | <td valign="top" align="left" height="14" style= |
| 13134 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13135 | <p class="TextFontCX" align="center" style= |
| 13136 | 'text-align:center;background:#CCCCCC'><span style= |
| 13137 | 'font-size:10.0pt'>m:</span><span class= |
| 13138 | "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div> |
| 13139 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13140 | 'font-size:10.0pt'>glob-use</span></span></p> |
| 13141 | <p class="IndentText">A global listed in the globals list is not |
| 13142 | used in the implementation.</p> |
| 13143 | <div> |
| 13144 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13145 | height="14" align="left"> |
| 13146 | <tr> |
| 13147 | <td valign="top" align="left" height="14" style= |
| 13148 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13149 | <p class="TextFontCX" align="center" style= |
| 13150 | 'text-align:center;background:#CCCCCC'><span style= |
| 13151 | 'font-size:10.0pt'>m:</span><span class= |
| 13152 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 13153 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13154 | 'font-size:10.0pt'>glob-noglobs</span></span></p> |
| 13155 | <p class="IndentText">Use of a checked global in a function with no |
| 13156 | globals list.</p> |
| 13157 | <div> |
| 13158 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13159 | height="14" align="left"> |
| 13160 | <tr> |
| 13161 | <td valign="top" align="left" height="14" style= |
| 13162 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13163 | <p class="TextFontCX" align="center" style= |
| 13164 | 'text-align:center;background:#CCCCCC'><span style= |
| 13165 | 'font-size:10.0pt'>m:</span><span class= |
| 13166 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 13167 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13168 | 'font-size:10.0pt'>internal-globs</span></span></p> |
| 13169 | <p class="IndentText">Undocumented use of internal state (should |
| 13170 | have <span class="Annot"><span style='font-size:10.0pt'>globals |
| 13171 | internalState</span></span>).</p> |
| 13172 | <div> |
| 13173 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13174 | height="14" align="left"> |
| 13175 | <tr> |
| 13176 | <td valign="top" align="left" height="14" style= |
| 13177 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13178 | <p class="TextFontCX" align="center" style= |
| 13179 | 'text-align:center;background:#CCCCCC'><span style= |
| 13180 | 'font-size:10.0pt'>m:</span><span class= |
| 13181 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 13182 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13183 | 'font-size:10.0pt'>internal-globs-noglobs</span></span></p> |
| 13184 | <p class="TextFontCX"> |
| 13185 | Use of internal state in function with no globals list.</p> |
| 13186 | <div> |
| 13187 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13188 | height="14" align="left"> |
| 13189 | <tr> |
| 13190 | <td valign="top" align="left" height="14" style= |
| 13191 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13192 | <p class="TextFontCX" align="center" style= |
| 13193 | 'text-align:center;background:#CCCCCC'><span style= |
| 13194 | 'font-size:10.0pt'>m:</span><span class= |
| 13195 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13196 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13197 | 'font-size:10.0pt'>glob-state</span></span></p> |
| 13198 | <p class="IndentText">A function returns with global in |
| 13199 | inconsistent state (null or undefined)</p> |
| 13200 | <div> |
| 13201 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13202 | height="14" align="left"> |
| 13203 | <tr> |
| 13204 | <td valign="top" align="left" height="14" style= |
| 13205 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13206 | <p class="TextFontCX" align="center" style= |
| 13207 | 'text-align:center;background:#CCCCCC'><span style= |
| 13208 | 'font-size:10.0pt'>m:</span><span class= |
| 13209 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 13210 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13211 | 'font-size:10.0pt'>all-globs</span></span></p> |
| 13212 | <p class="IndentText">Report use and modification errors for |
| 13213 | globals not annotated with <span class="Annot"><span style= |
| 13214 | 'font-size:10.0pt'>unchecked</span></span>.</p> |
| 13215 | <div> |
| 13216 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13217 | height="14" align="left"> |
| 13218 | <tr> |
| 13219 | <td valign="top" align="left" height="14" style= |
| 13220 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13221 | <p class="TextFontCX" align="center" style= |
| 13222 | 'text-align:center;background:#CCCCCC'><span style= |
| 13223 | 'font-size:10.0pt'>m:</span><span class= |
| 13224 | "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div> |
| 13225 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13226 | 'font-size:10.0pt'>check-strict-globs</span></span></p> |
| 13227 | <p class="IndentText">Report use and modification errors for |
| 13228 | <span class="Annot"><span style= |
| 13229 | 'font-size:10.0pt'>checkedstrict</span></span> globals.</p> |
| 13230 | <p class="Heading11">Modification of Global Variables</p> |
| 13231 | <div> |
| 13232 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13233 | height="14" align="left"> |
| 13234 | <tr> |
| 13235 | <td valign="top" align="left" height="14" style= |
| 13236 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13237 | <p class="TextFontCX" align="center" style= |
| 13238 | 'text-align:center;background:#CCCCCC'><span style= |
| 13239 | 'font-size:10.0pt'>m:</span><span class= |
| 13240 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13241 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13242 | 'font-size:10.0pt'>mod-globs</span></span></p> |
| 13243 | <p class="IndentText">Undocumented modification of a checked global |
| 13244 | variable.</p> |
| 13245 | <div> |
| 13246 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13247 | height="14" align="left"> |
| 13248 | <tr> |
| 13249 | <td valign="top" align="left" height="14" style= |
| 13250 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13251 | <p class="TextFontCX" align="center" style= |
| 13252 | 'text-align:center;background:#CCCCCC'><span style= |
| 13253 | 'font-size:10.0pt'>m:</span><span class= |
| 13254 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 13255 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13256 | 'font-size:10.0pt'>mod-globs-unchecked</span></span></p> |
| 13257 | <p class="IndentText">Undocumented modification of an |
| 13258 | <span class="Annot"><span style= |
| 13259 | 'font-size:10.0pt'>unchecked</span></span> |
| 13260 | global variable.</p> |
| 13261 | <div> |
| 13262 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13263 | height="14" align="left"> |
| 13264 | <tr> |
| 13265 | <td valign="top" align="left" height="14" style= |
| 13266 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13267 | <p class="TextFontCX" align="center" style= |
| 13268 | 'text-align:center;background:#CCCCCC'><span style= |
| 13269 | 'font-size:10.0pt'>m:</span><span class= |
| 13270 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 13271 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13272 | 'font-size:10.0pt'>mod-globs-nomods</span></span></p> |
| 13273 | <p class="IndentText">Undocumented modification of a checked global |
| 13274 | variable in a function with no modifies clause.</p> |
| 13275 | <div> |
| 13276 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13277 | height="14" align="left"> |
| 13278 | <tr> |
| 13279 | <td valign="top" align="left" height="14" style= |
| 13280 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13281 | <p class="TextFontCX" align="center" style= |
| 13282 | 'text-align:center;background:#CCCCCC'><span style= |
| 13283 | 'font-size:10.0pt'>m:</span><span class= |
| 13284 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 13285 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13286 | 'font-size:10.0pt'>mod-strict-globs-nomods</span></span></p> |
| 13287 | <p class="IndentText">Undocumented modification of a |
| 13288 | <span class="Annot"><span style= |
| 13289 | 'font-size:10.0pt'>checkedstrict</span></span> |
| 13290 | global variable in a function declared with no modifies |
| 13291 | clause.</p> |
| 13292 | <p class="Heading11">Globals Lists and Modifies Clauses</p> |
| 13293 | <div> |
| 13294 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13295 | height="14" align="left"> |
| 13296 | <tr> |
| 13297 | <td valign="top" align="left" height="14" style= |
| 13298 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13299 | <p class="TextFontCX" align="center" style= |
| 13300 | 'text-align:center;background:#CCCCCC'><span style= |
| 13301 | 'font-size:10.0pt'>m:</span><span class= |
| 13302 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 13303 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13304 | 'font-size:10.0pt'>warn-missing-globs</span></span></p> |
| 13305 | <p class="IndentText">Global variable used in modifies clause is |
| 13306 | not listed in globals list. (The global is added to the |
| 13307 | globals list.)</p> |
| 13308 | <div> |
| 13309 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13310 | height="14" align="left"> |
| 13311 | <tr> |
| 13312 | <td valign="top" align="left" height="14" style= |
| 13313 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13314 | <p class="TextFontCX" align="center" style= |
| 13315 | 'text-align:center;background:#CCCCCC'><span style= |
| 13316 | 'font-size:10.0pt'>m:</span><span class= |
| 13317 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 13318 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13319 | 'font-size:10.0pt'>warn-missing-globs-noglobs</span></span></p> |
| 13320 | <p class="IndentText">Global variable used in modifies clause of a |
| 13321 | function with no globals list.</p> |
| 13322 | <div> |
| 13323 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13324 | height="14" align="left"> |
| 13325 | <tr> |
| 13326 | <td valign="top" align="left" height="14" style= |
| 13327 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13328 | <p class="TextFontCX" align="center" style= |
| 13329 | 'text-align:center;background:#CCCCCC'><span style= |
| 13330 | 'font-size:10.0pt'>m:</span><span class= |
| 13331 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 13332 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13333 | 'font-size:10.0pt'>globs-imp-mods-nothing</span></span></p> |
| 13334 | <p class="IndentText">A function declared with a globals list but |
| 13335 | no modifies clause is assumed to modify nothing.</p> |
| 13336 | <div> |
| 13337 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13338 | height="14" align="left"> |
| 13339 | <tr> |
| 13340 | <td valign="top" align="left" height="14" style= |
| 13341 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13342 | <p class="TextFontCX" align="center" style= |
| 13343 | 'text-align:center;background:#CCCCCC'><span style= |
| 13344 | 'font-size:10.0pt'>m:</span><span class= |
| 13345 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 13346 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13347 | 'font-size:10.0pt'>mods-imp-noglobs</span></span></p> |
| 13348 | <p class="IndentText">A function declared with a modifies clause |
| 13349 | but no globals list is assumed to use no globals.</p> |
| 13350 | <p class="Heading11">Implicit Checking Annotations</p> |
| 13351 | <div> |
| 13352 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13353 | height="14" align="left"> |
| 13354 | <tr> |
| 13355 | <td valign="top" align="left" height="14" style= |
| 13356 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13357 | <p class="TextFontCX" align="center" style= |
| 13358 | 'text-align:center;background:#CCCCCC'><span style= |
| 13359 | 'font-size:10.0pt'>m:</span><span class= |
| 13360 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 13361 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13362 | 'font-size:10.0pt'>imp-checked-globs</span></span></p> |
| 13363 | <p class="IndentText">Implicit <span class= |
| 13364 | "Annot"><span style='font-size:10.0pt'>checked</span></span> annotation |
| 13365 | on global variables with no checking annotation.</p> |
| 13366 | <div> |
| 13367 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13368 | height="14" align="left"> |
| 13369 | <tr> |
| 13370 | <td valign="top" align="left" height="14" style= |
| 13371 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13372 | <p class="TextFontCX" align="center" style= |
| 13373 | 'text-align:center;background:#CCCCCC'><span style= |
| 13374 | 'font-size:10.0pt'>m:</span><span class= |
| 13375 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 13376 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13377 | 'font-size:10.0pt'>imp-checked-statics</span></span></p> |
| 13378 | <p class="IndentText">Implicit <span class= |
| 13379 | "Annot"><span style='font-size:10.0pt'>checked</span></span> qualifier |
| 13380 | file static scope variables with no checking annotation.</p> |
| 13381 | <div> |
| 13382 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13383 | height="14" align="left"> |
| 13384 | <tr> |
| 13385 | <td valign="top" align="left" height="14" style= |
| 13386 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13387 | <p class="TextFontCX" align="center" style= |
| 13388 | 'text-align:center;background:#CCCCCC'><span style= |
| 13389 | 'font-size:10.0pt'>m:</span><span class= |
| 13390 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 13391 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13392 | 'font-size:10.0pt'>imp-checkmod-globs</span></span></p> |
| 13393 | <p class="IndentText">Implicit <span class= |
| 13394 | "Annot"><span style='font-size:10.0pt'>checkmod</span></span> |
| 13395 | qualifier on global variables with no checking |
| 13396 | annotation.</p> |
| 13397 | <p class="IndentText"><span class="Flag"><span style= |
| 13398 | 'font-size:10.0pt'> </span></span></p> |
| 13399 | <div> |
| 13400 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13401 | height="14" align="left"> |
| 13402 | <tr> |
| 13403 | <td valign="top" align="left" height="14" style= |
| 13404 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13405 | <p class="TextFontCX" align="center" style= |
| 13406 | 'text-align:center;background:#CCCCCC'><span style= |
| 13407 | 'font-size:10.0pt'>m:</span><span class= |
| 13408 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 13409 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13410 | 'font-size:10.0pt'>imp-checkmod-statics</span></span></p> |
| 13411 | <p class="IndentText">Implicit <span class= |
| 13412 | "Annot"><span style='font-size:10.0pt'>checkmod</span></span> |
| 13413 | qualifier file static scope variables with no checking |
| 13414 | annotation.</p> |
| 13415 | <div> |
| 13416 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13417 | height="14" align="left"> |
| 13418 | <tr> |
| 13419 | <td valign="top" align="left" height="14" style= |
| 13420 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13421 | <p class="TextFontCX" align="center" style= |
| 13422 | 'text-align:center;background:#CCCCCC'><span style= |
| 13423 | 'font-size:10.0pt'>m:</span><span class= |
| 13424 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 13425 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13426 | 'font-size:10.0pt'>imp-checkedstrict-globs</span></span></p> |
| 13427 | <p class="IndentText">Implicit <span class= |
| 13428 | "Annot"><span style='font-size:10.0pt'>checked</span></span> |
| 13429 | qualifier on global variables with no checking |
| 13430 | annotation.</p> |
| 13431 | <div> |
| 13432 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13433 | height="14" align="left"> |
| 13434 | <tr> |
| 13435 | <td valign="top" align="left" height="14" style= |
| 13436 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13437 | <p class="TextFontCX" align="center" style= |
| 13438 | 'text-align:center;background:#CCCCCC'><span style= |
| 13439 | 'font-size:10.0pt'>m:</span><span class= |
| 13440 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 13441 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13442 | 'font-size:10.0pt'>imp-checkedstrict-statics</span></span></p> |
| 13443 | <p class="IndentText">Implicit <span class= |
| 13444 | "Annot"><span style='font-size:10.0pt'>checked</span></span> |
| 13445 | qualifier file static scope variables with no checking |
| 13446 | annotation.</p> |
| 13447 | <div> |
| 13448 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13449 | height="14" align="left"> |
| 13450 | <tr> |
| 13451 | <td valign="top" align="left" height="14" style= |
| 13452 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13453 | <p class="TextFontCX" align="center" style= |
| 13454 | 'text-align:center;background:#CCCCCC'><span style= |
| 13455 | 'font-size:10.0pt'>m:</span><span class= |
| 13456 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 13457 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13458 | 'font-size:10.0pt'>imp-checkmod-internals</span></span></p> |
| 13459 | <p class="IndentText">Implicit <span class= |
| 13460 | "Annot"><span style='font-size:10.0pt'>checkmod</span></span> |
| 13461 | qualifier on function scope static variables with no checking |
| 13462 | annotation.</p> |
| 13463 | <div> |
| 13464 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13465 | height="14" align="left"> |
| 13466 | <tr> |
| 13467 | <td valign="top" align="left" height="14" style= |
| 13468 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13469 | <p class="TextFontCX" align="center" style= |
| 13470 | 'text-align:center;background:#CCCCCC'><span style= |
| 13471 | 'font-size:10.0pt'>m:</span><span class= |
| 13472 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13473 | <p class="IndentText" style='margin-left:0in'><span class= |
| 13474 | "Keyword"><span style='font-size:10.0pt'> </span></span></p> |
| 13475 | <p class="Heading11">Global Aliasing</p> |
| 13476 | <div> |
| 13477 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13478 | height="14" align="left"> |
| 13479 | <tr> |
| 13480 | <td valign="top" align="left" height="14" style= |
| 13481 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13482 | <p class="TextFontCX" align="center" style= |
| 13483 | 'text-align:center;background:#CCCCCC'><span style= |
| 13484 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 13485 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13486 | 'font-size:10.0pt'>glob-alias</span></span></p> |
| 13487 | <p class="IndentText">Function returns with global aliasing |
| 13488 | external state (sets <span class="Flag"><span style= |
| 13489 | 'font-size:10.0pt'>checkstrict-glob-alias</span></span>, |
| 13490 | <span class="Flag"><span style= |
| 13491 | 'font-size:10.0pt'>checked-glob-alias</span></span>, |
| 13492 | c<span class="Flag"><span style= |
| 13493 | 'font-size:10.0pt'>heckmod-glob-alias</span></span> and |
| 13494 | <span class="Flag"><span style= |
| 13495 | 'font-size:10.0pt'>unchecked-glob-alias</span></span>).</p> |
| 13496 | <div> |
| 13497 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13498 | height="14" align="left"> |
| 13499 | <tr> |
| 13500 | <td valign="top" align="left" height="14" style= |
| 13501 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13502 | <p class="TextFontCX" align="center" style= |
| 13503 | 'text-align:center;background:#CCCCCC'><span style= |
| 13504 | 'font-size:10.0pt'>m:</span><span class= |
| 13505 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13506 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13507 | 'font-size:10.0pt'>checkstrict-glob-alias</span></span></p> |
| 13508 | <p class="IndentText">Function returns with a <span class= |
| 13509 | "Annot"><span style='font-size:10.0pt'>checkedstrict</span></span> |
| 13510 | global aliasing external state.</p> |
| 13511 | <div> |
| 13512 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13513 | height="14" align="left"> |
| 13514 | <tr> |
| 13515 | <td valign="top" align="left" height="14" style= |
| 13516 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13517 | <p class="TextFontCX" align="center" style= |
| 13518 | 'text-align:center;background:#CCCCCC'><span style= |
| 13519 | 'font-size:10.0pt'>m:</span><span class= |
| 13520 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13521 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13522 | 'font-size:10.0pt'>checked-glob-alias</span></span></p> |
| 13523 | <p class="IndentText">Function returns with a <span class= |
| 13524 | "Annot"><span style='font-size:10.0pt'>checked</span></span> |
| 13525 | global aliasing external state.</p> |
| 13526 | <div> |
| 13527 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13528 | height="14" align="left"> |
| 13529 | <tr> |
| 13530 | <td valign="top" align="left" height="14" style= |
| 13531 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13532 | <p class="TextFontCX" align="center" style= |
| 13533 | 'text-align:center;background:#CCCCCC'><span style= |
| 13534 | 'font-size:10.0pt'>m:</span><span class= |
| 13535 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13536 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13537 | 'font-size:10.0pt'>checkmod-glob-alias</span></span></p> |
| 13538 | <p class="IndentText">Function returns with a <span class= |
| 13539 | "Annot"><span style='font-size:10.0pt'>checkmod</span></span> |
| 13540 | global aliasing external state.</p> |
| 13541 | <div> |
| 13542 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13543 | height="14" align="left"> |
| 13544 | <tr> |
| 13545 | <td valign="top" align="left" height="14" style= |
| 13546 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13547 | <p class="TextFontCX" align="center" style= |
| 13548 | 'text-align:center;background:#CCCCCC'><span style= |
| 13549 | 'font-size:10.0pt'>m:</span><span class= |
| 13550 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 13551 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13552 | 'font-size:10.0pt'>unchecked-glob-alias</span></span></p> |
| 13553 | <p class="IndentText">Function returns with an <span class= |
| 13554 | "Annot"><span style='font-size:10.0pt'>unchecked</span></span> |
| 13555 | global aliasing external state.</p> |
| 13556 | <p class="Heading10">Declaration Consistency <span style= |
| 13557 | 'font-weight:normal'>(Section 7.3)</span></p> |
| 13558 | <div> |
| 13559 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13560 | height="14" align="left"> |
| 13561 | <tr> |
| 13562 | <td valign="top" align="left" height="14" style= |
| 13563 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13564 | <p class="TextFontCX" align="center" style= |
| 13565 | 'text-align:center;background:#CCCCCC'><span style= |
| 13566 | 'font-size:10.0pt'>m:</span><span class= |
| 13567 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13568 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13569 | 'font-size:10.0pt'>incon-defs</span></span></p> |
| 13570 | <p class="IndentText">Identifier redeclared or redefined with |
| 13571 | inconsistent type.</p> |
| 13572 | <div> |
| 13573 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13574 | height="14" align="left"> |
| 13575 | <tr> |
| 13576 | <td valign="top" align="left" height="14" style= |
| 13577 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13578 | <p class="TextFontCX" align="center" style= |
| 13579 | 'text-align:center;background:#CCCCCC'><span style= |
| 13580 | 'font-size:10.0pt'>m:</span><span class= |
| 13581 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13582 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13583 | 'font-size:10.0pt'>incon-defs-lib</span></span></p> |
| 13584 | <p class="IndentText">Identifier defined in a library is redefined |
| 13585 | with inconsistent type.</p> |
| 13586 | <div> |
| 13587 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13588 | height="14" align="left"> |
| 13589 | <tr> |
| 13590 | <td valign="top" align="left" height="14" style= |
| 13591 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13592 | <p class="TextFontCX" align="center" style= |
| 13593 | 'text-align:center;background:#CCCCCC'><span style= |
| 13594 | 'font-size:10.0pt'>m:</span><span class= |
| 13595 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 13596 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13597 | 'font-size:10.0pt'>overload</span></span></p> |
| 13598 | <p class="IndentText">Standard library function overloaded.</p> |
| 13599 | <div> |
| 13600 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13601 | height="14" align="left"> |
| 13602 | <tr> |
| 13603 | <td valign="top" align="left" height="14" style= |
| 13604 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13605 | <p class="TextFontCX" align="center" style= |
| 13606 | 'text-align:center;background:#CCCCCC'><span style= |
| 13607 | 'font-size:10.0pt'>m:</span><span class= |
| 13608 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13609 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13610 | 'font-size:10.0pt'>match-fields</span></span></p> |
| 13611 | <p class="IndentText">A <span class="CodeText"><span style= |
| 13612 | 'font-size:10.0pt'>struct</span></span> or <span class= |
| 13613 | "CodeText"><span style='font-size:10.0pt'>enum</span></span> type |
| 13614 | is redefined with inconsistent fields or members.</p> |
| 13615 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 13616 | <a name="_Toc534975057">Macros</a> <span class= |
| 13617 | "TextFontCXChar"><span style= |
| 13618 | 'font-size:11.0pt; font-weight:normal'>(Section</span></span> |
| 13619 | <span class="TextFontCXChar"><span style= |
| 13620 | 'font-size:11.0pt; font-weight:normal'>11</span></span><span class="TextFontCXChar"> |
| 13621 | <span style= |
| 13622 | 'font-size:11.0pt; font-weight:normal'>)</span></span></p> |
| 13623 | <p class="TextFontCX">These flags control expansion and checking of |
| 13624 | macro definitions and invocations.</p> |
| 13625 | <p class="Heading10">Macro Expansion</p> |
| 13626 | <p class="beforelist">These flags control which macros are checked |
| 13627 | as functions or constants, and which are expanded in the |
| 13628 | pre-processing phase. Macros preceded by <span class= |
| 13629 | "Annot"><span style= |
| 13630 | 'font-size:10.0pt'>/*@notfunction@*/</span></span> are never |
| 13631 | expanded regardless of these flag settings. These flags may |
| 13632 | be used in source-file control comments.</p> |
| 13633 | <div> |
| 13634 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13635 | height="14" align="left"> |
| 13636 | <tr> |
| 13637 | <td valign="top" align="left" height="14" style= |
| 13638 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13639 | <p class="TextFontCX" align="center" style= |
| 13640 | 'text-align:center;background:#CCCCCC'><span style= |
| 13641 | 'font-size:10.0pt'>P:</span> <span class= |
| 13642 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 13643 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13644 | 'font-size:10.0pt'>fcn-macros</span></span></p> |
| 13645 | <p class="IndentText">Macros defined with parameter lists are not |
| 13646 | expanded and are checked as functions.</p> |
| 13647 | <div> |
| 13648 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13649 | height="14" align="left"> |
| 13650 | <tr> |
| 13651 | <td valign="top" align="left" height="14" style= |
| 13652 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13653 | <p class="TextFontCX" align="center" style= |
| 13654 | 'text-align:center;background:#CCCCCC'><span style= |
| 13655 | 'font-size:10.0pt'>P:</span> <span class= |
| 13656 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 13657 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13658 | 'font-size:10.0pt'>const-macros</span></span></p> |
| 13659 | <p class="IndentText">Macros defined without parameter lists are |
| 13660 | not expanded and are checked as constants.</p> |
| 13661 | <div> |
| 13662 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13663 | height="14" align="left"> |
| 13664 | <tr> |
| 13665 | <td valign="top" align="left" height="14" style= |
| 13666 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13667 | <p class="TextFontCX" align="center" style= |
| 13668 | 'text-align:center;background:#CCCCCC'><span style= |
| 13669 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 13670 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13671 | 'font-size:10.0pt'>all-macros</span></span></p> |
| 13672 | <p class="IndentText">Sets <span class="Flag"><span style= |
| 13673 | 'font-size:10.0pt'>fcn-macros</span></span> and <span class= |
| 13674 | "Flag"><span style= |
| 13675 | 'font-size:10.0pt'>const-macros</span></span>.</p> |
| 13676 | <div> |
| 13677 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13678 | height="14" align="left"> |
| 13679 | <tr> |
| 13680 | <td valign="top" align="left" height="14" style= |
| 13681 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13682 | <p class="TextFontCX" align="center" style= |
| 13683 | 'text-align:center;background:#CCCCCC'><span style= |
| 13684 | 'font-size:10.0pt'>P:</span> <span class= |
| 13685 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 13686 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13687 | 'font-size:10.0pt'>lib-macros</span></span></p> |
| 13688 | <p class="IndentText">Macros defining identifiers declared in a |
| 13689 | loaded library are not expanded and are checked according to the |
| 13690 | library information.<span class="Flag"><span style= |
| 13691 | 'font-size:10.0pt'> </span></span></p> |
| 13692 | <p class="Heading10">Macro Definitions</p> |
| 13693 | <p class="beforelist">These flags control what errors are reported |
| 13694 | in macro definitions.</p> |
| 13695 | <div> |
| 13696 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13697 | height="14" align="left"> |
| 13698 | <tr> |
| 13699 | <td valign="top" align="left" height="14" style= |
| 13700 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13701 | <p class="TextFontCX" align="center" style= |
| 13702 | 'text-align:center;background:#CCCCCC'><span style= |
| 13703 | 'font-size:10.0pt'>m:</span><span class= |
| 13704 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13705 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13706 | 'font-size:10.0pt'>macro-stmt</span></span></p> |
| 13707 | <p class="IndentText">Macro definition is not syntactically |
| 13708 | equivalent to function. This means if the macro is used as a |
| 13709 | statement (e.g., <span class="CodeText"><span style= |
| 13710 | 'font-size:10.0pt'>if (test) macro();</span></span>) unexpected |
| 13711 | behavior may result. One fix is to surround the macro body |
| 13712 | with <span class="CodeText"><span style='font-size:10.0pt'>do { |
| 13713 | … } while (FALSE)</span></span>.</p> |
| 13714 | <div> |
| 13715 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13716 | height="14" align="left"> |
| 13717 | <tr> |
| 13718 | <td valign="top" align="left" height="14" style= |
| 13719 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13720 | <p class="TextFontCX" align="center" style= |
| 13721 | 'text-align:center;background:#CCCCCC'><span style= |
| 13722 | 'font-size:10.0pt'>m:</span><span class= |
| 13723 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13724 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13725 | 'font-size:10.0pt'>macro-return</span></span></p> |
| 13726 | <p class="IndentText"> |
| 13727 | The body of a macro declared as a function uses a |
| 13728 | <span class="CodeText"><span style='font-size:10.0pt'>return</span></span> |
| 13729 | statement. This exhibits behavior that could not be implemented by a function. |
| 13730 | </p> |
| 13731 | <div> |
| 13732 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13733 | height="14" align="left"> |
| 13734 | <tr> |
| 13735 | <td valign="top" align="left" height="14" style= |
| 13736 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13737 | <p class="TextFontCX" align="center" style= |
| 13738 | 'text-align:center;background:#CCCCCC'><span style= |
| 13739 | 'font-size:10.0pt'>m:</span><span class= |
| 13740 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13741 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13742 | 'font-size:10.0pt'>macro-assign</span></span></p> |
| 13743 | <p class="IndentText">A macro parameter is used as the left side of |
| 13744 | an assignment expression.</p> |
| 13745 | <div> |
| 13746 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13747 | height="14" align="left"> |
| 13748 | <tr> |
| 13749 | <td valign="top" align="left" height="14" style= |
| 13750 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13751 | <p class="TextFontCX" align="center" style= |
| 13752 | 'text-align:center;background:#CCCCCC'><span style= |
| 13753 | 'font-size:10.0pt'>m:</span><span class= |
| 13754 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13755 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13756 | 'font-size:10.0pt'>macro-parens</span></span></p> |
| 13757 | <p class="IndentText">A macro parameter is used without parentheses |
| 13758 | (in potentially dangerous context).</p> |
| 13759 | <div> |
| 13760 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13761 | height="14" align="left"> |
| 13762 | <tr> |
| 13763 | <td valign="top" align="left" height="14" style= |
| 13764 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13765 | <p class="TextFontCX" align="center" style= |
| 13766 | 'text-align:center;background:#CCCCCC'><span style= |
| 13767 | 'font-size:10.0pt'>m:</span><span class= |
| 13768 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 13769 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13770 | 'font-size:10.0pt'>macro-empty</span></span></p> |
| 13771 | <p class="IndentText">Macro definition of a function is |
| 13772 | empty. </p> |
| 13773 | <div> |
| 13774 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13775 | height="14" align="left"> |
| 13776 | <tr> |
| 13777 | <td valign="top" align="left" height="14" style= |
| 13778 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13779 | <p class="TextFontCX" align="center" style= |
| 13780 | 'text-align:center;background:#CCCCCC'><span style= |
| 13781 | 'font-size:10.0pt'>m:</span><span class= |
| 13782 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13783 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13784 | 'font-size:10.0pt'>macro-redef</span></span></p> |
| 13785 | <p class="IndentText">Macro is redefined. There is another |
| 13786 | macro defined with the same name.</p> |
| 13787 | <div> |
| 13788 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13789 | height="14" align="left"> |
| 13790 | <tr> |
| 13791 | <td valign="top" align="left" height="14" style= |
| 13792 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13793 | <p class="TextFontCX" align="center" style= |
| 13794 | 'text-align:center;background:#CCCCCC'><span style= |
| 13795 | 'font-size:10.0pt'>m:</span><span class= |
| 13796 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13797 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13798 | 'font-size:10.0pt'>macro-unrecog</span></span> </p> |
| 13799 | <p class="IndentText">An unrecognized identifier appears in a macro |
| 13800 | definition. Since the identifier may be defined where the |
| 13801 | macro is used, this could be okay, but Splint will not be able to |
| 13802 | check the unrecognized identifier appropriately.</p> |
| 13803 | <p class="Heading11">Corresponding Declarations</p> |
| 13804 | <div> |
| 13805 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13806 | height="14" align="left"> |
| 13807 | <tr> |
| 13808 | <td valign="top" align="left" height="14" style= |
| 13809 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13810 | <p class="TextFontCX" align="center" style= |
| 13811 | 'text-align:center;background:#CCCCCC'><span style= |
| 13812 | 'font-size:10.0pt'>m:</span><span class= |
| 13813 | "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div> |
| 13814 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13815 | 'font-size:10.0pt'>macro-match-name</span></span></p> |
| 13816 | <p class="IndentText">An <span class="Annot"><span style= |
| 13817 | 'font-size:10.0pt'>iter</span></span> or <span class= |
| 13818 | "Annot"><span style= |
| 13819 | 'font-size:10.0pt'>constant</span></span> macro is defined |
| 13820 | using a different name from the one used in the previous syntactic |
| 13821 | comment</p> |
| 13822 | <div> |
| 13823 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13824 | height="14" align="left"> |
| 13825 | <tr> |
| 13826 | <td valign="top" align="left" height="14" style= |
| 13827 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13828 | <p class="TextFontCX" align="center" style= |
| 13829 | 'text-align:center;background:#CCCCCC'><span style= |
| 13830 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 13831 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13832 | 'font-size:10.0pt'>macro-decl</span></span></p> |
| 13833 | <p class="IndentText">A macro definition has no corresponding |
| 13834 | declaration. (Sets <span class="Flag"><span style= |
| 13835 | 'font-size:10.0pt'>macrofcndecl</span></span> and |
| 13836 | <span class="Flag"><span style= |
| 13837 | 'font-size:10.0pt'>macroconstdecl</span></span>.)</p> |
| 13838 | <div> |
| 13839 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13840 | height="14" align="left"> |
| 13841 | <tr> |
| 13842 | <td valign="top" align="left" height="14" style= |
| 13843 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13844 | <p class="TextFontCX" align="center" style= |
| 13845 | 'text-align:center;background:#CCCCCC'><span style= |
| 13846 | 'font-size:10.0pt'>m:</span><span class= |
| 13847 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13848 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13849 | 'font-size:10.0pt'>macro-fcn-decl</span></span></p> |
| 13850 | <p class="IndentText">Macro definition with parameter list has no |
| 13851 | corresponding function prototype. Without a prototype, the types of |
| 13852 | the macro result and parameters are unknown.</p> |
| 13853 | <div> |
| 13854 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13855 | height="14" align="left"> |
| 13856 | <tr> |
| 13857 | <td valign="top" align="left" height="14" style= |
| 13858 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13859 | <p class="TextFontCX" align="center" style= |
| 13860 | 'text-align:center;background:#CCCCCC'><span style= |
| 13861 | 'font-size:10.0pt'>m:</span><span class= |
| 13862 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13863 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13864 | 'font-size:10.0pt'>macro-const-decl</span></span></p> |
| 13865 | <p class="IndentText">A macro definition without parameter list has |
| 13866 | no corresponding constant declaration.<span class= |
| 13867 | "Flag"><span style= |
| 13868 | 'font-size: 10.0pt'> </span></span></p> |
| 13869 | <div> |
| 13870 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13871 | height="14" align="left"> |
| 13872 | <tr> |
| 13873 | <td valign="top" align="left" height="14" style= |
| 13874 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13875 | <p class="TextFontCX" align="center" style= |
| 13876 | 'text-align:center;background:#CCCCCC'><span style= |
| 13877 | 'font-size:10.0pt'>P:</span> <span class= |
| 13878 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 13879 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13880 | 'font-size:10.0pt'>next-line-macros</span></span></p> |
| 13881 | <p class="IndentText">A constant or iter declaration is not |
| 13882 | immediately followed by a macro definition.</p> |
| 13883 | <p class="Heading10">Side Effect Free Parameters <span class= |
| 13884 | "HeadingNote"><span style= |
| 13885 | 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span> |
| 13886 | <span class="HeadingNote"><span style= |
| 13887 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>11.2.1</span></span><span class="HeadingNote"> |
| 13888 | <span style= |
| 13889 | 'font-size: 10.5pt;font-weight:normal;font-style:normal'>)</span></span></p> |
| 13890 | <p class="beforelist">These flags control error reporting for |
| 13891 | parameters with inconsistent side effects in invocations of checked |
| 13892 | function macros and function calls.</p> |
| 13893 | <div> |
| 13894 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13895 | height="14" align="left"> |
| 13896 | <tr> |
| 13897 | <td valign="top" align="left" height="14" style= |
| 13898 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13899 | <p class="TextFontCX" align="center" style= |
| 13900 | 'text-align:center;background:#CCCCCC'><span style= |
| 13901 | 'font-size:10.0pt'>m:</span><span class= |
| 13902 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 13903 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13904 | 'font-size:10.0pt'>sef-params</span></span></p> |
| 13905 | <p class="IndentText">An actual parameter with side effects is |
| 13906 | passed as a formal parameter declared with <span class= |
