4 "HTML Tidy for Solaris (vers 1st March 2003), see www.w3.org"
6 <link rel="stylesheet" type="text/css" href=
7 "../manual.css" title="style1">
8 <title>Splint Manual</title>
9 <style type="text/css">
11 /* Font Definitions */
13 {font-family:Helvetica;
14 panose-1:2 11 5 4 2 2 2 2 2 4;}
17 panose-1:2 7 4 9 2 2 5 2 4 4;}
19 {font-family:"Tms Rmn";
20 panose-1:2 2 6 3 4 5 5 2 3 4;}
23 panose-1:2 11 6 4 2 2 2 3 2 4;}
25 {font-family:"New York";
26 panose-1:2 4 5 3 6 5 6 2 3 4;}
29 panose-1:0 0 0 0 0 0 0 0 0 0;}
31 {font-family:Wingdings;
32 panose-1:5 0 0 0 0 0 0 0 0 0;}
34 {font-family:"MS Mincho";
35 panose-1:2 2 6 9 4 2 5 8 3 4;}
38 panose-1:2 3 6 0 0 1 1 1 1 1;}
41 panose-1:2 1 6 0 3 1 1 1 1 1;}
43 {font-family:PMingLiU;
44 panose-1:2 1 6 1 0 1 1 1 1 1;}
46 {font-family:"MS Gothic";
47 panose-1:2 11 6 9 7 2 5 8 2 4;}
50 panose-1:2 11 6 0 0 1 1 1 1 1;}
53 panose-1:2 1 6 0 3 1 1 1 1 1;}
56 panose-1:2 1 6 9 0 1 1 1 1 1;}
59 panose-1:2 2 6 9 4 3 5 8 3 5;}
62 panose-1:2 11 6 0 0 1 1 1 1 1;}
65 panose-1:2 4 6 3 5 7 5 2 3 3;}
67 {font-family:"Angsana New";
68 panose-1:2 2 6 3 5 4 5 2 3 4;}
70 {font-family:"Cordia New";
71 panose-1:2 11 3 4 2 2 2 2 2 4;}
74 panose-1:0 0 4 0 0 0 0 0 0 0;}
77 panose-1:0 0 4 0 0 0 0 0 0 0;}
80 panose-1:1 10 5 2 5 3 6 3 3 3;}
83 panose-1:0 0 4 0 0 0 0 0 0 0;}
86 panose-1:0 0 4 0 0 0 0 0 0 0;}
89 panose-1:0 0 4 0 0 0 0 0 0 0;}
92 panose-1:0 0 4 0 0 0 0 0 0 0;}
95 panose-1:0 0 4 0 0 0 0 0 0 0;}
98 panose-1:0 0 4 0 0 0 0 0 0 0;}
100 {font-family:"Estrangella Edessa";
101 panose-1:0 0 0 0 0 0 0 0 0 0;}
103 {font-family:"Arial Unicode MS";
104 panose-1:0 0 0 0 0 0 0 0 0 0;}
107 panose-1:2 11 6 4 3 5 4 4 2 4;}
109 {font-family:"Book Antiqua";
110 panose-1:2 4 6 2 5 3 5 3 3 4;}
112 {font-family:"Arial Narrow";
113 panose-1:2 11 5 6 2 2 2 3 2 4;}
116 panose-1:0 0 0 0 0 0 0 0 0 0;}
118 {font-family:Marlett;
119 panose-1:0 0 0 0 0 0 0 0 0 0;}
121 {font-family:"News Gothic MT";
122 panose-1:2 11 5 4 2 2 3 2 2 4;}
124 {font-family:"Lucida Sans Unicode";
125 panose-1:2 11 6 2 3 5 4 2 2 4;}
127 {font-family:"Century Gothic";
128 panose-1:2 11 5 2 2 2 2 2 2 4;}
130 {font-family:"Abadi MT Condensed Light";
131 panose-1:2 11 3 6 3 1 1 1 1 3;}
133 {font-family:"Matisse ITC";
134 panose-1:4 4 4 3 3 13 2 2 7 4;}
136 {font-family:Westminster;
137 panose-1:4 4 5 6 3 15 2 2 7 2;}
139 {font-family:"Lucida Console";
140 panose-1:2 11 6 9 4 5 4 2 2 4;}
142 {font-family:"Arial Black";
143 panose-1:2 11 10 4 2 1 2 2 2 4;}
145 {font-family:"Comic Sans MS";
146 panose-1:3 15 7 2 3 3 2 2 2 4;}
148 {font-family:Verdana;
149 panose-1:2 11 6 4 3 5 4 4 2 4;}
151 {font-family:Webdings;
152 panose-1:5 3 1 2 1 5 9 6 7 3;}
154 {font-family:"Verdana Ref";
155 panose-1:2 11 6 4 3 5 4 4 2 4;}
157 {font-family:"Georgia Ref";
158 panose-1:2 4 5 2 5 4 5 2 3 3;}
160 {font-family:RefSpecialty;
161 panose-1:2 0 5 0 0 0 0 0 0 0;}
163 {font-family:"MS Reference 1";
164 panose-1:5 0 0 0 0 0 0 0 0 0;}
166 {font-family:"MS Reference 2";
167 panose-1:0 0 0 0 0 0 0 0 0 0;}
170 panose-1:0 0 4 0 0 0 0 0 0 0;}
172 {font-family:"Mediascape OSD Icon";
173 panose-1:2 11 6 3 5 3 2 2 2 4;}
176 panose-1:2 11 7 3 3 0 0 0 0 7;}
178 {font-family:"Agency FB";
179 panose-1:0 1 6 6 4 0 0 4 0 3;}
181 {font-family:Algerian;
182 panose-1:4 2 7 5 4 10 2 6 7 2;}
184 {font-family:"Arial Rounded MT Bold";
185 panose-1:2 15 7 4 3 5 4 3 2 4;}
187 {font-family:"Baskerville Old Face";
188 panose-1:2 2 6 2 8 5 5 2 3 3;}
190 {font-family:"Bauhaus 93";
191 panose-1:4 3 9 5 2 11 2 2 12 2;}
193 {font-family:"Bell MT";
194 panose-1:2 2 5 3 6 3 5 2 3 3;}
196 {font-family:"Berlin Sans FB";
197 panose-1:2 14 6 2 2 5 2 2 3 6;}
199 {font-family:"Bernard MT Condensed";
200 panose-1:2 5 8 6 6 9 5 2 4 4;}
202 {font-family:"Blackadder ITC";
203 panose-1:4 2 5 5 5 16 7 2 13 2;}
205 {font-family:"Bookman Old Style";
206 panose-1:2 5 6 4 5 5 5 2 2 4;}
208 {font-family:"Bradley Hand ITC";
209 panose-1:3 7 4 2 5 3 2 3 2 3;}
211 {font-family:"Britannic Bold";
212 panose-1:2 11 9 3 6 7 3 2 2 4;}
214 {font-family:Broadway;
215 panose-1:4 4 9 5 8 11 2 2 5 2;}
217 {font-family:"Brush Script MT";
218 panose-1:3 6 8 2 4 4 6 7 3 4;}
220 {font-family:"Californian FB";
221 panose-1:2 7 4 3 6 8 11 3 2 4;}
223 {font-family:"Calisto MT";
224 panose-1:2 4 6 3 5 5 5 3 3 4;}
226 {font-family:Castellar;
227 panose-1:2 10 4 2 6 4 6 1 3 1;}
229 {font-family:Centaur;
230 panose-1:2 3 5 4 5 2 5 2 3 4;}
232 {font-family:"Century Schoolbook";
233 panose-1:2 4 6 4 5 5 5 2 3 4;}
235 {font-family:Chiller;
236 panose-1:4 2 4 4 3 16 7 2 6 2;}
238 {font-family:"Colonna MT";
239 panose-1:4 2 8 5 6 2 2 3 2 3;}
241 {font-family:"Cooper Black";
242 panose-1:2 8 9 4 4 3 11 2 4 4;}
244 {font-family:"Copperplate Gothic Bold";
245 panose-1:2 14 7 5 2 2 6 2 4 4;}
247 {font-family:"Copperplate Gothic Light";
248 panose-1:2 14 5 7 2 2 6 2 4 4;}
250 {font-family:"Curlz MT";
251 panose-1:4 4 4 4 5 7 2 2 2 2;}
253 {font-family:"Edwardian Script ITC";
254 panose-1:3 3 3 2 4 7 7 13 8 4;}
256 {font-family:Elephant;
257 panose-1:2 2 9 4 9 5 5 2 3 3;}
259 {font-family:"Engravers MT";
260 panose-1:2 9 7 7 8 5 5 2 3 4;}
262 {font-family:"Eras Bold ITC";
263 panose-1:2 11 9 7 3 5 4 2 2 4;}
265 {font-family:"Eras Demi ITC";
266 panose-1:2 11 8 5 3 5 4 2 8 4;}
268 {font-family:"Eras Light ITC";
269 panose-1:2 11 4 2 3 5 4 2 8 4;}
271 {font-family:"Eras Medium ITC";
272 panose-1:2 11 6 2 3 5 4 2 8 4;}
274 {font-family:"Felix Titling";
275 panose-1:4 6 5 5 6 2 2 2 10 4;}
277 {font-family:"Footlight MT Light";
278 panose-1:2 4 6 2 6 3 10 2 3 4;}
281 panose-1:3 6 9 2 4 5 2 7 2 3;}
283 {font-family:"Franklin Gothic Book";
284 panose-1:2 11 5 3 2 1 2 2 2 4;}
286 {font-family:"Franklin Gothic Demi";
287 panose-1:2 11 7 3 2 1 2 2 2 4;}
289 {font-family:"Franklin Gothic Demi Cond";
290 panose-1:2 11 7 6 3 4 2 2 2 4;}
292 {font-family:"Franklin Gothic Heavy";
293 panose-1:2 11 9 3 2 1 2 2 2 4;}
295 {font-family:"Franklin Gothic Medium";
296 panose-1:2 11 6 3 2 1 2 2 2 4;}
298 {font-family:"Franklin Gothic Medium Cond";
299 panose-1:2 11 6 6 3 4 2 2 2 4;}
301 {font-family:"Freestyle Script";
302 panose-1:3 8 4 2 3 2 5 11 4 4;}
304 {font-family:"French Script MT";
305 panose-1:3 2 4 2 4 6 7 4 6 5;}
307 {font-family:Garamond;
308 panose-1:2 2 4 4 3 3 1 1 8 3;}
311 panose-1:4 4 5 4 6 16 7 2 13 2;}
313 {font-family:"Gill Sans MT";
314 panose-1:2 11 5 2 2 1 4 2 2 3;}
316 {font-family:"Gill Sans MT Condensed";
317 panose-1:2 11 5 6 2 1 4 2 2 3;}
319 {font-family:"Gill Sans Ultra Bold";
320 panose-1:2 11 10 2 2 1 4 2 2 3;}
322 {font-family:"Gill Sans Ultra Bold Condensed";
323 panose-1:2 11 10 6 2 1 4 2 2 3;}
325 {font-family:"Gill Sans MT Ext Condensed Bold";
326 panose-1:2 11 9 2 2 1 4 2 2 3;}
328 {font-family:"Gloucester MT Extra Condensed";
329 panose-1:2 3 8 8 2 6 1 1 1 1;}
331 {font-family:"Goudy Old Style";
332 panose-1:2 2 5 2 5 3 5 2 3 3;}
334 {font-family:"Goudy Stout";
335 panose-1:2 2 9 4 7 3 11 2 4 1;}
337 {font-family:Haettenschweiler;
338 panose-1:2 11 7 6 4 9 2 6 2 4;}
340 {font-family:"Harlow Solid Italic";
341 panose-1:4 3 6 4 2 15 2 2 13 2;}
343 {font-family:Harrington;
344 panose-1:4 4 5 5 5 10 2 2 7 2;}
346 {font-family:"High Tower Text";
347 panose-1:2 4 5 2 5 5 6 3 3 3;}
349 {font-family:"Imprint MT Shadow";
350 panose-1:4 2 6 5 6 3 3 3 2 2;}
352 {font-family:Jokerman;
353 panose-1:4 9 6 5 6 13 6 2 7 2;}
355 {font-family:"Juice ITC";
356 panose-1:4 4 4 3 4 10 2 2 2 2;}
358 {font-family:"Kristen ITC";
359 panose-1:3 5 5 2 4 2 2 3 2 2;}
361 {font-family:"Kunstler Script";
362 panose-1:3 3 4 2 2 6 7 13 13 6;}
364 {font-family:"Lucida Bright";
365 panose-1:2 4 6 2 5 5 5 2 3 4;}
367 {font-family:"Lucida Calligraphy";
368 panose-1:3 1 1 1 1 1 1 1 1 1;}
370 {font-family:"Lucida Fax";
371 panose-1:2 6 6 2 5 5 5 2 2 4;}
373 {font-family:"Lucida Handwriting";
374 panose-1:3 1 1 1 1 1 1 1 1 1;}
376 {font-family:"Lucida Sans";
377 panose-1:2 11 6 2 3 5 4 2 2 4;}
379 {font-family:"Lucida Sans Typewriter";
380 panose-1:2 11 5 9 3 5 4 3 2 4;}
382 {font-family:Magneto;
383 panose-1:4 3 8 5 5 8 2 2 13 2;}
385 {font-family:"Maiandra GD";
386 panose-1:2 14 5 2 3 3 8 2 2 4;}
388 {font-family:"Matura MT Script Capitals";
389 panose-1:3 2 8 2 6 6 2 7 2 2;}
391 {font-family:Mistral;
392 panose-1:3 9 7 2 3 4 7 2 4 3;}
394 {font-family:"Modern No\. 20";
395 panose-1:2 7 7 4 7 5 5 2 3 3;}
397 {font-family:"Niagara Engraved";
398 panose-1:4 2 5 2 7 7 3 3 2 2;}
400 {font-family:"Niagara Solid";
401 panose-1:4 2 5 2 7 7 2 2 2 2;}
403 {font-family:"OCR A Extended";
404 panose-1:2 1 5 9 2 1 2 1 3 3;}
406 {font-family:"Old English Text MT";
407 panose-1:3 4 9 2 4 5 8 3 8 6;}
410 panose-1:4 5 6 2 8 7 2 2 2 3;}
412 {font-family:"Palace Script MT";
413 panose-1:3 3 3 2 2 6 7 12 11 5;}
415 {font-family:Papyrus;
416 panose-1:3 7 5 2 6 5 2 3 2 5;}
418 {font-family:Parchment;
419 panose-1:3 4 6 2 4 7 8 4 8 4;}
421 {font-family:Perpetua;
422 panose-1:2 2 5 2 6 4 1 2 3 3;}
424 {font-family:"Perpetua Titling MT";
425 panose-1:2 2 5 2 6 5 5 2 8 4;}
427 {font-family:Playbill;
428 panose-1:4 5 6 3 10 6 2 2 2 2;}
430 {font-family:"Poor Richard";
431 panose-1:2 8 5 2 5 5 5 2 7 2;}
433 {font-family:Pristina;
434 panose-1:3 6 4 2 4 4 6 8 2 4;}
436 {font-family:"Rage Italic";
437 panose-1:3 7 5 2 4 5 7 7 3 4;}
440 panose-1:4 4 8 5 5 8 9 2 6 2;}
442 {font-family:Rockwell;
443 panose-1:2 6 6 3 2 2 5 2 4 3;}
445 {font-family:"Rockwell Condensed";
446 panose-1:2 6 6 3 5 4 5 2 1 4;}
448 {font-family:"Rockwell Extra Bold";
449 panose-1:2 6 9 3 4 5 5 2 4 3;}
451 {font-family:"Informal Roman";
452 panose-1:3 6 4 2 3 4 6 11 2 4;}
454 {font-family:"Script MT Bold";
455 panose-1:3 4 6 2 4 6 7 8 9 4;}
457 {font-family:"Showcard Gothic";
458 panose-1:4 2 9 4 2 1 2 2 6 4;}
460 {font-family:"Snap ITC";
461 panose-1:4 4 10 7 6 10 2 2 2 2;}
463 {font-family:Stencil;
464 panose-1:4 4 9 5 13 8 2 2 4 4;}
466 {font-family:"Tempus Sans ITC";
467 panose-1:4 2 4 4 3 13 7 2 2 2;}
469 {font-family:"Trebuchet MS";
470 panose-1:2 11 6 3 2 2 2 2 2 4;}
472 {font-family:"Tw Cen MT";
473 panose-1:2 11 6 2 2 1 4 2 6 3;}
475 {font-family:"Tw Cen MT Condensed";
476 panose-1:2 11 6 6 2 1 4 2 2 3;}
478 {font-family:"Viner Hand ITC";
479 panose-1:3 7 5 2 3 5 2 2 2 3;}
481 {font-family:Vivaldi;
482 panose-1:3 2 6 2 5 5 6 9 8 4;}
484 {font-family:"Vladimir Script";
485 panose-1:3 5 4 2 4 4 7 7 3 5;}
487 {font-family:"Wide Latin";
488 panose-1:2 10 10 7 5 5 5 2 4 4;}
490 {font-family:"Wingdings 2";
491 panose-1:5 2 1 2 1 5 7 7 7 7;}
493 {font-family:"Wingdings 3";
494 panose-1:5 4 1 2 1 8 7 7 7 7;}
496 {font-family:"Berlin Sans FB Demi";
497 panose-1:2 14 8 2 2 5 2 2 3 6;}
499 {font-family:"Tw Cen MT Condensed Extra Bold";
500 panose-1:2 11 8 3 2 0 0 0 0 4;}
502 {font-family:"Almanac MT";
503 panose-1:5 1 1 1 1 1 1 1 1 1;}
505 {font-family:"Beesknees ITC";
506 panose-1:4 4 10 5 5 13 2 2 5 2;}
508 {font-family:"Holidays MT";
509 panose-1:5 1 1 1 1 1 1 1 1 1;}
511 {font-family:"Monotype Sorts";
512 panose-1:1 1 6 1 1 1 1 1 1 1;}
514 {font-family:"Monotype Sorts 2";
515 panose-1:5 2 1 2 1 2 8 2 8 8;}
517 {font-family:"Pepita MT";
518 panose-1:3 6 4 2 4 5 2 7 8 4;}
520 {font-family:"Vacation MT";
521 panose-1:5 1 1 1 1 1 1 1 1 1;}
523 {font-family:"Map Symbols";
524 panose-1:0 5 1 2 1 7 6 2 5 7;}
526 {font-family:"Bookshelf Symbol 3";
527 panose-1:5 5 1 2 1 7 6 2 5 7;}
529 {font-family:Georgia;
530 panose-1:2 4 5 2 5 4 5 2 3 3;}
532 {font-family:"MS Outlook";
533 panose-1:5 0 0 0 0 0 0 0 0 0;}
535 {font-family:"Berling Antiqua";
536 panose-1:2 2 6 2 6 4 5 3 4 2;}
538 {font-family:Bookdings;
539 panose-1:5 0 0 0 0 0 0 0 0 0;}
541 {font-family:"Frutiger Linotype";
542 panose-1:2 11 6 4 3 5 4 4 2 4;}
544 {font-family:"Andale Mono";
545 panose-1:2 11 5 9 0 0 0 0 0 4;}
548 panose-1:2 11 8 6 3 9 2 5 2 4;}
550 {font-family:"Monotype Corsiva";
551 panose-1:3 1 1 1 1 2 1 1 1 1;}
553 {font-family:"MT Extra";
554 panose-1:5 5 1 2 1 2 5 2 2 2;}
556 {font-family:ProgramTwo;
557 panose-1:0 0 0 0 0 0 0 0 0 0;}
558 /* Style Definitions */
559 p.MsoNormal, li.MsoNormal, div.MsoNormal
561 margin-bottom:.0001pt;
564 font-family:"Times New Roman";}
572 page-break-before:always;
573 page-break-after:avoid;
575 font-family:"Times New Roman";}
583 page-break-after:avoid;
585 font-family:"Times New Roman";}
593 page-break-after:avoid;
595 font-family:"Times New Roman";}
603 page-break-after:avoid;
605 font-family:"Times New Roman";}
614 font-family:"Times New Roman";
624 font-family:"Times New Roman";
627 p.MsoHeading7, li.MsoHeading7, div.MsoHeading7
634 page-break-before:always;
635 page-break-after:avoid;
637 font-family:"Times New Roman";
639 p.MsoHeading8, li.MsoHeading8, div.MsoHeading8
646 page-break-after:avoid;
648 font-family:"Times New Roman";
650 p.MsoHeading9, li.MsoHeading9, div.MsoHeading9
657 page-break-after:avoid;
659 font-family:"Times New Roman";
661 p.MsoIndex1, li.MsoIndex1, div.MsoIndex1
666 margin-bottom:.0001pt;
670 font-family:"Times New Roman";}
671 p.MsoIndex2, li.MsoIndex2, div.MsoIndex2
676 margin-bottom:.0001pt;
680 font-family:"Times New Roman";}
681 p.MsoIndex3, li.MsoIndex3, div.MsoIndex3
686 margin-bottom:.0001pt;
690 font-family:"Times New Roman";}
691 p.MsoIndex4, li.MsoIndex4, div.MsoIndex4
696 margin-bottom:.0001pt;
700 font-family:"Times New Roman";}
701 p.MsoIndex5, li.MsoIndex5, div.MsoIndex5
706 margin-bottom:.0001pt;
710 font-family:"Times New Roman";}
711 p.MsoIndex6, li.MsoIndex6, div.MsoIndex6
716 margin-bottom:.0001pt;
720 font-family:"Times New Roman";}
721 p.MsoIndex7, li.MsoIndex7, div.MsoIndex7
726 margin-bottom:.0001pt;
730 font-family:"Times New Roman";}
731 p.MsoIndex8, li.MsoIndex8, div.MsoIndex8
736 margin-bottom:.0001pt;
740 font-family:"Times New Roman";}
741 p.MsoIndex9, li.MsoIndex9, div.MsoIndex9
746 margin-bottom:.0001pt;
750 font-family:"Times New Roman";}
751 p.MsoToc1, li.MsoToc1, div.MsoToc1
758 font-family:"Times New Roman";
760 p.MsoToc2, li.MsoToc2, div.MsoToc2
765 margin-bottom:.0001pt;
768 font-family:"Times New Roman";}
769 p.MsoToc3, li.MsoToc3, div.MsoToc3
774 margin-bottom:.0001pt;
777 font-family:"Times New Roman";}
778 p.MsoToc4, li.MsoToc4, div.MsoToc4
783 margin-bottom:.0001pt;
786 font-family:"Times New Roman";}
787 p.MsoToc5, li.MsoToc5, div.MsoToc5
792 margin-bottom:.0001pt;
795 font-family:"Times New Roman";}
796 p.MsoToc6, li.MsoToc6, div.MsoToc6
801 margin-bottom:.0001pt;
804 font-family:"Times New Roman";}
805 p.MsoToc7, li.MsoToc7, div.MsoToc7
810 margin-bottom:.0001pt;
813 font-family:"Times New Roman";}
814 p.MsoToc8, li.MsoToc8, div.MsoToc8
819 margin-bottom:.0001pt;
822 font-family:"Times New Roman";}
823 p.MsoToc9, li.MsoToc9, div.MsoToc9
828 margin-bottom:.0001pt;
831 font-family:"Times New Roman";}
832 p.MsoFootnoteText, li.MsoFootnoteText, div.MsoFootnoteText
834 margin-bottom:.0001pt;
837 font-family:"Times New Roman";}
838 p.MsoCommentText, li.MsoCommentText, div.MsoCommentText
840 margin-bottom:.0001pt;
843 font-family:"Times New Roman";}
844 p.MsoHeader, li.MsoHeader, div.MsoHeader
846 margin-bottom:.0001pt;
849 font-family:"Times New Roman";
852 p.MsoFooter, li.MsoFooter, div.MsoFooter
854 margin-bottom:.0001pt;
857 font-family:"Times New Roman";}
858 p.MsoIndexHeading, li.MsoIndexHeading, div.MsoIndexHeading
860 margin-bottom:.0001pt;
863 font-family:"Times New Roman";}
864 p.MsoCaption, li.MsoCaption, div.MsoCaption
871 font-family:"Times New Roman";
873 p.MsoTof, li.MsoTof, div.MsoTof
878 margin-bottom:.0001pt;
882 font-family:"Times New Roman";}
883 span.MsoFootnoteReference
884 {vertical-align:super;}
886 {vertical-align:baseline;}
887 p.MsoListBullet, li.MsoListBullet, div.MsoListBullet
892 margin-bottom:.0001pt;
894 text-indent:-12.95pt;
896 font-family:"Times New Roman";}
897 p.MsoTitle, li.MsoTitle, div.MsoTitle
906 p.MsoSubtitle, li.MsoSubtitle, div.MsoSubtitle
914 p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
916 margin-bottom:.0001pt;
919 font-family:"Times New Roman";}
922 margin-bottom:.0001pt;
924 font-family:"Courier New";}
925 p.TextFontCX, li.TextFontCX, div.TextFontCX
927 margin-bottom:.0001pt;
930 font-family:"Times New Roman";}
931 p.Appendix, li.Appendix, div.Appendix
937 page-break-after:avoid;
939 font-family:"Times New Roman";
941 p.Heading10, li.Heading10, div.Heading10
947 page-break-after:avoid;
949 font-family:"Times New Roman";
950 letter-spacing:-.4pt;
952 p.Heading11, li.Heading11, div.Heading11
958 page-break-after:avoid;
960 font-family:"Times New Roman";
961 letter-spacing:-.4pt;
971 {font-family:"Courier New";}
973 {font-family:"Courier New";
979 {font-family:"Courier New";
983 {font-family:"Times New Roman";
985 p.Author, li.Author, div.Author
994 p.Verbatim, li.Verbatim, div.Verbatim
996 margin-bottom:.0001pt;
998 font-family:"Courier New";
1000 p.lclintrun, li.lclintrun, div.lclintrun
1002 margin-bottom:.0001pt;
1004 font-family:"Arial Narrow";}
1005 p.IndentText, li.IndentText, div.IndentText
1010 margin-bottom:.0001pt;
1013 font-family:"Times New Roman";}
1014 p.beforelist, li.beforelist, div.beforelist
1017 margin-bottom:6.0pt;
1021 font-family:"Times New Roman";}
1022 p.example, li.example, div.example
1025 margin-bottom:6.0pt;
1028 font-family:"Courier New";
1030 p.skiplist, li.skiplist, div.skiplist
1035 margin-bottom:.0001pt;
1038 font-family:"Times New Roman";}
1039 p.afterlist, li.afterlist, div.afterlist
1044 margin-bottom:.0001pt;
1047 font-family:"Times New Roman";}
1048 p.betweenlists, li.betweenlists, div.betweenlists
1051 margin-bottom:6.0pt;
1055 font-family:"Times New Roman";}
1056 p.indentbefore, li.indentbefore, div.indentbefore
1059 margin-bottom:6.0pt;
1063 font-family:"Times New Roman";}
1064 p.indentbefore0, li.indentbefore0, div.indentbefore0
1067 margin-bottom:6.0pt;
1071 font-family:"Times New Roman";}
1075 p.Sidebar, li.Sidebar, div.Sidebar
1077 margin-bottom:.0001pt;
1079 font-family:"Times New Roman";}
1080 p.URL, li.URL, div.URL
1082 margin-bottom:.0001pt;
1086 span.StyleKeywordBold
1087 {font-family:"Courier New";
1090 p.ProgramName, li.ProgramName, div.ProgramName
1092 margin-bottom:.0001pt;
1097 {font-family:"Courier New";}
1098 span.ProgramNameChar
1099 {font-family:Arial;}
1101 {font-family:ProgramTwo;
1103 p.fileName, li.fileName, div.fileName
1108 margin-bottom:.0001pt;
1111 p.FileName0, li.FileName0, div.FileName0
1116 margin-bottom:.0001pt;
1120 {font-family:Arial;}
1122 {text-decoration:none;}
1124 {text-decoration:underline;}
1126 {text-decoration:line-through;
1128 /* Page Definitions */
1131 margin:1.0in 1.25in .75in 1.25in;}
1136 margin:1.0in 1.25in 1.0in 99.35pt;}
1141 margin:1.0in 1.25in 1.0in 99.35pt;}
1146 margin:1.0in 1.25in 1.0in 99.0pt;}
1151 margin:1.0in 1.25in 1.0in 1.25in;}
1156 margin:1.0in 1.25in 1.0in 1.25in;}
1161 margin:1.0in 1.25in 1.0in 1.25in;}
1166 margin:1.0in 1.25in 1.0in 1.25in;}
1169 /* List Definitions */
1171 {margin-bottom:0in;}
1173 {margin-bottom:0in;}
1178 <!--#include virtual="header.html"-->
1179 <div class="Section1">
1180 <p class="MsoTitle"><img width="189" height="219" src=
1181 "manual-301_files/image001.jpg" hspace="12"><a name=
1182 "_Ref533872469"></a></p>
1183 <p class="MsoTitle"><a name="_Ref483663680"></a><span class=
1184 "MsoCommentReference"><span style=
1185 'font-size:20.0pt'> </span></span></p>
1186 <p class="MsoTitle"><span class=
1187 "MsoCommentReference"><span style='font-size:26.0pt; font-family:"Book Antiqua"'>
1188 </span></span></p>
1189 <p class="MsoTitle"><span class=
1190 "MsoCommentReference"><span style='font-size:26.0pt; font-family:"Book Antiqua"'>
1191 </span></span></p>
1192 <p class="MsoTitle"><span class=
1193 "MsoCommentReference"><span style='font-size:26.0pt; font-family:"Book Antiqua"'>
1194 </span></span></p>
1195 <p class="MsoTitle"><span class=
1196 "MsoCommentReference"><span style='font-size:26.0pt; font-family:"Book Antiqua"'>
1197 Splint Manual</span></span></p>
1198 <p class="MsoTitle"><span class=
1199 "MsoCommentReference"><span style='font-size:26.0pt; font-family:"Book Antiqua"'>
1200 </span></span></p>
1201 <p class="MsoSubtitle"><span class=
1202 "MsoCommentReference"><span style=
1203 'font-size: 18.0pt;font-family:"Book Antiqua"'>Version
1204 3.1.1</span></span></p>
1205 <p class="MsoSubtitle"><span class=
1206 "MsoCommentReference"><span style=
1207 'font-size: 18.0pt;font-family:"Book Antiqua"'>27 April 2003
1209 <p class="MsoSubtitle"><span class=
1210 "MsoCommentReference"><span style=
1211 'font-size: 15.5pt'> </span></span></p>
1212 <p class="MsoSubtitle"><span class=
1213 "MsoCommentReference"><span style=
1214 'font-size: 15.5pt'> </span></span></p>
1215 <p class="MsoSubtitle"><span class=
1216 "MsoCommentReference"><span style=
1217 'font-size: 15.5pt'> </span></span></p>
1218 <p class="MsoNormal"><span class=
1219 "MsoCommentReference"><span style='font-size:14.0pt; font-family:"Book Antiqua"'>
1220 </span></span></p>
1221 <p class="MsoNormal"><span class=
1222 "MsoCommentReference"><span style='font-size:14.0pt; font-family:"Book Antiqua"'>
1223 </span></span></p>
1224 <p class="MsoNormal"><span class=
1225 "MsoCommentReference"><span style='font-size:14.0pt; font-family:"Book Antiqua"'>
1226 </span></span></p>
1227 <p class="MsoNormal"><span class=
1228 "MsoCommentReference"><span style='font-size:14.0pt; font-family:"Book Antiqua"'>
1229 </span></span></p>
1230 <p class="TextFontCX"><span class=
1231 "MsoCommentReference"><span style='font-size:15.5pt'> </span></span></p>
1232 <p class="TextFontCX" align="right" style=
1233 'margin-right: -58.5pt;text-align:right'><img width="364"
1234 height="181" src="manual-301_files/image002.gif" align="left"
1235 hspace="12" alt="Text Box:
1236 Secure Programming Group
1237 University of Virginia
1238 Department of Computer Science
1241 <p class="TextFontCX" style=
1242 'margin-left:28.35pt; text-indent:-14.15pt'><span class=
1243 "MsoCommentReference"><span style=
1244 'font-size: 15.5pt'> </span></span></p>
1245 <p class="TextFontCX" align="right" style=
1246 'margin-right: 9.0pt;text-align:right'><span class=
1247 "MsoCommentReference"><i><span style=
1248 'font-size:14.0pt'> </span></i></span></p></div>
1249 <span class="MsoCommentReference"><b><i><span style=
1250 'font-size:14.0pt;font-family: Arial'><br clear="all" style=
1251 'page-break-before:auto'></span></i></b></span>
1252 <div class="Section2"><span class=
1253 "MsoCommentReference"><span style='font-size: 15.5pt;font-family:"Times New Roman"'>
1254 <br clear="all" style='page-break-before: always'></span></span>
1255 <p class="TextFontCX"><span class=
1256 "MsoCommentReference"><b><span style=
1257 'font-size:14.0pt;font-family:Arial'> </span></b></span></p>
1258 <h4 style='margin-left:0in;text-indent:0in'><span class=
1259 "MsoCommentReference"><span style=
1260 'font-size:14.0pt'>Authors</span></span></h4>
1261 <p class="TextFontCX">This manual was written by David Evans,
1262 except for Section 9 and Appendix B which were written by David
1263 Larochelle and David Evans.</p>
1264 <h4 style='margin-left:0in;text-indent:0in'><span class=
1265 "MsoCommentReference"><span style=
1266 'font-size:14.0pt'>Credits</span></span></h4>
1267 <p class="TextFontCX">Splint is developed and maintained by the
1268 Secure Programming Group at the University of Virginia Department
1269 of Computer Science. David Evans is the project leader and
1270 the primary developer of Splint. David Larochelle developed
1271 the memory bounds checking. University of Virginia students
1272 Chris Barker, David Friedman, Mike Lanouette and Hien Phan all
1273 contributed significantly to the development of Splint.</p>
1274 <p class="TextFontCX"> </p>
1275 <p class="TextFontCX">Splint is the successor to LCLint, a tool
1276 originally developed as a joint research project between the
1277 Massachusetts Institute of Technology and Digital Equipment
1278 Corporation’s System Research Center. David Evans was
1279 the primary designed and developer of LCLint. John Guttag and
1280 Jim Horning had the original idea for a static checking tool for
1281 detecting inconsistencies between LCL specifications and their C
1282 implementations. They provided valuable advice on its
1283 functionality and design and were instrumental in its
1284 development. </p>
1285 <p class="TextFontCX"> </p>
1286 <p class="TextFontCX">Splint incorporates the original LCL checker
1287 developed by Yang Meng Tan. This was built on the DECspec
1288 Project (Joe Wild, Gary Feldman, Steve Garland, and Bill
1289 McKeeman). The LSL checker used by LCLint was developed by
1290 Steve Garland. The original C grammar for LCLint was provided
1291 by Nate Osgood. This work has also benefited greatly from
1292 discussions with Mike Burrows, David Friedman, Stephen Garland,
1293 Colin Godfrey, Steve Harrison, Yanlin Huang, Daniel Jackson, John
1294 Knight, David Larochelle, Angelika Leeb, Ulana Legedza, Gary
1295 McGraw, Anya Pogosyants, Avneesh Saxena, Seejo Sebastine, Navneet
1296 Singh, Raymie Stata, Yang Meng Tan, and Mark Vandevoorde. I
1297 especially thank Angelika Leeb for many constructive comments on
1298 improving an early version of this document, Raymie Stata and Mark
1299 Vandevoorde for technical assistance, and Dorothy Curtis, Paco
1300 Hope, Scott Ruffner, Christina Jackson, David Ladd, and Jessica
1301 Greer for systems assistance.</p>
1302 <p class="TextFontCX"> </p>
1303 <p class="TextFontCX">Much of Splint’s development has been
1304 driven by feedback from users in academia and industry. Many
1305 more people than I can mention here have made contributions by
1306 suggesting improvements, reporting bugs, porting early versions of
1307 Splint to other platforms. Particularly heroic contributions
1308 have been made by Nelson Beebe, Eric Bloodworth, Jutta Degener,
1309 Rick Farnbach, Chris Flatters, Huver Hu, Alexander Mai, John Gerard
1310 Malecki, Thomas G. McWilliams, Michael Meskes, Richard
1311 O’Keefe, Jens Schweikhardt, Albert L. Ting and Jim Zelenka.
1312 Martin “Herbert” Dietze and Mike Smith performed
1313 valiantly in producing the original Win32 and OS2 ports. Tim
1314 Van Holder produced the <span class="Keyword"><span style=
1315 'font-size:10.0pt;font-family:Arial;color:windowtext'>automake</span></span>
1316 and <span class="Keyword"><span style=
1317 'font-size:10.0pt;font-family:Arial; color:windowtext'>autoconf</span></span>
1318 distribution. </p>
1319 <p class="TextFontCX"> </p>
1320 <p class="TextFontCX">
1321 Splint research at the University of Virginia is currently funded in part by an NSF CAREER Award and an NSF CCLI Award for using analysis to teach software engineering. Splint has been previously supported by a grant from NASA and David Larochelle was funded by a USENIX student research grant.
1322 <span style='font-size:20.0pt'> </span></p></div>
1323 <span class="MsoCommentReference"><span style=
1324 'font-size:15.5pt;font-family:"Times New Roman"'><br clear="all"
1325 style='page-break-before:right'></span></span>
1326 <div class="Section3">
1327 <p class="MsoToc1" align="center" style='text-align:center'>
1328 <span class="MsoCommentReference"><span style=
1329 'font-size:15.5pt'>Contents</span></span></p>
1330 <p class="MsoToc1">1<span style=
1331 'font-size:12.0pt;font-weight:normal'> </span>
1332 <a href=#operation>Operation</a>................................................................................................................
1334 <p class="MsoToc2">1.1<span style=
1335 'font-size:12.0pt'> </span>
1336 Warnings.............................................................................................................
1338 <p class="MsoToc2">1.2<span style=
1339 'font-size:12.0pt'> </span>
1340 Flags....................................................................................................................
1342 <p class="MsoToc2">1.3<span style=
1343 'font-size:12.0pt'> </span> Stylized
1344 Comments...............................................................................................
1346 <p class="MsoToc3">1.3.1<span style=
1347 'font-size:12.0pt'> </span>
1348 Annotations...................................................................................................
1350 <p class="MsoToc3">1.3.2<span style=
1351 'font-size:12.0pt'> </span> Setting
1352 Flags..................................................................................................
1354 <p class="MsoToc1">2<span style=
1355 'font-size:12.0pt;font-weight:normal'> </span>
1357 Dereferences</a>...................................................................................................
1359 <p class="MsoToc3">2.1.1<span style=
1360 'font-size:12.0pt'> </span> Predicate
1361 Functions........................................................................................
1363 <p class="MsoToc3">2.1.2<span style=
1364 'font-size:12.0pt'> </span> Notnull
1365 Annotations........................................................................................
1367 <p class="MsoToc3">2.1.3<span style=
1368 'font-size:12.0pt'> </span> Relaxing Null
1369 Checking..................................................................................
1371 <p class="MsoToc1">3<span style=
1372 'font-size:12.0pt;font-weight:normal'> </span>
1375 Values</a>....................................................................................................
1377 <p class="MsoToc3">3.1.1<span style=
1378 'font-size:12.0pt'> </span> Undefined
1379 Parameters...................................................................................
1381 <p class="MsoToc3">3.1.2<span style=
1382 'font-size:12.0pt'> </span> Relaxing
1383 Checking.........................................................................................
1385 <p class="MsoToc3">3.1.3<span style=
1386 'font-size:12.0pt'> </span> Partially
1388 Structures............................................................................
1390 <p class="MsoToc1">4<span style=
1391 'font-size:12.0pt;font-weight:normal'> </span>
1393 Types</a>.......................................................................................................................
1395 <p class="MsoToc2">4.1<span style=
1396 'font-size:12.0pt'> </span> Built in C
1397 Types....................................................................................................
1399 <p class="MsoToc3">4.1.1<span style=
1400 'font-size:12.0pt'> </span>
1401 Characters....................................................................................................
1403 <p class="MsoToc3">4.1.2<span style=
1404 'font-size:12.0pt'> </span>
1405 Enumerators..................................................................................................
1407 <p class="MsoToc3">4.1.3<span style=
1408 'font-size:12.0pt'> </span> Numeric
1409 Types..............................................................................................
1411 <p class="MsoToc3">4.1.4<span style=
1412 'font-size:12.0pt'> </span> Arbitrary
1414 Types.................................................................................
1416 <p class="MsoToc2">4.2<span style=
1417 'font-size:12.0pt'> </span> Boolean
1418 Types.....................................................................................................
1420 <p class="MsoToc2">4.3<span style=
1421 'font-size:12.0pt'> </span> Abstract
1422 Types.....................................................................................................
1424 <p class="MsoToc3">4.3.1<span style=
1425 'font-size:12.0pt'> </span> Controlling
1426 Access.........................................................................................
1428 <p class="MsoToc3">4.3.2<span style=
1429 'font-size:12.0pt'> </span>
1430 Mutability......................................................................................................
1432 <p class="MsoToc2">4.4<span style=
1433 'font-size:12.0pt'> </span>
1434 Polymorphism.......................................................................................................
1436 <p class="MsoToc1">5<span style=
1437 'font-size:12.0pt;font-weight:normal'> </span>
1440 Management</a>............................................................................................
1442 <p class="MsoToc2">5.1<span style=
1443 'font-size:12.0pt'> </span> Storage
1444 Model......................................................................................................
1446 <p class="MsoToc2">5.2<span style=
1447 'font-size:12.0pt'> </span> Deallocation
1448 Errors...............................................................................................
1450 <p class="MsoToc3">5.2.1<span style=
1451 'font-size:12.0pt'> </span> Unshared
1452 References....................................................................................
1454 <p class="MsoToc3">5.2.2<span style=
1455 'font-size:12.0pt'> </span> Temporary
1456 Parameters..................................................................................
1458 <p class="MsoToc3">5.2.3<span style=
1459 'font-size:12.0pt'> </span> Owned and
1461 References.................................................................
1463 <p class="MsoToc3">5.2.4<span style=
1464 'font-size:12.0pt'> </span> Keep
1465 Parameters...........................................................................................
1467 <p class="MsoToc3">5.2.5<span style=
1468 'font-size:12.0pt'> </span> Shared
1469 References........................................................................................
1471 <p class="MsoToc3">5.2.6<span style=
1472 'font-size:12.0pt'> </span> Stack
1473 References..........................................................................................
1475 <p class="MsoToc3">5.2.7<span style=
1476 'font-size:12.0pt'> </span> Inner
1477 Storage.................................................................................................
1479 <p class="MsoToc2">5.3<span style=
1480 'font-size:12.0pt'> </span> Implicit Memory
1481 Annotations.................................................................................
1483 <p class="MsoToc2">5.4<span style=
1484 'font-size:12.0pt'> </span> Reference
1485 Counting..............................................................................................
1487 <p class="MsoToc1">6<span style=
1488 'font-size:12.0pt;font-weight:normal'> </span>
1490 Sharing</a>....................................................................................................................
1492 <p class="MsoToc2">6.1<span style=
1493 'font-size:12.0pt'> </span>
1494 Aliasing................................................................................................................
1496 <p class="MsoToc3">6.1.1<span style=
1497 'font-size:12.0pt'> </span> Unique
1498 Parameters........................................................................................
1500 <p class="MsoToc3">6.1.2<span style=
1501 'font-size:12.0pt'> </span> Returned
1502 Parameters.....................................................................................
1504 <p class="MsoToc2">6.2<span style=
1505 'font-size:12.0pt'> </span>
1506 Exposure..............................................................................................................
1508 <p class="MsoToc3">6.2.1<span style=
1509 'font-size:12.0pt'> </span> Read-Only
1510 Storage........................................................................................
1512 <p class="MsoToc3">6.2.2<span style=
1513 'font-size:12.0pt'> </span> Exposed
1514 Storage............................................................................................
1516 <p class="MsoToc1">7<span style=
1517 'font-size:12.0pt;font-weight:normal'> </span>
1520 Interfaces</a>.................................................................................................
1522 <p class="MsoToc2">7.1<span style=
1523 'font-size:12.0pt'> </span>
1524 Modifications........................................................................................................
1526 <p class="MsoToc3">7.1.1<span style=
1527 'font-size:12.0pt'> </span> State
1528 Modifications........................................................................................
1530 <p class="MsoToc3">7.1.2<span style=
1531 'font-size:12.0pt'> </span> Missing Modifies
1532 Clauses...............................................................................
1534 <p class="MsoToc2">7.2<span style=
1535 'font-size:12.0pt'> </span> Global
1536 Variables...................................................................................................
1538 <p class="MsoToc3">7.2.1<span style=
1539 'font-size:12.0pt'> </span> Controlling
1541 Checking..........................................................................
1543 <p class="MsoToc3">7.2.2<span style=
1544 'font-size:12.0pt'> </span> Definition
1545 State..............................................................................................
1547 <p class="MsoToc2">7.3<span style=
1548 'font-size:12.0pt'> </span> Declaration
1549 Consistency........................................................................................
1551 <p class="MsoToc2">7.4<span style=
1552 'font-size:12.0pt'> </span> State
1553 Clauses.......................................................................................................
1555 <p class="MsoToc2">7.5<span style=
1556 'font-size:12.0pt'> </span> Requires and
1558 Clauses...............................................................................
1560 <p class="MsoToc1">8<span style=
1561 'font-size:12.0pt;font-weight:normal'> </span>
1564 Flow</a>...........................................................................................................
1566 <p class="MsoToc2">8.1<span style=
1567 'font-size:12.0pt'> </span>
1568 Execution.............................................................................................................
1570 <p class="MsoToc2">8.2<span style=
1571 'font-size:12.0pt'> </span> Undefined
1572 Behavior..............................................................................................
1574 <p class="MsoToc2">8.3<span style=
1575 'font-size:12.0pt'> </span> Problematic
1577 Structures..............................................................................
1579 <p class="MsoToc3">8.3.1<span style=
1580 'font-size:12.0pt'> </span> Likely Infinite
1581 Loops......................................................................................
1583 <p class="MsoToc3">8.3.2<span style=
1584 'font-size:12.0pt'> </span>
1585 Switches.......................................................................................................
1587 <p class="MsoToc3">8.3.3<span style=
1588 'font-size:12.0pt'> </span> Deep
1589 Breaks.................................................................................................
1591 <p class="MsoToc3">8.3.4<span style=
1592 'font-size:12.0pt'> </span> Loop and If
1593 Bodies........................................................................................
1595 <p class="MsoToc3">8.3.5<span style=
1596 'font-size:12.0pt'> </span> Complete
1597 Logic.............................................................................................
1599 <p class="MsoToc2">8.4<span style=
1600 'font-size:12.0pt'> </span> Suspicious
1601 Statements...........................................................................................
1603 <p class="MsoToc3">8.4.1<span style=
1604 'font-size:12.0pt'> </span> Statements with
1606 Effects............................................................................
1608 <p class="MsoToc3">8.4.2<span style=
1609 'font-size:12.0pt'> </span> Ignored Return
1610 Values...................................................................................
1612 <p class="MsoToc1">9<span style=
1613 'font-size:12.0pt;font-weight:normal'> </span>
1616 Sizes</a>.............................................................................................................
1618 <p class="MsoToc2">9.1<span style=
1619 'font-size:12.0pt'> </span> Checking
1620 Accesses..............................................................................................
1622 <p class="MsoToc2">9.2<span style=
1623 'font-size:12.0pt'> </span> Annotating
1625 Sizes........................................................................................
1627 <p class="MsoToc2">9.3<span style=
1628 'font-size:12.0pt'> </span>
1629 Warnings.............................................................................................................
1631 <p class="MsoToc1">10<span style=
1632 'font-size:12.0pt;font-weight:normal'> </span>
1633 <a href=#extensible>
1635 Checking</a>............................................................................................
1637 <p class="MsoToc2">10.1<span style=
1638 'font-size:12.0pt'> </span>
1640 Attributes............................................................................................
1642 <p class="MsoToc2">10.2<span style=
1643 'font-size:12.0pt'> </span>
1644 Annotations......................................................................................................
1646 <p class="MsoToc2">10.3<span style=
1647 'font-size:12.0pt'> </span>
1648 Example...........................................................................................................
1650 <p class="MsoToc1">11<span style=
1651 'font-size:12.0pt;font-weight:normal'> </span>
1653 Macros</a>..................................................................................................................
1655 <p class="MsoToc2">11.1<span style=
1656 'font-size:12.0pt'> </span>
1658 Macros...............................................................................................
1660 <p class="MsoToc2">11.2<span style=
1661 'font-size:12.0pt'> </span>
1663 Macros.........................................................................................
1665 <p class="MsoToc3">11.2.1<span style=
1666 'font-size:12.0pt'> </span> Side
1668 Parameters.......................................................................
1670 <p class="MsoToc2">11.3<span style=
1671 'font-size:12.0pt'> </span>
1673 Checking...............................................................................
1675 <p class="MsoToc2">11.4<span style=
1676 'font-size:12.0pt'> </span>
1677 Iterators...........................................................................................................