| 13907 | "Annot"><span style='font-size:10.0pt'>sef</span></span>.</p> |
| 13908 | <div> |
| 13909 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13910 | height="14" align="left"> |
| 13911 | <tr> |
| 13912 | <td valign="top" align="left" height="14" style= |
| 13913 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13914 | <p class="TextFontCX" align="center" style= |
| 13915 | 'text-align:center;background:#CCCCCC'><span style= |
| 13916 | 'font-size:10.0pt'>m:</span><span class= |
| 13917 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 13918 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13919 | 'font-size:10.0pt'>sef-uncon</span></span></p> |
| 13920 | <p class="IndentText">An actual parameter involving a call to an |
| 13921 | unconstrained function (declared without modifies clause) that may |
| 13922 | modify anything is passed as a <span class= |
| 13923 | "Annot"><span style='font-size:10.0pt'>sef</span></span> |
| 13924 | parameter.</p> |
| 13925 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 13926 | <a name="_Toc534975058">Iterators</a></p> |
| 13927 | <div> |
| 13928 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13929 | height="14" align="left"> |
| 13930 | <tr> |
| 13931 | <td valign="top" align="left" height="14" style= |
| 13932 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13933 | <p class="TextFontCX" align="center" style= |
| 13934 | 'text-align:center;background:#CCCCCC'><span style= |
| 13935 | 'font-size:10.0pt'>P:</span> <span class= |
| 13936 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 13937 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13938 | 'font-size:10.0pt'>iterbalance</span></span></p> |
| 13939 | <p class="IndentText">Iter is not balanced with end |
| 13940 | <span class="CodeText"><span style='font-size:10.0pt'> <iter></span></span>. |
| 13941 | </p> |
| 13942 | |
| 13943 | <div> |
| 13944 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13945 | height="14" align="left"> |
| 13946 | <tr> |
| 13947 | <td valign="top" align="left" height="14" style= |
| 13948 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13949 | <p class="TextFontCX" align="center" style= |
| 13950 | 'text-align:center;background:#CCCCCC'><span style= |
| 13951 | 'font-size:10.0pt'>P:</span> <span class= |
| 13952 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 13953 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13954 | 'font-size:10.0pt'>iteryield</span></span></p> |
| 13955 | <p class="IndentText">Iter yield parameter is inappropriate. |
| 13956 | </p> |
| 13957 | |
| 13958 | <div> |
| 13959 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13960 | height="14" align="left"> |
| 13961 | <tr> |
| 13962 | <td valign="top" align="left" height="14" style= |
| 13963 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13964 | <p class="TextFontCX" align="center" style= |
| 13965 | 'text-align:center;background:#CCCCCC'><span style= |
| 13966 | 'font-size:10.0pt'>P:</span> <span class= |
| 13967 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 13968 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13969 | 'font-size:10.0pt'>has-yield</span></span></p> |
| 13970 | <p class="IndentText">An iterator has been declared with no |
| 13971 | parameters annotated with <span class="Annot"><span style= |
| 13972 | 'font-size:10.0pt'>yield</span></span>.</p> |
| 13973 | |
| 13974 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 13975 | <a name="_Toc534975059">Naming Conventions</a> <span class= |
| 13976 | "TextFontCXChar"><span style= |
| 13977 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 13978 | 12)</span></span></p> |
| 13979 | <div> |
| 13980 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13981 | height="14" align="left"> |
| 13982 | <tr> |
| 13983 | <td valign="top" align="left" height="14" style= |
| 13984 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 13985 | <p class="TextFontCX" align="center" style= |
| 13986 | 'text-align:center;background:#CCCCCC'><span style= |
| 13987 | 'font-size:10.0pt'>P:</span> <span class= |
| 13988 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 13989 | <p class="TextFontCX"><span class="Flag"><span style= |
| 13990 | 'font-size:10.0pt'>name-checks</span></span></p> |
| 13991 | <p class="IndentText">Turns all name checking on or off without |
| 13992 | changing other settings.</p> |
| 13993 | <p class="Heading10">Type-Based Naming Conventions |
| 13994 | <span style='font-size:10.5pt; font-weight:normal'>(Section |
| 13995 | 12.1)</span></p> |
| 13996 | <p class="Heading11">Czech Naming Convention</p> |
| 13997 | <div> |
| 13998 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 13999 | height="14" align="left"> |
| 14000 | <tr> |
| 14001 | <td valign="top" align="left" height="14" style= |
| 14002 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14003 | <p class="TextFontCX" align="center" style= |
| 14004 | 'text-align:center;background:#CCCCCC'><span style= |
| 14005 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 14006 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14007 | 'font-size:10.0pt'>czech</span></span></p> |
| 14008 | <p class="IndentText">Selects complete Czech naming convention |
| 14009 | (sets <span class="Flag"><span style= |
| 14010 | 'font-size:10.0pt'>access-czech</span></span>, <span class= |
| 14011 | "Flag"><span style='font-size:10.0pt'>czech-fcns</span></span>, |
| 14012 | <span class="Flag"><span style= |
| 14013 | 'font-size:10.0pt'>czech-vars</span></span>, <span class= |
| 14014 | "Flag"><span style='font-size:10.0pt'>czech-consts</span></span>, |
| 14015 | <span class="Flag"><span style= |
| 14016 | 'font-size:10.0pt'>czech-macros</span></span>, and |
| 14017 | <span class="Flag"><span style= |
| 14018 | 'font-size:10.0pt'>czech-types</span></span>).</p> |
| 14019 | <div> |
| 14020 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14021 | height="14" align="left"> |
| 14022 | <tr> |
| 14023 | <td valign="top" align="left" height="14" style= |
| 14024 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14025 | <p class="TextFontCX" align="center" style= |
| 14026 | 'text-align:center;background:#CCCCCC'><span style= |
| 14027 | 'font-size:10.0pt'>P:</span> <span class= |
| 14028 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 14029 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14030 | 'font-size:10.0pt'>access-czech</span></span></p> |
| 14031 | <p class="IndentText">Allow access to abstract types following |
| 14032 | Czech naming convention. The representation of an abstract |
| 14033 | type named <span class="CodeText"><i><span style= |
| 14034 | 'font-size:10.0pt'>t</span></i></span> is accessible in the |
| 14035 | definition of a function or constant named <span class= |
| 14036 | "CodeText"><i><span style= |
| 14037 | 'font-size:10.0pt'>t_name</span></i></span>.</p> |
| 14038 | <div> |
| 14039 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14040 | height="14" align="left"> |
| 14041 | <tr> |
| 14042 | <td valign="top" align="left" height="14" style= |
| 14043 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14044 | <p class="TextFontCX" align="center" style= |
| 14045 | 'text-align:center;background:#CCCCCC'><span style= |
| 14046 | 'font-size:10.0pt'>P:</span> <span class= |
| 14047 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14048 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14049 | 'font-size:10.0pt'>czech-fcns</span></span></p> |
| 14050 | <p class="IndentText">Function or iterator name is not consistent |
| 14051 | with Czech naming convention.</p> |
| 14052 | <div> |
| 14053 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14054 | height="14" align="left"> |
| 14055 | <tr> |
| 14056 | <td valign="top" align="left" height="14" style= |
| 14057 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14058 | <p class="TextFontCX" align="center" style= |
| 14059 | 'text-align:center;background:#CCCCCC'><span style= |
| 14060 | 'font-size:10.0pt'>P:</span> <span class= |
| 14061 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14062 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14063 | 'font-size:10.0pt'>czech-vars</span></span></p> |
| 14064 | <p class="IndentText"> Variable name is not consistent with |
| 14065 | Czech naming convention.</p> |
| 14066 | <div> |
| 14067 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14068 | height="14" align="left"> |
| 14069 | <tr> |
| 14070 | <td valign="top" align="left" height="14" style= |
| 14071 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14072 | <p class="TextFontCX" align="center" style= |
| 14073 | 'text-align:center;background:#CCCCCC'><span style= |
| 14074 | 'font-size:10.0pt'>P:</span> <span class= |
| 14075 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14076 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14077 | 'font-size:10.0pt'>czech-macros</span></span></p> |
| 14078 | <p class="IndentText"> Expanded macro name is not consistent |
| 14079 | with Czech naming convention.</p> |
| 14080 | <div> |
| 14081 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14082 | height="14" align="left"> |
| 14083 | <tr> |
| 14084 | <td valign="top" align="left" height="14" style= |
| 14085 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14086 | <p class="TextFontCX" align="center" style= |
| 14087 | 'text-align:center;background:#CCCCCC'><span style= |
| 14088 | 'font-size:10.0pt'>P:</span> <span class= |
| 14089 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14090 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14091 | 'font-size:10.0pt'>czech-consts</span></span></p> |
| 14092 | <p class="IndentText">Constant name is not consistent with Czech |
| 14093 | naming convention.</p> |
| 14094 | <div> |
| 14095 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14096 | height="14" align="left"> |
| 14097 | <tr> |
| 14098 | <td valign="top" align="left" height="14" style= |
| 14099 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14100 | <p class="TextFontCX" align="center" style= |
| 14101 | 'text-align:center;background:#CCCCCC'><span style= |
| 14102 | 'font-size:10.0pt'>P:</span> <span class= |
| 14103 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14104 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14105 | 'font-size:10.0pt'>czech-types</span></span></p> |
| 14106 | <p class="IndentText">Type name is not consistent with Czech naming |
| 14107 | convention. Czech type names must not use the underscore |
| 14108 | character.</p> |
| 14109 | <p class="Heading11">Slovak Naming Convention</p> |
| 14110 | <div> |
| 14111 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14112 | height="14" align="left"> |
| 14113 | <tr> |
| 14114 | <td valign="top" align="left" height="14" style= |
| 14115 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14116 | <p class="TextFontCX" align="center" style= |
| 14117 | 'text-align:center;background:#CCCCCC'><span style= |
| 14118 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 14119 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14120 | 'font-size:10.0pt'>slovak</span></span></p> |
| 14121 | <p class="IndentText">Selects complete Slovak naming convention |
| 14122 | (sets <span class="Flag"><span style= |
| 14123 | 'font-size:10.0pt'>access-slovak</span></span>, <span class= |
| 14124 | "Flag"><span style='font-size:10.0pt'>slovak-fcns</span></span>, |
| 14125 | <span class="Flag"><span style= |
| 14126 | 'font-size:10.0pt'>slovak-vars</span></span>, <span class= |
| 14127 | "Flag"><span style='font-size:10.0pt'>slovak-consts</span></span>, |
| 14128 | <span class="Flag"><span style= |
| 14129 | 'font-size:10.0pt'>slovak-macros</span></span>, and |
| 14130 | <span class="Flag"><span style= |
| 14131 | 'font-size:10.0pt'>slovak-types</span></span>).</p> |
| 14132 | <div> |
| 14133 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14134 | height="14" align="left"> |
| 14135 | <tr> |
| 14136 | <td valign="top" align="left" height="14" style= |
| 14137 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14138 | <p class="TextFontCX" align="center" style= |
| 14139 | 'text-align:center;background:#CCCCCC'><span style= |
| 14140 | 'font-size:10.0pt'>P:</span> <span class= |
| 14141 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14142 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14143 | 'font-size:10.0pt'>access-slovak</span></span></p> |
| 14144 | <p class="IndentText">Allow access to abstract types following |
| 14145 | Slovak naming convention. The representation of an abstract type |
| 14146 | named <span class="CodeText"><i><span style= |
| 14147 | 'font-size:10.0pt'>t</span></i></span> is accessible in the |
| 14148 | definition of a function or constant named <span class= |
| 14149 | "CodeText"><i><span style= |
| 14150 | 'font-size:10.0pt'>tName</span></i></span>.</p> |
| 14151 | <div> |
| 14152 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14153 | height="14" align="left"> |
| 14154 | <tr> |
| 14155 | <td valign="top" align="left" height="14" style= |
| 14156 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14157 | <p class="TextFontCX" align="center" style= |
| 14158 | 'text-align:center;background:#CCCCCC'><span style= |
| 14159 | 'font-size:10.0pt'>P:</span> <span class= |
| 14160 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14161 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14162 | 'font-size:10.0pt'>slovak-fcns</span></span></p> |
| 14163 | <p class="IndentText">Function or iterator name is not consistent |
| 14164 | with Slovak naming convention.</p> |
| 14165 | <div> |
| 14166 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14167 | height="14" align="left"> |
| 14168 | <tr> |
| 14169 | <td valign="top" align="left" height="14" style= |
| 14170 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14171 | <p class="TextFontCX" align="center" style= |
| 14172 | 'text-align:center;background:#CCCCCC'><span style= |
| 14173 | 'font-size:10.0pt'>P:</span> <span class= |
| 14174 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14175 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14176 | 'font-size:10.0pt'>slovak-macros</span></span></p> |
| 14177 | <p class="IndentText">Expanded macro name is not consistent with |
| 14178 | Slovak naming convention.</p> |
| 14179 | <div> |
| 14180 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14181 | height="14" align="left"> |
| 14182 | <tr> |
| 14183 | <td valign="top" align="left" height="14" style= |
| 14184 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14185 | <p class="TextFontCX" align="center" style= |
| 14186 | 'text-align:center;background:#CCCCCC'><span style= |
| 14187 | 'font-size:10.0pt'>P:</span> <span class= |
| 14188 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14189 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14190 | 'font-size:10.0pt'>slovak-vars</span></span></p> |
| 14191 | <p class="IndentText"> Variable name is not consistent with |
| 14192 | Slovak naming convention.</p> |
| 14193 | <div> |
| 14194 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14195 | height="14" align="left"> |
| 14196 | <tr> |
| 14197 | <td valign="top" align="left" height="14" style= |
| 14198 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14199 | <p class="TextFontCX" align="center" style= |
| 14200 | 'text-align:center;background:#CCCCCC'><span style= |
| 14201 | 'font-size:10.0pt'>P:</span> <span class= |
| 14202 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14203 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14204 | 'font-size:10.0pt'>slovak-consts</span></span></p> |
| 14205 | <p class="IndentText"> Constant name is not consistent with |
| 14206 | Slovak naming convention.</p> |
| 14207 | <div> |
| 14208 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14209 | height="14" align="left"> |
| 14210 | <tr> |
| 14211 | <td valign="top" align="left" height="14" style= |
| 14212 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14213 | <p class="TextFontCX" align="center" style= |
| 14214 | 'text-align:center;background:#CCCCCC'><span style= |
| 14215 | 'font-size:10.0pt'>P:</span> <span class= |
| 14216 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14217 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14218 | 'font-size:10.0pt'>slovak-types</span></span></p> |
| 14219 | <p class="IndentText">Type name is not consistent with Slovak |
| 14220 | naming convention. Slovak type names may not include |
| 14221 | uppercase letters.</p> |
| 14222 | <p class="Heading11">Czechoslovak Naming Convention</p> |
| 14223 | <div> |
| 14224 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14225 | height="14" align="left"> |
| 14226 | <tr> |
| 14227 | <td valign="top" align="left" height="14" style= |
| 14228 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14229 | <p class="TextFontCX" align="center" style= |
| 14230 | 'text-align:center;background:#CCCCCC'><span style= |
| 14231 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 14232 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14233 | 'font-size:10.0pt'>czechoslovak</span></span></p> |
| 14234 | <p class="IndentText">Selects complete Czechoslovak naming |
| 14235 | convention (sets <span class="Flag"><span style= |
| 14236 | 'font-size:10.0pt'>access-czechoslovak</span></span>, |
| 14237 | <span class="Flag"><span style= |
| 14238 | 'font-size:10.0pt'>czechoslovak-fcns</span></span>, |
| 14239 | <span class="Flag"><span style= |
| 14240 | 'font-size:10.0pt'>czechoslovak-vars</span></span>, |
| 14241 | <span class="Flag"><span style= |
| 14242 | 'font-size:10.0pt'>czechoslovak-consts</span></span>, |
| 14243 | <span class="Flag"><span style= |
| 14244 | 'font-size:10.0pt'>czechoslovak-macros</span></span>, and |
| 14245 | <span class="Flag"><span style= |
| 14246 | 'font-size:10.0pt'>czechoslovak-types</span></span>).</p> |
| 14247 | <div> |
| 14248 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14249 | height="14" align="left"> |
| 14250 | <tr> |
| 14251 | <td valign="top" align="left" height="14" style= |
| 14252 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14253 | <p class="TextFontCX" align="center" style= |
| 14254 | 'text-align:center;background:#CCCCCC'><span style= |
| 14255 | 'font-size:10.0pt'>P:</span> <span class= |
| 14256 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14257 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14258 | 'font-size:10.0pt'>access-czechoslovak</span></span></p> |
| 14259 | <p class="IndentText">Allow access to abstract types by |
| 14260 | Czechoslovak naming convention. The representation of an abstract |
| 14261 | type named <span class="CodeText"><i><span style= |
| 14262 | 'font-size:10.0pt'>t</span></i></span> is accessible in the |
| 14263 | definition of a function or constant named <span class= |
| 14264 | "CodeText"><i><span style= |
| 14265 | 'font-size:10.0pt'>t_name</span></i></span> or <span class= |
| 14266 | "CodeText"><i><span style= |
| 14267 | 'font-size:10.0pt'>tName</span></i></span>.</p> |
| 14268 | <div> |
| 14269 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14270 | height="14" align="left"> |
| 14271 | <tr> |
| 14272 | <td valign="top" align="left" height="14" style= |
| 14273 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14274 | <p class="TextFontCX" align="center" style= |
| 14275 | 'text-align:center;background:#CCCCCC'><span style= |
| 14276 | 'font-size:10.0pt'>P:</span> <span class= |
| 14277 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14278 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14279 | 'font-size:10.0pt'>czechoslovak-fcns</span></span></p> |
| 14280 | <p class="IndentText"> Function name is not consistent with |
| 14281 | Czechoslovak naming convention.</p> |
| 14282 | <div> |
| 14283 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14284 | height="14" align="left"> |
| 14285 | <tr> |
| 14286 | <td valign="top" align="left" height="14" style= |
| 14287 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14288 | <p class="TextFontCX" align="center" style= |
| 14289 | 'text-align:center;background:#CCCCCC'><span style= |
| 14290 | 'font-size:10.0pt'>P:</span> <span class= |
| 14291 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14292 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14293 | 'font-size:10.0pt'>czechoslovak-macros</span></span></p> |
| 14294 | <p class="IndentText">Expanded macro name is not consistent with |
| 14295 | Czechoslovak naming convention.</p> |
| 14296 | <div> |
| 14297 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14298 | height="14" align="left"> |
| 14299 | <tr> |
| 14300 | <td valign="top" align="left" height="14" style= |
| 14301 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14302 | <p class="TextFontCX" align="center" style= |
| 14303 | 'text-align:center;background:#CCCCCC'><span style= |
| 14304 | 'font-size:10.0pt'>P:</span> <span class= |
| 14305 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14306 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14307 | 'font-size:10.0pt'>czechoslovak-vars</span></span></p> |
| 14308 | <p class="IndentText">Variable name is not consistent with |
| 14309 | Czechoslovak naming convention.</p> |
| 14310 | <div> |
| 14311 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14312 | height="14" align="left"> |
| 14313 | <tr> |
| 14314 | <td valign="top" align="left" height="14" style= |
| 14315 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14316 | <p class="TextFontCX" align="center" style= |
| 14317 | 'text-align:center;background:#CCCCCC'><span style= |
| 14318 | 'font-size:10.0pt'>P:</span> <span class= |
| 14319 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14320 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14321 | 'font-size:10.0pt'>czechoslovak-consts</span></span></p> |
| 14322 | <p class="IndentText">Constant name is not consistent with |
| 14323 | Czechoslovak naming convention.</p> |
| 14324 | <div> |
| 14325 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14326 | height="14" align="left"> |
| 14327 | <tr> |
| 14328 | <td valign="top" align="left" height="14" style= |
| 14329 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14330 | <p class="TextFontCX" align="center" style= |
| 14331 | 'text-align:center;background:#CCCCCC'><span style= |
| 14332 | 'font-size:10.0pt'>P:</span> <span class= |
| 14333 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14334 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14335 | 'font-size:10.0pt'>czechoslovak-types</span></span></p> |
| 14336 | <p class="IndentText">Type name is not consistent with Czechoslovak |
| 14337 | naming convention. Czechoslovak type names may not include |
| 14338 | uppercase letters or the underscore character.</p> |
| 14339 | <p class="Heading10">Namespace Prefixes <span style= |
| 14340 | 'font-size:10.5pt; font-weight:normal'>(Section 12.2)</span></p> |
| 14341 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14342 | 'font-size:10.0pt'>macro-var-prefix</span></span><span class= |
| 14343 | "Flag"><span style='font-size:10.0pt'> <i><prefix |
| 14344 | string></i></span></span></p> |
| 14345 | <p class="IndentText">Set namespace prefix for variables declared |
| 14346 | in a macro body. (Default is <span class= |
| 14347 | "CodeText"><span style='font-size:10.0pt'>m_</span></span>.)</p> |
| 14348 | <div> |
| 14349 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14350 | height="14" align="left"> |
| 14351 | <tr> |
| 14352 | <td valign="top" align="left" height="14" style= |
| 14353 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14354 | <p class="TextFontCX" align="center" style= |
| 14355 | 'text-align:center;background:#CCCCCC'>P: <span class= |
| 14356 | "Keyword"><span style= |
| 14357 | 'font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 14358 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14359 | 'font-size:10.0pt'>macro-var-prefix-exclude</span></span></p> |
| 14360 | <p class="IndentText">A variable declared outside a macro body |
| 14361 | starts with the <span class="Flag"><span style= |
| 14362 | 'font-size:10.0pt'>macro-var-prefix</span></span>.</p> |
| 14363 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14364 | 'font-size:10.0pt'>tag-prefix</span></span><span class= |
| 14365 | "Flag"><span style='font-size:10.0pt'> <i><prefix |
| 14366 | string></i></span></span></p> |
| 14367 | <p class="IndentText">Set namespace prefix of <span class= |
| 14368 | "CodeText"><span style='font-size:10.0pt'>struct</span></span>, |
| 14369 | <span class="CodeText"><span style= |
| 14370 | 'font-size:10.0pt'>union</span></span> or <span class= |
| 14371 | "CodeText"><span style='font-size:10.0pt'>enum</span></span> tag |
| 14372 | identifiers.</p> |
| 14373 | <div> |
| 14374 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14375 | height="14" align="left"> |
| 14376 | <tr> |
| 14377 | <td valign="top" align="left" height="14" style= |
| 14378 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14379 | <p class="TextFontCX" align="center" style= |
| 14380 | 'text-align:center;background:#CCCCCC'><span style= |
| 14381 | 'font-size:10.0pt'>P:</span> <span class= |
| 14382 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14383 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14384 | 'font-size:10.0pt'>tag-prefix-exclude</span></span></p> |
| 14385 | <p class="IndentText">An identifier that is not a tag starts with |
| 14386 | the <span class="Flag"><span style= |
| 14387 | 'font-size:10.0pt'>tagprefix</span></span>.</p> |
| 14388 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14389 | 'font-size:10.0pt'>enum-prefix</span></span><span class= |
| 14390 | "Flag"><span style='font-size:10.0pt'> <i><prefix |
| 14391 | string></i></span></span></p> |
| 14392 | <p class="IndentText">Set namespace prefix for <span class= |
| 14393 | "CodeText"><span style='font-size:10.0pt'>enum</span></span> |
| 14394 | members.</p> |
| 14395 | <div> |
| 14396 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14397 | height="14" align="left"> |
| 14398 | <tr> |
| 14399 | <td valign="top" align="left" height="14" style= |
| 14400 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14401 | <p class="TextFontCX" align="center" style= |
| 14402 | 'text-align:center;background:#CCCCCC'><span style= |
| 14403 | 'font-size:10.0pt'>P:</span> <span class= |
| 14404 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14405 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14406 | 'font-size:10.0pt'>enum-prefix-exclude</span></span></p> |
| 14407 | <p class="IndentText">An identifier that is not an |
| 14408 | <span class="CodeText"><span style= |
| 14409 | 'font-size:10.0pt'>enum</span></span> member starts with the |
| 14410 | <span class="Flag"><span style= |
| 14411 | 'font-size:10.0pt'>enumprefix</span></span>.</p> |
| 14412 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14413 | 'font-size:10.0pt'>file-static-prefix</span></span><span class="Flag"> |
| 14414 | <span style='font-size:10.0pt'> <i><prefix |
| 14415 | string></i></span></span></p> |
| 14416 | <p class="IndentText">Set namespace prefix for file |
| 14417 | <span class="CodeText"><span style= |
| 14418 | 'font-size:10.0pt'>static</span></span> declarations.</p> |
| 14419 | <div> |
| 14420 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14421 | height="14" align="left"> |
| 14422 | <tr> |
| 14423 | <td valign="top" align="left" height="14" style= |
| 14424 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14425 | <p class="TextFontCX" align="center" style= |
| 14426 | 'text-align:center;background:#CCCCCC'><span style= |
| 14427 | 'font-size:10.0pt'>P:</span> <span class= |
| 14428 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14429 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14430 | 'font-size:10.0pt'>file-static-prefix-exclude</span></span></p> |
| 14431 | <p class="IndentText">An identifier that is not file static starts |
| 14432 | with the <span class="Flag"><span style= |
| 14433 | 'font-size:10.0pt'>filestaticprefix</span></span>.</p> |
| 14434 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14435 | 'font-size:10.0pt'>global-prefix</span></span><span class= |
| 14436 | "Flag"><span style='font-size:10.0pt'> <i><prefix |
| 14437 | string></i></span></span></p> |
| 14438 | <p class="IndentText">Set namespace prefix for global |
| 14439 | variables.</p> |
| 14440 | <div> |
| 14441 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14442 | height="14" align="left"> |
| 14443 | <tr> |
| 14444 | <td valign="top" align="left" height="14" style= |
| 14445 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14446 | <p class="TextFontCX" align="center" style= |
| 14447 | 'text-align:center;background:#CCCCCC'><span style= |
| 14448 | 'font-size:10.0pt'>P:</span> <span class= |
| 14449 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14450 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14451 | 'font-size:10.0pt'>global-prefix-exclude</span></span></p> |
| 14452 | <p class="IndentText">An identifier that is not a global variable |
| 14453 | starts with the <span class="Flag"><span style= |
| 14454 | 'font-size:10.0pt'>globalprefix</span></span>.</p> |
| 14455 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14456 | 'font-size:10.0pt'>type-prefix</span></span><span class= |
| 14457 | "Flag"><span style='font-size:10.0pt'> <i><prefix |
| 14458 | string></i></span></span></p> |
| 14459 | <p class="IndentText">Set namespace prefix for user-defined |
| 14460 | types.</p> |
| 14461 | <div> |
| 14462 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14463 | height="14" align="left"> |
| 14464 | <tr> |
| 14465 | <td valign="top" align="left" height="14" style= |
| 14466 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14467 | <p class="TextFontCX" align="center" style= |
| 14468 | 'text-align:center;background:#CCCCCC'><span style= |
| 14469 | 'font-size:10.0pt'>P:</span> <span class= |
| 14470 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14471 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14472 | 'font-size:10.0pt'>type-prefix-exclude</span></span></p> |
| 14473 | <p class="IndentText">An identifier that is not a type name starts |
| 14474 | with the <span class="Flag"><span style= |
| 14475 | 'font-size:10.0pt'>typeprefix</span></span>.</p> |
| 14476 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14477 | 'font-size:10.0pt'>external-prefix</span></span><span class= |
| 14478 | "Flag"><span style='font-size:10.0pt'> <i><prefix |
| 14479 | string></i></span></span></p> |
| 14480 | <p class="IndentText">Set namespace prefix for external |
| 14481 | identifiers.</p> |
| 14482 | <div> |
| 14483 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14484 | height="14" align="left"> |
| 14485 | <tr> |
| 14486 | <td valign="top" align="left" height="14" style= |
| 14487 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14488 | <p class="TextFontCX" align="center" style= |
| 14489 | 'text-align:center;background:#CCCCCC'><span style= |
| 14490 | 'font-size:10.0pt'>P:</span> <span class= |
| 14491 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14492 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14493 | 'font-size:10.0pt'>external-prefix-exclude</span></span></p> |
| 14494 | <p class="IndentText">An identifier that is not external starts |
| 14495 | with the <span class="Flag"><span style= |
| 14496 | 'font-size:10.0pt'>externalprefix</span></span>.</p> |
| 14497 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14498 | 'font-size:10.0pt'>local-prefix</span></span><span class= |
| 14499 | "Flag"><span style='font-size:10.0pt'> <i><prefix |
| 14500 | string></i></span></span></p> |
| 14501 | <p class="IndentText">Set namespace prefix for local variables.</p> |
| 14502 | <div> |
| 14503 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14504 | height="14" align="left"> |
| 14505 | <tr> |
| 14506 | <td valign="top" align="left" height="14" style= |
| 14507 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14508 | <p class="TextFontCX" align="center" style= |
| 14509 | 'text-align:center;background:#CCCCCC'><span style= |
| 14510 | 'font-size:10.0pt'>P:</span> <span class= |
| 14511 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14512 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14513 | 'font-size:10.0pt'>local-prefix-exclude</span></span></p> |
| 14514 | <p class="IndentText"> An identifier that is not a local |
| 14515 | variable starts with the <span class="Flag"><span style= |
| 14516 | 'font-size:10.0pt'>localprefix</span></span>.</p> |
| 14517 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14518 | 'font-size:10.0pt'>unchecked-macro-prefix</span></span><span class="Flag"> |
| 14519 | <span style='font-size:10.0pt'> <i><prefix |
| 14520 | string></i></span></span></p> |
| 14521 | <p class="IndentText">Set namespace prefix for unchecked |
| 14522 | macros.</p> |
| 14523 | <div> |
| 14524 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14525 | height="14" align="left"> |
| 14526 | <tr> |
| 14527 | <td valign="top" align="left" height="14" style= |
| 14528 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14529 | <p class="TextFontCX" align="center" style= |
| 14530 | 'text-align:center;background:#CCCCCC'><span style= |
| 14531 | 'font-size:10.0pt'>P:</span> <span class= |
| 14532 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14533 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14534 | 'font-size:10.0pt'>unchecked-macro-prefix-exclude</span></span></p> |
| 14535 | <p class="IndentText">An identifier that is not the name of an |
| 14536 | unchecked macro starts with the <span class= |
| 14537 | "Flag"><span style='font-size:10.0pt'>uncheckedmacroprefix</span></span>.</p> |
| 14538 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14539 | 'font-size:10.0pt'>const-prefix</span></span><span class= |
| 14540 | "Flag"><span style='font-size:10.0pt'> <i><prefix |
| 14541 | string></i></span></span></p> |
| 14542 | <p class="IndentText">Set namespace prefix for constants.</p> |
| 14543 | <div> |
| 14544 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14545 | height="14" align="left"> |
| 14546 | <tr> |
| 14547 | <td valign="top" align="left" height="14" style= |
| 14548 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14549 | <p class="TextFontCX" align="center" style= |
| 14550 | 'text-align:center;background:#CCCCCC'><span style= |
| 14551 | 'font-size:10.0pt'>P:</span> <span class= |
| 14552 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14553 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14554 | 'font-size:10.0pt'>const-prefix-exclude</span></span></p> |
| 14555 | <p class="IndentText">An identifier that is not a constant starts |
| 14556 | with the <span class="Flag"><span style= |
| 14557 | 'font-size:10.0pt'>constantprefix</span></span>.</p> |
| 14558 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14559 | 'font-size:10.0pt'>iter-prefix</span></span><span class= |
| 14560 | "Flag"><span style='font-size:10.0pt'> <i><prefix |
| 14561 | string></i></span></span></p> |
| 14562 | <p class="IndentText">Set namespace prefix for iterators.</p> |
| 14563 | <div> |
| 14564 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14565 | height="14" align="left"> |
| 14566 | <tr> |
| 14567 | <td valign="top" align="left" height="14" style= |
| 14568 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14569 | <p class="TextFontCX" align="center" style= |
| 14570 | 'text-align:center;background:#CCCCCC'><span style= |
| 14571 | 'font-size:10.0pt'>P:</span> <span class= |
| 14572 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14573 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14574 | 'font-size:10.0pt'>iter-prefix-exclude</span></span></p> |
| 14575 | <p class="IndentText">An identifier that is not an |
| 14576 | <span class="Flag"><span style= |
| 14577 | 'font-size:10.0pt'>iter</span></span> starts with the |
| 14578 | <span class="Flag"><span style= |
| 14579 | 'font-size:10.0pt'>iterprefix</span></span>.</p> |
| 14580 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14581 | 'font-size:10.0pt'>proto-param-prefix</span></span><span class="Flag"> |
| 14582 | <span style='font-size:10.0pt'> <i><prefix |
| 14583 | string></i></span></span></p> |
| 14584 | <p class="IndentText">Set namespace prefix for parameters in |
| 14585 | function prototypes.</p> |
| 14586 | <div> |
| 14587 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14588 | height="14" align="left"> |
| 14589 | <tr> |
| 14590 | <td valign="top" align="left" height="14" style= |
| 14591 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14592 | <p class="TextFontCX" align="center" style= |
| 14593 | 'text-align:center;background:#CCCCCC'><span style= |
| 14594 | 'font-size:10.0pt'>P:</span> <span class= |
| 14595 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14596 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14597 | 'font-size:10.0pt'>proto-param-prefix-exclude</span></span></p> |
| 14598 | <p class="IndentText">An identifier that is not a parameter in a |
| 14599 | function prototype starts with the <span class= |
| 14600 | "Flag"><span style='font-size:10.0pt'>protoprarmprefix</span></span>.</p> |
| 14601 | <div> |
| 14602 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14603 | height="14" align="left"> |
| 14604 | <tr> |
| 14605 | <td valign="top" align="left" height="14" style= |
| 14606 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14607 | <p class="TextFontCX" align="center" style= |
| 14608 | 'text-align:center;background:#CCCCCC'><span style= |
| 14609 | 'font-size:10.0pt'>m:</span><span class= |
| 14610 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 14611 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14612 | 'font-size:10.0pt'>proto-param-name</span></span></p> |
| 14613 | <p class="IndentText">A parameter in a function prototype has a |
| 14614 | name (can interfere with macro definitions).</p> |
| 14615 | <div> |
| 14616 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14617 | height="14" align="left"> |
| 14618 | <tr> |
| 14619 | <td valign="top" align="left" height="14" style= |
| 14620 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14621 | <p class="TextFontCX" align="center" style= |
| 14622 | 'text-align:center;background:#CCCCCC'><span style= |
| 14623 | 'font-size:10.0pt'>m:</span><span class= |
| 14624 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 14625 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14626 | 'font-size:10.0pt'>proto-param-match</span></span></p> |
| 14627 | <p class="IndentText">The name of a parameter in a function |
| 14628 | definition does not match the corresponding name of the parameter |
| 14629 | in a function prototype (after removing the <span class= |
| 14630 | "Flag"><span style= |
| 14631 | 'font-size:10.0pt'>protoparamprefix</span></span>).</p> |
| 14632 | <p class="Heading10">Naming Restrictions <span style= |
| 14633 | 'font-size:10.5pt; font-weight:normal'>(Section 12.3)</span></p> |
| 14634 | <div> |
| 14635 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14636 | height="14" align="left"> |
| 14637 | <tr> |
| 14638 | <td valign="top" align="left" height="14" style= |
| 14639 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14640 | <p class="TextFontCX" align="center" style= |
| 14641 | 'text-align:center;background:#CCCCCC'><span style= |
| 14642 | 'font-size:10.0pt'>m:</span><span class= |
| 14643 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 14644 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14645 | 'font-size:10.0pt'>shadow</span></span></p> |
| 14646 | <p class="IndentText">Declaration reuses name visible in outer |
| 14647 | scope.</p> |
| 14648 | <p class="Heading11">Reserved Names</p> |
| 14649 | <div> |
| 14650 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14651 | height="14" align="left"> |
| 14652 | <tr> |
| 14653 | <td valign="top" align="left" height="14" style= |
| 14654 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14655 | <p class="TextFontCX" align="center" style= |
| 14656 | 'text-align:center;background:#CCCCCC'><span style= |
| 14657 | 'font-size:10.0pt'>m:</span><span class= |
| 14658 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 14659 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14660 | 'font-size:10.0pt'>ansi-reserved</span></span></p> |
| 14661 | <p class="IndentText">External name conflicts with name reserved |
| 14662 | for the compiler or standard library.</p> |
| 14663 | <div> |
| 14664 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14665 | height="14" align="left"> |
| 14666 | <tr> |
| 14667 | <td valign="top" align="left" height="14" style= |
| 14668 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14669 | <p class="TextFontCX" align="center" style= |
| 14670 | 'text-align:center;background:#CCCCCC'><span style= |
| 14671 | 'font-size:10.0pt'>m:</span><span class= |
| 14672 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 14673 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14674 | 'font-size:10.0pt'>ansi-reserved-internal</span></span></p> |
| 14675 | <p class="IndentText"> Internal name conflicts with name |
| 14676 | reserved for the compiler or standard library.</p> |
| 14677 | |
| 14678 | <div> |
| 14679 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14680 | height="14" align="left"> |
| 14681 | <tr> |
| 14682 | <td valign="top" align="left" height="14" style= |
| 14683 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14684 | <p class="TextFontCX" align="center" style= |
| 14685 | 'text-align:center;background:#CCCCCC'><span style= |
| 14686 | 'font-size:10.0pt'>m:</span><span class= |
| 14687 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 14688 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14689 | 'font-size:10.0pt'>iso-reserved</span></span></p> |
| 14690 | <p class="IndentText"> |
| 14691 | External name is reserved for system use by ISO C99 standard. |
| 14692 | </p> |
| 14693 | |
| 14694 | <div> |
| 14695 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14696 | height="14" align="left"> |
| 14697 | <tr> |
| 14698 | <td valign="top" align="left" height="14" style= |
| 14699 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14700 | <p class="TextFontCX" align="center" style= |
| 14701 | 'text-align:center;background:#CCCCCC'><span style= |
| 14702 | 'font-size:10.0pt'>m:</span><span class= |
| 14703 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 14704 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14705 | 'font-size:10.0pt'>iso-reserved-internal</span></span></p> |
| 14706 | <p class="IndentText"> |
| 14707 | Internal name is reserved for system in ISO C99 standard (this should not be necessary unless you are worried about C library implementations that violate the standard and use macros). |
| 14708 | </p> |
| 14709 | |
| 14710 | <div> |
| 14711 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14712 | height="14" align="left"> |
| 14713 | <tr> |
| 14714 | <td valign="top" align="left" height="14" style= |
| 14715 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14716 | <p class="TextFontCX" align="center" style= |
| 14717 | 'text-align:center;background:#CCCCCC'><span style= |
| 14718 | 'font-size:10.0pt'>m:</span><span class= |
| 14719 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 14720 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14721 | 'font-size:10.0pt'>cpp-names</span></span></p> |
| 14722 | <p class="IndentText">Internal or external name conflicts with a |
| 14723 | C++ reserved word. (Will cause problems if program is |
| 14724 | compiled with a C++ compiler.)</p> |
| 14725 | <p class="Heading11">Distinct External Names</p> |
| 14726 | <div> |
| 14727 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14728 | height="14" align="left"> |
| 14729 | <tr> |
| 14730 | <td valign="top" align="left" height="14" style= |
| 14731 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14732 | <p class="TextFontCX" align="center" style= |
| 14733 | 'text-align:center;background:#CCCCCC'><span style= |
| 14734 | 'font-size:10.0pt'>P:</span> <span class= |
| 14735 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14736 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14737 | 'font-size:10.0pt'>distinct-external-names</span></span></p> |
| 14738 | <p class="IndentText">An external name is not distinguishable from |
| 14739 | another external name using <span class="Flag"><span style= |
| 14740 | 'font-size:10.0pt'>externalnamelen</span></span><i> </i>significant |
| 14741 | characters.</p> |
| 14742 | <div> |
| 14743 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14744 | height="14" align="left"> |
| 14745 | <tr> |
| 14746 | <td valign="top" align="left" height="14" style= |
| 14747 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14748 | <p class="TextFontCX" align="center" style= |
| 14749 | 'text-align:center;background:#CCCCCC'><span style= |
| 14750 | 'font-size:10.0pt'>P: 6</span></p></td></tr></table></div> |
| 14751 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14752 | 'font-size:10.0pt'>external-name-len</span></span><span class="Flag"> |
| 14753 | <span style= |
| 14754 | 'font-size:10.0pt'> <i><number></i></span></span></p> |
| 14755 | <p class="IndentText">Sets the number of significant characters in |
| 14756 | an external name (ANSI default minimum is 6). Sets |
| 14757 | <span class="Flag"><span style= |
| 14758 | 'font-size:10.0pt'>+distinct-external-names</span></span>.</p> |
| 14759 | <div> |
| 14760 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14761 | height="14" align="left"> |
| 14762 | <tr> |
| 14763 | <td valign="top" align="left" height="14" style= |
| 14764 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14765 | <p class="TextFontCX" align="center" style= |
| 14766 | 'text-align:center;background:#CCCCCC'><span style= |
| 14767 | 'font-size:10.0pt'>P:</span> <span class= |
| 14768 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14769 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14770 | 'font-size:10.0pt'>external-name-case-insensitive</span></span></p> |
| 14771 | <p class="IndentText">Make alphabetic case insignificant in |
| 14772 | external names. According to ANSI standard, case need not be |
| 14773 | significant in an external name. If <span class= |
| 14774 | "Flag"><span style= |
| 14775 | 'font-size:10.0pt'>+distinct-external-names</span></span> is |
| 14776 | not set, sets <span class="Flag"><span style= |
| 14777 | 'font-size:10.0pt'>+distinct-external-names</span></span> with |
| 14778 | unlimited external name length.</p> |
| 14779 | <p class="Heading11">Distinct Internal Names</p> |
| 14780 | <div> |
| 14781 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14782 | height="14" align="left"> |
| 14783 | <tr> |
| 14784 | <td valign="top" align="left" height="14" style= |
| 14785 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14786 | <p class="TextFontCX" align="center" style= |
| 14787 | 'text-align:center;background:#CCCCCC'><span style= |
| 14788 | 'font-size:10.0pt'>m:</span><span class= |
| 14789 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 14790 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14791 | 'font-size:10.0pt'>distinct-internal-names</span></span></p> |
| 14792 | <p class="IndentText">An internal name is not distinguishable from |
| 14793 | another internal name using <span class="Flag"><span style= |
| 14794 | 'font-size:10.0pt'>internalnamelen</span></span> significant |
| 14795 | characters. (Also effected by <span class= |
| 14796 | "Flag"><span style= |
| 14797 | 'font-size:10.0pt'>internal-name-case-insensitive</span></span> and |
| 14798 | <span class="Flag"><span style= |
| 14799 | 'font-size:10.0pt'>internal-name-lookalike</span></span>.)</p> |
| 14800 | <div> |
| 14801 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14802 | height="14" align="left"> |
| 14803 | <tr> |
| 14804 | <td valign="top" align="left" height="14" style= |
| 14805 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14806 | <p class="TextFontCX" align="center" style= |
| 14807 | 'text-align:center;background:#CCCCCC'><span style= |
| 14808 | 'font-size:10.0pt'>P:</span> <span class="Flag"><span style= |
| 14809 | 'font-size:10.0pt'>31</span></span></p></td></tr></table></div> |
| 14810 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14811 | 'font-size:10.0pt'>internal-name-len</span></span><span class="Flag"> |
| 14812 | <span style= |
| 14813 | 'font-size:10.0pt'> <i><number></i></span></span></p> |
| 14814 | <p class="IndentText">Set the number of significant characters in |
| 14815 | an internal name. Sets <span class="Flag"><span style= |
| 14816 | 'font-size:10.0pt'>+distinct-internal-names</span></span>.</p> |
| 14817 | <div> |
| 14818 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14819 | height="14" align="left"> |
| 14820 | <tr> |
| 14821 | <td valign="top" align="left" height="14" style= |
| 14822 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14823 | <p class="TextFontCX" align="center" style= |
| 14824 | 'text-align:center;background:#CCCCCC'><span style= |
| 14825 | 'font-size:10.0pt'>P:</span> <span class= |
| 14826 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14827 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14828 | 'font-size:10.0pt'>internal-name-case-insensitive</span></span></p> |
| 14829 | <p class="IndentText">Set whether case is significant an internal |
| 14830 | names (<span class="Flag"><span style= |
| 14831 | 'font-size:10.0pt'>-internal-name-case-insensitive</span></span> means |
| 14832 | case is significant). If <span class= |
| 14833 | "Flag"><span style='font-size:10.0pt'>+distinct-internal-names</span></span> is |
| 14834 | not set, sets <span class="Flag"><span style= |
| 14835 | 'font-size:10.0pt'>+distinct-internal-names</span></span> |
| 14836 | with unlimited internal name length.</p> |
| 14837 | <div> |
| 14838 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14839 | height="14" align="left"> |
| 14840 | <tr> |
| 14841 | <td valign="top" align="left" height="14" style= |
| 14842 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14843 | <p class="TextFontCX" align="center" style= |
| 14844 | 'text-align:center;background:#CCCCCC'><span style= |
| 14845 | 'font-size:10.0pt'>P:</span> <span class= |
| 14846 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 14847 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14848 | 'font-size:10.0pt'>internal-name-lookalike</span></span></p> |
| 14849 | <p class="IndentText"> Set whether similar looking characters |
| 14850 | (e.g., “<span class="Keyword"><span style= |
| 14851 | 'font-size:10.0pt'>1</span></span>” and |
| 14852 | “<span class="Keyword"><span style= |
| 14853 | 'font-size:10.0pt'>l</span></span>”) match in internal |
| 14854 | names.</p> |
| 14855 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 14856 | Control Flow <span class="TextFontCXChar"><span style= |
| 14857 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 14858 | 8)</span></span></p> |
| 14859 | <p class="Heading10">Undefined Evaluation Order <span class= |
| 14860 | "HeadingNote"><span style= |
| 14861 | 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span> |
| 14862 | <span class="HeadingNote"><span style= |
| 14863 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>8.2</span></span><span class="HeadingNote"> |
| 14864 | <span style= |
| 14865 | 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p> |
| 14866 | <div> |
| 14867 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14868 | height="14" align="left"> |
| 14869 | <tr> |
| 14870 | <td valign="top" align="left" height="14" style= |
| 14871 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14872 | <p class="TextFontCX" align="center" style= |
| 14873 | 'text-align:center;background:#CCCCCC'><span style= |
| 14874 | 'font-size:10.0pt'>m:</span><span class= |
| 14875 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 14876 | <p class="Heading10" style='margin:0in;margin-bottom:.0001pt'> |
| 14877 | <span class="Flag"><span style= |
| 14878 | 'font-size:10.0pt;font-weight:normal'>eval-order</span></span></p> |
| 14879 | <p class="IndentText">Behavior of an expression is unspecified or |
| 14880 | implementation-dependent because sub-expressions contain |
| 14881 | interfering side effects that may be evaluated in any order.</p> |
| 14882 | <div> |
| 14883 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14884 | height="14" align="left"> |
| 14885 | <tr> |
| 14886 | <td valign="top" align="left" height="14" style= |
| 14887 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14888 | <p class="TextFontCX" align="center" style= |
| 14889 | 'text-align:center;background:#CCCCCC'><span style= |
| 14890 | 'font-size:10.0pt'>m:</span><span class= |
| 14891 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 14892 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14893 | 'font-size:10.0pt'>eval-order-uncon</span></span></p> |
| 14894 | <p class="IndentText">An expression may be undefined because a |
| 14895 | sub-expression contains a call to an unconstrained function (no |
| 14896 | modifies clause) that may modify something that may be modified or |
| 14897 | used by another sub-expression.</p> |
| 14898 | <p class="Heading10">Problematic Control Structures |
| 14899 | <span class="HeadingNote"><span style= |
| 14900 | 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span> |
| 14901 | <span class="HeadingNote"><span style= |
| 14902 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>8.3</span></span><span class="HeadingNote"> |
| 14903 | <span style= |
| 14904 | 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p> |
| 14905 | <div> |
| 14906 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14907 | height="14" align="left"> |
| 14908 | <tr> |
| 14909 | <td valign="top" align="left" height="14" style= |
| 14910 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14911 | <p class="TextFontCX" align="center" style= |
| 14912 | 'text-align:center;background:#CCCCCC'><span style= |
| 14913 | 'font-size:10.0pt'>m:</span><span class= |
| 14914 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 14915 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14916 | 'font-size:10.0pt'>inf-loops</span></span></p> |
| 14917 | <p class="IndentText">Likely infinite loop is detected (Section |
| 14918 | 8.3.1).</p> |
| 14919 | <div> |
| 14920 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14921 | height="14" align="left"> |
| 14922 | <tr> |
| 14923 | <td valign="top" align="left" height="14" style= |
| 14924 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14925 | <p class="TextFontCX" align="center" style= |
| 14926 | 'text-align:center;background:#CCCCCC'><span style= |
| 14927 | 'font-size:10.0pt'>m:</span><span class= |
| 14928 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 14929 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14930 | 'font-size:10.0pt'>inf-loops-uncon</span></span></p> |
| 14931 | <p class="IndentText">Likely infinite loop is detected. Loop |
| 14932 | test or body calls an unconstrained function that may produce an |
| 14933 | undetected modification.</p> |
| 14934 | <div> |
| 14935 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14936 | height="14" align="left"> |
| 14937 | <tr> |
| 14938 | <td valign="top" align="left" height="14" style= |
| 14939 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14940 | <p class="TextFontCX" align="center" style= |
| 14941 | 'text-align:center;background:#CCCCCC'><span style= |
| 14942 | 'font-size:10.0pt'>m:</span><span class= |
| 14943 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 14944 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14945 | 'font-size:10.0pt'>elseif-complete</span></span></p> |
| 14946 | <p class="IndentText">There is no finals else following an else if |
| 14947 | construct (Section 8.3.5).</p> |
| 14948 | |
| 14949 | <div> |
| 14950 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14951 | height="14" align="left"> |
| 14952 | <tr> |
| 14953 | <td valign="top" align="left" height="14" style= |
| 14954 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14955 | <p class="TextFontCX" align="center" style= |
| 14956 | 'text-align:center;background:#CCCCCC'><span style= |
| 14957 | 'font-size:10.0pt'>m:</span><span class= |
| 14958 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 14959 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14960 | 'font-size:10.0pt'>case-break</span></span></p> |
| 14961 | <p class="IndentText">There is a non-empty case in a switch not |
| 14962 | followed by a <span class="CodeText"><span style= |
| 14963 | 'font-size:10.0pt'>break</span></span><span class= |
| 14964 | "HeadingNote"><span style= |
| 14965 | 'font-size:10.5pt;font-style:normal'>(Section</span></span> |
| 14966 | <span class="HeadingNote"><span style= |
| 14967 | 'font-size:10.5pt;font-style:normal'>8.3.2</span></span><span class="HeadingNote"> |
| 14968 | <span style= |
| 14969 | 'font-size:10.5pt;font-style:normal'>).</span></span></p> |
| 14970 | |
| 14971 | |
| 14972 | <div> |
| 14973 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14974 | height="14" align="left"> |
| 14975 | <tr> |
| 14976 | <td valign="top" align="left" height="14" style= |
| 14977 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14978 | <p class="TextFontCX" align="center" style= |
| 14979 | 'text-align:center;background:#CCCCCC'><span style= |
| 14980 | 'font-size:10.0pt'>m:</span><span class= |
| 14981 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 14982 | <p class="TextFontCX"><span class="Flag"><span style= |
| 14983 | 'font-size:10.0pt'>first-case</span></span></p> |
| 14984 | <p class="IndentText"> |
| 14985 | The first statement after a switch is not a case. |
| 14986 | </p> |
| 14987 | |
| 14988 | |
| 14989 | <div> |
| 14990 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 14991 | height="14" align="left"> |
| 14992 | <tr> |
| 14993 | <td valign="top" align="left" height="14" style= |
| 14994 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 14995 | <p class="TextFontCX" align="center" style= |
| 14996 | 'text-align:center;background:#CCCCCC'><span style= |
| 14997 | 'font-size:10.0pt'>m:</span><span class= |
| 14998 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 14999 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15000 | 'font-size:10.0pt'>Duplicate-case</span></span></p> |
| 15001 | <p class="IndentText"> |
| 15002 | Duplicate cases in switch. |
| 15003 | </p> |
| 15004 | |
| 15005 | <div> |
| 15006 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15007 | height="14" align="left"> |
| 15008 | <tr> |
| 15009 | <td valign="top" align="left" height="14" style= |
| 15010 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15011 | <p class="TextFontCX" align="center" style= |
| 15012 | 'text-align:center;background:#CCCCCC'><span style= |
| 15013 | 'font-size:10.0pt'>m:</span><span class= |
| 15014 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 15015 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15016 | 'font-size:10.0pt'>miss-case</span></span></p> |
| 15017 | <p class="IndentText">A switch on an <span class= |
| 15018 | "CodeText"><span style='font-size: 10.0pt'>enum</span></span> type |
| 15019 | is missing a case for a member of the enumerator.</p> |
| 15020 | |
| 15021 | <div> |
| 15022 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15023 | height="14" align="left"> |
| 15024 | <tr> |
| 15025 | <td valign="top" align="left" height="14" style= |
| 15026 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15027 | <p class="TextFontCX" align="center" style= |
| 15028 | 'text-align:center;background:#CCCCCC'><span style= |
| 15029 | 'font-size:10.0pt'>P</span><span class= |
| 15030 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 15031 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15032 | 'font-size:10.0pt'>emptyreturn |
| 15033 | </span></span></p> |
| 15034 | <p class="IndentText">Empty return in function declared to return value.</p> |
| 15035 | |
| 15036 | <div> |
| 15037 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15038 | height="14" align="left"> |
| 15039 | <tr> |
| 15040 | <td valign="top" align="left" height="14" style= |
| 15041 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15042 | <p class="TextFontCX" align="center" style= |
| 15043 | 'text-align:center;background:#CCCCCC'><span style= |
| 15044 | 'font-size:10.0pt'>P</span><span class= |
| 15045 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 15046 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15047 | 'font-size:10.0pt'>alwaysexits |
| 15048 | </span></span></p> |
| 15049 | <p class="IndentText"> |
| 15050 | Loop predicate always exits. |
| 15051 | </p> |
| 15052 | |
| 15053 | <div> |
| 15054 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15055 | height="14" align="left"> |
| 15056 | <tr> |
| 15057 | <td valign="top" align="left" height="14" style= |
| 15058 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15059 | <p class="TextFontCX" align="center" style= |
| 15060 | 'text-align:center;background:#CCCCCC'><span style= |
| 15061 | 'font-size:10.0pt'>shortcut</span><span class= |
| 15062 | "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div> |
| 15063 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15064 | 'font-size:10.0pt'>loop-exec</span></span></p> |
| 15065 | <p class="IndentText">Assume all loops execute at least once. |
| 15066 | This effects use-before-definition and memory checking. |
| 15067 | It should probably not be used globally, but may be used |
| 15068 | surrounding a particular loop that is known to always execute to |
| 15069 | prevent spurious messages. |
| 15070 | (sets |
| 15071 | <span class="Flag"><span style= |
| 15072 | 'font-size:10.0pt'> |
| 15073 | for-loop-exec, while-loop-exec and iter-loop-exec |
| 15074 | </span></span> |
| 15075 | </p> |
| 15076 | |
| 15077 | <div> |
| 15078 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15079 | height="14" align="left"> |
| 15080 | <tr> |
| 15081 | <td valign="top" align="left" height="14" style= |
| 15082 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15083 | <p class="TextFontCX" align="center" style= |
| 15084 | 'text-align:center;background:#CCCCCC'><span style= |
| 15085 | 'font-size:10.0pt'>P</span><span class= |
| 15086 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 15087 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15088 | 'font-size:10.0pt'>for-loop-exec |
| 15089 | </span></span></p> |
| 15090 | <p class="IndentText"> |
| 15091 | Assume all<span class= |
| 15092 | "CodeText"><span style='font-size: 10.0pt'> |
| 15093 | for |
| 15094 | </span></span> |
| 15095 | loops execute at least once. This effects use-before-definition |
| 15096 | and memory checking. It should probably not be used globally, but may be used |
| 15097 | surrounding a particular loop that is known to always execute to prevent spurious messages. |
| 15098 | </p> |
| 15099 | |
| 15100 | |
| 15101 | |
| 15102 | <div> |
| 15103 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15104 | height="14" align="left"> |
| 15105 | <tr> |
| 15106 | <td valign="top" align="left" height="14" style= |
| 15107 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15108 | <p class="TextFontCX" align="center" style= |
| 15109 | 'text-align:center;background:#CCCCCC'><span style= |
| 15110 | 'font-size:10.0pt'>P</span><span class= |
| 15111 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 15112 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15113 | 'font-size:10.0pt'>while-loop-exec |
| 15114 | </span></span></p> |
| 15115 | <p class="IndentText"> |
| 15116 | Assume all<span class= |
| 15117 | "CodeText"><span style='font-size: 10.0pt'> |
| 15118 | while |
| 15119 | </span></span> |
| 15120 | loops execute at least once. This effects use-before-definition |
| 15121 | and memory checking. It should probably not be used globally, but may be used |
| 15122 | surrounding a particular loop that is known to always execute to prevent spurious messages. |
| 15123 | </p> |
| 15124 | |
| 15125 | |
| 15126 | <div> |
| 15127 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15128 | height="14" align="left"> |
| 15129 | <tr> |
| 15130 | <td valign="top" align="left" height="14" style= |
| 15131 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15132 | <p class="TextFontCX" align="center" style= |
| 15133 | 'text-align:center;background:#CCCCCC'><span style= |
| 15134 | 'font-size:10.0pt'>P</span><span class= |
| 15135 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 15136 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15137 | 'font-size:10.0pt'>iter-loop-exec |
| 15138 | </span></span></p> |
| 15139 | <p class="IndentText"> |
| 15140 | Assume all<span class= |
| 15141 | "CodeText"><span style='font-size: 10.0pt'> |
| 15142 | iter |
| 15143 | </span></span> |
| 15144 | loops execute at least once. This effects use-before-definition |
| 15145 | and memory checking. It should probably not be used globally, but may be used |
| 15146 | surrounding a particular loop that is known to always execute to prevent spurious messages. |
| 15147 | </p> |
| 15148 | |
| 15149 | |
| 15150 | |
| 15151 | <div> |
| 15152 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15153 | height="14" align="left"> |
| 15154 | <tr> |
| 15155 | <td valign="top" align="left" height="14" style= |
| 15156 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15157 | <p class="TextFontCX" align="center" style= |
| 15158 | 'text-align:center;background:#CCCCCC'><span style= |
| 15159 | 'font-size:10.0pt'>P</span><span class= |
| 15160 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 15161 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15162 | 'font-size:10.0pt'>obvious-loop-exec |
| 15163 | </span></span></p> |
| 15164 | <p class="IndentText"> |
| 15165 | Assume loop that can be determined to always execute always does. |
| 15166 | </p> |
| 15167 | |
| 15168 | <p class="Heading10">Deep Break <span class= |
| 15169 | "TextFontCXChar"><span style= |
| 15170 | 'font-size:11.0pt; font-weight:normal'>(Section</span></span> |
| 15171 | <span class="TextFontCXChar"><span style= |
| 15172 | 'font-size:11.0pt; font-weight:normal'>8.3.3</span></span><span class="TextFontCXChar"> |
| 15173 | <span style= |
| 15174 | 'font-size:11.0pt; font-weight:normal'>)</span></span></p> |
| 15175 | <div> |
| 15176 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15177 | height="14" align="left"> |
| 15178 | <tr> |
| 15179 | <td valign="top" align="left" height="14" style= |
| 15180 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15181 | <p class="TextFontCX" align="center" style= |
| 15182 | 'text-align:center;background:#CCCCCC'><span style= |
| 15183 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 15184 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15185 | 'font-size:10.0pt'>deep-break</span></span></p> |
| 15186 | <p class="IndentText">Report errors for <span class= |
| 15187 | "CodeText"><span style='font-size:10.0pt'>break</span></span> |
| 15188 | statements inside a nested <span class= |
| 15189 | "CodeText"><span style='font-size:10.0pt'>while</span></span>, |
| 15190 | <span class="CodeText"><span style= |
| 15191 | 'font-size:10.0pt'>for</span></span> or <span class= |
| 15192 | "CodeText"><span style= |
| 15193 | 'font-size:10.0pt'>switch</span></span>. (Sets all |
| 15194 | nested break and continue flags.)</p> |
| 15195 | <div> |
| 15196 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15197 | height="14" align="left"> |
| 15198 | <tr> |
| 15199 | <td valign="top" align="left" height="14" style= |
| 15200 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15201 | <p class="TextFontCX" align="center" style= |
| 15202 | 'text-align:center;background:#CCCCCC'><span style= |
| 15203 | 'font-size:10.0pt'>m:</span><span class= |
| 15204 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 15205 | <p class="MsoListBullet"><span class="Flag"><span style= |
| 15206 | 'font-size:10.0pt'>loop-loop-break</span></span></p> |
| 15207 | <p class="IndentText"><span class="TextFontCXChar">There is |
| 15208 | a</span> <span class="CodeText"><span style= |
| 15209 | 'font-size:10.0pt'>break</span></span> inside a <span class= |
| 15210 | "CodeText"><span style='font-size:10.0pt'>while</span></span>, |
| 15211 | <span class="CodeText"><span style= |
| 15212 | 'font-size:10.0pt'>for</span></span> or iterator loop that is |
| 15213 | inside a <span class="CodeText"><span style= |
| 15214 | 'font-size: 10.0pt'>while</span></span>, <span class= |
| 15215 | "CodeText"><span style='font-size:10.0pt'>for</span></span> or |
| 15216 | iterator loop. Mark with <span class="Annot"><span style= |
| 15217 | 'font-size:10.0pt'>/*@innerbreak@*/</span></span> to suppress the |
| 15218 | message.</p> |
| 15219 | <div> |
| 15220 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15221 | height="14" align="left"> |
| 15222 | <tr> |
| 15223 | <td valign="top" align="left" height="14" style= |
| 15224 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15225 | <p class="TextFontCX" align="center" style= |
| 15226 | 'text-align:center;background:#CCCCCC'><span style= |
| 15227 | 'font-size:10.0pt'>m:</span><span class= |
| 15228 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 15229 | <p class="MsoListBullet"><span class="Flag"><span style= |
| 15230 | 'font-size:10.0pt'>switch-loop-break</span></span></p> |
| 15231 | <p class="IndentText"><span class="TextFontCXChar">There is |
| 15232 | a</span><span class="CodeText"><span style= |
| 15233 | 'font-size:10.0pt'>break</span></span> inside a <span class= |
| 15234 | "CodeText"><span style='font-size:10.0pt'>while</span></span>, |
| 15235 | <span class="CodeText"><span style= |
| 15236 | 'font-size:10.0pt'>for</span></span> or iterator loop that is |
| 15237 | inside a <span class="CodeText"><span style= |
| 15238 | 'font-size: 10.0pt'>switch</span></span> statement. Mark with |
| 15239 | <span class="Annot"><span style= |
| 15240 | 'font-size:10.0pt'>/*@loopbreak@*/</span></span>.</p> |
| 15241 | <div> |
| 15242 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15243 | height="14" align="left"> |
| 15244 | <tr> |
| 15245 | <td valign="top" align="left" height="14" style= |
| 15246 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15247 | <p class="TextFontCX" align="center" style= |
| 15248 | 'text-align:center;background:#CCCCCC'><span style= |
| 15249 | 'font-size:10.0pt'>m:</span><span class= |
| 15250 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 15251 | <p class="MsoListBullet"><span class="Flag"><span style= |
| 15252 | 'font-size:10.0pt'>loop-switch-break</span></span></p> |
| 15253 | <p class="IndentText"><span class="TextFontCXChar">There is |
| 15254 | a</span><span class="CodeText"><span style= |
| 15255 | 'font-size:10.0pt'>break</span></span> inside a <span class= |
| 15256 | "CodeText"><span style='font-size:10.0pt'>switch</span></span> |
| 15257 | statement that is inside a <span class= |
| 15258 | "CodeText"><span style='font-size:10.0pt'>while</span></span>, |
| 15259 | <span class="CodeText"><span style= |
| 15260 | 'font-size:10.0pt'>for</span></span> or iterator loop. |
| 15261 | Mark with /<span class="Annot"><span style= |
| 15262 | 'font-size:10.0pt'>*@switchbreak@*/</span></span>.</p> |
| 15263 | <div> |
| 15264 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15265 | height="14" align="left"> |
| 15266 | <tr> |
| 15267 | <td valign="top" align="left" height="14" style= |
| 15268 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15269 | <p class="TextFontCX" align="center" style= |
| 15270 | 'text-align:center;background:#CCCCCC'><span style= |
| 15271 | 'font-size:10.0pt'>m:</span><span class= |
| 15272 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 15273 | <p class="MsoListBullet" style='margin-left:0in;text-indent:0in'> |
| 15274 | <span class="Flag"><span style= |
| 15275 | 'font-size:10.0pt'>switch-switch-break</span></span></p> |
| 15276 | <p class="IndentText"><span class="TextFontCXChar">There is |
| 15277 | a</span><span class="CodeText"><span style= |
| 15278 | 'font-size:10.0pt'>break</span></span> inside a <span class= |
| 15279 | "CodeText"><span style='font-size:10.0pt'>switch</span></span> |
| 15280 | statement that is inside another <span class= |
| 15281 | "CodeText"><span style='font-size: 10.0pt'>switch</span></span> |
| 15282 | statement. Mark with <span class="Annot"><span style= |
| 15283 | 'font-size:10.0pt'>/*@innerbreak@*/</span></span>.</p> |
| 15284 | <div> |
| 15285 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15286 | height="14" align="left"> |
| 15287 | <tr> |
| 15288 | <td valign="top" align="left" height="14" style= |
| 15289 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15290 | <p class="TextFontCX" align="center" style= |
| 15291 | 'text-align:center;background:#CCCCCC'><span style= |
| 15292 | 'font-size:10.0pt'>m:</span><span class= |
| 15293 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 15294 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15295 | 'font-size:10.0pt'>loop-loop-continue</span></span></p> |
| 15296 | <p class="IndentText">There is a <span class= |
| 15297 | "CodeText"><span style='font-size: 10.0pt'>continue</span></span> |
| 15298 | inside a while, for or iterator loop that is inside a while, |
| 15299 | for or iterator loop. Mark with <span class= |
| 15300 | "Annot"><span style= |
| 15301 | 'font-size:10.0pt'>/*@innercontinue@*/</span></span>.</p> |
| 15302 | <p class="Heading10">Loop and if Bodies <span class= |
| 15303 | "TextFontCXChar"><span style= |
| 15304 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 15305 | 8.3.4)</span></span></p> |
| 15306 | <div> |
| 15307 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15308 | height="14" align="left"> |
| 15309 | <tr> |
| 15310 | <td valign="top" align="left" height="14" style= |
| 15311 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15312 | <p class="TextFontCX" align="center" style= |
| 15313 | 'text-align:center;background:#CCCCCC'><span style= |
| 15314 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 15315 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15316 | 'font-size:10.0pt'>all-empty</span></span></p> |
| 15317 | <p class="IndentText">An if, while or for statement has no body |
| 15318 | (sets <span class="Flag"><span style= |
| 15319 | 'font-size:10.0pt'>if-empty</span></span>, <span class= |
| 15320 | "Flag"><span style= |
| 15321 | 'font-size:10.0pt'>while-empty</span></span> and |
| 15322 | <span class="Flag"><span style= |
| 15323 | 'font-size:10.0pt'>for-empty</span></span>.)</p> |
| 15324 | <div> |
| 15325 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15326 | height="14" align="left"> |
| 15327 | <tr> |
| 15328 | <td valign="top" align="left" height="14" style= |
| 15329 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15330 | <p class="TextFontCX" align="center" style= |
| 15331 | 'text-align:center;background:#CCCCCC'><span style= |
| 15332 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 15333 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15334 | 'font-size:10.0pt'>all-block</span></span></p> |
| 15335 | <p class="IndentText">The body of an <span class= |
| 15336 | "CodeText"><span style='font-size: 10.0pt'>if</span></span>, |
| 15337 | <span class="CodeText"><span style= |
| 15338 | 'font-size:10.0pt'>while</span></span> or <span class= |
| 15339 | "CodeText"><span style='font-size:10.0pt'>for</span></span> |
| 15340 | statement is not a block (sets <span class= |
| 15341 | "Flag"><span style='font-size:10.0pt'>if-block</span></span>, |
| 15342 | <span class="Flag"><span style= |
| 15343 | 'font-size:10.0pt'>while-block</span></span> and |
| 15344 | <span class="Flag"><span style= |
| 15345 | 'font-size:10.0pt'>for-block</span></span>.)</p> |
| 15346 | <div> |
| 15347 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15348 | height="14" align="left"> |
| 15349 | <tr> |
| 15350 | <td valign="top" align="left" height="14" style= |
| 15351 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15352 | <p class="TextFontCX" align="center" style= |
| 15353 | 'text-align:center;background:#CCCCCC'><span style= |
| 15354 | 'font-size:10.0pt'>m:</span><span class= |
| 15355 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 15356 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15357 | 'font-size:10.0pt'>while-empty</span></span></p> |
| 15358 | <p class="IndentText">A while statement has no body.</p> |
| 15359 | <div> |
| 15360 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15361 | height="14" align="left"> |
| 15362 | <tr> |
| 15363 | <td valign="top" align="left" height="14" style= |
| 15364 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15365 | <p class="TextFontCX" align="center" style= |
| 15366 | 'text-align:center;background:#CCCCCC'><span style= |
| 15367 | 'font-size:10.0pt'>m:</span><span class= |
| 15368 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 15369 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15370 | 'font-size:10.0pt'>while-block</span></span></p> |
| 15371 | <p class="IndentText"> The body of a <span class= |
| 15372 | "CodeText"><span style='font-size: 10.0pt'>while</span></span> |
| 15373 | statement is not a block</p> |
| 15374 | <div> |
| 15375 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15376 | height="14" align="left"> |
| 15377 | <tr> |
| 15378 | <td valign="top" align="left" height="14" style= |
| 15379 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15380 | <p class="TextFontCX" align="center" style= |
| 15381 | 'text-align:center;background:#CCCCCC'><span style= |
| 15382 | 'font-size:10.0pt'>m:</span><span class= |
| 15383 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 15384 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15385 | 'font-size:10.0pt'>for-empty</span></span></p> |
| 15386 | <p class="IndentText">A <span class="CodeText"><span style= |
| 15387 | 'font-size:10.0pt'>for</span></span> statement has no body.</p> |
| 15388 | <div> |
| 15389 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15390 | height="14" align="left"> |
| 15391 | <tr> |
| 15392 | <td valign="top" align="left" height="14" style= |
| 15393 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15394 | <p class="TextFontCX" align="center" style= |
| 15395 | 'text-align:center;background:#CCCCCC'><span style= |
| 15396 | 'font-size:10.0pt'>m:</span><span class= |
| 15397 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 15398 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15399 | 'font-size:10.0pt'>for-block</span></span></p> |
| 15400 | <p class="IndentText">The body of a <span class= |
| 15401 | "CodeText"><span style='font-size: 10.0pt'>for</span></span> |
| 15402 | statement is not a block.</p> |
| 15403 | <div> |
| 15404 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15405 | height="14" align="left"> |
| 15406 | <tr> |
| 15407 | <td valign="top" align="left" height="14" style= |
| 15408 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15409 | <p class="TextFontCX" align="center" style= |
| 15410 | 'text-align:center;background:#CCCCCC'><span style= |
| 15411 | 'font-size:10.0pt'>m:</span><span class= |
| 15412 | "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div> |
| 15413 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15414 | 'font-size:10.0pt'>if-empty</span></span></p> |
| 15415 | <p class="IndentText">An <span class="CodeText"><span style= |
| 15416 | 'font-size:10.0pt'>if</span></span> statement has no body.</p> |
| 15417 | <div> |
| 15418 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15419 | height="14" align="left"> |
| 15420 | <tr> |
| 15421 | <td valign="top" align="left" height="14" style= |
| 15422 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15423 | <p class="TextFontCX" align="center" style= |
| 15424 | 'text-align:center;background:#CCCCCC'><span style= |
| 15425 | 'font-size:10.0pt'>m:</span><span class= |
| 15426 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 15427 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15428 | 'font-size:10.0pt'>ifblock</span></span></p> |
| 15429 | <p class="IndentText">The body of an <span class= |
| 15430 | "CodeText"><span style='font-size: 10.0pt'>if</span></span> |
| 15431 | statement is not a block.</p> |
| 15432 | <p class="Heading10">Suspicious Statements <span class= |
| 15433 | "TextFontCXChar"><span style= |
| 15434 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 15435 | 8.4)</span></span></p> |
| 15436 | <div> |
| 15437 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15438 | height="14" align="left"> |
| 15439 | <tr> |
| 15440 | <td valign="top" align="left" height="14" style= |
| 15441 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15442 | <p class="TextFontCX" align="center" style= |
| 15443 | 'text-align:center;background:#CCCCCC'><span style= |
| 15444 | 'font-size:10.0pt'>m:</span><span class= |
| 15445 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 15446 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15447 | 'font-size:10.0pt'>unreachable</span></span></p> |
| 15448 | <p class="IndentText">Code is not reached on any possible |
| 15449 | execution.</p> |
| 15450 | <div> |
| 15451 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15452 | height="14" align="left"> |
| 15453 | <tr> |
| 15454 | <td valign="top" align="left" height="14" style= |
| 15455 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15456 | <p class="TextFontCX" align="center" style= |
| 15457 | 'text-align:center;background:#CCCCCC'><span style= |
| 15458 | 'font-size:10.0pt'>m:</span><span class= |
| 15459 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 15460 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15461 | 'font-size:10.0pt'>noeffect</span></span></p> |
| 15462 | <p class="IndentText">Statement has no effect.</p> |
| 15463 | <div> |
| 15464 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15465 | height="14" align="left"> |
| 15466 | <tr> |
| 15467 | <td valign="top" align="left" height="14" style= |
| 15468 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15469 | <p class="TextFontCX" align="center" style= |
| 15470 | 'text-align:center;background:#CCCCCC'><span style= |
| 15471 | 'font-size:10.0pt'>m:</span><span class= |
| 15472 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 15473 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15474 | 'font-size:10.0pt'>noeffect-uncon</span></span></p> |