1679 <p class="MsoToc3">11.4.1<span style=
1680 'font-size:12.0pt'> </span>
1682 Iterators.......................................................................................
1684 <p class="MsoToc3">11.4.2<span style=
1685 'font-size:12.0pt'> </span>
1687 Iterators...........................................................................................
1689 <p class="MsoToc1">12<span style=
1690 'font-size:12.0pt;font-weight:normal'> </span>
1693 Conventions</a>............................................................................................
1695 <p class="MsoToc2">12.1<span style=
1696 'font-size:12.0pt'> </span>
1698 Conventions......................................................................
1700 <p class="MsoToc3">12.1.1<span style=
1701 'font-size:12.0pt'> </span>
1703 Names.............................................................................................
1705 <p class="MsoToc3">12.1.2<span style=
1706 'font-size:12.0pt'> </span>
1708 Names............................................................................................
1710 <p class="MsoToc3">12.1.3<span style=
1711 'font-size:12.0pt'> </span>
1713 Names..................................................................................
1715 <p class="MsoToc2">12.2<span style=
1716 'font-size:12.0pt'> </span>
1718 Prefixes.........................................................................................
1720 <p class="MsoToc2">12.3<span style=
1721 'font-size:12.0pt'> </span>
1723 Restrictions..........................................................................................
1725 <p class="MsoToc3">12.3.1<span style=
1726 'font-size:12.0pt'> </span>
1728 Names........................................................................................
1730 <p class="MsoToc3">12.3.2<span style=
1731 'font-size:12.0pt'> </span>
1733 Names...........................................................................................
1735 <p class="MsoToc1">13<span style=
1736 'font-size:12.0pt;font-weight:normal'> </span>
1737 <a href=#completeness>
1738 Completeness</a>.......................................................................................................
1740 <p class="MsoToc2">13.1<span style=
1741 'font-size:12.0pt'> </span>
1743 Declarations.........................................................................................
1745 <p class="MsoToc2">13.2<span style=
1746 'font-size:12.0pt'> </span>
1748 Programs...........................................................................................
1750 <p class="MsoToc3">13.2.1<span style=
1751 'font-size:12.0pt'> </span>
1752 Unnecessarily External
1753 Names....................................................................
1755 <p class="MsoToc3">13.2.2<span style=
1756 'font-size:12.0pt'> </span>
1757 Declarations Missing from
1758 Headers.............................................................
1760 <p class="MsoToc1">14<span style=
1761 'font-size:12.0pt;font-weight:normal'> </span>
1763 Libraries and Header File
1764 Inclusion</a>....................................................................
1766 <p class="MsoToc2">14.1<span style=
1767 'font-size:12.0pt'> </span>
1769 Libraries.............................................................................................
1771 <p class="MsoToc3">14.1.1<span style=
1772 'font-size:12.0pt'> </span> ISO
1774 Library..................................................................................
1776 <p class="MsoToc3">14.1.2<span style=
1777 'font-size:12.0pt'> </span>
1779 Library...........................................................................................
1781 <p class="MsoToc3">14.1.3<span style=
1782 'font-size:12.0pt'> </span> UNIX
1783 Library............................................................................................
1785 <p class="MsoToc3">14.1.4<span style=
1786 'font-size:12.0pt'> </span>
1788 Libraries............................................................................................
1790 <p class="MsoToc2">14.2<span style=
1791 'font-size:12.0pt'> </span>
1793 Libraries..........................................................................................
1795 <p class="MsoToc3">14.2.1<span style=
1796 'font-size:12.0pt'> </span>
1797 Generating the Standard
1798 Libraries................................................................
1800 <p class="MsoToc2">14.3<span style=
1801 'font-size:12.0pt'> </span>
1803 Inclusion.........................................................................................
1805 <p class="MsoToc3">14.3.1<span style=
1806 'font-size:12.0pt'> </span>
1808 Constants.............................................................................
1810 <p class="MsoToc1">Appendix A<span style=
1811 'font-size:12.0pt;font-weight:normal'> </span>
1812 <a href=#availability>
1813 Availability</a>...............................................................................................
1815 <p class="MsoToc1">Appendix B<span style=
1816 'font-size:12.0pt;font-weight:normal'> </span>
1818 Flags</a>........................................................................................................
1820 <p class="MsoToc2">Global
1821 Flags...................................................................................................................
1824 Help..........................................................................................................................
1827 Initialization................................................................................................................
1830 Pre-processor............................................................................................................
1833 Libraries....................................................................................................................
1836 Output.......................................................................................................................
1838 <p class="MsoToc3">Expected
1839 Errors.........................................................................................................
1841 <p class="MsoToc2">Message
1842 Format............................................................................................................
1844 <p class="MsoToc2">Mode Selector
1845 Flags.......................................................................................................
1847 <p class="MsoToc2">Checking
1848 Flags...............................................................................................................
1851 Key...........................................................................................................................
1854 Types........................................................................................................................
1856 <p class="MsoToc3">Function
1857 Interfaces.....................................................................................................
1859 <p class="MsoToc3">Memory
1860 Management................................................................................................
1863 Sharing......................................................................................................................
1865 <p class="MsoToc3">Use Before Definition <i>(Section
1866 3)</i>...............................................................................
1868 <p class="MsoToc3">Null Dereferences <i>(Section
1869 2)</i>....................................................................................
1871 <p class="MsoToc3">Macros <i>(Section
1872 7)</i>....................................................................................................
1875 Iterators.....................................................................................................................
1877 <p class="MsoToc3">Naming
1878 Conventions...................................................................................................
1880 <p class="MsoToc3">Other
1881 Checks.............................................................................................................
1883 <p class="MsoToc2">Flag Name
1884 Abbreviations................................................................................................
1886 <p class="MsoToc1">Appendix C<span style=
1887 'font-size:12.0pt;font-weight:normal'> </span>
1888 <a href=#annotations>
1889 Annotations</a>.............................................................................................
1891 <p class="MsoToc3">Suppressing
1892 Warnings.................................................................................................
1894 <p class="MsoToc2">Syntactic
1895 Annotations.....................................................................................................
1898 Functions...................................................................................................................
1900 <p class="MsoToc3">Iterators (Section
1901 11.4)...............................................................................................
1903 <p class="MsoToc3">Constants (Section
1904 11.1).............................................................................................
1906 <p class="MsoToc3">Alternate Types (Section
1907 4.4)......................................................................................
1909 <p class="MsoToc3">Declarator
1910 Annotations...............................................................................................
1912 <p class="MsoToc3">Type
1913 Access..............................................................................................................
1915 <p class="MsoToc3">Macro
1916 Expansion......................................................................................................
1918 <p class="MsoToc3">Arbitrary Integral
1919 Types............................................................................................
1921 <p class="MsoToc3">Traditional Lint
1922 Comments........................................................................................
1924 <p class="MsoToc2">Metastate
1925 Definitions....................................................................................................
1927 <p class="MsoToc1">Appendix D<span style=
1928 'font-size:12.0pt;font-weight:normal'> </span>
1929 <a href=#specifications>
1930 Specifications<a/>.........................................................................................
1932 <p class="MsoToc3">Specification
1933 Flags....................................................................................................
1936 Appendix E<span style=
1937 'font-size:12.0pt;font-weight:normal'> </span>
1940 Bibliography</a>........................................................................
1943 <p class="TextFontCX"> </p></div>
1944 <span class="MsoCommentReference"><b><i><span style=
1945 'font-size:15.5pt;font-family: "Times New Roman";text-transform:uppercase'>
1946 <br clear="all" style=
1947 'page-break-before: right'></span></i></b></span>
1948 <div class="Section4">
1949 <p class="TextFontCX"><span style=
1950 'font-size:16.0pt'> </span></p>
1951 <p class="MsoNormal" align="center" style='text-align:center'>
1952 <b><span style='font-size:16.0pt'>Splint User’s
1953 Manual</span></b></p>
1954 <p class="MsoNormal" align="center" style='text-align:center'>
1956 <p class="MsoNormal" align="center" style='text-align:center'>
1958 <p class="MsoNormal" align="center" style='text-align:center'>7
1960 <p class="TextFontCX"> </p>
1961 <p class="TextFontCX">Splint<a href="#_ftn1" name="_ftnref1"
1962 title=""><span class="MsoFootnoteReference"><span class=
1963 "MsoFootnoteReference"><span style=
1964 'font-size:11.0pt;font-family:"Times New Roman"'>[1]</span></span></span></a>
1965 is a tool for statically checking C programs for security
1966 vulnerabilities and programming mistakes. Splint does many
1967 of the traditional lint checks including unused declarations,
1968 type inconsistencies, use before definition, unreachable code,
1969 ignored return values, execution paths with no return, likely
1970 infinite loops, and fall through cases. More powerful
1971 checks are made possible by additional information given in
1972 source code annotations. Annotations are stylized
1973 comments that document assumptions about functions, variables,
1974 parameters and types. In addition to the checks
1975 specifically enabled by annotations, many of the traditional
1976 lint checks are improved by exploiting this additional
1978 <p class="TextFontCX"> </p>
1979 <p class="TextFontCX">As more effort is put into annotating
1980 programs, better checking results. A representational
1981 effort-benefit curve for using Splint is shown in Figure 1.
1982 Splint is designed to be flexible and allow programmers to select
1983 appropriate points on the effort-benefit curve for particular
1984 projects. As different checks are turned on and more
1985 information is given in code annotations the number of bugs that
1986 can be detected increases dramatically.</p>
1987 <p class="TextFontCX"> </p>
1988 <p class="beforelist">Problems detected by Splint include:</p>
1989 <p class="TextFontCX" style=
1990 'margin-left:12.95pt; text-indent:-12.95pt'><span style=
1991 'font-family:Symbol'>·<span style=
1992 'font:7.0pt "Times New Roman"'> </span></span>
1993 Dereferencing a possibly null pointer (Section 2);</p>
1994 <p class="TextFontCX" style=
1995 'margin-left:12.95pt; text-indent:-12.95pt'><span style=
1996 'font-family:Symbol'>·<span style=
1997 'font:7.0pt "Times New Roman"'> </span></span>
1998 Using possibly undefined storage or returning storage that is not
1999 properly defined (Section 3);</p>
2000 <p class="MsoListBullet"><span style=
2001 'font-family:Symbol'>·<span style=
2002 'font:7.0pt "Times New Roman"'> </span></span>
2003 Type mismatches, with greater precision and flexibility than
2004 provided by C compilers (Section 4.1–4.2);</p>
2005 <p class="MsoListBullet"><span style=
2006 'font-family:Symbol'>·<span style=
2007 'font:7.0pt "Times New Roman"'> </span></span>
2008 Violations of information hiding (Section 4.3);</p>
2009 <p class="TextFontCX" style=
2010 'margin-left:12.95pt; text-indent:-12.95pt'><span style=
2011 'font-family:Symbol'>·<span style=
2012 'font:7.0pt "Times New Roman"'> </span></span>
2013 Memory management errors including uses of dangling references and
2014 memory leaks (Section 5);</p>
2015 <p class="TextFontCX" style=
2016 'margin-left:12.95pt; text-indent:-12.95pt'><span style=
2017 'font-family:Symbol'>·<span style=
2018 'font:7.0pt "Times New Roman"'> </span></span>
2019 Dangerous aliasing (Section 6);</p>
2020 <p class="TextFontCX" style=
2021 'margin-left:12.95pt; text-indent:-12.95pt'><span style=
2022 'font-family:Symbol'>·<span style=
2023 'font:7.0pt "Times New Roman"'> </span></span>
2024 Modifications and global variable uses that are inconsistent with
2025 specified interfaces (Section 7);</p>
2026 <p class="TextFontCX" style=
2027 'margin-left:12.95pt; text-indent:-12.95pt'><span style=
2028 'font-family:Symbol'>·<span style=
2029 'font:7.0pt "Times New Roman"'> </span></span>
2030 Problematic control flow such as likely infinite loops (Section
2031 8.3.1), fall through cases or incomplete switches (Section 8.3.2),
2032 and suspicious statements (Section 8.4);</p>
2033 <p class="TextFontCX" style=
2034 'margin-left:12.95pt; text-indent:-12.95pt'><span style=
2035 'font-family:Symbol'>·<span style=
2036 'font:7.0pt "Times New Roman"'> </span></span>
2037 Buffer overflow vulnerabilities (Section 9);</p>
2038 <p class="TextFontCX" style=
2039 'margin-left:12.95pt; text-indent:-12.95pt'><span style=
2040 'font-family:Symbol'>·<span style=
2041 'font:7.0pt "Times New Roman"'> </span></span>
2042 Dangerous macro implementations or invocations (Section 11);
2044 <p class="TextFontCX" style=
2045 'margin-left:12.95pt; text-indent:-12.95pt'><span style=
2046 'font-family:Symbol'>·<span style=
2047 'font:7.0pt "Times New Roman"'> </span></span>
2048 Violations of customized naming conventions. (Section
2050 <p class="TextFontCX"> </p>
2051 <p class="MsoCaption"> </p>
2052 <center><img width="572" height="350" src=
2053 "manual-301_files/image003.gif">
2057 <p class="MsoCaption"><a name="_Toc534824605"></a><a name=
2058 "_Ref534821281">Figure</a> 1. Typical Effort-Benefit
2060 <p class="TextFontCX"> </p>
2061 <p class="TextFontCX">Splint checking can be customized to select
2062 what classes of errors are reported using command line flags and
2063 stylized comments in the code. In addition, users can define
2064 new annotations and associated checks to extend Splint’s
2065 checking or to enforce application specific properties (Section
2067 <p class="TextFontCX"><a name="_Ref343085763"></a><a name=
2068 "_Ref343065516"> </a></p>
2069 <p class="TextFontCX"><b>About This Document</b></p>
2070 <p class="TextFontCX">This document is a guide to using
2071 Splint. Section 1 explains how to run Splint, interpret
2072 messages and control checking. Sections 2–13 describe
2073 particular checks done by Splint. There are some minor
2074 dependencies between sections, but in general they can be read in
2075 any order. Section 14 covers issues involving libraries and
2076 header file inclusion important for running Splint on large
2078 <p class="TextFontCX"> </p>
2079 <p class="TextFontCX">This document does not describe technical
2080 details of the checking. For technical background and
2081 analysis of Splint’s effectiveness in practice, see the
2082 papers available at <a href=
2083 "http://www.splint.org/"><span style='font-size:10.0pt;font-family:Arial'>
2084 http://www.splint.org</span></a>. </p>
2086 <table cellspacing="0" cellpadding="0" hspace="0" width="80%"
2087 style="border-collapse: collapse" bordercolor="#111111">
2089 <td valign="top" align="left" style=
2090 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
2091 <p class="TextFontCX" align="right" style='text-align:right'>
2092 <a name="_Ref349497354"></a><a name=
2093 "_Ref348079997"><i><span style='font-size:9.0pt'>Since human
2094 beings themselves are not fully debugged yet, there will be
2095 bugs in your code no matter what you do.</span></i></a></p>
2096 <p class="TextFontCX" align="right" style=
2097 'margin-left:4.5pt;text-align:right'><span style=
2098 'font-size:9.0pt'>Chris Mason,</span><i><span style=
2099 'font-size:9.0pt'>Zero-defects memo</span></i>
2100 <span style='font-size:9.0pt'>(quoted in <i>Microsoft
2101 Secrets</i>, Cusumano and
2102 Selby)</span></p></td></tr></table></center>
2103 <h1 style='margin-left:0in;text-indent:0in'><a name=
2104 "Section1"></a><a name="_Toc534974932"></a><a name=
2105 "_Ref348785755">1<span style=
2106 'font:7.0pt "Times New Roman"'> </span>
2107 <a id="operation" name="operation"> Operation</a></h1>
2108 <p class="TextFontCX">Splint is invoked by listing files to be
2109 checked. Initialization files, command line flags, and
2110 stylized comments may be used to customize checking globally and
2112 <p class="TextFontCX"> </p>
2113 <p class="TextFontCX">The best way to learn to use Splint, of
2114 course, is to actually use it (if you don’t already have
2115 Splint installed on your system, see Appendix A). Before you
2116 read much further in this document, I recommend finding a small C
2117 program. Then, try running:</p>
2118 <p class="example" align="left">splint *.c</p>
2121 <p class="TextFontCX">For the most C programs, this will produce a
2122 large number of warnings. To turn off reporting for some of
2123 the warnings, try:<a name="_Ref347468509"></a><a name=
2124 "_Ref345591726"></a><a name="_Ref345568136"></a><a name=
2125 "_Ref345515100"></a><a name="_Ref345497041"></a><a name=
2126 "_Ref345435155"></a><a name="_Ref345257971"></a><a name=
2127 "_Ref344916723"></a><a name="_Ref344907348"></a><a name=
2128 "_Ref344891202"></a><a name="_Toc344355397"></a></p>
2129 <p class="example" align="left">splint -weak *.c</p>
2132 <p class="TextFontCX">The <span class="Flag"><span style=
2133 'font-size:10.0pt'>-weak</span></span> flag is a mode flag that
2134 sets many checking parameters to select weaker checking than is
2135 done in the default mode. Other Splint flags will be
2136 introduced in the following sections; a complete list is given in
2138 <h2 style='margin-left:0in;text-indent:0in'><a name=
2139 "_Toc534974933"></a><a name="_Toc344355435">1.1<span style=
2140 'font:7.0pt "Times New Roman"'> </span>
2142 <p class="beforelist">A typical warning message is:</p>
2143 <p class="IndentText" align="left" style="margin-bottom: 0.0003pt">
2144 <span style='font-size:10.0pt;font-family:Arial'>sample.c: (in
2145 function faucet)</span></p>
2146 <p class="IndentText" align="left"><span style=
2147 'font-size:10.0pt;font-family:Arial'>sample.c:11:12</span><span style='font-size:10.0pt; font-family:Arial'>
2148 : Fresh storage x not released before return</span></p>
2149 <p class="IndentText" align="left"><span style=
2150 'font-size:10.0pt;font-family:Arial'> A memory leak has been
2151 detected. Storage allocated locally is not released</span></p>
2152 <p class="IndentText" align="left"><span style=
2153 'font-size:10.0pt;font-family:Arial'> before the last
2154 reference to it is lost. (Use -mustfreefresh to inhibit</span></p>
2155 <p class="IndentText" align="left"><span style=
2156 'font-size:10.0pt;font-family:Arial'> warning)</span></p>
2157 <p class="IndentText" align="left"><span style=
2158 'font-size:10.0pt;font-family:Arial'> sample.c:5:47:
2159 Fresh storage x allocated</span></p>
2162 <p class="afterlist">The first line gives the name of the function
2163 in which the error is found. This is printed before the first
2164 message reported for a function. The second line is the text
2165 of the message. This message reports a memory
2166 leak—storage allocated in a function is not deallocated
2167 before the function returns. The file name, line and column
2168 number where the error is located precedes the text. </p>
2169 <p class="TextFontCX"> </p>
2170 <p class="TextFontCX">The next line is a hint giving more
2171 information about the suspected error, including information on how
2172 the warning message may be suppressed. For this message,
2173 using the <span class="Flag"><span style=
2174 'font-size:10.0pt'>‑mustfreefresh</span></span> flag
2175 would prevent this warning from being reported. This flag can
2176 be set at the command line, or more precisely just around the code
2177 point in question by using annotations (see Section 1.3.2).</p>
2178 <p class="TextFontCX"> </p>
2179 <p class="TextFontCX">The final line of the message gives
2180 additional location information. For this message, it tells
2181 where the leaking storage was allocated.</p>
2182 <p class="TextFontCX"> </p>
2183 <p class="beforelist">The generic message format is (parts enclosed
2184 in square brackets are optional):</p>
2185 <p class="Verbatim" align="left"><span style=
2186 'font-family:Arial'> [<file>:<line> (in
2187 <context>)]</span></p>
2188 <p class="Verbatim" align="left"><span style=
2189 'font-family:Arial'>
2190 <file>:<line>[,<column>]:
2191 <i>message</i></span></p>
2192 <p class="Verbatim" align="left"><span style=
2193 'font-family:Arial'>
2194 [<i>hint</i>]</span></p>
2195 <p class="Verbatim" align="left"><span style=
2196 'font-family:Arial'>
2197 <file>:<line>,<column>: <i>extra location
2198 information, if appropriate</i></span></p>
2201 <p class="afterlist">Users can customize the format and content of
2202 messages printed by Splint. The function context is not
2203 printed if <span class="Flag"><span style=
2204 'font-size:10.0pt'>-showfunc</span></span> is used.
2205 Column numbers are not printed if <span class=
2206 "Flag"><span style='font-size:10.0pt'>‑showcol</span></span> is
2207 used. The <span class="Flag"><span style=
2208 'font-size:10.0pt'>+parenfileformat</span></span> flag
2209 can be used to generate file locations in the format
2210 recognized by Microsoft Visual Studio. If <span class=
2212 'font-size:10.0pt'>+parenfileformat</span></span> is set, the
2213 line number follows the file name in parentheses (e.g.,
2214 <span class="PlainText"><span style=
2215 'font-size:10.0pt;font-family:Arial'>sample.c(11)</span></span>.)
2216 Messages are split into lines of length less than the
2217 value set using <span class="Flag"><span style=
2218 'font-size:10.0pt'>-linelen
2219 <i><number></i></span></span>. The default line
2220 length is 80 characters. Splint attempts to split lines
2221 in a sensible place as near to the line length limit as
2223 <p class="afterlist" style='margin-top:0in'> </p>
2224 <p class="afterlist" style='margin-top:0in'>The <span class=
2226 'font-size:10.0pt'>‑hints</span></span> prevents any
2227 hints from being printed. Normally, a hint is given only the
2228 first time a class of error is reported. To have Splint print
2229 a hint for every message regardless, use <span class=
2231 'font-size:10.0pt'>+forcehints</span></span>.</p>
2232 <h2 style='margin-left:0in;text-indent:0in'><a name=
2233 "_Toc534974934"></a><a name="_Ref348343333"></a><a name=
2234 "_Ref348343330"></a><a name="_Ref348092990"></a><a name=
2235 "_Ref344882148"></a><a name="_Ref344870278"></a><a name=
2236 "_Toc344355436">1.2<span style=
2237 'font:7.0pt "Times New Roman"'> </span>
2239 <p class="TextFontCX">So that many programming styles can be
2240 supported, Splint provides several hundred flags for controlling
2241 checking and message reporting. Some of the flags are
2242 introduced in the body of this document. Appendix B describes
2243 every flag. Modes and shortcut flags are provided for setting
2244 many flags at once. Individual flags can override the mode
2246 <p class="TextFontCX"> </p>
2247 <p class="TextFontCX">Flags are preceded by <span class=
2248 "Flag"><span style='font-size:10.0pt'>+</span></span> or
2249 <span class="Flag"><span style=
2250 'font-size:10.0pt'>-</span></span>. When a flag is preceded
2251 by <span class="Flag"><span style=
2252 'font-size:10.0pt'>+</span></span> we say it is <i>on</i>; when it
2253 is preceded by <span class="Flag"><span style=
2254 'font-size:10.0pt'>-</span></span> it is <i>off</i>. The precise
2255 meaning of on and off depends on the type of flag. </p>
2256 <p class="TextFontCX"> </p>
2257 <p class="TextFontCX">The <span class="Flag"><span style=
2258 'font-size:10.0pt'>+</span></span>/<span class=
2259 "Flag"><span style='font-size:10.0pt'>-</span></span> flag
2260 settings are used for consistency and clarity, but contradict
2261 standard UNIX usage and it is easy to accidentally use the
2262 wrong one. To reduce the likelihood of using the wrong
2263 flag, Splint issues warnings when a flag is set in an unusual
2264 way. Warnings are issued when a flag is redundantly set
2265 to the value it already had (these errors are not reported if
2266 the flag is set using a stylized comment), if a mode flag or
2267 special flag is set after a more specific flag that will be
2268 set by the general flag was already set, if value flags are
2269 given unreasonable values, of if flags are set in an
2270 inconsistent way. The <span class="Flag"><span style=
2271 'font-size: 10.0pt'>-warnflags</span></span> flag
2272 suppresses these warnings.</p>
2273 <p class="TextFontCX"> </p>
2274 <p class="TextFontCX">Default flag settings will be read from
2275 <span class="Keyword"><span style=
2276 'font-size:10.0pt;font-family: Arial;color:windowtext'>~/.splintrc</span></span> if
2277 it is readable. If there is a <span class=
2278 "Keyword"><span style=
2279 'font-size:10.0pt;font-family:Arial;color:windowtext'>.splintrc</span></span> file
2280 in the working directory, settings in this file will be read next
2281 and its settings will override those in <span class=
2282 "Keyword"><span style=
2283 'font-size:10.0pt;font-family:Arial; color:windowtext'>~/.splintrc</span></span>.
2284 Command-line flags override settings in either file. The
2285 syntax of the <span class="Keyword"><span style=
2286 'font-size:10.0pt;font-family:Arial;color:windowtext'>.splintrc</span></span> file
2287 is the same as that of command-line flags, except that flags may be
2288 on separate lines and the <span class="CodeText"><span style=
2289 'font-size:10.0pt'>#</span></span> character may be used to
2290 indicate that the remainder of the line is a comment. The
2291 <span class="Flag"><span style=
2292 'font-size:10.0pt'>-nof</span></span> flag prevents the
2293 <span class="Keyword"><span style=
2294 'font-size:10.0pt;font-family: Arial;color:windowtext'>~/.splintrc</span></span> file
2295 from being loaded. The <span class="Flag"><span style=
2296 'font-size:10.0pt'>-f</span></span> <span class=
2298 'font-size:10.0pt'><i><filename></i></span></span> flag
2299 loads options from <i>filename</i>.</p>
2300 <p class="TextFontCX"> </p>
2301 <p class="TextFontCX">To make flag names more readable, hyphens
2302 (<span class="Flag"><span style=
2303 'font-size:10.0pt'>-</span></span>), underscores
2304 (<span class="Flag"><span style=
2305 'font-size:10.0pt'>_</span></span>) and spaces in flags at
2306 the command line are ignored. Hence, <span class=
2308 'font-size:10.0pt'>warnflags</span></span>, <span class=
2310 'font-size:10.0pt'>warn-flags</span></span> and <span class=
2312 'font-size:10.0pt'>warn_flags</span></span> all select the
2313 <span class="Flag"><span style=
2314 'font-size:10.0pt'>warnflags</span></span> option.</p>
2315 <h2 style='margin-left:0in;text-indent:0in'><a name=
2316 "_Toc534974935"></a><a name="_Toc344355442"></a><a name=
2317 "_Ref343086686">1.3<span style=
2318 'font:7.0pt "Times New Roman"'> </span>
2319 Stylized Comments</a></h2>
2320 <p class="TextFontCX">Stylized comments are used to provide extra
2321 information about a type, variable or function interface to improve
2322 checking, or to control flag settings locally.</p>
2323 <p class="TextFontCX"> </p>
2324 <p class="TextFontCX">All stylized comments begin with
2325 <span class="CodeText"><span style=
2326 'font-size:10.0pt'>/*@</span></span> and are closed by the
2327 end of the comment. The role of the <span class=
2328 "CodeText"><span style=
2329 'font-size:10.0pt'>@</span></span> may be played by any
2330 printable character. Use <span class=
2331 "Flag"><span style='font-size:10.0pt'>-commentchar</span></span><span class="Flag">
2333 'font-size:10.0pt'> <i><char></i></span></span> to
2334 select a different stylized comment marker.</p>
2335 <h3 style='margin-left:0in;text-indent:0in'><a name=
2336 "_Toc534974936">1.3.1<span style=
2337 'font:7.0pt "Times New Roman"'> </span>
2338 Annotations</a></h3>
2339 <p class="TextFontCX">Annotations are stylized comments that follow
2340 a definite syntax. Although they are comments, they may only
2341 be used in fixed grammatical contexts (e.g., like a type
2343 <p class="TextFontCX"> </p>
2344 <p class="TextFontCX">Sections 2–6­ describe
2345 annotations for expressing assumptions about variables,
2346 parameters, return values, structure fields and
2347 type definitions. For example, <span class=
2348 "Annot"><span style='font-size:10.0pt'>/*@null@*/</span></span> is
2349 used to express an assumption that a parameter may be NULL.
2350 Section 7 describes annotations for describing function
2351 interfaces. Other annotations are described in later sections
2352 and Section 10 describes mechanisms users can employ to define new
2353 annotations. A summary of annotations is found in Appendix
2355 <p class="TextFontCX"> </p>
2356 <p class="TextFontCX">Some annotations, known as control comments,
2357 may appear between any two tokens in a C program (unlike regular C
2358 comments, control comments should not be used within a single token
2359 as they introduce new separators in the code). Syntactically,
2360 they are no different from standard comments. Control
2361 comments are used to provide source-level control of Splint
2362 checking. They may be used to suppress spurious messages, set
2363 flags, and control checking locally in other ways.</p>
2364 <h3 style='margin-left:0in;text-indent:0in'><a name=
2365 "_Toc534974937"></a><a name="_Ref534648584">1.3.2<span style=
2366 'font:7.0pt "Times New Roman"'> </span>
2367 Setting Flags</a></h3>
2368 <p class="TextFontCX">Most flags (all except those characterized as
2369 “global” in Appendix B) can be set locally using
2370 control comments. A control comment can set flags locally to
2371 override the command line settings. The original flag
2372 settings are restored before processing the next file. The syntax
2373 for setting flags in control comments is the same as that of the
2374 command line, except that flags may also be preceded by
2375 <span class="CodeText"><span style=
2376 'font-size:10.0pt'>=</span></span> to restore their setting
2377 to the original command-line value. For instance,</p>
2378 <p class="example"><span class="Annot"><span style=
2379 'font-size:10.0pt'>/*@+charint</span></span> <span class=
2380 "Annot"><span style=
2381 'font-size:10.0pt'>-modifies</span></span><span class=
2382 "Annot"><span style=
2383 'font-size:10.0pt'>=showfunc</span></span><span class=
2384 "Annot"><span style='font-size:10.0pt'>@*/</span></span></p>
2385 <p class="TextFontCX">sets <span class="Flag"><span style=
2386 'font-size:10.0pt'>charint</span></span> on (this makes
2387 <span class="CodeText"><span style=
2388 'font-size:10.0pt'>char</span></span> and <span class=
2389 "CodeText"><span style='font-size:10.0pt'>int</span></span>
2390 indistinguishable types), sets <span class=
2391 "Flag"><span style='font-size:10.0pt'>modifies</span></span>
2392 off (this prevents reporting of modification errors), and
2393 sets <span class="Flag"><span style=
2394 'font-size:10.0pt'>showfunc</span></span> to its
2395 original setting (this controls whether or not the name
2396 of a function <a name="_Toc344355449">is displayed before a
2397 message).</a><a name="_Ref348845205"></a><a name=
2398 "_Ref348845200"></a> <a name="_Ref348785779"></a></p>
2399 <h1 style='margin-left:0in;text-indent:0in'><a name=
2400 "_Toc534974938"></a><a name="_Ref534641443"></a><a name=
2401 "_Ref534093860"></a><a name="_Ref534050017"></a><a name=
2402 "_Ref534008843">2<span style=
2403 'font:7.0pt "Times New Roman"'> </span>
2404 <a id="null" name="null">Null Dereferences</a></a></h1>
2405 <p class="TextFontCX">A common cause of program failures is when a
2406 null pointer is dereferenced. Splint detects these
2407 errors by distinguishing possibly <span class=
2408 "CodeText"><span style='font-size:10.0pt'>NULL</span></span>
2409 pointers at interface boundaries.</p>
2410 <p class="TextFontCX"> </p>
2411 <p class="TextFontCX">The <span class="Annot"><span style=
2412 'font-size:10.0pt'>null</span></span> annotation is used to
2413 indicate that a pointer value may be <span class=
2414 "CodeText"><span style='font-size:10.0pt'>NULL</span></span>.
2415 A pointer declared with no <span class="Annot"><span style=
2416 'font-size:10.0pt'>null</span></span> annotation, may not be
2417 <span class="CodeText"><span style=
2418 'font-size:10.0pt'>NULL</span></span>. If null checking is
2419 turned on (controlled by <span class="Flag"><span style=
2420 'font-size:10.0pt'>null</span></span>), Splint will report an error
2421 when a possibly null pointer is passed as a parameter, returned as
2422 a result, or assigned to an external reference with no
2423 <span class="Annot"><span style=
2424 'font-size:10.0pt'>null</span></span> qualifier.</p>
2425 <p class="TextFontCX"> </p>
2426 <p class="TextFontCX">If a pointer is declared with the
2427 <span class="Annot"><span style=
2428 'font-size:10.0pt'>null</span></span> annotation, the code
2429 must check that it is not <span class="CodeText"><span style=
2430 'font-size:10.0pt'>NULL</span></span> on all paths leading to
2431 a dereference of the pointer (or the pointer being returned
2432 or passed as a value with no <span class="Annot"><span style=
2433 'font-size:10.0pt'>null</span></span> annotation).
2434 Dereferences of possibly null pointers may be protected by
2435 conditional statements or <span class="CodeText"><span style=
2436 'font-size:10.0pt'>assert</span></span>ions (to see how
2437 <span class="CodeText"><span style=
2438 'font-size:10.0pt'>assert</span></span> is declared see
2439 Section 8.1) that check the pointer is not <span class=
2440 "CodeText"><span style=
2441 'font-size:10.0pt'>NULL</span></span>.</p>
2442 <p class="TextFontCX"> </p>
2443 <p class="TextFontCX">Consider two implementations of
2444 <span class="CodeText"><span style=
2445 'font-size:10.0pt'>firstChar</span></span> in Figure 2. For
2446 <span class="CodeText"><span style=
2447 'font-size:10.0pt'>firstChar1</span></span>, Splint reports
2448 an error since the pointer that is dereferenced is declared
2449 with a <span class="Annot"><span style=
2450 'font-size:10.0pt'>null</span></span> annotation.
2451 For <span class="CodeText"><span style=
2452 'font-size:10.0pt'>firstChar2</span></span>, no error is
2453 reported since the true branch of the <span class=
2454 "CodeText"><span style='font-size:10.0pt'>s ==
2455 NULL</span></span> if statement returns, so the dereference
2456 of <span class="CodeText"><span style=
2457 'font-size:10.0pt'>s</span></span> is only reached if
2458 <span class="CodeText"><span style=
2459 'font-size:10.0pt'>s</span></span> is not <span class=
2460 "CodeText"><span style=
2461 'font-size:10.0pt'>NULL</span></span>.</p>
2463 <table class="MsoNormalTable" border="0" cellspacing="0"
2464 cellpadding="0" style=
2465 'margin-left:5.4pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'>
2467 <td valign="top" style=
2468 'width:207.0pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'>
2469 <p class="TextFontCX" align="center" style='text-align:center'>
2470 <span class="Keyword"><b><span style=
2471 'font-size:10.0pt; color:white'>null.c</span></b></span></p></td>
2472 <td valign="top" style=
2473 'width:220.5pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'>
2474 <p class="TextFontCX" align="center" style='text-align:center'>
2475 <b><span style='color:white'>Running
2476 Splint</span></b></p></td></tr>
2478 <td valign="top" style=
2479 'width:207.0pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'>
2480 <p class="Verbatim"><span style='font-size:9.0pt'> </span></p>
2481 <p class="Verbatim"><span style='font-size:9.0pt'>char firstChar1
2482 (/*@null@*/ char *s)</span></p>
2483 <p class="Verbatim"><span style='font-size:9.0pt'>{<br></span>
2484 <span class="Line"><span style=
2485 'font-size:8.0pt'>3</span></span><span style=
2486 'font-size:9.0pt'> return *s;</span></p>
2487 <p class="Verbatim"><span style='font-size:9.0pt'>}</span></p>
2488 <p class="Verbatim"><span style='font-size:9.0pt'> </span></p>
2489 <p class="Verbatim"><span style='font-size:9.0pt'>char firstChar2
2490 (/*@null@*/ char *s)</span></p>
2491 <p class="Verbatim"><span style='font-size:9.0pt'>{</span></p>
2492 <p class="Verbatim"><span style='font-size:9.0pt'> if
2493 (s == NULL) return ‘\0’;<br></span> <span class=
2495 'font-size:8.0pt'>9</span></span><span style='font-size:9.0pt'>
2496 return *s;</span></p>
2497 <p class="Verbatim"><span style='font-size:9.0pt'>}</span></p></td>
2498 <td valign="top" style=
2499 'width:220.5pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
2500 <p class="lclintrun">> splint null.c</p>
2501 <p class="lclintrun">Splint 3.0.1</p>
2502 <p class="lclintrun"> </p>
2503 <p class="lclintrun">null.c: (in function firstChar1)</p>
2504 <p class="lclintrun">null.c:3:11: Dereference of possibly null
2506 <p class="lclintrun"> null.c:1:35: Storage s may become
2508 <p class="lclintrun"> </p>
2509 <p class="lclintrun">Finished checking --- 1 code warning found</p>
2510 <p class="TextFontCX"> </p></td></tr></table>
2511 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
2512 style="border-collapse: collapse" bordercolor="#111111">
2514 <td valign="top" align="left" style=
2515 'padding-top:6.5pt;padding-right: 9.35pt;padding-bottom:6.5pt;padding-left:9.35pt'>
2516 <p class="MsoCaption"><a name="_Ref534981289"></a><a name=
2517 "_Toc534824606"></a><a name="_Ref534981293">Figure 2</a>.
2519 <p class="MsoNormal" align="left" style=
2520 'margin-top:0in;margin-right:26.55pt; margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;text-align:left; background:white'>
2521 <span style='font-size:10.0pt'>Output from running Splint is
2522 displayed in</span> <span style=
2523 'font-size:10.0pt;font-family:"Arial Narrow"'>sans-serif</span>
2524 <span style='font-size:10.0pt'>font. The command line is
2525 preceded by</span> <span style=
2526 'font-size:10.0pt;font-family:Arial'>></span><span style=
2527 'font-size: 10.0pt'>, the rest is output from Splint.
2528 Explanations added to the code or splint output are shown in
2529 <i>italics</i>. Code shown in the figures in this document is
2530 available from the splint web site,</span> <span style=
2531 'font-size:10.0pt;font-family:Arial'>http://www.splint.org</span><span style='font-size:10.0pt'>
2532 . No error is reported for line 9, since the dereference is
2533 reached only if</span> <span class="CodeText"><span style=
2534 'font-size:10.0pt'>s</span></span> <span style=
2535 'font-size:10.0pt'>is non-null. For most of the figures, the
2536 options</span> <span class="Flag"><span style=
2537 'font-size:9.0pt'>-linelen 55 -hints –showcol</span></span>
2538 <span style='font-size:10.0pt'>were used to produce condensed
2539 output, and</span> <span class="Flag"><span style=
2540 'font-size:9.0pt'>–exportlocal</span></span>
2541 <span style='font-size:10.0pt'>to inhibit warnings about
2543 declarations. </span></p></td></tr></table></center>
2544 <h3 style='margin-left:0in;text-indent:0in'><a name=
2545 "_Toc534974939"></a><a name="_Ref344185475">2.1.1<span style=
2546 'font:7.0pt "Times New Roman"'> </span>
2547 Predicate Functions</a></h3>
2548 <p class="TextFontCX">Another way to protect null dereference, is
2549 to declare a function using <span class="Annot"><span style=
2550 'font-size:10.0pt'>nullwhentrue</span></span> or <span class=
2551 "Annot"><span style=
2552 'font-size:10.0pt'>falsewhennull</span></span>(these annotations
2553 where originally <span class="Annot"><span style=
2554 'font-size:10.0pt'>falsenull</span></span> and <span class=
2555 "Annot"><span style='font-size:10.0pt'>truenull</span></span>, but
2556 were renamed to clarify the logical asymmetry; <span class=
2557 "Annot"><span style='font-size:10.0pt'>falsenull</span></span> and
2558 <span class="Annot"><span style=
2559 'font-size:10.0pt'>truenull</span></span> may still be used) and
2560 call the function in a conditional statement before the
2561 <span class="Annot"><span style=
2562 'font-size:10.0pt'>null</span></span>-annotated pointer is
2563 dereferenced. </p>
2564 <p class="TextFontCX"> </p>
2565 <p class="TextFontCX">If a function annotated with
2566 <span class="Annot"><span style=
2567 'font-size:10.0pt'>nullwhentrue</span></span> returns true it
2568 means its first passed parameter is <span class=
2569 "CodeText"><span style='font-size:10.0pt'>NULL</span></span>.
2570 If it returns false, the parameter is not <span class=
2571 "CodeText"><span style=
2572 'font-size:10.0pt'>NULL</span></span>. Note that it may
2573 return true for a parameter that is not <span class=
2574 "CodeText"><span style=
2575 'font-size:10.0pt'>NULL</span></span>. A more
2576 descriptive name for <span class="Annot"><span style=
2577 'font-size:10.0pt'>nullwhentrue</span></span> would be
2578 “if the result is false, the parameter was not
2579 null”. For example, if <span class=
2580 "CodeText"><span style=
2581 'font-size:10.0pt'>isNull</span></span> is declared as,</p>
2582 <p class="example"> /*@nullwhentrue@*/ bool isNull
2583 (/*@null@*/ char *x);</p>
2584 <p class="beforelist">we could write <span class=
2585 "CodeText"><span style=
2586 'font-size: 10.0pt'>firstChar2</span></span>:</p>
2587 <p class="Verbatim"> char firstChar2 (/*@null@*/ char
2589 <p class="Verbatim"> {</p>
2590 <p class="Verbatim" style='margin-left:.5in'>if (isNull (s)) return
2593 <p class="Verbatim"> }</p>
2594 <p class="afterlist">No error is reported since the dereference of
2595 <span class="CodeText"><span style=
2596 'font-size:10.0pt'>s</span></span> is only reached if
2597 <span class="CodeText"><span style=
2598 'font-size:10.0pt'>isNull(s)</span></span> is false, and
2599 since <span class="CodeText"><span style=
2600 'font-size:10.0pt'>isNull</span></span> is declared with the
2601 <span class="Annot"><span style=
2602 'font-size:10.0pt'>nullwhentrue</span></span> annotation this
2603 means <span class="CodeText"><span style=
2604 'font-size:10.0pt'>s</span></span> must not be null.</p>
2605 <p class="TextFontCX"> </p>
2606 <p class="TextFontCX">The <span class="Annot"><span style=
2607 'font-size:10.0pt'>falsewhennull</span></span> annotation is not
2608 quite the logical opposite of <span class=
2609 "Annot"><span style='font-size:10.0pt'>nullwhentrue</span></span>.
2610 If a function declared with <span class="Annot"><span style=
2611 'font-size:10.0pt'>falsewhennull</span></span> returns true,
2612 it means its parameter is definitely not <span class=
2613 "CodeText"><span style=
2614 'font-size:10.0pt'>NULL</span></span>. If it returns
2615 false, the parameter may or may not be <span class=
2616 "CodeText"><span style=
2617 'font-size:10.0pt'>NULL</span></span>. That is a
2618 <span class="Annot"><span style=
2619 'font-size:10.0pt'>falsewhennull</span></span> always returns
2620 false when passed a <span class="CodeText"><span style=
2621 'font-size: 10.0pt'>NULL</span></span> parameter; it may
2622 sometimes return false when passed a non-<span class=
2623 "CodeText"><span style='font-size:10.0pt'>NULL</span></span>
2625 <p class="TextFontCX"> </p>
2626 <p class="beforelist">For example, we could define
2627 <span class="CodeText"><span style=
2628 'font-size:10.0pt'>isNonEmpty</span></span> to return true if
2629 its parameter is not <span class="CodeText"><span style=
2630 'font-size:10.0pt'>NULL</span></span> and has least one
2631 character before the <span class="CodeText"><span style=
2632 'font-size:10.0pt'>NUL</span></span> terminator:</p>
2633 <p class="Verbatim"> /*@falsewhennull@*/ bool
2634 isNonEmpty (/*@null@*/ char *x)</p>
2635 <p class="Verbatim"> {</p>
2636 <p class="Verbatim"> return (x != NULL
2637 && *x != ‘\0’);</p>
2638 <p class="Verbatim"> }</p>
2639 <p class="afterlist">Splint does not check that the implementation
2640 of a function declared with <span class="Annot"><span style=
2641 'font-size:10.0pt'>nullwhentrue</span></span> or <span class=
2642 "Annot"><span style='font-size:10.0pt'>falsewhennull</span></span>
2643 is consistent with its annotation, but assumes the annotation is
2644 correct when code that calls the function is checked.</p>
2645 <h3 style='margin-left:0in;text-indent:0in'><a name=
2646 "_Toc534974940">2.1.2<span style=
2647 'font:7.0pt "Times New Roman"'> </span>
2648 Notnull Annotations</a></h3>
2649 <p class="TextFontCX">The <span class="Annot"><span style=
2650 'font-size:10.0pt'>notnull</span></span> annotation specifies that
2651 a declarator is definitely not <span class=
2652 "CodeText"><span style='font-size:10.0pt'>NULL</span></span>.
2653 By default, this is assumed, but it may be necessary to use
2654 <span class="Annot"><span style=
2655 'font-size:10.0pt'>notnull</span></span> to override a
2656 <span class="Annot"><span style=
2657 'font-size:10.0pt'>null</span></span> in a type
2658 definition. The <span class="Annot"><span style=
2659 'font-size:10.0pt'>null</span></span> annotation may be used
2660 in a type definition to indicate that all instances of the
2661 type may be <span class="CodeText"><span style=
2662 'font-size:10.0pt'>NULL</span></span>. For declarations
2663 of a type declared using <span class="Annot"><span style=
2664 'font-size:10.0pt'>null</span></span>, the <span class=
2665 "Annot"><span style='font-size:10.0pt'>null</span></span>
2666 annotation in the type definition may be overridden with
2667 <span class="Annot"><span style=
2668 'font-size:10.0pt'>notnull</span></span>. This is
2669 particularly useful for parameters to hidden <span class=
2670 "CodeText"><span style=
2671 'font-size:10.0pt'>static</span></span> operations of
2672 abstract types (see Section 4.3) where the null test has
2673 already been done before the function is called, or function
2674 results known to never be <span class="CodeText"><span style=
2675 'font-size:10.0pt'>NULL</span></span>. For an abstract
2676 type, <span class="Flag"><span style=
2677 'font-size:10.0pt'>notnull</span></span> may not be used for
2678 parameters to external functions, since clients should not be
2679 aware of when the concrete representation may by <span class=
2680 "CodeText"><span style=
2681 'font-size:10.0pt'>NULL</span></span>. Parameters to
2682 static functions in the implementation module, however, may
2683 be declared using <span class="Annot"><span style=
2684 'font-size:10.0pt'>notnull</span></span>, since they may only
2685 be called from places where the representation is
2686 accessible. Return values for <span class=
2687 "CodeText"><span style=
2688 'font-size:10.0pt'>static</span></span> or external functions
2689 may be declared using <span class="Annot"><span style=
2690 'font-size:10.0pt'>notnull</span></span>. </p>
2691 <h3 style='margin-left:0in;text-indent:0in'><a name=
2692 "_Toc534974941"></a><a name="_Ref347853058">2.1.3<span style=
2693 'font:7.0pt "Times New Roman"'> </span>
2694 Relaxing Null Checking</a></h3>
2695 <p class="TextFontCX">An additional annotation, <span class=
2696 "Annot"><span style='font-size:10.0pt'>relnull</span></span> may be
2697 used to relax null checking. No error is reported when a
2698 <span class="Annot"><span style=
2699 'font-size:10.0pt'>relnull</span></span> value is dereferenced, or
2700 when a possibly null value is assigned to an identifier declared
2701 using <span class="Annot"><span style=
2702 'font-size:10.0pt'>relnull</span></span>.</p>
2703 <p class="TextFontCX"> </p>
2704 <p class="TextFontCX">This is generally used for structure fields
2705 that may or may not be null depending on some other
2706 constraint. Splint does not report and error when
2707 <span class="CodeText"><span style=
2708 'font-size:10.0pt'>NULL</span></span> is assigned to a
2709 <span class="Annot"><span style=
2710 'font-size:10.0pt'>relnull</span></span> reference, or when a
2711 <span class="Annot"><span style=
2712 'font-size:10.0pt'>relnull</span></span> reference is
2713 dereferenced. It is up to the programmer to ensure that
2714 this constraint is satisfied before the pointer is
2716 <h1 style='margin-left:0in;text-indent:0in'><a name=
2717 "_Ref348845237"></a><a name="_Ref347254431"></a><a name=
2718 "_Ref347169350"></a><a name="_Ref344916590"></a><a name=
2719 "_Ref344907893"></a><a name="_Toc344355407"></a><a name=
2720 "_Toc534974942"></a><a name="_Ref534641444"></a><a name=
2721 "_Ref534093775"></a><a name="_Ref534093769"></a><a name=
2722 "_Ref534049950">3<span style=
2723 'font:7.0pt "Times New Roman"'> </span>
2724 <a id="undefined" name="undefined">Undefined Values</a></a></h1>
2725 <p class="TextFontCX">Like many static checkers, Splint detects
2726 instances where the value of a location is used before it is
2727 defined. This analysis is done at the procedural level.
2728 If there is a path through the procedure that uses a local variable
2729 before it is defined, a use before definition error is
2730 reported. The <span class="Flag"><span style=
2731 'font-size:10.0pt'>usedef</span></span> flag controls use before
2732 definition checking.</p>
2733 <p class="TextFontCX"> </p>
2734 <p class="TextFontCX">Splint can do more checking than standard
2735 checkers though, because the annotations can be used to describe
2736 what storage must be defined and what storage may be undefined at
2737 interface points. Unannotated references are expected to be
2738 completely defined at interface points. This means all
2739 storage reachable from a global variable, parameter to a function,
2740 or function return value is defined before and after a function
2742 <h3 style='margin-left:0in;text-indent:0in'><a name=
2743 "_Toc534974943"></a><a name="_Ref347811030"></a><a name=
2744 "_Ref347204458">3.1.1<span style=
2745 'font:7.0pt "Times New Roman"'> </span>
2746 Undefined Parameters</a></h3>
2747 <p class="TextFontCX">Sometimes, function parameters or return
2748 values are expected to reference undefined or partially defined
2749 storage. For example, a pointer parameter may be intended
2750 only as an address to store a result, or a memory allocator may
2751 return allocated but undefined storage. The
2752 <span class="Annot"><span style=
2753 'font-size:10.0pt'>out</span></span> annotation denotes
2754 a pointer to storage that may be undefined.</p>
2755 <p class="TextFontCX"> </p>
2756 <p class="TextFontCX">Splint does not report an error when a
2757 pointer to allocated but undefined storage is passed as an
2758 <span class="Annot"><span style=
2759 'font-size:10.0pt'>out</span></span> parameter. Within the
2760 body of a function, Splint will assume an <span class=
2761 "Annot"><span style='font-size:10.0pt'>out</span></span> parameter
2762 is allocated but not necessarily bound to a value, so an error is
2763 reported if its value is used before it is defined. </p>
2764 <p class="TextFontCX"> </p>
2765 <p class="TextFontCX">Splint reports an error if storage reachable
2766 by the caller after the call is not defined when the function
2767 returns. This can be suppressed by <span class=
2769 'font-size: 10.0pt'>-must-define</span></span>. After a call
2770 returns, an actual parameter corresponding to an <span class=
2771 "Annot"><span style='font-size:10.0pt'>out</span></span> parameter
2772 is assumed to be completely defined.</p>
2773 <p class="TextFontCX"> </p>
2774 <p class="TextFontCX">When checking unannotated programs, many
2775 spurious use before definition errors may be reported
2776 If <span class="Flag"><span style=
2777 'font-size:10.0pt'>impouts</span></span> is on, no error is
2778 reported when an incompletely-defined parameter is passed to a
2779 formal parameter with no definition annotation, and the actual
2780 parameter is assumed to be defined after the call. The
2781 <span class="Annot"><span style=
2782 'font-size:10.0pt'>/*@in@*/</span></span> annotation can be
2783 used to denote a parameter that must be completely defined, even if
2784 <span class="Flag"><span style=
2785 'font-size:10.0pt'>imp-outs</span></span> is on. If
2786 <span class="Flag"><span style=
2787 'font-size:10.0pt'>imp-outs</span></span> is off, there is an
2788 implicit <span class="Annot"><span style=
2789 'font-size:10.0pt'>in</span></span> annotation on every parameter
2790 with no definition annotation.</p>
2791 <p class="TextFontCX"> </p>
2792 <table class="MsoNormalTable" border="0" cellspacing="0"
2793 cellpadding="0" style='margin-left:.9pt;border-collapse:collapse'>
2795 <td width="40%" valign="top" style=
2796 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'>
2797 <p class="TextFontCX" align="center" style='text-align:center'>
2798 <span class="Keyword"><b><span style=
2799 'font-size:10.0pt; color:white'>usedef.c</span></b></span></p></td>
2800 <td valign="top" style=
2801 'border-top:1.5pt solid black; border-left:medium none;border-bottom:medium none;border-right:1.5pt solid black; background:black;padding-left:5.4pt; padding-right:5.4pt; padding-top:0in; padding-bottom:0in'>
2802 <p class="TextFontCX" align="center" style='text-align:center'>
2803 <b><span style='color:white'>Running
2804 Splint</span></b></p></td></tr>
2806 <td valign="top" style=
2807 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'>
2808 <p class="MsoNormal"><span class="Keyword"><span style=
2809 'font-size:10.0pt; color:windowtext'>extern void</span></span></p>
2810 <p class="MsoNormal"><span class="Keyword"><span style=
2811 'font-size:10.0pt; color:windowtext'> setVal (/*@out@*/ int
2812 *x);</span></span></p>
2813 <p class="MsoNormal"><span class="Keyword"><span style=
2814 'font-size:10.0pt; color:windowtext'>extern int</span></span></p>
2815 <p class="MsoNormal"><span class="Keyword"><span style=
2816 'font-size:10.0pt; color:windowtext'> getVal (/*@in@*/ int
2817 *x);</span></span></p>
2818 <p class="MsoNormal"><span class="Keyword"><span style=
2819 'font-size:10.0pt; color:windowtext'>extern int
2820 mysteryVal</span></span></p>
2821 <p class="MsoNormal"><span class="Keyword"><span style=
2822 'font-size:10.0pt; color:windowtext'> (int
2823 *x);</span></span></p>
2824 <p class="MsoNormal"><span class="Keyword"><span style=
2825 'font-size:10.0pt; color:windowtext'> </span></span></p>
2826 <p class="MsoNormal" align="left" style='text-align:left'>
2827 <span class="Keyword"><span style=
2828 'font-size:10.0pt;color:windowtext'>int dumbfunc</span></span></p>
2829 <p class="MsoNormal" align="left" style='text-align:left'>
2830 <span class="Keyword"><span style=
2831 'font-size:10.0pt;color:windowtext'> (/*@out@*/ int *x,
2832 int i)</span></span></p>
2833 <p class="MsoNormal"><span class="Keyword"><span style=
2834 'font-size:10.0pt; color:windowtext'>{</span></span></p>
2835 <p class="MsoNormal"><span class="Keyword"><span style=
2836 'font-size:10.0pt; color:windowtext'> if (i >
2837 3)</span></span></p>
2838 <p class="MsoNormal"><span class="Line"><span style=
2839 'font-size:8.0pt'>11</span></span><span class=
2840 "Keyword"><span style='font-size:10.0pt;color:windowtext'>
2841 return *x;</span></span></p>
2842 <p class="MsoNormal"><span class="Keyword"><span style=
2843 'font-size:10.0pt; color:windowtext'> else if (i >
2844 1)</span></span></p>
2845 <p class="MsoNormal"><span class="Line"><span style=
2846 'font-size:8.0pt'>13</span></span><span class=
2847 "Keyword"><span style='font-size:10.0pt;color:windowtext'>
2848 return getVal (x);</span></span></p>
2849 <p class="MsoNormal"><span class="Keyword"><span style=
2850 'font-size:10.0pt; color:windowtext'> else if (i ==
2851 0)</span></span></p>
2852 <p class="MsoNormal"><span class="Line"><span style=
2853 'font-size:8.0pt'>15</span></span><span class=
2854 "Keyword"><span style='font-size:10.0pt;color:windowtext'>
2855 return mysteryVal (x);</span></span></p>
2856 <p class="MsoNormal"><span class="Keyword"><span style=
2857 'font-size:10.0pt; color:windowtext'> else</span></span></p>
2858 <p class="MsoNormal"><span class="Keyword"><span style=
2859 'font-size:10.0pt; color:windowtext'>
2861 <p class="MsoNormal"><span class="Line"><span style=
2862 'font-size:8.0pt'>18</span></span><span class=
2863 "Keyword"><span style='font-size:10.0pt;color:windowtext'>
2864 setVal (x);</span></span></p>
2865 <p class="MsoNormal"><span class="Line"><span style=
2866 'font-size:8.0pt'>19</span></span><span class=
2867 "Keyword"><span style='font-size:10.0pt;color:windowtext'>
2868 return *x;</span></span></p>
2869 <p class="MsoNormal"><span class="Keyword"><span style=
2870 'font-size:10.0pt; color:windowtext'>
2872 <p class="Verbatim"><span class="Keyword"><span style=
2873 'color:windowtext'>}</span></span></p></td>
2874 <td valign="top" style=
2875 'border-top:medium none;border-left:medium none; border-bottom:1.5pt solid black;border-right:1.5pt solid black;padding-left:5.4pt; padding-right:5.4pt; padding-top:0in; padding-bottom:0in'>
2876 <p class="lclintrun">> splint usedef.c</p>
2877 <p class="lclintrun">usedef.c:11: Value *x used before
2879 <p class="lclintrun">usedef.c:13: Passed storage x not completely
2881 <p class="lclintrun">
2882
2883 (*x is undefined): getVal (x)</p>
2884 <p class="lclintrun">usedef.c:15: Passed storage x not completely
2886 <p class="lclintrun">
2887
2888 (*x is undefined): mysteryVal (x)</p>
2889 <p class="lclintrun"> </p>
2890 <p class="lclintrun">Finished checking --- 3 code warnings</p>
2891 <p class="TextFontCX"><i> </i></p>
2892 <p class="IndentText" style=
2893 'margin-top:0in;margin-right:.85pt;margin-bottom: 0in;margin-left:0in;margin-bottom:.0001pt;page-break-after:avoid'>
2894 <i>No error is reported for line 18, since the incompletely defined
2895 storage</i> <span class="CodeText"><span style=
2896 'font-size:10.0pt'>x</span></span> <i>is passed as an</i>
2897 <span class="CodeText"><span style=
2898 'font-size:10.0pt'>out</span></span> <i>parameter. After the
2899 call,</i> <span class="CodeText"><span style=
2900 'font-size: 10.0pt'>x</span></span> <i>may be dereferenced,
2901 since</i> <span class="Annot"><span style=
2902 'font-size:10.0pt'>setVal</span></span> <i>is assumed to completely
2903 define its</i> <span class="Annot"><span style=
2904 'font-size:10.0pt'>out</span></span> <i>parameter. The
2905 warning for line 15 would not appear if</i> <span class=
2906 "Flag"><span style='font-size:10.0pt'>+impouts</span></span>
2907 <i>were used since there is no</i> <span class=
2908 "Annot"><span style='font-size:10.0pt'>in</span></span>
2909 <i>annotation on the parameter to</i> <span class=
2911 'font-size: 10.0pt'>mysteryVal</span></span><i>.</i></p></td></tr></table>
2913 <div align="center">
2915 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
2916 style="border-collapse: collapse" bordercolor="#111111">
2918 <td valign="top" align="left" style=
2919 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
2920 <p class="MsoCaption"><a name="_Ref347764461"></a><a name=
2921 "_Ref347853047"></a><a name="_Toc534824607">Figure 3. Use
2922 before Definition</a></p></td></tr></table></center></div></div>
2925 <h3 style='margin-left:0in;text-indent:0in'><a name=
2926 "_Toc534974944">3.1.2<span style=
2927 'font:7.0pt "Times New Roman"'> </span>
2928 Relaxing Checking</a></h3>
2929 <p class="TextFontCX">The <span class="Annot"><span style=
2930 'font-size:10.0pt'>reldef</span></span> annotation relaxes
2931 definition checking for a particular declaration. Storage
2932 declared with a <span class="Annot"><span style=
2933 'font-size:10.0pt'>reldef</span></span> annotation is assumed to be
2934 defined when it is used, but no error is reported if it is not
2935 defined before it is returned or passed as a parameter.</p>
2936 <p class="TextFontCX"> </p>
2937 <p class="TextFontCX">It is up to the programmer to check
2938 <span class="Annot"><span style=
2939 'font-size:10.0pt'>reldef</span></span> fields are used
2940 correctly. They should be avoided in most cases, but
2941 may be useful for fields of structures that may or may not be
2942 defined depending on other constraints. </p>
2943 <h3 style='margin-left:0in;text-indent:0in'><a name=
2944 "_Toc534974945"></a><a name="_Ref347853043">3.1.3<span style=
2945 'font:7.0pt "Times New Roman"'> </span>
2946 Partially Defined Structures</a></h3>
2947 <p class="TextFontCX">The <span class="Annot"><span style=
2948 'font-size:10.0pt'>partial</span></span> annotation can be used to
2949 relax checking of structure fields. A structure with
2950 undefined fields may be passed as a <span class=
2951 "Annot"><span style='font-size: 10.0pt'>partial</span></span>
2952 parameter or returned as a <span class="Annot"><span style=
2953 'font-size:10.0pt'>partial</span></span> result. Inside
2954 a function body, no error is reported when the field of a
2955 <span class="Annot"><span style=
2956 'font-size:10.0pt'>partial</span></span> structure is
2957 used. After a call, all fields of a structure that is
2958 passed as a <span class="Annot"><span style=
2959 'font-size:10.0pt'>partial</span></span> parameter are
2960 assumed to be completely defined.</p>
2961 <h1 style='margin-left:0in;text-indent:0in'><a name=
2962 "_Ref534977413"></a><a name="_Toc534974946">4<span style=
2963 'font:7.0pt "Times New Roman"'> </span>
2964 <a id="types" name="types">
2966 <p class="TextFontCX">Strong type checking often reveals
2967 programming errors. Splint can check primitive C types more
2968 strictly and flexibly than typical compilers (4.1) and provides
2969 support a Boolean type (4.2). In addition, users can define
2970 abstract types that provide information hiding (0).</p>
2971 <h2 style='margin-left:0in;text-indent:0in'><a name=
2972 "_Toc534974947"></a><a name="_Ref534642132"></a><a name=
2973 "_Ref533964147"></a><a name="_Toc344355401">4.1<span style=
2974 'font:7.0pt "Times New Roman"'> </span>
2975 Built in C Types</a></h2>
2976 <p align="right"><span style='font-size:9.0pt'><i>Two types
2977 have</i> compatible <i>type if their types are the
2978 same.</i></span></p>
2979 <p class="TextFontCX" align="right" style='text-align:right'>
2980 <span style='font-size:9.0pt'><span style='font-size:9.0pt'>ANSI C,
2981 3.1.2.6.</span></span></p>
2982 <p class="Sidebar"> </p>
2986 <p class="MsoListBullet" style='margin-left:0in;text-indent:0in'>
2987 Splint supports stricter checking of built in C types. The
2988 <span class="CodeText"><span style=
2989 'font-size:10.0pt'>char</span></span> and <span class=
2990 "CodeText"><span style='font-size:10.0pt'>enum</span></span> types
2991 can be checked as distinct types, and the different numeric types
2992 can be type-checked strictly.</p>
2993 <h3 style='margin-left:0in;text-indent:0in'><a name=
2994 "_Toc534974948">4.1.1<span style=
2995 'font:7.0pt "Times New Roman"'> </span>
2997 <p class="TextFontCX">The primitive <span class=
2998 "CodeText"><span style='font-size:10.0pt'>char</span></span> type
2999 can be type-checked as a distinct type. If <span class=
3000 "CodeText"><span style='font-size:10.0pt'>char</span></span> is
3001 used as a distinct type, common errors involving assigning
3002 <span class="CodeText"><span style=
3003 'font-size:10.0pt'>int</span></span>s to <span class=
3004 "CodeText"><span style='font-size:10.0pt'>char</span></span>s are
3006 <p class="TextFontCX"> </p>
3007 <p class="TextFontCX">The <span class="Flag"><span style=
3008 'font-size:10.0pt'>+charint</span></span> flag can be used for
3009 checking legacy programs where <span class=
3010 "CodeText"><span style='font-size:10.0pt'>char</span></span>
3011 and <span class="CodeText"><span style=
3012 'font-size:10.0pt'>int</span></span> are used
3013 interchangeably. If <span class="Flag"><span style=
3014 'font-size:10.0pt'>charint</span></span> is on, <span class=
3015 "CodeText"><span style='font-size:10.0pt'>char</span></span>
3016 types indistinguishable from <span class=
3017 "CodeText"><span style=
3018 'font-size:10.0pt'>int</span></span>s. To keep
3019 <span class="CodeText"><span style=
3020 'font-size:10.0pt'>char</span></span> and <span class=
3021 "Keyword"><span style='font-size:10.0pt'>int</span></span> as
3022 distinct types, but allow chars to be used to index arrays,
3023 use <span class="Flag"><span style=
3024 'font-size:10.0pt'>+charindex</span></span>.</p>
3025 <h3 style='margin-left:0in;text-indent:0in'><a name=
3026 "_Toc534974949">4.1.2<span style=
3027 'font:7.0pt "Times New Roman"'> </span>
3028 Enumerators</a></h3>
3029 <p class="TextFontCX">Standard C treats user-declared
3030 <span class="CodeText"><span style=
3031 'font-size:10.0pt'>enum</span></span> types just like
3032 integers. An arbitrary integral value may be assigned
3033 to an <span class="CodeText"><span style=
3034 'font-size:10.0pt'>enum</span></span> type, whether or not it
3035 was listed as an enumerator member. Splint checks each
3036 user-defined <span class="CodeText"><span style=
3037 'font-size:10.0pt'>enum</span></span> type as distinct
3038 type. An error is reported if a value that is not an
3039 enumerator member is assigned to the <span class=
3040 "CodeText"><span style='font-size:10.0pt'>enum</span></span>
3041 type, or if an <span class="CodeText"><span style=
3042 'font-size:10.0pt'>enum</span></span> type is used as an
3043 operand to an arithmetic operator. If the <span class=
3044 "Flag"><span style='font-size:10.0pt'>enumint</span></span>
3045 flag is on, <span class="CodeText"><span style=
3046 'font-size:10.0pt'>enum</span></span> and <span class=
3047 "CodeText"><span style='font-size:10.0pt'>int</span></span>
3048 types may be used interchangeably. Like <span class=
3050 'font-size:10.0pt'>charindex</span></span>, if the
3051 <span class="Flag"><span style=
3052 'font-size:10.0pt'>enumindex</span></span> flag is on,
3053 <span class="CodeText"><span style=
3054 'font-size:10.0pt'>enum</span></span> types may be used to
3056 <h3 style='margin-left:0in;text-indent:0in'><a name=
3057 "_Toc534974950">4.1.3<span style=
3058 'font:7.0pt "Times New Roman"'> </span>
3059 Numeric Types</a></h3>
3060 <p class="TextFontCX">Splint reports where numeric types are
3061 used in dangerous or inconsistent ways. With the strictest
3062 checking, Splint will report an error anytime numeric types do not
3063 match exactly. If the <span class="Flag"><span style=
3064 'font-size:10.0pt'>relax-quals</span></span> flag is on, only those
3065 inconsistencies that may corrupt values are reported. For
3066 example, if an <span class="CodeText"><span style=
3067 'font-size:10.0pt'>int</span></span> is assigned to a variable of
3068 type <span class="CodeText"><span style=
3069 'font-size: 10.0pt'>long</span></span> (or passed as a
3070 <span class="CodeText"><span style=
3071 'font-size:10.0pt'>long</span></span> formal parameter),
3072 Splint will not report an error if <span class=
3074 'font-size:10.0pt'>relax-quals</span></span> is on since a
3075 <span class="CodeText"><span style=
3076 'font-size:10.0pt'>long</span></span> must have at least
3077 enough bits to store an <span class="CodeText"><span style=
3078 'font-size:10.0pt'>int</span></span> without data loss.
3079 On the other hand, an error would be reported if the
3080 <span class="CodeText"><span style=
3081 'font-size:10.0pt'>long</span></span> were assigned to an
3082 <span class="CodeText"><span style=
3083 'font-size:10.0pt'>int</span></span>, since the <span class=
3084 "CodeText"><span style='font-size:10.0pt'>int</span></span>
3085 type may not have enough bits to store the <span class=
3086 "CodeText"><span style='font-size:10.0pt'>long</span></span>
3088 <p class="TextFontCX"> </p>
3089 <p class="TextFontCX">Similarly, if a <span class=
3090 "CodeText"><span style='font-size:10.0pt'>signed</span></span>
3091 value is assigned to an <span class="CodeText"><span style=
3092 'font-size:10.0pt'>unsigned</span></span>, Splint will report an
3093 error since an <span class="CodeText"><span style=
3094 'font-size:10.0pt'>unsigned</span></span> type cannot represent all
3095 <span class="CodeText"><span style=
3096 'font-size:10.0pt'>signed</span></span> values correctly. If
3097 the <span class="Flag"><span style=
3098 'font-size:10.0pt'>+ignore-signs</span></span> flag is on, checking
3099 is relaxed to ignore all sign qualifiers in type comparisons (this
3100 is not recommended, since it will suppress reporting of real bugs,
3101 but may be necessary for quickly checking certain legacy
3103 <h3 style='margin-left:0in;text-indent:0in'><a name=
3104 "_Toc534974951">4.1.4<span style=
3105 'font:7.0pt "Times New Roman"'> </span>
3106 Arbitrary Integral Types</a></h3>
3107 <p class="TextFontCX">Some types are declared to be integral types,
3108 but the concrete type may be implementation dependent. For
3109 example, the standard library declares the types <span class=
3110 "CodeText"><span style='font-size:10.0pt'>size_t</span></span>,
3111 <span class="CodeText"><span style=
3112 'font-size:10.0pt'>ptr_diff</span></span> and <span class=
3113 "CodeText"><span style='font-size:10.0pt'>wchar_t</span></span>,
3114 but does not constrain their types other than limiting them to
3115 integral types. Programs may rely on them being integral
3116 types (e.g., can use <span class="CodeText"><span style=
3117 'font-size:10.0pt'>+</span></span> operator on two
3118 <span class="CodeText"><span style=
3119 'font-size:10.0pt'>size_t</span></span> operands), but should
3120 not rely on a particular representation (e.g., <span class=
3121 "CodeText"><span style='font-size: 10.0pt'>long
3122 unsigned</span></span>). </p>
3123 <p class="TextFontCX"> </p>
3124 <p class="TextFontCX">Splint supports three different kinds of
3125 arbitrary integral types:</p>
3126 <p class="TextFontCX"> </p>
3127 <p class="TextFontCX"><span class="Annot"><span style=
3128 'font-size:10.0pt'>/*@integraltype@*/</span></span></p>
3129 <p class="TextFontCX"><span class="Annot"><font size=
3130 "2"> </font></span> An arbitrary integral
3131 type. The actual type may be any one of <span class=
3132 "CodeText"><span style='font-size:10.0pt'>short</span></span>,
3133 <span class="CodeText"><span style=
3134 'font-size:10.0pt'>int</span></span>, <span class=
3135 "CodeText"><span style='font-size:10.0pt'>long</span></span>,
3136 <span class="CodeText"><span style='font-size:10.0pt'>unsigned
3137 short</span></span>, <span class="CodeText"><span style=
3138 'font-size:10.0pt'>unsigned</span></span>, or <span class=
3139 "CodeText"><span style='font-size:10.0pt'>unsigned
3140 long</span></span>.</p>
3141 <p class="TextFontCX"><span class="Annot"><span style=
3142 'font-size:10.0pt'>/*@unsignedintegraltype@*/</span></span></p>
3143 <p class="TextFontCX"><span class="Annot"><font size=
3144 "2"> </font></span> An arbitrary unsigned integral
3145 type. The actual type may be any one of <span class=
3146 "CodeText"><span style='font-size:10.0pt'>unsigned
3147 short</span></span>, <span class="CodeText"><span style=
3148 'font-size:10.0pt'>unsigned</span></span>, or <span class=
3149 "CodeText"><span style='font-size:10.0pt'>unsigned
3150 long</span></span>.</p>
3151 <p class="TextFontCX"><span class="Annot"><span style=
3152 'font-size:10.0pt'>/*@signedintegraltype@*/</span></span></p>
3153 <p class="TextFontCX"><span class="Annot"><font size=
3154 "2"> </font></span> An arbitrary signed integral
3155 type. The actual type may be any one of <span class=
3156 "CodeText"><span style='font-size:10.0pt'>short</span></span>,
3157 <span class="CodeText"><span style=
3158 'font-size:10.0pt'>int</span></span>, or <span class=
3159 "CodeText"><span style='font-size:10.0pt'>long</span></span>.</p>
3160 <p class="TextFontCX"> </p>
3161 <p class="TextFontCX">Splint reports an error if the code depends
3162 on the actual representation of a type declared as an arbitrary
3163 integral. The <span class="Flag"><span style=
3164 'font-size:10.0pt'>match-any-integral</span></span> flag
3165 relaxes checking and allows an arbitrary integral type is allowed
3166 to match any integral type.</p>
3167 <p class="TextFontCX"> </p>
3168 <p class="TextFontCX">Other flags set the arbitrary integral types
3169 to a concrete type. These should only be used if portability
3170 to platforms that may use different representations is not
3171 important. The <span class="Flag"><span style=
3172 'font-size:10.0pt'>long-integral</span></span> and
3173 <span class="Flag"><span style=
3174 'font-size:10.0pt'>long-unsigned-integral</span></span> flags
3175 set the type corresponding to <span class=
3176 "Annot"><span style='font-size: 10.0pt'>/*@integraltype@*/</span></span> to
3177 be <span class="CodeText"><span style=
3178 'font-size:10.0pt'>unsigned long</span></span> and
3179 <span class="CodeText"><span style=
3180 'font-size:10.0pt'>long</span></span> respectively. The
3181 <span class="Flag"><span style=
3182 'font-size:10.0pt'>long-unsigned-unsigned-integral</span></span> flag
3183 sets the type corresponding to <span class=
3184 "Annot"><span style=
3185 'font-size: 10.0pt'>/*@unsignedintegraltype@*/</span></span>
3186 to be <span class="CodeText"><span style=
3187 'font-size:10.0pt'>unsigned long</span></span>. The
3188 <span class="Flag"><span style=
3189 'font-size:10.0pt'>long-signed-integral</span></span> flag
3190 sets the type corresponding to <span class=
3191 "Annot"><span style=
3192 'font-size:10.0pt'>/*@signedintegraltype@*/</span></span> to
3193 be <span class="CodeText"><span style=
3194 'font-size:10.0pt'>long</span></span>.</p>
3195 <h2 style='margin-left:0in;text-indent:0in'><a name=
3196 "_Toc534974952"></a><a name="_Ref534642133"></a><a name=
3197 "_Ref533964143"></a><a name="_Ref344892413"></a><a name=
3198 "_Toc344355400">4.2<span style=
3199 'font:7.0pt "Times New Roman"'> </span>
3200 Boolean Types</a></h2>
3201 <p class="TextFontCX">Pre-ISO99 C had no Boolean representation
3202 – the result of a comparison operator was an integer, and no
3203 type checking is done for test expressions. C99 introduced a
3204 Boolean type (<span class="CodeText"><span style=
3205 'font-size:10.0pt'>_Bool</span></span> and <span class=
3206 "CodeText"><span style='font-size:10.0pt'>bool</span></span>,
3207 <span class="CodeText"><span style=
3208 'font-size:10.0pt'>true</span></span> and <span class=
3209 "CodeText"><span style='font-size:10.0pt'>false</span></span>
3210 macros in <span style=
3211 'font-size:10.0pt;font-family:Arial'>stdbool.h</span>), but did not
3212 strengthen the type checking. Splint supports a Boolean type
3213 that can be checked distinctly from integral types. Many
3214 common errors can be detected by introducing a distinct Boolean
3215 type and stronger type checking.</p>
3216 <p class="TextFontCX"> </p>
3217 <p class="TextFontCX">Splint checks that the test expression in an
3218 <span class="CodeText"><span style=
3219 'font-size:10.0pt'>if</span></span>, <span class=
3220 "CodeText"><span style='font-size:10.0pt'>while</span></span>, or
3221 <span class="CodeText"><span style=
3222 'font-size:10.0pt'>for</span></span> statement or an operand of a
3223 <span class="CodeText"><span style=
3224 'font-size:10.0pt'>&&</span></span>, <span class=
3225 "CodeText"><span style='font-size:10.0pt'>||</span></span> or
3226 <span class="CodeText"><span style=
3227 'font-size:10.0pt'>!</span></span>operator is a Boolean. If
3228 the type of a test expression is not a Boolean, Splint will produce
3229 a warning depending on the type of the test expression and flag
3230 settings. If the test expression has pointer type, the
3231 warning is inhibited by <span class="Flag"><span style=
3232 'font-size:10.0pt'>–predboolptr</span></span> (this can be
3233 used to prevent messages for the idiom of testing if a pointer is
3234 not null without a comparison). If it is type
3235 <span class="CodeText"><span style=
3236 'font-size:10.0pt'>int</span></span>, the warnings is
3237 inhibited by <span class="Flag"><span style=
3238 'font-size:10.0pt'>-pred-bool-int</span></span>. For
3239 all other types, Splint warns unless <span class=
3241 'font-size: 10.0pt'>-pred-bool-others</span></span> is
3242 set. Relations, comparisons and certain standard
3243 library functions are declared to return Booleans.</p>
3244 <p class="TextFontCX"> </p>
3245 <p class="TextFontCX">Since using <span class=
3246 "CodeText"><span style='font-size:10.0pt'>=</span></span> instead
3247 of <span class="CodeText"><span style=
3248 'font-size:10.0pt'>==</span></span> is such a common bug, reporting
3249 of test expressions that are assignments is controlled by the
3250 separate <span class="Flag"><span style=
3251 'font-size:10.0pt'>pred-assign</span></span> flag. The
3252 message can be suppressed by adding extra parentheses around the
3253 test expression.</p>
3254 <p class="TextFontCX"> </p>
3255 <p class="TextFontCX">Use the <span class="Flag"><span style=
3256 'font-size:10.0pt'>–booltype
3257 <name></span></span> flag to select the type name is
3258 used to represent Boolean values. There is no default Boolean
3259 type, although <span class="CodeText"><span style=
3260 'font-size: 10.0pt'>bool</span></span> is used by convention.
3261 The names <span class="CodeText"><span style=
3262 'font-size:10.0pt'>TRUE</span></span> and <span class=
3263 "CodeText"><span style='font-size:10.0pt'>FALSE</span></span> are
3264 assumed to represent true and false Boolean values. To change
3265 the names of true and false, use <span class=
3266 "Flag"><span style='font-size:10.0pt'>-booltrue</span></span>
3267 and <span class="Flag"><span style=
3268 'font-size:10.0pt'>-boolfalse</span></span>. (The
3269 Splint distribution includes an implementation of
3270 <span class="CodeText"><span style=
3271 'font-size:10.0pt'>bool</span></span>, in <span class=
3272 "CodeText"><span style=
3273 'font-size:10.0pt;color:windowtext'>lib/bool.h</span></span>.
3274 However, it isn’t necessary to use this implementation
3275 to get the benefits of Boolean checking.)</p>
3276 <p class="TextFontCX"> </p>
3277 <p class="TextFontCX">Figure 4 illustrates some of the Boolean
3278 checking done by Splint. </p>
3279 <p class="TextFontCX"> </p>
3281 <table class="MsoNormalTable" border="0" cellspacing="0"
3282 cellpadding="0" style=
3283 'margin-left:5.4pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'>
3284 <tr style='height:13.3pt'>
3285 <td valign="top" style=
3286 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt;height:13.3pt'>
3287 <p class="TextFontCX" align="center" style='text-align:center'>
3288 <span class="Keyword"><b><span style=
3289 'font-size:10.0pt; color:white'>bool.c</span></b></span></p></td>
3290 <td valign="top" style=
3291 'border-top:1.5pt solid black; border-left:medium none;border-bottom:medium none;border-right:1.5pt solid black; background:black;padding-left:5.4pt; padding-right:5.4pt; padding-top:0in; padding-bottom:0in'>
3292 <p class="TextFontCX" align="center" style='text-align:center'>
3293 <b><span style='color:white'>Running
3294 Splint</span></b></p></td></tr>
3296 <td valign="top" style=
3297 'width:2.0in;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt;height:156.15pt'>
3298 <p class="Verbatim"># include "bool.h"</p>
3299 <p class="Verbatim">int f (int i, char *s,</p>
3300 <p class="Verbatim"> bool b1, bool b2)</p>
3301 <p class="Verbatim">{</p>
3302 <p class="Verbatim"><span class="Line"><span style=
3303 'font-size:8.0pt'> 6</span></span> if (i = 3)</p>
3304 <p class="Verbatim"><span class="Line"><span style=
3305 'font-size:8.0pt'> 7</span></span> return
3307 <p class="Verbatim"><span class="Line"><span style=
3308 'font-size:8.0pt'> 8</span></span> if (!i || s)</p>
3309 <p class="Verbatim"><span class="Line"><span style=
3310 'font-size:8.0pt'> 9</span></span> return
3312 <p class="Verbatim"><span class="Line"><span style=
3313 'font-size:8.0pt'>10</span></span> if (s)</p>
3314 <p class="Verbatim"><span class="Line"><span style=
3315 'font-size:8.0pt'>11</span></span> return 7;</p>
3316 <p class="Verbatim"><span class="Line"><span style=
3317 'font-size:8.0pt'>12</span></span> if (b1 == b2)</p>
3318 <p class="Verbatim"><span class="Line"><span style=
3319 'font-size:8.0pt'>13</span></span> return 3;</p>
3320 <p class="Verbatim"><span class="Line"><span style=
3321 'font-size:8.0pt'>14</span></span> return 2;</p>
3322 <p class="Verbatim">}</p></td>
3323 <td valign="top" style=
3324 'border-top:medium none;border-left: medium none;border-bottom:1.5pt solid black;border-right:1.5pt solid black; padding-left:5.4pt; padding-right:5.4pt; padding-top:0in; padding-bottom:0in'>
3325 <p class="lclintrun">> splint bool.c +predboolptr
3326 –booltype bool</p>
3327 <p class="lclintrun"> </p>
3328 <p class="lclintrun">bool.c:6: Test expression for if is assignment
3329 expression: i = 3</p>
3330 <p class="lclintrun">bool.c:6: Test expression for if not bool,
3332 <p class="lclintrun">bool.c:7: Return value type bool does not
3333 match declared type int: b1</p>
3334 <p class="lclintrun">bool.c:8: Operand of ! is non-boolean (int):
3336 <p class="lclintrun">bool.c:8: Right operand of || is non-boolean
3337 (char *): !i || s</p>
3338 <p class="lclintrun">bool.c:10: Test expression for if not bool,
3340 <p class="lclintrun">bool.c:12: Use of == with bool variables
3341 (risks inconsistency because</p>
3342 <p class="lclintrun">
3343
3344 of multiple true values): b1 == b2</p>
3345 <p class="lclintrun"> </p>
3346 <p class="lclintrun" style='page-break-after:avoid'>Finished
3347 checking --- 7 code warnings found</p></td></tr></table>
3348 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
3350 <td valign="top" align="left" style=
3351 'padding-top:.1in;padding-right: 9.35pt;padding-bottom:.1in;padding-left:9.35pt'>
3352 <p class="MsoCaption"><a name="_Ref533964137"></a><a name=
3353 "_Toc534824608"></a><a name="_Ref534821769">Figure 4</a>.
3354 Boolean Checking</p></td></tr></table></center>
3355 <h2 style='margin-left:0in;text-indent:0in'><a name=
3356 "_Toc534974953"></a><a name="_Ref534970776">4.3<span style=
3357 'font:7.0pt "Times New Roman"'> </span>
3358 Abstract Types</a></h2>
3359 <p class="TextFontCX">Information hiding is a technique for
3360 handling complexity. By hiding implementation details,
3361 programs can be understood and developed in distinct modules and
3362 the effects of a change can be localized. One technique for
3363 information hiding is data abstraction. An
3364 abstract type is used to represent some natural program
3365 abstraction. It provides functions for manipulating instances
3366 of the type. The module that implements these functions is
3367 called the <i>implementation</i> module. We call the
3368 functions that are part of the implementation of an abstract type
3369 the <i>operations</i> of the type. Other modules that use the
3370 abstract type are called <i>clients</i>.</p>
3371 <p class="TextFontCX"> </p>
3372 <p class="TextFontCX">Clients may use the type name and operations,
3373 but should not manipulate or rely on the actual representation of
3374 the type. Only the implementation module may manipulate the
3375 representation of an abstract type. This hides information,
3376 since implementers and maintainers of client modules should not
3377 need to know anything about how the abstract type is implemented.
3378 It provides modularity, since the representation of an abstract
3379 type can be changed without having to change any client code.</p>
3380 <p class="TextFontCX"> </p>
3381 <p class="TextFontCX">Splint supports abstract types by detecting
3382 places where client code depends on the concrete representation of
3383 an abstract type. Some examples of abstraction violations
3384 detected by Splint are shown in Figure 5.</p>
3385 <p class="beforelist"> </p>
3386 <p class="beforelist">To declare an abstract type, the
3387 <span class="Annot"><span style=
3388 'font-size:10.0pt'>abstract</span></span> annotation is
3389 added to a <span class="CodeText"><span style=
3390 'font-size:10.0pt'>typedef</span></span>. For example
3391 (in <span class="Keyword"><span style=
3392 'font-size:10.0pt;font-family: Arial;color:windowtext'>mstring.h</span></span>),</p>
3393 <p class="example">typedef /*@abstract@*/ char *mstring;</p>
3394 <p class="TextFontCX">declares <span class=
3395 "CodeText"><span style='font-size:10.0pt'>mstring</span></span>
3396 as an abstract type. It is implemented using a
3397 <span class="CodeText"><span style='font-size:10.0pt'>char
3398 *</span></span>, but clients of the type should not depend on
3399 or need to be aware of this. If it later becomes
3400 apparent that a better representation such as a string table
3401 should be used, we should be able to change the
3402 implementation of <span class="CodeText"><span style=
3403 'font-size: 10.0pt'>mstring</span></span> without having to
3404 change or inspect any client code.</p>
3405 <p class="TextFontCX"> </p>
3406 <p class="TextFontCX">In a client module, abstract types are
3407 checked by name, not structure. Splint reports an error if an
3408 instance of <span class="CodeText"><span style=
3409 'font-size:10.0pt'>mstring</span></span> is passed as a
3410 <span class="CodeText"><span style='font-size:10.0pt'>char
3411 *</span></span> (for instance, as an argument to <span class=
3412 "CodeText"><span style=
3413 'font-size: 10.0pt'>strlen</span></span>), since the
3414 correctness of this call depends on the representation of the
3415 abstract type. Splint also reports errors if any C
3416 operator except assignment (<span class=
3417 "CodeText"><span style='font-size:10.0pt'>=</span></span>) or
3418 <span class="CodeText"><span style=
3419 'font-size:10.0pt'>sizeof</span></span> is used on an
3420 abstract type. The assignment operator is allowed since
3421 its semantics do not depend on the representation of the type
3422 (for abstract types whose instances can change value, a
3423 client does need to know if assignment has copy or sharing
3424 semantics as discussed in Section 4.3.2). The use of
3425 <span class="CodeText"><span style=
3426 'font-size:10.0pt'>sizeof</span></span> is also
3427 permitted, since this is the only way for clients to allocate
3428 pointers to the abstract type. Type casting objects to
3429 or from abstract types in a client module is an abstraction
3430 violation and will generate a warning message.</p>
3431 <p class="TextFontCX"> </p>
3432 <p class="TextFontCX">Normally, Splint will assume a type
3433 definition is not abstract unless the <span class=
3434 "Annot"><span style='font-size:10.0pt'>/*@abstract@*/</span></span>
3435 qualifier is used. If instead you want all user-defined types
3436 to be abstract types unless they are marked as <span class=
3437 "Annot"><span style='font-size:10.0pt'>concrete</span></span>, the
3438 <span class="Flag"><span style=
3439 'font-size:10.0pt'>+imp-abstract</span></span> flag can be
3440 used. This adds an implicit <span class=
3441 "Annot"><span style='font-size:10.0pt'>abstract</span></span>
3442 annotation to any <span class="CodeText"><span style=
3443 'font-size:10.0pt'>typedef</span></span> that is not marked
3444 with <span class="Annot"><span style=
3445 'font-size:10.0pt'>/*@concrete@*/</span></span>.</p>
3446 <p class="TextFontCX"> </p>
3448 <table class="MsoNormalTable" border="0" cellspacing="0"
3449 cellpadding="0" style=
3450 'width:418.5pt;margin-left:.9pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'>
3451 <tr style='height:13.45pt'>
3452 <td valign="top" style=
3453 'width:211.5pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt;height:13.45pt'>
3454 <p class="TextFontCX" align="center" style='text-align:center'>
3455 <span class="Keyword"><b><span style=
3456 'font-size:10.0pt; color:white'>palindrome.c</span></b></span></p></td>
3457 <td valign="top" style=
3458 'width:207.0pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt;height:13.45pt'>
3459 <p class="TextFontCX" align="center" style='text-align:center'>
3460 <b><span style='color:white'>Running
3461 Splint</span></b></p></td></tr>
3462 <tr style='height:196.2pt'>
3463 <td valign="top" style=
3464 'width:211.5pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt;height:196.2pt'>
3465 <p class="Verbatim"><span style='font-size:9.0pt'># include
3467 <p class="Verbatim"><span style='font-size:9.0pt'># include
3468 "mstring.h"</span></p>
3469 <p class="Verbatim"><span style='font-size:9.0pt'> </span></p>
3470 <p class="Verbatim"><span style='font-size:9.0pt'>bool isPalindrome
3471 (mstring s)</span></p>
3472 <p class="Verbatim"><span style='font-size:9.0pt'>{</span></p>
3473 <p class="Verbatim"><span class="Line"><span style=
3474 'font-size:8.0pt'> 6</span></span> <span style=
3475 'font-size:9.0pt'>char *current = (char *) s;</span></p>
3476 <p class="Verbatim"><span class="Line"><span style=
3477 'font-size:8.0pt'> 7</span></span> <span style=
3478 'font-size:9.0pt'>int i, len = (int) strlen (s);</span></p>
3479 <p class="Verbatim"><span style='font-size:9.0pt'> </span></p>
3480 <p class="Verbatim"><span style='font-size:9.0pt'> for (i =
3481 0; i <= (len+1) / 2; i++)</span></p>
3482 <p class="Verbatim"><span style=
3483 'font-size:9.0pt'> {</span></p>
3484 <p class="Verbatim"><span class="Line"><span style=
3485 'font-size:8.0pt'>11</span></span><span style=
3486 'font-size:9.0pt'> if (current[i] !=
3487 s[len-i-1])</span></p>
3488 <p class="Verbatim"><span style=
3489 'font-size:9.0pt'> return
3491 <p class="Verbatim"><span style=
3492 'font-size:9.0pt'> }</span></p>
3493 <p class="Verbatim"><span style='font-size:9.0pt'> return
3495 <p class="Verbatim"><span style='font-size:9.0pt'>}</span></p>
3496 <p class="Verbatim"><span style='font-size:9.0pt'> </span></p>
3497 <p class="Verbatim"><span style='font-size:9.0pt'>bool callPal
3499 <p class="Verbatim"><span style='font-size:9.0pt'>{</span></p>
3500 <p class="Verbatim"><span class="Line"><span style=
3501 'font-size:8.0pt'>19</span></span><i><span style=
3502 'font-size:9.0pt;font-family:Arial'> </span></i>
3503 <span style='font-size:9.0pt'>return (isPalindrome
3504 ("bob"));</span></p>
3505 <p class="Verbatim"><span style='font-size:9.0pt'>}</span></p></td>
3506 <td valign="top" style=
3507 'width:207.0pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt;height:196.2pt'>
3508 <p class="lclintrun">> splint palindrome.c</p>
3509 <p class="lclintrun"> </p>
3510 <p class="lclintrun">palindrome.c:6: Cast from underlying</p>
3511 <p class="lclintrun"> abstract type mstring:
3513 <p class="lclintrun">palindrome.c:7: Function strlen expects
3515 <p class="lclintrun"> 1 to be char * gets
3517 <p class="lclintrun">palindrome.c:11: Array fetch from
3519 <p class="lclintrun"> (mstring): s[len - i -
3521 <p class="lclintrun">palindrome.c:19: Function isPalindrome</p>
3522 <p class="lclintrun"> expects arg 1 to be mstring
3524 <p class="lclintrun"> "bob"</p>
3525 <p class="TextFontCX"> </p>
3526 <p class="lclintrun">Finished checking --- 4 code warnings</p>
3527 <p class="TextFontCX"><span style=
3528 'font-size: 9.0pt;font-family:Times'> </span></p></td></tr></table>
3529 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
3531 <td valign="top" style=
3532 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
3533 <p class="MsoCaption"><a name="_Toc534824609"></a><a name=
3534 "_Toc347255385"></a><a name="_Ref344908730"></a><a name=
3535 "_Ref344908735">Figure 5</a>. Information Hiding
3536 Violations</p></td></tr></table></center>
3537 <p align="right"><i><span style=
3538 'font-size:9.0pt'> Traditionally, programming books wax
3539 mathematical when they arrive at the topic of abstract data
3541 Such books make it seem as if you’d never actually use an
3542 abstract data type except as a sleep aid.</span></i></p>
3544 <p class="TextFontCX" align="right" style='text-align:right'>
3546 'font-size:9.0pt'> </span></i>
3547 <span style='font-size:9.0pt'> Steve
3548 McConnell</span></p>
3549 <p class="TextFontCX"><i> </i></p>
3550 <h3 style='margin-left:0in;text-indent:0in'><a name=
3551 "_Toc534974954"></a><a name="_Ref344892422"></a><a name=
3552 "_Ref344870884"></a><a name="_Toc344355398">4.3.1<span style=
3553 'font:7.0pt "Times New Roman"'> </span>
3554 Controlling Access</a></h3>
3555 <p class="TextFontCX">Where code may manipulate the representation
3556 of an abstract type, we say the code has <i>access</i> to that
3557 type. If code has access to an abstract type, the
3558 representation of the type and the abstract type are
3559 indistinguishable. Usually, a single program module that is
3560 the only code that has access to the type representation implements
3561 an abstract type. Sometimes, more complicated access control
3562 is desired if the implementation of an abstract type is split
3563 across program files, or particular client code needs to access the
3565 <p class="TextFontCX"> </p>
3566 <p class="beforelist">There are a several ways of selecting what
3567 code has access the representation of an abstract type:</p>
3568 <p class="TextFontCX" style=
3569 'margin-left:12.95pt; text-indent:-12.95pt'><span style=
3570 'font-family:Symbol'>·<span style=
3571 'font:7.0pt "Times New Roman"'> </span></span>
3572 Modules. An abstract type defined in <i><span style=
3573 'font-size: 10.0pt;font-family:Arial'>M</span></i><span class="Keyword">
3575 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>
3576 is accessible in <i><span style=
3577 'font-size:10.0pt;font-family:Arial'>M</span></i><span class=
3578 "Keyword"><span style=
3579 'font-size:10.0pt;font-family:Arial;color:windowtext'>.c</span></span>.
3580 Controlled by the <span class="Flag"><span style=
3581 'font-size:10.0pt'>accessmodule</span></span> flag. This
3582 means when <span class="Flag"><span style=
3583 'font-size:10.0pt'>accessmodule</span></span> is on, as it is by
3584 default, the module access rule is in effect. If
3585 <span class="Flag"><span style=
3586 'font-size:10.0pt'>accessmodule</span></span> is off (when
3587 <span class="Flag"><span style=
3588 'font-size:10.0pt'>-access-module</span></span> is used), the
3589 module access rule is not in effect and an abstract type
3590 defined in <i><span style=
3591 'font-size:10.0pt;font-family:Arial'>M</span></i><span class=
3592 "Keyword"><span style=
3593 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>
3594 is not necessarily accessible in <i><span style=
3595 'font-size:10.0pt;font-family: Arial'>M</span></i><span class="Keyword">
3597 'font-size:10.0pt; font-family:Arial;color:windowtext'>.c</span></span>.</p>
3598 <p class="TextFontCX" style=
3599 'margin-left:12.95pt; text-indent:-12.95pt'><span style=
3600 'font-family:Symbol'>·<span style=
3601 'font:7.0pt "Times New Roman"'> </span></span>
3602 File names. An abstract type named <span class=
3603 "CodeText"><i><span style='font-size:10.0pt'>type</span></i></span>
3604 is accessible in files named <span class=
3605 "CodeText"><i><span style='font-size:10.0pt'>type.<extension></span></i></span>.
3606 For example, the representation of <span class=
3607 "CodeText"><span style=
3608 'font-size: 10.0pt'>mstring</span></span> is accessible in
3609 <span class="CodeText"><span style=
3610 'font-size:10.0pt'>mstring.h</span></span> and <span class=
3611 "CodeText"><span style=
3612 'font-size:10.0pt'>mstring.c</span></span>. Controlled
3613 by the <span class="Flag"><span style=
3614 'font-size:10.0pt'>access-file</span></span> flag.</p>
3615 <p class="MsoListBullet"><span style=
3616 'font-family:Symbol'>·<span style=
3617 'font:7.0pt "Times New Roman"'> </span></span>
3618 Function names. An abstract type named <span class=
3619 "CodeText"><i><span style=
3620 'font-size: 10.0pt'>type</span></i></span> may be accessible in a
3621 function named <span class="CodeText"><i><span style=
3622 'font-size:10.0pt'>type_name</span></i></span> or
3623 <span class="CodeText"><i><span style=
3624 'font-size:10.0pt'>typeName</span></i></span>. For
3625 example, <span class="CodeText"><span style=
3626 'font-size:10.0pt'>mstring_length</span></span> and
3627 <span class="CodeText"><span style=
3628 'font-size:10.0pt'>mstringLength</span></span> would have
3629 access to the <span class="CodeText"><span style=
3630 'font-size:10.0pt'>mstring</span></span> abstract type.