| 15475 | <p class="IndentText">Statement involving call to unconstrained |
| 15476 | function may have no effect.</p> |
| 15477 | <div> |
| 15478 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15479 | height="14" align="left"> |
| 15480 | <tr> |
| 15481 | <td valign="top" align="left" height="14" style= |
| 15482 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15483 | <p class="TextFontCX" align="center" style= |
| 15484 | 'text-align:center;background:#CCCCCC'><span style= |
| 15485 | 'font-size:10.0pt'>m:</span><span class= |
| 15486 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 15487 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15488 | 'font-size:10.0pt'>noret</span></span></p> |
| 15489 | <p class="IndentText">There is a path with no <span class= |
| 15490 | "Keyword"><span style='font-size:10.0pt'>return</span></span> in a |
| 15491 | function declared to return a non-<span class= |
| 15492 | "Keyword"><span style='font-size:10.0pt'>void</span></span> |
| 15493 | value.</p> |
| 15494 | <p class="Heading10">Ignored Return Values <span class= |
| 15495 | "TextFontCXChar"><span style= |
| 15496 | 'font-size:11.0pt; font-weight:normal'>(Section</span></span> |
| 15497 | <span class="TextFontCXChar"><span style= |
| 15498 | 'font-size:11.0pt; font-weight:normal'>8.4.2</span></span><span class="TextFontCXChar"> |
| 15499 | <span style= |
| 15500 | 'font-size:11.0pt; font-weight:normal'>)</span></span></p> |
| 15501 | <p class="beforelist">These flags control when errors are reported |
| 15502 | for function calls that do not use the return value. Casting |
| 15503 | the function call to <span class="CodeText"><span style= |
| 15504 | 'font-size:10.0pt'>void</span></span> or declaring the called |
| 15505 | function to return <span class="Annot"><span style= |
| 15506 | 'font-size:10.0pt'>/*@alt void@*/</span></span>.</p> |
| 15507 | <div> |
| 15508 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15509 | height="14" align="left"> |
| 15510 | <tr> |
| 15511 | <td valign="top" align="left" height="14" style= |
| 15512 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15513 | <p class="TextFontCX" align="center" style= |
| 15514 | 'text-align:center;background:#CCCCCC'><span style= |
| 15515 | 'font-size:10.0pt'>m:</span><span class= |
| 15516 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 15517 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15518 | 'font-size:10.0pt'>ret-val-bool</span></span></p> |
| 15519 | <p class="IndentText">Return value of type <span class= |
| 15520 | "CodeText"><span style='font-size:10.0pt'>bool</span></span> |
| 15521 | ignored.</p> |
| 15522 | <div> |
| 15523 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15524 | height="14" align="left"> |
| 15525 | <tr> |
| 15526 | <td valign="top" align="left" height="14" style= |
| 15527 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15528 | <p class="TextFontCX" align="center" style= |
| 15529 | 'text-align:center;background:#CCCCCC'><span style= |
| 15530 | 'font-size:10.0pt'>m:</span><span class= |
| 15531 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 15532 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15533 | 'font-size:10.0pt'>ret-val-int</span></span></p> |
| 15534 | <p class="IndentText">Return value of type <span class= |
| 15535 | "CodeText"><span style='font-size:10.0pt'>int</span></span> |
| 15536 | ignored.</p> |
| 15537 | <div> |
| 15538 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15539 | height="14" align="left"> |
| 15540 | <tr> |
| 15541 | <td valign="top" align="left" height="14" style= |
| 15542 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15543 | <p class="TextFontCX" align="center" style= |
| 15544 | 'text-align:center;background:#CCCCCC'><span style= |
| 15545 | 'font-size:10.0pt'>m:</span><span class= |
| 15546 | "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div> |
| 15547 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15548 | 'font-size:10.0pt'>ret-val-other</span></span></p> |
| 15549 | <p class="IndentText">Return value of type other than |
| 15550 | <span class="CodeText"><span style= |
| 15551 | 'font-size:10.0pt'>bool</span></span> or <span class= |
| 15552 | "CodeText"><span style='font-size:10.0pt'>int</span></span> |
| 15553 | ignored.</p> |
| 15554 | <div> |
| 15555 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15556 | height="14" align="left"> |
| 15557 | <tr> |
| 15558 | <td valign="top" align="left" height="14" style= |
| 15559 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15560 | <p class="TextFontCX" align="center" style= |
| 15561 | 'text-align:center;background:#CCCCCC'><span style= |
| 15562 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 15563 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15564 | 'font-size:10.0pt'>ret-val</span></span></p> |
| 15565 | <p class="IndentText">Return value ignored (Sets <span class= |
| 15566 | "Flag"><span style='font-size:10.0pt'>retvalbool</span></span>, |
| 15567 | <span class="Flag"><span style= |
| 15568 | 'font-size:10.0pt'>retvalint</span></span>, <span class= |
| 15569 | "Flag"><span style= |
| 15570 | 'font-size:10.0pt'>retvalother</span></span>.)</p> |
| 15571 | |
| 15572 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 15573 | Memory Bounds <span class="HeadingNote"><span style= |
| 15574 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>(Section</span></span> |
| 15575 | <span class="HeadingNote"><span style= |
| 15576 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>9</span></span>) |
| 15577 | |
| 15578 | <div> |
| 15579 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15580 | height="14" align="left"> |
| 15581 | <tr> |
| 15582 | <td valign="top" align="left" height="14" style= |
| 15583 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15584 | <p class="TextFontCX" align="center" style= |
| 15585 | 'text-align:center;background:#CCCCCC'><span style= |
| 15586 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 15587 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15588 | 'font-size:10.0pt'>bounds</span></span></p> |
| 15589 | <p class="IndentText"> |
| 15590 | Memory read or write may be out of bounds of allocated storage |
| 15591 | (sets <span class= |
| 15592 | "Flag"><span style='font-size:10.0pt'>boundsread</span></span> |
| 15593 | and |
| 15594 | <span class="Flag"><span style= |
| 15595 | 'font-size:10.0pt'>boundswrite</span></span> |
| 15596 | </p> |
| 15597 | |
| 15598 | <div> |
| 15599 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15600 | height="14" align="left"> |
| 15601 | <tr> |
| 15602 | <td valign="top" align="left" height="14" style= |
| 15603 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15604 | <p class="TextFontCX" align="center" style= |
| 15605 | 'text-align:center;background:#CCCCCC'><span style= |
| 15606 | 'font-size:10.0pt'>m:</span><span class= |
| 15607 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 15608 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15609 | 'font-size:10.0pt'>boundsread</span></span></p> |
| 15610 | <p class="IndentText"> |
| 15611 | A memory read references memory beyond the allocated storage |
| 15612 | (also sets <span class= |
| 15613 | "Flag"><span style='font-size:10.0pt'>likelyboundsread</span></span>. |
| 15614 | </p> |
| 15615 | |
| 15616 | <div> |
| 15617 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15618 | height="14" align="left"> |
| 15619 | <tr> |
| 15620 | <td valign="top" align="left" height="14" style= |
| 15621 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15622 | <p class="TextFontCX" align="center" style= |
| 15623 | 'text-align:center;background:#CCCCCC'><span style= |
| 15624 | 'font-size:10.0pt'>m:</span><span class= |
| 15625 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 15626 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15627 | 'font-size:10.0pt'>boundswrite</span></span></p> |
| 15628 | <p class="IndentText"> |
| 15629 | A memory write may write to an address beyond the allocated buffer |
| 15630 | (also sets <span class= |
| 15631 | "Flag"><span style='font-size:10.0pt'>likelyboundswrite</span></span>. |
| 15632 | </p> |
| 15633 | |
| 15634 | <div> |
| 15635 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15636 | height="14" align="left"> |
| 15637 | <tr> |
| 15638 | <td valign="top" align="left" height="14" style= |
| 15639 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15640 | <p class="TextFontCX" align="center" style= |
| 15641 | 'text-align:center;background:#CCCCCC'><span style= |
| 15642 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 15643 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15644 | 'font-size:10.0pt'>likelybounds</span></span></p> |
| 15645 | <p class="IndentText"> |
| 15646 | Likely memory read or write is likely to be out of bounds of allocated storage |
| 15647 | (sets <span class= |
| 15648 | "Flag"><span style='font-size:10.0pt'>likelyboundsread</span></span> |
| 15649 | and |
| 15650 | <span class="Flag"><span style= |
| 15651 | 'font-size:10.0pt'>likelyboundswrite)</span></span> |
| 15652 | </p> |
| 15653 | |
| 15654 | |
| 15655 | <div> |
| 15656 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15657 | height="14" align="left"> |
| 15658 | <tr> |
| 15659 | <td valign="top" align="left" height="14" style= |
| 15660 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15661 | <p class="TextFontCX" align="center" style= |
| 15662 | 'text-align:center;background:#CCCCCC'><span style= |
| 15663 | 'font-size:10.0pt'>m:</span><span class= |
| 15664 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 15665 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15666 | 'font-size:10.0pt'>likelyboundsread</span></span></p> |
| 15667 | <p class="IndentText"> |
| 15668 | A likely memory read references memory beyond the allocated storage |
| 15669 | (also sets <span class= |
| 15670 | "Flag"><span style='font-size:10.0pt'>likelyboundsread</span></span>. |
| 15671 | </p> |
| 15672 | |
| 15673 | <div> |
| 15674 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15675 | height="14" align="left"> |
| 15676 | <tr> |
| 15677 | <td valign="top" align="left" height="14" style= |
| 15678 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15679 | <p class="TextFontCX" align="center" style= |
| 15680 | 'text-align:center;background:#CCCCCC'><span style= |
| 15681 | 'font-size:10.0pt'>m:</span><span class= |
| 15682 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 15683 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15684 | 'font-size:10.0pt'>likelyboundswrite</span></span></p> |
| 15685 | <p class="IndentText"> |
| 15686 | A memory write is likely to write to an address beyond the allocated buffer. |
| 15687 | </p> |
| 15688 | |
| 15689 | <div> |
| 15690 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15691 | height="14" align="left"> |
| 15692 | <tr> |
| 15693 | <td valign="top" align="left" height="14" style= |
| 15694 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15695 | <p class="TextFontCX" align="center" style= |
| 15696 | 'text-align:center;background:#CCCCCC'><span style= |
| 15697 | 'font-size:10.0pt'>m:</span><span class= |
| 15698 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 15699 | <p class="TextFontCX"><span class="Flag">fcnpost<span style= |
| 15700 | 'font-size:10.0pt'></span></span></p> |
| 15701 | <p class="IndentText"> |
| 15702 | Display function post conditions. |
| 15703 | </p> |
| 15704 | |
| 15705 | |
| 15706 | <div> |
| 15707 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15708 | height="14" align="left"> |
| 15709 | <tr> |
| 15710 | <td valign="top" align="left" height="14" style= |
| 15711 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15712 | <p class="TextFontCX" align="center" style= |
| 15713 | 'text-align:center;background:#CCCCCC'><span style= |
| 15714 | 'font-size:10.0pt'>m:</span><span class= |
| 15715 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 15716 | <p class="TextFontCX"><span class="Flag">redundantconstraints<span style= |
| 15717 | 'font-size:10.0pt'></span></span></p> |
| 15718 | <p class="IndentText"> |
| 15719 | Display seemingly redundant conditions. |
| 15720 | </p> |
| 15721 | <div> |
| 15722 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15723 | height="14" align="left"> |
| 15724 | <tr> |
| 15725 | <td valign="top" align="left" height="14" style= |
| 15726 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15727 | <p class="TextFontCX" align="center" style= |
| 15728 | 'text-align:center;background:#CCCCCC'><span style= |
| 15729 | 'font-size:10.0pt'>m:</span><span class= |
| 15730 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 15731 | <p class="TextFontCX"><span class="Flag">checkpost<span style= |
| 15732 | 'font-size:10.0pt'></span></span></p> |
| 15733 | <p class="IndentText"> |
| 15734 | The functions implementation may not satidfy a post condition given in an ensures clause. |
| 15735 | </p> |
| 15736 | |
| 15737 | |
| 15738 | <div> |
| 15739 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15740 | height="14" align="left"> |
| 15741 | <tr> |
| 15742 | <td valign="top" align="left" height="14" style= |
| 15743 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15744 | <p class="TextFontCX" align="center" style= |
| 15745 | 'text-align:center;background:#CCCCCC'><span style= |
| 15746 | 'font-size:10.0pt'>P-</span><span class= |
| 15747 | "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div> |
| 15748 | <p class="TextFontCX"><span class="Flag">showconstraintparens<span style= |
| 15749 | 'font-size:10.0pt'></span></span></p> |
| 15750 | <p class="IndentText"> |
| 15751 | Display parentheses around constraint terms. |
| 15752 | </p> |
| 15753 | <div> |
| 15754 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15755 | height="14" align="left"> |
| 15756 | <tr> |
| 15757 | <td valign="top" align="left" height="14" style= |
| 15758 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15759 | <p class="TextFontCX" align="center" style= |
| 15760 | 'text-align:center;background:#CCCCCC'><span style= |
| 15761 | 'font-size:10.0pt'>P+</span><span class= |
| 15762 | "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div> |
| 15763 | <p class="TextFontCX"><span class="Flag">showconstraintlocation<span style= |
| 15764 | 'font-size:10.0pt'></span></span></p> |
| 15765 | <p class="IndentText"> |
| 15766 | Display location for every constraint generated. |
| 15767 | </p> |
| 15768 | <br> |
| 15769 | <p class="beforelist"> |
| 15770 | The following flags are mainly of interest to Splint developers. The default values are adequate in normal use. They are included for completeness. |
| 15771 | </p> |
| 15772 | |
| 15773 | <div> |
| 15774 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15775 | height="14" align="left"> |
| 15776 | <tr> |
| 15777 | <td valign="top" align="left" height="14" style= |
| 15778 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15779 | <p class="TextFontCX" align="center" style= |
| 15780 | 'text-align:center;background:#CCCCCC'><span style= |
| 15781 | 'font-size:10.0pt'>P-</span><span class= |
| 15782 | "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div> |
| 15783 | <p class="TextFontCX"><span class="Flag"> |
| 15784 | debugfcnconstraint |
| 15785 | <span style='font-size:10.0pt'></span></span></p> |
| 15786 | <p class="IndentText"> |
| 15787 | Perform buffer overflow checking even if the errors would be inhibited. |
| 15788 | </p> |
| 15789 | |
| 15790 | |
| 15791 | |
| 15792 | <div> |
| 15793 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15794 | height="14" align="left"> |
| 15795 | <tr> |
| 15796 | <td valign="top" align="left" height="14" style= |
| 15797 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15798 | <p class="TextFontCX" align="center" style= |
| 15799 | 'text-align:center;background:#CCCCCC'><span style= |
| 15800 | 'font-size:10.0pt'>P-</span><span class= |
| 15801 | "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div> |
| 15802 | <p class="TextFontCX"><span class="Flag"> |
| 15803 | implictconstraints |
| 15804 | <span style='font-size:10.0pt'></span></span></p> |
| 15805 | <p class="IndentText"> |
| 15806 | Generate implicit constraints for functions. This is an experimental option. |
| 15807 | Currently this option reduces the number of bounds errors but causes real error to be missed. |
| 15808 | </p> |
| 15809 | |
| 15810 | |
| 15811 | <div> |
| 15812 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15813 | height="14" align="left"> |
| 15814 | <tr> |
| 15815 | <td valign="top" align="left" height="14" style= |
| 15816 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15817 | <p class="TextFontCX" align="center" style= |
| 15818 | 'text-align:center;background:#CCCCCC'><span style= |
| 15819 | 'font-size:10.0pt'>P-</span><span class= |
| 15820 | "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div> |
| 15821 | <p class="TextFontCX"><span class="Flag"> |
| 15822 | orconstraint |
| 15823 | <span style='font-size:10.0pt'></span></span></p> |
| 15824 | <p class="IndentText"> |
| 15825 | This flags affects the internal constraint resolution.  If set, the internal constraint resolution is more accurate.  The performance impact is minimal so there is little reason not to have this flag set.</p> |
| 15826 | |
| 15827 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 15828 | Extensible Checking <span class="HeadingNote"><span style= |
| 15829 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>(Section</span></span> |
| 15830 | <span class="HeadingNote"><span style= |
| 15831 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>13</span></span><span class="HeadingNote"> |
| 15832 | <span style= |
| 15833 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>)</span></span></p> |
| 15834 | |
| 15835 | |
| 15836 | <div> |
| 15837 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15838 | height="14" align="left"> |
| 15839 | <tr> |
| 15840 | <td valign="top" align="left" height="14" style= |
| 15841 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15842 | <p class="TextFontCX" align="center" style= |
| 15843 | 'text-align:center;background:#CCCCCC'><span style= |
| 15844 | 'font-size:10.0pt'>P-</span><span class= |
| 15845 | "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div> |
| 15846 | <p class="TextFontCX"><span class="Flag"> |
| 15847 | mts <filename> |
| 15848 | <span style='font-size:10.0pt'></span></span></p> |
| 15849 | <p class="IndentText"> |
| 15850 | Load meta state declaration and corresponding xh file. |
| 15851 | </p> |
| 15852 | |
| 15853 | |
| 15854 | <div> |
| 15855 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15856 | height="14" align="left"> |
| 15857 | <tr> |
| 15858 | <td valign="top" align="left" height="14" style= |
| 15859 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15860 | <p class="TextFontCX" align="center" style= |
| 15861 | 'text-align:center;background:#CCCCCC'><span style= |
| 15862 | 'font-size:10.0pt'>m:</span><span class= |
| 15863 | "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div> |
| 15864 | <p class="TextFontCX"><span class="Flag"> |
| 15865 | statetransfer |
| 15866 | <span style='font-size:10.0pt'></span></span></p> |
| 15867 | <p class="IndentText"> |
| 15868 | Transfer violates user-defined state rules. |
| 15869 | </p> |
| 15870 | |
| 15871 | |
| 15872 | <div> |
| 15873 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15874 | height="14" align="left"> |
| 15875 | <tr> |
| 15876 | <td valign="top" align="left" height="14" style= |
| 15877 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15878 | <p class="TextFontCX" align="center" style= |
| 15879 | 'text-align:center;background:#CCCCCC'><span style= |
| 15880 | 'font-size:10.0pt'>m:</span><span class= |
| 15881 | "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div> |
| 15882 | <p class="TextFontCX"><span class="Flag"> |
| 15883 | statemerge |
| 15884 | <span style='font-size:10.0pt'></span></span></p> |
| 15885 | <p class="IndentText"> |
| 15886 | Control path merge violates user-defined state merge rules. |
| 15887 | </p> |
| 15888 | |
| 15889 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 15890 | Completeness <span class="HeadingNote"><span style= |
| 15891 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>(Section</span></span> |
| 15892 | <span class="HeadingNote"><span style= |
| 15893 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>13</span></span><span class="HeadingNote"> |
| 15894 | <span style= |
| 15895 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>)</span></span></p> |
| 15896 | <p class="Heading10">Unused Declarations <span class= |
| 15897 | "HeadingNote"><span style= |
| 15898 | 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span> |
| 15899 | <span class="HeadingNote"><span style= |
| 15900 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>13.1</span></span><span class="HeadingNote"> |
| 15901 | <span style= |
| 15902 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>)</span></span></p> |
| 15903 | <p class="beforelist">These flags control when errors are reported |
| 15904 | for declarations that are never used. The <span class= |
| 15905 | "Annot"><span style='font-size:10.0pt'>unused</span></span> |
| 15906 | annotation can be used to prevent unused errors from being report |
| 15907 | for a particular declaration.</p> |
| 15908 | <div> |
| 15909 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15910 | height="14" align="left"> |
| 15911 | <tr> |
| 15912 | <td valign="top" align="left" height="14" style= |
| 15913 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15914 | <p class="TextFontCX" align="center" style= |
| 15915 | 'text-align:center;background:#CCCCCC'><span style= |
| 15916 | 'font-size:10.0pt'>m:</span><span class= |
| 15917 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 15918 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15919 | 'font-size:10.0pt'>top-use</span></span></p> |
| 15920 | <p class="IndentText">An external declaration is not used in any |
| 15921 | file.</p> |
| 15922 | <div> |
| 15923 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15924 | height="14" align="left"> |
| 15925 | <tr> |
| 15926 | <td valign="top" align="left" height="14" style= |
| 15927 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15928 | <p class="TextFontCX" align="center" style= |
| 15929 | 'text-align:center;background:#CCCCCC'><span style= |
| 15930 | 'font-size:10.0pt'>m:</span><span class= |
| 15931 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 15932 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15933 | 'font-size:10.0pt'>const-use</span></span></p> |
| 15934 | <p class="IndentText">Constant never used.</p> |
| 15935 | <div> |
| 15936 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15937 | height="14" align="left"> |
| 15938 | <tr> |
| 15939 | <td valign="top" align="left" height="14" style= |
| 15940 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15941 | <p class="TextFontCX" align="center" style= |
| 15942 | 'text-align:center;background:#CCCCCC'><span style= |
| 15943 | 'font-size:10.0pt'>m:</span><span class= |
| 15944 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 15945 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15946 | 'font-size:10.0pt'>enum-mem-use</span></span></p> |
| 15947 | <p class="IndentText">Member of enumerator never used.</p> |
| 15948 | <div> |
| 15949 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15950 | height="14" align="left"> |
| 15951 | <tr> |
| 15952 | <td valign="top" align="left" height="14" style= |
| 15953 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15954 | <p class="TextFontCX" align="center" style= |
| 15955 | 'text-align:center;background:#CCCCCC'><span style= |
| 15956 | 'font-size:10.0pt'>m:</span><span class= |
| 15957 | "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div> |
| 15958 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15959 | 'font-size:10.0pt'>var-use</span></span></p> |
| 15960 | <p class="IndentText">Variable never used.</p> |
| 15961 | <div> |
| 15962 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15963 | height="14" align="left"> |
| 15964 | <tr> |
| 15965 | <td valign="top" align="left" height="14" style= |
| 15966 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15967 | <p class="TextFontCX" align="center" style= |
| 15968 | 'text-align:center;background:#CCCCCC'><span style= |
| 15969 | 'font-size:10.0pt'>m:</span><span class= |
| 15970 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 15971 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15972 | 'font-size:10.0pt'>param-use</span></span></p> |
| 15973 | <p class="IndentText">Function parameter never used.</p> |
| 15974 | <div> |
| 15975 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15976 | height="14" align="left"> |
| 15977 | <tr> |
| 15978 | <td valign="top" align="left" height="14" style= |
| 15979 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15980 | <p class="TextFontCX" align="center" style= |
| 15981 | 'text-align:center;background:#CCCCCC'><span style= |
| 15982 | 'font-size:10.0pt'>m:</span><span class= |
| 15983 | "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div> |
| 15984 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15985 | 'font-size:10.0pt'>fcn-use</span></span></p> |
| 15986 | <p class="IndentText">Function is never used.</p> |
| 15987 | <div> |
| 15988 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 15989 | height="14" align="left"> |
| 15990 | <tr> |
| 15991 | <td valign="top" align="left" height="14" style= |
| 15992 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 15993 | <p class="TextFontCX" align="center" style= |
| 15994 | 'text-align:center;background:#CCCCCC'><span style= |
| 15995 | 'font-size:10.0pt'>m:</span><span class= |
| 15996 | "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div> |
| 15997 | <p class="TextFontCX"><span class="Flag"><span style= |
| 15998 | 'font-size:10.0pt'>type-use</span></span></p> |
| 15999 | <p class="IndentText">Defined type never used.</p> |
| 16000 | <div> |
| 16001 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16002 | height="14" align="left"> |
| 16003 | <tr> |
| 16004 | <td valign="top" align="left" height="14" style= |
| 16005 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16006 | <p class="TextFontCX" align="center" style= |
| 16007 | 'text-align:center;background:#CCCCCC'><span style= |
| 16008 | 'font-size:10.0pt'>m:</span><span class= |
| 16009 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 16010 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16011 | 'font-size:10.0pt'>field-use</span></span></p> |
| 16012 | <p class="IndentText">Field of structure or union type is never |
| 16013 | used.</p> |
| 16014 | <div> |
| 16015 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16016 | height="14" align="left"> |
| 16017 | <tr> |
| 16018 | <td valign="top" align="left" height="14" style= |
| 16019 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16020 | <p class="TextFontCX" align="center" style= |
| 16021 | 'text-align:center;background:#CCCCCC'><span style= |
| 16022 | 'font-size:10.0pt'>m:</span><span class= |
| 16023 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 16024 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16025 | 'font-size:10.0pt'>unused-special</span></span></p> |
| 16026 | <p class="IndentText">Declaration in a special file (corresponding |
| 16027 | to <span class="ProgramNameChar">.l</span> or <span class= |
| 16028 | "ProgramNameChar">.y</span> file) is unused.</p> |
| 16029 | <p class="Heading10">Complete Programs <span class= |
| 16030 | "TextFontCXChar"><span style= |
| 16031 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 16032 | 13.2)</span></span></p> |
| 16033 | <div> |
| 16034 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16035 | height="14" align="left"> |
| 16036 | <tr> |
| 16037 | <td valign="top" align="left" height="14" style= |
| 16038 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16039 | <p class="TextFontCX" align="center" style= |
| 16040 | 'text-align:center;background:#CCCCCC'><span style= |
| 16041 | 'font-size:10.0pt'>m:</span><span class= |
| 16042 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 16043 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16044 | 'font-size:10.0pt'>decl-undef</span></span></p> |
| 16045 | <p class="IndentText">Function, variable, iterator or constant |
| 16046 | declared but never defined.</p> |
| 16047 | <div> |
| 16048 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16049 | height="14" align="left"> |
| 16050 | <tr> |
| 16051 | <td valign="top" align="left" height="14" style= |
| 16052 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16053 | <p class="TextFontCX" align="center" style= |
| 16054 | 'text-align:center;background:#CCCCCC'><span style= |
| 16055 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 16056 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16057 | 'font-size:10.0pt'>partial</span></span></p> |
| 16058 | <p class="IndentText">Check as partial system (sets |
| 16059 | <span class="Flag"><span style= |
| 16060 | 'font-size:10.0pt'>-decl-undef</span></span>, <span class= |
| 16061 | "Flag"><span style= |
| 16062 | 'font-size:10.0pt'>-export-local</span></span> and |
| 16063 | prevents checking of macros in headers without corresponding |
| 16064 | <span class="ProgramNameChar">.c</span> files.)</p> |
| 16065 | <p class="Heading10">Exports</p> |
| 16066 | <div> |
| 16067 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16068 | height="14" align="left"> |
| 16069 | <tr> |
| 16070 | <td valign="top" align="left" height="14" style= |
| 16071 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16072 | <p class="TextFontCX" align="center" style= |
| 16073 | 'text-align:center;background:#CCCCCC'><span style= |
| 16074 | 'font-size:10.0pt'>m:</span><span class= |
| 16075 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 16076 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16077 | 'font-size:10.0pt'>export-local</span></span></p> |
| 16078 | <p class="IndentText">A declaration is exported but not used |
| 16079 | outside this module. (Declaration can use the |
| 16080 | <span class="CodeText"><span style= |
| 16081 | 'font-size: 10.0pt'>static</span></span> qualifier.)</p> |
| 16082 | <div> |
| 16083 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16084 | height="14" align="left"> |
| 16085 | <tr> |
| 16086 | <td valign="top" align="left" height="14" style= |
| 16087 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16088 | <p class="TextFontCX" align="center" style= |
| 16089 | 'text-align:center;background:#CCCCCC'><span style= |
| 16090 | 'font-size:10.0pt'>m:</span><span class= |
| 16091 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 16092 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16093 | 'font-size:10.0pt'>export-header</span></span></p> |
| 16094 | <p class="IndentText">A declaration (other than a variable) is |
| 16095 | exported but does not appear in a header file.</p> |
| 16096 | <div> |
| 16097 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16098 | height="14" align="left"> |
| 16099 | <tr> |
| 16100 | <td valign="top" align="left" height="14" style= |
| 16101 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16102 | <p class="TextFontCX" align="center" style= |
| 16103 | 'text-align:center;background:#CCCCCC'><span style= |
| 16104 | 'font-size:10.0pt'>m:</span><span class= |
| 16105 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 16106 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16107 | 'font-size:10.0pt'>export-header-var</span></span></p> |
| 16108 | <p class="IndentText">A variable declaration is exported but does |
| 16109 | not appear in a header file.</p> |
| 16110 | <p class="Heading10">Unrecognized Identifiers</p> |
| 16111 | <div> |
| 16112 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16113 | height="14" align="left"> |
| 16114 | <tr> |
| 16115 | <td valign="top" align="left" height="14" style= |
| 16116 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16117 | <p class="TextFontCX" align="center" style= |
| 16118 | 'text-align:center;background:#CCCCCC'><span style= |
| 16119 | 'font-size:10.0pt'>P:</span> <span class= |
| 16120 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16121 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16122 | 'font-size:10.0pt'>unrecog</span></span></p> |
| 16123 | <p class="IndentText">An unrecognized identifier is used.</p> |
| 16124 | <div> |
| 16125 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16126 | height="14" align="left"> |
| 16127 | <tr> |
| 16128 | <td valign="top" align="left" height="14" style= |
| 16129 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16130 | <p class="TextFontCX" align="center" style= |
| 16131 | 'text-align:center;background:#CCCCCC'><span style= |
| 16132 | 'font-size:10.0pt'>P:</span> <span class= |
| 16133 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16134 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16135 | 'font-size:10.0pt'>sys-unrecog</span></span></p> |
| 16136 | <p class="IndentText">Report unrecognized identifiers that start |
| 16137 | with the system prefix, <span class="Keyword"><span style= |
| 16138 | 'font-size:10.0pt'>__</span></span> (two underscores).</p> |
| 16139 | <div> |
| 16140 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16141 | height="14" align="left"> |
| 16142 | <tr> |
| 16143 | <td valign="top" align="left" height="14" style= |
| 16144 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16145 | <p class="TextFontCX" align="center" style= |
| 16146 | 'text-align:center;background:#CCCCCC'><span style= |
| 16147 | 'font-size:10.0pt'>P:</span> <span class= |
| 16148 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 16149 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16150 | 'font-size:10.0pt'>repeat-unrecog</span></span></p> |
| 16151 | <p class="IndentText">Report multiple messages for unrecognized |
| 16152 | identifiers. If <span class="Flag"><span style= |
| 16153 | 'font-size:10.0pt'>repeatunrecog</span></span> is not set, an error |
| 16154 | is reported only the first time a particular unrecognized |
| 16155 | identifier appears in the file.</p> |
| 16156 | <p class="Heading10">Multiple Definition and Declarations</p> |
| 16157 | <div> |
| 16158 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16159 | height="14" align="left"> |
| 16160 | <tr> |
| 16161 | <td valign="top" align="left" height="14" style= |
| 16162 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16163 | <p class="TextFontCX" align="center" style= |
| 16164 | 'text-align:center;background:#CCCCCC'><span style= |
| 16165 | 'font-size:10.0pt'>P:</span> <span class= |
| 16166 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16167 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16168 | 'font-size:10.0pt'>redef</span></span></p> |
| 16169 | <p class="IndentText">A function or variable is defined more than |
| 16170 | once.</p> |
| 16171 | <div> |
| 16172 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16173 | height="14" align="left"> |
| 16174 | <tr> |
| 16175 | <td valign="top" align="left" height="14" style= |
| 16176 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16177 | <p class="TextFontCX" align="center" style= |
| 16178 | 'text-align:center;background:#CCCCCC'><span style= |
| 16179 | 'font-size:10.0pt'>m:</span><span class= |
| 16180 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 16181 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16182 | 'font-size:10.0pt'>redecl</span></span></p> |
| 16183 | <p class="IndentText">An identifier is declared more than once.</p> |
| 16184 | <div> |
| 16185 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16186 | height="14" align="left"> |
| 16187 | <tr> |
| 16188 | <td valign="top" align="left" height="14" style= |
| 16189 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16190 | <p class="TextFontCX" align="center" style= |
| 16191 | 'text-align:center;background:#CCCCCC'><span style= |
| 16192 | 'font-size:10.0pt'>m:</span><span class= |
| 16193 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 16194 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16195 | 'font-size:10.0pt'>nested-extern</span></span></p> |
| 16196 | <p class="IndentText">An <span class="Keyword"><span style= |
| 16197 | 'font-size:10.0pt'>extern</span></span> declaration is used inside |
| 16198 | a function body.</p> |
| 16199 | <p class="Heading10">ISO Conformance</p> |
| 16200 | <div> |
| 16201 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16202 | height="14" align="left"> |
| 16203 | <tr> |
| 16204 | <td valign="top" align="left" height="14" style= |
| 16205 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16206 | <p class="TextFontCX" align="center" style= |
| 16207 | 'text-align:center;background:#CCCCCC'><span style= |
| 16208 | 'font-size:10.0pt'>m:</span><span class= |
| 16209 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 16210 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16211 | 'font-size:10.0pt'>noparams</span></span></p> |
| 16212 | <p class="IndentText">A function is declared without a parameter |
| 16213 | list prototype.</p> |
| 16214 | <div> |
| 16215 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16216 | height="14" align="left"> |
| 16217 | <tr> |
| 16218 | <td valign="top" align="left" height="14" style= |
| 16219 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16220 | <p class="TextFontCX" align="center" style= |
| 16221 | 'text-align:center;background:#CCCCCC'><span style= |
| 16222 | 'font-size:10.0pt'>m:</span><span class= |
| 16223 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 16224 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16225 | 'font-size:10.0pt'>old-style</span></span></p> |
| 16226 | <p class="IndentText">Function definition is in old style |
| 16227 | syntax. Standard prototype syntax is preferred.</p> |
| 16228 | <div> |
| 16229 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16230 | height="14" align="left"> |
| 16231 | <tr> |
| 16232 | <td valign="top" align="left" height="14" style= |
| 16233 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16234 | <p class="TextFontCX" align="center" style= |
| 16235 | 'text-align:center;background:#CCCCCC'><span style= |
| 16236 | 'font-size:10.0pt'>m:</span><span class= |
| 16237 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 16238 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16239 | 'font-size:10.0pt'>exit-arg</span></span></p> |
| 16240 | <p class="IndentText">Argument to <span class= |
| 16241 | "CodeText"><span style= |
| 16242 | 'font-size: 10.0pt'>exit</span></span> has implementation |
| 16243 | defined behavior. The only valid arguments to |
| 16244 | <span class="CodeText"><span style= |
| 16245 | 'font-size:10.0pt'>exit</span></span> are <span class= |
| 16246 | "CodeText"><span style= |
| 16247 | 'font-size:10.0pt'>EXIT_SUCCESS</span></span>, <span class= |
| 16248 | "CodeText"><span style= |
| 16249 | 'font-size:10.0pt'>EXIT_FAILURE</span></span> and |
| 16250 | <span class="CodeText"><span style= |
| 16251 | 'font-size:10.0pt'>0</span></span>. An error is |
| 16252 | reported if Splint can determine statically that the argument |
| 16253 | to <span class="CodeText"><span style= |
| 16254 | 'font-size:10.0pt'>exit</span></span> is not one of |
| 16255 | these.</p> |
| 16256 | <div> |
| 16257 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16258 | height="14" align="left"> |
| 16259 | <tr> |
| 16260 | <td valign="top" align="left" height="14" style= |
| 16261 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16262 | <p class="TextFontCX" align="center" style= |
| 16263 | 'text-align:center;background:#CCCCCC'><span style= |
| 16264 | 'font-size:10.0pt'>P:</span> <span class= |
| 16265 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16266 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16267 | 'font-size:10.0pt'>use-varargs</span></span></p> |
| 16268 | <p class="IndentText">Report if <span class= |
| 16269 | "CodeText"><span style='font-size:10.0pt'><varargs.h></span></span> |
| 16270 | is used (should use <span class= |
| 16271 | "ProgramNameChar"><span style='font-size:10.0pt'>stdarg.h</span></span>).</p> |
| 16272 | <p class="Heading10">Limits</p> |
| 16273 | <p class="beforelist">The ANSI Standard includes limits on minimum |
| 16274 | numbers that a conforming compiler must support. Whether of |
| 16275 | not a particular compiler exceeds these limits, it is worth |
| 16276 | checking that a program does not exceed them so that other |
| 16277 | compilers may safely compile it. In addition, exceeding a |
| 16278 | limit may indicate a problem in the code (e.g., it is too complex |
| 16279 | if the control nest depth limit is exceeded) that should be fixed |
| 16280 | regardless of the compiler. Splint checks the following |
| 16281 | limits. For each limit, the maximum value may be set from the |
| 16282 | command line (or locally using a stylized comment). The |
| 16283 | minimum limits were increased for the ISO C99 specification. |
| 16284 | If the <span class="Flag"><span style= |
| 16285 | 'font-size:10.0pt'>iso99-limits</span></span> flag is used, all |
| 16286 | limits are checked with the minimum values of an ISO C99 conforming |
| 16287 | compiler. If the <span class="Flag"><span style= |
| 16288 | 'font-size:10.0pt'>ansi89-limits</span></span> flag is used, all |
| 16289 | limits are checked with the minimum values of an ANSI C89 |
| 16290 | conforming compiler.</p> |
| 16291 | <div> |
| 16292 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16293 | height="14" align="left"> |
| 16294 | <tr> |
| 16295 | <td valign="top" align="left" height="14" style= |
| 16296 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16297 | <p class="TextFontCX" align="center" style= |
| 16298 | 'text-align:center;background:#CCCCCC'><span style= |
| 16299 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 16300 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16301 | 'font-size:10.0pt'>ansi89-limits</span></span></p> |
| 16302 | <p class="IndentText">Check for violations of minimum limits |
| 16303 | prescribed by ANSI C89 standard (sets <span class= |
| 16304 | "Flag"><span style= |
| 16305 | 'font-size:10.0pt'>control-nest-depth</span></span>, |
| 16306 | <span class="Flag"><span style= |
| 16307 | 'font-size:10.0pt'>string-literal-len</span></span>, |
| 16308 | <span class="Flag"><span style= |
| 16309 | 'font-size:10.0pt'>include-nest</span></span>, <span class= |
| 16310 | "Flag"><span style= |
| 16311 | 'font-size:10.0pt'>num-struct-fields</span></span>, and |
| 16312 | <span class="Flag"><span style= |
| 16313 | 'font-size:10.0pt'>num-enum-members</span></span>).</p> |
| 16314 | <div> |
| 16315 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16316 | height="14" align="left"> |
| 16317 | <tr> |
| 16318 | <td valign="top" align="left" height="14" style= |
| 16319 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16320 | <p class="TextFontCX" align="center" style= |
| 16321 | 'text-align:center;background:#CCCCCC'><span style= |
| 16322 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 16323 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16324 | 'font-size:10.0pt'>iso99-limits</span></span></p> |
| 16325 | <p class="IndentText">Check for violations of minimum limits |
| 16326 | prescribed by ISO C99 standard (sets <span class= |
| 16327 | "Flag"><span style= |
| 16328 | 'font-size:10.0pt'>control-nest-depth</span></span>, |
| 16329 | <span class="Flag"><span style= |
| 16330 | 'font-size:10.0pt'>string-literal-len</span></span>, |
| 16331 | <span class="Flag"><span style= |
| 16332 | 'font-size:10.0pt'>include-nest</span></span>, <span class= |
| 16333 | "Flag"><span style= |
| 16334 | 'font-size:10.0pt'>num-struct-fields</span></span>, and |
| 16335 | <span class="Flag"><span style= |
| 16336 | 'font-size:10.0pt'>num-enum-members</span></span>).</p> |
| 16337 | |
| 16338 | <div> |
| 16339 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16340 | height="14" align="left"> |
| 16341 | <tr> |
| 16342 | <td valign="top" align="left" height="14" style= |
| 16343 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16344 | <p class="TextFontCX" align="center" style= |
| 16345 | 'text-align:center;background:#CCCCCC'><span style= |
| 16346 | 'font-size:10.0pt'>m:</span><span class= |
| 16347 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 16348 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16349 | 'font-size:10.0pt'>control-nest-depth</span></span><span class="Flag"> |
| 16350 | <span style= |
| 16351 | 'font-size:10.0pt'> <i><number></i></span></span></p> |
| 16352 | <p class="IndentText">Set maximum nesting depth of compound |
| 16353 | statements, iteration control structures, and selection control |
| 16354 | structures (ISO C99 minimum is 63; ANSI C89 minimum is 15).</p> |
| 16355 | <div> |
| 16356 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16357 | height="14" align="left"> |
| 16358 | <tr> |
| 16359 | <td valign="top" align="left" height="14" style= |
| 16360 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16361 | <p class="TextFontCX" align="center" style= |
| 16362 | 'text-align:center;background:#CCCCCC'><span style= |
| 16363 | 'font-size:10.0pt'>m:</span><span class= |
| 16364 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 16365 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16366 | 'font-size:10.0pt'>string-literal-len</span></span><span class="Flag"> |
| 16367 | <span style= |
| 16368 | 'font-size:10.0pt'> <i><number></i></span></span></p> |
| 16369 | <p class="IndentText">Set maximum length of string literals (ISO |
| 16370 | C99 minimum is 4095; ANSI C89 minimum is 509).</p> |
| 16371 | <div> |
| 16372 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16373 | height="14" align="left"> |
| 16374 | <tr> |
| 16375 | <td valign="top" align="left" height="14" style= |
| 16376 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16377 | <p class="TextFontCX" align="center" style= |
| 16378 | 'text-align:center;background:#CCCCCC'><span style= |
| 16379 | 'font-size:10.0pt'>m:</span><span class= |
| 16380 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 16381 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16382 | 'font-size:10.0pt'>num-struct-fields</span></span><span class="Flag"> |
| 16383 | <span style= |
| 16384 | 'font-size:10.0pt'> <i><number></i></span></span></p> |
| 16385 | <p class="IndentText">Set maximum number of fields in a |
| 16386 | <span class="CodeText"><span style= |
| 16387 | 'font-size:10.0pt'>struct</span></span> or <span class= |
| 16388 | "CodeText"><span style='font-size:10.0pt'>union</span></span> |
| 16389 | (ISO C99 minimum is 1023; ANSI minimum is 127).</p> |
| 16390 | <div> |
| 16391 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16392 | height="14" align="left"> |
| 16393 | <tr> |
| 16394 | <td valign="top" align="left" height="14" style= |
| 16395 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16396 | <p class="TextFontCX" align="center" style= |
| 16397 | 'text-align:center;background:#CCCCCC'><span style= |
| 16398 | 'font-size:10.0pt'>m:</span><span class= |
| 16399 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 16400 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16401 | 'font-size:10.0pt'>num-enum-members</span></span><span class= |
| 16402 | "Flag"><span style= |
| 16403 | 'font-size:10.0pt'> <i><number></i></span></span></p> |
| 16404 | <p class="IndentText">Set maximum number of members of an |
| 16405 | <span class="CodeText"><span style= |
| 16406 | 'font-size:10.0pt'>enum</span></span> type (ISO C99 minimum is |
| 16407 | 1023; ANSI minimum is 127).</p> |
| 16408 | <div> |
| 16409 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16410 | height="14" align="left"> |
| 16411 | <tr> |
| 16412 | <td valign="top" align="left" height="14" style= |
| 16413 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16414 | <p class="TextFontCX" align="center" style= |
| 16415 | 'text-align:center;background:#CCCCCC'><span style= |
| 16416 | 'font-size:10.0pt'>m:</span><span class= |
| 16417 | "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div> |
| 16418 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16419 | 'font-size:10.0pt'>include-nest</span></span><span class= |
| 16420 | "Flag"><span style= |
| 16421 | 'font-size:10.0pt'> <i><number></i></span></span></p> |
| 16422 | <p class="IndentText">Set maximum number of nested |
| 16423 | <span class="CodeText"><span style= |
| 16424 | 'font-size:10.0pt'>#include</span></span> files (ISO C99 |
| 16425 | minimum is 63; ANSI minimum is 8).</p> |
| 16426 | <p class="Heading10">Header Inclusion <a name= |
| 16427 | "_Ref344793948"><span class="TextFontCXChar"><span style= |
| 16428 | 'font-size:11.0pt; font-weight:normal'>(Section</span></span></a> |
| 16429 | <span class="TextFontCXChar"><span style= |
| 16430 | 'font-size:11.0pt; font-weight:normal'>14.3</span></span><span class="TextFontCXChar"> |
| 16431 | <span style= |
| 16432 | 'font-size:11.0pt; font-weight:normal'>)</span></span></p> |
| 16433 | <div> |
| 16434 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16435 | height="14" align="left"> |
| 16436 | <tr> |
| 16437 | <td valign="top" align="left" height="14" style= |
| 16438 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16439 | <p class="TextFontCX" align="center" style= |
| 16440 | 'text-align:center;background:#CCCCCC'><span style= |
| 16441 | 'font-size:10.0pt'>P:</span> <span class= |
| 16442 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16443 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16444 | 'font-size:10.0pt'>skip-ansi-headers</span></span></p> |
| 16445 | <p class="IndentText">Prevent inclusion of header files in a system |
| 16446 | directory with names that match standard ANSI headers. The |
| 16447 | symbolic information in the standard library is used instead. |
| 16448 | Flag in effect only if a library that includes the standard library is |
| 16449 | used. The ANSI headers are: <span class= |
| 16450 | "CodeText"><span style='font-size:10.0pt'>assert</span></span>, |
| 16451 | <span class= |
| 16452 | "CodeText"><span style='font-size:10.0pt'>ctype</span></span>, |
| 16453 | <span class="CodeText"><span style= |
| 16454 | 'font-size:10.0pt'>errno</span></span>, |
| 16455 | <span class="CodeText"><span style= |
| 16456 | 'font-size:10.0pt'>float</span></span>, |
| 16457 | <span class= |
| 16458 | "CodeText"><span style='font-size:10.0pt'>limits</span></span>, |
| 16459 | <span class="CodeText"><span style= |
| 16460 | 'font-size:10.0pt'>locale</span></span>, <span class= |
| 16461 | "CodeText"><span style='font-size:10.0pt'>math</span></span>, |
| 16462 | <span class="CodeText"><span style= |
| 16463 | 'font-size:10.0pt'>setjmp</span></span>, <span class= |
| 16464 | "CodeText"><span style='font-size:10.0pt'>signal</span></span>, |
| 16465 | <span class="CodeText"><span style= |
| 16466 | 'font-size:10.0pt'>stdarg</span></span>, |
| 16467 | <span class="CodeText"><span style= |
| 16468 | 'font-size:10.0pt'>stddef</span></span>, <span class= |
| 16469 | "CodeText"><span style='font-size:10.0pt'>stdio</span></span>, |
| 16470 | <span class="CodeText"><span style= |
| 16471 | 'font-size:10.0pt'>stdlib</span></span>, |
| 16472 | <span class= |
| 16473 | "CodeText"><span style='font-size:10.0pt'>strings</span></span>, |
| 16474 | <span class= |
| 16475 | "CodeText"><span style='font-size:10.0pt'>string</span></span>, |
| 16476 | <span class= |
| 16477 | "CodeText"><span style='font-size:10.0pt'>time</span></span>, |
| 16478 | and <span class="CodeText"><span style= |
| 16479 | 'font-size:10.0pt'>wchar</span></span>. |
| 16480 | </p> |
| 16481 | |
| 16482 | <div> |
| 16483 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16484 | height="14" align="left"> |
| 16485 | <tr> |
| 16486 | <td valign="top" align="left" height="14" style= |
| 16487 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16488 | <p class="TextFontCX" align="center" style= |
| 16489 | 'text-align:center;background:#CCCCCC'><span style= |
| 16490 | 'font-size:10.0pt'>P:</span> <span class= |
| 16491 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16492 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16493 | 'font-size:10.0pt'>skip-iso-headers</span></span></p> |
| 16494 | <p class="IndentText">Prevent inclusion of header files in a system |
| 16495 | directory with names that match standard ISO C99 headers. The |
| 16496 | symbolic information in the standard library is used instead. |
| 16497 | In effect only if a library that includes the standard library is |
| 16498 | used. The ISO C99 headers are: <span class= |
| 16499 | "CodeText"><span style='font-size:10.0pt'>assert</span></span>, |
| 16500 | <span class="CodeText"><span style= |
| 16501 | 'font-size:10.0pt'>complex</span></span>, <span class= |
| 16502 | "CodeText"><span style='font-size:10.0pt'>ctype</span></span>, |
| 16503 | <span class="CodeText"><span style= |
| 16504 | 'font-size:10.0pt'>errno</span></span>, <span class= |
| 16505 | "CodeText"><span style='font-size:10.0pt'>fenv</span></span>, |
| 16506 | <span class="CodeText"><span style= |
| 16507 | 'font-size:10.0pt'>float</span></span>, <span class= |
| 16508 | "CodeText"><span style='font-size:10.0pt'>inttypes</span></span>, |
| 16509 | <span class="CodeText"><span style= |
| 16510 | 'font-size:10.0pt'>iso646</span></span>, <span class= |
| 16511 | "CodeText"><span style='font-size:10.0pt'>limits</span></span>, |
| 16512 | <span class="CodeText"><span style= |
| 16513 | 'font-size:10.0pt'>locale</span></span>, <span class= |
| 16514 | "CodeText"><span style='font-size:10.0pt'>math</span></span>, |
| 16515 | <span class="CodeText"><span style= |
| 16516 | 'font-size:10.0pt'>setjmp</span></span>, <span class= |
| 16517 | "CodeText"><span style='font-size:10.0pt'>signal</span></span>, |
| 16518 | <span class="CodeText"><span style= |
| 16519 | 'font-size:10.0pt'>stdarg</span></span>, <span class= |
| 16520 | "CodeText"><span style='font-size:10.0pt'>stdbool</span></span>, |
| 16521 | <span class="CodeText"><span style= |
| 16522 | 'font-size:10.0pt'>stddef</span></span>, <span class= |
| 16523 | "CodeText"><span style='font-size:10.0pt'>stdio</span></span>, |
| 16524 | <span class="CodeText"><span style= |
| 16525 | 'font-size:10.0pt'>stdlib</span></span>, <span class= |
| 16526 | "CodeText"><span style='font-size:10.0pt'>string</span></span>, |
| 16527 | <span class="CodeText"><span style= |
| 16528 | 'font-size:10.0pt'>tgmath</span></span>, <span class= |
| 16529 | "CodeText"><span style='font-size:10.0pt'>time</span></span>, |
| 16530 | <span class="CodeText"><span style= |
| 16531 | 'font-size:10.0pt'>wchar</span></span>, and <span class= |
| 16532 | "CodeText"><span style='font-size:10.0pt'>wctype</span></span>.</p> |
| 16533 | |
| 16534 | |
| 16535 | <div> |
| 16536 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16537 | height="14" align="left"> |
| 16538 | <tr> |
| 16539 | <td valign="top" align="left" height="14" style= |
| 16540 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16541 | <p class="TextFontCX" align="center" style= |
| 16542 | 'text-align:center;background:#CCCCCC'><span style= |
| 16543 | 'font-size:10.0pt'>P:</span> <span class= |
| 16544 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16545 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16546 | 'font-size:10.0pt'>skip-posix-headers</span></span></p> |
| 16547 | <p class="IndentText">Prevent inclusion of header files in a system |
| 16548 | directory with names that match standard POSIX headers. The |
| 16549 | symbolic information in the standard library is used instead. |
| 16550 | In effect only if a library that includes the POSIX library is |
| 16551 | used. The skipped POSIX headers are: <span class= |
| 16552 | "CodeText"><span style='font-size:10.0pt'>dirent</span></span>, |
| 16553 | <span class="CodeText"><span style= |
| 16554 | 'font-size:10.0pt'>fcntl</span></span>, <span class= |
| 16555 | "CodeText"><span style='font-size:10.0pt'>grp</span></span>, |
| 16556 | <span class="CodeText"><span style= |
| 16557 | 'font-size:10.0pt'>pwd</span></span>, <span class= |
| 16558 | "CodeText"><span style='font-size:10.0pt'>termios</span></span>, |
| 16559 | <span class="CodeText"><span style= |
| 16560 | 'font-size:10.0pt'>sys/stat</span></span>, <span class= |
| 16561 | "CodeText"><span style='font-size:10.0pt'>sys/times</span></span>, |
| 16562 | <span class="CodeText"><span style= |
| 16563 | 'font-size:10.0pt'>sys/types</span></span>, <span class= |
| 16564 | "CodeText"><span style= |
| 16565 | 'font-size:10.0pt'>sys/utsname</span></span>, <span class= |
| 16566 | "CodeText"><span style='font-size:10.0pt'>sys/wait</span></span>, |
| 16567 | <span class="CodeText"><span style= |
| 16568 | 'font-size:10.0pt'>unistd</span></span>, and <span class= |
| 16569 | "CodeText"><span style='font-size:10.0pt'>utime</span></span>.</p> |
| 16570 | |
| 16571 | <div> |
| 16572 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16573 | height="14" align="left"> |
| 16574 | <tr> |
| 16575 | <td valign="top" align="left" height="14" style= |
| 16576 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16577 | <p class="TextFontCX" align="center" style= |
| 16578 | 'text-align:center;background:#CCCCCC'><span style= |
| 16579 | 'font-size:10.0pt'>P:</span> <span class= |
| 16580 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16581 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16582 | 'font-size:10.0pt'>warn-posix-headers</span></span></p> |
| 16583 | <p class="IndentText">Report use of a POSIX header when checking a |
| 16584 | program with a non-POSIX library.</p> |
| 16585 | <p class="IndentText"> </p> |
| 16586 | |
| 16587 | <div> |
| 16588 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16589 | height="14" align="left"> |
| 16590 | <tr> |
| 16591 | <td valign="top" align="left" height="14" style= |
| 16592 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16593 | <p class="TextFontCX" align="center" style= |
| 16594 | 'text-align:center;background:#CCCCCC'><span style= |
| 16595 | 'font-size:10.0pt'>P:</span> <span class= |
| 16596 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16597 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16598 | 'font-size:10.0pt'>warn-unix-headers</span></span></p> |
| 16599 | <p class="IndentText"> |
| 16600 | Warn the user that the unix library may not be compatible with all platforms. |
| 16601 | </p> |
| 16602 | |
| 16603 | <div> |
| 16604 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16605 | height="14" align="left"> |
| 16606 | <tr> |
| 16607 | <td valign="top" align="left" height="14" style= |
| 16608 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16609 | <p class="TextFontCX" align="center" style= |
| 16610 | 'text-align:center;background:#CCCCCC'><span style= |
| 16611 | 'font-size:10.0pt'>P:</span> <span class= |
| 16612 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 16613 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16614 | 'font-size:10.0pt'>skip-sys-headers</span></span></p> |
| 16615 | <p class="IndentText">Prevent inclusion of all header files in |
| 16616 | system directories.</p> |
| 16617 | <div> |
| 16618 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16619 | height="14" align="left"> |
| 16620 | <tr> |
| 16621 | <td valign="top" align="left" height="14" style= |
| 16622 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16623 | <p class="TextFontCX" align="center" style= |
| 16624 | 'text-align:center;background:#CCCCCC'><span style= |
| 16625 | 'font-size:10.0pt'>P:</span> <span class= |
| 16626 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16627 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16628 | 'font-size:10.0pt'>sys-dir-expand-macros</span></span></p> |
| 16629 | <p class="IndentText">Expand macros in system directories |
| 16630 | regardless of other settings, except for macros corresponding to |
| 16631 | names defined in a load library.</p> |
| 16632 | <div> |
| 16633 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16634 | height="14" align="left"> |
| 16635 | <tr> |
| 16636 | <td valign="top" align="left" height="14" style= |
| 16637 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16638 | <p class="TextFontCX" align="center" style= |
| 16639 | 'text-align:center;background:#CCCCCC'><span style= |
| 16640 | 'font-size:10.0pt'>m:</span><span class= |
| 16641 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 16642 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16643 | 'font-size:10.0pt'>sys-dir-errors</span></span></p> |
| 16644 | <p class="IndentText">Report errors in files in system directories |
| 16645 | (set by <span class="Flag"><span style= |
| 16646 | 'font-size:10.0pt'>-sys-dirs</span></span>). </p> |
| 16647 | <p class="IndentText"><span class="HeadingNote"><span style= |
| 16648 | 'font-size:10.5pt; font-style:normal'> </span></span></p> |
| 16649 | |
| 16650 | <div> |
| 16651 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16652 | height="14" align="left"> |
| 16653 | <tr> |
| 16654 | <td valign="top" align="left" height="14" style= |
| 16655 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16656 | <p class="TextFontCX" align="center" style= |
| 16657 | 'text-align:center;background:#CCCCCC'><span style= |
| 16658 | 'font-size:10.0pt'>P:</span><span class= |
| 16659 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16660 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16661 | 'font-size:10.0pt'> |
| 16662 | warn-sys-files |
| 16663 | </span></span></p> |
| 16664 | <p class="IndentText"> |
| 16665 | Warn when a system file was listed as a command line file but Splint |
| 16666 | is not set to report errors for system files. This prevents accidentally missing warnings |
| 16667 | in system files when Splint is run in a system directory. |
| 16668 | </p> |
| 16669 | |
| 16670 | <div> |
| 16671 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16672 | height="14" align="left"> |
| 16673 | <tr> |
| 16674 | <td valign="top" align="left" height="14" style= |
| 16675 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16676 | <p class="TextFontCX" align="center" style= |
| 16677 | 'text-align:center;background:#CCCCCC'><span style= |
| 16678 | 'font-size:10.0pt'>global:</span> <span class= |
| 16679 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 16680 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16681 | 'font-size:10.0pt'>single-include</span></span></p> |
| 16682 | <p class="IndentText">Optimize header inclusion to only include |
| 16683 | each header file once.</p> |
| 16684 | <div> |
| 16685 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16686 | height="14" align="left"> |
| 16687 | <tr> |
| 16688 | <td valign="top" align="left" height="14" style= |
| 16689 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16690 | <p class="TextFontCX" align="center" style= |
| 16691 | 'text-align:center;background:#CCCCCC'><span style= |
| 16692 | 'font-size:10.0pt'>global:</span> <span class= |
| 16693 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 16694 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16695 | 'font-size:10.0pt'>never-include</span></span></p> |
| 16696 | <p class="IndentText">Use library information instead of including |
| 16697 | header files.</p> |
| 36ba812d |
16698 | |
| 16699 | <div> |
| 16700 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16701 | height="14" align="left"> |
| 16702 | <tr> |
| 16703 | <td valign="top" align="left" height="14" style= |
| 16704 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16705 | <p class="TextFontCX" align="center" style= |
| 16706 | 'text-align:center;background:#CCCCCC'><span style= |
| 16707 | 'font-size:10.0pt'>global:</span> <span class= |
| 16708 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 16709 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16710 | 'font-size:10.0pt'>case-insensitive-filenames</span></span></p> |
| 16711 | <p class="IndentText"> |
| 16712 | File names are case insensitive (file.h and FILE.H are the same file). |
| 16713 | </p> |
| 16714 | |
| 16715 | |
| 16716 | |
| 9645dee1 |
16717 | <p class="Heading10">Comments</p> |
| 16718 | <p class="beforelist">These flags control how syntactic comments |
| 16719 | are interpreted.</p> |
| 16720 | <div> |
| 16721 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16722 | height="14" align="left"> |
| 16723 | <tr> |
| 16724 | <td valign="top" align="left" height="14" style= |
| 16725 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16726 | <p class="TextFontCX" align="center" style= |
| 16727 | 'text-align:center;background:#CCCCCC'><span style= |
| 16728 | 'font-size:10.0pt'>P:</span> <span class="Flag"><span style= |
| 16729 | 'font-size:10.0pt'>@</span></span></p></td></tr></table></div> |
| 16730 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16731 | 'font-size:10.0pt'>comment-char</span></span> <span class= |
| 16732 | "Flag"><i><span style= |
| 16733 | 'font-size:10.0pt'><char></span></i></span></p> |
| 16734 | <p class="IndentText">Set the marker character for syntactic |
| 16735 | comments. Comments beginning with <span class= |
| 16736 | "CodeText"><span style= |
| 16737 | 'font-size:10.0pt'>/*</span></span><span class= |
| 16738 | "Flag"><i><span style= |
| 16739 | 'font-size:10.0pt'><char></span></i></span> are interpreted |
| 16740 | by Splint.</p> |
| 16741 | <div> |
| 16742 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16743 | height="14" align="left"> |
| 16744 | <tr> |
| 16745 | <td valign="top" align="left" height="14" style= |
| 16746 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16747 | <p class="TextFontCX" align="center" style= |
| 16748 | 'text-align:center;background:#CCCCCC'><span style= |
| 16749 | 'font-size:10.0pt'>P:</span> <span class= |
| 16750 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 16751 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16752 | 'font-size:10.0pt'>noaccess</span></span></p> |
| 16753 | <p class="IndentText">Ignore access comments.</p> |
| 16754 | <div> |
| 16755 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16756 | height="14" align="left"> |
| 16757 | <tr> |
| 16758 | <td valign="top" align="left" height="14" style= |
| 16759 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16760 | <p class="TextFontCX" align="center" style= |
| 16761 | 'text-align:center;background:#CCCCCC'><span style= |
| 16762 | 'font-size:10.0pt'>P:</span> <span class= |
| 16763 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 16764 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16765 | 'font-size:10.0pt'>nocomments</span></span></p> |
| 16766 | <p class="IndentText">Ignore all stylized comments.</p> |
| 16767 | <div> |
| 16768 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16769 | height="14" align="left"> |
| 16770 | <tr> |
| 16771 | <td valign="top" align="left" height="14" style= |
| 16772 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16773 | <p class="TextFontCX" align="center" style= |
| 16774 | 'text-align:center;background:#CCCCCC'><span style= |
| 16775 | 'font-size:10.0pt'>P:</span> <span class= |
| 16776 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16777 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16778 | 'font-size:10.0pt'>sup-counts</span></span></p> |
| 16779 | <p class="IndentText">Actual number of errors does not match number |
| 16780 | in <span class="Annot"><span style= |
| 16781 | 'font-size:10.0pt'>/*@i</span></span><span class= |
| 16782 | "Annot"><span style= |
| 16783 | 'font-size:10.0pt'><n>@*/</span></span></p> |
| 16784 | <div> |
| 16785 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16786 | height="14" align="left"> |
| 16787 | <tr> |
| 16788 | <td valign="top" align="left" height="14" style= |
| 16789 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16790 | <p class="TextFontCX" align="center" style= |
| 16791 | 'text-align:center;background:#CCCCCC'><span style= |
| 16792 | 'font-size:10.0pt'>P:</span> <span class= |
| 16793 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16794 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16795 | 'font-size:10.0pt'>lint-comments</span></span></p> |
| 16796 | <p class="IndentText">Interpret traditional lint comments |
| 16797 | (<span class="CodeText"><span style= |
| 16798 | 'font-size:10.0pt'>/*FALLTHROUGH*/</span></span>, |
| 16799 | <span class="CodeText"><span style= |
| 16800 | 'font-size:10.0pt'>/*NOTREACHED*/</span></span>, <span class= |
| 16801 | "CodeText"><span style= |
| 16802 | 'font-size:10.0pt'>/*PRINTFLIKE*/</span></span>).</p> |
| 16803 | <div> |
| 16804 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16805 | height="14" align="left"> |
| 16806 | <tr> |
| 16807 | <td valign="top" align="left" height="14" style= |
| 16808 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16809 | <p class="TextFontCX" align="center" style= |
| 16810 | 'text-align:center;background:#CCCCCC'><span style= |
| 16811 | 'font-size:10.0pt'>m:</span><span class= |
| 16812 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 16813 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16814 | 'font-size:10.0pt'>warn-lint-comments</span></span></p> |
| 16815 | <p class="IndentText">Print a warning and suggest an alternative |
| 16816 | when a traditional lint comment is used. </p> |
| 16817 | <div> |
| 16818 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16819 | height="14" align="left"> |
| 16820 | <tr> |
| 16821 | <td valign="top" align="left" height="14" style= |
| 16822 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16823 | <p class="TextFontCX" align="center" style= |
| 16824 | 'text-align:center;background:#CCCCCC'><span style= |
| 16825 | 'font-size:10.0pt'>P: +</span></p></td></tr></table></div> |
| 16826 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16827 | 'font-size:10.0pt'>unrecog-comments</span></span></p> |
| 16828 | <p class="IndentText">Stylized comment is unrecognized.</p> |
| 16829 | |
| 36ba812d |
16830 | <div> |
| 16831 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16832 | height="14" align="left"> |
| 16833 | <tr> |
| 16834 | <td valign="top" align="left" height="14" style= |
| 16835 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16836 | <p class="TextFontCX" align="center" style= |
| 16837 | 'text-align:center;background:#CCCCCC'><span style= |
| 16838 | 'font-size:10.0pt'>P: +</span></p></td></tr></table></div> |
| 16839 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16840 | 'font-size:10.0pt'>unrecog-flag-comments</span></span></p> |
| 16841 | <p class="IndentText"> |
| 16842 | Semantic comment attempts to set a flag that is not recognized. |
| 16843 | </p> |
| 16844 | |
| 16845 | |
| 9645dee1 |
16846 | <div> |
| 16847 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16848 | height="14" align="left"> |
| 16849 | <tr> |
| 16850 | <td valign="top" align="left" height="14" style= |
| 16851 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16852 | <p class="TextFontCX" align="center" style= |
| 16853 | 'text-align:center;background:#CCCCCC'><span style= |
| 16854 | 'font-size:10.0pt'>P: +</span></p></td></tr></table></div> |
| 16855 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16856 | 'font-size:10.0pt'>annotationerror |
| 16857 | </span></span></p> |
| 16858 | <p class="IndentText"> |
| 16859 | A declaration uses an invalid annotation. |
| 16860 | </p> |
| 16861 | |
| 16862 | |
| 16863 | <div> |
| 16864 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16865 | height="14" align="left"> |
| 16866 | <tr> |
| 16867 | <td valign="top" align="left" height="14" style= |
| 16868 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16869 | <p class="TextFontCX" align="center" style= |
| 16870 | 'text-align:center;background:#CCCCCC'><span style= |
| 16871 | 'font-size:10.0pt'>P: +</span></p></td></tr></table></div> |
| 16872 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16873 | 'font-size:10.0pt'>commenterror |
| 16874 | </span></span></p> |
| 16875 | <p class="IndentText"> |
| 16876 | A syntactic comment is used inconsistently. |
| 16877 | </p> |
| 16878 | |
| 16879 | <p class="Heading10">Parsing</p> |
| 16880 | <div> |
| 16881 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16882 | height="14" align="left"> |
| 16883 | <tr> |
| 16884 | <td valign="top" align="left" height="14" style= |
| 16885 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16886 | <p class="TextFontCX" align="center" style= |
| 16887 | 'text-align:center;background:#CCCCCC'><span style= |
| 16888 | 'font-size:10.0pt'>P:</span> <span class= |
| 16889 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 16890 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16891 | 'font-size:10.0pt'>continue-comment</span></span></p> |
| 16892 | <p class="IndentText">A line continuation marker |
| 16893 | (<span class="CodeText"><span style= |
| 16894 | 'font-size:10.0pt'>\</span></span>) appears inside a comment |
| 16895 | on the same line as the comment close. Preprocessors should |
| 16896 | handle this correctly, but it causes problems for some |
| 16897 | preprocessors.</p> |
| 16898 | <div> |
| 16899 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16900 | height="14" align="left"> |
| 16901 | <tr> |
| 16902 | <td valign="top" align="left" height="14" style= |
| 16903 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16904 | <p class="TextFontCX" align="center" style= |
| 16905 | 'text-align:center;background:#CCCCCC'><span style= |
| 16906 | 'font-size:10.0pt'>P:</span> <span class= |
| 16907 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16908 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16909 | 'font-size:10.0pt'>nest-comment</span></span></p> |
| 16910 | <p class="IndentText">A comment open sequence (<span class= |
| 16911 | "CodeText"><span style='font-size:10.0pt'>/*</span></span>) appears |
| 16912 | inside a comment. This usually indicates that an earlier |
| 16913 | comment was not closed.</p> |
| 16914 | |
| 16915 | <div> |
| 16916 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16917 | height="14" align="left"> |
| 16918 | <tr> |
| 16919 | <td valign="top" align="left" height="14" style= |
| 16920 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16921 | <p class="TextFontCX" align="center" style= |
| 16922 | 'text-align:center;background:#CCCCCC'><span style= |
| 16923 | 'font-size:10.0pt'>P:</span> <span class= |
| 16924 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 16925 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16926 | 'font-size:10.0pt'>slashslashcomment</span></span></p> |
| 16927 | <p class="IndentText">A |
| 16928 | <span class= |
| 16929 | "CodeText"><span style='font-size:10.0pt'>//</span></span> |
| 16930 | comment is used.  ISO C99 allows |
| 16931 | <span class= |
| 16932 | "CodeText"><span style='font-size:10.0pt'>//</span></span> |
| 16933 | comments, but earlier standards did not. |
| 16934 | </p> |
| 16935 | |
| 16936 | <div> |
| 16937 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16938 | height="14" align="left"> |
| 16939 | <tr> |
| 16940 | <td valign="top" align="left" height="14" style= |
| 16941 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16942 | <p class="TextFontCX" align="center" style= |
| 16943 | 'text-align:center;background:#CCCCCC'><span style= |
| 16944 | 'font-size:10.0pt'>P: +</span></p></td></tr></table></div> |
| 16945 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16946 | 'font-size:10.0pt'>duplicate-quals</span></span></p> |
| 16947 | <p class="IndentText">Report duplicate type qualifiers (e.g., |
| 16948 | <span class="CodeText"><span style='font-size:10.0pt'>unsigned |
| 16949 | unsigned</span></span>).</p> |
| 16950 | <div> |
| 16951 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16952 | height="14" align="left"> |
| 16953 | <tr> |
| 16954 | <td valign="top" align="left" height="14" style= |
| 16955 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16956 | <p class="TextFontCX" align="center" style= |
| 16957 | 'text-align:center;background:#CCCCCC'><span style= |
| 16958 | 'font-size:10.0pt'>P:</span> <span class= |
| 16959 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16960 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16961 | 'font-size:10.0pt'>gnu-extensions</span></span></p> |
| 16962 | <p class="IndentText">Support some GNU and Microsoft language |
| 16963 | extensions.</p> |
| 16964 | |
| 16965 | <div> |
| 16966 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16967 | height="14" align="left"> |
| 16968 | <tr> |
| 16969 | <td valign="top" align="left" height="14" style= |
| 16970 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16971 | <p class="TextFontCX" align="center" style= |
| 16972 | 'text-align:center;background:#CCCCCC'><span style= |
| 16973 | 'font-size:10.0pt'>P:</span> <span class= |
| 16974 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 16975 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16976 | 'font-size:10.0pt'>syntax</span></span></p> |
| 16977 | <p class="IndentText">Parse error.</p> |
| 16978 | |
| 16979 | <div> |
| 16980 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 16981 | height="14" align="left"> |
| 16982 | <tr> |
| 16983 | <td valign="top" align="left" height="14" style= |
| 16984 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 16985 | <p class="TextFontCX" align="center" style= |
| 16986 | 'text-align:center;background:#CCCCCC'><span style= |
| 16987 | 'font-size:10.0pt'>P:</span> <span class= |
| 16988 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 16989 | <p class="TextFontCX"><span class="Flag"><span style= |
| 16990 | 'font-size:10.0pt'>try-to-recover</span></span></p> |
| 16991 | <p class="IndentText">Try to recover from a parse error. If |
| 16992 | <span class="Flag"><span style= |
| 16993 | 'font-size:10.0pt'>trytorecover</span></span> is not set, Splint |
| 16994 | will abort checking after a parse error is detected. If it is |
| 16995 | set, Splint will attempt to recover, but Splint does performs only |
| 16996 | minimal error recovery. It is likely that trying to recover |
| 16997 | after a parse error will lead to an internal assertion failing.</p> |
| 16998 | |
| 16999 | |
| 17000 | <p class="Heading10">Warn use</p> |
| 17001 | |
| 17002 | <div> |
| 17003 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17004 | height="14" align="left"> |
| 17005 | <tr> |
| 17006 | <td valign="top" align="left" height="14" style= |
| 17007 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17008 | <p class="TextFontCX" align="center" style= |
| 17009 | 'text-align:center;background:#CCCCCC'><span style= |
| 17010 | 'font-size:10.0pt'>m:</span> <span class= |
| 17011 | "Keyword"><span style='font-size:10.0pt'>-+++ |
| 17012 | </span></span></p></td></tr></table></div> |
| 17013 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17014 | 'font-size:10.0pt'> |
| 17015 | bufferoverflow |
| 17016 | </span></span></p> |
| 17017 | <p class="IndentText"> |
| 17018 | Use of function that may lead to buffer overflow. |
| 17019 | </p> |
| 17020 | |
| 17021 | <div> |
| 17022 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17023 | height="14" align="left"> |
| 17024 | <tr> |
| 17025 | <td valign="top" align="left" height="14" style= |
| 17026 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17027 | <p class="TextFontCX" align="center" style= |
| 17028 | 'text-align:center;background:#CCCCCC'><span style= |
| 17029 | 'font-size:10.0pt'>m:</span> <span class= |
| 17030 | "Keyword"><span style='font-size:10.0pt'>++++ |
| 17031 | </span></span></p></td></tr></table></div> |
| 17032 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17033 | 'font-size:10.0pt'> |
| 17034 | bufferoverflowhigh |
| 17035 | </span></span></p> |
| 17036 | <p class="IndentText"> |
| 17037 | Use of function that may lead to buffer overflow. |
| 17038 | </p> |
| 17039 | |
| 17040 | |
| 17041 | |
| 17042 | <div> |
| 17043 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17044 | height="14" align="left"> |
| 17045 | <tr> |
| 17046 | <td valign="top" align="left" height="14" style= |
| 17047 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17048 | <p class="TextFontCX" align="center" style= |
| 17049 | 'text-align:center;background:#CCCCCC'><span style= |
| 17050 | 'font-size:10.0pt'>m:</span> <span class= |
| 17051 | "Keyword"><span style='font-size:10.0pt'>--++ |
| 17052 | </span></span></p></td></tr></table></div> |
| 17053 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17054 | 'font-size:10.0pt'> |
| 17055 | implementationoptional |
| 17056 | </span></span></p> |
| 17057 | <p class="IndentText"> |
| 17058 | Use of a declarator that is implementation optional, not required by ISO99. |
| 17059 | </p> |
| 17060 | |
| 17061 | |
| 17062 | <div> |
| 17063 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17064 | height="14" align="left"> |
| 17065 | <tr> |
| 17066 | <td valign="top" align="left" height="14" style= |
| 17067 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17068 | <p class="TextFontCX" align="center" style= |
| 17069 | 'text-align:center;background:#CCCCCC'><span style= |
| 17070 | 'font-size:10.0pt'>m:</span> <span class= |
| 17071 | "Keyword"><span style='font-size:10.0pt'>--++ |
| 17072 | </span></span></p></td></tr></table></div> |
| 17073 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17074 | 'font-size:10.0pt'> |
| 17075 | multithreaded |
| 17076 | </span></span></p> |
| 17077 | <p class="IndentText"> |
| 17078 | Non-reentrant function should not be used in multithreaded code. |
| 17079 | </p> |
| 17080 | |
| 17081 | <div> |
| 17082 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17083 | height="14" align="left"> |
| 17084 | <tr> |
| 17085 | <td valign="top" align="left" height="14" style= |
| 17086 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17087 | <p class="TextFontCX" align="center" style= |
| 17088 | 'text-align:center;background:#CCCCCC'><span style= |
| 17089 | 'font-size:10.0pt'>m:</span> <span class= |
| 17090 | "Keyword"><span style='font-size:10.0pt'>--++ |
| 17091 | </span></span></p></td></tr></table></div> |
| 17092 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17093 | 'font-size:10.0pt'> |
| 17094 | portability |
| 17095 | </span></span></p> |
| 17096 | <p class="IndentText"> |