3631 Controlled by <span class="Flag"><span style=
3632 'font-size:10.0pt'>accessfunction</span></span> and the
3633 naming convention (see Section 12).</p>
3634 <p class="TextFontCX" style=
3635 'margin-left:12.95pt; text-indent:-12.95pt'><span style=
3636 'font-family:Symbol'>·<span style=
3637 'font:7.0pt "Times New Roman"'> </span></span>
3638 Access control comments. The syntax <span class=
3639 "Annot"><span style='font-size:10.0pt'>/*@access
3640 <i>type</i>,<sup>+</sup>@*/</span></span><a href="#_ftn2"
3641 name="_ftnref2" title=""><span class=
3642 "MsoFootnoteReference"><span class=
3643 "MsoFootnoteReference"><span style=
3644 'font-size:11.0pt;font-family:"Times New Roman"'>[2]</span></span></span></a>
3645 allows the following code to access the representation of
3646 <span class="CodeText"><i><span style=
3647 'font-size:10.0pt'>type</span></i></span>. Similarly,
3648 <span class="Annot"><span style=
3649 'font-size:10.0pt'>/*@noaccess</span></span> <span class=
3650 "Annot"><span style=
3651 'font-size:10.0pt'><i>type</i>,<sup>+</sup>@*/</span></span>
3652 restricts access to the representation of <span class=
3653 "CodeText"><i><span style=
3654 'font-size: 10.0pt'>type</span></i></span>. The type in
3655 a <span class="Annot"><span style=
3656 'font-size:10.0pt'>noaccess</span></span> comment must have
3657 been declared as an abstract type.</p>
3658 <h3 style='margin-left:0in;text-indent:0in'><a name=
3659 "_Toc534974955"></a><a name="_Toc344355399"></a><a name=
3660 "_Ref343240525"></a><a name="_Ref343240518">4.3.2<span style=
3661 'font:7.0pt "Times New Roman"'> </span>
3663 <p class="TextFontCX">We can view types as being <i>mutable</i> or
3664 <i>immutable</i>. A type is mutable if passing it as a
3665 parameter to a function call can change the value of an instance of
3666 the type. For example, the primitive type <span class=
3667 "CodeText"><span style='font-size:10.0pt'>int</span></span> is
3668 immutable. If <span class="CodeText"><span style=
3669 'font-size:10.0pt'>i</span></span> is a local variable of type
3670 <span class="CodeText"><span style=
3671 'font-size:10.0pt'>int</span></span> and no variables point to the
3672 location where <span class="CodeText"><span style=
3673 'font-size:10.0pt'>i</span></span> is stored, the value of
3674 <span class="CodeText"><span style=
3675 'font-size:10.0pt'>i</span></span> must be the same before and
3676 after the call <span class="CodeText"><span style=
3677 'font-size:10.0pt'>f (i)</span></span>. Structure and union
3678 types are also immutable, since they are copied when they are
3679 passed as arguments. On the other hand, pointer types are
3680 mutable. If <span class="CodeText"><span style=
3681 'font-size:10.0pt'>x</span></span> is a local variable of type
3682 <span class="CodeText"><span style='font-size:10.0pt'>int
3683 *</span></span>, the value of <span class=
3684 "CodeText"><span style='font-size:10.0pt'>*x</span></span>
3685 (and hence, the value of the object <span class=
3686 "CodeText"><span style='font-size:10.0pt'>x</span></span>)
3687 can be changed by the function call <span class=
3688 "CodeText"><span style=
3689 'font-size:10.0pt'>g(x)</span></span>. </p>
3690 <p class="TextFontCX"> </p>
3691 <p class="TextFontCX">The mutability of a concrete type is
3692 determined by its type definition. For abstract types, mutability
3693 does not depend on the type representation but on what operations
3694 the type provides. If an abstract type has operations that may
3695 change the value of instances of the type, the type is
3696 mutable. If not, it is immutable. The value of an
3697 instance of an immutable type never changes. Since object
3698 sharing is noticeable only for mutable types, they are checked
3699 differently from immutable types.</p>
3700 <p class="TextFontCX"> </p>
3701 <p class="beforelist">The <span class="Annot"><span style=
3702 'font-size:10.0pt'>/*@mutable@*/</span></span> and
3703 <span class="Annot"><span style=
3704 'font-size:10.0pt'>/*@immutable@*/</span></span> annotations
3705 are used to declare an abstract type as mutable or
3706 immutable. (If neither is used, the abstract type is
3707 assumed to be mutable.) For example,</p>
3708 <p class="Verbatim"> typedef /*@abstract@*/
3709 /*@mutable@*/ char *mstring;</p>
3710 <p class="Verbatim"> typedef /*@abstract@*/
3711 /*@immutable@*/ int weekDay;</p>
3712 <p class="afterlist">declares <span class=
3713 "CodeText"><span style='font-size:10.0pt'>mstring</span></span>
3714 as a mutable abstract type and <span class=
3715 "CodeText"><span style=
3716 'font-size: 10.0pt'>weekDay</span></span> as an immutable
3718 <p class="TextFontCX"> </p>
3719 <p class="TextFontCX">Clients of a mutable abstract type need to
3720 know the semantics of assignment. After the assignment
3721 expression <span class="CodeText"><span style='font-size:10.0pt'>s
3722 = t</span></span>, do <span class="CodeText"><span style=
3723 'font-size:10.0pt'>s</span></span> and <span class=
3724 "CodeText"><span style='font-size:10.0pt'>t</span></span> refer to
3725 the same object (that is, will changes to the value of
3726 <span class="CodeText"><span style=
3727 'font-size:10.0pt'>s</span></span> also change the value of
3728 <span class="CodeText"><span style=
3729 'font-size:10.0pt'>t</span></span>).</p>
3730 <p class="TextFontCX"> </p>
3731 <p class="TextFontCX">Splint prescribes that all abstract types
3732 have sharing semantics, so <span class=
3733 "CodeText"><span style='font-size:10.0pt'>s</span></span> and
3734 <span class="CodeText"><span style=
3735 'font-size:10.0pt'>t</span></span> would indeed be the same
3736 object. Splint will produce a warning if a mutable type
3737 is implemented with a representation (e.g., a <span class=
3738 "CodeText"><span style=
3739 'font-size:10.0pt'>struct</span></span>) that does not
3740 provide sharing semantics (controlled by <span class=
3742 'font-size:10.0pt'>mutrep</span></span> flag). </p>
3743 <p class="TextFontCX"> </p>
3744 <p class="TextFontCX">The mutability of an abstract type is not
3745 necessarily the same as the mutability of its representation. We
3746 could use the immutable concrete type <span class=
3747 "CodeText"><span style='font-size:10.0pt'>int</span></span> to
3748 represent mutable strings using an index into a string table, or
3749 declare <span class="CodeText"><span style=
3750 'font-size:10.0pt'>mstring</span></span> as immutable as long as no
3751 operations are provided that modify the value of an
3752 <span class="CodeText"><span style=
3753 'font-size:10.0pt'>mstring</span></span>.</p>
3756 <h2 style='margin-left:0in;text-indent:0in'><a name=
3757 "_Toc534974956"></a><a name="_Toc344355422"></a><a name=
3758 "_Ref343109614">4.3.3<span style=
3759 'font:7.0pt "Times New Roman"'> </span>
3760 Semi-Abstract Types</a></h2>
3761 <p class="TextFontCX">
3762 Sometimes it is useful to have a type that is abstract in some ways, but can be used with the standard numerical operators. Splint supports numabstract types for this purpose. The <span class="CodeText"><span style='font-size:10.0pt'>/*@numabstract@*/</span></span> annotation denotes a numabstract type. Splint will report warnings when numabstract types are used inconsistently, but allow binary numeric operators to operate on two values of the same numabstract type.
3764 Several flags control the strictness of type checking for numabstract types:
3765 <span class="flag"><span style=
3766 'font-size:10.0pt'>numabstract, numabstractcast, numabstractlit, numabstractindex,
3769 <span class="flag"><span style=
3770 'font-size:10.0pt'> numabstractprint
3775 <h2 style='margin-left:0in;text-indent:0in'><a name=
3776 "_Toc534974956"></a><a name="_Toc344355422"></a><a name=
3777 "_Ref343109614">4.4<span style=
3778 'font:7.0pt "Times New Roman"'> </span>
3779 Polymorphism</a></h2>
3780 <p class="TextFontCX">In C, all declarators must be declared to
3781 have exactly one type. This makes it impossible to write
3782 functions that operate on more than one type of parameter –
3783 for example, we cannot use the same square function for
3784 <span class="CodeText"><span style=
3785 'font-size:10.0pt'>int</span></span>s and <span class=
3786 "CodeText"><span style=
3787 'font-size:10.0pt'>float</span></span>s. Because of the
3788 stricter type checking made possible by Splint, it is often
3789 useful to declare a parameter that has more than one possible
3791 <p class="TextFontCX"> </p>
3792 <p class="TextFontCX">Splint provides alternate types to indicate
3793 that a declaration may be one of several possible types. The
3794 <span class="Annot"><span style='font-size:10.0pt'>/*@alt
3795 <i>type</i>,<sup>+</sup>@*/</span></span> annotation creates a
3796 union type. For example, <span class=
3797 "CodeText"><span style='font-size:10.0pt'>int</span></span>
3798 <a href="mailto:/*@alt"><span class="Annot"><span style=
3799 'font-size:10.0pt'>/*@alt</span></span></a><span class=
3800 "Annot"><span style='font-size:10.0pt'>char,
3801 unsigned</span></span> <a href="mailto:char@*/"><span class=
3802 "Annot"><span style=
3803 'font-size:10.0pt'>char@*/</span></span></a><span class=
3804 "CodeText"><span style='font-size:10.0pt'>c</span></span>
3805 declares <span class="CodeText"><span style=
3806 'font-size:10.0pt'>c</span></span> such that either an
3807 <span class="CodeText"><span style=
3808 'font-size:10.0pt'>int</span></span>, <span class=
3809 "CodeText"><span style='font-size:10.0pt'>char</span></span>
3810 or <span class="CodeText"><span style=
3811 'font-size:10.0pt'>unsigned char</span></span> value may be
3812 assigned to it without warning.</p>
3813 <p class="TextFontCX"> </p>
3814 <p class="TextFontCX">One use of alternate types is to specify the
3815 type of a macro that operates on multiple types of operands (see
3816 Section 11.2.1). Alternate types are also useful for
3817 declaring functions for which the return value may be safely
3818 ignored (see Section 8.4.2). A function can be declared to
3819 return <span class="CodeText"><i><span style=
3820 'font-size:10.0pt'>t</span></i></span> <a href=
3821 "mailto:/*@alt"><span class="Annot"><span style=
3822 'font-size:10.0pt'>/*@alt</span></span></a><a href=
3823 "mailto:void@*/"><span class="Annot"><span style=
3824 'font-size:10.0pt'>void@*/</span></span></a> to indicate that it
3825 returns a value of type <span class=
3826 "CodeText"><i><span style='font-size:10.0pt'>t</span></i></span>,
3827 but there should be not warning if that value is ignored.</p>
3828 <h1 style='margin-left:0in;text-indent:0in'><a name=
3829 "_Toc534974957"></a><a name="_Ref534008388">5<span style=
3830 'font:7.0pt "Times New Roman"'> </span>
3831 <a id="memory" name="memory">
3832 Memory Management</a>
3834 <p class="TextFontCX">About half the bugs in typical C programs can
3835 be attributed to memory management problems. Memory
3836 management bugs are notoriously difficult to detect through
3837 traditional techniques. Often, the symptom of the bug is far
3838 removed from its actual source. Memory management bugs often
3839 only appear sporadically and some bugs may only be apparent when
3840 compiler optimizations are turned on or the code is compiled on a
3841 different platform. Run-time tools offer some help, but are
3842 cumbersome to use and limited to detecting errors that occur when
3843 test cases are run. By detecting these errors statically, we
3844 can be confident that certain types of errors will never occur and
3845 provide verified documentation on the memory management behavior of
3846 a program. </p>
3847 <p class="TextFontCX"> </p>
3848 <p class="beforelist">Splint can detect many memory management
3849 errors at compile time including using storage that may have been
3850 deallocated (Section 5.2), memory leaks (Section 5.2), or
3851 returning a pointer to stack-allocated storage (Section
3853 <p align="right"><i><span style='font-size:9.0pt'>Yea, from the
3854 table of my memory I'll wipe away all trivial fond records, all
3856 all forms, all pressures past, that youth and observation copied
3857 there.</span></i><br>
3858 <span style='font-size:9.0pt'>Hamlet prefers
3859 garbage collection (Shakespeare, Hamlet. Act I, Scene
3861 <p class="afterlist">Most of these checks depend on annotations
3862 added to programs to document assumptions related to memory
3863 management and pointer values. By documenting these
3864 assumptions for function interfaces, variables, type definitions
3865 and structure fields, memory management bugs can be detected at
3866 their source — where an assumption is violated. In
3867 addition, precise documentation about memory management decisions
3868 makes it easier to change code.</p>
3869 <h2 style='margin-left:0in;text-indent:0in'><a name=
3870 "_Toc534974958"></a><a name="_Toc344355408">5.1<span style=
3871 'font:7.0pt "Times New Roman"'> </span>
3872 Storage Model</a></h2>
3873 <p class="TextFontCX">This section describes execution-time
3874 concepts for describing the state of storage more precisely than
3875 can be done using standard C terminology. Certain uses of
3876 storage are likely to indicate program bugs, and are reported as
3877 anomalies.<a href="#_ftn3" name="_ftnref3" title=
3878 ""><span class="MsoFootnoteReference"><b><span class=
3879 "MsoFootnoteReference"><b><span style=
3880 'font-size:11.0pt;font-family:"Times New Roman"'>[3]</span></b></span></b></span></a></p>
3881 <p class="TextFontCX"> </p>
3882 <p class="TextFontCX">Splint assumes a CLU-like object storage
3883 model.<a href="#_ftn4" name="_ftnref4" title=""><span class=
3884 "MsoFootnoteReference"><span class=
3885 "MsoFootnoteReference"><span style=
3886 'font-size:11.0pt;font-family:"Times New Roman"'>[4]</span></span></span></a>
3887 An <i>object</i> is a typed region of storage. Some objects
3888 use a fixed amount of storage that is allocated and deallocated
3889 automatically by the compiler. Other objects use dynamic
3890 storage that must be managed by the program.</p>
3891 <p class="TextFontCX"> </p>
3892 <p class="TextFontCX">Storage is <i>undefined</i> if it has not
3893 been assigned a value, and <i>defined</i> after it has been
3894 assigned a value. An object is <i>completely defined</i> if
3895 all storage that may be reached from it is defined. What
3896 storage is reachable from an object depends on the type and value
3897 of the object. For example, if <span class=
3898 "CodeText"><span style='font-size:10.0pt'>p</span></span> is a
3899 pointer to a structure, <span class="CodeText"><span style=
3900 'font-size:10.0pt'>p</span></span> is completely defined if the
3901 value of <span class="CodeText"><span style=
3902 'font-size:10.0pt'>p</span></span> is <span class=
3903 "CodeText"><span style='font-size:10.0pt'>NULL</span></span>, or if
3904 every field of the structure <span class=
3905 "CodeText"><span style='font-size:10.0pt'>p</span></span>
3906 points to is completely defined.</p>
3907 <p class="TextFontCX"> </p>
3908 <p class="TextFontCX">When an expression is used as the left side
3909 of an assignment expression we say it is <i>used as an
3910 lvalue</i>. Its location in memory is used, but not its
3911 value. Undefined storage may be used as an lvalue since only
3912 its location is needed. When storage is used in any other
3913 way, such as on the right side of an assignment, as an operand to a
3914 primitive operator (including the indirection operator,
3915 <span class="CodeText"><span style=
3916 'font-size:10.0pt'>*</span></span>),<a href="#_ftn5" name=
3917 "_ftnref5" title=""><span class=
3918 "MsoFootnoteReference"><span class=
3919 "MsoFootnoteReference"><span style=
3920 'font-size:11.0pt;font-family:"Times New Roman"'>[5]</span></span></span></a>
3921 or as a function parameter, we say it is <i>used as an
3922 rvalue</i>. It is an anomaly to use undefined storage
3924 <p class="TextFontCX"> </p>
3925 <p class="TextFontCX">A <i>pointer</i> is a typed memory
3926 address. A pointer is either <i>live</i> or
3927 <i>dead</i>. A live pointer is either <span class=
3928 "CodeText"><span style='font-size:10.0pt'>NULL</span></span> or an
3929 address within allocated storage. A pointer that points to an
3930 object is an <i>object</i> pointer. A pointer that points
3931 inside an object (e.g., to the third element of an allocated block)
3932 is an <i>offset</i> pointer. A pointer that points to
3933 allocated storage that is not defined is an <i>allocated</i>
3934 pointer. The result of dereferencing an allocated pointer is
3935 undefined storage. Hence, it is an anomaly to use it as an
3936 rvalue. A dead (or “dangling”) pointer does not
3937 point to allocated storage. A pointer becomes dead if the
3938 storage it points to is deallocated (e.g., the pointer is passed to
3939 the <span class="CodeText"><span style=
3940 'font-size:10.0pt'>free</span></span> library function.) It
3941 is an anomaly to use a dead pointer as an rvalue.</p>
3942 <p class="TextFontCX"> </p>
3943 <p class="TextFontCX">There is a special object <i>null</i>
3944 corresponding to the <span class="CodeText"><span style=
3945 'font-size:10.0pt'>NULL</span></span>pointer in a C program.
3946 A pointer that may have the value <span class=
3947 "CodeText"><span style='font-size:10.0pt'>NULL</span></span> is a
3948 <i>possibly-null</i> pointer. It is an anomaly to use a
3949 possibly-null pointer where a non-null pointer is expected (e.g.,
3950 certain function arguments or the indirection operator).</p>
3951 <h2 style='margin-left:0in;text-indent:0in'><a name=
3952 "_Toc534974959"></a><a name="_Ref347476065"></a><a name=
3953 "_Ref347469133"></a><a name="_Ref347465595"></a><a name=
3954 "_Ref344893840"></a><a name="_Toc344355409">5.2<span style=
3955 'font:7.0pt "Times New Roman"'> </span>
3956 Deallocation Errors</a></h2>
3957 <p class="TextFontCX">There are two kinds of deallocation errors
3958 with which we are concerned: deallocating storage when there
3959 are other live references to the same storage, or failing to
3960 deallocate storage before the last reference to it is lost.
3961 To handle these deallocation errors, we introduce a concept of an
3962 obligation to release storage. Every time storage is
3963 allocated, it creates an obligation to release the storage.
3964 This obligation is attached to the reference to which the storage
3965 is assigned.<a href="#_ftn6" name="_ftnref6" title=
3966 ""><span class="MsoFootnoteReference"><span class=
3967 "MsoFootnoteReference"><span style=
3968 'font-size:11.0pt;font-family:"Times New Roman"'>[6]</span></span></span></a>
3969 Before the scope of the reference is exited or it is assigned
3970 to a new value, the storage to which it points must be
3971 released. Annotations can be used to indicate that
3972 this obligation is transferred through a return value,
3973 function parameter or assignment to an external
3975 <p align="right"><i><span style='font-size:9.0pt'>‘Tis in my
3976 memory lock’d, and you yourself shall keep the key of
3978 <span style='font-size:9.0pt'>Ophelia prefers explicit
3979 deallocation (Hamlet. Act I, Scene iii)</span></p>
3980 <h3 style='margin-left:0in;text-indent:0in'><a name=
3981 "_Toc534974960">5.2.1<span style=
3982 'font:7.0pt "Times New Roman"'> </span>
3983 Unshared References</a></h3>
3984 <p class="TextFontCX">The <span class="Annot"><span style=
3985 'font-size:10.0pt'>only</span></span> annotation is used to
3986 indicate a reference is the only pointer to the object it points
3987 to. We can view the reference as having an obligation to
3988 release this storage. This obligation is satisfied by
3989 transferring it to some other reference in one of three ways:</p>
3990 <p class="MsoListBullet"><span style=
3991 'font-family:Symbol'>·<span style=
3992 'font:7.0pt "Times New Roman"'> </span></span>
3993 pass it as an actual parameter corresponding to a formal parameter
3994 declared with an <span class="Annot"><span style=
3995 'font-size:10.0pt'>only</span></span>
3996 annotation </p>
3997 <p class="MsoListBullet"><span style=
3998 'font-family:Symbol'>·<span style=
3999 'font:7.0pt "Times New Roman"'> </span></span>
4000 assign it to an external reference declared with an
4001 <span class="Annot"><span style=
4002 'font-size:10.0pt'>only</span></span> annotation</p>
4003 <p class="MsoListBullet"><span style=
4004 'font-family:Symbol'>·<span style=
4005 'font:7.0pt "Times New Roman"'> </span></span>
4006 return it as a result declared with an <span class=
4007 "Annot"><span style='font-size:10.0pt'>only</span></span>
4009 <p class="afterlist">After the release obligation is transferred,
4010 the original reference is a dead pointer and the storage it points
4011 to may not be used.</p>
4012 <p class="TextFontCX"> </p>
4013 <p class="TextFontCX">All obligations to release storage stem from
4014 primitive allocation routines (e.g., <span class=
4015 "CodeText"><span style='font-size:10.0pt'>malloc</span></span>),
4016 and are ultimately satisfied by calls to <span class=
4017 "CodeText"><span style='font-size:10.0pt'>free</span></span>.
4018 The standard library declared the primitive allocation and
4019 deallocation routines.</p>
4020 <p class="TextFontCX"> </p>
4021 <p class="TextFontCX">The basic memory allocator,
4022 <span class="CodeText"><span style=
4023 'font-size:10.0pt'>malloc</span></span>, is declared:</p>
4024 <p class="example"><a href="mailto:/*@only@*/">/*@only@*/</a>
4025 /*@null@*/ void *malloc (size_t size);</p>
4026 <p class="TextFontCX">It returns an object that is referenced only
4027 by the function return value. </p>
4028 <p class="TextFontCX"> </p>
4029 <p class="TextFontCX">The deallocator, <span class=
4030 "CodeText"><span style='font-size:10.0pt'>free</span></span>, is
4031 declared:<a href="#_ftn7" name="_ftnref7" title=
4032 ""><span class="MsoFootnoteReference"><span class=
4033 "MsoFootnoteReference"><span style=
4034 'font-size:11.0pt;font-family:"Times New Roman"'>[7]</span></span></span></a></p>
4035 <p class="example">void free (/*@only@*/ <a href=
4036 "mailto:/*@out@*/">/*@out@*/</a> <a href=
4037 "mailto:/*@null@*/">/*@null@*/</a> void *ptr);</p>
4039 <table class="MsoNormalTable" border="0" cellspacing="0"
4040 cellpadding="0" style=
4041 'margin-left:5.4pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'>
4043 <td valign="top" style=
4044 'width:193.5pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'>
4045 <p class="TextFontCX" align="center" style='text-align:center'>
4046 <a name="_Ref344990094"><span class="Keyword"><b><span style=
4047 'font-size:10.0pt;color:white'>only.c</span></b></span></a></p></td>
4048 <td valign="top" style=
4049 'width:225.0pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'>
4050 <p class="TextFontCX" align="center" style='text-align:center'>
4051 <b><span style='color:white'>Running
4052 Splint</span></b></p></td></tr>
4054 <td valign="top" style=
4055 'width:193.5pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'>
4056 <p class="Verbatim"><i><span style=
4057 'font-size:8.0pt;font-family:Arial'>1 </span></i>
4058 <span style='font-size:9.5pt'>extern /*@only@*/ int
4060 <p class="Verbatim"><span style='font-size:9.5pt'> </span></p>
4061 <p class="Verbatim"><span style='font-size:9.5pt'>/*@only@*/ int
4063 <p class="Verbatim"><span style='font-size:9.5pt'>f (/*@only@*/ int
4064 *x, int *y,</span></p>
4065 <p class="Verbatim"><span style='font-size:9.5pt'> int
4067 <p class="Verbatim"><span style='font-size:9.5pt'> /*@globals
4069 <p class="Verbatim"><span style='font-size:9.5pt'>{</span></p>
4070 <p class="Verbatim"><i><span style=
4071 'font-size:8.0pt;font-family:Arial'> 8</span></i>
4072 <span style='font-size:9.5pt'>int *m = (int *)</span></p>
4073 <p class="Verbatim"><i><span style=
4074 'font-size:8.0pt;font-family:Arial'> 9</span></i><span style='font-size:9.5pt'>
4075 malloc (sizeof (int));</span></p>
4076 <p class="Verbatim"><span style='font-size:9.5pt'> </span></p>
4077 <p class="Verbatim"><i><span style=
4078 'font-size:8.0pt;font-family:Arial'>11</span></i>
4079 <span style='font-size:9.5pt'>glob =
4080 y; </span> <i><span style=
4081 'font-size:9.5pt; font-family:"Times New Roman"'>Memory
4083 <p class="Verbatim"><i><span style=
4084 'font-size:8.0pt;font-family:Arial'>12</span></i>
4085 <span style='font-size:9.5pt'>free (x);</span></p>
4086 <p class="Verbatim"><i><span style=
4087 'font-size:8.0pt;font-family:Arial'>13</span></i>
4088 <span style='font-size:9.5pt'>*m =
4089 *x; </span> <i><span style=
4090 'font-size:9.5pt; font-family:"Times New Roman"'>Use after
4092 <p class="Verbatim"><i><span style=
4093 'font-size:8.0pt;font-family:Arial'>14</span></i>
4094 <span style='font-size:9.5pt'>return
4095 z; </span> <i><span style=
4096 'font-size:9.5pt; font-family:"Times New Roman"'>Memory leak
4097 detected</span></i><i><span style=
4098 'font-size:9.5pt;font-family:Arial'> </span></i></p>
4099 <p class="TextFontCX"><span style=
4100 'font-size: 9.5pt'>}</span></p></td>
4101 <td valign="top" style=
4102 'width:225.0pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
4103 <p class="lclintrun">> splint only.c</p>
4104 <p class="lclintrun">only.c:11: Only storage glob (type int *) not
4106 <p class="lclintrun">
4107
4108 before assignment: glob = y</p>
4109 <p class="lclintrun"> only.c:1: Storage glob becomes
4111 <p class="lclintrun">only.c:11: Implicitly temp storage y assigned
4113 <p class="lclintrun">
4114
4116 <p class="lclintrun">only.c:13: Dereference of possibly null
4118 <p class="lclintrun"> only.c:8: Storage m may become
4120 <p class="lclintrun">only.c:13: Variable x used after being
4122 <p class="lclintrun"> only.c:12: Storage x released</p>
4123 <p class="lclintrun">only.c:14: Implicitly temp storage z returned
4125 <p class="lclintrun">only.c:14: Fresh storage m not released before
4127 <p class="lclintrun" style='page-break-after:avoid'>
4128 only.c:9: Fresh storage m
4129 allocated </p></td></tr></table>
4130 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
4132 <td valign="top" align="left" style=
4133 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
4134 <p class="MsoCaption"><a name="_Toc534824610">Figure 6.
4135 Memory Management</a></p></td></tr></table>
4136 <p class="TextFontCX">The parameter to <span class=
4137 "CodeText"><span style='font-size:10.0pt'>free</span></span> must
4138 reference an unshared object. Since the parameter is declared
4139 using <span class="Annot"><span style=
4140 'font-size:10.0pt'>only</span></span>, the caller may not use the
4141 referenced object after the call, and may not pass in a reference
4142 to a shared object. There is nothing special about
4143 <span class="CodeText"><span style=
4144 'font-size:10.0pt'>malloc</span></span> and <span class=
4145 "CodeText"><span style='font-size:10.0pt'>free</span></span>
4146 — their behavior can be described entirely in terms of the
4147 provided annotations.</p>
4148 <h3 style='margin-left:0in;text-indent:0in'><a name=
4149 "_Ref347468963"></a><a name="_Toc534974961"></a><a name=
4150 "_Ref347469360">5.2.2<span style=
4151 'font:7.0pt "Times New Roman"'> </span>
4152 Temporary Parameters</a></h3>
4153 <p class="TextFontCX">The <span class="Annot"><span style=
4154 'font-size:10.0pt'>temp</span></span> annotation is used to
4155 declare a function parameter that is used temporarily by the
4156 function. An error is reported if the function releases the
4157 storage associated with a <span class="Annot"><span style=
4158 'font-size:10.0pt'>temp</span></span> formal parameter or creates
4159 new aliases to it that are visible after the function
4160 returns. Any storage may be passed as a <span class=
4161 "Annot"><span style='font-size:10.0pt'>temp</span></span>
4162 parameter, and it satisfies its original memory constraints after
4163 the function returns.</p>
4164 <h3 style='margin-left:0in;text-indent:0in'><a name=
4165 "_Toc534974962">5.2.3<span style=
4166 'font:7.0pt "Times New Roman"'> </span>
4167 Owned and Dependent References</a></h3>
4168 <p class="TextFontCX">In real programs it is sometimes necessary to
4169 have storage that is shared between several possibly
4170 references. The <span class="Annot"><span style=
4171 'font-size:10.0pt'>owned</span></span> and <span class=
4172 "Annot"><span style='font-size:10.0pt'>dependent</span></span>
4173 annotations provide a more flexible way of managing storage, at the
4174 cost of less checking. The <span class=
4175 "Annot"><span style='font-size:10.0pt'>owned</span></span>
4176 annotation denotes a reference with an obligation to release
4177 storage. Unlike <span class="Annot"><span style=
4178 'font-size:10.0pt'>only</span></span>, however, other
4179 external references marked with <span class=
4180 "Annot"><span style=
4181 'font-size:10.0pt'>dependent</span></span> annotations may
4182 share this object. It is up to the programmer to ensure
4183 that the lifetime of a <span class="Annot"><span style=
4184 'font-size:10.0pt'>dependent</span></span> reference is
4185 contained within the lifetime of the corresponding
4186 <span class="Annot"><span style=
4187 'font-size:10.0pt'>owned</span></span> reference.</p>
4188 <h3 style='margin-left:0in;text-indent:0in'><a name=
4189 "_Toc534974963"></a><a name="_Ref347805800">5.2.4<span style=
4190 'font:7.0pt "Times New Roman"'> </span>
4191 Keep Parameters</a></h3>
4192 <p class="TextFontCX">The <span class="Annot"><span style=
4193 'font-size:10.0pt'>keep</span></span> annotation is similar to
4194 <span class="Annot"><span style=
4195 'font-size:10.0pt'>only</span></span>, except the caller may use
4196 the reference after the call. The called function must assign
4197 the <span class="Annot"><span style=
4198 'font-size:10.0pt'>keep</span></span> parameter to an
4199 <span class="Annot"><span style=
4200 'font-size:10.0pt'>only</span></span> reference, or pass it
4201 as a <span class="Annot"><span style=
4202 'font-size:10.0pt'>keep</span></span> parameter to another
4203 function. It is up to the programmer to make sure that
4204 the calling function does not use this reference after it is
4205 released. The <span class="Annot"><span style=
4206 'font-size:10.0pt'>keep</span></span> annotation is useful
4207 for adding an object to a collection (e.g., a symbol table),
4208 where it is known that it will not be deallocated until the
4210 <h3 style='margin-left:0in;text-indent:0in'><a name=
4211 "_Toc534974964"></a><a name="_Ref347469304">5.2.5<span style=
4212 'font:7.0pt "Times New Roman"'> </span>
4213 Shared References</a></h3>
4214 <p class="TextFontCX">If Splint is used to check a program designed
4215 to be used in a garbage-collected environment, there may be storage
4216 that is shared by one or more references and never explicitly
4217 released. The <span class="Annot"><span style=
4218 'font-size:10.0pt'>shared</span></span> annotation declares storage
4219 that may be shared arbitrarily, but never released.</p>
4220 <h3 style='margin-left:0in;text-indent:0in'><a name=
4221 "_Toc534974965"></a><a name="_Ref348341639">5.2.6<span style=
4222 'font:7.0pt "Times New Roman"'> </span>
4223 Stack References</a></h3>
4224 <p class="TextFontCX">Local variables that are not allocated
4225 dynamically are stored on a call stack. When a function
4226 returns, its stack frame is deallocated, destroying the storage
4227 associated with the function’s local variables. A
4228 memory error occurs if a pointer into this storage is live after
4229 the function returns. Splint detects errors involving stack
4230 references exported from a function through return values or
4231 assignments to references reachable from global variables or actual
4232 parameters. No annotations are needed to detect stack
4233 reference errors, since it is clear from a declaration if storage
4234 is allocated on the function stack. Figure 7 gives and
4235 example of errors reported involving stack-allocated storage.</p>
4237 <table class="MsoNormalTable" border="0" cellspacing="0"
4238 cellpadding="0" style=
4239 'margin-left:5.4pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'>
4241 <td valign="top" style=
4242 'width:2.25in;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'>
4243 <p class="TextFontCX" align="center" style='text-align:center'>
4244 <span class="Keyword"><b><span style=
4245 'font-size:10.0pt; color:white'>stack.c</span></b></span></p></td>
4246 <td valign="top" style=
4247 'width:256.5pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'>
4248 <p class="TextFontCX" align="center" style='text-align:center'>
4249 <b><span style='color:white'>Running
4250 Splint</span></b></p></td></tr>
4252 <td valign="top" style=
4253 'width:2.25in;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'>
4254 <p class="Verbatim">int *glob;</p>
4255 <p class="Verbatim"> </p>
4256 <p class="Verbatim">/*@dependent@*/ int *</p>
4257 <p class="Verbatim"> f (int **x)</p>
4258 <p class="Verbatim">{</p>
4259 <p class="Verbatim"> int sa[2] = { 0, 1 };</p>
4260 <p class="Verbatim"> int loc = 3;</p>
4261 <p class="Verbatim"> </p>
4262 <p class="Verbatim"><span class="Line"><span style=
4263 'font-size:8.0pt'> 9</span></span> glob = &loc;</p>
4264 <p class="Verbatim"><span class="Line"><span style=
4265 'font-size:8.0pt'>10</span></span> *x = &sa[0];</p>
4266 <p class="Verbatim"> </p>
4267 <p class="Verbatim"><span class="Line"><span style=
4268 'font-size:8.0pt'>12</span></span> return &loc;</p>
4269 <p class="Verbatim">} </p></td>
4270 <td valign="top" style=
4271 'width:256.5pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
4272 <p class="lclintrun">> splint stack.c</p>
4273 <p class="lclintrun">stack.c:12: Stack-allocated storage &loc
4275 <p class="lclintrun">
4276
4277 from return value: &loc</p>
4278 <p class="lclintrun">stack.c:12: Stack-allocated storage *x
4280 <p class="lclintrun">
4281
4283 <p class="lclintrun"> stack.c:10: Storage *x becomes
4285 <p class="lclintrun">stack.c:12: Stack-allocated storage glob
4287 <p class="lclintrun">
4288
4289 from global glob</p>
4290 <p class="lclintrun"> stack.c:9: Storage glob becomes
4292 <p class="lclintrun"> </p>
4293 <p class="TextFontCX" align="left" style=
4294 'text-align:left;page-break-after:avoid'><i>A</i>
4295 <span class="Annot"><span style=
4296 'font-size:10.0pt'>dependent</span></span> <i>annotation is
4297 used on the return value. Without this, other warnings
4298 would be reported, since the result would have an
4299 implicit</i> <span class="Annot"><span style=
4300 'font-size: 10.0pt'>only</span></span>
4301 <i>annotation.</i></p></td></tr></table>
4302 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
4304 <td valign="top" style=
4305 'padding-top:5.05pt;padding-right: 9.35pt;padding-bottom:5.05pt;padding-left:9.35pt'>
4306 <p class="MsoCaption"><a name="_Toc534824611"></a><a name=
4307 "_Ref534821941">Figure 7</a>. Stack-Allocated
4308 Storage</p></td></tr></table></center>
4309 <h3 style='margin-left:0in;text-indent:0in'><a name=
4310 "_Toc534974966">5.2.7<span style=
4311 'font:7.0pt "Times New Roman"'> </span>
4312 Inner Storage</a></h3>
4313 <p class="TextFontCX">An annotation always applies to the outermost
4314 level of storage. For example,</p>
4315 <p class="example">/*@only@*/ int **x;</p>
4316 <p class="beforelist">declares <span class=
4317 "CodeText"><span style='font-size:10.0pt'>x</span></span> as
4318 an unshared pointer to a pointer to an <span class=
4319 "CodeText"><span style=
4320 'font-size:10.0pt'>int</span></span>. The <span class=
4321 "Flag"><span style='font-size:10.0pt'>only</span></span>
4322 annotation applies to <span class="CodeText"><span style=
4323 'font-size:10.0pt'>x</span></span>, but not to <span class=
4324 "CodeText"><span style=
4325 'font-size:10.0pt'>*x</span></span>. To apply
4326 annotations to inner storage a type definition may be
4328 <p class="Verbatim"> typedef /*@only@*/ int *oip;</p>
4329 <p class="Verbatim"> /*@only@*/ oip *x;</p>
4330 <p class="afterlist">Now, x is an <span class=
4331 "Annot"><span style='font-size:10.0pt'>only</span></span>
4332 pointer to an <span class="Annot"><span style=
4333 'font-size:10.0pt'>oip</span></span>, which is an
4334 <span class="Annot"><span style=
4335 'font-size:10.0pt'>only</span></span> pointer to an
4336 <span class="Annot"><span style=
4337 'font-size:10.0pt'>int</span></span>.</p>
4338 <p class="afterlist">When annotations are used in type definitions,
4339 they may be overridden in instance declarations. For
4341 <p class="example">/*@dependent@*/ oip x;</p>
4342 <p class="TextFontCX">makes <span class=
4343 "CodeText"><span style='font-size:10.0pt'>x</span></span> a
4344 <span class="Annot"><span style=
4345 'font-size:10.0pt'>dependent</span></span> pointer to an
4346 <span class="CodeText"><span style=
4347 'font-size:10.0pt'>int</span></span>. Another way to
4348 apply annotations to inner storage is to use a state clause
4349 (see Section 7.4).</p>
4350 <h2 style='margin-left:0in;text-indent:0in'><a name=
4351 "_Toc534974967"></a><a name="_Ref347812243"></a><a name=
4352 "_Ref344893978"></a><a name="_Toc344355410">5.3<span style=
4353 'font:7.0pt "Times New Roman"'> </span>
4354 Implicit Memory Annotations</a></h2>
4355 <p class="TextFontCX">Since it is important that Splint can check
4356 unannotated programs effectively, the meaning of declarations with
4357 no memory annotations is chosen to minimize the number of
4358 annotations needed to get useful checking on an unannotated
4360 <p class="TextFontCX"> </p>
4361 <p class="TextFontCX">An implicit memory management annotation may
4362 be assumed for declarations with no explicit memory management
4363 annotation. Implicit annotations are checked identically to
4364 the corresponding explicit annotation, except error messages
4365 indicate that they result from an implicit annotation. Figure
4366 8 illustrates some implicit annotations.</p>
4367 <p class="TextFontCX"> </p>
4368 <p class="TextFontCX">Unannotated function parameters are assumed
4369 to be <span class="Annot"><span style=
4370 'font-size:10.0pt'>temp</span></span>. This means if memory
4371 checking is turned on for an unannotated program, all functions
4372 that release storage referenced by a parameter or assign a global
4373 variable to alias the storage will produce error messages.
4374 (Controlled by <span class="Flag"><span style=
4375 'font-size:10.0pt'>paramimptemp</span></span>.)</p>
4376 <p class="TextFontCX"> </p>
4378 <table class="MsoNormalTable" border="0" cellspacing="0"
4379 cellpadding="0" style=
4380 'width:423.0pt;margin-left:.9pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'>
4381 <tr style='page-break-inside:avoid'>
4382 <td colspan="2" valign="top" style=
4383 'width:423.0pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'>
4384 <p class="TextFontCX" align="center" style='text-align:center'>
4385 <span class="Keyword"><b><span style=
4386 'font-size:10.0pt; color:white'>implicit.c</span></b></span></p></td></tr>
4388 <td valign="top" style=
4389 'width:207.0pt;border-top:none;border-left: solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:none; padding:0in 5.4pt 0in 5.4pt'>
4390 <p class="Verbatim">typedef struct {</p>
4391 <p class="Verbatim"> <span class=
4392 "implicit"><b>only</b></span> char *name;</p>
4393 <p class="Verbatim"> int val;</p>
4394 <p class="Verbatim">} *rec;</p>
4395 <p class="Verbatim"> </p>
4396 <p class="Verbatim">extern <span class=
4397 "implicit"><b>only</b></span> rec rec_last ;</p>
4398 <p class="Verbatim"> </p>
4399 <p class="Verbatim">extern <span class=
4400 "implicit"><b>only</b></span> rec</p>
4401 <p class="Verbatim"> rec_create (<span class=
4402 "implicit"><b>temp</b></span> char *name,</p>
4403 <p class="Verbatim">
4404
4406 <p class="TextFontCX"><i>Annotations in</i> <span class=
4407 "Keyword"><b><i><span style=
4408 'font-size:10.0pt;color:windowtext'>italics</span></i></b></span>
4409 <i>are not present in the code, but may be implied depending on
4410 flag settings.</i></p></td>
4411 <td valign="top" style=
4412 'width:3.0in;border-top:none;border-left:none; border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
4413 <p class="TextFontCX"> </p>
4414 <p class="TextFontCX" align="left" style='text-align:left'>
4415 <i>Implicit</i> <span class="Annot"><i><span style=
4416 'font-size:10.0pt'>only</span></i></span> <i>annotation on mutable
4417 structure field if</i> <span class="Flag"><span style=
4418 'font-size:10.0pt'>structimponly</span></span> <i>is on.</i></p>
4419 <p class="lclintrun"><i> </i></p>
4420 <p class="TextFontCX" align="left" style='text-align:left'>
4421 <i>Implicit</i> <span class="Annot"><span style=
4422 'font-size:10.0pt'>only</span></span> <i>annotation on mutable
4423 global variables if</i> <span class="Flag"><span style=
4424 'font-size:10.0pt'>globimponly</span></span> <i>is on.</i></p>
4425 <p class="TextFontCX" align="left" style='text-align:left'>
4427 <p class="TextFontCX" align="left" style=
4428 'text-align:left;page-break-after:avoid'><i>Implicit</i>
4429 <span class="Annot"><span style=
4430 'font-size:10.0pt'>only</span></span> <i>annotation on mutable
4431 function result if</i> <span class="Flag"><span style=
4432 'font-size: 10.0pt'>retimponly</span></span> <i>is set.
4433 Implicit</i> <span class="Annot"><span style=
4434 'font-size:10.0pt'>temp</span></span> <i>annotation on mutable
4435 parameter if</i> <span class="Flag"><span style=
4436 'font-size:10.0pt'>paramimptemp</span></span> <i>is
4437 set.</i></p></td></tr></table>
4438 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
4440 <td valign="top" align="left" style=
4441 'padding-top:.1in;padding-right: 9.35pt;padding-bottom:.1in;padding-left:9.35pt'>
4442 <p class="MsoCaption"><a name="_Toc534824612"></a><a name=
4443 "_Ref534822006">Figure 8</a>. Implicit
4444 Annotations</p></td></tr></table></center>
4445 <p class="TextFontCX">Unannotated return values, structure fields
4446 and global variables are assumed to be <span class=
4447 "Annot"><span style='font-size:10.0pt'>only</span></span>.
4448 With implicit annotations (on by default), turning on memory
4449 checking for an unannotated program will produce errors for any
4450 function that does not return unshared storage or assignment of
4451 shared storage to a global variable or structure field. If an
4452 exposure qualifier is used (see Section 6.2), the implied
4453 <span class="Annot"><span style=
4454 'font-size: 10.0pt'>dependent</span></span> annotation is used
4455 instead of the more generally implied <span class=
4456 "Annot"><span style='font-size:10.0pt'>only</span></span>
4457 annotation. (Controlled by <span class=
4458 "Flag"><span style='font-size:10.0pt'>retimponly</span></span>,
4459 <span class="Flag"><span style=
4460 'font-size:10.0pt'>structimponly</span></span> and
4461 <span class="Flag"><span style=
4462 'font-size:10.0pt'>globimponly</span></span>. The
4463 <span class="Flag"><span style=
4464 'font-size:10.0pt'>allimponly</span></span> flag sets
4465 all of the implicit only flags.) </p>
4466 <h2 style='margin-left:0in;text-indent:0in'><a name=
4467 "_Toc534974968"></a><a name="_Ref534970957"></a><a name=
4468 "_Ref347469058"></a><a name="_Ref344907383"></a><a name=
4469 "_Toc344355411">5.4<span style=
4470 'font:7.0pt "Times New Roman"'> </span>
4471 Reference Counting</a></h2>
4472 <p class="TextFontCX">Another approach to memory management is to
4473 add a field to a type to explicitly keep track of the number of
4474 references to that storage. Every time a reference is added
4475 or lost the reference count is adjusted accordingly; if it would
4476 become zero, the storage is released. Reference counting it
4477 difficult to do without automatic checking since it is easy to
4478 forget to increment or decrement the reference count, and
4479 exceedingly difficult to track down these errors.</p>
4480 <p class="TextFontCX"> </p>
4481 <p class="TextFontCX">Splint supports reference counting by using
4482 annotations to constrain the use of reference counted storage in a
4483 manner similar to other memory management annotations.</p>
4484 <p class="TextFontCX"> </p>
4485 <p class="TextFontCX">A reference counted type is declared using
4486 the <span class="Annot"><span style=
4487 'font-size:10.0pt'>refcounted</span></span> annotation. Only
4488 pointer to <span class="CodeText"><span style=
4489 'font-size:10.0pt'>struct</span></span> types may be declared as
4490 <span class="Annot"><span style=
4491 'font-size:10.0pt'>refcounted</span></span>, since reference
4492 counted storage must have a field to count the references.
4493 One field in the structure (or integral type) is preceded by the
4494 <span class="Annot"><span style=
4495 'font-size:10.0pt'>refs</span></span> annotation to indicate that
4496 the value of this field is the number of live references to the
4497 structure. For example (in <span class="Keyword"><span style=
4498 'font-size:10.0pt;font-family:Arial; color:windowtext'>rstring.h</span></span>),</p>
4499 <p class="Verbatim" style='margin-top:6.0pt'>
4500 typedef /*@abstract@*/
4501 /*@refcounted@*/ struct {</p>
4502 <p class="Verbatim">
4503 /*@refs@*/ int refs;</p>
4504 <p class="Verbatim"> char
4506 <p class="Verbatim"> } *rstring;</p>
4507 <p class="afterlist">declares <span class=
4508 "CodeText"><span style='font-size:10.0pt'>rstring</span></span>
4509 as an abstract, reference-counted type. The
4510 <span class="CodeText"><span style=
4511 'font-size:10.0pt'>refs</span></span> field counts the number
4512 of references and the <span class="CodeText"><span style=
4513 'font-size:10.0pt'>contents</span></span> field holds the
4514 contents of a string.</p>
4515 <p class="TextFontCX"> </p>
4517 <table class="MsoNormalTable" border="0" cellspacing="0"
4518 cellpadding="0" style=
4519 'width:425.5pt;margin-left:.2in;border-collapse:collapse'>
4521 <td valign="top" style=
4522 'width:267.05pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'>
4523 <p class="TextFontCX" align="center" style='text-align:center'>
4524 <span class="Keyword"><b><span style=
4525 'font-size:10.0pt; color:white'>rstring.c</span></b></span></p></td>
4526 <td valign="top" style=
4527 'width:158.45pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'>
4528 <p class="TextFontCX" align="center" style='text-align:center'>
4529 <b><span style='color:white'>Running
4530 Splint</span></b></p></td></tr>
4532 <td valign="top" style=
4533 'width:267.05pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'>
4534 <p class="Verbatim"><span style='font-size:9.0pt'># include
4535 "rstring.h"</span></p>
4536 <p class="Verbatim"><span style='font-size:9.0pt'> </span></p>
4537 <p class="Verbatim"><span style='font-size:9.0pt'>static rstring
4538 rstring_ref (rstring r)</span></p>
4539 <p class="Verbatim"><span style='font-size:9.0pt'>{</span></p>
4540 <p class="Verbatim"><span style='font-size:9.0pt'>
4541 r->refs++;</span></p>
4542 <p class="Verbatim"><span class="Line"><span style=
4543 'font-size:8.0pt'>6</span></span> <span style=
4544 'font-size:9.0pt'>return r;</span></p>
4545 <p class="Verbatim"><span style='font-size:9.0pt'>}</span></p>
4546 <p class="Verbatim"><span style='font-size:9.0pt'> </span></p>
4547 <p class="Verbatim"><span style='font-size:9.0pt'>rstring
4548 rstring_first (rstring r1, rstring r2)</span></p>
4549 <p class="Verbatim"><span style='font-size:9.0pt'>{</span></p>
4550 <p class="Verbatim"><span style='font-size:9.0pt'> if (strcmp
4551 (r1->contents, r2->contents) < 0)</span></p>
4552 <p class="Verbatim"><span class="Line"><span style=
4553 'font-size:8.0pt'>12</span></span><span style=
4554 'font-size:9.0pt'> return r1;</span></p>
4555 <p class="Verbatim"><span style='font-size:9.0pt'>
4557 <p class="Verbatim"><span class="Line"><span style=
4558 'font-size:8.0pt'>14</span></span><span style=
4559 'font-size:9.0pt'> return rstring_ref
4561 <p class="Verbatim"><span style='font-size:9.0pt'>}</span></p></td>
4562 <td valign="top" style=
4563 'width:158.45pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
4564 <p class="lclintrun">> splint rstring.c</p>
4565 <p class="lclintrun">rstring.c:12: Reference counted </p>
4566 <p class="lclintrun"> storage returned without
4568 <p class="lclintrun"> reference count: r1</p>
4569 <p class="lclintrun"><i> </i></p>
4570 <p class="TextFontCX" align="left" style='text-align:left'>
4571 <i><span style='font-size:10.0pt'>No error is reported for line 6
4572 since the reference count was incremented. No error is
4573 reported for line 14, since</span></i> <span class=
4574 "CodeText"><i><span style=
4575 'font-size:10.0pt'>rstring_ref</span></i></span><i><span style='font-size:10.0pt'>
4576 returns a new reference.</span></i></p>
4577 <p class="TextFontCX" align="left" style=
4578 'text-align:left;page-break-after:avoid'><span style=
4579 'font-size:10.0pt'> </span></p></td></tr></table>
4580 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
4583 <td valign="top" align="left" style=
4584 'padding-top:.1in;padding-right: 0in;padding-bottom:.1in;padding-left:0in'>
4585 <p class="MsoCaption"><a name="_Toc534824613"></a><a name=
4586 "_Ref534822069">Figure 9</a>. Reference
4587 Counting</p></td></tr></table></center>
4590 <p class="TextFontCX">All functions that return <span class=
4591 "Annot"><span style='font-size:10.0pt'>refcounted</span></span>
4592 storage must increase the reference count before returning.