| 17097 | Use of function that may have implementation-dependent behavior. |
| 17098 | </p> |
| 17099 | |
| 17100 | |
| 17101 | <div> |
| 17102 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17103 | height="14" align="left"> |
| 17104 | <tr> |
| 17105 | <td valign="top" align="left" height="14" style= |
| 17106 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17107 | <p class="TextFontCX" align="center" style= |
| 17108 | 'text-align:center;background:#CCCCCC'><span style= |
| 17109 | 'font-size:10.0pt'>m:</span> <span class= |
| 17110 | "Keyword"><span style='font-size:10.0pt'>--++ |
| 17111 | </span></span></p></td></tr></table></div> |
| 17112 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17113 | 'font-size:10.0pt'> |
| 17114 | superuser |
| 17115 | </span></span></p> |
| 17116 | <p class="IndentText"> |
| 17117 | Call to function restricted to superusers. |
| 17118 | </p> |
| 17119 | |
| 17120 | |
| 17121 | <div> |
| 17122 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17123 | height="14" align="left"> |
| 17124 | <tr> |
| 17125 | <td valign="top" align="left" height="14" style= |
| 17126 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17127 | <p class="TextFontCX" align="center" style= |
| 17128 | 'text-align:center;background:#CCCCCC'><span style= |
| 17129 | 'font-size:10.0pt'>m:</span> <span class= |
| 17130 | "Keyword"><span style='font-size:10.0pt'>---+ |
| 17131 | </span></span></p></td></tr></table></div> |
| 17132 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17133 | 'font-size:10.0pt'> |
| 17134 | toctou |
| 17135 | </span></span></p> |
| 17136 | <p class="IndentText"> |
| 17137 | Possible time of check, time of use vulnerability. |
| 17138 | </p> |
| 17139 | |
| 17140 | |
| 17141 | |
| 17142 | <div> |
| 17143 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17144 | height="14" align="left"> |
| 17145 | <tr> |
| 17146 | <td valign="top" align="left" height="14" style= |
| 17147 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17148 | <p class="TextFontCX" align="center" style= |
| 17149 | 'text-align:center;background:#CCCCCC'><span style= |
| 17150 | 'font-size:10.0pt'>m:</span> <span class= |
| 17151 | "Keyword"><span style='font-size:10.0pt'>---- |
| 17152 | </span></span></p></td></tr></table></div> |
| 17153 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17154 | 'font-size:10.0pt'> |
| 17155 | unixstandard |
| 17156 | </span></span></p> |
| 17157 | <p class="IndentText"> |
| 17158 | Use of function that need not be provided by UNIX implementations |
| 17159 | </p> |
| 17160 | |
| 17161 | <p class="Heading10">ITS4 compatibility flags</p> |
| 17162 | |
| 17163 | |
| 17164 | <div> |
| 17165 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17166 | height="14" align="left"> |
| 17167 | <tr> |
| 17168 | <td valign="top" align="left" height="14" style= |
| 17169 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17170 | <p class="TextFontCX" align="center" style= |
| 17171 | 'text-align:center;background:#CCCCCC'><span style= |
| 17172 | 'font-size:10.0pt'>P:</span> <span class= |
| 17173 | "Keyword"><span style='font-size:10.0pt'>- |
| 17174 | </span></span></p></td></tr></table></div> |
| 17175 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17176 | 'font-size:10.0pt'> |
| 17177 | its4mostrisky |
| 17178 | </span></span></p> |
| 17179 | <p class="IndentText"> |
| 17180 | Security vulnerability classified as most risky in its4 database. |
| 17181 | </p> |
| 17182 | |
| 17183 | <div> |
| 17184 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17185 | height="14" align="left"> |
| 17186 | <tr> |
| 17187 | <td valign="top" align="left" height="14" style= |
| 17188 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17189 | <p class="TextFontCX" align="center" style= |
| 17190 | 'text-align:center;background:#CCCCCC'><span style= |
| 17191 | 'font-size:10.0pt'>P:</span> <span class= |
| 17192 | "Keyword"><span style='font-size:10.0pt'>- |
| 17193 | </span></span></p></td></tr></table></div> |
| 17194 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17195 | 'font-size:10.0pt'> |
| 17196 | its4veryrisky |
| 17197 | </span></span></p> |
| 17198 | <p class="IndentText"> |
| 17199 | Security vulnerability classified as very risky in its4 database. |
| 17200 | </p> |
| 17201 | |
| 17202 | |
| 17203 | <div> |
| 17204 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17205 | height="14" align="left"> |
| 17206 | <tr> |
| 17207 | <td valign="top" align="left" height="14" style= |
| 17208 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17209 | <p class="TextFontCX" align="center" style= |
| 17210 | 'text-align:center;background:#CCCCCC'><span style= |
| 17211 | 'font-size:10.0pt'>P:</span> <span class= |
| 17212 | "Keyword"><span style='font-size:10.0pt'>- |
| 17213 | </span></span></p></td></tr></table></div> |
| 17214 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17215 | 'font-size:10.0pt'> |
| 17216 | its4risky |
| 17217 | </span></span></p> |
| 17218 | <p class="IndentText"> |
| 17219 | Security vulnerability classified as risky in its4 database. |
| 17220 | </p> |
| 17221 | |
| 17222 | |
| 17223 | <div> |
| 17224 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17225 | height="14" align="left"> |
| 17226 | <tr> |
| 17227 | <td valign="top" align="left" height="14" style= |
| 17228 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17229 | <p class="TextFontCX" align="center" style= |
| 17230 | 'text-align:center;background:#CCCCCC'><span style= |
| 17231 | 'font-size:10.0pt'>P:</span> <span class= |
| 17232 | "Keyword"><span style='font-size:10.0pt'>- |
| 17233 | </span></span></p></td></tr></table></div> |
| 17234 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17235 | 'font-size:10.0pt'> |
| 17236 | its4moderate |
| 17237 | </span></span></p> |
| 17238 | <p class="IndentText"> |
| 17239 | Security vulnerability classified as moderate risk in its4 database. |
| 17240 | </p> |
| 17241 | |
| 17242 | |
| 17243 | |
| 17244 | <div> |
| 17245 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17246 | height="14" align="left"> |
| 17247 | <tr> |
| 17248 | <td valign="top" align="left" height="14" style= |
| 17249 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17250 | <p class="TextFontCX" align="center" style= |
| 17251 | 'text-align:center;background:#CCCCCC'><span style= |
| 17252 | 'font-size:10.0pt'>P:</span> <span class= |
| 17253 | "Keyword"><span style='font-size:10.0pt'>- |
| 17254 | </span></span></p></td></tr></table></div> |
| 17255 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17256 | 'font-size:10.0pt'> |
| 17257 | its4low |
| 17258 | </span></span></p> |
| 17259 | <p class="IndentText"> |
| 17260 | Security vulnerability classified as risky in its4 database. |
| 17261 | </p> |
| 17262 | |
| 17263 | <p class="Heading10">Debug flags</p> |
| 17264 | |
| 17265 | <div> |
| 17266 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17267 | height="14" align="left"> |
| 17268 | <tr> |
| 17269 | <td valign="top" align="left" height="14" style= |
| 17270 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17271 | <p class="TextFontCX" align="center" style= |
| 17272 | 'text-align:center;background:#CCCCCC'><span style= |
| 17273 | 'font-size:10.0pt'>P:</span> <span class= |
| 17274 | "Keyword"><span style='font-size:10.0pt'>3 |
| 17275 | </span></span></p></td></tr></table></div> |
| 17276 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17277 | 'font-size:10.0pt'> |
| 17278 | bugslimit |
| 17279 | </span></span></p> |
| 17280 | <p class="IndentText"> |
| 17281 | Set maximum number of bugs detected before giving up. |
| 17282 | </p> |
| 17283 | |
| 17284 | |
| 17285 | <div> |
| 17286 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17287 | height="14" align="left"> |
| 17288 | <tr> |
| 17289 | <td valign="top" align="left" height="14" style= |
| 17290 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17291 | <p class="TextFontCX" align="center" style= |
| 17292 | 'text-align:center;background:#CCCCCC'><span style= |
| 17293 | 'font-size:10.0pt'>m:</span> <span class= |
| 17294 | "Keyword"><span style='font-size:10.0pt'>---- |
| 17295 | </span></span></p></td></tr></table></div> |
| 17296 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17297 | 'font-size:10.0pt'> |
| 17298 | debugfcnconstraint |
| 17299 | </span></span></p> |
| 17300 | <p class="IndentText"> |
| 17301 | Perform buffer overflow checking even if the errors would be surpressed. |
| 17302 | </p> |
| 17303 | |
| 17304 | |
| 17305 | |
| 17306 | <div> |
| 17307 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17308 | height="14" align="left"> |
| 17309 | <tr> |
| 17310 | <td valign="top" align="left" height="14" style= |
| 17311 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17312 | <p class="TextFontCX" align="center" style= |
| 17313 | 'text-align:center;background:#CCCCCC'><span style= |
| 17314 | 'font-size:10.0pt'>P:</span> <span class= |
| 17315 | "Keyword"><span style='font-size:10.0pt'>- |
| 17316 | </span></span></p></td></tr></table></div> |
| 17317 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17318 | 'font-size:10.0pt'> |
| 17319 | grammar |
| 17320 | </span></span></p> |
| 17321 | <p class="IndentText"> |
| 17322 | Debug parsing. Prints bison generated debuging information. |
| 17323 | </p> |
| 17324 | |
| 17325 | |
| 17326 | |
| 17327 | <div> |
| 17328 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17329 | height="14" align="left"> |
| 17330 | <tr> |
| 17331 | <td valign="top" align="left" height="14" style= |
| 17332 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17333 | <p class="TextFontCX" align="center" style= |
| 17334 | 'text-align:center;background:#CCCCCC'><span style= |
| 17335 | 'font-size:10.0pt'>P:</span> <span class= |
| 17336 | "Keyword"><span style='font-size:10.0pt'>- |
| 17337 | </span></span></p></td></tr></table></div> |
| 17338 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17339 | 'font-size:10.0pt'> |
| 17340 | keep |
| 17341 | </span></span></p> |
| 17342 | <p class="IndentText"> |
| 17343 | Do not delete temporary files. |
| 17344 | </p> |
| 17345 | |
| 17346 | |
| 17347 | <div> |
| 17348 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17349 | height="14" align="left"> |
| 17350 | <tr> |
| 17351 | <td valign="top" align="left" height="14" style= |
| 17352 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17353 | <p class="TextFontCX" align="center" style= |
| 17354 | 'text-align:center;background:#CCCCCC'><span style= |
| 17355 | 'font-size:10.0pt'>P:</span> <span class= |
| 17356 | "Keyword"><span style='font-size:10.0pt'>- |
| 17357 | </span></span></p></td></tr></table></div> |
| 17358 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17359 | 'font-size:10.0pt'> |
| 17360 | nopp |
| 17361 | </span></span></p> |
| 17362 | <p class="IndentText"> |
| 17363 | Do not pre-process input files. |
| 17364 | </p> |
| 17365 | |
| 17366 | |
| 17367 | <div> |
| 17368 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 17369 | height="14" align="left"> |
| 17370 | <tr> |
| 17371 | <td valign="top" align="left" height="14" style= |
| 17372 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 17373 | <p class="TextFontCX" align="center" style= |
| 17374 | 'text-align:center;background:#CCCCCC'><span style= |
| 17375 | 'font-size:10.0pt'>P:</span> <span class= |
| 17376 | "Keyword"><span style='font-size:10.0pt'>- |
| 17377 | </span></span></p></td></tr></table></div> |
| 17378 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17379 | 'font-size:10.0pt'> |
| 17380 | showsourceloc |
| 17381 | </span></span></p> |
| 17382 | <p class="IndentText"> |
| 17383 | Display the source code location where a warning is produced. |
| 17384 | </p> |
| 17385 | |
| 17386 | |
| 17387 | |
| 17388 | |
| 17389 | <p class="MsoHeading7" style='margin-left:0in;text-indent:0in'> |
| 17390 | <a name="_Toc534975062"></a><a name="_Ref348845752">Appendix |
| 17391 | C<span style= |
| 17392 | 'font:7.0pt "Times New Roman"'> </span> |
| 17393 | <a id="annotations" name="annotations"> |
| 17394 | Annotations</a></a></p> |
| 17395 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 17396 | <a name="_Toc534975063"></a><a name="_Ref348010146">Suppressin</a>g |
| 17397 | Warnings</p> |
| 17398 | <p class="beforelist">Several annotations are provided for |
| 17399 | suppressing messages. In general, it is usually better to use |
| 17400 | specific flags to suppress a particular error permanently, but the |
| 17401 | general error suppression flags may be more convenient for quickly |
| 17402 | suppressing messages for code that will be corrected or documented |
| 17403 | later.</p> |
| 17404 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17405 | 'font-size:10.0pt'>ignore</span></span></p> |
| 17406 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17407 | 'font-size:10.0pt'>end</span></span></p> |
| 17408 | <p class="IndentText">No errors will be reported in code regions |
| 17409 | between <span class="Annot"><span style= |
| 17410 | 'font-size:10.0pt'>/*@ignore@*/</span></span> and |
| 17411 | <span class="Annot"><span style= |
| 17412 | 'font-size:10.0pt'>/*@end@*/</span></span>. These |
| 17413 | comments can be used to easily suppress an unlimited number |
| 17414 | of messages, but are dangerous since if real errors are |
| 17415 | introduced in the <span class="Flag"><span style= |
| 17416 | 'font-size:10.0pt'>ignore</span></span>…<span class= |
| 17417 | "Flag"><span style='font-size:10.0pt'>end</span></span> |
| 17418 | region they will not be reported. The <span class= |
| 17419 | "Annot"><span style='font-size:10.0pt'>ignore</span></span> |
| 17420 | and <span class="Annot"><span style= |
| 17421 | 'font-size:10.0pt'>end</span></span> comments must be matched |
| 17422 | — a warning is printed if the file ends in an ignore |
| 17423 | region or if <span class="Flag"><span style= |
| 17424 | 'font-size:10.0pt'>ignore</span></span> is used inside ignore |
| 17425 | region.</p> |
| 17426 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17427 | 'font-size:10.0pt'>i</span></span></p> |
| 17428 | <p class="IndentText">No errors will be reported from an |
| 17429 | <span class="Annot"><span style= |
| 17430 | 'font-size:10.0pt'>/*@i@*/</span></span> comment to the end of the |
| 17431 | line.</p> |
| 17432 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17433 | 'font-size:10.0pt'>i</span></span><span class= |
| 17434 | "Flag"><span style='font-size:10.0pt'><i><n></i></span></span></p> |
| 17435 | <p class="IndentText">No errors will be reported from an |
| 17436 | <span class="Annot"><span style= |
| 17437 | 'font-size:10.0pt'>/*@i<i><n></i>@*/</span></span> (e.g., |
| 17438 | <span class="Annot"><span style= |
| 17439 | 'font-size:10.0pt'>/*@i3@*/</span></span>) comment to the end of |
| 17440 | the line. If there are not exactly <i>n</i> errors suppressed |
| 17441 | from the comment point to the end of the line, Splint will report |
| 17442 | an error. This is more robust than <span class= |
| 17443 | "Annot"><span style='font-size:10.0pt'>i</span></span> or |
| 17444 | <span class="Annot"><span style= |
| 17445 | 'font-size:10.0pt'>ignore</span></span> since a message is |
| 17446 | generated if the expected number errors is not present. Since |
| 17447 | errors are not necessarily detected until after this file is |
| 17448 | processed (for example, and unused variable error), suppress count |
| 17449 | errors are reported after all files have been processed. The |
| 17450 | <span class="Flag"><span style= |
| 17451 | 'font-size: 10.0pt'>‑supcounts</span></span> flag may be used |
| 17452 | to suppress these errors. This is useful when a system if |
| 17453 | being rechecked with different flag settings.</p> |
| 17454 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17455 | 'font-size:10.0pt'>t</span></span></p> |
| 17456 | <p class="TextFontCX"><span class="Flag"><span style= |
| 17457 | 'font-size:10.0pt'>t<i><n></i></span></span></p> |
| 17458 | <p class="IndentText">Like <span class="Annot"><span style= |
| 17459 | 'font-size:10.0pt'>i</span></span> and <span class= |
| 17460 | "Annot"><span style= |
| 17461 | 'font-size:10.0pt'>i<i><n></i></span></span>, except |
| 17462 | controlled by <span class="Flag"><span style= |
| 17463 | 'font-size:10.0pt'>+tmpcomments</span></span> flag. These can |
| 17464 | be used to temporarily suppress certain errors. Then, |
| 17465 | <span class="Flag"><span style= |
| 17466 | 'font-size:10.0pt'>-tmpcomments</span></span> can be set to find |
| 17467 | them again.</p> |
| 17468 | <p class="MsoHeading8" style='margin-left:0in;text-indent:0in'> |
| 17469 | <a name="_Toc534975064">Syntactic Annotations</a></p> |
| 17470 | <p class="TextFontCX">The grammar below is the C syntax from |
| 17471 | [K&R,A13] modified to show the syntax of syntactic |
| 17472 | comments. Only productions effected by Splint annotations are |
| 17473 | shown. In the annotations, the <span class= |
| 17474 | "Annot"><span style='font-size:10.0pt'>@</span></span> represents |
| 17475 | the comment marker char, set by <span class= |
| 17476 | "Flag"><span style='font-size:10.0pt'>-commentchar</span></span> (default |
| 17477 | is <span class="Annot"><span style= |
| 17478 | 'font-size:10.0pt'>@</span></span>).</p> |
| 17479 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 17480 | <a name="_Toc534975065">Functions</a></p> |
| 17481 | <p class="TextFontCX"><i>direct-declarator</i> <span style= |
| 17482 | 'font-family:Symbol'>Þ</span></p> |
| 17483 | <p class="TextFontCX" style='text-indent:.5in'><i> |
| 17484 | direct-declarator</i> <span class="Annot"><span style= |
| 17485 | 'font-size:10.0pt'>(</span></span><i>parameter-type-list<sub>opt</sub></i> |
| 17486 | <span class="Annot"><span style='font-size: 10.0pt'>)</span></span> |
| 17487 | <i>stateClause*<sub>opt</sub> globals<sub>opt</sub> |
| 17488 | modifies<sub>opt</sub></i></p> |
| 17489 | <p class="TextFontCX" style='text-indent:.5in'><i>| |
| 17490 | direct-declarator</i> <span class="Annot"><span style= |
| 17491 | 'font-size:10.0pt'>(</span></span><i>identifier-list<sub>opt</sub></i> |
| 17492 | <span class="Annot"><span style='font-size: 10.0pt'>)</span></span> |
| 17493 | <i>stateClause*<sub>opt</sub> globals<sub>opt</sub> |
| 17494 | modifies<sub>opt</sub></i></p> |
| 17495 | <p class="TextFontCX"><i> </i></p> |
| 17496 | <p class="TextFontCX"><i>stateClause</i> <span style= |
| 17497 | 'font-family:Symbol'>Þ</span> <span class= |
| 17498 | "Annot"><span style='font-size:10.0pt'>/*@</span></span> ( |
| 17499 | <span class="Annot"><span style= |
| 17500 | 'font-size:10.0pt'>uses</span></span> <i>|</i> <span class= |
| 17501 | "Annot"><span style='font-size:10.0pt'>sets</span></span> |
| 17502 | <i>|</i> <span class="Annot"><span style= |
| 17503 | 'font-size:10.0pt'>defines</span></span> <i>|</i> |
| 17504 | <span class="Annot"><span style= |
| 17505 | 'font-size:10.0pt'>allocates</span></span> <i>|</i> |
| 17506 | <span class="Annot"><span style= |
| 17507 | 'font-size:10.0pt'>releases</span></span>) |
| 17508 | <i>reference,<sup>+</sup></i> <span class= |
| 17509 | "Annot"><span style='font-size:10.0pt'>;</span></span><i><sub>opt</sub></i> |
| 17510 | <span class="Annot"><span style= |
| 17511 | 'font-size:10.0pt'>@*/</span></span></p> |
| 17512 | <p class="TextFontCX" align="right" style='text-align: right'> |
| 17513 | <i> |
| 17514 | |</i> <span class="Annot"><span style= |
| 17515 | 'font-size:10.0pt'>/*@</span></span> ( <span class= |
| 17516 | "Annot"><span style='font-size:10.0pt'>ensures</span></span> | |
| 17517 | <span class="Annot"><span style= |
| 17518 | 'font-size:10.0pt'>requires</span></span> ) <i>stateTag</i> |
| 17519 | <i>reference,<sup>+</sup></i> <span class= |
| 17520 | "Annot"><span style='font-size:10.0pt'>;</span></span><i><sub>opt</sub></i> |
| 17521 | <span class="Annot"><span style= |
| 17522 | 'font-size:10.0pt'>@*/ </span></span> |
| 17523 | (Section 7.4)</p> |
| 17524 | <p class="TextFontCX"><i> </i></p> |
| 17525 | <p class="TextFontCX"><i>stateTag</i> <span style= |
| 17526 | 'font-family:Symbol'>Þ</span> <span class= |
| 17527 | "Annot"><span style='font-size: 10.0pt'>only</span></span> |
| 17528 | <i>|</i> <span class="Annot"><span style= |
| 17529 | 'font-size: 10.0pt'>shared</span></span> <i>|</i> |
| 17530 | <span class="Annot"><span style= |
| 17531 | 'font-size: 10.0pt'>owned</span></span> <i>|</i> <span class= |
| 17532 | "Annot"><span style= |
| 17533 | 'font-size: 10.0pt'>dependent</span></span> <i>|</i> |
| 17534 | <span class="Annot"><span style= |
| 17535 | 'font-size:10.0pt'>observer</span></span> <i>|</i> |
| 17536 | <span class="Annot"><span style= |
| 17537 | 'font-size:10.0pt'>exposed</span></span> <i>|</i> |
| 17538 | <span class="Annot"><span style= |
| 17539 | 'font-size:10.0pt'>isnull</span></span> <i>|</i> <span class= |
| 17540 | "Annot"><span style= |
| 17541 | 'font-size:10.0pt'>notnull</span></span></p> |
| 17542 | <p class="TextFontCX" align="right" style= |
| 17543 | 'text-align: right;text-indent:.5in'><i> | |
| 17544 | identifier </i> |
| 17545 | (Annotation defined by metastate definition, Section 10)</p> |
| 17546 | <p class="TextFontCX" style='text-indent:.5in'> |
| 17547 | <i> </i></p> |
| 17548 | <p class="TextFontCX"><i>globals</i> <span style= |
| 17549 | 'font-family:Symbol'>Þ</span> <span class= |
| 17550 | "Annot"><span style='font-size: 10.0pt'>/*@globals</span></span> |
| 17551 | <i>globitem,<sup>+</sup></i> <span class="Annot"><span style= |
| 17552 | 'font-size:10.0pt'>;</span></span><i><sub>opt</sub></i> |
| 17553 | <span class="Annot"><span style= |
| 17554 | 'font-size:10.0pt'>@*/</span></span> <i>|</i> <span class= |
| 17555 | "Annot"><span style= |
| 17556 | 'font-size:10.0pt'>/*@globals</span></span><i>declaration-list<sub>opt </sub></i> |
| 17557 | <span class="Annot"><span style= |
| 17558 | 'font-size: 10.0pt'>;</span></span><i><sub>opt</sub></i><span class="Annot"> |
| 17559 | <span style='font-size:10.0pt'>@*/</span></span><span class= |
| 17560 | "Keyword"><span style='font-size:10.0pt'> </span></span></p> |
| 17561 | <p class="TextFontCX"><i>globitem</i> <span style= |
| 17562 | 'font-family:Symbol'>Þ</span> [ ( <span class= |
| 17563 | "Annot"><span style='font-size:10.0pt'>undef</span></span> | |
| 17564 | <span class="Annot"><span style= |
| 17565 | 'font-size:10.0pt'>killed</span></span> )* ] <span class= |
| 17566 | "Keyword"><i><sub><span style= |
| 17567 | 'font-size:10.5pt;font-family:"Times New Roman"'> </span></sub></i></span><i> |
| 17568 | identifier | </i> <span class="Annot"><span style= |
| 17569 | 'font-size:10.0pt'>internalState</span></span><i>| </i> |
| 17570 | <span class="Annot"><span style= |
| 17571 | 'font-size:10.0pt'>fileSystem</span></span></p> |
| 17572 | <p class="TextFontCX"><i> </i></p> |
| 17573 | <p class="TextFontCX"><i>modifies</i> <span style= |
| 17574 | 'font-family:Symbol'>Þ</span> <span class= |
| 17575 | "Annot"><span style='font-size:10.0pt'>/*@modifies</span></span> |
| 17576 | (<span class="Annot"><span style= |
| 17577 | 'font-size:10.0pt'>nothing</span></span> <i>|</i> |
| 17578 | (<i>expression</i> | <span class="Annot"><span style= |
| 17579 | 'font-size:10.0pt'>internalState</span></span> | <span class= |
| 17580 | "Annot"><span style= |
| 17581 | 'font-size:10.0pt'>fileSystem</span></span>)<i><sup>+</sup></i><span class="Annot"> |
| 17582 | <span style= |
| 17583 | 'font-size:10.0pt'>;</span></span><i><sub>opt</sub></i>) |
| 17584 | <span class="Annot"><span style= |
| 17585 | 'font-size:10.0pt'>@*/</span></span><span class= |
| 17586 | "Keyword"><span style= |
| 17587 | 'font-size:10.0pt'> </span></span></p> |
| 17588 | <p class="TextFontCX" align="right" style='text-align: right'> |
| 17589 | <span class="Keyword"><span style= |
| 17590 | 'font-size:10.0pt'> </span></span> <i>|</i> |
| 17591 | <span class="Annot"><span style= |
| 17592 | 'font-size:10.0pt'>/*@*/</span></span><span class= |
| 17593 | "Keyword"><span style='font-size:10.0pt'> |
| 17594 | |
| 17595 | </span></span>(Abbreviation for |
| 17596 | no globals and modifies nothing.)</p> |
| 17597 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 17598 | <a name="_Toc534975066">Iterators</a> <span class= |
| 17599 | "TextFontCXChar"><span style= |
| 17600 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 17601 | 11.4)</span></span></p> |
| 17602 | <p class="beforelist">The globals and modifies clauses for an |
| 17603 | iterator are the same as those for a function, except they are not |
| 17604 | enclosed by a comment, since the iterator is already a comment.</p> |
| 17605 | <p class="TextFontCX"><i>direct-declarator</i></p> |
| 17606 | <p class="TextFontCX" style='text-indent:.5in'><span style= |
| 17607 | 'font-family:Symbol'>Þ</span> <span class= |
| 17608 | "Annot"><span style='font-size: 10.0pt'>/*@iter</span></span> |
| 17609 | <i>identifier</i> <span class="Annot"><span style= |
| 17610 | 'font-size:10.0pt'>(</span></span><i>parameter-type-list<sub>opt</sub></i> |
| 17611 | <span class="Annot"><span style= |
| 17612 | 'font-size:10.0pt'>)</span></span> |
| 17613 | <i>iterGlobals<sub>opt</sub> iterModifies<sub>opt</sub></i> |
| 17614 | <span class="Annot"><span style= |
| 17615 | 'font-size:10.0pt'>@*/</span></span></p> |
| 17616 | <p class="TextFontCX"><i> </i></p> |
| 17617 | <p class="TextFontCX"><i>iter-globals</i> <span style= |
| 17618 | 'font-family:Symbol'>Þ</span> <span class= |
| 17619 | "Annot"><span style='font-size: 10.0pt'>globals</span></span> |
| 17620 | <i>declaration-list<sub>opt</sub></i> <span class= |
| 17621 | "Annot"><span style= |
| 17622 | 'font-size:10.0pt'>;</span></span><i><sub>opt</sub></i></p> |
| 17623 | <p class="TextFontCX"><i>iter-modifies</i> <span style= |
| 17624 | 'font-family:Symbol'>Þ</span> <span class= |
| 17625 | "Annot"><span style='font-size: 10.0pt'>modifies</span></span><i> |
| 17626 | moditem,+</i><span class="Annot"><span style= |
| 17627 | 'font-size:10.0pt'>;</span></span><i><sub>opt</sub></i><i>|</i> |
| 17628 | <span class="Annot"><span style= |
| 17629 | 'font-size:10.0pt'> modifies |
| 17630 | nothing</span></span><span class="Annot"><span style= |
| 17631 | 'font-size:10.0pt'>;</span></span><i><sub>opt</sub></i></p> |
| 17632 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 17633 | <a name="_Toc534975067">Constants</a> <span class= |
| 17634 | "TextFontCXChar"><span style= |
| 17635 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 17636 | 11.1)</span></span></p> |
| 17637 | <p class="TextFontCX"><i>external-declaration</i> |
| 17638 | <span style='font-family:Symbol'>Þ</span> <span class= |
| 17639 | "Annot"><span style= |
| 17640 | 'font-size: 10.0pt'>/*@constant</span></span> <i>declaration |
| 17641 | <sub> </sub></i><span class="Annot"><span style= |
| 17642 | 'font-size:10.0pt'>;</span></span><i><sub>opt</sub></i><span class="Annot"> |
| 17643 | <span style='font-size:10.0pt'>@*/</span></span></p> |
| 17644 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 17645 | <a name="_Toc534975068"></a><a name="_Ref344807420">Alternate |
| 17646 | Types</a> <span class="TextFontCXChar"><span style= |
| 17647 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 17648 | 4.4)</span></span></p> |
| 17649 | <p class="beforelist">Alternate types may be used in the type |
| 17650 | specification of parameters and return values.</p> |
| 17651 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 17652 | <i>extended-type</i><span style='font-family:Symbol'>Þ</span> |
| 17653 | <i>type-specifier alt-type <sub>opt</sub></i></p> |
| 17654 | <p class="TextFontCX"><i>alt-type</i> <span style= |
| 17655 | 'font-family:Symbol'>Þ</span> <span class= |
| 17656 | "Annot"><span style='font-size: 10.0pt'>/*@alt</span></span> |
| 17657 | <i>basic-type,<sup>+</sup></i> <span class= |
| 17658 | "Annot"><span style='font-size:10.0pt'>@*/</span></span></p> |
| 17659 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 17660 | <a name="_Toc534975069">Declarator Annotations</a></p> |
| 17661 | <p class="TextFontCX">General annotations appear after |
| 17662 | <i>storage-class-specifier</i>s and before |
| 17663 | <i>type-specifier</i>s. Multiple annotations may be used in |
| 17664 | any order. Here, annotations are without the surrounding |
| 17665 | comment. In a declaration, the annotation would be surrounded |
| 17666 | by <span class="Annot"><span style= |
| 17667 | 'font-size:10.0pt'>/*@</span></span> and <span class= |
| 17668 | "Annot"><span style='font-size:10.0pt'>@*/</span></span>. In |
| 17669 | a globals or modifies clause or iterator or constant declaration, |
| 17670 | no surrounding comments would be used since they are within a |
| 17671 | comment.</p> |
| 17672 | <p class="Heading10" align="left" style='text-align:left'>Type |
| 17673 | Definitions <span class="TextFontCXChar"><span style= |
| 17674 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 17675 | 4.3)</span></span></p> |
| 17676 | <p class="beforelist">A type definition may use any either |
| 17677 | <span class="Annot"><span style= |
| 17678 | 'font-size:10.0pt'>abstract</span></span> or <span class= |
| 17679 | "Annot"><span style='font-size:10.0pt'>concrete</span></span>, |
| 17680 | either <span class="Annot"><span style= |
| 17681 | 'font-size:10.0pt'>mutable</span></span> or <span class= |
| 17682 | "Annot"><span style='font-size:10.0pt'>immutable</span></span>, and |
| 17683 | <span class="Annot"><span style= |
| 17684 | 'font-size:10.0pt'>refcounted</span></span>. Only a pointer |
| 17685 | to a <span class="Annot"><span style= |
| 17686 | 'font-size:10.0pt'>struct</span></span> may be declared with |
| 17687 | <span class="Annot"><span style= |
| 17688 | 'font-size:10.0pt'>refcounted</span></span>. Mutability |
| 17689 | annotations may not be used with concrete types since concrete |
| 17690 | types inherit their mutability from the actual type.</p> |
| 17691 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17692 | 'font-size:10.0pt'>abstract</span></span></p> |
| 17693 | <p class="MsoNormal" style='margin-left:13.5pt'>Type is abstraction |
| 17694 | (representation is hidden from clients.)</p> |
| 17695 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17696 | 'font-size:10.0pt'>concrete</span></span></p> |
| 17697 | <p class="MsoNormal" style='margin-left:13.5pt'>Type is concrete |
| 17698 | (representation is visible to clients.)</p> |
| 17699 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17700 | 'font-size:10.0pt'>immutable</span></span></p> |
| 17701 | <p class="MsoNormal" style='margin-left:13.5pt'>Instances of the |
| 17702 | type cannot change value.</p> |
| 17703 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17704 | 'font-size:10.0pt'>mutable</span></span></p> |
| 17705 | <p class="MsoNormal" style='margin-left:13.5pt'>Instances of the |
| 17706 | type can change value.</p> |
| 17707 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17708 | 'font-size:10.0pt'>refcounted</span></span></p> |
| 17709 | <p class="IndentText">Reference counted (Section 5.4).</p> |
| 17710 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 17711 | <a name="_Toc534975070">Type Access</a></p> |
| 17712 | <p class="TextFontCX">Control comments may also be used to override |
| 17713 | type access settings.</p> |
| 17714 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17715 | 'font-size:10.0pt'> </span></span></p> |
| 17716 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17717 | 'font-size:10.0pt'>/*@access |
| 17718 | <i><type></i>,<sup>+</sup>@*/</span></span><span class= |
| 17719 | "Annot"><span style='font-size:10.0pt'> </span></span></p> |
| 17720 | <p class="IndentText">Allows the following code to access the |
| 17721 | representation of <span class="Annot"><i><span style= |
| 17722 | 'font-size:10.0pt'><type></span></i></span>. Type |
| 17723 | access applies from the point of the comment to the end of the file |
| 17724 | or the next access control comment for this type.</p> |
| 17725 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17726 | 'font-size:10.0pt'>/*@noaccess</span></span> <span class= |
| 17727 | "Annot"><span style= |
| 17728 | 'font-size:10.0pt'><i><type></i>,<sup>+</sup>@*/</span></span></p> |
| 17729 | <p class="IndentText">Restricts access to the representation of |
| 17730 | <span class="Annot"><i><span style= |
| 17731 | 'font-size:10.0pt'><type></span></i></span>. The type |
| 17732 | in a <span class="Annot"><span style= |
| 17733 | 'font-size:10.0pt'>noaccess</span></span> comment must have been |
| 17734 | declared as an abstract type. </p> |
| 17735 | <p class="Heading10">Global Variables <span class= |
| 17736 | "HeadingNote"><span style= |
| 17737 | 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span> |
| 17738 | <span class="HeadingNote"><span style= |
| 17739 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>7.2</span></span><span class="HeadingNote"> |
| 17740 | <span style= |
| 17741 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>)</span></span></p> |
| 17742 | <p class="beforelist">One check annotation may be used on a global |
| 17743 | or file-static variable declaration.</p> |
| 17744 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17745 | 'font-size:10.0pt'>unchecked</span></span></p> |
| 17746 | <p class="IndentText"><span class="Annot"><span style= |
| 17747 | 'font-size:10.0pt;font-family: "Times New Roman"'>Weakest checking |
| 17748 | for global use.</span></span></p> |
| 17749 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17750 | 'font-size:10.0pt'>checkmod</span></span></p> |
| 17751 | <p class="IndentText"><span class="Annot"><span style= |
| 17752 | 'font-size:10.0pt;font-family: "Times New Roman"'>Check |
| 17753 | modification by not use of global.</span></span></p> |
| 17754 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17755 | 'font-size:10.0pt'>checked</span></span></p> |
| 17756 | <p class="IndentText"><span class="Annot"><span style= |
| 17757 | 'font-size:10.0pt;font-family: "Times New Roman"'>Check use and |
| 17758 | modification of global.</span></span></p> |
| 17759 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17760 | 'font-size:10.0pt'>checkedstrict</span></span></p> |
| 17761 | <p class="IndentText"><span class="Annot"><span style= |
| 17762 | 'font-size:10.0pt;font-family: "Times New Roman"'>Check use of |
| 17763 | global, even in functions with no global list.</span></span></p> |
| 17764 | <p class="Heading10">Memory Management <span class= |
| 17765 | "HeadingNote"><span style= |
| 17766 | 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span> |
| 17767 | <span class="HeadingNote"><span style= |
| 17768 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>3</span></span><span class="HeadingNote"> |
| 17769 | <span style= |
| 17770 | 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p> |
| 17771 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17772 | 'font-size:10.0pt'>dependent</span></span></p> |
| 17773 | <p class="IndentText"><span class="Annot"><span style= |
| 17774 | 'font-size:10.0pt;font-family: "Times New Roman"'>A reference to |
| 17775 | externally-owned storage. (Section</span></span> |
| 17776 | <span class="Annot"><span style= |
| 17777 | 'font-size:10.0pt;font-family:"Times New Roman"'>5.2.2</span></span><span class="Annot"> |
| 17778 | <span style= |
| 17779 | 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p> |
| 17780 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17781 | 'font-size:10.0pt'>keep</span></span></p> |
| 17782 | <p class="IndentText"><span class="Annot"><span style= |
| 17783 | 'font-size:10.0pt;font-family: "Times New Roman"'>A parameter that |
| 17784 | is kept by the called function. The caller may use the |
| 17785 | storage after the call, but the called function is responsible for |
| 17786 | making sure it is deallocated. (Section</span></span> |
| 17787 | <span class="Annot"><span style= |
| 17788 | 'font-size:10.0pt;font-family:"Times New Roman"'>5.2.4</span></span><span class="Annot"> |
| 17789 | <span style= |
| 17790 | 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p> |
| 17791 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17792 | 'font-size:10.0pt'>killref</span></span></p> |
| 17793 | <p class="IndentText">A <span class="Annot"><span style= |
| 17794 | 'font-size:10.0pt'>refcounted</span></span> parameter. This |
| 17795 | reference is killed by the call. (Section 5.4)</p> |
| 17796 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17797 | 'font-size:10.0pt'>only</span></span></p> |
| 17798 | <p class="IndentText"><span class="Annot"><span style= |
| 17799 | 'font-size:10.0pt;font-family: "Times New Roman"'>An unshared |
| 17800 | reference. Associated memory must be released before |
| 17801 | reference is lost. |
| 17802 | (Section </span></span><span class="Annot"><span style= |
| 17803 | 'font-size:10.0pt;font-family:"Times New Roman"'>5.2</span></span><span class="Annot"> |
| 17804 | <span style= |
| 17805 | 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p> |
| 17806 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17807 | 'font-size:10.0pt'>owned</span></span></p> |
| 17808 | <p class="IndentText"><span class="Annot"><span style= |
| 17809 | 'font-size:10.0pt;font-family: "Times New Roman"'>Storage may be |
| 17810 | shared by dependent references, but associated memory must be |
| 17811 | released before this reference is lost. |
| 17812 | (Section</span></span> <span class="Annot"><span style= |
| 17813 | 'font-size:10.0pt;font-family:"Times New Roman"'>5.2.2</span></span><span class="Annot"> |
| 17814 | <span style= |
| 17815 | 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p> |
| 17816 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17817 | 'font-size:10.0pt'>shared</span></span></p> |
| 17818 | <p class="IndentText"><span class="Annot"><span style= |
| 17819 | 'font-size:10.0pt;font-family: "Times New Roman"'>Shared reference |
| 17820 | that is never deallocated. (Section</span></span> |
| 17821 | <span class="Annot"><span style= |
| 17822 | 'font-size:10.0pt;font-family:"Times New Roman"'>5.2.5</span></span><span class="Annot"> |
| 17823 | <span style= |
| 17824 | 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p> |
| 17825 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17826 | 'font-size:10.0pt'>temp</span></span></p> |
| 17827 | <p class="IndentText">A temporary parameter. May not be |
| 17828 | released, and new aliases to it may not be created. (Section |
| 17829 | 5.2.2)</p> |
| 17830 | <p class="Heading10">Aliasing <span class= |
| 17831 | "HeadingNote"><span style= |
| 17832 | 'font-size: 10.5pt;font-weight:normal;font-style:normal'>(Section</span></span> |
| 17833 | <span class="HeadingNote"><span style= |
| 17834 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>6</span></span><span class="HeadingNote"> |
| 17835 | <span style= |
| 17836 | 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p> |
| 17837 | <p class="beforelist">Both alias annotations may be used on a |
| 17838 | parameter declaration.</p> |
| 17839 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17840 | 'font-size:10.0pt'>unique</span></span></p> |
| 17841 | <p class="IndentText"><span class="Annot"><span style= |
| 17842 | 'font-size:10.0pt;font-family: "Times New Roman"'>Parameter that |
| 17843 | may not be aliased by any other reference visible to the function. |
| 17844 | (Section </span></span><span class="Annot"><span style= |
| 17845 | 'font-size:10.0pt;font-family:"Times New Roman"'>6.1.1</span></span><span class="Annot"> |
| 17846 | <span style= |
| 17847 | 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p> |
| 17848 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17849 | 'font-size:10.0pt'>returned</span></span></p> |
| 17850 | <p class="IndentText"><span class="Annot"><span style= |
| 17851 | 'font-size:10.0pt;font-family: "Times New Roman"'>Parameter that |
| 17852 | may be aliased by the return value. (Section</span></span> |
| 17853 | <span class="Annot"><span style= |
| 17854 | 'font-size:10.0pt;font-family:"Times New Roman"'>6.1.2</span></span><span class="Annot"> |
| 17855 | <span style= |
| 17856 | 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p> |
| 17857 | <p class="Heading10">Exposure <span class= |
| 17858 | "HeadingNote"><span style= |
| 17859 | 'font-size: 10.5pt;font-weight:normal;font-style:normal'>(Section</span></span> |
| 17860 | <span class="HeadingNote"><span style= |
| 17861 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>6.2</span></span><span class="HeadingNote"> |
| 17862 | <span style= |
| 17863 | 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p> |
| 17864 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17865 | 'font-size:10.0pt'>observer</span></span></p> |
| 17866 | <p class="IndentText"><span class="Annot"><span style= |
| 17867 | 'font-size:10.0pt;font-family: "Times New Roman"'>Reference that |
| 17868 | cannot be modified. (Section</span></span> <span class= |
| 17869 | "Annot"><span style= |
| 17870 | 'font-size:10.0pt;font-family:"Times New Roman"'>6.2.1</span></span><span class="Annot"> |
| 17871 | <span style= |
| 17872 | 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p> |
| 17873 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17874 | 'font-size:10.0pt'>exposed</span></span></p> |
| 17875 | <p class="IndentText"><span class="Annot"><span style= |
| 17876 | 'font-size:10.0pt;font-family: "Times New Roman"'>Exposed reference |
| 17877 | to storage in another object. (Section</span></span> |
| 17878 | <span class="Annot"><span style= |
| 17879 | 'font-size:10.0pt;font-family:"Times New Roman"'>6.2</span></span><span class="Annot"> |
| 17880 | <span style= |
| 17881 | 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p> |
| 17882 | <p class="Heading10">Definition State <span class= |
| 17883 | "HeadingNote"><span style= |
| 17884 | 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span> |
| 17885 | <span class="HeadingNote"><span style= |
| 17886 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>3</span></span><span class="HeadingNote"> |
| 17887 | <span style= |
| 17888 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>)</span></span></p> |
| 17889 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17890 | 'font-size:10.0pt'>out</span></span></p> |
| 17891 | <p class="IndentText"><span class="Annot"><span style= |
| 17892 | 'font-size:10.0pt;font-family: "Times New Roman"'>Storage reachable |
| 17893 | from reference need not be defined.</span></span></p> |
| 17894 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17895 | 'font-size:10.0pt'>in</span></span></p> |
| 17896 | <p class="IndentText"><span class="Annot"><span style= |
| 17897 | 'font-size:10.0pt;font-family: "Times New Roman"'>All storage |
| 17898 | reachable from reference must be defined.</span></span></p> |
| 17899 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17900 | 'font-size:10.0pt'>partial</span></span></p> |
| 17901 | <p class="IndentText"><span class="Annot"><span style= |
| 17902 | 'font-size:10.0pt;font-family: "Times New Roman"'>Partially |
| 17903 | defined. A structure may have undefined fields. No |
| 17904 | errors reported when fields are used.</span></span></p> |
| 17905 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17906 | 'font-size:10.0pt'>reldef</span></span></p> |
| 17907 | <p class="IndentText"><span class="Annot"><span style= |
| 17908 | 'font-size:10.0pt;font-family: "Times New Roman"'>Relax definition |
| 17909 | checking. No errors when reference is not defined, or when it |
| 17910 | is used.</span></span></p> |
| 17911 | <p class="Heading10">Global State <span class= |
| 17912 | "TextFontCXChar"><span style= |
| 17913 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 17914 | 7.2.2)</span></span></p> |
| 17915 | <p class="TextFontCX">These annotations may only be used in globals |
| 17916 | lists. Both annotations may be used for the same variable, to |
| 17917 | mean the variable is undefined before and after the call.</p> |
| 17918 | <p class="TextFontCX"> </p> |
| 17919 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17920 | 'font-size:10.0pt'>undef</span></span></p> |
| 17921 | <p class="IndentText"><span class="Annot"><span style= |
| 17922 | 'font-size:10.0pt;font-family: "Times New Roman"'>Variable is |
| 17923 | undefined before the call.</span></span></p> |
| 17924 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17925 | 'font-size:10.0pt'>killed</span></span></p> |
| 17926 | <p class="IndentText"><span class="Annot"><span style= |
| 17927 | 'font-size:10.0pt;font-family: "Times New Roman"'>Variable is |
| 17928 | undefined after the call.</span></span></p> |
| 17929 | <p class="Heading10">Null State <span class= |
| 17930 | "HeadingNote"><span style= |
| 17931 | 'font-size: 10.5pt;font-weight:normal;font-style:normal'>(Section</span></span> |
| 17932 | <span class="HeadingNote"><span style= |
| 17933 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>2</span></span><span class="HeadingNote"> |
| 17934 | <span style= |
| 17935 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>)</span></span></p> |
| 17936 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17937 | 'font-size:10.0pt'>null</span></span></p> |
| 17938 | <p class="IndentText"><span class="Annot"><span style= |
| 17939 | 'font-size:10.0pt;font-family: "Times New Roman"'>Possibly null |
| 17940 | pointer.</span></span></p> |
| 17941 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17942 | 'font-size:10.0pt'>notnull</span></span><span class= |
| 17943 | "Annot"><span style= |
| 17944 | 'font-size:10.0pt'> </span></span></p> |
| 17945 | <p class="IndentText"><span class="Annot"><span style= |
| 17946 | 'font-size:10.0pt;font-family: "Times New Roman"'>Non-null |
| 17947 | pointer.</span></span></p> |
| 17948 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17949 | 'font-size:10.0pt'>relnull</span></span></p> |
| 17950 | <p class="IndentText"><span class="Annot"><span style= |
| 17951 | 'font-size:10.0pt;font-family: "Times New Roman"'>Relax null |
| 17952 | checking. No errors when</span></span> <span class= |
| 17953 | "CodeText"><span style= |
| 17954 | 'font-size:10.0pt'>NULL</span></span><span class= |
| 17955 | "Annot"><span style= |
| 17956 | 'font-size:10.0pt;font-family:"Times New Roman"'>is assigned to it, |
| 17957 | or when it is used as a non-null pointer.</span></span></p> |
| 17958 | <p class="Heading10">Null Predicates <span class= |
| 17959 | "HeadingNote"><span style= |
| 17960 | 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span> |
| 17961 | <span class="HeadingNote"><span style= |
| 17962 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>2.1.1</span></span><span class="HeadingNote"> |
| 17963 | <span style= |
| 17964 | 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p> |
| 17965 | <p class="beforelist">A null predicate annotation may be used of |
| 17966 | the return value of a function returning a Boolean type, taking a |
| 17967 | possibly-null pointer for its first argument.</p> |
| 17968 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17969 | 'font-size:10.0pt'>nullwhentrue</span></span></p> |
| 17970 | <p class="IndentText"><span class="Annot"><span style= |
| 17971 | 'font-size:10.0pt;font-family: "Times New Roman"'>If result is |
| 17972 | true, first parameter is</span></span> <span class= |
| 17973 | "CodeText"><span style= |
| 17974 | 'font-size:10.0pt'>NULL</span></span><span class= |
| 17975 | "Annot"><span style= |
| 17976 | 'font-size:10.0pt;font-family:"Times New Roman"'>.</span></span></p> |
| 17977 | <p class="TextFontCX"><span class="Annot"><span style= |
| 17978 | 'font-size:10.0pt'>falsewhennull</span></span></p> |
| 17979 | <p class="IndentText"><span class="Annot"><span style= |
| 17980 | 'font-size:10.0pt;font-family: "Times New Roman"'>If result |
| 17981 | is</span></span> <span class="CodeText"><span style= |
| 17982 | 'font-size:10.0pt'>TRUE</span></span><span class= |
| 17983 | "Annot"><span style= |
| 17984 | 'font-size:10.0pt;font-family:"Times New Roman"'>, first parameter |
| 17985 | is not</span></span> <span class="CodeText"><span style= |
| 17986 | 'font-size:10.0pt'>NULL</span></span><span class= |
| 17987 | "Annot"><span style= |
| 17988 | 'font-size:10.0pt;font-family:"Times New Roman"'>.</span></span></p> |
| 17989 | <p class="Heading10">Execution <span class= |
| 17990 | "HeadingNote"><span style= |
| 17991 | 'font-size: 10.5pt;font-weight:normal;font-style:normal'>(Section</span></span> |
| 17992 | <span class="HeadingNote"><span style= |
| 17993 | 'font-size:10.5pt;font-weight:normal;font-style: normal'>8.1</span></span><span class="HeadingNote"> |
| 17994 | <span style= |
| 17995 | 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p> |
| 17996 | <p class="beforelist">The <span class="Annot"><span style= |
| 17997 | 'font-size:10.0pt'>noreturn</span></span>, <span class= |
| 17998 | "Annot"><span style='font-size:10.0pt'>maynotreturn</span></span> |
| 17999 | and <span class="Annot"><span style= |
| 18000 | 'font-size:10.0pt'>alwaysreturn</span></span> annotations may be |
| 18001 | used on any function. The <span class= |
| 18002 | "Annot"><span style='font-size:10.0pt'>noreturnwhentrue</span></span> |
| 18003 | and <span class="Annot"><span style= |
| 18004 | 'font-size:10.0pt'>noreturnwhenfalse</span></span> |
| 18005 | annotations may only be used on functions whose first |
| 18006 | argument is a Boolean. </p> |
| 18007 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18008 | 'font-size:10.0pt'>noreturn</span></span><span class= |
| 18009 | "Annot"><span style= |
| 18010 | 'font-size:10.0pt'> </span></span></p> |
| 18011 | <p class="IndentText"><span class="Annot"><span style= |
| 18012 | 'font-size:10.0pt;font-family: "Times New Roman"'>Function never |
| 18013 | returns.</span></span></p> |
| 18014 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18015 | 'font-size:10.0pt'>maynotreturn</span></span></p> |
| 18016 | <p class="IndentText"><span class="Annot"><span style= |
| 18017 | 'font-size:10.0pt;font-family: "Times New Roman"'>Function may or |
| 18018 | may not return.</span></span></p> |
| 18019 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18020 | 'font-size:10.0pt'>noreturnwhentrue</span></span></p> |
| 18021 | <p class="IndentText"><span class="Annot"><span style= |
| 18022 | 'font-size:10.0pt;font-family: "Times New Roman"'>Function does not |
| 18023 | return if first parameter is</span></span> <span class= |
| 18024 | "Keyword"><span style= |
| 18025 | 'font-size:10.0pt'>TRUE</span></span><span class= |
| 18026 | "Annot"><span style= |
| 18027 | 'font-size:10.0pt;font-family:"Times New Roman"'>.</span></span></p> |
| 18028 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18029 | 'font-size:10.0pt'>noreturnwhenfalse</span></span></p> |
| 18030 | <p class="IndentText"><span class="Annot"><span style= |
| 18031 | 'font-size:10.0pt;font-family: "Times New Roman"'>Function does not |
| 18032 | return if first parameter if</span></span> <span class= |
| 18033 | "Keyword"><span style= |
| 18034 | 'font-size:10.0pt'>FALSE</span></span><span class= |
| 18035 | "Annot"><span style= |
| 18036 | 'font-size:10.0pt;font-family:"Times New Roman"'>.</span></span></p> |
| 18037 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18038 | 'font-size:10.0pt'>alwaysreturn</span></span></p> |
| 18039 | <p class="IndentText"><span class="Annot"><span style= |
| 18040 | 'font-size:10.0pt;font-family: "Times New Roman"'>Function always |
| 18041 | returns.</span></span></p> |
| 18042 | <p class="Heading10">Side Effects <span style= |
| 18043 | 'font-size:10.5pt;font-weight: normal'>(Section 11.2.1)</span></p> |
| 18044 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18045 | 'font-size:10.0pt'>sef</span></span></p> |
| 18046 | <p class="IndentText"><span class="Annot"><span style= |
| 18047 | 'font-size:10.0pt;font-family:"Times New Roman"'>Corresponding |
| 18048 | actual parameter has no side effects.</span></span></p> |
| 18049 | <p class="Heading10">Declarations</p> |
| 18050 | <p class="beforelist">These annotations can be used on a |
| 18051 | declaration to control unused or undefined error reporting.</p> |
| 18052 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18053 | 'font-size:10.0pt'>unused</span></span></p> |
| 18054 | <p class="IndentText"><span class="Annot"><span style= |
| 18055 | 'font-size:10.0pt;font-family: "Times New Roman"'>Identifier need |
| 18056 | not be used (no unused errors reported.) |
| 18057 | (Section</span></span> <span class="Annot"><span style= |
| 18058 | 'font-size:10.0pt;font-family:"Times New Roman"'>13.1</span></span><span class="Annot"> |
| 18059 | <span style= |
| 18060 | 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p> |
| 18061 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18062 | 'font-size:10.0pt'>external</span></span></p> |
| 18063 | <p class="IndentText"><span class="Annot"><span style= |
| 18064 | 'font-size:10.0pt;font-family: "Times New Roman"'>Identifier is |
| 18065 | defined externally (no undefined error reported.) |
| 18066 | (Section</span></span> <span class="Annot"><span style= |
| 18067 | 'font-size:10.0pt;font-family:"Times New Roman"'>13.2</span></span><span class="Annot"> |
| 18068 | <span style= |
| 18069 | 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p> |
| 18070 | <p class="Heading10">Switch Statements</p> |
| 18071 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18072 | 'font-size:10.0pt'>fallthrough</span></span></p> |
| 18073 | <p class="IndentText"><span class="Annot"><span style= |
| 18074 | 'font-size:10.0pt;font-family:"Times New Roman"'>Fall through |
| 18075 | case. No message is reported if the previous case may fall |
| 18076 | through into the one immediately after the</span></span> |
| 18077 | <span class="Annot"><span style= |
| 18078 | 'font-size:10.0pt'>fallthrough</span></span><span class= |
| 18079 | "Annot"><span style= |
| 18080 | 'font-size:10.0pt;font-family:"Times New Roman"'>.</span></span></p> |
| 18081 | <p class="Heading10">Break and Continue Statements |
| 18082 | <span class="TextFontCXChar"><span style= |
| 18083 | 'font-size:11.0pt; font-weight:normal'>(Section |
| 18084 | 8.3.3)</span></span></p> |
| 18085 | <p class="beforelist">These annotations are used before a |
| 18086 | <span class="CodeText"><span style= |
| 18087 | 'font-size:10.0pt'>break</span></span> or <span class= |
| 18088 | "CodeText"><span style='font-size:10.0pt'>continue</span></span> |
| 18089 | statement.</p> |
| 18090 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18091 | 'font-size:10.0pt'>innerbreak</span></span></p> |
| 18092 | <p class="IndentText"><span class="Annot"><span style= |
| 18093 | 'font-size:10.0pt;font-family: "Times New Roman"'>Break is breaking |
| 18094 | an inner loop or switch.</span></span></p> |
| 18095 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18096 | 'font-size:10.0pt'>loopbreak</span></span></p> |
| 18097 | <p class="IndentText"><span class="Annot"><span style= |
| 18098 | 'font-size:10.0pt;font-family: "Times New Roman"'>Break is breaking |
| 18099 | a loop.</span></span></p> |
| 18100 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18101 | 'font-size:10.0pt'>switchbreak</span></span></p> |
| 18102 | <p class="IndentText"><span class="Annot"><span style= |
| 18103 | 'font-size:10.0pt;font-family: "Times New Roman"'>Break is breaking |
| 18104 | a switch.</span></span></p> |
| 18105 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18106 | 'font-size:10.0pt'>innercontinue</span></span><span class= |
| 18107 | "Annot"><span style= |
| 18108 | 'font-size:10.0pt'><i> </i></span></span></p> |
| 18109 | <p class="IndentText"><span class="Annot"><span style= |
| 18110 | 'font-size:10.0pt;font-family: "Times New Roman"'>Continue is |
| 18111 | continuing an inner loop.</span></span></p> |
| 18112 | <p class="Heading10">Unreachable Code</p> |
| 18113 | <p class="beforelist">This annotation is used before a statement to |
| 18114 | prevent unreachable code errors.</p> |
| 18115 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18116 | 'font-size:10.0pt'>notreached</span></span></p> |
| 18117 | <p class="IndentText"><span class="Annot"><span style= |
| 18118 | 'font-size:10.0pt;font-family: "Times New Roman"'>Statement may be |
| 18119 | unreachable.</span></span></p> |
| 18120 | <p class="Heading10">Format String Arguments </p> |
| 18121 | <p class="beforelist">These annotations are used immediately before |
| 18122 | a function declaration.</p> |
| 18123 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18124 | 'font-size:10.0pt'>printflike</span></span></p> |
| 18125 | <p class="IndentText"><span class="Annot"><span style= |
| 18126 | 'font-size:10.0pt;font-family: "Times New Roman"'>Check variable |
| 18127 | arguments like</span></span> <span class= |
| 18128 | "CodeText"><span style='font-size:10.0pt'>printf</span></span><span class="Annot"> |
| 18129 | <span style= |
| 18130 | 'font-size:10.0pt;font-family:"Times New Roman"'>library |
| 18131 | function. </span></span></p> |
| 18132 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18133 | 'font-size:10.0pt'>scanflike</span></span></p> |
| 18134 | <p class="IndentText"><span class="Annot"><span style= |
| 18135 | 'font-size:10.0pt;font-family: "Times New Roman"'>Check variable |
| 18136 | arguments like</span></span> <span class= |
| 18137 | "CodeText"><span style='font-size:10.0pt'>scanf</span></span><a name="_Toc344355453"> |
| 18138 | </a><a name="_Ref343091002"></a><a name= |
| 18139 | "_Ref343065628"><span class="Annot"><span style= |
| 18140 | 'font-size:10.0pt;font-family:"Times New Roman"'>library |
| 18141 | function.</span></span></a></p> |
| 18142 | <p class="Heading10"><a name="_Ref348789839">Use Warnings</a></p> |
| 18143 | <p class="beforelist">These annotations are used immediately before |
| 18144 | a function, variable or type declaration.</p> |
| 18145 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18146 | 'font-size:10.0pt'>warn <i><flag-specifier></i> |
| 18147 | <i><message></i></span></span></p> |
| 18148 | <p class="IndentText">Issue a warning (controlled by |
| 18149 | <span class="Flag"><span style= |
| 18150 | 'font-size:10.0pt'>flag-specifier</span></span>) where this |
| 18151 | declarator is used.</p> |
| 18152 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 18153 | <a name="_Toc534975071">Macro Expansion</a></p> |
| 18154 | <p class="TextFontCX"><a href= |
| 18155 | "mailto:/*@notfunction@*/"><span class="Annot"><span style= |
| 18156 | 'font-size:10.0pt'>/*@notfunction@*/</span></span></a></p> |
| 18157 | <p class="IndentText">The next macro definition is not intended to |
| 18158 | be a function, and should be expanded in line instead of checked as |
| 18159 | a macro function definition.</p> |
| 18160 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 18161 | <a name="_Toc534975072">Arbitrary Integral Types</a></p> |
| 18162 | <p class="TextFontCX">These annotations are used to represent |
| 18163 | arbitrary integral types. Syntactically, they replace the |
| 18164 | implicit <span class="Flag"><span style= |
| 18165 | 'font-size:10.0pt'>int</span></span> type.</p> |
| 18166 | <p class="TextFontCX"> </p> |
| 18167 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18168 | 'font-size:10.0pt'>/*@integraltype@*/</span></span></p> |
| 18169 | <p class="IndentText">An arbitrary integral type. The actual |
| 18170 | type may be any one of <span class="CodeText"><span style= |
| 18171 | 'font-size:10.0pt'>short</span></span>, <span class= |
| 18172 | "CodeText"><span style='font-size:10.0pt'>int</span></span>, |
| 18173 | <span class="CodeText"><span style= |
| 18174 | 'font-size:10.0pt'>long</span></span>, <span class= |
| 18175 | "CodeText"><span style='font-size:10.0pt'>unsigned |
| 18176 | short</span></span>, <span class="CodeText"><span style= |
| 18177 | 'font-size:10.0pt'>unsigned</span></span>, or <span class= |
| 18178 | "CodeText"><span style='font-size:10.0pt'>unsigned |
| 18179 | long</span></span>.</p> |
| 18180 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18181 | 'font-size:10.0pt'>/*@unsignedintegraltype@*/</span></span></p> |
| 18182 | <p class="IndentText">An arbitrary unsigned integral type. |
| 18183 | The actual type may be any one of <span class= |
| 18184 | "CodeText"><span style='font-size:10.0pt'>unsigned |
| 18185 | short</span></span>, <span class="CodeText"><span style= |
| 18186 | 'font-size:10.0pt'>unsigned</span></span>, or <span class= |
| 18187 | "CodeText"><span style='font-size:10.0pt'>unsigned |
| 18188 | long</span></span>.</p> |
| 18189 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18190 | 'font-size:10.0pt'>/*@signedintegraltype@*/</span></span></p> |
| 18191 | <p class="IndentText">An arbitrary signed integral type. The |
| 18192 | actual type may be any one of <span class= |
| 18193 | "CodeText"><span style='font-size:10.0pt'>short</span></span>, |
| 18194 | <span class="CodeText"><span style= |
| 18195 | 'font-size:10.0pt'>int</span></span>, or <span class= |
| 18196 | "CodeText"><span style= |
| 18197 | 'font-size:10.0pt'>long</span></span>.</p> |
| 18198 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 18199 | <a name="_Toc534975073"></a><a name="_Ref347471625">Traditional |
| 18200 | Lint Comments</a></p> |
| 18201 | <p class="TextFontCX">Some of the control comments supported by |
| 18202 | most standard UNIX lints are supported by Splint so legacy systems |
| 18203 | can be checked more easily. These comments are not lexically |
| 18204 | consistent with Splint comments, and their meanings are less |
| 18205 | precise (and may vary between different lint programs), so we |
| 18206 | recommend that Splint comments are used instead except for checking |
| 18207 | legacy systems already containing standard lint comments.</p> |
| 18208 | <p class="TextFontCX"> </p> |
| 18209 | <p class="beforelist">These standard lint comments supported by |
| 18210 | Splint:</p> |
| 18211 | <p class="TextFontCX"><span class="Annot"><span style= |
| 18212 | 'font-size:10.0pt'>/*FALLTHROUGH*/</span></span> (alternate |
| 18213 | misspelling, <span class="Annot"><span style= |
| 18214 | 'font-size:10.0pt'>/*FALLTHRU*/</span></span>)</p> |
| 18215 | <p class="IndentText">Prevents errors for fall through cases. |
| 18216 | Same meaning as <span class="Annot"><span style= |
| 18217 | 'font-size:10.0pt'>/*@fallthrough@*/</span></span>.</p> |
| 18218 | <p class="MsoListBullet"><span class="Annot"><span style= |
| 18219 | 'font-size:10.0pt'>/*NOTREACHED*/</span></span></p> |
| 18220 | <p class="IndentText">Prevents errors about unreachable code (until |
| 18221 | the end of the function). Same meaning as <span class= |
| 18222 | "Annot"><span style= |
| 18223 | 'font-size:10.0pt'>/*@notreached@*/</span></span>. </p> |
| 18224 | <p class="MsoListBullet"><span class="Annot"><span style= |
| 18225 | 'font-size:10.0pt'>/*PRINTFLIKE*/</span></span></p> |
| 18226 | <p class="indentbefore">Arguments similar to the <span class= |
| 18227 | "CodeText"><span style='font-size:10.0pt'>printf</span></span> |
| 18228 | library function (there didn’t seem to be much of a consensus |
| 18229 | among standard lints as to exactly what this means). Splint |
| 18230 | supports:</p> |
| 18231 | <p class="IndentText"><span class="Annot"><span style= |
| 18232 | 'font-size:10.0pt'>/*@printflike@*/</span></span></p> |
| 18233 | <p class="IndentText" style='margin-left:.5in'>Function takes zero |
| 18234 | or more arguments of any type, an unmodified <span class= |
| 18235 | "CodeText"><span style='font-size:10.0pt'>char *</span></span> |
| 18236 | format string argument and zero of more arguments of type and |
| 18237 | number dictated by the format string. Format codes are |
| 18238 | interpreted identically to the <span class= |
| 18239 | "CodeText"><span style='font-size:10.0pt'>printf</span></span> |
| 18240 | standard library function. May return a result of any |
| 18241 | type. (Splint interprets <span class= |
| 18242 | "Annot"><span style= |
| 18243 | 'font-size:10.0pt'>/*PRINTFLIKE*/</span></span> as |
| 18244 | <span class="Annot"><span style= |
| 18245 | 'font-size:10.0pt'>/*@printflike@*/</span></span>.)</p> |
| 18246 | <p class="IndentText"><span class="Annot"><span style= |
| 18247 | 'font-size:10.0pt'>/*@scanflike@*/</span></span></p> |
| 18248 | <p class="IndentText" style='margin-left:.5in'>Like |
| 18249 | <span class="Annot"><span style= |
| 18250 | 'font-size:10.0pt'>printflike</span></span>, except format |
| 18251 | codes are interpreted as in the <span class= |
| 18252 | "CodeText"><span style='font-size:10.0pt'>scanf</span></span> |
| 18253 | library function.</p> |
| 18254 | <p class="IndentText"> </p> |
| 18255 | <p class="MsoListBullet" style='margin-left:0in;text-indent:0in'> |
| 18256 | <span class="Annot"><span style= |
| 18257 | 'font-size:10.0pt'>/*ARGSUSED*/</span></span></p> |
| 18258 | <p class="IndentText">Turns off unused parameter messages for this |
| 18259 | function. The control comment, <span class= |
| 18260 | "Annot"><span style= |
| 18261 | 'font-size:10.0pt'>/*@‑paramuse</span></span><span class="Annot"> |
| 18262 | <span style='font-size:10.0pt'>@*/</span></span> can be used to the |
| 18263 | same effect, or <span class="Annot"><span style= |
| 18264 | 'font-size:10.0pt'>/*@unused@*/</span></span> can be used in |
| 18265 | individual parameter declarations.</p> |
| 18266 | <p class="IndentText"> </p> |
| 18267 | <p class="TextFontCX">Splint will ignore standard lint comments if |
| 18268 | <span class="Flag"><span style= |
| 18269 | 'font-size:10.0pt'>-lint-comments</span></span> is used. If |
| 18270 | <span class="Flag"><span style= |
| 18271 | 'font-size:10.0pt'>+warn-lint-comments</span></span> is used, |
| 18272 | Splint generates a message for standard lint comments and suggest |
| 18273 | replacements<a name="_Ref348801565">.</a></p> |
| 18274 | <p class="MsoHeading8" style='margin-left:0in;text-indent:0in'> |
| 18275 | <a name="_Toc534975074">Metastate Definitions</a></p> |
| 18276 | <p class="TextFontCX">The grammar for <span class= |
| 18277 | "ProgramNameChar">.mts</span> files is shown below.</p> |
| 18278 | <p class="MsoNormal"> </p> |
| 18279 | <p class="TextFontCX" align="left" style= |
| 18280 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18281 | "FR">metastate</span></i> <span lang="FR"> </span> |
| 18282 | <span style='font-family:Symbol'>Þ</span> <span lang= |
| 18283 | "FR">[</span> <span class="Annot"><span style= |
| 18284 | 'font-size:10.0pt'>global</span></span> <span lang="FR">]</span> |
| 18285 | <span class="Annot"><span style= |
| 18286 | 'font-size:10.0pt'>attribute</span></span> <i><span lang= |
| 18287 | "FR">identifier clause*</span></i> <span class= |
| 18288 | "Annot"><span style='font-size: 10.0pt'>end</span></span></p> |
| 18289 | <p class="TextFontCX" align="left" style= |
| 18290 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18291 | "FR">clause</span></i> <span lang= |
| 18292 | "FR"> </span> <span style= |
| 18293 | 'font-family:Symbol'>Þ</span> <i><span lang= |
| 18294 | "FR">contextClause</span></i> <span lang="FR">| <i>valuesClause</i> |
| 18295 | | <i>defaultClause | defaultsClause</i></span></p> |
| 18296 | <p class="TextFontCX" align="left" style= |
| 18297 | 'margin-left: .75in;text-align:left;text-indent:.25in'> |
| 18298 | <i><span lang="FR"> </span></i> |
| 18299 | <span lang="FR">| <i>annotationsClause</i> | <i>mergeClause | |
| 18300 | transfersClause | loserefClause</i></span></p> |
| 18301 | <p class="TextFontCX" align="left" style= |
| 18302 | 'margin-left: 1.25in;text-align:left'><i><span lang="FR">| |
| 18303 | preconditionsClause | postconditionsClause</span></i></p> |
| 18304 | <p class="TextFontCX" align="left" style= |
| 18305 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18306 | "FR">contextClause</span></i><span style= |
| 18307 | 'font-family:Symbol'>Þ</span> <span class= |
| 18308 | "Annot"><span style='font-size: 10.0pt'>context</span></span> |
| 18309 | <i><span lang="FR">contextSelector</span></i></p> |
| 18310 | <p class="TextFontCX" align="left" style= |
| 18311 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18312 | "FR">contextSelector</span></i> <span style= |
| 18313 | 'font-family:Symbol'>Þ</span> <span lang="FR">(</span> |
| 18314 | <span class="Annot"><span style= |
| 18315 | 'font-size:10.0pt'>parameter</span></span> <span lang="FR">|</span> |
| 18316 | <span class="Annot"><span style= |
| 18317 | 'font-size:10.0pt'>reference</span></span> <span lang="FR">|</span> |
| 18318 | <span class="Annot"><span style= |
| 18319 | 'font-size:10.0pt'>result</span></span> <span lang="FR">|</span> |
| 18320 | <span class="Annot"><span style= |
| 18321 | 'font-size:10.0pt'>clause</span></span> <span lang="FR">|</span> |
| 18322 | <span class="Annot"><span style= |
| 18323 | 'font-size:10.0pt'>literal</span></span> <span lang="FR">|</span> |
| 18324 | <span class="Annot"><span style= |
| 18325 | 'font-size:10.0pt'>null</span></span> <span lang="FR">) [ |
| 18326 | <i>type</i> ]</span></p> |
| 18327 | <p class="TextFontCX" align="left" style= |
| 18328 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18329 | "FR">valuesClause</span></i><span style= |
| 18330 | 'font-family:Symbol'>Þ</span> <span class= |
| 18331 | "Annot"><span style='font-size: 10.0pt'>oneof</span></span> |
| 18332 | <i>valueChoice</i>,*</p> |
| 18333 | <p class="TextFontCX" align="left" style= |
| 18334 | 'margin-left: .25in;text-align:left'> </p> |
| 18335 | <p class="TextFontCX" align="left" style= |
| 18336 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18337 | "FR">defaultClause</span></i> <span style= |
| 18338 | 'font-family:Symbol'>Þ</span> <span class= |
| 18339 | "Annot"><span style='font-size: 10.0pt'>default</span></span> |
| 18340 | <i>valueChoide</i></p> |
| 18341 | <p class="TextFontCX" align="left" style= |
| 18342 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18343 | "FR">defaultsClause</span></i><span style= |
| 18344 | 'font-family:Symbol'>Þ</span> <span class= |
| 18345 | "Annot"><span style='font-size: 10.0pt'>defaults</span></span> |
| 18346 | <span lang="FR">( <i>contextSelector</i></span> <span class= |
| 18347 | "Annot"><span style='font-size:10.0pt'>==></span></span> |
| 18348 | <i>valueChoice</i> <span lang="FR">)*</span></p> |
| 18349 | <p class="TextFontCX" align="left" style= |
| 18350 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18351 | "FR"> </span></i></p> |
| 18352 | <p class="TextFontCX" align="left" style= |
| 18353 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18354 | "FR">annotationsClause</span></i><span style= |
| 18355 | 'font-family:Symbol'>Þ</span> <span class= |
| 18356 | "Annot"><span style='font-size: 10.0pt'>annotations</span></span> |
| 18357 | ( <i>identifier</i> [ <i><span lang= |
| 18358 | "FR">contextSelector</span></i> <span lang="FR">]</span> |
| 18359 | <span class="Annot"><span style= |
| 18360 | 'font-size: 10.0pt'>==></span></span> <i>valueChoice</i> |
| 18361 | )<i><span lang="FR">*</span></i></p> |
| 18362 | <p class="TextFontCX" align="left" style= |
| 18363 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18364 | "FR"> </span></i></p> |
| 18365 | <p class="TextFontCX" align="left" style= |
| 18366 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18367 | "FR">mergeClause</span></i><span style= |
| 18368 | 'font-family:Symbol'>Þ</span> <span class= |
| 18369 | "Annot"><span style='font-size: 10.0pt'>merge</span></span> ( |
| 18370 | <i>mergeItem</i> <span class="Annot"><span style= |
| 18371 | 'font-size:10.0pt'>+</span></span> <i>mergeItem</i> |
| 18372 | <span class="Annot"><span style= |
| 18373 | 'font-size:10.0pt'>==></span></span> <i>transferAction</i> |
| 18374 | )<i><span lang="FR">*</span></i></p> |
| 18375 | <p class="TextFontCX" align="left" style= |
| 18376 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18377 | "FR">mergeItem</span></i><span style= |
| 18378 | 'font-family:Symbol'>Þ</span> <i>valueChoice |</i> |
| 18379 | <span class="Annot"><span style= |
| 18380 | 'font-size:10.0pt'>*</span></span></p> |
| 18381 | <p class="TextFontCX" align="left" style= |
| 18382 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18383 | "FR"> </span></i></p> |
| 18384 | <p class="TextFontCX" align="left" style= |
| 18385 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18386 | "FR">transfersClause</span></i><span style= |
| 18387 | 'font-family:Symbol'>Þ</span> <span class= |
| 18388 | "Annot"><span style='font-size: 10.0pt'>transfers</span></span> |
| 18389 | ( <i>valueChoice</i> <span class="Annot"><span style= |
| 18390 | 'font-size:10.0pt'>as</span></span> |
| 18391 | <i>valueChoice</i><span class="Annot"><span style= |
| 18392 | 'font-size:10.0pt'>==></span></span> <i>transferAction</i> |
| 18393 | )<i><span lang="FR">*</span></i></p> |
| 18394 | <p class="TextFontCX" align="left" style= |
| 18395 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18396 | "FR">loserefClause</span></i><span style= |
| 18397 | 'font-family:Symbol'>Þ</span> <span class= |
| 18398 | "Annot"><span style='font-size: 10.0pt'>losereference</span></span> |
| 18399 | ( <i>valueChoice</i> <span class="Annot"><span style= |
| 18400 | 'font-size:10.0pt'>==></span></span> <i>errorAction</i> |
| 18401 | )<i><span lang="FR">*</span></i></p> |
| 18402 | <p class="TextFontCX" align="left" style= |
| 18403 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18404 | "FR"> </span></i></p> |
| 18405 | <p class="TextFontCX" align="left" style= |
| 18406 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18407 | "FR">transferAction</span></i><span style= |
| 18408 | 'font-family:Symbol'>Þ</span> <i>valueChoice | |
| 18409 | errorAction</i></p> |
| 18410 | <p class="TextFontCX" align="left" style= |
| 18411 | 'margin-left: .25in;text-align:left'> |
| 18412 | <i>errorAction</i><span style='font-family:Symbol'>Þ</span> |
| 18413 | <span class="Annot"><span style= |
| 18414 | 'font-size:10.0pt'>error</span></span> [ <i>stringLiteral</i> |
| 18415 | ]</p> |
| 18416 | <p class="TextFontCX" align="left" style= |
| 18417 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18418 | "FR"> </span></i></p> |
| 18419 | <p class="TextFontCX" align="left" style= |
| 18420 | 'margin-left: .25in;text-align:left'><i><span lang= |
| 18421 | "FR">valueChoice</span></i><span style= |
| 18422 | 'font-family:Symbol'>Þ</span> |
| 18423 | <i>identifier</i> </p> |
| 18424 | <p class="TextFontCX"> </p> |
| 18425 | <p class="MsoHeading7" style='margin-left:0in;text-indent:0in'> |
| 18426 | <a name="_Toc534975075"></a><a name="_Ref397875216"></a><a name= |
| 18427 | "_Ref350066976"></a><a name="_Ref348788300">Appendix |
| 18428 | D<span style='font:7.0pt "Times New Roman"'> </span> |
| 18429 | <a id="specifications" name="specifications"> |
| 18430 | Specifications</a> |
| 18431 | </a> |
| 18432 | </p> |
| 18433 | <p class="TextFontCX">Another way of providing more information |
| 18434 | about programs is to use formal specifications. Although this |
| 18435 | document has largely ignored specifications, Splint was originally |
| 18436 | designed to use the information in LCL specifications instead of |
| 18437 | source-code annotations. This document focuses on annotations |
| 18438 | since it takes less effort to add annotations to source code than |
| 18439 | to maintain an additional specification file. Annotations can |
| 18440 | express everything that can be expressed in LCL specifications that |
| 18441 | is relevant to Splint checking. However, LCL specifications |
| 18442 | can provide more precise documentation on program interfaces than |
| 18443 | is possible with Splint annotations. This appendix (extracted |
| 18444 | from [Evans94]) is a very brief introduction to LCL |
| 18445 | Specifications. For more information, consult |
| 18446 | [GH93]. </p> |
| 18447 | <p class="TextFontCX"> </p> |
| 18448 | <p class="TextFontCX">The Larch family of languages is a two-tiered |
| 18449 | approach to formal specification. A specification is built using |
| 18450 | two languages — the <i>Larch Shared Language</i> (LSL), which |
| 18451 | is independent of the implementation language, and a <i>Larch |
| 18452 | Interface Language</i> designed for the specific implementation |
| 18453 | language. An LSL specification defines <i>sorts</i>, |
| 18454 | analogous to abstract types in a programming language, and |
| 18455 | <i>operators</i>, analogous to procedures. It expresses the |
| 18456 | underlying semantics of an abstraction.</p> |
| 18457 | <p class="TextFontCX"> </p> |
| 18458 | <p class="TextFontCX">The interface language specifies an interface |
| 18459 | to an abstraction in a particular programming language. It |
| 18460 | captures the details of the interface needed by a client using the |
| 18461 | abstraction and places constraints on both correct implementations |
| 18462 | and uses of the module. The semantics of the interface are |
| 18463 | described using primitives and sorts and operators defined in LSL |
| 18464 | specifications. Interface languages have been designed for |
| 18465 | several programming languages.</p> |
| 18466 | <p class="TextFontCX"> </p> |
| 18467 | <p class="TextFontCX">LCL [GH93, Tan95] is a Larch interface |
| 18468 | language for Standard C. LCL uses a C-like syntax. |
| 18469 | Traditionally, a C module <span class= |
| 18470 | "Keyword"><i><span style='font-size:10.0pt;font-family:Arial; color:windowtext'> |
| 18471 | M</span></i></span> consists of a source file, <span class= |
| 18472 | "Keyword"><i><span style= |
| 18473 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>M</span></i></span><span class="Keyword"> |
| 18474 | <span style= |
| 18475 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.c</span></span>, |
| 18476 | and a header file, <span class="Keyword"><i><span style= |
| 18477 | 'font-size:10.0pt; font-family:Arial;color:windowtext'>M</span></i></span><span class="Keyword"> |
| 18478 | <span style= |
| 18479 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>. |
| 18480 | The header file contains prototype declarations for functions, |
| 18481 | variables and constants exported by <span class= |
| 18482 | "Keyword"><i><span style= |
| 18483 | 'font-size:10.0pt; font-family:Arial;color:windowtext'>M</span></i></span>, |
| 18484 | as well as those macro definitions that implement exported |
| 18485 | functions or constants, and definitions of exported types. When |
| 18486 | using LCL, a module includes two additional files — |
| 18487 | <span class="Keyword"><i><span style= |
| 18488 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>M</span></i></span><span class="Keyword"> |
| 18489 | <span style= |
| 18490 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lcl</span></span>, |
| 18491 | a formal specification of <span class= |
| 18492 | "Keyword"><i><span style='font-size:10.0pt; font-family:Arial;color:windowtext'> |
| 18493 | M</span></i></span>, and <span class= |
| 18494 | "Keyword"><i><span style='font-size:10.0pt;font-family:Arial;color:windowtext'> |
| 18495 | M</span></i></span><span class="Keyword"><span style= |
| 18496 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lh</span></span>, |
| 18497 | which is derived by Splint (if the <span class= |
| 18498 | "Flag"><span style='font-size:10.0pt'>lh</span></span> flag |
| 18499 | is on) from <span class="Keyword"><i><span style= |
| 18500 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>M</span></i></span><span class="Keyword"> |
| 18501 | <span style= |
| 18502 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lcl</span></span>. |
| 18503 | Clients use <span class="Keyword"><i><span style= |
| 18504 | 'font-size:10.0pt;font-family: Arial;color:windowtext'>M</span></i></span><span class="Keyword"> |
| 18505 | <span style= |
| 18506 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lcl</span></span> |
| 18507 | for documentation, and should not need to look at any |
| 18508 | implementation file. The derived file, <span class= |
| 18509 | "Keyword"><i><span style= |
| 18510 | 'font-size:10.0pt;font-family: Arial;color:windowtext'>M</span></i></span><span class="Keyword"> |
| 18511 | <span style= |
| 18512 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lh</span></span>, |
| 18513 | contains include directives (if <span class= |
| 18514 | "Keyword"><i><span style= |
| 18515 | 'font-size: 10.0pt;font-family:Arial;color:windowtext'>M</span></i></span> |
| 18516 | depends on other specified modules), prototypes of functions and |
| 18517 | declarations of variables as specified in <span class= |
| 18518 | "Keyword"><i><span style= |
| 18519 | 'font-size:10.0pt;font-family: Arial;color:windowtext'>M</span></i></span><span class="Keyword"> |
| 18520 | <span style= |
| 18521 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lcl</span></span>. |
| 18522 | The file <span class="Keyword"><i><span style= |
| 18523 | 'font-size:10.0pt;font-family:Arial; color:windowtext'>M</span></i></span><span class="Keyword"> |
| 18524 | <span style= |
| 18525 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span> |
| 18526 | should include <span class="Keyword"><i><span style= |
| 18527 | 'font-size:10.0pt;font-family: Arial;color:windowtext'>M</span></i></span><span class="Keyword"> |
| 18528 | <span style= |
| 18529 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lh</span></span> |
| 18530 | and retain the implementation aspects of the old <span class= |
| 18531 | "Keyword"><i><span style= |
| 18532 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>M</span></i></span><span class="Keyword"> |
| 18533 | <span style= |
| 18534 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>, |
| 18535 | but is no longer used for c<a name="_Ref348845779">lient |
| 18536 | documentation.</a></p> |
| 18537 | <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'> |
| 18538 | <a name="_Toc534975076">Specification Flags</a></p> |
| 18539 | <p class="TextFontCX">These flags are relevant only when Splint is |
| 18540 | used with LCL specifications.</p> |
| 18541 | <p class="Heading10">Global Flags</p> |
| 18542 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18543 | 'font-size:10.0pt'>lcs</span></span></p> |
| 18544 | <p class="IndentText">Generate <span class= |
| 18545 | "Keyword"><span style='font-size:10.0pt; font-family:Arial;color:windowtext'> |
| 18546 | .lcs</span></span> files containing symbolic state of |
| 18547 | <span class="Keyword"><span style= |
| 18548 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lcl</span></span> |