4593 Splint cannot determine if the reference count was increased, so
4594 any function that directly returns a reference to
4595 <span class="Annot"><span style=
4596 'font-size:10.0pt'>refcounted</span></span> storage will
4597 produce an error. This is avoided, by using a function
4598 to return a new reference (e.g., <span class=
4599 "CodeText"><span style=
4600 'font-size:10.0pt'>rstring_ref</span></span> in Figure
4602 <p class="TextFontCX"> </p>
4603 <p class="TextFontCX">A reference counted type may be passed as a
4604 <span class="Annot"><span style=
4605 'font-size:10.0pt'>temp</span></span> or <span class=
4606 "Annot"><span style='font-size:10.0pt'>dependent</span></span>
4607 parameter. It may not be passed as an <span class=
4608 "Annot"><span style='font-size:10.0pt'>only</span></span>
4609 parameter. Instead, the <span class=
4610 "Annot"><span style='font-size:10.0pt'>killref</span></span>
4611 annotation is used to denote a parameter whose reference is
4612 eliminated by the function call. Like <span class=
4613 "Annot"><span style='font-size:10.0pt'>only</span></span>
4614 parameters, an actual parameter corresponding to a
4615 <span class="Annot"><span style=
4616 'font-size:10.0pt'>killref</span></span> formal parameter may
4617 not be used in the calling function after the call.
4618 Splint checks that the implementation of a function releases
4619 all <span class="Annot"><span style=
4620 'font-size:10.0pt'>killref</span></span> parameters, either
4621 by passing them as <span class="Annot"><span style=
4622 'font-size: 10.0pt'>killref</span></span> parameters, or
4623 assigning or returning them without increasing the reference
4625 <h1 style='margin-left:0in;text-indent:0in'><a name=
4626 "_Ref348845247"></a><a name="_Ref348796245"></a><a name=
4627 "_Toc344355413"></a><a name="_Ref344355210"></a><a name=
4628 "_Ref343064238"></a><a name="_Ref343064188"></a><a name=
4629 "_Toc534974969"></a><a name="_Ref534642796"></a><a name=
4630 "_Ref534642146">6<span style=
4631 'font:7.0pt "Times New Roman"'> </span>
4632 <a id="sharing" name="sharing">
4633 Sharing</a></a></h1>
4634 <p class="TextFontCX">Errors involving unexpected sharing of
4635 storage can cause serious problems. Undocumented sharing may
4636 lead to unpredictable modifications, and some library calls (e.g.,
4637 <span class="CodeText"><span style=
4638 'font-size:10.0pt'>strcpy</span></span>) have undefined behavior if
4639 parameters share storage. Another class of sharing errors
4640 occurs when clients of an abstract type may obtain a reference to
4641 mutable storage that is part of the abstract representation.
4642 This exposes the representation of the abstract type, since clients
4643 may modify an instance of the abstract type indirectly through this
4645 <h2 style='margin-left:0in;text-indent:0in'><a name=
4646 "_Ref534977801"></a><a name="_Toc534974970">6.1<span style=
4647 'font:7.0pt "Times New Roman"'> </span>
4649 <p class="TextFontCX">Splint detects errors involving dangerous
4650 aliasing of parameters. Some of these errors are already
4651 detected through the standard memory annotations (e.g.,
4652 <span class="Annot"><span style=
4653 'font-size:10.0pt'>only</span></span> parameters may not
4654 be aliases.) Two additional annotations are
4655 provided for constraining aliasing of parameters and return
4657 <h3 style='margin-left:0in;text-indent:0in'><a name=
4658 "_Toc534974971"></a><a name="_Ref347469444">6.1.1<span style=
4659 'font:7.0pt "Times New Roman"'> </span>
4660 Unique Parameters</a></h3>
4661 <p class="TextFontCX">The <span class="Annot"><span style=
4662 'font-size:10.0pt'>unique</span></span> annotation denotes a
4663 parameter that may not be aliased by any other storage reachable
4664 from the function implementation — that is, any storage
4665 reachable through the other parameters or global variables used by
4666 the function. The <span class="Annot"><span style=
4667 'font-size:10.0pt'>unique</span></span> annotation places similar
4668 constraints on function parameters as the <span class=
4669 "Annot"><span style='font-size:10.0pt'>only</span></span>
4670 annotation, but it does not transfer the obligation to release
4671 storage. Splint will report an error if a <span class=
4672 "Annot"><span style='font-size:10.0pt'>unique</span></span>
4673 parameter may be aliased by another parameter or global
4675 <p class="TextFontCX"> </p>
4676 <p class="TextFontCX">Splint reports an error if a function returns
4677 a reference to storage reachable from one of its parameters (if
4678 <span class="Flag"><span style=
4679 'font-size:10.0pt'>retalias</span></span> is on) since this may
4680 introduce unexpected aliases in the body of the calling function
4681 when the result is assigned.</p>
4682 <p class="TextFontCX"> </p>
4683 <p class="TextFontCX">Figure 10 illustrated sharing checks.
4684 An error is reported since the first parameter to the library
4685 function <span class="CodeText"><span style=
4686 'font-size:10.0pt'>strcpy</span></span> is declared with
4687 unique. If a <span class="CodeText"><span style=
4688 'font-size:10.0pt'>unique</span></span> qualifier were added to the
4689 parameter declaration for <span class="CodeText"><span style=
4690 'font-size:10.0pt'>s</span></span> or <span class=
4691 "CodeText"><span style='font-size:10.0pt'>t</span></span>, no error
4692 would be reported. </p>
4694 <table class="MsoNormalTable" border="0" cellspacing="0"
4695 cellpadding="0" style=
4696 'margin-left:5.4pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'>
4698 <td valign="top" style=
4699 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'>
4700 <p class="TextFontCX" align="center" style='text-align:center'>
4701 <span class="Keyword"><b><span style=
4702 'font-size:10.0pt; color:white'>unique.c</span></b></span></p></td>
4703 <td valign="top" style=
4704 'border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'>
4705 <p class="TextFontCX" align="center" style='text-align:center'>
4706 <b><span style='color:white'>Running
4707 Splint</span></b></p></td></tr>
4709 <td valign="top" style=
4710 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'>
4711 <p class="Verbatim"># include <string.h></p>
4712 <p class="Verbatim"> </p>
4713 <p class="Verbatim">void </p>
4714 <p class="Verbatim">capitalize (/*@out@*/ char *s,</p>
4715 <p class="Verbatim">
4716 char *t)</p>
4717 <p class="Verbatim">{</p>
4718 <p class="Verbatim"><span class="Line"><span style=
4719 'font-size:8.0pt'> 7</span></span> strcpy (s, t);</p>
4720 <p class="Verbatim"> *s = toupper (*s);</p>
4721 <p class="Verbatim">}</p></td>
4722 <td valign="top" style=
4723 'border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
4724 <p class="lclintrun">> splint unique.c</p>
4725 <p class="lclintrun"> </p>
4726 <p class="lclintrun">unique.c: (in function capitalize)</p>
4727 <p class="lclintrun">unique.c:7: Parameter 1 (s) to function strcpy
4729 <p class="lclintrun"> declared unique but may be
4730 aliased externally by</p>
4731 <p class="lclintrun"> parameter 2 (t)</p>
4732 <p class="lclintrun"> </p></td></tr></table>
4733 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
4735 <td valign="top" align="left" style=
4736 'padding-top:6.5pt;padding-right: 9.35pt;padding-bottom:6.5pt;padding-left:9.35pt'>
4737 <p class="MsoCaption"><a name="_Toc534824614"></a><a name=
4738 "_Ref534822167">Figure 10</a>. Unique
4739 parameters</p></td></tr></table></center>
4740 <h3 style='margin-left:0in;text-indent:0in'><a name=
4741 "_Toc534974972"></a><a name="_Ref347469448">6.1.2<span style=
4742 'font:7.0pt "Times New Roman"'> </span>
4743 Returned Parameters</a></h3>
4744 <p class="TextFontCX">The <span class="Annot"><span style=
4745 'font-size:10.0pt'>returned</span></span> annotation denotes a
4746 parameter that may be aliased by the return value. Splint
4747 checks the call assuming the result may be an alias to the
4748 <span class="Annot"><span style=
4749 'font-size:10.0pt'>returned</span></span> parameter.</p>
4750 <p class="TextFontCX"> </p>
4751 <p class="TextFontCX">Consider the following code excerpt:</p>
4752 <p class="TextFontCX"> </p>
4753 <p class="Verbatim">extern intSet intSet_insert (/*@returned@*/
4754 intSet s, int x);</p>
4755 <p class="Verbatim"> </p>
4756 <p class="Verbatim">intSet intSet_singleton (int x)</p>
4757 <p class="Verbatim">{</p>
4758 <p class="Verbatim"><span class="Line"><span style=
4759 'font-size:8.0pt'>7</span></span> return (intSet_insert
4760 (intSet_new (), x));</p>
4761 <p class="TextFontCX">}</p>
4762 <p class="TextFontCX"> </p>
4763 <p class="TextFontCX">Without the <span class=
4764 "Annot"><span style='font-size:10.0pt'>returned</span></span>
4765 qualifier on the parameter to <span class=
4766 "CodeText"><span style=
4767 'font-size:10.0pt'>intSet_insert</span></span>, a memory leak
4768 error would be reported for line 7, since the <span class=
4769 "Annot"><span style='font-size:10.0pt'>only</span></span>
4770 storage returned by <span class="CodeText"><span style=
4771 'font-size:10.0pt'>intSet_new</span></span> is not
4772 released. Because of the <span class=
4773 "Annot"><span style='font-size:10.0pt'>returned</span></span>
4774 qualifier, Splint assumes the result of <span class=
4775 "CodeText"><span style=
4776 'font-size:10.0pt'>intSet_insert</span></span> is the same
4777 storage as its first parameter, in this case the storage
4778 returned by <span class="CodeText"><span style=
4779 'font-size:10.0pt'>intSet_new</span></span>. No error
4780 is reported, since the only storage is then transferred
4781 through the return value (which has an implicit only
4782 annotation, see Section 5.3).</p>
4783 <h2 style='margin-left:0in;text-indent:0in'><a name=
4784 "_Ref344907981"></a><a name="_Ref344894258"></a><a name=
4785 "_Ref344809320"></a><a name="_Toc344355414"></a><a name=
4786 "_Toc534974973"></a><a name="_Ref345591408"></a><a name=
4787 "_Ref345591053">6.2<span style=
4788 'font:7.0pt "Times New Roman"'> </span>
4790 <p class="TextFontCX">Splint detects places where the
4791 representation of an abstract type is exposed. This occurs if
4792 a client has a pointer to storage that is part of the
4793 representation of an instance of the abstract type. The
4794 client can then modify or examine the storage this points to, and
4795 manipulate the value of the abstract type instance without using
4797 <p class="TextFontCX"> </p>
4798 <p class="TextFontCX">There are three ways a representation may be
4800 <p class="TextFontCX" style=
4801 'margin-left:.25in; text-indent:-.25in'>1.<span style=
4802 'font:7.0pt "Times New Roman"'> </span>
4803 Returning (or assigning to a global variable) an object that
4804 includes a pointer to a mutable component of an abstract
4805 type representation. (Controlled by <span class=
4807 'font-size:10.0pt'>ret-expose</span></span>).</p>
4808 <p class="TextFontCX" style=
4809 'margin-left:.25in; text-indent:-.25in'>2.<span style=
4810 'font:7.0pt "Times New Roman"'> </span>
4811 Assigning a mutable component of an abstract object to storage
4812 reachable from an actual parameter or a global variable that may be
4813 used after the call. This means the client may
4814 manipulate the abstract object using the actual parameter after the
4815 call. Note that if the corresponding formal parameter is
4816 declared <span class="Annot"><span style=
4817 'font-size:10.0pt'>only</span></span>, the caller may not use the
4818 actual parameter after the call so the representation is not
4819 exposed. (Controlled by <span class="Flag"><span style=
4820 'font-size:10.0pt'>assign-expose</span></span>).</p>
4821 <p class="TextFontCX" style=
4822 'margin-left:.25in; text-indent:-.25in'>3.<span style=
4823 'font:7.0pt "Times New Roman"'> </span>
4824 Casting mutable storage to or from an abstract type.
4825 (Controlled by <span class="Flag"><span style=
4826 'font-size:10.0pt'>cast-expose</span></span>).</p>
4827 <p class="afterlist">Annotations may be used to allow exposed
4828 storage to be returned safely by restricting how the caller may use
4829 the returned storage.</p>
4830 <h3 style='margin-left:0in;text-indent:0in'><a name=
4831 "_Toc534974974"></a><a name="_Ref347469553">6.2.1<span style=
4832 'font:7.0pt "Times New Roman"'> </span>
4833 Read-Only Storage</a></h3>
4834 <p class="beforelist">It is often useful for a function to return a
4835 pointer to internal storage (or an instance of a mutable abstract
4836 type) that is intended only as an <i>observer</i>. The caller
4837 may use the result, but should not modify the storage it points
4838 to. For example, consider a naïve implementation of the
4839 <span class="CodeText"><span style=
4840 'font-size:10.0pt'>employee_getName</span></span> operation for the
4841 abstract <span class="CodeText"><span style=
4842 'font-size:10.0pt'>employee</span></span> type:</p>
4843 <p class="Verbatim"> typedef /*@abstract@*/ struct
4845 <p class="Verbatim"> char *name;</p>
4846 <p class="Verbatim"> int id;</p>
4847 <p class="Verbatim"> } *employee;</p>
4848 <p class="Verbatim"> …</p>
4849 <p class="Verbatim"> char *employee_getName (employee
4850 e) { return e->name; }</p>
4851 <p class="afterlist">Splint produces a message to indicate that the
4852 return value exposes the representation. One solution would
4853 be to return a fresh copy of <span class=
4854 "CodeText"><span style='font-size:10.0pt'>e->name</span></span>.
4855 This is expensive, though, especially if we expect
4856 <span class="CodeText"><span style=
4857 'font-size:10.0pt'>employee_getName</span></span> is used
4858 mainly just to get a string for searching or printing.
4859 Instead, we could change the declaration of <span class=
4860 "CodeText"><span style=
4861 'font-size:10.0pt'>employee_getName</span></span> to:</p>
4862 <p class="example">extern /*@observer@*/ char *employee_getName
4864 <p class="TextFontCX">Now, the original implementation is
4865 correct. The declaration indicates that the caller may not
4866 modify the result, so it is acceptable to return shared
4867 storage. (The program must also not use the returned observer
4868 storage after any other calls to the abstract type module using the
4869 same parameter. Splint does not attempt to check this, and in
4870 practice it is rarely a problem.) Splint checks that the
4871 caller does not modify the return value. An error is reported
4872 if observer storage is modified directly, passed as a function
4873 parameter that may be modified, assigned to a global variable or
4874 reference derivable from a global variable that is not declared
4875 with an <span class="Annot"><span style=
4876 'font-size: 10.0pt'>observer</span></span> annotation , or returned
4877 as a function result or a reference derivable from the function
4878 result that is not annotation with an <span class=
4879 "Annot"><span style='font-size:10.0pt'>observer</span></span>
4881 <h4 style='margin-left:0in;text-indent:0in'><a name=
4882 "_Ref347469563"></a><a name="_Ref348017065">String
4884 <p class="TextFontCX">A program that attempts to modify a
4885 string literal has undefined behavior [ISO, 6.4.5]. This is
4886 not enforced by most C compilers, and can lead to particularly
4887 pernicious bugs that only appear when optimizations are turned on
4888 and the compiler attempts to minimize storage for string
4889 literals. Splint can be used to check that string literals
4890 are not modified, by treating them as -<span class=
4891 "Annot"><span style=
4892 'font-size:10.0pt'>observer</span></span> storage. If
4893 <span class="Flag"><span style=
4894 'font-size:10.0pt'>+read-only-strings</span></span> is set (default
4895 in standard mode), Splint will report an error if a string literal
4897 <h3 style='margin-left:0in;text-indent:0in'><a name=
4898 "_Toc534974975">6.2.2<span style=
4899 'font:7.0pt "Times New Roman"'> </span>
4900 Exposed Storage</a></h3>
4901 <p class="TextFontCX">Sometimes it is necessary to expose the
4902 representation of an abstract type. This may be evidence of a
4903 design flaw, but in some cases is justified for efficiency
4904 reasons. The <span class="Annot"><span style=
4905 'font-size:10.0pt'>exposed</span></span> annotation denotes
4906 storage that is exposed. It may be used on a return value for
4907 results that reference storage internal to an abstract
4908 representation, on a parameter value to indicate a parameter that
4909 may be assigned directly to part of an abstract representation
4910 (note that if the parameter is annotated with <span class=
4911 "Annot"><span style='font-size:10.0pt'>only</span></span>, it is
4912 not an error to assign it to part of an abstract representation,
4913 since the caller may not use the storage after the call returns),
4914 or on a field of an abstract representation to indicate that
4915 external references to the storage may exist. <a name=
4916 "_Toc344355415"></a><a name="_Ref343064165"></a><a name=
4917 "_Ref347254440"></a><a name="_Ref347169365">An error is reported
4918 if</a> <span class="Annot"><span style=
4919 'font-size:10.0pt'>exposed</span></span> storage is released, but
4920 unlike an <span class="Annot"><span style=
4921 'font-size:10.0pt'>observer</span></span>, no error is reported if
4922 it is modified. Figure 11 shows examples of exposure problems
4923 detected by Splint.</p>
4924 <p class="TextFontCX"> </p>
4926 <table class="MsoNormalTable" border="0" cellspacing="0"
4927 cellpadding="0" style=
4928 'margin-left:6.75pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'>
4930 <td width="45%" valign="top" style=
4931 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'>
4932 <p class="TextFontCX" align="center" style='text-align:center'>
4933 <span class="Keyword"><b><span style=
4934 'font-size:10.0pt; color:white'>exposure.c</span></b></span></p></td>
4935 <td valign="top" style=
4936 'border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'>
4937 <p class="TextFontCX" align="center" style='text-align:center'>
4938 <b><span style='color:white'>Running
4939 Splint</span></b></p></td></tr>
4941 <td valign="top" style=
4942 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'>
4943 <p class="Verbatim"># include "employee.h"</p>
4944 <p class="Verbatim"> </p>
4945 <p class="Verbatim">char *</p>
4946 <p class="Verbatim">employee_getName (employee e)</p>
4947 <p class="Verbatim">{</p>
4948 <p class="Verbatim"><span class="Line"><span style=
4949 'font-size:8.0pt'>6</span></span> return e->name;</p>
4950 <p class="Verbatim">}</p>
4951 <p class="Verbatim"> </p>
4952 <p class="Verbatim">/*@observer@*/ char *</p>
4953 <p class="Verbatim">employee_obsName (employee e)</p>
4954 <p class="Verbatim">{ return e->name; }</p>
4955 <p class="Verbatim"> </p>
4956 <p class="Verbatim">/*@exposed@*/ char *</p>
4957 <p class="Verbatim">employee_exposeName (employee e)</p>
4958 <p class="Verbatim">{ return e->name; }</p>
4959 <p class="Verbatim"> </p>
4960 <p class="Verbatim">void</p>
4961 <p class="Verbatim">employee_capName (employee e)</p>
4962 <p class="Verbatim">{</p>
4963 <p class="Verbatim"> char *name;</p>
4964 <p class="Verbatim"> </p>
4965 <p class="Verbatim"> name = employee_obsName (e);</p>
4966 <p class="Verbatim"><span class="Line"><span style=
4967 'font-size:8.0pt'>23</span></span> *name = toupper (*name);</p>
4968 <p class="Verbatim">}</p></td>
4969 <td valign="top" style=
4970 'border-top:none;border-left:none; border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
4971 <p class="lclintrun">> splint exposure.c +checks</p>
4972 <p class="lclintrun"> </p>
4973 <p class="lclintrun">exposure.c:6: Function returns reference
4975 <p class="lclintrun">
4976
4977 parameter e: e->name</p>
4978 <p class="lclintrun">exposure.c:6: Return value exposes rep of</p>
4979 <p class="lclintrun">
4980
4981 employee: e->name</p>
4982 <p class="lclintrun">exposure.c:6: Released storage e->name
4984 <p class="lclintrun">
4985
4986 from parameter at return point</p>
4987 <p class="lclintrun"> exposure.c:6: Storage e->name
4989 <p class="lclintrun">exposure.c:23: Suspect modification of
4991 <p class="lclintrun">
4992
4993 name: *name = toupper(*name)</p>
4994 <p class="TextFontCX" style='page-break-after: avoid'> </p>
4995 <p class="TextFontCX" align="left" style=
4996 'text-align:left;page-break-after:avoid'><i><span style=
4997 'font-size: 10.0pt'>Three messages are reported for line 6 where a
4998 mutable field of an abstract type is returned with no sharing
4999 qualifier (without</span></i> <span class="Flag"><span style=
5000 'font-size:10.0pt'>+checks</span></span><i><span style=
5001 'font-size:10.0pt'>only the third one would be reported.) The
5002 error for line 23 reports a modification of an observer. If
5003 the call in line 22 were changed to call</span></i>
5004 <span class="CodeText"><span style=
5005 'font-size: 10.0pt'>employee_exposeName</span></span><i><span style='font-size:10.0pt'>
5006 , no error would be reported.</span></i></p></td></tr></table>
5007 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
5009 <td valign="top" style=
5010 'padding-top:.1in;padding-right: 9.35pt;padding-bottom:.1in;padding-left:9.35pt'>
5011 <p class="MsoCaption"><a name="_Toc534824615">Figure 11.
5012 Exposure</a></p></td></tr></table></center>
5013 <p class="TextFontCX"> </p>
5014 <h1 style='margin-left:0in;text-indent:0in'><a name=
5015 "_Ref361649198"></a><a name="_Ref361649165"></a><a name=
5016 "_Ref354415790"></a><a name="_Ref350062908"></a><a name=
5017 "_Ref348845273"></a><a name="_Ref345591297"></a><a name=
5018 "_Ref344916609"></a><a name="_Ref344894369"></a><a name=
5019 "_Ref344891459"></a><a name="_Ref344798185"></a><a name=
5020 "_Toc344355418"></a><a name="_Toc534974976"></a><a name=
5021 "_Ref534014913"></a><a name="_Ref534014715"></a><a name=
5022 "_Ref348871484">7<span style=
5023 'font:7.0pt "Times New Roman"'> </span>
5024 <a id="function" name="function">
5025 Function Interfaces</a></a></h1>
5026 <p class="TextFontCX">Functions communicate with their calling
5027 environment through an interface. The caller communicates the
5028 values of actual parameters and global variables to the function,
5029 and the function communicates to the caller through the return
5030 value, global variables and storage reachable from the actual
5031 parameters. By keeping interfaces narrow (restricting the
5032 amount of information visible across a function interface), we can
5033 understand and implement functions independently. </p>
5034 <p class="TextFontCX"> </p>
5035 <p class="TextFontCX">A function prototype documents the interface
5036 to a function. It serves as a contract between the function
5037 and its caller. In early versions of C, the function
5038 “prototype” was very limited. It described the
5039 type returned by the function but nothing about its
5040 parameters. ANSI C (1989) provided function prototypes with
5041 the ability to add information on the number and types of parameter
5042 to a function. Splint provides the means to express much more
5043 about a function interface such as what global variable the
5044 function may use and what values visible to the caller it may
5046 <p class="TextFontCX"> </p>
5047 <p class="TextFontCX">The extra interface information places
5048 constraints on both how the function may be called and how it may
5049 be implemented. Splint reports places where these constraints
5050 are not satisfied. Typically, these indicate bugs in the code
5051 or errors in the interface documentation.</p>
5052 <p class="TextFontCX"> </p>
5053 <p class="TextFontCX">This section describes annotations that may
5054 be added to a function declaration to document what global
5055 variables the function implementation may use and what values
5056 visible to its caller it may modify.</p>
5057 <h2 style='margin-left:0in;text-indent:0in'><a name=
5058 "_Toc534974977"></a><a name="_Ref348845225"></a><a name=
5059 "_Ref344908335"></a><a name="_Ref344892358"></a><a name=
5060 "_Toc344355403">7.1<span style=
5061 'font:7.0pt "Times New Roman"'> </span>
5062 Modifications</a></h2>
5063 <p class="TextFontCX">The modifies clause lists what values visible
5064 to the caller may be modified by a function. Modifies clauses
5065 limit what values a function may modify, but they do not require
5066 that listed values are always modified. The declaration,</p>
5067 <p class="example">int f (int *p, int *q) /*@modifies *p@*/;</p>
5068 <p class="TextFontCX">declares a function <span class=
5069 "CodeText"><span style='font-size:10.0pt'>f</span></span> that may
5070 modify the value pointed to by its first argument but may not
5071 modify the value of its second argument or any global state.</p>
5072 <p class="TextFontCX"> </p>
5073 <p class="TextFontCX">Splint checks that a function does not modify
5074 any caller-visible value not encompassed by its modifies clause and
5075 does modify all values listed in its modifies clause on some
5076 possible execution of the function. Figure 12 shows an
5077 example of modifies checking done by Splint.</p>
5078 <p class="TextFontCX"> </p>
5080 <table class="MsoNormalTable" border="0" cellspacing="0"
5081 cellpadding="0" style='margin-left:5.4pt;border-collapse:collapse'
5084 <td width="40%" valign="top" style=
5085 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt;height:13.5pt'>
5086 <p class="TextFontCX" align="center" style='text-align:center'>
5087 <a name="_Ref344908343"><span class="Keyword"><b><span style=
5088 'font-size:10.0pt;color:white'>modify.c</span></b></span></a></p></td>
5089 <td width="60%" valign="top" style=
5090 'border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt;height:13.5pt'>
5091 <p class="TextFontCX" align="center" style='text-align:center'>
5092 <b><span style='color:white'>Running
5093 Splint</span></b></p></td></tr>
5094 <tr style='height:120.9pt'>
5095 <td valign="top" style=
5096 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt;height:120.9pt'>
5097 <p class="Verbatim">void setx (int *x, int *y)</p>
5098 <p class="Verbatim"> /*@modifies *x@*/</p>
5099 <p class="Verbatim">{</p>
5100 <p class="Verbatim"><span class="Line"><span style=
5101 'font-size:8.0pt'>4</span></span> *y = *x;</p>
5102 <p class="Verbatim">}</p>
5103 <p class="Verbatim"> </p>
5104 <p class="Verbatim">void sety (int *x, int *y)</p>
5105 <p class="Verbatim"> /*@modifies *y@*/</p>
5106 <p class="Verbatim">{</p>
5107 <p class="Verbatim"> setx (y, x);</p>
5108 <p class="Verbatim">}</p></td>
5109 <td width="60%" valign="top" style=
5110 'border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt;height:120.9pt'>
5111 <p class="lclintrun">> splint modify.c +checks</p>
5112 <p class="lclintrun">modify.c:4: Undocumented modification of *y:
5114 <p class="lclintrun">modify.c:5: Suspect object listed in modifies
5116 <p class="lclintrun">
5117
5118 not modified: *x</p>
5119 <p class="lclintrun"> modify.c:1: Declaration of
5121 <p class="TextFontCX"><i><span style=
5122 'font-size: 10.0pt'> </span></i></p>
5123 <p class="TextFontCX" style='page-break-after: avoid'>
5124 <i><span style='font-size:10.0pt'>There are
5125 n</span></i><i><span style='font-size:10.0pt'>o errors
5126 for</span></i> <span class="CodeText"><span style=
5127 'font-size:10.0pt'>sety</span></span><i><span style=
5128 'font-size:10.0pt'>– the call to</span></i>
5129 <span class="CodeText"><span style=
5130 'font-size:10.0pt'>setx</span></span><i><span style=
5131 'font-size:10.0pt'>modifies the value<br>
5132 pointed to by its first parameter (</span></i><span class=
5133 "CodeText"><span style=
5134 'font-size:10.0pt'>y</span></span><i><span style=
5135 'font-size:10.0pt'>) as documented by the<br>
5136 modifies clause. The</span></i> <span class=
5138 'font-size:10.0pt'>checks</span></span><i><span style=
5139 'font-size:10.0pt'>mode turns on</span></i> <span class=
5141 'font-size:10.0pt'>mustmod</span></span><i><span style=
5142 'font-size:10.0pt'>checking,<br>
5143 so the second error concerning missing documented<br>
5144 modifications is reported.</span></i></p></td></tr>
5146 <td style='border:none'></td>
5147 <td style='border:none'></td></tr></table>
5148 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
5150 <td valign="top" style=
5151 'padding-top:4.3pt;padding-right: .3in;padding-bottom:4.3pt;padding-left:.3in'>
5152 <p class="MsoCaption"><a name="_Toc534824616"></a><a name=
5153 "_Ref534822865">Figure 12</a>.
5154 Modification</p></td></tr></table></center>
5157 <h3 style='margin-left:0in;text-indent:0in'><a name=
5158 "_Toc534974978">7.1.1<span style=
5159 'font:7.0pt "Times New Roman"'> </span>
5160 State Modifications</a></h3>
5161 <p class="beforelist">A few special names are provided for
5162 describing function modifications that effect state not
5163 identifiable through parameters or global variables:</p>
5164 <p class="TextFontCX"><span class="Annot"><span style=
5165 'font-size:10.0pt'>internalState</span></span></p>
5166 <p class="IndentText">The function modifies some internal state
5167 (that is, the value of a <span class="CodeText"><span style=
5168 'font-size:10.0pt'>static</span></span> variable). Even
5169 though a client cannot access the internal state directly, it is
5170 important to know that something may be modified by the function
5171 call both for clear documentation and for checking undefined order
5172 of evaluation (Section 8.2) and side effect free parameters
5173 (Section 11.2.1).</p>
5174 <p class="TextFontCX"><span class="Annot"><span style=
5175 'font-size:10.0pt'>fileSystem</span></span></p>
5176 <p class="IndentText">The function modifies the file system.
5177 Any modification that may change the system state is considered a
5178 file system modification. All functions that modify an object
5179 of type pointer to <span class="CodeText"><span style=
5180 'font-size:10.0pt'>FILE</span></span> also modify the file
5181 system. In addition, functions that do not modify a
5182 <span class="CodeText"><span style=
5183 'font-size:10.0pt'>FILE</span></span> pointer but modify some state
5184 that is visible outside this process also modify the file system
5185 (e.g., <span class="CodeText"><span style=
5186 'font-size:10.0pt'>rename</span></span>). The flag
5187 <span class="Flag"><span style=
5188 'font-size:10.0pt'>mod-file-system</span></span> controls reporting
5189 of undocumented file system modifications.</p>
5190 <p class="MsoListBullet"><span class="Annot"><span style=
5191 'font-size:10.0pt'>nothing</span></span></p>
5192 <p class="IndentText">The function modifies nothing (i.e., it is
5193 side effect free).</p>
5194 <p class="TextFontCX" style='margin-left:.5in'> </p>
5195 <p class="TextFontCX">The annotation, <span class=
5196 "Annot"><span style='font-size:10.0pt'>/*@*/</span></span> in a
5197 function declaration or definition (after the parameter list,
5198 before the semi-colon or function body) denotes a function that
5199 modifies nothing and does not use any global variables (see Section
5201 <h3 style='margin-left:0in;text-indent:0in'><a name=
5202 "_Toc534974979"></a><a name="_Ref345591515">7.1.2<span style=
5203 'font:7.0pt "Times New Roman"'> </span>
5204 Missing Modifies Clauses</a></h3>
5205 <p class="TextFontCX">Splint is designed so programs with many
5206 functions that are declared without modifies clauses can be checked
5207 effectively. Unless <span class="Flag"><span style=
5208 'font-size:10.0pt'>modnomods</span></span> is in on, no
5209 modification errors are reported checking a function declared with
5210 no modifies clause. </p>
5211 <p class="TextFontCX"> </p>
5212 <p class="TextFontCX">A function with no modifies clause is an
5213 <i>unconstrained</i> function since there are no documented
5214 constraints on what it may modify. When an unconstrained
5215 function is called, it is checked differently from a function
5216 declared with a modifies clause. To prevent spurious errors,
5217 no modification error is reported at the call site unless the
5218 <span class="Flag"><span style=
5219 'font-size:10.0pt'>mod-uncon</span></span> flag is on.
5220 Flags control whether errors involving unconstrained functions are
5221 reported for other checks that depend on modifications (side effect
5222 free macro parameters (Section 11.2.1), undefined evaluation
5223 order (Section 8.2), and likely infinite loops (Section
5225 <h2 style='margin-left:0in;text-indent:0in'><a name=
5226 "_Ref534980042"></a><a name="_Toc534974980"></a><a name=
5227 "_Ref534972121"></a><a name="_Ref348845219"></a><a name=
5228 "_Ref347475720"></a><a name="_Ref347171487"></a><a name=
5229 "_Ref344908307"></a><a name="_Ref344893725"></a><a name=
5230 "_Toc344355404">7.2<span style=
5231 'font:7.0pt "Times New Roman"'> </span>
5232 Global Variables</a></h2>
5233 <p class="TextFontCX">Another aspect of a function’s
5234 interface, is the global variables it uses. A globals list in
5235 a function declaration lists external variables that may be used in
5236 the function body. Splint checks that global variables used
5237 in a procedure match those listed in its globals list. A global is
5238 used in a function if it appears in the body directly, or it is in
5239 the globals list of a function called in the body. Splint reports
5240 if a global that is used in a procedure is not listed in its
5241 globals list, and if a listed global is not used in the function
5242 implementation. Figure 13 shows an example function
5243 definition with a globals list and associated checking done by
5246 <table class="MsoNormalTable" border="0" cellspacing="0"
5247 cellpadding="0" style=
5248 'margin-left:9.9pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'>
5249 <tr style='height:13.25pt'>
5250 <td valign="top" style=
5251 'width:202.5pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt;height:13.25pt'>
5252 <p class="TextFontCX" align="center" style='text-align:center'>
5253 <span class="Keyword"><b><span style=
5254 'font-size:10.0pt; color:white'>globals.c</span></b></span></p></td>
5255 <td valign="top" style=
5256 'width:220.5pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt;height:13.25pt'>
5257 <p class="TextFontCX" align="center" style='text-align:center'>
5258 <b><span style='color:white'>Running
5259 Splint</span></b></p></td></tr>
5260 <tr style='height:70.65pt'>
5261 <td valign="top" style=
5262 'width:202.5pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt;height:70.65pt'>
5263 <p class="Verbatim"><span style='font-size:9.5pt'>int glob1,
5265 <p class="Verbatim"><span style='font-size:9.5pt'> </span></p>
5266 <p class="Verbatim"><span class="Line"><span style=
5267 'font-size:8.0pt'>3</span></span> <span style='font-size:9.5pt'>int
5268 f (void) /*@globals glob1;@*/</span></p>
5269 <p class="Verbatim"><span style='font-size:9.5pt'>{</span></p>
5270 <p class="Verbatim"><span class="Line"><span style=
5271 'font-size:8.0pt'>5 </span></span> <span style=
5272 'font-size:9.5pt'>return glob2;</span></p>
5273 <p class="Verbatim"><span style='font-size:9.5pt'>}</span></p></td>
5274 <td valign="top" style=
5275 'width:220.5pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt;height:70.65pt'>
5276 <p class="lclintrun">> splint globals.c +checks</p>
5277 <p class="lclintrun"> </p>
5278 <p class="lclintrun">globals.c:5: Undocumented use of global
5280 <p class="lclintrun">globals.c:3: Global glob1 listed but not
5282 <p class="lclintrun"> </p>
5283 <p class="lclintrun" style='page-break-after:avoid'>
5284 </p></td></tr></table>
5285 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
5287 <td valign="top" align="left" style=
5288 'padding-top:8.65pt;padding-right: 9.35pt;padding-bottom:8.65pt;padding-left:9.35pt'>
5289 <p class="MsoCaption"><a name="_Ref349498221"></a><a name=
5290 "_Ref349498215"></a><a name="_Ref347468808"></a><a name=
5291 "_Ref347468791"></a><a name="_Ref344908072"></a><a name=
5292 "_Ref344908069"></a><a name="_Ref344893745"></a><a name=
5293 "_Toc344355405"></a><a name="_Toc534824617"></a><a name=
5294 "_Ref534822988">Figure 13</a>. Global
5295 Variables</p></td></tr></table></center>
5296 <h3 style='margin-left:0in;text-indent:0in'><a name=
5297 "_Toc534974981">7.2.1<span style=
5298 'font:7.0pt "Times New Roman"'> </span>
5299 Controlling Globals Checking</a></h3>
5300 <p class="TextFontCX">Whether on not an error is reported for a use
5301 of a global variable in a given function depends on the scope of
5302 the variable (file <span class="CodeText"><span style=
5303 'font-size:10.0pt'>static</span></span> or external), the checking
5304 annotation used in the variable declaration or the implicit
5305 annotation if no checking annotation is used, whether or not the
5306 function is declared with a globals list, and flag settings.</p>
5307 <p class="TextFontCX"> </p>
5308 <p class="beforelist">A global or file static variable declaration
5309 may be preceded by an annotation to indicate how the variable
5310 should be checked. In order of decreasing checks, the
5311 annotations are:</p>
5312 <p class="TextFontCX"><span class="Annot"><span style=
5313 'font-size:10.0pt'>/*@checkedstrict@*/</span></span></p>
5314 <p class="IndentText">Strictest checking. Undocumented uses
5315 and modifications of the variable are reported in all functions
5316 whether or not they have a globals list (unless <span class=
5318 'font-size:10.0pt'>check-strict-globs</span></span> is off).</p>
5319 <p class="TextFontCX"><span class="Annot"><span style=
5320 'font-size:10.0pt'>/*@checked@*/</span></span></p>
5321 <p class="IndentText">Undocumented use of the variable is reported
5322 in a function with a globals list, but not in a function declared
5323 with no globals (unless <span class="Flag"><span style=
5324 'font-size:10.0pt'>glob-noglobs</span></span> is on).<a name=
5326 <p class="TextFontCX"><span class="Annot"><span style=
5327 'font-size:10.0pt'>/*@checkmod@*/</span></span></p>
5328 <p class="IndentText">Undocumented uses of the variable are not
5329 reported, but undocumented modifications are reported.
5330 (If <span class="Flag"><span style=
5331 'font-size:10.0pt'>mod-globs-nomods</span></span> is on, errors are
5332 reported even in functions declared with no modifies clause or
5334 <p class="TextFontCX"><span class="Annot"><span style=
5335 'font-size:10.0pt'>/*@unchecked@*/</span></span></p>
5336 <p class="IndentText">No messages are reported for undocumented use
5337 or modification of this global variable.</p>
5338 <p class="afterlist">If a variable has none of these annotations,
5339 an implicit annotation is determined by the flag
5341 <p class="TextFontCX"> </p>
5342 <p class="TextFontCX">Different flags control the implicit
5343 annotation for variables declared with global scope and variables
5344 declared with file scope (i.e., using the <span class=
5345 "CodeText"><span style='font-size:10.0pt'>static</span></span>
5346 storage qualifier). To set the implicit annotation for global
5347 variables declared in <span class="Flag"><i><span style=
5348 'font-size:10.0pt'>context</span></i></span> (<span class=
5349 "Flag"><span style='font-size:10.0pt'>globs</span></span> for
5350 external variables or <span class="Flag"><span style=
5351 'font-size:10.0pt'>statics</span></span> for file static variable)
5352 to be <span class="Flag"><i><span style=
5353 'font-size:10.0pt'>annotation</span></i></span> (<span class=
5354 "Flag"><span style='font-size:10.0pt'>checked</span></span>,
5355 <span class="Flag"><span style=
5356 'font-size:10.0pt'>checkmod</span></span>, <span class=
5357 "Flag"><span style='font-size:10.0pt'>checkedstrict</span></span>)
5358 use <span class="Flag"><span style=
5359 'font-size:10.0pt'>imp<i><annotation>
5360 <context></i></span></span>. For example,
5361 <span class="Flag"><span style=
5362 'font-size:10.0pt'>+imp-checked-strict-statics</span></span>
5363 makes the implicit checking on unqualified file static
5364 variables <span class="Flag"><span style=
5365 'font-size:10.0pt'>checkedstrict</span></span>. See
5366 Appendix B for a complete list of globals checking flags.</p>
5367 <h3 style='margin-left:0in;text-indent:0in'><a name=
5368 "_Toc534974982"></a><a name="_Ref534971010">7.2.2<span style=
5369 'font:7.0pt "Times New Roman"'> </span></a>
5370 Definition State</h3>
5371 <p class="TextFontCX">Annotations can be used in the globals list
5372 of a function declaration to describe the states of global
5373 variables before and after the call. If a global is preceded
5374 by <span class="Annot"><span style=
5375 'font-size:10.0pt'>undef</span></span>, it is assumed to be
5376 undefined before the call. Thus, no error is reported if the global
5377 is not defined when the function is called, but an error is
5378 reported if the global is used in the function body before it is
5379 defined. The <span class="Annot"><span style=
5380 'font-size:10.0pt'>killed</span></span> annotation denotes a
5381 global variable that may be undefined when the call
5382 returns. For globals that contain dynamically allocated
5383 storage, a <span class="Annot"><span style=
5384 'font-size:10.0pt'>killed</span></span> global variable is similar
5385 to an <span class="Annot"><span style=
5386 'font-size:10.0pt'>only</span></span> parameter (Section
5387 5.2). An error is reported if it contains the only reference
5388 to storage that is not released before the call returns.
5389 Figure 14 illustrated <span class="Annot"><span style=
5390 'font-size:10.0pt'>killed</span></span> and <span class=
5391 "Annot"><span style='font-size:10.0pt'>undef</span></span>
5394 <table class="MsoNormalTable" border="0" cellspacing="0"
5395 cellpadding="0" style=
5396 'margin-left:.9pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'>
5398 <td valign="top" style=
5399 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt;height:13.45pt'>
5400 <p class="TextFontCX" align="center" style='text-align:center'>
5401
5402 <span class="Keyword"><b><span style=
5403 'font-size:10.0pt;color:white'>annotglobs.c</span></b></span></p></td>
5404 <td valign="top" style=
5405 'width:198.8pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt;height:13.45pt'>
5406 <p class="TextFontCX" align="center" style='text-align:center'>
5407 <b><span style='color:white'>Running
5408 Splint</span></b></p></td></tr>
5410 <td valign="top" style=
5411 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt;height:236.7pt'>
5412 <p class="Verbatim">int globnum;</p>
5413 <p class="Verbatim"> </p>
5414 <p class="Verbatim">struct {</p>
5415 <p class="Verbatim"> char *firstname, *lastname;</p>
5416 <p class="Verbatim"> int id;</p>
5417 <p class="Verbatim">} globname;</p>
5418 <p class="Verbatim"> </p>
5419 <p class="Verbatim">void</p>
5420 <p class="Verbatim">initialize (/*@only@*/ char *name)</p>
5421 <p class="Verbatim"> /*@globals undef globnum,</p>
5422 <p class="Verbatim">
5423
5424 undef globname @*/</p>
5425 <p class="Verbatim">{</p>
5426 <p class="Verbatim"><span class="Line"><span style=
5427 'font-size:8.0pt'>13</span></span> globname.id = globnum;</p>
5428 <p class="Verbatim"> globname.lastname = name;</p>
5429 <p class="Verbatim"><span class="Line"><span style=
5430 'font-size:8.0pt'>15</span></span>}</p>
5431 <p class="Verbatim"> </p>
5432 <p class="Verbatim">void finalize (void)</p>
5433 <p class="Verbatim"> /*@globals killed globname@*/</p>
5434 <p class="Verbatim">{</p>
5435 <p class="Verbatim"> free (globname.lastname);</p>
5436 <p class="Verbatim"><span class="Line"><span style=
5437 'font-size:8.0pt'>21</span></span> }</p></td>
5438 <td valign="top" style=
5439 'width:198.8pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt;height:236.7pt'>
5440 <p class="lclintrun">> splint annotglobs.c</p>
5441 <p class="lclintrun"> </p>
5442 <p class="lclintrun">annotglobs.c:13: Undef global globnum used</p>
5443 <p class="lclintrun">
5444
5445 before definition</p>
5446 <p class="lclintrun">annotglobs.c:15: Global storage globname</p>
5447 <p class="lclintrun"> contains 1 undefined field
5449 <p class="lclintrun"> returns: firstname</p>
5450 <p class="lclintrun">annotglobs.c:21: Only storage</p>
5451 <p class="lclintrun"> globname.firstname (type
5453 <p class="lclintrun"> from killed global is not
5455 <p class="lclintrun" style='page-break-after:avoid'>
5456 (memory leak)</p></td></tr></table>
5457 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
5459 <td valign="top" align="left" style=
5460 'padding-top:10.1pt;padding-right: 9.35pt;padding-bottom:10.1pt;padding-left:9.35pt'>
5461 <p class="MsoCaption"><a name="_Toc534824618"></a><a name=
5462 "_Ref534823055">Figure 14</a>. Annotated Globals
5463 Lists</p></td></tr></table></center>
5464 <h2 style='margin-left:0in;text-indent:0in'><a name=
5465 "_Toc534974983"></a><a name="_Ref344894947"></a><a name=
5466 "_Toc344355406">7.3<span style=
5467 'font:7.0pt "Times New Roman"'> </span>
5468 Declaration Consistency</a></h2>
5469 <p class="TextFontCX">Splint checks that function declarations and
5470 definitions are consistent. The general rule is that the
5471 <i>first</i> declaration of a function implies all later
5472 declarations and definitions. If a function is declared in a
5473 header file, the first declaration processed is its first
5474 declaration (if it is declared in more than one header file an
5475 error is reported if <span class="Flag"><span style=
5476 'font-size:10.0pt'>redecl</span></span> is set)
5477 <span style='display:none'>(if the same function is declared
5478 in more than one header file ???)</span>. Otherwise,
5479 the first declaration in the file defining the function is
5480 its first declaration.</p>
5481 <p class="TextFontCX"> </p>
5482 <p class="TextFontCX">Later declarations may not include variables
5483 in the globals list that were not included in the first
5484 declaration. The exception to this is when the first
5485 declaration is in a header file and the later declaration or
5486 definition includes file static variables. Since these are
5487 not visible in the header file, they can not be included in the
5488 header file declaration. Similarly, the modifies clause of a
5489 later declaration may not include objects that are not modifiable
5490 in the first declaration. The later declaration may be more
5491 specific. For example, if the header declaration is:</p>
5492 <p class="example" style='text-indent:.3in'>extern void setName
5493 (employee e, char *s) /*@modifies e@*/;</p>
5494 <p class="TextFontCX">the later declaration could be,</p>
5495 <p class="example"> void setName (employee e, char *)
5496 /*@modifies e->name@*/;</p>
5497 <p class="TextFontCX">If <span class="CodeText"><span style=
5498 'font-size:10.0pt'>employee</span></span> is an abstract type, the
5499 declaration in the header should not refer to a particular
5500 implementation (i.e., it shouldn’t rely on there being a
5501 <span class="CodeText"><span style=
5502 'font-size:10.0pt'>name</span></span> field), but the
5503 implementation declaration can be more specific. </p>
5504 <p class="TextFontCX"> </p>
5505 <p class="TextFontCX">This rule also applies to file static
5506 variables. The header declaration for a function that
5507 modifies a file static variable should use <span class=
5508 "Annot"><span style='font-size:10.0pt'>modifies
5509 internalState</span></span> since file static variables are not
5510 visible to clients. The implementation declaration should
5511 list the actual file static variables that may be modified.</p>
5512 <h2 style='margin-left:0in;text-indent:0in'><a name=
5513 "_Toc534974984"></a><a name="_Ref354411787">7.4<span style=
5514 'font:7.0pt "Times New Roman"'> </span>
5515 State Clauses</a></h2>
5516 <p class="TextFontCX">Sometimes it is necessary to specify function
5517 interfaces at a lower level than is possible with the standard
5518 annotations. For example, if a function defines some fields
5519 of a returned structure but does not define all the fields.
5520 The <span class="Annot"><span style=
5521 'font-size:10.0pt'>/*@special@*/</span></span> annotation is used
5522 to mark a parameter, global variable, or return value that is
5523 described using state clauses. </p>
5524 <p class="TextFontCX"> </p>
5525 <p class="TextFontCX">State clauses may be used to constrain the
5526 state of a parameter or return value before or after a call.
5527 One or more state clauses may appear in a function declaration,
5528 before the modifies or globals clauses. State clauses may be
5529 listed in any order, but the same state clause should not be used
5530 more than once. In a state clause list, <span class=
5531 "CodeText"><span style='font-size:10.0pt'>result</span></span> is
5532 used to refer to the return value of the function. </p>
5533 <p class="TextFontCX"> </p>
5534 <p class="TextFontCX" style='margin-bottom:6.0pt'>The following
5535 state clauses are used to describe the definition state or
5536 parameters before and after the function is called and the return
5537 value after the function returns:</p>
5538 <p class="TextFontCX"><span class="Annot"><span style=
5539 'font-size:10.0pt'>/*@uses
5540 <i><references></i>@*/</span></span></p>
5541 <p class="indentbefore0">References in a <span class=
5542 "Annot"><span style='font-size:10.0pt'>uses</span></span> clause
5543 must be completely defined before the function is called.
5544 They are assumed to be defined at function entrance when the
5545 function is checked.</p>
5546 <p class="TextFontCX"><span class="Annot"><span style=
5547 'font-size:10.0pt'>/*@sets
5548 <i><references></i>@*/</span></span></p>
5549 <p class="indentbefore0">References in a <span class=
5550 "Annot"><span style='font-size:10.0pt'>sets</span></span> clause
5551 must be allocated before the function is called. They are
5552 completely defined after the function returns. They are assumed to
5553 be allocated but undefined storage at function entrance and an
5554 error is reported if there is a path on which they are not defined
5555 before the function returns.</p>
5556 <p class="TextFontCX"><span class="Annot"><span style=
5557 'font-size:10.0pt'>/*@defines
5558 <i><references></i>@*/</span></span></p>
5559 <p class="indentbefore0">References in a <span class=
5560 "Annot"><span style='font-size:10.0pt'>defines</span></span> clause
5561 must not refer to unshared, allocated storage before the function
5562 is called. They are completely defined after the function
5563 returns. When the function is checked, they are assumed to be
5564 undefined at function entrance and an error is reported if there is
5565 a path on which they are not defined before the function
5567 <p class="TextFontCX"><span class="Annot"><span style=
5568 'font-size:10.0pt'>/*@allocates
5569 <i><references></i>@*/</span></span></p>
5570 <p class="indentbefore0">References in an <span class=
5571 "Annot"><span style='font-size:10.0pt'>allocates</span></span>
5572 clause must be unallocated before the function is called.
5573 They are allocated but not necessarily defined after the function
5574 returns. An error is reported if there is a path through the
5575 function on which they are not allocated before the function
5577 <p class="TextFontCX"><span class="Annot"><span style=
5578 'font-size:10.0pt'>/*@releases
5579 <references>@*/</span></span></p>
5580 <p class="IndentText">References in the <span class=
5581 "Annot"><span style='font-size:10.0pt'>releases</span></span>
5582 clause are deallocated by the function. They must be storage
5583 that could be passed as an <span class="Annot"><span style=
5584 'font-size:10.0pt'>only</span></span> parameter before the
5585 function is called, and are dead pointers after the function
5586 returns. They are assumed to be defined at function entrance
5587 and an error is reported if they refer to live, allocated storage
5588 at any return point.</p>
5589 <p class="TextFontCX"> </p>
5590 <p class="TextFontCX">Some examples of state clauses are shown in
5591 Figure 15. The <span class="Annot"><span style=
5592 'font-size: 10.0pt'>defines</span></span> clause for
5593 <span class="CodeText"><span style=
5594 'font-size:10.0pt'>record_new</span></span> indicates that
5595 the <span class="CodeText"><span style=
5596 'font-size:10.0pt'>id</span></span> field of the structure
5597 pointed to by the result is defined, but the <span class=
5598 "CodeText"><span style='font-size:10.0pt'>name</span></span>
5599 field is not. So, <span class="CodeText"><span style=
5600 'font-size:10.0pt'>record_create</span></span> needs to call
5601 <span class="CodeText"><span style=
5602 'font-size:10.0pt'>record_setName</span></span> to define the
5603 name field. Similarly, the <span class=
5604 "Annot"><span style='font-size:10.0pt'>releases</span></span>
5605 clause for <span class="CodeText"><span style=
5606 'font-size:10.0pt'>record_clearName</span></span> indicates
5607 that no storage is associated with the <span class=
5608 "CodeText"><span style='font-size:10.0pt'>name</span></span>
5609 field of its parameter after the return, so no failure to
5610 deallocate storage message is produced for the call to
5611 <span class="CodeText"><span style=
5612 'font-size:10.0pt'>free</span></span> in <span class=
5613 "CodeText"><span style=
5614 'font-size:10.0pt'>record_free</span></span>. The
5615 <span class="Annot"><span style='font-size:10.0pt'>ensures
5616 isnull</span></span> clause is described in the next
5619 <table class="MsoNormalTable" border="0" cellspacing="0"
5620 cellpadding="0" style=
5621 'margin-left:9.9pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'>
5623 <td valign="top" style=
5624 'width:423.0pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'>
5625 <p class="TextFontCX" align="center" style='text-align:center'>
5626 <span class="Keyword"><b><span style=
5627 'font-size:10.0pt; color:white'>clauses.c</span></b></span></p></td></tr>
5629 <td valign="top" style=
5630 'width:423.0pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'>
5631 <p class="Verbatim">typedef struct</p>
5632 <p class="Verbatim">{</p>
5633 <p class="Verbatim"> int id;</p>
5634 <p class="Verbatim"> /*@only@*/ char *name;</p>
5635 <p class="Verbatim">} *record;</p>
5636 <p class="Verbatim"> </p>
5637 <p class="Verbatim">static /*@special@*/ record record_new
5639 <p class="Verbatim"> /*@defines result->id@*/</p>
5640 <p class="Verbatim">{</p>
5641 <p class="Verbatim"> record r = (record) malloc (sizeof
5643 <p class="Verbatim"> </p>
5644 <p class="Verbatim"> assert (r != NULL);</p>
5645 <p class="Verbatim"> r->id = 3;</p>
5646 <p class="Verbatim"> return r;</p>
5647 <p class="Verbatim">}</p>
5648 <p class="Verbatim"> </p>
5649 <p class="Verbatim">static void</p>
5650 <p class="Verbatim"> record_setName (/*@special@*/
5651 record r, /*@only@*/ char *name)</p>
5652 <p class="Verbatim"> /*@defines r->name@*/</p>
5653 <p class="Verbatim">{</p>
5654 <p class="Verbatim"> r->name = name;</p>
5655 <p class="Verbatim">}</p>
5656 <p class="Verbatim"> </p>
5657 <p class="Verbatim">record record_create (/*@only@*/ char
5659 <p class="Verbatim">{</p>
5660 <p class="Verbatim"> record r = record_new ();</p>
5661 <p class="Verbatim"> record_setName (r, name);</p>
5662 <p class="Verbatim"> return r;</p>
5663 <p class="Verbatim">}</p>
5664 <p class="Verbatim"> </p>
5665 <p class="Verbatim">void record_clearName (/*@special@*/ record
5667 <p class="Verbatim"> /*@releases r->name@*/</p>
5668 <p class="Verbatim"> /*@ensures isnull
5670 <p class="Verbatim">{</p>
5671 <p class="Verbatim"> free (r->name);</p>
5672 <p class="Verbatim"> r->name = NULL;</p>
5673 <p class="Verbatim">}</p>
5674 <p class="Verbatim"> </p>
5675 <p class="Verbatim">void record_free (/*@only@*/ record r)</p>
5676 <p class="Verbatim">{</p>
5677 <p class="Verbatim"> record_clearName (r);</p>
5678 <p class="Verbatim"> free (r);</p>
5679 <p class="Verbatim">}</p>
5680 <p class="Verbatim" style='page-break-after:avoid'>
5681 </p></td></tr></table>
5682 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
5684 <td valign="top" style=
5685 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
5686 <p class="MsoCaption"><a name="_Toc534824619"></a><a name=
5687 "_Ref354412972">Figure 15</a>. State
5688 Clauses</p></td></tr></table></center>
5689 <p class="TextFontCX"><span class="Keyword"><span style=
5690 'font-size:10.0pt'> </span></span></p>
5691 <h2 style='margin-left:0in;text-indent:0in'><a name=
5692 "_Toc534974985"></a><a name="_Ref534888798">7.5<span style=
5693 'font:7.0pt "Times New Roman"'> </span>
5694 Requires and Ensures Clauses</a></h2>
5695 <p class="TextFontCX">More general assumptions about state of
5696 parameters and globals before and after a function is called can be
5697 described using <span class="Annot"><i><span style=
5698 'font-size:10.0pt'>requires</span></i></span> and
5699 <span class="Annot"><i><span style=
5700 'font-size:10.0pt'>ensures</span></i></span> clauses. A
5701 <span class="Annot"><span style=
5702 'font-size:10.0pt'>requires</span></span> clause specifies a
5703 predicate that must be true at a call site; when checking a
5704 function implementation Splint assumes the constraints given
5705 in its <span class="Annot"><span style=
5706 'font-size:10.0pt'>requires</span></span> clauses are true at
5707 function entry. An <span class="Annot"><span style=
5708 'font-size:10.0pt'>ensures</span></span> clause specifies a
5709 predicate that is true at a call site after the call returns;
5710 when checking a function implementation Splint warns if there
5711 is an execution path that does not return with a state that
5712 satifies the constraints given in its <span class=
5713 "Annot"><span style='font-size:10.0pt'>ensures</span></span>
5714 clauses. A function declaration can have many
5715 <span class="Annot"><span style=
5716 'font-size:10.0pt'>requires</span></span> and <span class=
5717 "Annot"><span style='font-size:10.0pt'>ensures</span></span>
5718 clauses as long as their meanings are not contradictory.</p>
5719 <p class="TextFontCX"> </p>
5720 <p class="TextFontCX">The following constraints can be stated using
5721 <span class="Annot"><span style=
5722 'font-size:10.0pt'>requires</span></span> and <span class=
5723 "Annot"><span style='font-size:10.0pt'>ensures</span></span>
5725 <h6 style='margin-left:0in;text-indent:0in'><b>Aliasing
5726 Annotations</b></h6>
5727 <p class="TextFontCX"><span class="Annot"><span style=
5728 'font-size:10.0pt'>/*@requires
5729 only<i><references></i>@*/</span></span>; <span class=
5730 "Annot"><span style='font-size:10.0pt'>/*@ensures
5731 only<i><references></i>@*/</span></span></p>
5732 <p class="TextFontCX"><span class="Annot"><span style=
5733 'font-size:10.0pt'>/*@requires
5734 shared<i><references></i>@*/</span></span>;
5735 <span class="Annot"><span style='font-size:10.0pt'>/*@ensures
5736 shared<i><references></i>@*/</span></span></p>
5737 <p class="TextFontCX"><span class="Annot"><span style=
5738 'font-size:10.0pt'>/*@requires
5739 owned<i><references></i>@*/</span></span>; <span class=
5740 "Annot"><span style='font-size:10.0pt'>/*@ensures
5741 owned<i><references></i>@*/</span></span></p>
5742 <p class="TextFontCX"><span class="Annot"><span style=
5743 'font-size:10.0pt'>/*@requires
5744 dependent<i><references></i>@*/</span></span>;
5745 <span class="Annot"><span style='font-size:10.0pt'>/*@ensures
5746 dependent<i><references></i>@*/</span></span></p>
5747 <p class="IndentText">References refer to <span class=
5748 "Annot"><span style='font-size:10.0pt'>only</span></span>,
5749 <span class="Annot"><span style=
5750 'font-size:10.0pt'>shared</span></span>, <span class=
5751 "Annot"><span style='font-size:10.0pt'>owned</span></span> or
5752 <span class="Annot"><span style=
5753 'font-size:10.0pt'>dependent</span></span> storage before
5754 (<span class="Annot"><span style=
5755 'font-size:10.0pt'>requires</span></span>) or after
5756 (<span class="Annot"><span style=
5757 'font-size:10.0pt'>ensures</span></span>) the call.</p>
5758 <h6 style='margin-left:0in;text-indent:0in'><b>Exposure
5759 Annotations</b></h6>
5760 <p class="TextFontCX"><span class="Annot"><span style=
5761 'font-size:10.0pt'>/*@requires
5762 observer<i><references></i>@*/</span></span>;
5763 <span class="Annot"><span style='font-size:10.0pt'>/*@ensures
5764 observer<i><references></i>@*/</span></span></p>
5765 <p class="TextFontCX"><span class="Annot"><span style=
5766 'font-size:10.0pt'>/*@requires
5767 exposed<i><references></i>@*/</span></span>;
5768 <span class="Annot"><span style='font-size:10.0pt'>/*@ensures
5769 exposed <i><references></i>@*/</span></span></p>
5770 <p class="IndentText">References refer to <span class=
5771 "Annot"><span style='font-size:10.0pt'>observer</span></span> or
5772 <span class="Annot"><span style=
5773 'font-size:10.0pt'>exposed</span></span> storage before
5774 (<span class="Annot"><span style=
5775 'font-size:10.0pt'>requires</span></span>) or after
5776 (<span class="Annot"><span style=
5777 'font-size:10.0pt'>ensures</span></span>) the call.</p>
5778 <h6 style='margin-left:0in;text-indent:0in'><b>Null</b>
5779 <b>State</b><b>Annotations</b></h6>
5780 <p class="TextFontCX"><span class="Annot"><span style=
5781 'font-size:10.0pt'>/*@requires
5782 isnull<i><references></i>@*/</span></span>;
5783 <span class="Annot"><span style='font-size:10.0pt'>/*@ensures
5784 isnull<i><references></i>@*/</span></span></p>
5785 <p class="IndentText">References have the value <span class=
5786 "CodeText"><span style='font-size:10.0pt'>NULL</span></span> before
5787 (<span class="Annot"><span style=
5788 'font-size:10.0pt'>requires</span></span>) or after
5789 (<span class="Annot"><span style=
5790 'font-size:10.0pt'>ensures</span></span>) the call.
5791 Note, this is not the same name or meaning as the
5792 <span class="Annot"><span style=
5793 'font-size:10.0pt'>null</span></span> annotation (which means
5794 the value may or may not be <span class="Annot"><span style=
5795 'font-size:10.0pt'>NULL</span></span>.)</p>
5796 <p class="TextFontCX"><span class="Annot"><span style=
5797 'font-size:10.0pt'>/*@requires
5798 notnull<i><references></i>@*/</span></span>;
5799 <span class="Annot"><span style='font-size:10.0pt'>/*@ensures
5800 notnull<i><references></i>@*/</span></span></p>
5801 <p class="IndentText">References do not have the value
5802 <span class="CodeText"><span style=
5803 'font-size:10.0pt'>NULL</span></span> before (<span class=
5804 "Annot"><span style=
5805 'font-size:10.0pt'>requires</span></span>) or after
5806 (<span class="Annot"><span style=
5807 'font-size:10.0pt'>ensures</span></span>) the call.</p>
5808 <p class="TextFontCX"> </p>
5809 <h1 style='margin-left:0in;text-indent:0in'><a name=
5810 "_Toc534974986"></a><a name="_Ref534642886"></a><a name=
5811 "_Ref483663682">8<span style=
5812 'font:7.0pt "Times New Roman"'> </span>
5813 <a id="control" name="control">
5814 Control Flow</a></a></h1>
5815 <p class="TextFontCX">The section describes checking done by Splint
5816 related to control flow. Many of these checks are
5817 significantly improved because of the extra information that is
5818 known about the program when annotations are provided.</p>
5819 <h2 style='margin-left:0in;text-indent:0in'><a name=
5820 "_Toc534974987"></a><a name="_Ref345859337"></a><a name=
5821 "_Ref344907653"></a><a name="_Ref344894343"></a><a name=
5822 "_Ref344873752"></a><a name="_Toc344355417">8.1<span style=
5823 'font:7.0pt "Times New Roman"'> </span>
5825 <p class="TextFontCX">To detect certain errors and avoid spurious
5826 errors, it is important to know something about the control flow
5827 behavior of called functions. Without additional information,
5828 Splint assumes that all functions eventually return and execution
5829 continues normally at the call site. </p>
5830 <p class="TextFontCX"> </p>
5831 <p class="TextFontCX">The <span class="Annot"><span style=
5832 'font-size:10.0pt'>noreturn</span></span> annotation is used
5833 to denote a function that never returns<a href="#_ftn8" name=
5834 "_ftnref8" title=""><span class=
5835 "MsoFootnoteReference"><span class="MsoFootnoteReference"><span style='font-size:11.0pt;font-family:"Times New Roman"'>
5836 [8]</span></span></span></a>. For example,</p>
5837 <p class="example"><span class="Annot"><span style=
5838 'font-size:10.0pt'>extern /*@noreturn@*/ void fatalerror
5839 (/*@observer@*/ char *s);</span></span></p>
5840 <p class="beforelist">declares <span class=
5841 "CodeText"><span style='font-size:10.0pt'>fatalerror</span></span>
5842 to never return. This enables Splint to correctly
5843 analyze code like,</p>
5844 <p class="TextFontCX"><span class="Keyword"><span style=
5845 'font-size:10.0pt'> if (x == NULL) fatalerror
5846 ("Yikes!");</span></span></p>
5847 <p class="TextFontCX"><span class="Keyword"><span style=
5848 'font-size:10.0pt'> *x = 3;</span></span></p>
5849 <p class="afterlist">Other functions may return, but sometimes (or
5850 usually) return normally. The <span class=
5851 "Annot"><span style='font-size:10.0pt'>maynotreturn</span></span>
5852 annotation denotes a function that may or may not
5853 return. This may be useful for documentation, but does
5854 not help checking much, since Splint must assume that a
5855 function declared with <span class="Annot"><span style=
5856 'font-size:10.0pt'>maynotreturn</span></span> returns
5857 normally when checking the code. The <span class=
5858 "Annot"><span style=
5859 'font-size:10.0pt'>alwaysreturns</span></span> annotation
5860 denotes a function that always returns (but Splint does no
5861 checking to verify this).</p>
5862 <p class="TextFontCX"> </p>
5863 <p class="TextFontCX">To describe non-returning functions more
5864 precisely, the <span class="Annot"><span style=
5865 'font-size:10.0pt'>noreturnwhentrue</span></span> and
5866 <span class="Annot"><span style=
5867 'font-size:10.0pt'>noreturnwhenfalse</span></span> annotations
5868 may be used. Similar to <span class=
5869 "Annot"><span style='font-size: 10.0pt'>nullwhentrue</span></span>
5870 and <span class="Annot"><span style=
5871 'font-size:10.0pt'>falsewhennull</span></span> (see Section
5872 2.1.1), <span class="Annot"><span style=
5873 'font-size:10.0pt'>noreturnwhentrue</span></span> and
5874 <span class="Annot"><span style=
5875 'font-size:10.0pt'>noreturnwhenfalse</span></span> mean that
5876 a function never returns if the value of its first argument
5877 is true (<span class="Annot"><span style=
5878 'font-size:10.0pt'>noreturnwhentrue</span></span>) or false
5879 (<span class="Annot"><span style=
5880 'font-size:10.0pt'>noreturnwhenfalse</span></span>).
5881 They may be used only on functions whose first argument is a
5882 Boolean. </p>
5883 <p class="TextFontCX"> </p>
5884 <p class="TextFontCX" style='margin-bottom:6.0pt'>Hence, a function
5885 declared with <span class="Annot"><span style=
5886 'font-size:10.0pt'>noreturnwhenwfalse</span></span> must not return
5887 if the value of its argument is false. For example, the
5888 standard library declares <span class="Keyword"><span style=
5889 'font-size:10.0pt'>assert</span></span> as<a href="#_ftn9"
5890 name="_ftnref9" title=""><span class=
5891 "MsoFootnoteReference"><span class=
5892 "MsoFootnoteReference"><span style=
5893 'font-size:11.0pt;font-family:"Times New Roman"'>[9]</span></span></span></a>:</p>
5894 <p class="example" style=
5895 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:0in;margin-bottom:.0001pt;text-indent:.5in'>
5896 /*@noreturnwhenfalse@*/ void</p>
5897 <p class="example" style=
5898 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:0in;margin-bottom:.0001pt;text-indent:.5in'>
5899 assert (/*@sef@*/ bool /*@alt int@*/ pred);</p>
5900 <p class="beforelist" style='margin-top:6.0pt'>This way, code
5902 <p class="Verbatim"> assert (x != NULL);</p>
5903 <p class="Verbatim"> *x = 3;</p>
5904 <p class="TextFontCX">is checked without reporting a false warning,
5905 since the <span class="Annot"><span style=
5906 'font-size:10.0pt'>noreturnwhenwfalse</span></span> annotation on
5907 <span class="CodeText"><span style=
5908 'font-size:10.0pt'>assert</span></span> means the deference of
5909 <span class="CodeText"><span style=
5910 'font-size:10.0pt'>x</span></span> is not reached is
5911 <span class="CodeText"><span style='font-size:10.0pt'>x !=
5912 NULL</span></span> is false.</p>
5913 <h2 style='margin-left:0in;text-indent:0in'><a name=
5914 "_Toc534974988"></a><a name="_Ref350066608">8.2<span style=
5915 'font:7.0pt "Times New Roman"'> </span>
5916 Undefined</a> Behavior</h2>
5917 <p class="TextFontCX">The order in which side effects take place in
5918 a C program is not entirely defined by the code. Certain
5919 execution points are known as <i>sequence points</i> — a
5920 function call (after the arguments have been evaluated), the end of
5921 a full expression (an initializer, expression in an expression
5922 statement, the control expression of an <span class=
5923 "CodeText"><span style='font-size:10.0pt'>if</span></span>,
5924 <span class="CodeText"><span style=
5925 'font-size:10.0pt'>switch</span></span>, <span class=
5926 "CodeText"><span style='font-size:10.0pt'>while</span></span> or
5927 <span class="CodeText"><span style=
5928 'font-size:10.0pt'>do</span></span> statement, each expression of a
5929 <span class="CodeText"><span style=
5930 'font-size:10.0pt'>for</span></span> statement, and the expression
5931 in a <span class="CodeText"><span style=
5932 'font-size: 10.0pt'>return</span></span> statement), and after the
5933 first operand or a <span class="CodeText"><span style=
5934 'font-size:10.0pt'>&&</span></span>, <span class=
5935 "CodeText"><span style='font-size:10.0pt'>||</span></span>,
5936 <span class="CodeText"><span style=
5937 'font-size:10.0pt'>?</span></span> or <span class=
5938 "CodeText"><span style='font-size:10.0pt'>,</span></span>
5940 <p class="TextFontCX"> </p>
5941 <p class="TextFontCX">All side effects before a sequence point must
5942 be complete before the sequence point, and no evaluations after the
5943 sequence point shall have taken place. Between sequence
5944 points, side effects and evaluations may take place in any
5945 order. Hence, the order in which expressions or arguments are
5946 evaluated is not specified. Compilers are free to evaluate
5947 function arguments and parts of expressions (that do not contain
5948 sequence points) in any order. The behavior of code is
5949 undefined if it uses a value that is modified by another expression
5950 that is not required to be evaluated before or after the other
5952 <p class="TextFontCX"> </p>
5953 <p class="TextFontCX">Splint detects instances where undetermined
5954 order of evaluation produces undefined behavior. If
5955 modifies clauses and globals lists are used, this checking is
5956 enabled in expressions involving function calls. Evaluation order
5957 checking is controlled by the <span class="Flag"><span style=
5958 'font-size:10.0pt'>eval-order</span></span> flag.</p>
5960 <table class="MsoNormalTable" border="0" cellspacing="0"
5961 cellpadding="0" style=
5962 'margin-left:13.05pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'>
5964 <td valign="top" style=
5965 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt;height:13.45pt'>
5966 <p class="TextFontCX" align="center" style='text-align:center'>
5967
5968 <span class="Keyword"><b><span style=
5969 'font-size:10.0pt;color:white'>order.c</span></b></span></p></td>
5970 <td valign="top" style=
5971 'width:198.8pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt;height:13.45pt'>
5972 <p class="TextFontCX" align="center" style='text-align:center'>
5973 <b><span style='color:white'>Running
5974 Splint</span></b></p></td></tr>
5976 <td valign="top" style=
5977 'width:148.95pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'>
5978 <p class="Verbatim">extern int glob;</p>
5979 <p class="Verbatim"> </p>
5980 <p class="Verbatim">extern int mystery (void);</p>
5981 <p class="Verbatim"> </p>
5982 <p class="Verbatim">extern int modglob (void)</p>
5983 <p class="Verbatim"> /*@globals glob@*/</p>
5984 <p class="Verbatim"> /*@modifies glob@*/;</p>
5985 <p class="Verbatim"> </p>
5986 <p class="Verbatim">int f (int x, int y[])</p>
5987 <p class="Verbatim">{</p>
5988 <p class="Verbatim"><span class="Line"><span style=
5989 'font-size:8.0pt'>11</span></span> int i = x++ * x;</p>
5990 <p class="Verbatim"> </p>
5991 <p class="Verbatim"><span class="Line"><span style=
5992 'font-size:8.0pt'>13</span></span> y[i] = i++;</p>
5993 <p class="Verbatim"><span class="Line"><span style=
5994 'font-size:8.0pt'>14</span></span> i += modglob() * glob;</p>
5995 <p class="Verbatim"><span class="Line"><span style=
5996 'font-size:8.0pt'>15</span></span> i += mystery() * glob;</p>
5997 <p class="Verbatim"><span class="Line"><span style=
5998 'font-size:8.0pt'>16</span></span> return i;</p>
5999 <p class="Verbatim">}</p></td>
6000 <td valign="top" style=
6001 'width:275.4pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
6002 <p class="lclintrun">> splint order.c +evalorderuncon</p>
6003 <p class="lclintrun">order.c:11: Expression has undefined behavior
6005 <p class="lclintrun"> right operand modified by
6006 left operand): x++ * x</p>
6007 <p class="lclintrun">order.c:13: Expression has undefined behavior
6009 <p class="lclintrun"> uses i, modified by right
6010 operand): y[i] = i++</p>
6011 <p class="lclintrun">order.c:14: Expression has undefined behavior
6013 <p class="lclintrun"> right operand modified by
6015 <p class="lclintrun"> modglob() * glob</p>
6016 <p class="lclintrun">order.c:15: Expression has undefined
6018 <p class="lclintrun"> (unconstrained function
6019 mystery used in left operand</p>
6020 <p class="lclintrun"> may set global variable
6021 glob used in right operand):</p>
6022 <p class="lclintrun"> mystery() * glob</p>
6023 <p class="TextFontCX" align="left" style='text-align:left'>
6025 <p class="TextFontCX" align="left" style=
6026 'text-align:left;page-break-after:avoid'><i>The warning for line 14
6027 is reported because the modifies clause of</i> <span class=
6028 "CodeText"><span style='font-size:10.0pt'>modglob</span></span>
6029 <i>indicated that it may modify</i> <span class=
6030 "CodeText"><span style=
6031 'font-size:10.0pt'>glob</span></span><i>. The behavior is
6032 undefined since we don’t know if</i> <span class=
6033 "CodeText"><span style='font-size:10.0pt'>glob</span></span> <i>is
6034 evaluated before, after or during the</i> <i>modification.
6035 The line 15 warning would not be reported without</i>
6036 <span class="Flag"><span style=
6037 'font-size:10.0pt'>+evalorderuncon</span></span><i>.</i></p></td></tr></table>
6038 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
6040 <td valign="top" style=
6041 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
6042 <p class="MsoCaption"><a name="_Toc534824620"></a><a name=
6043 "_Ref534823183">Figure 16</a>. Evaluation
6044 Order</p></td></tr></table></center>
6045 <p class="TextFontCX"> </p>
6046 <p class="TextFontCX">When checking systems without modifies and
6047 globals information (see Section 7), evaluation order checking may
6048 report errors when unconstrained functions are called in procedure
6049 arguments. Since Splint has no annotations to constrain what
6050 these functions may modify, it cannot be guaranteed that the
6051 evaluation order is defined if another argument calls an
6052 unconstrained function or uses a global variable or storage
6053 reachable from a parameter to the unconstrained function. Its
6054 best to add modifies and globals clauses to constrain the
6055 unconstrained functions in ways that eliminate the possibility of
6056 undefined behavior. For large legacy systems, this may
6057 require too much effort. Instead, the <span class=
6059 'font-size:10.0pt'>‑eval-order-uncon</span></span> flag may
6060 be used to prevent reporting of undefined behavior due to the order
6061 of evaluation of unconstrained functions. Figure 16
6062 illustrates detection of undefined behavior.</p>
6064 <table class="MsoNormalTable" border="0" cellspacing="0"
6065 cellpadding="0" style=
6066 'margin-left:18.9pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'>
6068 <td valign="top" style=
6069 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'>
6070 <p class="TextFontCX" align="center" style='text-align:center'>
6071 <span class="Keyword"><b><span style=
6072 'font-size:10.0pt; color:white'>loop.c</span></b></span></p></td>
6073 <td valign="top" style=
6074 'border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'>
6075 <p class="TextFontCX" align="center" style='text-align:center'>
6076 <b><span style='color:white'>Running
6077 Splint</span></b></p></td></tr>
6078 <tr style='height:143.1pt'>
6079 <td valign="top" style=
6080 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt;height:143.1pt'>
6081 <p class="Verbatim">extern int glob1, glob2;</p>
6082 <p class="Verbatim">extern int f (void)</p>
6083 <p class="Verbatim"> /*@globals glob1@*/</p>
6084 <p class="Verbatim"> /*@modifies nothing@*/;</p>
6085 <p class="Verbatim">extern void g (void)</p>
6086 <p class="Verbatim"> /*@modifies glob2@*/ ;</p>
6087 <p class="Verbatim">extern void h (void) ;</p>
6088 <p class="Verbatim"> </p>
6089 <p class="Verbatim">void upto (int x)</p>
6090 <p class="Verbatim">{</p>
6091 <p class="Verbatim"><span class="Line"><span style=
6092 'font-size:8.0pt'>14</span></span> while (x > f ())
6094 <p class="Verbatim"><span class="Line"><span style=
6095 'font-size:8.0pt'>15</span></span> while (f () < 3)
6097 <p class="Verbatim">}</p></td>
6098 <td valign="top" style=
6099 'border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt;height:143.1pt'>
6100 <p class="lclintrun">> splint loop.c +infloopsuncon</p>
6101 <p class="lclintrun">loop.c:14: Suspected infinite loop. No
6103 <p class="lclintrun"> loop test (x, glob1) is
6104 modified by test or loop</p>
6105 <p class="lclintrun"> body.</p>
6106 <p class="lclintrun">loop.c:15: Suspected infinite loop. No
6108 <p class="lclintrun"> values modified.
6109 Modification possible through</p>
6110 <p class="lclintrun"> unconstrained calls: h</p>
6111 <p class="TextFontCX" style='page-break-after: avoid'><i>An error
6112 is reported for line 14 since the only value modified by<br>
6113 the loop test or body if</i> <span class=
6114 "CodeText"><span style='font-size: 10.0pt'>glob2</span></span>
6115 <i>and the value of the loop test<br>
6116 does not depend on</i> <span class="CodeText"><span style=
6117 'font-size:10.0pt'>glob2</span></span><i>. The error for line
6119 reported without</i> <span class="Flag"><span style=
6120 'font-size:10.0pt'>+infloopsuncon</span></span><i>.</i></p></td></tr></table>
6121 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
6123 <td valign="top" style=
6124 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
6125 <p class="MsoCaption"><a name="_Toc534824621"></a><a name=
6126 "_Ref534823256">Figure 17</a>. Infinite
6127 Loops</p></td></tr></table></center>
6128 <h2 style='margin-left:0in;text-indent:0in'><a name=
6129 "_Toc534974989"></a><a name="_Ref344892701"></a><a name=
6130 "_Toc344355430">8.3<span style=
6131 'font:7.0pt "Times New Roman"'> </span>
6132 Problematic Control Structures</a></h2>
6133 <p class="TextFontCX">A number of control structures that are
6134 syntactically legal may indicate likely bugs in programs.
6135 Splint can detect errors involving likely infinite
6136 loops (Section 8.3.1), fall through cases and missing cases in
6137 <span class="CodeText"><span style=
6138 'font-size:10.0pt'>switch</span></span> statements (Section
6139 8.3.2), <span class="CodeText"><span style=
6140 'font-size:10.0pt'>break</span></span> statements within deeply
6141 nested loops or switches (Section 8.3.3), clauses of
6142 <span class="CodeText"><span style=
6143 'font-size:10.0pt'>if</span></span>, <span class=
6144 "CodeText"><span style='font-size:10.0pt'>while</span></span>
6145 or <span class="CodeText"><span style=
6146 'font-size:10.0pt'>for</span></span> statements that are
6147 empty statements or unblocked single statements (Section
6148 8.3.4) and incomplete if-else logic (Section 8.3.5).
6149 Although any of these may appear in a correct program,
6150 depending on the programming style used they may indicate
6151 likely bugs or style violations that should be detected and
6153 <h3 style='margin-left:0in;text-indent:0in'><a name=
6154 "_Toc534974990"></a><a name="_Ref344810086">8.3.1<span style=
6155 'font:7.0pt "Times New Roman"'> </span>
6156 Likely Infinite Loops</a></h3>
6157 <p class="TextFontCX">Splint reports an error if it detects a loop
6158 that appears to be infinite. An error is reported for a loop
6159 that does not modify any value used in its condition test inside
6160 the body of the loop or in the condition test itself. This
6161 checking is enhanced by modifies clauses and globals lists (see
6162 Section 7) since they <a name="_Ref344818734">provide more
6163 information about what global variable may be used in the condition
6164 test and what values may be modified by function calls in the loop
6166 <p class="TextFontCX"> </p>
6167 <p class="TextFontCX">Figure 17 shows examples of infinite
6168 loops detected by Splint. An error is reported for the loop in
6169 line 14, since neither of the values used in the loop condition
6170 (<span class="CodeText"><span style=
6171 'font-size:10.0pt'>x</span></span> directly and <span class=
6172 "CodeText"><span style='font-size:10.0pt'>glob1</span></span>
6173 through the call to <span class="CodeText"><span style=
6174 'font-size:10.0pt'>f</span></span>) is modified by the body of the
6175 loop. If the declaration of <span class=
6176 "CodeText"><span style='font-size:10.0pt'>g</span></span> is
6177 changed to include <span class="CodeText"><span style=
6178 'font-size:10.0pt'>glob1</span></span> in the modifies clause no
6179 error is reported. (In this example, if we assume the
6180 annotations are correct, then the programmer has probably called
6181 the wrong function in the loop body. This isn’t
6182 surprising, given the horrible choices of function and variable
6184 <p class="TextFontCX"> </p>
6185 <p class="TextFontCX">If an unconstrained function is called within
6186 the loop body, Splint will assume that it modifies a value used in
6187 the condition test and not report an infinite loop error, unless
6188 <span class="Flag"><span style=
6189 'font-size:10.0pt'>infloopsuncon</span></span> is on. If
6190 <span class="Flag"><span style=
6191 'font-size:10.0pt'>infloopsuncon</span></span> is on, Splint will
6192 report infinite loop errors for loops where there is no explicit
6193 modification of a value used in the condition test, but where they
6194 may be an undetected modification through a call to an
6195 unconstrained function (e.g., line 12 in Figure 17).</p>
6196 <p class="TextFontCX"> </p>
6197 <p class="TextFontCX"> </p>
6198 <p class="TextFontCX" align="center" style='text-align:center'>
6199 <span style='font-size:10.0pt'> </span></p>
6200 <h3 style='margin-left:0in;text-indent:0in'><a name=
6201 "_Toc534974991"></a><a name="_Ref349899747"></a><a name=
6202 "_Ref345591205">8.3.2<span style=
6203 'font:7.0pt "Times New Roman"'> </span>
6205 <p class="TextFontCX">The automatic fall through of C switch
6206 statements is almost never the intended behavior.<a href="#_ftn10"
6207 name="_ftnref10" title=""><span class=
6208 "MsoFootnoteReference"><span class=
6209 "MsoFootnoteReference"><span style=
6210 'font-size:11.0pt;font-family:"Times New Roman"'>[10]</span></span></span></a>
6211 Splint detects <span class="CodeText"><span style=
6212 'font-size:10.0pt'>case</span></span> statements with code that may
6213 fall through to the next <span class="CodeText"><span style=
6214 'font-size:10.0pt'>case</span></span>. The <span class=
6215 "Flag"><span style='font-size:10.0pt'>casebreak</span></span> flag
6216 controls reporting of fall through cases. A single fall
6217 through case may be marked by preceding the <span class=
6218 "CodeText"><span style='font-size:10.0pt'>case</span></span>
6219 keyword with <span class="Annot"><span style=
6220 'font-size:10.0pt'>/*@fallthrough@*/</span></span> to indicate
6221 explicitly that execution falls through to this case. See
6222 Figure 18 for an example.</p>
6223 <p class="TextFontCX"> </p>
6224 <p class="TextFontCX">For switches on <span class=
6225 "CodeText"><span style='font-size:10.0pt'>enum</span></span> types,
6226 Splint reports an error if a member of the enumerator does not
6227 appear as a case in the switch body (and there is no
6228 <span class="CodeText"><span style=
6229 'font-size:10.0pt'>default</span></span> case).
6230 (Controlled by <span class="Flag"><span style=
6231 'font-size:10.0pt'>misscase</span></span>.)</p>
6233 <table class="MsoNormalTable" border="0" cellspacing="0"
6234 cellpadding="0" style=
6235 'margin-left:.2in;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'>
6237 <td valign="top" style=
6238 'width:3.0in;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'>
6239 <p class="TextFontCX" align="center" style='text-align:center'>
6240 <span class="Keyword"><b><span style=
6241 'font-size:10.0pt; color:white'>switch.c</span></b></span></p></td>
6242 <td valign="top" style=
6243 'border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'>
6244 <p class="TextFontCX" align="center" style='text-align:center'>
6245 <b><span style='color:white'>Running
6246 Splint</span></b></p></td></tr>
6248 <td valign="top" style=
6249 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'>
6250 <p class="Verbatim">typedef enum {</p>
6251 <p class="Verbatim"> YES, NO, DEFINITELY,</p>
6252 <p class="Verbatim"> PROBABLY, MAYBE } ynm;</p>
6253 <p class="Verbatim">void decide (ynm y)</p>
6254 <p class="Verbatim">{</p>
6255 <p class="Verbatim"> switch (y)</p>
6256 <p class="Verbatim"> {</p>
6257 <p class="Verbatim"> case PROBABLY:</p>
6258 <p class="Verbatim"> case NO: printf ("No!");</p>
6259 <p class="Verbatim"><span class="Line"><span style=
6260 'font-size:8.0pt'>10</span></span> case MAYBE: printf
6262 <p class="Verbatim">
6263
6264 /*@fallthrough@*/</p>
6265 <p class="Verbatim"> case YES: printf
6267 <p class="Verbatim"><span class="Line"><span style=
6268 'font-size:8.0pt'>13</span></span> }</p>
6269 <p class="Verbatim">}</p></td>
6270 <td valign="top" style=
6271 'border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
6272 <p class="lclintrun">> splint switch.c</p>
6273 <p class="lclintrun">switch.c:10: Fall through case (no preceding
6275 <p class="lclintrun">switch.c:13: Missing case in switch:
6277 <p class="TextFontCX"> </p>
6278 <p class="MsoCaption" align="left" style='text-align:left'>
6279 <i><span style='font-weight:normal'>No fall through error is
6280 reported for the</span></i> <span class=
6281 "CodeText"><span style='font-weight:normal'>NO</span></span><i><span style='font-weight:normal'>
6283 since there are no statements associated with the<br>
6284 previous case. </span></i></p>
6285 <p class="TextFontCX" style='page-break-after: avoid'><i>The</i>
6286 <span class="Annot"><span style=
6287 'font-size:10.0pt'>/*@fallthrough@*/</span></span> <i>comment
6289 a message from being produced for the<br></i> <span class=
6290 "Annot"><span style='font-size:10.0pt'>YES</span></span>
6291 <i>case.</i></p></td></tr></table>
6292 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
6294 <td valign="top" style=
6295 'padding-top:0in;padding-right: 9.0pt;padding-bottom:0in;padding-left:9.0pt'>
6296 <p class="MsoCaption"><a name="_Toc344355431"></a><a name=
6297 "_Ref344881581"></a><a name="_Toc534824622"></a><a name=
6298 "_Ref534823308">Figure 18</a>. Switch
6299 Cases</p></td></tr></table></center>
6300 <h3 style='margin-left:0in;text-indent:0in'><a name=
6301 "_Toc534974992"></a><a name="_Ref534971227">8.3.3<span style=
6302 'font:7.0pt "Times New Roman"'> </span>
6303 Deep Breaks</a></h3>
6304 <p class="TextFontCX">There is no syntax provided by C (other than
6305 <span class="CodeText"><span style=
6306 'font-size:10.0pt'>goto</span></span>) for breaking out of a nested
6307 loop. All <span class="CodeText"><span style=
6308 'font-size:10.0pt'>break</span></span> and <span class=
6309 "CodeText"><span style='font-size:10.0pt'>continue</span></span>
6310 statements act only on the innermost surrounding loop or
6311 switch. This can lead to serious problems<a href="#_ftn11"
6312 name="_ftnref11" title=""><span class=
6313 "MsoFootnoteReference"><span class=
6314 "MsoFootnoteReference"><span style=
6315 'font-size:11.0pt;font-family:"Times New Roman"'>[11]</span></span></span></a>
6316 when a programmer intends to break the outer loop or switch
6317 instead. Splint optionally reports warnings for
6318 <span class="CodeText"><span style=
6319 'font-size: 10.0pt'>break</span></span> and <span class=
6320 "CodeText"><span style=
6321 'font-size: 10.0pt'>continue</span></span> statements in
6322 nested contexts.</p>
6323 <p class="beforelist"> </p>
6324 <p class="beforelist">Four types of <span class=
6325 "CodeText"><span style='font-size: 10.0pt'>break</span></span>
6326 warnings are reported:</p>
6327 <p class="MsoListBullet"><span style=
6328 'font-family:Symbol'>·<span style=
6329 'font:7.0pt "Times New Roman"'> </span></span>
6330 <span class="CodeText"><span style=
6331 'font-size:10.0pt'>break</span></span> inside a loop
6332 (<span class="CodeText"><span style=
6333 'font-size:10.0pt'>while</span></span> or <span class=
6334 "CodeText"><span style='font-size:10.0pt'>for</span></span>)
6335 that is inside a loop. Controlled by <span class=
6337 'font-size:10.0pt'>looploopbreak</span></span>. To
6338 indicate that a <span class="CodeText"><span style=
6339 'font-size:10.0pt'>break</span></span> is inside an inner
6340 loop, precede the <span class="CodeText"><span style=
6341 'font-size:10.0pt'>break</span></span> by <a href=
6342 "mailto:/*@innerbreak@*/"><span class="Annot"><span style=
6343 'font-size: 10.0pt'>/*@innerbreak@*/</span></span></a>.</p>
6344 <p class="MsoListBullet"><span style=
6345 'font-family:Symbol'>·<span style=
6346 'font:7.0pt "Times New Roman"'> </span></span>
6347 <span class="CodeText"><span style=
6348 'font-size:10.0pt'>break</span></span> inside a loop that is inside
6349 a <span class="CodeText"><span style=
6350 'font-size:10.0pt'>switch</span></span> statement. Controlled
6351 by <span class="Flag"><span style=
6352 'font-size:10.0pt'>switchloopbreak</span></span>. To mark the
6353 <span class="CodeText"><span style=
6354 'font-size:10.0pt'>break</span></span> as a loop break, precede the
6355 <span class="CodeText"><span style=
6356 'font-size:10.0pt'>break</span></span> by <span class=
6357 "Annot"><span style=
6358 'font-size:10.0pt'>/*@loopbreak@*/</span></span>.</p>
6359 <p class="MsoListBullet"><span style=
6360 'font-family:Symbol'>·<span style=
6361 'font:7.0pt "Times New Roman"'> </span></span>
6362 <span class="CodeText"><span style=
6363 'font-size:10.0pt'>break</span></span> inside a <span class=
6364 "CodeText"><span style='font-size:10.0pt'>switch</span></span>
6365 statement that is inside a loop. Controlled by
6366 <span class="Flag"><span style=
6367 'font-size:10.0pt'>loopswitchbreak</span></span>. To
6368 mark the <span class="CodeText"><span style=
6369 'font-size:10.0pt'>break</span></span> as a switch break,
6370 precede the <span class="CodeText"><span style=
6371 'font-size:10.0pt'>break</span></span> by <span class=
6372 "Annot"><span style=
6373 'font-size:10.0pt'>/*@switchbreak@*/</span></span>.</p>
6374 <p class="MsoListBullet"><span style=
6375 'font-family:Symbol'>·<span style=
6376 'font:7.0pt "Times New Roman"'> </span></span>
6377 <span class="CodeText"><span style=
6378 'font-size:10.0pt'>break</span></span> inside a <span class=
6379 "CodeText"><span style='font-size:10.0pt'>switch</span></span>
6380 inside another <span class="CodeText"><span style=
6381 'font-size:10.0pt'>switch</span></span>. Controlled by
6382 <span class="Flag"><span style=
6383 'font-size:10.0pt'>switchswitchbreak</span></span>. To
6384 indicate that the <span class="CodeText"><span style=
6385 'font-size:10.0pt'>break</span></span> is for the inner switch, use
6386 <span class="Annot"><span style=
6387 'font-size:10.0pt'>/*@innerbreak@*/</span></span>.</p>
6388 <p class="afterlist">Since <span class=
6389 "CodeText"><span style='font-size:10.0pt'>continue</span></span>
6390 only makes sense within loops, a warning (Controlled by <span class=
6392 'font-size: 10.0pt'>looploopcontinue</span></span>.)
6393 is reported only for
6394 <span class="CodeText"><span style=
6395 'font-size:10.0pt'>continue</span></span> statements within
6396 nested loops. A
6397 safe inner <span class="CodeText"><span style=
6398 'font-size:10.0pt'>continue</span></span> may be preceded by
6399 <span class="Annot"><span style=
6400 'font-size:10.0pt'>/*@innercontinue@*/</span></span> to
6401 suppress error messages locally. The <span class=
6402 "Flag"><span style='font-size:10.0pt'>deepbreak</span></span>
6403 flag sets all nested break and continue checking flags.</p>
6404 <p class="TextFontCX"> </p>
6405 <p class="TextFontCX">Splint warns if the marker preceding a
6406 <span class="CodeText"><span style=
6407 'font-size:10.0pt'>break</span></span> is not consistent with its
6408 placement. A warning results if <span class=
6409 "Annot"><span style='font-size:10.0pt'>innerbreak</span></span>
6410 precedes a <span class="CodeText"><span style=
6411 'font-size:10.0pt'>break</span></span> that is not breaking an
6412 inner loop, <span class="Annot"><span style=
6413 'font-size:10.0pt'>switchbreak</span></span> precedes a
6414 <span class="CodeText"><span style=
6415 'font-size:10.0pt'>break</span></span> that is not breaking a
6416 switch, or <span class="Annot"><span style=
6417 'font-size: 10.0pt'>loopbreak</span></span> precedes a
6418 <span class="CodeText"><span style=
6419 'font-size:10.0pt'>break</span></span> that is not breaking a
6421 <h3 style='margin-left:0in;text-indent:0in'><a name=
6422 "_Toc534974993"></a><a name="_Ref347246280">8.3.4<span style=
6423 'font:7.0pt "Times New Roman"'> </span></a>
6424 Loop and If Bodies</h3>
6425 <p class="beforelist">An empty statement after an
6426 <span class="CodeText"><span style=
6427 'font-size:10.0pt'>if</span></span>, <span class=
6428 "CodeText"><span style='font-size:10.0pt'>while</span></span>
6429 or <span class="CodeText"><span style=
6430 'font-size:10.0pt'>for</span></span> often indicates a
6431 potential bug. A single statement (i.e., not a compound
6432 block) after an <span class="CodeText"><span style=
6433 'font-size:10.0pt'>if</span></span>, <span class=
6434 "CodeText"><span style='font-size:10.0pt'>while</span></span>
6435 or <span class="CodeText"><span style=
6436 'font-size:10.0pt'>for</span></span> is not likely to
6437 indicate a bug, but make the code harder to read and
6438 edit. Splint can report errors for if or loop
6439 statements with empty bodies or bodies that are not compound
6440 statements. Separate flags control checking for
6441 statements following an <span class="CodeText"><span style=
6442 'font-size:10.0pt'>if</span></span>, <span class=
6443 "CodeText"><span style='font-size:10.0pt'>while</span></span>
6444 or <span class="CodeText"><span style=
6445 'font-size:10.0pt'>for</span></span>:</p>
6446 <p class="MsoListBullet"><span style=
6447 'font-family:Symbol'>·<span style=
6448 'font:7.0pt "Times New Roman"'> </span></span>
6449 <span class="Flag"><span style=
6450 'font-size:10.0pt'>[if</span></span>,<span class=
6451 "Flag"><span style='font-size:10.0pt'>while</span></span>,<span class="Flag">
6452 <span style='font-size:10.0pt'>for]empty</span></span> —
6453 report errors for empty bodies (e.g., <span class=
6454 "CodeText"><span style='font-size:10.0pt'>if (x > 3)
6455 ;</span></span> )</p>
6456 <p class="MsoListBullet"><span style=
6457 'font-family:Symbol'>·<span style=
6458 'font:7.0pt "Times New Roman"'> </span></span>
6459 <span class="Flag"><span style=
6460 'font-size:10.0pt'>[if</span></span>,<span class=
6461 "Flag"><span style='font-size:10.0pt'>while</span></span>,<span class="Flag">
6462 <span style='font-size:10.0pt'>for]block</span></span> —
6463 report errors for non-block bodies (e.g., <span class=
6464 "CodeText"><span style='font-size:10.0pt'>if (x > 3)
6465 x++;</span></span>)</p>
6466 <p class="MsoListBullet" style='margin-left:0in;text-indent:0in'>
6467 <span class="Keyword"><span style=
6468 'font-size:10.0pt'> </span></span></p>
6469 <p class="afterlist">The <span class="CodeText"><span style=
6470 'font-size:10.0pt'>if</span></span> statement checks also apply to
6471 the body of the <span class="CodeText"><span style=
6472 'font-size:10.0pt'>else</span></span> clause. No
6473 <span class="Flag"><span style=
6474 'font-size:10.0pt'>ifblock</span></span> warning is reported
6475 if the body of the <span class="CodeText"><span style=
6476 'font-size:10.0pt'>else</span></span> clause is an
6477 <span class="CodeText"><span style=
6478 'font-size:10.0pt'>if</span></span> statement, to allow
6479 conventional <span class="CodeText"><span style=
6480 'font-size: 10.0pt'>else if</span></span> chains. </p>
6481 <h3 style='margin-left:0in;text-indent:0in'><a name=
6482 "_Toc534974994"></a><a name="_Ref347246283">8.3.5<span style=
6483 'font:7.0pt "Times New Roman"'> </span>
6484 Complete Logic</a></h3>
6485 <p class="beforelist">Although it may be perfectly reasonable in
6486 many contexts, an <span class="CodeText"><span style=
6487 'font-size:10.0pt'>if</span></span>-<span class=
6488 "CodeText"><span style='font-size:10.0pt'>else</span></span> chain
6489 with no final <span class="CodeText"><span style=
6490 'font-size:10.0pt'>else</span></span> may indicate missing logic or
6491 forgetting to check error cases. If <span class=
6492 "Flag"><span style='font-size:10.0pt'>elseif-complete</span></span>
6493 is on, Splint warns when an <span class=
6494 "CodeText"><span style='font-size:10.0pt'>if</span></span>
6495 statement that is the body of an <span class=
6496 "CodeText"><span style='font-size: 10.0pt'>else</span></span>
6497 clause does not have a matching <span class=
6498 "CodeText"><span style='font-size:10.0pt'>else</span></span>
6499 clause. For example, the code,</p>
6500 <p class="Verbatim"> if (x == 0) { return "nil"; }</p>
6501 <p class="Verbatim"> else if (x == 1) { return "many";
6503 <p class="afterlist">results in a warning since the second
6504 <span class="CodeText"><span style=
6505 'font-size:10.0pt'>if</span></span> has no matching
6506 <span class="CodeText"><span style=
6507 'font-size:10.0pt'>else</span></span> branch.</p>
6508 <h2 style='margin-left:0in;text-indent:0in'><a name=
6509 "_Toc534974995"></a><a name="_Ref344892802">8.4<span style=
6510 'font:7.0pt "Times New Roman"'> </span>
6511 Suspicious Statements</a></h2>
6512 <p class="TextFontCX">Splint detects errors involving statements
6513 with no apparent effects (Section 8.4.1) and statements that ignore
6514 the result of a called function (Section 8.4.2).</p>
6515 <h3 style='margin-left:0in;text-indent:0in'><a name=
6516 "_Toc534974996"></a><a name="_Ref347247824">8.4.1<span style=
6517 'font:7.0pt "Times New Roman"'> </span>
6518 Statements with No Effects</a></h3>
6519 <p class="TextFontCX">Splint can report errors for statements that
6520 have no effect. (Controlled by <span class=
6521 "Flag"><span style='font-size:10.0pt'>no-effect</span></span>.)