| 18549 | files (used for imports). By default <span class= |
| 18550 | "Keyword"><span style= |
| 18551 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lcs</span></span> |
| 18552 | files are generated for each <span class= |
| 18553 | "Keyword"><span style='font-size:10.0pt; font-family:Arial;color:windowtext'> |
| 18554 | .lcl</span></span> file processed. Use <span class= |
| 18555 | "Flag"><span style='font-size:10.0pt'>-lcs</span></span> to prevent |
| 18556 | generation of <span class="Keyword"><span style= |
| 18557 | 'font-size:10.0pt;font-family: Arial;color:windowtext'>.lcs</span></span> |
| 18558 | files.</p> |
| 18559 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18560 | 'font-size:10.0pt'>lh</span></span></p> |
| 18561 | <p class="IndentText">Generate <span class= |
| 18562 | "Keyword"><span style='font-size:10.0pt; font-family:Arial;color:windowtext'> |
| 18563 | .lh</span></span> files. By default, <span class= |
| 18564 | "Flag"><span style='font-size:10.0pt'>-lh</span></span> is set and |
| 18565 | no <span class="Keyword"><span style= |
| 18566 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lh</span></span> |
| 18567 | files are generated. Use <span class= |
| 18568 | "Flag"><span style='font-size:10.0pt'>+lh</span></span> to |
| 18569 | enable <span class="Flag"><span style= |
| 18570 | 'font-size:10.0pt'>.lh</span></span> file |
| 18571 | generation. </p> |
| 18572 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18573 | 'font-size:10.0pt'>i</span></span> <span class= |
| 18574 | "Flag"><span style='font-size:10.0pt'><file></span></span></p> |
| 18575 | <p class="IndentText">Set LCL initialization file to |
| 18576 | <span class="Flag"><i><span style= |
| 18577 | 'font-size:10.0pt'><file></span></i></span>. The |
| 18578 | LCL initialization file is read if any <span class= |
| 18579 | "Keyword"><span style= |
| 18580 | 'font-size: 10.0pt;font-family:Arial;color:windowtext'>.lcl</span></span> |
| 18581 | files are listed on the command line. The default file |
| 18582 | is <span class="Keyword"><span style= |
| 18583 | 'font-size:10.0pt;font-family:Arial;color:windowtext'>lclinit.lci</span></span>, |
| 18584 | found on the <span class="Keyword"><span style= |
| 18585 | 'font-size:10.0pt;font-family: Arial;color:windowtext'>LARCH_PATH</span></span>.</p> |
| 18586 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18587 | 'font-size:10.0pt'>lclexpect</span></span> <span class= |
| 18588 | "Flag"><span style= |
| 18589 | 'font-size:10.0pt'><i><number></i></span></span></p> |
| 18590 | <p class="IndentText">Exactly <span class= |
| 18591 | "Flag"><i><span style='font-size:10.0pt'><number></span></i></span> |
| 18592 | specification errors are expected. Specification errors |
| 18593 | are errors detected when checking the specifications. |
| 18594 | They do not depend on the source code.</p> |
| 18595 | <p class="Heading10">Implicit Globals Checking Qualifiers</p> |
| 18596 | <div> |
| 18597 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18598 | height="14" align="left"> |
| 18599 | <tr> |
| 18600 | <td valign="top" align="left" height="14" style= |
| 18601 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18602 | <p class="TextFontCX" align="center" style= |
| 18603 | 'text-align:center;background:#CCCCCC'><span style= |
| 18604 | 'font-size:10.0pt'>m:</span><span class= |
| 18605 | "Keyword"><span style='font-size:10.0pt'>-++-</span></span></p></td></tr></table></div> |
| 18606 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18607 | 'font-size:10.0pt'>imp-checked-spec-globs</span></span></p> |
| 18608 | <p class="IndentText">Implicit <span class= |
| 18609 | "Annot"><span style='font-size:10.0pt'>checked</span></span> |
| 18610 | qualifier on global variables specified in an LCL file with |
| 18611 | no checking annotation.</p> |
| 18612 | <div> |
| 18613 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18614 | height="14" align="left"> |
| 18615 | <tr> |
| 18616 | <td valign="top" align="left" height="14" style= |
| 18617 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18618 | <p class="TextFontCX" align="center" style= |
| 18619 | 'text-align:center;background:#CCCCCC'><span style= |
| 18620 | 'font-size:10.0pt'>m:</span><span class= |
| 18621 | "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div> |
| 18622 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18623 | 'font-size:10.0pt'>imp-checkmod-spec-globs</span></span></p> |
| 18624 | <div> |
| 18625 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18626 | height="14" align="left"> |
| 18627 | <tr> |
| 18628 | <td valign="top" align="left" height="14" style= |
| 18629 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18630 | <p class="TextFontCX" align="center" style= |
| 18631 | 'text-align:center;background:#CCCCCC'><span style= |
| 18632 | 'font-size:10.0pt'>m:</span><span class= |
| 18633 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 18634 | <p class="IndentText">Implicit <span class= |
| 18635 | "Annot"><span style='font-size:10.0pt'>checkmod</span></span> |
| 18636 | qualifier on global variables specified in an LCL file with |
| 18637 | no checking annotation.</p> |
| 18638 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18639 | 'font-size:10.0pt'>imp-checkedstrict-spec-globs</span></span></p> |
| 18640 | <p class="IndentText">Implicit <span class= |
| 18641 | "Annot"><span style='font-size:10.0pt'>checked</span></span> |
| 18642 | qualifier on global variables specified in an LCL file with |
| 18643 | no checking annotation.</p> |
| 18644 | <div> |
| 18645 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18646 | height="14" align="left"> |
| 18647 | <tr> |
| 18648 | <td valign="top" align="left" height="14" style= |
| 18649 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18650 | <p class="TextFontCX" align="center" style= |
| 18651 | 'text-align:center;background:#CCCCCC'><span style= |
| 18652 | 'font-size:10.0pt'>P:</span> <span class= |
| 18653 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 18654 | <p class="Heading10">Implicit Annotations</p> |
| 18655 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18656 | 'font-size:10.0pt'>spec-glob-imp-only</span></span></p> |
| 18657 | <p class="IndentText">Implicit <span class= |
| 18658 | "Annot"><span style='font-size:10.0pt'>only</span></span> |
| 18659 | annotation on global variable declaration in an LCL file with |
| 18660 | no allocation annotation.</p> |
| 18661 | <div> |
| 18662 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18663 | height="14" align="left"> |
| 18664 | <tr> |
| 18665 | <td valign="top" align="left" height="14" style= |
| 18666 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18667 | <p class="TextFontCX" align="center" style= |
| 18668 | 'text-align:center;background:#CCCCCC'><span style= |
| 18669 | 'font-size:10.0pt'>P:</span> <span class= |
| 18670 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 18671 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18672 | 'font-size:10.0pt'>spec-ret-imp-only</span></span></p> |
| 18673 | <p class="IndentText">Implicit <span class= |
| 18674 | "Annot"><span style='font-size:10.0pt'>only</span></span> |
| 18675 | annotation on return value declaration in an LCL file with no |
| 18676 | allocation annotation.</p> |
| 18677 | <div> |
| 18678 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18679 | height="14" align="left"> |
| 18680 | <tr> |
| 18681 | <td valign="top" align="left" height="14" style= |
| 18682 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18683 | <p class="TextFontCX" align="center" style= |
| 18684 | 'text-align:center;background:#CCCCCC'><span style= |
| 18685 | 'font-size:10.0pt'>P:</span> <span class= |
| 18686 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 18687 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18688 | 'font-size:10.0pt'>spec-struct-imp-only</span></span></p> |
| 18689 | <p class="IndentText">Implicit <span class= |
| 18690 | "Annot"><span style='font-size:10.0pt'>only</span></span> |
| 18691 | annotation on structure field declarations in an LCL file |
| 18692 | with no allocation annotation.</p> |
| 18693 | <div> |
| 18694 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18695 | height="14" align="left"> |
| 18696 | <tr> |
| 18697 | <td valign="top" align="left" height="14" style= |
| 18698 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18699 | <p class="TextFontCX" align="center" style= |
| 18700 | 'text-align:center;background:#CCCCCC'><span style= |
| 18701 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 18702 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18703 | 'font-size:10.0pt'>spec-imp-only</span></span></p> |
| 18704 | <p class="IndentText">Sets <span class="Flag"><span style= |
| 18705 | 'font-size:10.0pt'>spec-glob-imp-only</span></span>, |
| 18706 | <span class="Flag"><span style= |
| 18707 | 'font-size:10.0pt'>spec-ret-imp-only</span></span> and |
| 18708 | <span class="Flag"><span style= |
| 18709 | 'font-size:10.0pt'>spec-struct-imp-only</span></span>.</p> |
| 18710 | <p class="Heading10">Macro Expansion</p> |
| 18711 | <div> |
| 18712 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18713 | height="14" align="left"> |
| 18714 | <tr> |
| 18715 | <td valign="top" align="left" height="14" style= |
| 18716 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18717 | <p class="TextFontCX" align="center" style= |
| 18718 | 'text-align:center;background:#CCCCCC'><span style= |
| 18719 | 'font-size:10.0pt'>P:</span> <span class= |
| 18720 | "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div> |
| 18721 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18722 | 'font-size:10.0pt'>spec-macros</span></span></p> |
| 18723 | <p class="IndentText">Macros defining specified identifiers are not |
| 18724 | expanded and are checked according to the |
| 18725 | specification.<span class="Flag"><span style= |
| 18726 | 'font-size:10.0pt'> </span></span></p> |
| 18727 | <div> |
| 18728 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18729 | height="14" align="left"> |
| 18730 | <tr> |
| 18731 | <td valign="top" align="left" height="14" style= |
| 18732 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18733 | <p class="TextFontCX" align="center" style= |
| 18734 | 'text-align:center;background:#CCCCCC'><span style= |
| 18735 | 'font-size:10.0pt'>m:</span><span class= |
| 18736 | "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div> |
| 18737 | <p class="Heading10">Complete Programs and Specifications</p> |
| 18738 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18739 | 'font-size:10.0pt'>spec-undef</span></span></p> |
| 18740 | <p class="IndentText">Function, variable, iterator or constant |
| 18741 | specified but never defined.</p> |
| 18742 | <div> |
| 18743 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18744 | height="14" align="left"> |
| 18745 | <tr> |
| 18746 | <td valign="top" align="left" height="14" style= |
| 18747 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18748 | <p class="TextFontCX" align="center" style= |
| 18749 | 'text-align:center;background:#CCCCCC'><span style= |
| 18750 | 'font-size:10.0pt'>P:</span> <span class= |
| 18751 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 18752 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18753 | 'font-size:10.0pt'>spec-undecl</span></span></p> |
| 18754 | <p class="IndentText">Function, variable, iterator or constant |
| 18755 | specified but never declared.</p> |
| 18756 | <div> |
| 18757 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18758 | height="14" align="left"> |
| 18759 | <tr> |
| 18760 | <td valign="top" align="left" height="14" style= |
| 18761 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18762 | <p class="TextFontCX" align="center" style= |
| 18763 | 'text-align:center;background:#CCCCCC'><span style= |
| 18764 | 'font-size:10.0pt'>P:</span> <span class= |
| 18765 | "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div> |
| 18766 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18767 | 'font-size:10.0pt'>need-spec</span></span></p> |
| 18768 | <div> |
| 18769 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18770 | height="14" align="left"> |
| 18771 | <tr> |
| 18772 | <td valign="top" align="left" height="14" style= |
| 18773 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18774 | <p class="TextFontCX" align="center" style= |
| 18775 | 'text-align:center;background:#CCCCCC'><span style= |
| 18776 | 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div> |
| 18777 | <p class="IndentText">There is information in the specification |
| 18778 | that is not duplicated in syntactic comments. Normally, this |
| 18779 | is not an error, but it may be useful to detect it to make sure |
| 18780 | checking incomplete systems without the specifications will still |
| 18781 | use this information.</p> |
| 18782 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18783 | 'font-size:10.0pt'>export-any</span></span></p> |
| 18784 | <div> |
| 18785 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18786 | height="14" align="left"> |
| 18787 | <tr> |
| 18788 | <td valign="top" align="left" height="14" style= |
| 18789 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18790 | <p class="TextFontCX" align="center" style= |
| 18791 | 'text-align:center;background:#CCCCCC'><span style= |
| 18792 | 'font-size:10.0pt'>m:</span><span class= |
| 18793 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 18794 | <p class="IndentText">An error is reported for any identifier that |
| 18795 | is exported but not specified. (Sets all export flags |
| 18796 | below.)</p> |
| 18797 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18798 | 'font-size:10.0pt'>export-const</span></span></p> |
| 18799 | <p class="IndentText">Constant exported but not specified.</p> |
| 18800 | <div> |
| 18801 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18802 | height="14" align="left"> |
| 18803 | <tr> |
| 18804 | <td valign="top" align="left" height="14" style= |
| 18805 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18806 | <p class="TextFontCX" align="center" style= |
| 18807 | 'text-align:center;background:#CCCCCC'><span style= |
| 18808 | 'font-size:10.0pt'>m:</span><span class= |
| 18809 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 18810 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18811 | 'font-size:10.0pt'>export-var</span></span></p> |
| 18812 | <p class="IndentText">Variable exported but not specified.</p> |
| 18813 | <div> |
| 18814 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18815 | height="14" align="left"> |
| 18816 | <tr> |
| 18817 | <td valign="top" align="left" height="14" style= |
| 18818 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18819 | <p class="TextFontCX" align="center" style= |
| 18820 | 'text-align:center;background:#CCCCCC'><span style= |
| 18821 | 'font-size:10.0pt'>m:</span><span class= |
| 18822 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 18823 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18824 | 'font-size:10.0pt'>export-fcn</span></span></p> |
| 18825 | <p class="IndentText">Function exported but not specified.</p> |
| 18826 | <div> |
| 18827 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18828 | height="14" align="left"> |
| 18829 | <tr> |
| 18830 | <td valign="top" align="left" height="14" style= |
| 18831 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18832 | <p class="TextFontCX" align="center" style= |
| 18833 | 'text-align:center;background:#CCCCCC'><span style= |
| 18834 | 'font-size:10.0pt'>m:</span><span class= |
| 18835 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 18836 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18837 | 'font-size:10.0pt'>export-iter</span></span></p> |
| 18838 | <p class="IndentText">Iterator exported but not specified.</p> |
| 18839 | <div> |
| 18840 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18841 | height="14" align="left"> |
| 18842 | <tr> |
| 18843 | <td valign="top" align="left" height="14" style= |
| 18844 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18845 | <p class="TextFontCX" align="center" style= |
| 18846 | 'text-align:center;background:#CCCCCC'><span style= |
| 18847 | 'font-size:10.0pt'>m:</span><span class= |
| 18848 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 18849 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18850 | 'font-size:10.0pt'>export-macro</span></span></p> |
| 18851 | <p class="IndentText">An expanded macro exported but not |
| 18852 | specified</p> |
| 18853 | <div> |
| 18854 | <table cellspacing="0" cellpadding="0" hspace="0" vspace="0" |
| 18855 | height="14" align="left"> |
| 18856 | <tr> |
| 18857 | <td valign="top" align="left" height="14" style= |
| 18858 | 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'> |
| 18859 | <p class="TextFontCX" align="center" style= |
| 18860 | 'text-align:center;background:#CCCCCC'><span style= |
| 18861 | 'font-size:10.0pt'>m:</span><span class= |
| 18862 | "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div> |
| 18863 | <p class="TextFontCX"><span class="Flag"><span style= |
| 18864 | 'font-size:10.0pt'>export-type</span></span></p> |
| 18865 | <p class="IndentText">Type definition exported but not |
| 18866 | specified</p> |
| 18867 | <p class="MsoHeading7" style='margin-left:0in;text-indent:0in'> |
| 18868 | <a name="_Toc534975077"></a><a name="_Ref534642451"></a><a name= |
| 18869 | "_Toc344355450">Appendix E<span style= |
| 18870 | 'font:7.0pt "Times New Roman"'> </span> |
| 18871 | <a id="annotated" name="annotated"> |
| 18872 | Annotated Bibliography</a></a></p> |
| 18873 | <h4 style='margin-left:0in;text-indent:0in'>Splint</h4> |
| 18874 | <p class="TextFontCX">All of these papers are available at |
| 18875 | <span style='font-size:10.0pt;font-family:Arial'><a href= |
| 18876 | "http://www.splint.org/publications/">http://www.splint.org/publications/</a></span>. </p> |
| 18877 | <p class="TextFontCX"> </p> |
| 18878 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18879 | [Barker01] Chris Barker. <i>Static Error Checking of C Applications |
| 18880 | Ported from UNIX to WIN32 Systems Using LCLint</i>. Senior Thesis, |
| 18881 | University of Virginia Deptartment of Computer Science. May |
| 18882 | 2001.</p> |
| 18883 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18884 | </p> |
| 18885 | <p class="IndentText">Describes annotations and checks useful for |
| 18886 | porting applications.</p> |
| 18887 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18888 | </p> |
| 18889 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18890 | [Evans94] David Evans. <i>Using specifications to check source |
| 18891 | code</i>. MIT/LCS/TR 628, Laboratory for Computer Science, |
| 18892 | MIT, June 1994.</p> |
| 18893 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18894 | </p> |
| 18895 | <p class="IndentText">MIT SM Thesis. Describes research |
| 18896 | behind Splint, focusing on how specifications can be exploited to |
| 18897 | do lightweight checking. Includes case studies using |
| 18898 | LCLint.</p> |
| 18899 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18900 | </p> |
| 18901 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18902 | [EGHT94] David Evans, John Guttag, Jim Horning and Yang Meng |
| 18903 | Tan. <i>LCL</i><i>int: A tool for using specifications to |
| 18904 | check code</i>. SIGSOFT Symposium on the Foundations of |
| 18905 | Software Engineering, December 1994.</p> |
| 18906 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18907 | </p> |
| 18908 | <p class="IndentText">Somewhat obsolete introduction to |
| 18909 | LCLint. Shows how LCLint is used to find errors in a sample |
| 18910 | program.</p> |
| 18911 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18912 | </p> |
| 18913 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18914 | [Evans96] David Evans. <i>Static Detection of Dynamic Memory |
| 18915 | Errors</i>. SIGPLAN Conference on Programming Language Design |
| 18916 | and Implementation (PLDI ’96), Philadelphia, PA., May |
| 18917 | 1996.</p> |
| 18918 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18919 | </p> |
| 18920 | <p class="IndentText">Describes approach for exploiting annotations |
| 18921 | added to code to detect a wide class of errors. Focuses on |
| 18922 | memory management checks described in Section 5 of this |
| 18923 | manual. </p> |
| 18924 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18925 | </p> |
| 18926 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18927 | [Evans00] David Evans. <i>Annotation-Assisted Lightweight |
| 18928 | Static Checking. </i> First International Workshop on |
| 18929 | Automated Program Analysis, Testing and Verification. |
| 18930 | February, 2000.</p> |
| 18931 | <p class="IndentText"> </p> |
| 18932 | <p class="IndentText">Short position paper describing research |
| 18933 | agenda behind Splint.</p> |
| 18934 | <p class="IndentText" style='margin-left:0in'> </p> |
| 18935 | <p class="IndentText" style='margin-left:0in'>[Evans02] David Evans |
| 18936 | and David Larochelle. <i>Improving Security Using Extensible |
| 18937 | Lightweight Static Analysis</i>. IEEE Software, Jan/Feb |
| 18938 | 2002.</p> |
| 18939 | <p class="IndentText" style='margin-left:0in'> </p> |
| 18940 | <p class="IndentText">Most security attacks exploit instances of |
| 18941 | well-known classes of implementations flaws. This article |
| 18942 | describes how Splint can be used to detect common security |
| 18943 | vulnerabilities (including buffer overflows and format string |
| 18944 | vulnerabilities).</p> |
| 18945 | <p class="IndentText"> </p> |
| 18946 | <p class="IndentText" style='margin-left:0in'>[Larochelle01] David |
| 18947 | Larochelle and David Evans. Statically Detecting Likely |
| 18948 | Buffer Overflow Vulnerabilities. 2001 USENIX Security |
| 18949 | Symposium, Washington, D. C., August 13-17, 2001. </p> |
| 18950 | <p class="IndentText"> </p> |
| 18951 | <p class="IndentText">Buffer overflow attacks may be today's single |
| 18952 | most important security threat. This paper describes how Splint can |
| 18953 | be used to detect likely vulnerabilities through an analysis of the |
| 18954 | program source code and presents experience using our approach to |
| 18955 | detect buffer overflow vulnerabilities in two security-sensitive |
| 18956 | programs.</p> |
| 18957 | <p class="IndentText"> </p> |
| 18958 | <h4 style='margin-left:0in;text-indent:0in'>C</h4> |
| 18959 | <p class="TextFontCX" align="left" style='text-align: left'>[ISO99] |
| 18960 | International Standard ISO/IEC 9899. <i>Programming languages |
| 18961 | – C.</i> Second edition. December 1999.</p> |
| 18962 | <p class="IndentText"> </p> |
| 18963 | <p class="IndentText">International standard specification for C |
| 18964 | programming language. Approved by ANSI May 2000.</p> |
| 18965 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18966 | </p> |
| 18967 | <p class="TextFontCX" align="left" style='text-align: left'>[KR88] |
| 18968 | Brian W. Kernighan and Dennis M. Ritchie. <i>The C |
| 18969 | Programming Language</i>, second edition. Prentice Hall, New |
| 18970 | Jersey, 1988.</p> |
| 18971 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18972 | </p> |
| 18973 | <p class="IndentText">Standard reference for ANSI C. If you |
| 18974 | haven’t heard of this one, you probably didn’t get this |
| 18975 | far (unless you started at the back).</p> |
| 18976 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18977 | </p> |
| 18978 | <p class="TextFontCX" align="left" style='text-align: left'>[vdL94] |
| 18979 | Peter van der Linden. <i>Expert C Programming: Deep C |
| 18980 | Secrets</i>. SunSoft Press, Prentice Hall, New Jersey, |
| 18981 | 1994.</p> |
| 18982 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 18983 | </p> |
| 18984 | <p class="IndentText">Filled with useful information on the darker |
| 18985 | corners of C, as well as lots of industry anecdotes and |
| 18986 | humor. Splint’s reserved name checking is loosely based |
| 18987 | on the list of reserved names in this book.</p> |
| 18988 | <h4 style='margin-left:0in;text-indent:0in'>Methodology</h4> |
| 18989 | <p class="TextFontCX" align="left" style='text-align: left'>[GH93] |
| 18990 | John Guttag and James Horning with Stephen J. Garland, Kevin D. |
| 18991 | Jones, Andrés Modet, and Jeannette M. Wing. <i>Larch: |
| 18992 | Languages and Tools for Formal Specification</i>. Springer-Verlag, |
| 18993 | Texts and Monographs in Computer Science, 1993.</p> |
| 18994 | <p class="IndentText"> </p> |
| 18995 | <p class="IndentText">Overview of the Larch family of specification |
| 18996 | languages and related tools. Includes a chapter on LCL, the |
| 18997 | Larch C interface language, on which Splint is based.</p> |
| 18998 | <p class="IndentText" style='margin-left:0in'> </p> |
| 18999 | <p class="TextFontCX" align="left" style='text-align: left'>[LG86] |
| 19000 | Barbara Liskov and John Guttag. <i>Abstraction and |
| 19001 | Specification in Program Development</i>, MIT Press, Cambridge, MA, |
| 19002 | 1986.</p> |
| 19003 | <p class="IndentText"> </p> |
| 19004 | <p class="IndentText">Describes a programming methodology using |
| 19005 | abstract types and specified interfaces. Much of the |
| 19006 | methodology upon which Splint is based comes from this book. |
| 19007 | Uses the CLU programming language. </p> |
| 19008 | <p class="IndentText"> </p> |
| 19009 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 19010 | [Liskov01] Barbara Liskov with John Guttag. <i>Program |
| 19011 | Development in Java</i>, Addison Wesley, 2001.</p> |
| 19012 | <p class="IndentText"> </p> |
| 19013 | <p class="IndentText">An updated version of [LG86] for the Java |
| 19014 | programming language. </p> |
| 19015 | <p class="IndentText"> </p> |
| 19016 | <p class="TextFontCX" align="left" style='text-align: left'>[Tan95] |
| 19017 | Yang Meng Tan. <i>Formal Specification Techniques for |
| 19018 | Engineering Modular C</i>. Kluwer International Series in |
| 19019 | Software Engineering, Volume 1, Kluwer Academic Publishers, Boston, |
| 19020 | 1995.</p> |
| 19021 | <p class="MsoNormal" align="left" style='text-align:left'> |
| 19022 | </p> |
| 19023 | <p class="IndentText">Modified and updated version of MIT Ph D |
| 19024 | thesis, previously published as MIT/LCS/TR-619, 1994. |
| 19025 | Includes presentation of the semantics of LCL and a case study |
| 19026 | using LCL.</p> |
| 19027 | <p class="IndentText" style='margin-left:0in'> </p> |
| 19028 | <h4 style='margin-left:0in;text-indent:0in'>Secure Programming</h4> |
| 19029 | <p class="TextFontCX" align="left" style='text-align: left'>[Hat95] |
| 19030 | Les Hatton. <i>Safer C: Developing Software for |
| 19031 | High-integrity and Safety-critical Systems</i>. McGraw-Hill |
| 19032 | International Series in Software Engineering, 1995.</p> |
| 19033 | <p class="TextFontCX" align="left" style='text-align: left'> |
| 19034 | </p> |
| 19035 | <p class="IndentText">A broad work on all aspects of developing |
| 19036 | safety-critical software, focusing on the C language. |
| 19037 | Provides good justification for the use of C in safety-critical |
| 19038 | systems, and the necessity of tool-supported programming |
| 19039 | standards. Splint users will be interested to see how many of |
| 19040 | the errors listed as only being dynamically detectable can be |
| 19041 | detected statically by Splint.</p> |
| 19042 | <p class="IndentText" style='margin-left:0in'> </p> |
| 19043 | <p class="IndentText" style='margin-left:0in'>[VM02] John Viega and |
| 19044 | Gary McGraw. <i>Building Secure Software: How to Avoid |
| 19045 | Security Problems the</i> <i>Right Way</i><i>.</i> |
| 19046 | Addison-Wesley, 2002.</p> |
| 19047 | <p class="IndentText">A comprehensive survey of techniques and |
| 19048 | principles for building secure programs.</p> |
| 19049 | <p class="IndentText" style='margin-left:0in'> </p> |
| 19050 | <p class="IndentText" style='margin-left:0in'>See also [Evans02] |
| 19051 | and |
| 19052 | [Larochelle01].</p></center></center></center></center></center></center></center></center></center></center></center></div> |
| 19053 | <span style= |
| 19054 | 'font-size:11.0pt;font-family:"Times New Roman"'><br clear="all" |
| 19055 | style='page-break-before:right'></span> |
| 19056 | |
| 19057 | <span style= |
| 19058 | 'font-size:11.0pt;font-family:"Times New Roman"'><br clear="all" |
| 19059 | style='page-break-before:auto'></span> |
| 19060 | <div class="Section8"> |
| 19061 | <p class="IndentText"> </p></div> |
| 19062 | <div><br clear="all"> |
| 19063 | |
| 19064 | <hr align="left" size="1" width="33%"> |
| 19065 | <div id="ftn1"> |
| 19066 | <p class="MsoFootnoteText"><a href="#_ftnref1" name="_ftn1" |
| 19067 | title=""><span class="MsoFootnoteReference"><span class= |
| 19068 | "MsoFootnoteReference"><span style= |
| 19069 | 'font-size:10.0pt;font-family:"Times New Roman"'>[1]</span></span></span></a> |
| 19070 | Lint is a common programming tool for detecting anomalies in C |
| 19071 | programs. S. C. Johnson developed the original lint in the |
| 19072 | late seventies, mainly because early versions of C did not |
| 19073 | support function prototypes. Splint was originally named |
| 19074 | LCLint because it was originally intended to check for |
| 19075 | inconsistencies between LCL specifications and C |
| 19076 | implementations. To reflect divergence from LCL and |
| 19077 | increased focus on detecting security vulnerabilities, the name |
| 19078 | was changed to Splint, short for “Specification |
| 19079 | Lint” and “Secure Programming Lint”.</p></div> |
| 19080 | <div id="ftn2"> |
| 19081 | <p class="MsoFootnoteText"><a href="#_ftnref2" name="_ftn2" |
| 19082 | title=""><span class="MsoFootnoteReference"><span class= |
| 19083 | "MsoFootnoteReference"><span style= |
| 19084 | 'font-size:10.0pt;font-family:"Times New Roman"'>[2]</span></span></span></a> |
| 19085 | The meta-notation, <span class="Annot">item,<sup>+</sup></span> |
| 19086 | is used to denote a comma separated list of items. For |
| 19087 | example, |
| 19088 | |
| 19089 | <span class="Annot">/*@access mstring, intSet@*/</span></p> |
| 19090 | <p class="MsoFootnoteText">allows access to the representations of |
| 19091 | both <span class="CodeText">mstring</span> and <span class= |
| 19092 | "CodeText">intSet</span>.) </p></div> |
| 19093 | <div id="ftn3"> |
| 19094 | <p class="MsoFootnoteText"><a href="#_ftnref3" name="_ftn3" |
| 19095 | title=""><span class="MsoFootnoteReference"><span class= |
| 19096 | "MsoFootnoteReference"><span style= |
| 19097 | 'font-size:10.0pt;font-family:"Times New Roman"'>[3]</span></span></span></a> |
| 19098 | This section is largely based on [Evans96]. It |
| 19099 | semi-formally defines some of the terms needed to describe |
| 19100 | memory management checking; if you are satisfied with an |
| 19101 | intuitive understanding of these terms, this section may be |
| 19102 | skipped.</p></div> |
| 19103 | <div id="ftn4"> |
| 19104 | <p class="MsoFootnoteText"><a href="#_ftnref4" name="_ftn4" |
| 19105 | title=""><span class="MsoFootnoteReference"><span class= |
| 19106 | "MsoFootnoteReference"><span style= |
| 19107 | 'font-size:10.0pt;font-family:"Times New Roman"'>[4]</span></span></span></a> |
| 19108 | This is similar to the LISP storage model, except that objects |
| 19109 | are typed.</p></div> |
| 19110 | <div id="ftn5"> |
| 19111 | <p class="TextFontCX"><a href="#_ftnref5" name="_ftn5" title= |
| 19112 | ""><span class="MsoFootnoteReference"><span class= |
| 19113 | "MsoFootnoteReference"><span style= |
| 19114 | 'font-size:11.0pt;font-family:"Times New Roman"'>[5]</span></span></span></a> |
| 19115 | <span style='font-size:10.0pt'>Except</span> <span class= |
| 19116 | "CodeText"><span style= |
| 19117 | 'font-size:10.0pt'>sizeof</span></span><span style= |
| 19118 | 'font-size:10.0pt'>, which does not need the value of its |
| 19119 | argument.</span></p></div> |
| 19120 | <div id="ftn6"> |
| 19121 | <p class="TextFontCX"><a href="#_ftnref6" name="_ftn6" title= |
| 19122 | ""><span class="MsoFootnoteReference"><span class= |
| 19123 | "MsoFootnoteReference"><span style= |
| 19124 | 'font-size:11.0pt;font-family:"Times New Roman"'>[6]</span></span></span></a> |
| 19125 | If the storage is not assigned to a reference, an internal |
| 19126 | reference is created to track the storage.</p></div> |
| 19127 | <div id="ftn7"> |
| 19128 | <p class="MsoFootnoteText"><a href="#_ftnref7" name="_ftn7" |
| 19129 | title=""><span class="MsoFootnoteReference"><span class= |
| 19130 | "MsoFootnoteReference"><span style= |
| 19131 | 'font-size:10.0pt;font-family:"Times New Roman"'>[7]</span></span></span></a> |
| 19132 | The declaration of <span class="CodeText">free</span> has a |
| 19133 | <span class="Annot">null</span> annotation on the parameter |
| 19134 | to indicate that the argument may be <span class= |
| 19135 | "CodeText">NULL</span>. According to [ISO, 7.20.3.2], |
| 19136 | <span class="CodeText">NULL</span> may be passed to |
| 19137 | <span class="CodeText">free</span> without no action. |
| 19138 | On some UNIX platforms, passing <span class= |
| 19139 | "CodeText">NULL</span> to free causes a program crash so the |
| 19140 | UNIX version of the standard library specifies <span class= |
| 19141 | "CodeText">free</span> without the <span class= |
| 19142 | "Annot">null</span> annotation on its parameter. To check |
| 19143 | that allocated objects are completely destroyed (e.g., all |
| 19144 | unshared objects inside a structure are deallocated before |
| 19145 | the structure is deallocated), Splint checks that any |
| 19146 | parameter passed as an <span class="CodeText">out only void |
| 19147 | *</span> does not contain references to live, unshared |
| 19148 | objects. This makes sense, since such a parameter could |
| 19149 | not be used sensibly in any way other than deallocating its |
| 19150 | storage.</p></div> |
| 19151 | <div id="ftn8"> |
| 19152 | <p class="MsoFootnoteText"><a href="#_ftnref8" name="_ftn8" |
| 19153 | title=""><span class="MsoFootnoteReference"><span class= |
| 19154 | "MsoFootnoteReference"><span style= |
| 19155 | 'font-size:10.0pt;font-family:"Times New Roman"'>[8]</span></span></span></a> |
| 19156 | In versions of Splint before 3.0, the <span class= |
| 19157 | "Annot">noreturn</span> annotation was named <span class= |
| 19158 | "Annot">exits</span>. The <span class= |
| 19159 | "Annot">noreturn</span> annotation means the same thing, but is |
| 19160 | a more appropriate name. For legacy code, Splint still |
| 19161 | supports the <span class="Annot">exits</span> annotations. |
| 19162 | Similarly, <span class="Annot">maynotreturn</span> replaces |
| 19163 | <span class="Annot">mayexit</span>, <span class= |
| 19164 | "Annot">noreturnwhentrue</span> replaces <span class= |
| 19165 | "Annot">truexit</span> and <span class= |
| 19166 | "Annot">noreturnwhenfalse</span> replaces <span class= |
| 19167 | "Annot">falseexit</span>.</p></div> |
| 19168 | <div id="ftn9"> |
| 19169 | <p class="MsoFootnoteText"><a href="#_ftnref9" name="_ftn9" |
| 19170 | title=""><span class="MsoFootnoteReference"><span class= |
| 19171 | "MsoFootnoteReference"><span style= |
| 19172 | 'font-size:10.0pt;font-family:"Times New Roman"'>[9]</span></span></span></a>The |
| 19173 | <span class="Annot">sef</span> annotation denotes a parameter as |
| 19174 | side effect free (see Section 11.2.1). We use |
| 19175 | <span class="CodeText">bool /*@alt int@*/</span> as the type |
| 19176 | of the parameter, to indicate that it may be either a Boolean |
| 19177 | or an integer.</p></div> |
| 19178 | <div id="ftn10"> |
| 19179 | <p class="MsoFootnoteText"><a href="#_ftnref10" name="_ftn10" |
| 19180 | title=""><span class="MsoFootnoteReference"><span class= |
| 19181 | "MsoFootnoteReference"><span style= |
| 19182 | 'font-size:10.0pt;font-family:"Times New Roman"'>[10]</span></span></span></a> |
| 19183 | Peter van der Linden estimates that default fall through is the |
| 19184 | wrong behavior 97% of the time. [vdL95, p. 37]</p></div> |
| 19185 | <div id="ftn11"> |
| 19186 | <p class="MsoFootnoteText"><a href="#_ftnref11" name="_ftn11" |
| 19187 | title=""><span class="MsoFootnoteReference"><span class= |
| 19188 | "MsoFootnoteReference"><span style= |
| 19189 | 'font-size:10.0pt;font-family:"Times New Roman"'>[11]</span></span></span></a> |
| 19190 | “Software Glitch Cripples AT&T Network”, |
| 19191 | Telephony, 22 January 1990.</p></div> |
| 19192 | <div id="ftn12"> |
| 19193 | <p class="MsoFootnoteText"><a href="#_ftnref12" name="_ftn12" |
| 19194 | title=""><span class="MsoFootnoteReference"><span class= |
| 19195 | "MsoFootnoteReference"><span style= |
| 19196 | 'font-size:10.0pt;font-family:"Times New Roman"'>[12]</span></span></span></a> |
| 19197 | See [Larochelle01] for information on internal aspects of the |
| 19198 | checking.</p></div> |
| 19199 | <div id="ftn13"> |
| 19200 | <p class="MsoFootnoteText"><a href="#_ftnref13" name="_ftn13" |
| 19201 | title=""><span class="MsoFootnoteReference"><span class= |
| 19202 | "MsoFootnoteReference"><span style= |
| 19203 | 'font-size:10.0pt;font-family:"Times New Roman"'>[13]</span></span></span></a> |
| 19204 | This section is largely based on [Evans02].</p></div> |
| 19205 | <div id="ftn14"> |
| 19206 | <p class="MsoFootnoteText"><a href="#_ftnref14" name="_ftn14" |
| 19207 | title=""><span class="MsoFootnoteReference"><span class= |
| 19208 | "MsoFootnoteReference"><span style= |
| 19209 | 'font-size:10.0pt;font-family:"Times New Roman"'>[14]</span></span></span></a> |
| 19210 | C. Cowan et al., <i>FormatGuard: Automatic Protection from |
| 19211 | printf Format String Vulnerabilities</i>. 10th Usenix |
| 19212 | Security Symposium, 2001.</p></div> |
| 19213 | <div id="ftn15"> |
| 19214 | <p class="MsoFootnoteText"><a href="#_ftnref15" name="_ftn15" |
| 19215 | title=""><span class="MsoFootnoteReference"><span class= |
| 19216 | "MsoFootnoteReference"><span style= |
| 19217 | 'font-size:10.0pt;font-family:"Times New Roman"'>[15]</span></span></span></a> |
| 19218 | To be completely correct, all the macro parameters should be |
| 19219 | evaluated before the macro has any side effects. Splint |
| 19220 | does not check this.</p></div> |
| 19221 | <div id="ftn16"> |
| 19222 | <p class="MsoFootnoteText"><a href="#_ftnref16" name="_ftn16" |
| 19223 | title=""><span class="MsoFootnoteReference"><span class= |
| 19224 | "MsoFootnoteReference"><span style= |
| 19225 | 'font-size:10.0pt;font-family:"Times New Roman"'>[16]</span></span></span></a> |
| 19226 | Functions that do not produce to the same result each time they |
| 19227 | are called with the same arguments should be declared to modify |
| 19228 | <span class="Annot">internalState</span> so they will lead to |
| 19229 | errors if they are passed as <span class="Annot">sef</span> |
| 19230 | parameters.</p></div> |
| 19231 | <div id="ftn17"> |
| 19232 | <p class="MsoFootnoteText"><a href="#_ftnref17" name="_ftn17" |
| 19233 | title=""><span class="MsoFootnoteReference"><span class= |
| 19234 | "MsoFootnoteReference"><span style= |
| 19235 | 'font-size:10.0pt;font-family:"Times New Roman"'>[17]</span></span></span></a> |
| 19236 | The most renowned C naming convention is the Hungarian naming |
| 19237 | convention, introduced by Charles Simonyi [Simonyi, Charles, and |
| 19238 | Martin Heller. “The Hungarian |
| 19239 | Revolution.” <i>BYTE</i>, August 1991, p. |
| 19240 | 131-38]. The names for Splint naming conventions follow |
| 19241 | the tradition of using Central European nationalities as |
| 19242 | mnemonics for naming conventions. The Splint conventions |
| 19243 | are similar to the Hungarian naming convention in that they |
| 19244 | encode type information in names, except that the Splint |
| 19245 | conventions encode the names of accessible abstract |
| 19246 | types instead of the type of the declaration of return |
| 19247 | value. Prefixes used in the Hungarian naming convention |
| 19248 | are not supported by Splint.</p> |
| 19249 | <p class="MsoFootnoteText"> </p></div> |
| 19250 | <div id="ftn18"> |
| 19251 | <p class="MsoFootnoteText"><a href="#_ftnref18" name="_ftn18" |
| 19252 | title=""><span class="MsoFootnoteReference"><span class= |
| 19253 | "MsoFootnoteReference"><span style= |
| 19254 | 'font-size:10.0pt;font-family:"Times New Roman"'>[18]</span></span></span></a> |
| 19255 | Of course, namespace prefixes should really be described by |
| 19256 | regular expressions. If there is sufficient interest (that |
| 19257 | is, someone volunteers to program it), regular expressions will |
| 19258 | be supported in a future version of Splint.</p></div> |
| 19259 | <div id="ftn19"> |
| 19260 | <p class="MsoFootnoteText"><a href="#_ftnref19" name="_ftn19" |
| 19261 | title=""><span class="MsoFootnoteReference"><span class= |
| 19262 | "MsoFootnoteReference"><span style= |
| 19263 | 'font-size:10.0pt;font-family:"Times New Roman"'>[19]</span></span></span></a> |
| 19264 | POSIX library was contributed by Jens |
| 19265 | Schweikhardt.</p></div></div> |
| 19266 | <!--#include virtual="footer.html"--> |
| 19267 | </body> |
| 19268 | </html> |
andersk / splint.git / blame