6522 Because of modifies clauses, Splint can detect more errors
6523 than traditional checkers. Unless the <span class=
6525 'font-size:10.0pt'>no-effect-uncon</span></span> flag is
6526 on, errors are not reported for statements that involve calls
6527 to unconstrained functions since the unconstrained function
6528 may cause a modification. Figure 19 shows examples of
6529 Splint’s no effect checking.</p>
6531 <table class="MsoNormalTable" border="0" cellspacing="0"
6532 cellpadding="0" style=
6533 'margin-left:5.4pt;border-collapse:collapse; margin-left:-2.25pt;margin-right:-2.25pt'>
6535 <td valign="top" style=
6536 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'>
6537 <p class="TextFontCX" align="center" style='text-align:center'>
6538 <a name="_Ref344893305"></a><a name=
6539 "_Ref344874935"><span class="StyleKeywordBold"><span style=
6540 'font-size:10.0pt'>noeffect.c</span></span></a></p></td>
6541 <td valign="top" style=
6542 'border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'>
6543 <p class="TextFontCX" align="center" style='text-align:center'>
6544 <b><span style='color:white'>Running
6545 Splint</span></b></p></td></tr>
6547 <td valign="top" style=
6548 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'>
6549 <p class="Verbatim">extern void</p>
6550 <p class="Verbatim"> nomodcall (int *x) /*@*/;</p>
6551 <p class="IndentText"><i>Recall /*@*/ is shorthand for<br>
6552 modifies nothing and use<br>
6554 <p class="Verbatim">extern void mysterycall (int *x);</p>
6555 <p class="Verbatim"> </p>
6556 <p class="Verbatim">int noeffect (int *x, int y)</p>
6557 <p class="Verbatim">{</p>
6558 <p class="Verbatim"> y == *x;</p>
6559 <p class="Verbatim"> nomodcall (x);</p>
6560 <p class="Verbatim"> mysterycall (x);</p>
6561 <p class="Verbatim"> return *x;</p>
6562 <p class="Verbatim">}</p></td>
6563 <td valign="top" style=
6564 'border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
6565 <p class="lclintrun">> splint noeffect.c +noeffectuncon</p>
6566 <p class="lclintrun">noeffect.c:6: Statement has no effect: y ==
6568 <p class="lclintrun">noeffect.c:7: Statement has no effect:
6570 <p class="lclintrun">noeffect.c:8: Statement has no effect
6572 <p class="lclintrun"> undetected modification
6574 <p class="lclintrun"> unconstrained function
6576 <p class="lclintrun"> mysterycall(x)</p>
6577 <p class="IndentText"><i> </i></p>
6578 <p class="IndentText" style='page-break-after:avoid'><i>The warning
6579 for line 8 would not be<br>
6580 reported without</i> <span class="Flag"><span style=
6581 'font-size: 10.0pt'>+noeffectuncon</span></span>.</p></td></tr></table>
6582 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
6584 <td valign="top" style=
6585 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
6586 <p class="MsoCaption"><a name="_Ref534813977"></a><a name=
6587 "_Toc534824623"></a><a name="_Ref534823396">Figure 19</a>.
6588 Statements with No Effect</p></td></tr></table></center>
6589 <h3 style='margin-left:0in;text-indent:0in'><a name=
6590 "_Ref534978820"></a><a name="_Toc534974997">8.4.2<span style=
6591 'font:7.0pt "Times New Roman"'> </span>
6592 Ignored Return Values</a></h3>
6593 <p class="TextFontCX">Splint reports an error when a return value
6594 is ignored. Checking may be controlled based on the type of
6595 the return value: <span class="Flag"><span style=
6596 'font-size:10.0pt'>ret-val-int</span></span> controls reporting of
6597 ignored return values of type <span class=
6598 "Keyword"><span style='font-size:10.0pt'>int</span></span>,
6599 and <span class="Flag"><span style=
6600 'font-size:10.0pt'>ret-val-bool</span></span> for return
6601 values of type <span class="Keyword"><span style=
6602 'font-size:10.0pt'>bool</span></span>, and <span class=
6604 'font-size:10.0pt'>ret-val-others</span></span> for all
6605 other types. A function statement may be cast to
6606 <span class="Keyword"><span style=
6607 'font-size:10.0pt'>void</span></span> to prevent this error
6608 from being reported.</p>
6609 <p class="TextFontCX"> </p>
6610 <p class="TextFontCX">Alternate types (Section 4.4) can be
6611 used to declare functions that return values that may safely be
6612 ignored by declaring the result type to alternately be
6613 <span class="Keyword"><span style=
6614 'font-size:10.0pt'>void</span></span>. Several
6615 functions in the standard library are specified to
6616 alternately return <span class="Keyword"><span style=
6617 'font-size:10.0pt'>void</span></span> to prevent ignored
6618 return value errors for standard library functions (e.g.,
6619 <span class="Keyword"><span style=
6620 'font-size:10.0pt'>strcpy</span></span>) where the result may
6621 be safely ignored (see Section 14.1). Figure 20 shows
6622 examples of ignored return value errors reported by
6624 <p class="MsoNormal" align="left" style=
6625 'text-align:left;background:white'><span style=
6626 'font-size:10.0pt'> </span></p>
6628 <table class="MsoNormalTable" border="0" cellspacing="0"
6629 cellpadding="0" style='margin-left:9.9pt;border-collapse:collapse'>
6631 <td valign="top" style=
6632 'border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'>
6633 <p class="TextFontCX" align="center" style='text-align:center'>
6634 <span class="Keyword"><b><span style=
6635 'font-size:10.0pt; color:white'>ignore.c</span></b></span></p></td>
6636 <td valign="top" style=
6637 'border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'>
6638 <p class="TextFontCX" align="center" style='text-align:center'>
6639 <b><span style='color:white'>Running
6640 Splint</span></b></p></td></tr>
6642 <td valign="top" style=
6643 'border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'>
6644 <p class="Verbatim"># include “bool.h”</p>
6645 <p class="Verbatim">extern int fi (void);</p>
6646 <p class="Verbatim">extern bool fb (void);</p>
6647 <p class="Verbatim">extern int /*@alt void@*/</p>
6648 <p class="Verbatim"> fv (void);</p>
6649 <p class="Verbatim"> </p>
6650 <p class="Verbatim">int ignore (void)</p>
6651 <p class="Verbatim">{</p>
6652 <p class="Verbatim"><span class="Line"><span style=
6653 'font-size:8.0pt'> 8</span></span> fi ();</p>
6654 <p class="Verbatim"><span class="Line"><span style=
6655 'font-size:8.0pt'> 9</span></span> (void) fi ();</p>
6656 <p class="Verbatim"><span class="Line"><span style=
6657 'font-size:8.0pt'>10</span></span> fb ();</p>
6658 <p class="Verbatim"><span class="Line"><span style=
6659 'font-size:8.0pt'>11</span></span> fv ();</p>
6660 <p class="Verbatim"><span class="Line"><span style=
6661 'font-size:8.0pt'>12</span></span> return fv ();</p>
6662 <p class="Verbatim">}</p></td>
6663 <td valign="top" style=
6664 'border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
6665 <p class="lclintrun">> splint ignore.c</p>
6666 <p class="lclintrun"> </p>
6667 <p class="lclintrun">ignore.c:8: Return value (type int) ignored:
6669 <p class="lclintrun">ignore.c:10: Return value (type bool) ignored:
6671 <p class="lclintrun"> </p>
6672 <p class="MsoNormal" style='background:white'><i><span style=
6673 'font-size:10.0pt'>The message for line 8 would not be reported
6674 if</span></i> <span class="Flag"><span style=
6675 'font-size:10.0pt'>‑retvalint</span></span><i><span style='font-size:10.0pt'>
6677 for line 10, if</span></i> <span class="Flag"><span style=
6678 'font-size:10.0pt'>‑retvalbool</span></span><i><span style='font-size:10.0pt'>
6679 is set.</span></i></p>
6680 <p class="MsoNormal" style='background:white'><i><span style=
6681 'font-size:10.0pt'> </span></i></p>
6682 <p class="MsoNormal" style='background:white'><i><span style=
6683 'font-size:10.0pt'> No message is reported for line 9 because
6684 the result is cast to</span></i> <span class=
6685 "CodeText"><span style='font-size:10.0pt'>void</span></span><i><span style='font-size:10.0pt'>
6687 and no message is reported for line 11 because</span></i>
6688 <span class="CodeText"><span style=
6689 'font-size:10.0pt'>fv</span></span><i><span style=
6690 'font-size:10.0pt'>is declared<br>
6691 to alternately return</span></i> <span class=
6692 "CodeText"><span style=
6693 'font-size:10.0pt'>void</span></span><i><span style=
6694 'font-size:10.0pt'>.</span></i></p>
6695 <p class="TextFontCX" style='page-break-after: avoid'>
6696 </p></td></tr></table>
6698 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
6700 <td valign="top" style=
6701 'padding-top:0in;padding-right: 9.0pt;padding-bottom:0in;padding-left:9.0pt'>
6702 <p class="MsoCaption"><a name="_Toc534824624"></a><a name=
6703 "_Ref534823436">Figure 20</a>. Ignored Return
6704 Values</p></td></tr></table></div></center>
6705 <p class="MsoNormal" align="left" style=
6706 'text-align:left;background:white'><span style=
6707 'font-size:10.0pt'> </span></p>
6709 'font-size:16.0pt;font-family:"Times New Roman"'><br clear="all"
6710 style='page-break-before:always'></span></b>
6711 <h1 style='margin-left:0in;text-indent:0in;page-break-before:auto'>
6712 <a name="_Toc534974998"></a><a name="_Ref534963019"></a><a name=
6713 "_Ref534962975">9<span style=
6714 'font:7.0pt "Times New Roman"'> </span>
6715 <a id="buffer" name="buffer">
6716 Buffer Sizes</a></a></h1>
6717 <p class="TextFontCX">Buffer overflow errors are a particularly
6718 dangerous type of bug in C programs. They are directly
6719 responsible for about half of all security attacks
6720 [Larochelle01]. For performance reasons, C does not perform
6721 run time bounds checking. Referencing storage outside
6722 allocated regions can cause memory corruption and lead to strange
6723 behavior. Moreover, buffer overflow bugs are particularly
6724 insidious because they can go undetected in testing or normal use,
6725 but usually result in security critical bugs. Reads beyond
6726 the end of a buffer can cause the program to leak
6727 information. Writes beyond the end a buffer (buffer
6728 overflows) can usually be exploited make the program run arbitrary
6729 code. Attackers can exploit these programming bugs to replace
6730 the return address on the stack and place arbitrary code in memory
6731 thereby gaining full access to the machine. Splint is able to
6732 detect many memory bounds errors. <a href="#_ftn12" name=
6733 "_ftnref12" title=""><span style=
6734 'font-size:11.0pt; font-family:"Times New Roman"'>[12]</span></a> </p>
6735 <h2 style='margin-left:0in;text-indent:0in'><a name=
6736 "_Toc534974999">9.1<span style=
6737 'font:7.0pt "Times New Roman"'> </span>
6738 Checking Accesses</a></h2>
6739 <p class="TextFontCX">Splint models blocks of contiguous memory
6740 using two properties: <span class="Annot"><span style=
6741 'font-size:10.0pt'>maxSet</span></span> and <span class=
6742 "Annot"><span style='font-size:10.0pt'>maxRead</span></span>.
6743 Given a buffer <span class="CodeText"><i><span style=
6744 'font-size:10.0pt'>b</span></i></span>, <span class=
6745 "Annot"><span style=
6746 'font-size:10.0pt'>maxSet(<i>b</i>)</span></span> denotes the
6747 highest address beyond <span class="CodeText"><i><span style=
6748 'font-size:10.0pt'>b</span></i></span> that can be safely used as
6749 an lvalue. For the declaration <span class=
6750 "CodeText"><span style='font-size:10.0pt'>char
6751 buf[MAXSIZE]</span></span> we have <span class=
6752 "Annot"><span style='font-size: 10.0pt'>maxSet(buf)</span></span>
6753 <span class="CodeText"><span style='font-size: 10.0pt'>=
6754 MAXSIZE - 1</span></span>. Similarly, <span class=
6755 "Annot"><span style='font-size:10.0pt'>maxRead</span></span>
6756 denotes the highest index of a buffer that can be safely used
6757 an rvalue. It is inappropriate to read an uninitialized
6758 element or beyond the <span class="CodeText"><span style=
6759 'font-size:10.0pt'>NUL</span></span> terminator of a null
6760 terminated buffer.</p>
6761 <p class="TextFontCX"> </p>
6762 <p class="TextFontCX">When a buffer is accessed as an lvalue,
6763 Splint generates a precondition constraint involving the
6764 <span class="Annot"><span style=
6765 'font-size:10.0pt'>maxSet</span></span> property. When a
6766 buffer is accessed as an rvalue, Splint generates a precondition
6767 constraint involving the <span class="Annot"><span style=
6768 'font-size:10.0pt'>maxRead</span></span> property. For the
6769 expression <span class="CodeText"><span style=
6770 'font-size:10.0pt'>*<i>ptr</i></span></span>, Splint generates the
6771 constraints <span class="Annot"><span style=
6772 'font-size:10.0pt'>maxSet(<i>ptr</i>)</span></span>
6773 <span class="CodeText"><span style='font-size:10.0pt'>>=
6774 0</span></span> or <span class="Annot"><span style=
6775 'font-size:10.0pt'>maxRead(<i>ptr</i>)</span></span>
6776 <span class="CodeText"><span style='font-size:10.0pt'>>=
6777 0</span></span> depending on whether <span class=
6778 "CodeText"><i><span style=
6779 'font-size:10.0pt'>ptr</span></i></span> is used as an lvalue
6780 or rvalue. Similarly, for accesses of the form
6781 <span class="CodeText"><span style=
6782 'font-size:10.0pt'>ptr[i]</span></span>, splint generates the
6783 constraints <span class="Annot"><span style=
6784 'font-size:10.0pt'>maxSet(<i>ptr</i>)</span></span>
6785 <span class="CodeText"><span style='font-size:10.0pt'>>=
6786 i</span></span> or <span class="Annot"><span style=
6787 'font-size:10.0pt'>maxRead(<i>ptr</i>)</span></span>
6788 <span class="CodeText"><span style='font-size:10.0pt'>>=
6789 i</span></span>. If <span class="Flag"><span style=
6790 'font-size:10.0pt'>+boundswrite</span></span> is set, Splint
6791 warns if it is unable to resolve a constraint involving
6792 <span class="Annot"><span style=
6793 'font-size:10.0pt'>maxSet</span></span>. If <span class=
6795 'font-size:10.0pt'>+boundsread</span></span> is set, Splint
6796 warns about unresolved <span class="Annot"><span style=
6797 'font-size:10.0pt'>maxRead</span></span> constraints
6799 <p class="TextFontCX"> </p>
6800 <p class="TextFontCX">Splint generates postconditions for
6801 statements to help resolve precondition constraints. When a
6802 buffer is written to we know that an element of a buffer is
6803 initialized and is safe to read. We generate the
6804 postcondition <span class="Annot"><span style=
6805 'font-size:10.0pt'>maxRead(<i>ptr</i>)</span></span>
6806 <span class="CodeText"><span style='font-size:10.0pt'>>=
6807 0</span></span> if the buffer is accessed using <span class=
6808 "CodeText"><span style='font-size:10.0pt'>*ptr</span></span>
6809 or <span class="Annot"><span style=
6810 'font-size:10.0pt'>maxRead(ptr)</span></span> <span class=
6811 "CodeText"><span style='font-size:10.0pt'>>=
6812 i</span></span> if the buffer is accessed using <span class=
6813 "CodeText"><i><span style=
6814 'font-size:10.0pt'>ptr</span></i></span><span class=
6815 "CodeText"><span style=
6816 'font-size:10.0pt'>[<i>i</i>]</span></span>. Splint
6817 generates additional postconditions for a variety of C
6818 constructs. For assignment statements, Splint generates
6819 a postcondition equating the two operands. Splint also
6820 generates post condition constraints for the <span class=
6821 "Annot"><span style='font-size:10.0pt'>maxSet</span></span>
6822 value of fixed sized arrays.</p>
6823 <h2 style='margin-left:0in;text-indent:0in'><a name=
6824 "_Toc534975000">9.2<span style=
6825 'font:7.0pt "Times New Roman"'> </span>
6826 Annotating Buffer Sizes</a></h2>
6827 <p class="TextFontCX">Function declarations may include
6828 <span class="Annot"><span style=
6829 'font-size:10.0pt'>requires</span></span> and <span class=
6830 "Annot"><span style='font-size:10.0pt'>ensures</span></span>
6831 clauses that specify assumptions about buffer sizes for
6832 function preconditions. They are interpreted like
6833 <span class="Annot"><span style=
6834 'font-size:10.0pt'>requires</span></span> and <span class=
6835 "Annot"><span style='font-size:10.0pt'>ensures</span></span>
6836 clauses for simple memory states (see Section 7.5) but can be
6837 more expressive. When a function with a <span class=
6838 "Annot"><span style='font-size:10.0pt'>requires</span></span>
6839 clause is called, the call site must be checked to satisfy
6840 the constraints implied by the <span class=
6841 "Annot"><span style='font-size:10.0pt'>requires</span></span>
6842 clause. Similarly, an <span class="Annot"><span style=
6843 'font-size:10.0pt'>ensures</span></span> clause can be used
6844 to specify function post conditions. If the
6845 <span class="Flag"><span style=
6846 'font-size:10.0pt'>+checkpost</span></span> flag is set,
6847 Splint warns if it cannot verify that a function
6848 implementation satisfies its declared postconditions.</p>
6849 <p class="TextFontCX"> </p>
6850 <p class="TextFontCX">Constraints can contain function parameters
6851 as well as global variables and integer constants. The unary
6852 operators, <span class="Annot"><span style=
6853 'font-size:10.0pt'>maxSet</span></span> and <span class=
6854 "Annot"><span style='font-size:10.0pt'>maxRead</span></span> which
6855 correspond to the properties described above are also supported.
6856 Multiple predicates may be conjoined using <span class=
6857 "CodeText"><span style=
6858 'font-size: 10.0pt'>/\</span></span>. </p>
6859 <p class="TextFontCX"> </p>
6860 <p class="TextFontCX">For example, the standard library annotates
6861 <span class="CodeText"><span style=
6862 'font-size:10.0pt'>strcpy</span></span>:</p>
6863 <p class="MsoPlainText" style='line-height:normal'> </p>
6864 <p class="Verbatim" style='margin-left:22.5pt'>void /*@alt char *
6866 <p class="Verbatim" style='margin-left:22.5pt;text-indent:13.5pt'>
6867 (/*@unique@*/ /*@out@*/ /*@returned@*/ char *s1, char *s2)</p>
6868 <p class="Verbatim" style='margin-left:.5in'>/*@modifies *s1@*/</p>
6869 <p class="Verbatim" style='margin-left:.5in'>/*@requires maxSet(s1)
6870 >= maxRead(s2) @*/</p>
6871 <p class="Verbatim"> /*@ensures
6872 maxRead(s1) == maxRead (s2) @*/; </p>
6873 <p class="MsoPlainText" style=
6874 'margin-left:.5in;line-height:normal'><b> </b></p>
6875 <p class="MsoPlainText" style=
6876 'text-align:justify;line-height:normal'>The <span class=
6877 "Annot"><span style='font-size:10.0pt'>requires</span></span>
6878 clause indicates that the buffer passed as <span class=
6879 "CodeText"><span style='font-size:10.0pt'>s1</span></span> must be
6880 large enough to hold the string passed as <span class=
6881 "CodeText"><span style='font-size:10.0pt'>s2</span></span>.
6882 The <span class="Annot"><span style=
6883 'font-size:10.0pt'>ensures</span></span> clause specifies that
6884 <span class="Annot"><span style=
6885 'font-size:10.0pt'>maxRead</span></span> of <span class=
6886 "CodeText"><span style='font-size:10.0pt'>s1</span></span> after
6887 the call is equal to <span class="Annot"><span style=
6888 'font-size:10.0pt'>maxRead</span></span> of <span class=
6889 "CodeText"><span style='font-size:10.0pt'>s2</span></span>.
6890 In cases where the size of <span class=
6891 "CodeText"><span style='font-size:10.0pt'>s2</span></span> is
6892 unknown, programs should use <span class=
6893 "CodeText"><span style=
6894 'font-size: 10.0pt'>strncpy</span></span>, annotated as:</p>
6895 <p class="Verbatim"> </p>
6896 <p class="Verbatim" style='margin-left:22.5pt'>void /*@alt char *
6898 <p class="Verbatim" style='margin-left:22.5pt'>
6899 (/*@unique@*/ /*@out@*/ /*@returned@*/ char *s1, char *s2,</p>
6900 <p class="Verbatim" style='margin-left:22.5pt;text-indent:13.5pt'>
6901 size_t n)</p>
6902 <p class="Verbatim" style='margin-left:22.5pt'>
6903 /*@modifies *s1@*/ </p>
6904 <p class="Verbatim" style='margin-left:22.5pt'> /*@requires
6905 maxSet(s1) >= ( n - 1 ); @*/</p>
6906 <p class="Verbatim" style='margin-left:22.5pt'> /*@ensures
6907 maxRead (s2) >= maxRead(s1) /\ maxRead (s1) <= n;@*/;</p>
6908 <p class="TextFontCX"> </p>
6909 <p class="TextFontCX">The syntax for buffer size constraint clauses
6911 <p class="TextFontCX"> </p>
6912 <p class="TextFontCX" align="left" style=
6913 'margin-left: 22.5pt;text-align:left'><i><span lang=
6914 "FR">constraint</span></i> <span lang="FR"> </span>
6915 <span style='font-family:Symbol'>Þ</span> <span lang=
6916 "FR">(</span><span class="Annot"><span style=
6917 'font-size:10.0pt'>requires</span></span> <span lang="FR">|</span>
6918 <span class="Annot"><span style=
6919 'font-size:10.0pt'>ensures</span></span><span lang="FR">)
6920 <i>consExpr relOp consExpr</i></span></p>
6921 <p class="TextFontCX" align="left" style=
6922 'margin-left: 22.5pt;text-align:left'><i><span lang=
6923 "FR">relOp</span></i> <span lang=
6924 "FR"> </span> <span style=
6925 'font-family:Symbol'>Þ</span> <span class=
6926 "Annot"><span style='font-size: 10.0pt'>==</span></span>
6927 <span lang="FR">|</span> <span class="Annot"><span style=
6928 'font-size:10.0pt'>></span></span> <span lang=
6929 "FR">|</span> <span class="Annot"><span style=
6930 'font-size:10.0pt'>>=</span></span> <span lang=
6931 "FR">|</span> <span class="Annot"><span style=
6932 'font-size:10.0pt'><</span></span> <span lang=
6933 "FR">|</span> <span class="Annot"><span style=
6934 'font-size:10.0pt'><=</span></span></p>
6935 <p class="TextFontCX" align="left" style=
6936 'margin-left: 22.5pt;text-align:left'><i><span lang=
6937 "FR">consExpr </span></i> <span style=
6938 'font-family:Symbol'>Þ</span> <i><span lang=
6939 "FR">consExpression binOp consExpr</span></i> | <i>unaryOp</i>
6940 <span class="Annot"><span style=
6941 'font-size:10.0pt'>(</span></span><i>consExpr</i>
6942 <span class="Annot"><span style=
6943 'font-size:10.0pt'>)</span></span> | <i>term</i></p>
6944 <p class="TextFontCX" align="left" style=
6945 'margin-left: 22.5pt;text-align:left'><i>binOp</i>
6946 <span style=
6947 'font-family:Symbol'>Þ</span> <span class=
6948 "Annot"><span style='font-size:10.0pt'>+</span></span> |
6949 <span class="Annot"><span style=
6950 'font-size:10.0pt'>-</span></span></p>
6951 <p class="TextFontCX" align="left" style=
6952 'margin-left: 22.5pt;text-align:left'><i>unaryOp</i>
6953 <span style='font-family:Symbol'>Þ</span> <span class=
6954 "Annot"><span style='font-size:10.0pt'>maxSet</span></span> |
6955 <span class="Annot"><span style=
6956 'font-size:10.0pt'>maxRead</span></span></p>
6957 <p class="TextFontCX" align="left" style=
6958 'margin-left: 22.5pt;text-align:left'><i>term</i>
6959 <span style=
6960 'font-family:Symbol'>Þ</span> <i>identifier</i> |
6961 <i>literal</i> | <span class="Annot"><span style=
6962 'font-size: 10.0pt'>result</span></span></p>
6963 <h2 style='margin-left:0in;text-indent:0in'><a name=
6964 "_Toc534975001">9.3<span style=
6965 'font:7.0pt "Times New Roman"'> </span>
6966 Less Stringent Checking</a></h2>
6967 <p class="TextFontCX">
6968 For some programs, Splint's standard bounds checking produces an
6969 unacceptably high number of warnings. Because of this, Splint now
6970 prioritizes warnings using a simple heuristic. The flags
6971 <span class="Flag"><span style=
6972 'font-size:10.0pt'>likely-bounds</span></span>, <span class=
6974 'font-size:10.0pt'>likely-bounds-writes</span></span>, and
6975 <span class="Flag"><span style=
6976 'font-size:10.0pt'>likely-bounds-read</span></span> are similar to
6977 <span class="Flag"><span style=
6978 'font-size:10.0pt'>bounds</span></span>,<span class=
6979 "Flag"><span style='font-size:10.0pt'>bounds-write</span></span>,
6980 and <span class="Flag"><span style=
6981 'font-size:10.0pt'>bounds-read</span></span>, but they only cause
6982 Splint to produce warnings for what it determines are likely bounds
6983 errors. Splint classifies an unresolved constraint as a likely
6984 bounds error if it can reduce the constraint to a numerical
6985 inconsistency such as <span class="Verbatim">5 >= 10</span>.
6986 Warnings for these constraints are more likely to be legitimate --
6987 indicating real bugs or the lack of annotations. Additionally, when
6988 these warnings are false positives, it is easier for humans to
6989 recognize them as spurious. These flags generate significantly
6990 fewer errors (an order of magnitude in some cases), and the errors
6991 generated are easier to understand. However, this does not come
6992 without cost. The checking is significantly less precise and is
6993 likely to miss real errors.</p>
6994 <h2 style='margin-left:0in;text-indent:0in'><a name=
6995 "_Toc534975001">9.4<span style=
6996 'font:7.0pt "Times New Roman"'> </span>
6998 <p class="TextFontCX">Since bounds checking is more complex than
6999 other checks done by Splint, memory bounds warnings contain
7000 extensive information about the unresolved constraint.
7001 Warning messages for unresolved constraints contain both the
7002 original constraints and the simplified form of the constraint
7003 which cannot be resolved. If the constraint was derived from
7004 a function precondition, the original precondition is included in
7005 the error message. If the <span class=
7006 "Flag"><span style='font-size:10.0pt'>+showconstraintlocation</span></span>
7007 flag is set, the message includes the expression that the
7008 constraint is derived from. The <span class=
7010 'font-size:10.0pt'>+showconstraintparens</span></span> flag
7011 directs Splint to display fully parenthesized constraints in
7012 warnings to remove ambiguity.</p>
7013 <p class="TextFontCX"> </p>
7014 <p class="TextFontCX">Consider the code excerpt below containing a
7015 trivial out-of-bounds write:</p>
7016 <p class="Verbatim"> </p>
7017 <p class="Verbatim" style='text-indent:.5in'>int buf[10];</p>
7018 <p class="Verbatim" style='text-indent:.5in'>buf[10] = 3;</p>
7019 <p class="TextFontCX"> </p>
7020 <p class="TextFontCX" style='margin-bottom:6.0pt'>Splint warns:</p>
7021 <p align="left" class="lclintrun" style='margin-left:.5in'>
7022 setChar.c:5:4: Likely out-of-bounds store:<br>
7023 buf[10] = 3</p>
7024 <p class="lclintrun" align="left" style='margin-left:.5in'>
7025 Unable to resolve constraint: requires 9 >=
7027 <p class="lclintrun" align="left" style=
7028 'margin-top:0in;margin-right:0in;margin-bottom:6.0pt; margin-left:.5in'>
7029 needed to satisfy precondition: requires
7030 maxSet(buf @ setChar.c:5:4) >= 10</p>
7031 <p class="TextFontCX">Splint has simplified the constraint from the
7032 <span class="Annot"><span style=
7033 'font-size:10.0pt'>requires</span></span> clause to
7034 <span class="CodeText"><span style='font-size:10.0pt'>9 >=
7035 10</span></span> by substituting for the known value of
7036 <span class="Annot"><span style=
7037 'font-size:10.0pt'>maxSet(buf)</span></span> and generated a
7038 warning because 9(the highest index of <span class=
7039 "CodeText"><span style='font-size:10.0pt'>buf</span></span>
7040 that may be safely written to) is not greater than or equal
7042 <p class="TextFontCX"> </p>
7043 <p class="TextFontCX">A more realistic example is shown Figure
7044 21. The function <span class="CodeText"><span style=
7045 'font-size:10.0pt'>updateEnv</span></span> is a naïve
7046 implementation of a function to copy an environmental
7047 variable. There is no standard restriction on the length of
7048 the return value of <span class="CodeText"><span style=
7049 'font-size:10.0pt'>getenv</span></span> so this can cause a buffer
7050 overflow. A safe version of <span class=
7051 "CodeText"><span style='font-size:10.0pt'>updateEnv</span></span>
7052 (such as <span class="CodeText"><span style=
7053 'font-size:10.0pt'>updateEnvSafe</span></span> in Figure 21) would
7054 ensure that the buffer is large enough to hold the environment
7055 variable string before copying.</p>
7056 <p class="TextFontCX"> </p>
7057 <p class="TextFontCX"> </p>
7058 <p class="TextFontCX">The <span class="Annot"><span style=
7059 'font-size:10.0pt'>requires</span></span> clause means Splint will
7060 report a warning if a call to <span class=
7061 "CodeText"><span style='font-size:10.0pt'>updateEnvSafe</span></span>
7062 passed in a buffer as <span class="CodeText"><span style=
7063 'font-size:10.0pt'>str</span></span> that is not big enough
7064 to hold the value passed as <span class=
7065 "CodeText"><span style=
7066 'font-size:10.0pt'>strSize</span></span> characters.</p>
7067 <p class="TextFontCX"> </p>
7068 <p class="TextFontCX">In many cases, functions will have multiple
7069 unresolved constraints which are similar. For example, if a
7070 subsequence statement writes to the next element of a buffer.
7071 Usually all these constraints represent all real problems or are
7072 all spurious. If the <span class="Flag"><span style=
7073 'font-size:10.0pt'>+redundantconstraints</span></span> flag is set,
7074 Splint reports even apparently redundant warning messages.
7075 Otherwise, if satisfying one unresolved constraint would imply
7076 satisfying another, Splint only prints a warning message for the
7077 stronger constraint.</p>
7078 <p class="TextFontCX"> </p>
7080 <table class="MsoNormalTable" border="0" cellspacing="0"
7081 cellpadding="0" style='margin-left:9.9pt;border-collapse:collapse'>
7083 <td valign="top" style=
7084 'width:202.5pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt;height:12.15pt'>
7085 <p class="TextFontCX" align="center" style='text-align:center'>
7086 <span class="Keyword"><b><span style=
7087 'font-size:10.0pt; color:white'>bounds.c</span></b></span></p></td>
7088 <td valign="top" style=
7089 'width:3.0in;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt;height:12.15pt'>
7090 <p class="TextFontCX" align="center" style='text-align:center'>
7091 <b><span style='color:white'>Running
7092 Splint</span></b></p></td></tr>
7094 <td valign="top" style=
7095 'width:202.5pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'>
7096 <p class="Verbatim"><span style=
7097 'font-family:Courier'> </span></p>
7098 <p class="Verbatim"><span style='font-family:Courier'>void
7099 updateEnv(char * str)</span></p>
7100 <p class="Verbatim"><span style='font-family:Courier'>{</span></p>
7101 <p class="Verbatim"><span style='font-family:Courier'>
7102 char * tmp;</span></p>
7103 <p class="Verbatim"><i><span style=
7104 'font-size:9.0pt;font-family:Courier'>7</span></i><span style='font-family:Courier'>
7105 tmp = getenv(“MYENV”);</span></p>
7106 <p class="Verbatim"><span style='font-family:Courier'>
7107 if (tmp != NULL)</span></p>
7108 <p class="Verbatim"><i><span style=
7109 'font-size:9.0pt;font-family:Courier'>9</span></i><span style='font-family:Courier'>
7110 strcpy (str, tmp);</span></p>
7111 <p class="Verbatim"><span style='font-family:Courier'>}</span></p>
7112 <p class="Verbatim"><span style=
7113 'font-family:Courier'> </span></p>
7114 <p class="Verbatim"><span style='font-family:Courier'>void
7115 updateEnvSafe (char * str,</span></p>
7116 <p class="Verbatim"><span style=
7117 'font-family:Courier'>
7118 size_t strSize)</span></p>
7119 <p class="Verbatim"><span style='font-family:Courier'> </span>
7120 <a href="mailto:/*@requires"><span style=
7121 'font-family:Courier'>/*@requires</span></a> <span style=
7122 'font-family:Courier'>maxSet(str)</span></p>
7123 <p class="Verbatim"><span style=
7124 'font-family:Courier'>
7125 >= strSize –1@*/</span></p>
7126 <p class="Verbatim"><span style='font-family:Courier'>{</span></p>
7127 <p class="Verbatim"><span style='font-family:Courier'>
7128 char * tmp;</span></p>
7129 <p class="Verbatim"><span style='font-family:Courier'>
7130 tmp = getenv(“MYENV”);</span></p>
7131 <p class="Verbatim"><span style='font-family:Courier'>
7132 if (tmp != NULL)</span></p>
7133 <p class="Verbatim"><span style='font-family:Courier'>
7135 <p class="Verbatim"><span style=
7136 'font-family:Courier'> strncpy (str,
7138 <p class="Verbatim"><span style=
7139 'font-family:Courier'>
7140 strSize -1);</span></p>
7141 <p class="Verbatim"><span style=
7142 'font-family:Courier'> str[strSize
7143 -1] = ‘/0’;</span></p>
7144 <p class="Verbatim"><span style='font-family:Courier'>
7146 <p class="Verbatim"><span style=
7147 'font-family:Courier'>}</span></p></td>
7148 <td valign="top" style=
7149 'width:3.0in;border-top:none;border-left:none; border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
7150 <p class="lclintrun">> splint bounds.c +bounds
7151 +showconstraintlocation</p>
7152 <p class="lclintrun"> </p>
7153 <p class="lclintrun">bounds.c:9: Possible out-of-bounds store:</p>
7154 <p class="lclintrun"> strcpy(str, tmp)</p>
7155 <p class="lclintrun"> Unable to resolve
7157 <p class="lclintrun"> requires maxSet(str @
7158 bounds.c:9) >=</p>
7159 <p class="lclintrun"> maxRead(getenv("MYENV") @
7161 <p class="lclintrun"> needed to satisfy
7163 <p class="lclintrun"> requires maxSet(str @
7164 bounds.c:9) >=</p>
7165 <p class="lclintrun"> maxRead(tmp @
7167 <p class="lclintrun"> derived from strcpy
7168 precondition: requires</p>
7169 <p class="lclintrun"> maxSet(<parameter 1>)
7171 <p class="lclintrun"> maxRead(<parameter
7172 2>)</p></td></tr></table>
7173 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
7175 <td valign="top" style=
7176 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
7177 <p class="MsoCaption"><a name="_Ref534909813"></a><a name=
7178 "_Ref534909817">Figure 21</a>. Memory
7179 Bounds</p></td></tr></table></center>
7182 <p class="TextFontCX">The <span class="Flag"><span style=
7183 'font-size:10.0pt'>+functionpost</span></span> flag is useful for
7184 determining if array bounds warnings are spurious. If this
7185 flag is set, Splint will print the constraints that it established
7186 at the end of the function. If the warnings are spurious,
7187 localized control comments can be used to suppress them.</p>
7188 <p class="TextFontCX"> </p>
7189 <p class="TextFontCX"> </p>
7190 <p class="TextFontCX"> </p>
7191 <h1 style='margin-left:0in;text-indent:0in'><a name=
7192 "_Toc534975002"></a><a name="_Ref534642928"></a><a name=
7193 "_Ref534642285">10<span style=
7194 'font:7.0pt "Times New Roman"'> </span>
7195 <a id="extensible" name="extensible">
7196 Extensible Checking</a></a></h1>
7197 <p class="TextFontCX">Splint provides mechanisms for defining new
7198 checks and annotations using metastate definitions.
7199 User-defined checks can be used to check and document properties
7200 not supported by the provided checks.<a href="#_ftn13" name=
7201 "_ftnref13" title=""><span class=
7202 "MsoFootnoteReference"><span class="MsoFootnoteReference"><span style='font-size:11.0pt;font-family:"Times New Roman"'>
7203 [13]</span></span></span></a></p>
7204 <p class="TextFontCX"> </p>
7205 <p class="TextFontCX">A large class of useful checks can be
7206 described as constraints on attributes associated with program
7207 objects or the global execution state. Unlike types, however, the
7208 values of these attributes can change along an execution
7209 path. Splint provides a general language that lets users
7210 define attributes associated with different kinds of program
7211 objects as well as rules that both constrain attributes’
7212 values at interface points and specify how attributes
7214 <p class="TextFontCX"> </p>
7215 <p class="TextFontCX">Because user-defined attribute checking is
7216 integrated with normal checking, Splint’s analysis of
7217 user-defined attributes can take advantage of other analyses, such
7218 as alias and nullness analysis.</p>
7219 <h2 style='margin-left:0in;text-indent:0in'><a name=
7220 "_Toc534975003">10.1<span style=
7221 'font:7.0pt "Times New Roman"'> </span>
7222 Defining Attributes</a></h2>
7223 <p class="TextFontCX">To define an attribute, create a metastate
7224 file (<span class="ProgramNameChar"><span style=
7225 'font-size: 10.0pt'>.mts</span></span>) that defined the possible
7226 values and transfer rules of the attribute. Attributes can
7227 either be associated with a particular kind of program object (for
7228 example, all <span class="CodeText"><span style=
7229 'font-size:10.0pt'>char *</span></span>’s) or with the global
7230 state (whether or not the network has been initialized). The
7231 <span class="Flag"><span style='font-size:10.0pt'>–mts
7232 <i><file></i></span></span> flag is used to direct Splint to
7233 read a metastate file (which will be found on the
7234 <span class="CodeText"><span style=
7235 'font-size:10.0pt'>LARCH_PATH</span></span> with default
7236 extension <span class="ProgramNameChar"><span style=
7237 'font-size:10.0pt'>.mts</span></span>).</p>
7238 <p class="TextFontCX"> </p>
7239 <p class="TextFontCX">An example attribute definition is shown in
7240 Figure 22. It defines the <span class=
7241 "Annot"><span style='font-size:10.0pt'>taintedness</span></span>
7242 attribute for recording whether or not a <span class=
7243 "CodeText"><span style='font-size: 10.0pt'>char
7244 *</span></span> came from a possibly untrustworthy
7245 source. Knowing whether a value is possibly hostile is
7246 useful for preventing several security vulnerabilities
7247 including format string bugs.<a href="#_ftn14" name=
7248 "_ftnref14" title=""><span class=
7249 "MsoFootnoteReference"><span class=
7250 "MsoFootnoteReference"><span style=
7251 'font-size:11.0pt;font-family:"Times New Roman"'>[14]</span></span></span></a>
7252 (A simpler way to detect format vulnerabilities is to warn
7253 for any format string that is unknown at compile time. Splint
7254 provides this checking, issuing a warning if the <span class=
7256 'font-size:10.0pt'>+formatconst</span></span> flag is set and
7257 finds any unknown format strings at compile time. This can
7258 produce spurious messages, however, because there might be
7259 unknown format strings that are not vulnerable to hostile
7261 <p class="TextFontCX"> </p>
7262 <p class="TextFontCX">The first three lines of the attribute
7263 definition define the <span class="Annot"><span style=
7264 'font-size:10.0pt'>taintedness</span></span> attribute associated
7265 with <span class="CodeText"><span style='font-size:10.0pt'>char
7266 *</span></span> objects, which can be in one of two states:
7267 <span class="Annot"><span style=
7268 'font-size:10.0pt'>untainted</span></span> or <span class=
7269 "Annot"><span style='font-size:10.0pt'>tainted</span></span>.
7270 The <span class="Annot"><span style=
7271 'font-size:10.0pt'>context</span></span> clause gives a context
7272 selector for which objects have the attribute. In this
7273 case, <span class="Annot"><span style='font-size:10.0pt'>reference
7274 char *</span></span> means that every reference that is a
7275 <span class="CodeText"><span style='font-size:10.0pt'>char
7276 *</span></span> has an associated <span class=
7277 "Annot"><span style='font-size:10.0pt'>taintedness</span></span>
7278 attribute. Other contexts include <span class=
7279 "Annot"><span style=
7280 'font-size: 10.0pt'>parameter</span></span> (only parameter
7281 declarations), <span class="Annot"><span style=
7282 'font-size:10.0pt'>literal</span></span> (only string or
7283 number literals), and <span class="Annot"><span style=
7284 'font-size:10.0pt'>null</span></span> (only known
7285 <span class="CodeText"><span style=
7286 'font-size:10.0pt'>NULL</span></span> values).
7287 Attribute can also be defined that are not associated with
7288 any particular object, but instead are associated with the
7289 global state of a program execution. The <span class=
7290 "Annot"><span style='font-size:10.0pt'>global</span></span>
7291 keyword is used before <span class="Annot"><span style=
7292 'font-size:10.0pt'>attribute</span></span> to define a global
7294 <p class="TextFontCX"> </p>
7295 <p class="TextFontCX">The <span class="Annot"><span style=
7296 'font-size:10.0pt'>oneof</span></span> clause introduces two
7297 identifiers for representing the <span class=
7298 "Annot"><span style='font-size:10.0pt'>taintedness</span></span>
7299 value: <span class="Annot"><span style=
7300 'font-size:10.0pt'>untainted</span></span> for references
7301 that are not derived from untrustworthy input, and
7302 <span class="Annot"><span style=
7303 'font-size:10.0pt'>tainted</span></span> for references that
7304 may contain hostile data. </p>
7305 <p class="TextFontCX"> </p>
7306 <p class="TextFontCX">The <span class="Annot"><span style=
7307 'font-size:10.0pt'>annotations</span></span> clause defines two new
7308 annotations that may be used to describe <span class=
7309 "Annot"><span style='font-size:10.0pt'>taintedness</span></span>
7310 assumptions. In this case, the annotations match the names of
7311 the value choices, but they may be any identifier. The clause
7312 <span class="Annot"><span style='font-size:10.0pt'>tainted
7313 <b>reference ==></b> tainted</span></span> defines the
7314 <span class="Annot"><span style=
7315 'font-size:10.0pt'>tainted</span></span> annotation that may be
7316 used on a reference to indicate that it has <span class=
7317 "Annot"><span style='font-size: 10.0pt'>tainted</span></span>
7320 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
7322 <td valign="top" align="left" height="264" style=
7323 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
7324 <p class="Verbatim"><span class="Annot"><b>attribute</b></span>
7325 <span class="Annot">taintedness</span></p>
7326 <p class="Verbatim"><span class="Annot"> <b>context</b>
7327 <b>reference</b> char *</span></p>
7328 <p class="Verbatim"><span class="Annot"> <b>oneof</b>
7329 untainted, tainted</span></p>
7330 <p class="Verbatim"><span class="Annot">
7331 <b>annotations</b></span></p>
7332 <p class="Verbatim"><span class="Annot">
7333 tainted <b>reference ==></b> tainted</span></p>
7334 <p class="Verbatim"><span class="Annot">
7335 untainted <b>reference ==></b> untainted</span></p>
7336 <p class="Verbatim"><span class="Annot">
7337 <b>transfers</b></span></p>
7338 <p class="Verbatim"><span class="Annot">
7339 tainted <b>as</b> untainted <b>==> error</b> "Possibly tainted
7340 storage used where untainted required."</span></p>
7341 <p class="Verbatim"><span class="Annot">
7342 <b>merge</b></span></p>
7343 <p class="Verbatim"><span class=
7344 "Annot"> tainted <b>+</b> untainted
7345 <b>==></b> tainted</span></p>
7346 <p class="Verbatim"><span class="Annot">
7347 <b>defaults</b></span></p>
7348 <p class="Verbatim"><span class=
7349 "Annot"> reference <b>==></b>
7351 <p class="Verbatim"><span class="Annot">
7352 literal <b>==></b> untainted</span></p>
7353 <p class="Verbatim"><span class=
7354 "Annot"> null <b>==></b>
7355 untainted</span></p>
7356 <p class="Verbatim"><span class="Annot"><b>end</b></span></p>
7357 <p class="MsoCaption"><a name="_Ref534921559">Figure 22</a>.
7358 Taintedness Attribute</p></td></tr></table></center>
7361 <p class="TextFontCX"> </p>
7362 <p class="TextFontCX">The <span class="Annot"><span style=
7363 'font-size:10.0pt'>transfers</span></span> clause defines rules for
7364 state changes and warning when objects are passed as parameters,
7365 returned, or assigned to externally visible references. The
7366 rule, <span class="Annot"><span style='font-size:10.0pt'>tainted
7367 <b>as</b> untainted <b>==> error</b> "Possibly tainted storage
7368 used where untainted required."</span></span>, means it is an error
7369 to pass a <span class="Annot"><span style=
7370 'font-size:10.0pt'>tainted</span></span> value as a parameter that
7371 has <span class="Annot"><span style=
7372 'font-size:10.0pt'>untainted</span></span> taintedness. All
7373 other transfers are implicitly permitted, and leave the passed
7374 storage in the same state as before the transfer. We may also
7375 use a <span class="Annot"><span style=
7376 'font-size:10.0pt'>transfers</span></span> clause to indicate that
7377 the reference changes state after a transfer. A
7378 <span class="Annot"><span style=
7379 'font-size:10.0pt'>losereference</span></span> clause (not
7380 used in taintedness) is similar to a <span class=
7381 "Annot"><span style=
7382 'font-size:10.0pt'>transfers</span></span> clause, except it
7383 is used to provide rules for when a reference to storage is
7384 lost, either by leaving the scope in which it was declared,
7385 returning from a function, or assigning it to a new
7387 <p class="TextFontCX"> </p>
7388 <p class="TextFontCX">The <span class="Annot"><span style=
7389 'font-size:10.0pt'>merge</span></span> clause defined rules for
7390 combining state along paths. The clause<span class=
7391 "Annot"><span style='font-size:10.0pt'>merge tainted + untainted
7392 ==> tainted</span></span> indicates that combining
7393 <span class="Annot"><span style=
7394 'font-size:10.0pt'>tainted</span></span> and <span class=
7395 "Annot"><span style=
7396 'font-size:10.0pt'>untainted</span></span> objects produces a
7397 <span class="Annot"><span style=
7398 'font-size:10.0pt'>tainted</span></span> object. Thus, if a
7399 reference is <span class="Annot"><span style=
7400 'font-size:10.0pt'>tainted</span></span> along one control
7401 path and <span class="Annot"><span style=
7402 'font-size:10.0pt'>untainted</span></span> along another
7403 control path, checking assumes that it is <span class=
7404 "Annot"><span style=
7405 'font-size:10.0pt'>tainted</span></span>after the two
7406 branches merge. It is also used to merge taintedness states
7407 in function specifications (see the <span class=
7408 "CodeText"><span style=
7409 'font-size:10.0pt'>strcat</span></span> example in the next
7410 section). We can also define error combinations so that
7411 a warning is reported if the states on different paths are
7413 <p class="TextFontCX"> </p>
7414 <p class="TextFontCX">The <span class="Annot"><span style=
7415 'font-size:10.0pt'>defaults</span></span> clause specifies default
7416 values used for declarators without explicit attribute annotations.
7417 We choose default values to make it easy to start checking an
7418 unannotated program. Here we assume unannotated references are
7419 <span class="Annot"><span style=
7420 'font-size:10.0pt'>tainted</span></span> and Splint will report a
7421 warning where unannotated references are passed to functions that
7422 require untainted parameters. The warnings indicate either a format
7423 bug in the code or a place where an <span class=
7424 "Annot"><span style='font-size:10.0pt'>untainted</span></span>
7425 annotation should be added. Running Splint again after adding
7426 the annotation will propagate the newly documented assumption
7427 through the program.</p>
7428 <p class="TextFontCX"> </p>
7429 <p class="TextFontCX" style='margin-bottom:6.0pt'>The full grammar
7430 for metastate definitions is given in Appendix C.</p>
7431 <h2 style='margin-left:0in;text-indent:0in'><a name=
7432 "_Toc534975004">10.2<span style=
7433 'font:7.0pt "Times New Roman"'> </span>
7434 Annotations</a></h2>
7435 <p class="TextFontCX">The annotations defined by metastate
7436 definitions can be used like normal annotations. The context
7437 specifier for an annotation indicates where it may be used.
7438 For the taintedness example, we can use <span class=
7439 "Annot"><span style='font-size:10.0pt'>tainted</span></span> and
7440 <span class="Annot"><span style=
7441 'font-size:10.0pt'>untainted</span></span> as annotations wherever
7442 <span class="Annot"><span style=
7443 'font-size:10.0pt'>only</span></span> could be used. This
7444 includes <span class="Annot"><span style=
7445 'font-size:10.0pt'>ensures</span></span> and <span class=
7446 "Annot"><span style='font-size:10.0pt'>requires</span></span>
7447 clauses, which allows us to specify functions that modify state
7448 associated with metastate definitions. The syntax
7449 <span class="Annot"><i><span style=
7450 'font-size: 10.0pt'><expr></span></i></span><span class="Annot">
7452 'font-size: 10.0pt'>:<i><attribute></i></span></span> is used
7453 to refer to the value of the user-defined attribute for expression
7454 <span class="Annot"><i><span style=
7455 'font-size:10.0pt'><expr></span></i></span>. </p>
7456 <p class="TextFontCX"> </p>
7457 <p class="TextFontCX">It is often necessary to extend the library
7458 specifications with metastate annotations. We don’t
7459 want to have different versions of the library for different
7460 metastate annotations, so instead Splint provides a mechanism for
7461 adding annotations separately using an <span class=
7462 "ProgramNameChar"><span style='font-size:10.0pt'>.xh</span></span>
7463 file. For the taintedness example, we do this by providing
7464 annotated declarations in the <span class=
7465 "ProgramNameChar"><span style=
7466 'font-size:10.0pt'>tainted.xh</span></span> file. Example
7467 specifications in this file include:</p>
7468 <p class="TextFontCX"> </p>
7469 <p class="Verbatim">int printf (/*@untainted@*/ char *fmt,
7471 <p class="Verbatim"> </p>
7472 <p class="Verbatim">char *fgets (char *s, int n, FILE *stream)
7473 /*@ensures tainted s@*/ ;</p>
7474 <p class="Verbatim"> </p>
7475 <p class="Verbatim">char *strcat (/*@returned@*/ char *s1,
7477 <p class="Verbatim"> /*@ensures s1:taintedness =
7478 s1:taintedness | s2:taintedness @*/</p>
7479 <p class="TextFontCX"> </p>
7480 <p class="TextFontCX">The <span class="CodeText"><span style=
7481 'font-size:10.0pt'>strcat</span></span> specification uses
7482 <span class="Annot"><span style='font-size:10.0pt'>/*@ensures
7483 s1:taintedness = s1:taintedness | s2:taintedness @*/</span></span>
7484 to indicate that the taintedness of <span class=
7485 "CodeText"><span style='font-size:10.0pt'>s1</span></span> after
7486 <span class="CodeText"><span style=
7487 'font-size:10.0pt'>strcat</span></span> returns is the result of
7488 merging the taintedness of <span class=
7489 "CodeText"><span style='font-size:10.0pt'>s1</span></span>
7490 and <span class="CodeText"><span style=
7491 'font-size:10.0pt'>s2</span></span> before the call.
7492 Because the parameters lack annotations, they are implicitly
7493 tainted according to the default rules and either untainted
7494 or tainted references can be passed as parameters to
7495 <span class="CodeText"><span style=
7496 'font-size:10.0pt'>strcat</span></span>. The <span class=
7497 "Annot"><span style='font-size:10.0pt'>ensures</span></span>
7498 clause means that after <span class="CodeText"><span style=
7499 'font-size:10.0pt'>strcat</span></span> returns the first
7500 parameter (and the result, because of the returned annotation
7501 on <span class="CodeText"><span style=
7502 'font-size:10.0pt'>s1</span></span>) will be tainted if
7503 either passed object was tainted. Splint merges the two
7504 taintedness states using the attribute definition
7505 rules—hence, if the <span class="CodeText"><span style=
7506 'font-size:10.0pt'>s1</span></span> parameter is untainted
7507 and the <span class="CodeText"><span style=
7508 'font-size:10.0pt'>s2</span></span> parameter is tainted, the
7509 result and first parameter will be tainted after <span class=
7510 "CodeText"><span style=
7511 'font-size:10.0pt'>strcat</span></span> returns.</p>
7512 <p class="TextFontCX"> </p>
7513 <h1 style='margin-left:0in;text-indent:0in'><a name=
7514 "_Toc534975006"></a><a name="_Ref534642895"></a><a name=
7515 "_Ref534642215">11<span style=
7516 'font:7.0pt "Times New Roman"'> </span>
7517 <a id="macros" name="macros">
7519 <p class="TextFontCX">Macros are commonly used in C programs to
7520 implement constants or to mimic functions without the overhead of a
7521 function call. Macros that are used to implement functions
7522 are a persistent source of bugs in C programs, since they may not
7523 behave like the intended function when they are invoked with
7524 certain parameters or used in certain syntactic contexts. </p>
7525 <p class="TextFontCX"> </p>
7526 <p class="TextFontCX">Splint eliminates most of the potential
7527 problems by detecting macros with dangerous implementations and
7528 dangerous macro invocations. Whether or not a macro
7529 definition is checked or expanded normally depends on flag settings
7530 and control comments (see Section 11.3). Stylized macros can
7531 also be used to define control structures for iterating through
7532 many values (see Section 11.4).</p>
7533 <h2 style='margin-left:0in;text-indent:0in'><a name=
7534 "_Toc534975007"></a><a name="_Ref361651263"></a><a name=
7535 "_Ref344916524"></a><a name="_Ref344908437"></a><a name=
7536 "_Toc344355419">11.1<span style=
7537 'font:7.0pt "Times New Roman"'> </span>
7538 Constant Macros</a></h2>
7539 <p class="TextFontCX">Macros may be used to implement
7540 constants. To get type-checking for constant macros, use the
7541 <span class="Annot"><span style=
7542 'font-size:10.0pt'>constant</span></span> annotation. For
7544 <p class="example">/*@constant null char *mstring_undefined@*/</p>
7545 <p class="TextFontCX">Declared constants are not expanded and are
7546 checked according to the declaration. A constant with a
7547 <span class="Annot"><span style=
7548 'font-size:10.0pt'>null</span></span> annotation may be used as
7549 <span class="Annot"><span style=
7550 'font-size:10.0pt'>only</span></span> storage.</p>
7551 <h2 style='margin-left:0in;text-indent:0in'><a name=
7552 "_Toc534975008"></a><a name="_Toc344355420"></a><a name=
7553 "_Ref343363760">11.2<span style=
7554 'font:7.0pt "Times New Roman"'> </span>
7555 Function-like Macros</a></h2>
7556 <p class="TextFontCX">Using macros to imitate functions is
7557 notoriously dangerous. Consider this broken macro for
7558 squaring a number:</p>
7559 <p class="example"># define square(x) x * x</p>
7560 <p class="TextFontCX">This works fine for a simple invocation like
7561 <span class="CodeText"><span style=
7562 'font-size:10.0pt'>square(i)</span></span>. It behaves
7563 unexpectedly, though, if it is instantiated with a parameter that
7564 has a side effect. For example, <span class=
7565 "CodeText"><span style=
7566 'font-size: 10.0pt'>square(i++)</span></span> expands to
7567 <span class="CodeText"><span style='font-size:10.0pt'>i++ *
7568 i++</span></span>. Not only does this give the incorrect
7569 result, it has undefined behavior since the order in which the
7570 operands are evaluated is not defined. (See Section 8.2 for
7571 more information on how expressions exhibiting undefined evaluation
7572 order behavior are detected by Splint.) To correct the
7573 problem we either need to rewrite the macro so that its parameter
7574 is evaluated exactly once, or prevent clients from invoking the
7575 macro with a parameter that has a side effect. </p>
7576 <p class="TextFontCX"> </p>
7577 <p class="TextFontCX">Another possible problem with macros is that
7578 they may produce unexpected results because of operator precedence
7579 rules. The instantiation, <span class=
7580 "CodeText"><span style='font-size:10.0pt'>square(i+1)</span></span>
7581 expands to <span class="CodeText"><span style=
7582 'font-size:10.0pt'>i+1*i+1</span></span>, which evaluates to
7583 <span class="CodeText"><span style=
7584 'font-size:10.0pt'>i+i+1</span></span> instead of the square
7585 of <span class="CodeText"><span style=
7586 'font-size:10.0pt'>i+1</span></span>. To ensure the
7587 expected behavior, the macro parameter should be enclosed in
7588 parentheses where it is used in the macro body.</p>
7589 <p class="TextFontCX"> </p>
7590 <p class="TextFontCX">Macros may also behave unexpectedly if they
7591 are not syntactically equivalent to an expression. Consider
7592 the macro definition,</p>
7593 <p class="example"># define incCounts() ntotal++;
7595 <p class="TextFontCX">This works fine, unless it is used as a
7596 statement. For example,</p>
7597 <p class="example">if (x < 3) incCounts();</p>
7598 <p class="TextFontCX">increments <span class=
7599 "CodeText"><span style='font-size:10.0pt'>ntotal</span></span>
7600 if <span class="CodeText"><span style='font-size:10.0pt'>x
7601 < 3</span></span> but always increments <span class=
7602 "CodeText"><span style=
7603 'font-size:10.0pt'>ncurrent</span></span>.</p>
7604 <p class="TextFontCX"> </p>
7605 <p class="TextFontCX">One solution is to use the comma operator to
7606 define the macro:</p>
7607 <p class="example"># define incCounts() (ntotal++,
7609 <p class="beforelist">More complicated macros can be written using
7610 a <span class="CodeText"><span style='font-size:10.0pt'>do …
7611 while</span></span> construction:</p>
7612 <p class="Verbatim"> # define incCounts() \</p>
7613 <p class="Verbatim"> do { ntotal++;
7614 ncurrent++; } while (FALSE)</p>
7615 <p class="afterlist">Splint detects these pitfalls in macro
7616 definitions, and checks that a macro behaves as much like a
7617 function as possible. A client should only be able to tell
7618 that a function was implemented by a macro if it attempts to use
7619 the macro as a pointer to a function.</p>
7620 <p class="MsoListBullet"> </p>
7621 <p class="beforelist">Splint does these checks on a macro
7622 definition corresponding to a function:</p>
7623 <p class="MsoListBullet"><span style=
7624 'font-family:Symbol'>·<span style=
7625 'font:7.0pt "Times New Roman"'> </span></span>
7626 Each parameter to a macro (except those declared to be side effect
7627 free, see Section 11.2.1) must be used exactly once in all possible
7628 executions of the macro, so side effecting arguments behave as
7629 expected.<a href="#_ftn15" name="_ftnref15" title=
7630 ""><span class="MsoFootnoteReference"><span class=
7631 "MsoFootnoteReference"><span style=
7632 'font-size:11.0pt;font-family:"Times New Roman"'>[15]</span></span></span></a>
7633 (Controlled by <span class="Flag"><span style=
7634 'font-size:10.0pt'>macroparams</span></span>.)</p>
7635 <p class="MsoListBullet"><span style=
7636 'font-family:Symbol'>·<span style=
7637 'font:7.0pt "Times New Roman"'> </span></span>
7638 A parameter to a macro may not be used as the left-hand side of an
7639 assignment expression or as the operand of an increment or
7640 decrement operator in the macro text, since this produces
7641 non-functional behavior. (Controlled by <span class=
7643 'font-size:10.0pt'>macroassign</span></span>.)</p>
7644 <p class="MsoListBullet"><span style=
7645 'font-family:Symbol'>·<span style=
7646 'font:7.0pt "Times New Roman"'> </span></span>
7647 Macro parameters must be enclosed in parentheses when they are used
7648 in potentially dangerous contexts. (Controlled by
7649 <span class="Flag"><span style=
7650 'font-size: 10.0pt'>macroparens</span></span>.)</p>
7651 <p class="MsoListBullet"><span style=
7652 'font-family:Symbol'>·<span style=
7653 'font:7.0pt "Times New Roman"'> </span></span>
7654 A macro definition must be syntactically equivalent to a statement
7655 when it is invoked followed by a semicolon. (Controlled by
7656 <span class="Flag"><span style=
7657 'font-size:10.0pt'>macrostmt</span></span>.)</p>
7658 <p class="MsoListBullet"><span style=
7659 'font-family:Symbol'>·<span style=
7660 'font:7.0pt "Times New Roman"'> </span></span>
7661 The type of the macro body must match the return type of the
7662 corresponding function. If the macro is declared with type
7663 <span class="CodeText"><span style=
7664 'font-size:10.0pt'>void</span></span>, its body may have any type
7665 but the macro value may not be used.</p>
7666 <p class="MsoListBullet"><span style=
7667 'font-family:Symbol'>·<span style=
7668 'font:7.0pt "Times New Roman"'> </span></span>
7669 All variables declared in the body of a macro definition must be in
7670 the macro variable namespace, so they do not conflict with
7671 variables in the scope where the macro is invoked (which may be
7672 used in the macro parameters). By default, the macro
7673 namespace is all names prefixed by <span class=
7674 "CodeText"><span style='font-size:10.0pt'>m_</span></span>.
7675 (See Section 12.2 for information on controlling namespaces.)</p>
7676 <p class="afterlist">At the call site, a macro is checked like any
7677 other function call.</p>
7678 <h3 style='margin-left:0in;text-indent:0in'><a name=
7679 "_Toc534975009"></a><a name="_Toc344355421"></a><a name=
7680 "_Ref343109609">11.2.1<span style=
7681 'font:7.0pt "Times New Roman"'> </span> Side
7682 Effect Free Parameters</a></h3>
7683 <p class="beforelist">Suppose we really do want to implement
7684 <span class="CodeText"><span style=
7685 'font-size:10.0pt'>square</span></span> as a macro, but want do so
7686 in a safe way. One way to do this is to require that it is
7687 never invoked with a parameter that has a side effect. Splint
7688 will check that this constraint holds, if the parameter is
7689 annotated to be side effect free. That is, the expression
7690 corresponding to this parameter must not modify any state, so it
7691 does not matter how many times it is evaluated. The
7692 <span class="Annot"><span style=
7693 'font-size:10.0pt'>sef</span></span> annotation is used to denote a
7694 parameter that may not have any side effects:</p>
7695 <p class="Verbatim"><span style='font-size:9.5pt'>
7696 extern int square (/*@sef@*/ int x);</span></p>
7697 <p class="Verbatim"><span style='font-size:9.5pt'> #
7698 define square(x) ((x) *(x))</span></p>
7699 <p class="afterlist">Now, Splint will not report an error checking
7700 the definition of <span class="CodeText"><span style=
7701 'font-size:10.0pt'>square</span></span> even though
7702 <span class="CodeText"><span style=
7703 'font-size:10.0pt'>x</span></span> is used more than
7705 <p class="TextFontCX"> </p>
7706 <p class="TextFontCX">A message will be reported, however, if
7707 <span class="CodeText"><span style=
7708 'font-size:10.0pt'>square</span></span> is invoked with a parameter
7709 that has a side effect. For the code fragment,</p>
7710 <p class="example">square (i++)</p>
7711 <p class="beforelist">Splint produces the message:</p>
7712 <p class="Verbatim"> <span style=
7713 'font-family:Arial'>Parameter 1 to square is declared sef,</span>
7714 <span style='font-family:Arial'>but the argument may modify:
7716 <p class="betweenlists">It is also an error to pass a macro
7717 parameter that is not annotated with <span class=
7718 "Annot"><span style='font-size:10.0pt'>sef</span></span> as a
7719 <span class="Annot"><span style=
7720 'font-size:10.0pt'>sef</span></span> macro parameter in the body of
7721 a macro definition. For example,</p>
7722 <p class="Verbatim"><span style='font-size:9.5pt'>
7723 extern int sumsquares (int x, int y);</span></p>
7724 <p class="Verbatim"><span style='font-size:9.5pt'> #
7725 define sumsquares(x,y) (square(x) + square(y))</span></p>
7726 <p class="afterlist">Although <span class=
7727 "CodeText"><span style='font-size:10.0pt'>x</span></span>
7728 only appears once in the definition of <span class=
7729 "CodeText"><span style=
7730 'font-size:10.0pt'>sumsquares</span></span> it will be
7731 evaluated twice since <span class="CodeText"><span style=
7732 'font-size:10.0pt'>square</span></span> is expanded.</p>
7733 <p class="TextFontCX"> </p>
7734 <p class="TextFontCX">A parameter may be passed as a
7735 <span class="Annot"><span style=
7736 'font-size:10.0pt'>sef</span></span> parameter without an
7737 error being reported, if Splint can determine that evaluating
7738 the parameter has no side effects. For function calls,
7739 the modifies clause is used to determine if a side effect is
7740 possible.<a href="#_ftn16" name="_ftnref16" title=
7741 ""><span class="MsoFootnoteReference"><span class=
7742 "MsoFootnoteReference"><span style=
7743 'font-size:11.0pt;font-family:"Times New Roman"'>[16]</span></span></span></a>
7744 To prevent many spurious errors, if the called function has
7745 no modifies clause, Splint will report an error only if
7746 <span class="Flag"><span style=
7747 'font-size: 10.0pt'>sef-uncon</span></span> is on.
7748 Justifiably paranoid programmers will insist on setting
7749 <span class="Flag"><span style=
7750 'font-size:10.0pt'>sef-uncon</span></span> on, and will add
7751 modifies clauses to unconstrained functions that are used in
7752 <span class="Annot"><span style=
7753 'font-size:10.0pt'>sef</span></span> macro arguments.</p>
7754 <p class="TextFontCX"> </p>
7755 <p class="beforelist">One common application of macros is to get
7756 around the lack of polymorphism in C. We can use the
7757 <span class="Annot"><span style='font-size: 10.0pt'>/*@alt
7758 <type>,<sup>+</sup>@></span></span> syntax (see
7759 Section 4.4) to indicate that an alternate type may be used.
7761 <p class="Verbatim"><span style='font-size:9.5pt'> extern int
7762 /*@alt float@*/ square (/*@sef@*/ int /*@alt float@*/
7764 <p class="Verbatim"><span style='font-size:9.5pt'> # define
7765 square(x) ((x) *(x))</span></p>
7766 <p class="afterlist">declares <span class=
7767 "CodeText"><span style='font-size:10.0pt'>square</span></span>
7768 for both <span class="CodeText"><span style=
7769 'font-size:10.0pt'>int</span></span>s and <span class=
7770 "CodeText"><span style=
7771 'font-size:10.0pt'>float</span></span>s. Note however,
7772 that the return type is either <span class=
7773 "CodeText"><span style='font-size:10.0pt'>int</span></span>
7774 or <span class="CodeText"><span style=
7775 'font-size:10.0pt'>float</span></span>, regardless of the
7776 actual parameter type. This is weaker than what is
7777 actually known about the return type.</p>
7778 <h2 style='margin-left:0in;text-indent:0in'><a name=
7779 "_Toc534975010"></a><a name="_Ref347227227">11.3<span style=
7780 'font:7.0pt "Times New Roman"'> </span>
7781 Controlling Macro Checking</a></h2>
7782 <p class="TextFontCX">By default, Splint expands macros normally
7783 and checks the resulting code after macros have been
7784 expanded. Flags and control comments may be used to control
7785 which macros are expanded and which are checked as functions or
7787 <p class="TextFontCX"> </p>
7788 <p class="TextFontCX">If the <span class="Flag"><span style=
7789 'font-size:10.0pt'>fcn-macros</span></span> flag is on, Splint
7790 assumes all macros defined with parameter lists implement functions
7791 and checks them accordingly. Parameterized macros are not
7792 expanded and are checked as functions with unknown result and
7793 parameter types (or using the types in the prototype, if one is
7794 given). The analogous flag for macros that define constants
7795 is <span class="Flag"><span style=
7796 'font-size:10.0pt'>const-macros</span></span>. If it is on,
7797 macros with no parameter lists are assumed to be constants, and
7798 checked accordingly. The <span class=
7799 "Flag"><span style='font-size:10.0pt'>all-macros</span></span>
7800 flag sets both <span class="Flag"><span style=
7801 'font-size:10.0pt'>fcn-macros</span></span> and <span class=
7803 'font-size:10.0pt'>const-macros</span></span>. If the
7804 <span class="Flag"><span style=
7805 'font-size:10.0pt'>macro-fcn-decl</span></span> flag is
7806 set, a message reports parameterized macros with no
7807 corresponding function prototype. If the <span class=
7809 'font-size:10.0pt'>macro-const-decl</span></span> flag
7810 is set, a similar message reports macros with no parameters
7811 that have no corresponding constant declaration.</p>
7812 <p class="TextFontCX"> </p>
7813 <p class="beforelist">The macro checks described in the previous
7814 sections make sense only for macros that are intended to replace
7815 functions or constants. When <span class=
7816 "Flag"><span style='font-size:10.0pt'>fcnmacros</span></span>
7817 or <span class="Flag"><span style=
7818 'font-size:10.0pt'>constmacros</span></span> is on, more
7819 general macros need to be marked so they will not be checked
7820 as functions or constants, and will be expanded
7821 normally. Macros that are not meant to behave like
7822 functions should be preceded by the /<span class=
7823 "Annot"><span style=
7824 'font-size:10.0pt'>*@notfunction@*/</span></span>comment.
7826 <p class="Verbatim"><span style='font-size:9.5pt'>
7827 /*@notfunction@*/</span></p>
7828 <p class="Verbatim"><span style='font-size:9.5pt'> #
7829 define forever for(;;)</span></p>
7830 <p class="afterlist">Macros preceded by <span class=
7831 "Annot"><span style='font-size: 10.0pt'>notfunction</span></span>
7832 are expanded normally before regular checking is done. If a
7833 macro that is not syntactically equivalent to a statement without a
7834 semi-colon (e.g., a macro which enters a new scope) is not preceded
7835 by <span class="Annot"><span style=
7836 'font-size:10.0pt'>notfunction</span></span>, parse errors may
7837 result when <span class="Flag"><span style=
7838 'font-size:10.0pt'>fcn-macros</span></span> or
7839 <span class="Flag"><span style=
7840 'font-size:10.0pt'>const-macros</span></span> is on.</p>
7841 <h2 style='margin-left:0in;text-indent:0in'><a name=
7842 "_Ref345771875"></a><a name="_Ref345489124"></a><a name=
7843 "_Toc344355423"></a><a name="_Toc534975011"></a><a name=
7844 "_Ref361651257"></a><a name="_Ref349897909"></a><a name=
7845 "_Ref344916532"></a><a name="_Ref344908410"></a><a name=
7846 "_Toc344355424">11.4<span style=
7847 'font:7.0pt "Times New Roman"'> </span>
7849 <p class="TextFontCX">It is often useful to be able to execute the
7850 same code for many different values. For example, we may want
7851 to sum all elements in an <span class="CodeText"><span style=
7852 'font-size:10.0pt'>intSet</span></span> that represents a set of
7853 integers. If <span class="CodeText"><span style=
7854 'font-size:10.0pt'>intSet</span></span> is an abstract type, there
7855 is no easy way of doing this in a client module without depending
7856 on the concrete representation of the type. Instead, we could
7857 provide such a mechanism as part of the type’s
7858 implementation. We call a mechanism for looping through many
7859 values an <i>iterator</i>.</p>
7860 <p class="TextFontCX"> </p>
7861 <p class="TextFontCX">The C language provides no mechanism for
7862 creating user-defined iterators. Splint supports a stylized
7863 form of iterators declared using syntactic comments and defined
7865 <p class="TextFontCX"> </p>
7866 <p class="TextFontCX">Iterator declarations are similar to function
7867 declarations except instead of returning a value, they assign
7868 values to their <span class="Annot"><span style=
7869 'font-size:10.0pt'>yield</span></span> parameters in each
7870 iteration. For example, we could add this iterator
7871 declaration to <span class="Keyword"><span style=
7872 'font-size:10.0pt;font-family: Arial;color:windowtext'>intSet.h</span></span>:</p>
7873 <p class="example">/*@iter intSet_elements (intSet s, yield int
7875 <p class="TextFontCX">The <span class="Annot"><span style=
7876 'font-size:10.0pt'>yield</span></span> annotation means that the
7877 variable passed as the second actual argument is declared as a
7878 local variable of type <span class="CodeText"><span style=
7879 'font-size:10.0pt'>int</span></span> and assigned a value in each
7881 <h3 style='margin-left:0in;text-indent:0in'><a name=
7882 "_Toc534975012">11.4.1<span style=
7883 'font:7.0pt "Times New Roman"'> </span> Defining
7885 <p class="beforelist">An iterator is defined using a macro.
7886 Here’s one (not particularly efficient) way of defining
7887 <span class="CodeText"><span style=
7888 'font-size:10.0pt'>intSet_elements</span></span>:</p>
7889 <p class="Verbatim"> typedef /*@abstract@*/ struct
7891 <p class="Verbatim"> int
7893 <p class="Verbatim"> int
7895 <p class="Verbatim"> } intSet;</p>
7896 <p class="Verbatim"> …</p>
7897 <p class="Verbatim"> # define intSet_elements(s,m_el)
7899 <p class="Verbatim"> { int m_i; \</p>
7900 <p class="Verbatim"> for (m_i =
7901 (0); m_i <= ((s)->nelements); m_i++) { \</p>
7902 <p class="Verbatim">
7903 int
7904 m_el = (s)->elements[(m_i)];</p>
7905 <p class="Verbatim"> </p>
7906 <p class="Verbatim"> # define end_intSet_elements
7908 <p class="afterlist">Each time through the loop, the yield
7909 parameter <span class="CodeText"><span style=
7910 'font-size:10.0pt'>m_el</span></span> is assigned to the next
7911 value. After each value has been assigned to
7912 <span class="CodeText"><span style=
7913 'font-size:10.0pt'>m_el</span></span> for one iteration, the
7914 loop terminates. Variables declared by the iterator
7915 macro (including the <span class="Annot"><span style=
7916 'font-size:10.0pt'>yield</span></span> parameter) are
7917 preceded by the macro variable namespace prefix <span class=
7918 "CodeText"><span style='font-size:10.0pt'>m_</span></span>
7919 (see Section 11.2) to avoid conflicts with variables defined
7920 in the scope where the iterator is used.</p>
7921 <h3 style='margin-left:0in;text-indent:0in'><a name=
7922 "_Toc534975013">11.4.2<span style=
7923 'font:7.0pt "Times New Roman"'> </span> Using
7925 <p class="TextFontCX">The general structure for using an iterator
7927 <p class="example"><i>iter</i> (<i><params></i>) stmt;
7929 <p class="beforelist">For example, a client could use
7930 <span class="CodeText"><span style=
7931 'font-size:10.0pt'>intSet_elements</span></span> to sum the
7932 elements of an <span class="CodeText"><span style=
7933 'font-size:10.0pt'>intSet</span></span>:</p>
7934 <p class="Verbatim"> intSet s;</p>
7935 <p class="Verbatim"> int sum = 0;</p>
7936 <p class="Verbatim"> ...</p>
7937 <p class="Verbatim"> intSet_elements (s, el) {</p>
7938 <p class="Verbatim" style='text-indent:.5in'>sum += el;</p>
7939 <p class="Verbatim"> } end_intSet_elements;</p>
7940 <p class="afterlist">The actual parameter corresponding to a yield
7941 parameter, <span class="CodeText"><span style=
7942 'font-size:10.0pt'>el</span></span>, is not declared in the
7943 function scope. Instead, it is declared by the iterator and
7944 assigned to an appropriate value for each iteration.</p>
7945 <p class="TextFontCX"> </p>
7946 <p class="beforelist">Splint will do the following checks for uses
7947 of stylized iterators:</p>
7948 <p class="MsoListBullet"><span style=
7949 'font-family:Symbol'>·<span style=
7950 'font:7.0pt "Times New Roman"'> </span></span>
7951 An invocation of the iterator <span class=
7952 "CodeText"><i><span style='font-size:10.0pt'>iter</span></i></span>
7953 must be balanced by a corresponding end, named <span class=
7954 "CodeText"><span style=
7955 'font-size:10.0pt'>end_<i>iter</i></span></span>.</p>
7956 <p class="MsoListBullet"><span style=
7957 'font-family:Symbol'>·<span style=
7958 'font:7.0pt "Times New Roman"'> </span></span>
7959 All actual parameters must be defined, except those corresponding
7960 to yield parameters.</p>
7961 <p class="MsoListBullet"><span style=
7962 'font-family:Symbol'>·<span style=
7963 'font:7.0pt "Times New Roman"'> </span></span>
7964 Yield parameters must be new identifiers, not declared in the
7965 current scope or any enclosing scope.</p>
7966 <p class="afterlist">Iterators are a bit awkward to implement, but
7967 they enable compact, easily understood client code. For
7968 abstract collection types, an iterator can be used to enable
7969 clients to operate on elements of the collection without breaking
7970 data abstraction.<a name="_Ref348845281"></a><a name=
7971 "_Toc344355425"></a><a name="_Ref343247905"></a></p>
7972 <h1 style='margin-left:0in;text-indent:0in'><a name=
7973 "_Toc534975014"></a><a name="_Ref483663681"></a><a name=
7974 "_Ref350065611">12<span style=
7975 'font:7.0pt "Times New Roman"'> </span>
7976 <a id="naming" name="naming">
7977 Naming Conventions</a></a></h1>
7978 <p class="TextFontCX">Naming conventions tend to be a religious
7979 issue. Generally, it doesn't matter too much what naming convention
7980 is followed as long as one is chosen and followed
7981 religiously. There are two kinds of naming conventions
7982 supported by Splint. Type-based naming conventions (Section
7983 12.1) constrain identifier names according to the abstract
7984 types that are accessible where the identifier is
7985 defined. Prefix naming conventions (Section 12.2) constrain
7986 the initial characters of identifier names according to what is
7987 being declared and its scope. Naming conventions may be
7988 combined or different conventions may be selected for different
7989 kinds of identifiers. In addition, Splint supports checking
7990 that names do not conflict with names reserved for the standard
7991 library or implementation (Section 12.3) and are sufficiently
7992 distinguishable from other names.</p>
7993 <h2 style='margin-left:0in;text-indent:0in'><a name=
7994 "_Toc534975015"></a><a name="_Ref348079373"></a><a name=
7995 "_Ref347240654"></a><a name="_Toc344355426">12.1<span style=
7996 'font:7.0pt "Times New Roman"'> </span>
7997 Type-Based Naming Conventions</a></h2>
7998 <p class="TextFontCX">Generic naming conventions constrain valid
7999 names of identifiers. By limiting valid names, namespaces may
8000 be preserved and programs may be more easily understood since the
8001 name gives clues as to how and where the name is defined and how it
8003 <p class="TextFontCX"> </p>
8004 <p class="TextFontCX">Names may be constrained by the scope of the
8005 name (external, file static, internal), the file in which the
8006 identifier is defined, the type of the identifier, and global
8008 <h3 style='margin-left:0in;text-indent:0in'><a name=
8009 "_Toc534975016"></a><a name=
8010 "_Ref347994687">12.1.1<span style='font:7.0pt "Times New Roman"'> </span>
8011 Czech Names</a></h3>
8012 <p class="TextFontCX">Czech<a href="#_ftn17" name="_ftnref17"
8013 title=""><span class="MsoFootnoteReference"><span class=
8014 "MsoFootnoteReference"><span style=
8015 'font-size:11.0pt;font-family:"Times New Roman"'>[17]</span></span></span></a>
8016 names denote operations and variables of abstract types by
8017 preceding the names by <span class="CodeText"><i><span style=
8018 'font-size:10.0pt'><type></span></i></span><span class=
8019 "CodeText"><span style='font-size:10.0pt'>_</span></span>.
8020 The remainder of the name should begin with a lowercase
8021 character, but may use any other character besides the
8022 underscore. Types may be named using any non-underscore
8024 <p class="TextFontCX"> </p>
8025 <p class="TextFontCX" style='margin-bottom:6.0pt'>The Czech naming
8026 convention is selected by the <span class="Flag"><span style=
8027 'font-size:10.0pt'>czech</span></span> flag. If
8028 <span class="Flag"><span style=
8029 'font-size:10.0pt'>access-czech</span></span> is on, a function,
8030 variable, constant or iterator named <span class=
8031 "CodeText"><i><span style=
8032 'font-size:10.0pt'><type></span></i></span><span class=
8033 "CodeText"><span style=
8034 'font-size:10.0pt'>_<i><name></i></span></span> has access to
8035 the abstract type <span class="CodeText"><i><span style=
8036 'font-size:10.0pt'><type></span></i></span>. Reporting
8037 of violations of the Czech naming convention is controlled by
8038 different flags depending on what is being declared:</p>
8039 <p class="TextFontCX"><span class="Flag"><span style=
8040 'font-size:10.0pt'>czech-fcns</span></span></p>
8041 <p class="TextFontCX" style='margin-left:13.5pt'>Functions and
8042 iterators. An error is reported for a function name of the
8043 form <span class="CodeText"><i><span style=
8044 'font-size:10.0pt'><prefix></span></i></span><span class="CodeText">
8045 <span style='font-size:10.0pt'>_<i><name></i></span></span>
8046 where <span class="CodeText"><i><span style=
8047 'font-size:10.0pt'><prefix></span></i></span> is not the name
8048 of an accessible type. Note that if <span class=
8049 "Flag"><span style='font-size:10.0pt'>accessczech</span></span> is
8050 on, a type named <span class="CodeText"><i><span style=
8051 'font-size:10.0pt'><prefix></span></i></span> would be
8052 accessible in a function beginning with <span class=
8053 "CodeText"><i><span style=
8054 'font-size:10.0pt'><prefix></span></i></span><span class="CodeText">
8055 <span style='font-size:10.0pt'>_</span></span>. If
8056 <span class="Flag"><span style=
8057 'font-size:10.0pt'>access-czech</span></span> is off, an error is
8058 reported instead. An error is reported for a function name
8059 that does not have an underscore if any abstract types are
8060 accessible where the function is defined.</p>
8061 <p class="TextFontCX"><span class="Flag"><span style=
8062 'font-size:10.0pt'>czech-vars</span></span></p>
8063 <p class="TextFontCX"><span class="Flag"><span style=
8064 'font-size:10.0pt'>czech-constants</span></span></p>
8065 <p class="TextFontCX"><span class="Flag"><span style=
8066 'font-size:10.0pt'>czech-macros</span></span></p>
8067 <p class="IndentText">Variables, constants and expanded macros.
8068 An error is reported if the identifier name starts with
8069 <span class="CodeText"><i><span style=
8070 'font-size:10.0pt'><prefix></span></i></span><span class="CodeText">
8071 <span style='font-size:10.0pt'>_</span></span>and
8072 <span class="CodeText"><i><span style=
8073 'font-size:10.0pt'>prefix</span></i></span> is not the name
8074 of an accessible abstract type, or if an abstract type is
8075 accessible and the identifier name does not begin with
8076 <span class="CodeText"><i><span style=
8077 'font-size:10.0pt'><type></span></i></span><span class=
8078 "CodeText"><span style='font-size:10.0pt'>_</span></span>
8079 where <span class="CodeText"><i><span style=
8080 'font-size:10.0pt'>type</span></i></span> is the name of an
8081 accessible abstract type. If <span class=
8083 'font-size:10.0pt'>access-czech</span></span> is on, the
8084 representation of the type is visible in the constant or
8085 variable definition.</p>
8086 <p class="TextFontCX"><span class="Flag"><span style=
8087 'font-size:10.0pt'>czech-types</span></span></p>
8088 <p class="TextFontCX" style='margin-left:13.5pt'>User-defined
8089 types. An error is reported if a type name includes an
8090 underscore character.</p>
8091 <p class="Sidebar" align="right">Of course, this is a complete
8092 jumble to the uninitiated, and that’s the joke.</p>
8093 <p class="Sidebar" align="right" style='text-align:right'>
8094 <i>Charles Simonyi, on the Hungarian naming convention</i></p>
8095 <h3 style='margin-left:0in;text-indent:0in'><a name=
8096 "_Toc534975017"></a><a name=
8097 "_Ref344878566">12.1.2<span style='font:7.0pt "Times New Roman"'> </span>
8098 Slovak Names</a></h3>
8099 <p class="TextFontCX">Slovak names are similar to Czech names,
8100 except they are spelled differently. A Slovak name is of the
8101 form <span class="CodeText"><i><span style=
8102 'font-size:10.0pt'><type><Name></span></i></span>.
8103 The type prefix may not use uppercase characters. The
8104 remainder of the name starts with the first uppercase
8106 <p class="TextFontCX"> </p>
8107 <p class="TextFontCX">The <span class="Flag"><span style=
8108 'font-size:10.0pt'>slovak</span></span> flag selects the
8109 Slovak naming convention. Like Czech names, it may be used
8110 with <span class="Flag"><span style=
8111 'font-size:10.0pt'>access-slovak</span></span> to control
8112 access to abstract representations. The <span class=
8113 "Flag"><span style='font-size:10.0pt'>slovak-fcns</span></span>,
8114 <span class="Flag"><span style=
8115 'font-size:10.0pt'>slovak-vars</span></span>, <span class=
8117 'font-size:10.0pt'>slovak-constants</span></span>, and
8118 <span class="Flag"><span style=
8119 'font-size:10.0pt'>slovak-macros</span></span> flags are
8120 analogous to the similar Czech flags. If <span class=
8122 'font-size:10.0pt'>slovak-type</span></span> is on, an error
8123 is reported if a type name includes an uppercase letter.</p>
8124 <h3 style='margin-left:0in;text-indent:0in'><a name=
8125 "_Toc534975018"></a><a name=
8126 "_Ref347994743">12.1.3<span style='font:7.0pt "Times New Roman"'> </span>
8127 Czechoslovak Names</a></h3>
8128 <p class="TextFontCX">Czechoslovak names are a combination of Czech
8129 names and Slovak names. Operations may be named either
8130 <span class="CodeText"><i><span style=
8131 'font-size:10.0pt'><type></span></i></span><span class=
8132 "CodeText"><span style='font-size:10.0pt'>_</span></span> followed
8133 by any sequence of non-underscore characters, or <span class=
8134 "CodeText"><i><span style=
8135 'font-size:10.0pt'><type></span></i></span> followed by an
8136 uppercase letter and any sequence of characters. Czechoslovak
8137 names have been out of favor since 1993, but may be necessary for
8138 checking legacy code. The <span class="Flag"><span style=
8139 'font-size:10.0pt'>czechoslovak-fcns</span></span>,
8140 <span class="Flag"><span style=
8141 'font-size:10.0pt'>czechoslovak-vars</span></span>,
8142 <span class="Flag"><span style=
8143 'font-size:10.0pt'>czechoslovak-macros</span></span>, and
8144 <span class="Flag"><span style=
8145 'font-size:10.0pt'>czechoslovak-constants</span></span>
8146 flags are analogous to the similar Czech flags. If
8147 <span class="Flag"><span style=
8148 'font-size:10.0pt'>czechoslovak-type</span></span> is
8149 on, an error is reported if a type name contains either an
8150 uppercase letter or an underscore character.</p>
8151 <h2 style='margin-left:0in;text-indent:0in'><a name=
8152 "_Toc534975019"></a><a name="_Ref347240687"></a><a name=
8153 "_Ref347222192">12.2<span style=
8154 'font:7.0pt "Times New Roman"'> </span>
8155 Namespace Prefixes</a></h2>
8156 <p class="TextFontCX">Another way to restrict names is to constrain
8157 the leading character sequences of various kinds of
8158 identifiers. For example, the names of all user-defined types
8159 might begin with <span class="CodeText"><span style=
8160 'font-size:10.0pt'>T</span></span> followed by an uppercase letter
8161 and all file static names begin with an uppercase letter.
8162 This may be useful for enforcing a namespace (e.g., all names
8163 exported by the X-windows library should begin with
8164 <span class="CodeText"><span style=
8165 'font-size:10.0pt'>X</span></span>) or just making programs
8166 easier to understand by establishing an enforced
8167 convention. Splint can be used to constrain identifiers
8168 in this way to detect identifiers inconsistent with
8170 <p class="TextFontCX"> </p>
8171 <p class="TextFontCX">All namespace flags are of the form,
8172 <span class="Flag"><span style=
8173 'font-size:10.0pt'>-<i><context></i>prefix
8174 <i><string></i></span></span>. For example, the macro
8175 variable namespace restricting identifiers declared in macro bodies
8176 to be preceded by <span class="CodeText"><span style=
8177 'font-size:10.0pt'>m_</span></span> would be selected by
8178 <span class="Flag"><span style=
8179 'font-size:10.0pt'>-macrovarprefix</span></span> <span class=
8180 "Flag"><span style='font-size:10.0pt'>"m_"</span></span>. The
8181 string may contain regular characters that may appear in a C
8182 identifier. These must match the initial characters of the
8183 identifier name. In addition, special characters (shown in
8184 Figure 23) can be used to denote a class of characters.<a href=
8185 "#_ftn18" name="_ftnref18" title=""><span class=
8186 "MsoFootnoteReference"><span class=
8187 "MsoFootnoteReference"><span style=
8188 'font-size:11.0pt;font-family:"Times New Roman"'>[18]</span></span></span></a>
8189 The <span class="CodeText"><span style=
8190 'font-size:10.0pt'>*</span></span> character may be used at the end
8191 of a prefix string to specify the rest of the identifier is zero or
8192 more characters matching the character immediately before the
8193 <span class="CodeText"><span style=
8194 'font-size:10.0pt'>*</span></span>. For example, the prefix
8195 string <span class="CodeText"><span style=
8196 'font-size:10.0pt'>T&*</span></span> matches <span class=
8197 "CodeText"><span style='font-size:10.0pt'>T</span></span> or
8198 <span class="CodeText"><span style=
8199 'font-size:10.0pt'>TWINDOW</span></span> but not <span class=
8200 "CodeText"><span style='font-size:10.0pt'>Twin</span></span>.</p>
8201 <p class="beforelist"> </p>
8202 <p class="beforelist">Different prefixes can be selected for the
8203 following identifier contexts:</p>
8204 <table class="MsoNormalTable" border="0" cellspacing="0"
8205 cellpadding="0" style='margin-left:.45in;border-collapse:collapse'>
8207 <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'>
8208 <p class="TextFontCX"><span class="Flag"><span style=
8209 'font-size:10.0pt'>macro-var-prefix</span></span></p></td>
8210 <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'>
8211 <p class="TextFontCX">Any variable declared inside a macro
8214 <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'>
8215 <p class="TextFontCX"><span class="Flag"><span style=
8216 'font-size:10.0pt'>unchecked-macro-prefix</span></span></p></td>
8217 <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'>
8218 <p class="TextFontCX">Any macro that is not checked as a function
8219 or constant (see Section 11.4)</p></td></tr>
8221 <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'>
8222 <p class="TextFontCX"><span class="Flag"><span style=
8223 'font-size:10.0pt'>tag-prefix</span></span></p></td>
8224 <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'>
8225 <p class="TextFontCX">Tags for <span class=
8226 "CodeText"><span style='font-size:10.0pt'>struct</span></span>,
8227 <span class="CodeText"><span style=
8228 'font-size:10.0pt'>union</span></span> and <span class=
8229 "CodeText"><span style='font-size:10.0pt'>enum</span></span>
8230 declarations</p></td></tr>
8232 <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'>
8233 <p class="TextFontCX"><span class="Flag"><span style=
8234 'font-size:10.0pt'>enum-prefix</span></span></p></td>
8235 <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'>
8236 <p class="TextFontCX">Members of <span class=
8237 "CodeText"><span style='font-size:10.0pt'>enum</span></span>
8240 <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'>
8241 <p class="TextFontCX"><span class="Flag"><span style=
8242 'font-size:10.0pt'>type-prefix</span></span></p></td>
8243 <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'>
8244 <p class="TextFontCX">Name of a user-defined type</p></td></tr>
8246 <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'>
8247 <p class="TextFontCX"><span class="Flag"><span style=
8248 'font-size:10.0pt'>file-static-prefix</span></span></p></td>
8249 <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'>
8250 <p class="TextFontCX">Any identifier with file static
8253 <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'>
8254 <p class="TextFontCX"><span class="Flag"><span style=
8255 'font-size:10.0pt'>glob-var-prefix</span></span></p></td>
8256 <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'>
8257 <p class="TextFontCX">Any variable (not of function type) with
8258 global scope</p></td></tr>
8260 <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'>
8261 <p class="TextFontCX"><span class="Flag"><span style=
8262 'font-size:10.0pt'>const-prefix</span></span></p></td>
8263 <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'>
8264 <p class="TextFontCX">Any constant (see Section 11.1)</p></td></tr>
8266 <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'>
8267 <p class="TextFontCX"><span class="Flag"><span style=
8268 'font-size:10.0pt'>iter-prefix</span></span></p></td>
8269 <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'>
8270 <p class="TextFontCX">An iterator (see Section 11.4)</p></td></tr>
8272 <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'>
8273 <p class="TextFontCX"><span class="Flag"><span style=
8274 'font-size:10.0pt'>proto-param-prefix</span></span></p></td>
8275 <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'>
8276 <p class="TextFontCX">A parameter in a function declaration
8277 prototype</p></td></tr>
8279 <td valign="top" style='width:2.0in;padding:0in 5.4pt 0in 5.4pt'>
8280 <p class="TextFontCX"><span class="Flag"><span style=
8281 'font-size:10.0pt'>external-prefix</span></span></p></td>
8282 <td valign="top" style='width:247.5pt;padding:0in 5.4pt 0in 5.4pt'>
8283 <p class="TextFontCX">Any exported identifier</p></td></tr></table>
8284 <p class="afterlist">If an identifier is in more than one of the
8285 namespace contexts, the most specific defined namespace prefix is
8286 used (e.g., a global variable is also an exported identifier,
8287 so if <span class="Flag"><span style=
8288 'font-size:10.0pt'>global-var-prefix</span></span> is set, it is
8289 checked against the variable name; if not, the identifier is
8290 checked against the <span class="Flag"><span style=
8291 'font-size:10.0pt'>external-prefix</span></span>.)</p>
8292 <p class="TextFontCX"> </p>
8293 <p class="TextFontCX">For each prefix flag, a corresponding flag
8294 named <span class="Flag"><i><span style=
8295 'font-size:10.0pt'><prefixname></span></i></span><span class="Flag">
8296 <span style='font-size:10.0pt'>exclude</span></span> controls
8297 whether errors are reported if identifiers in a different namespace
8298 match the namespace prefix. For example, if
8299 <span class="Flag"><span style=
8300 'font-size: 10.0pt'>macro-var-prefix-exclude</span></span> is
8301 on, Splint checks that no identifier that is not a variable
8302 declared inside a macro body uses the macro variable
8304 <p class="TextFontCX"> </p>
8305 <p class="beforelist">Here is a (somewhat draconian) sample naming
8307 <table class="MsoNormalTable" border="0" cellspacing="0"
8308 cellpadding="0" style='margin-left:5.4pt;border-collapse:collapse'>
8310 <td valign="top" style=
8311 'width:189.35pt;padding:0in 5.4pt 0in 5.4pt'>
8312 <p class="TextFontCX"><span class="Flag"><span style=
8313 'font-size:10.0pt'>-unchecked-macro-prefix</span></span>
8314 <span class="Flag"><span style=
8315 'font-size:10.0pt'>"~*"</span></span></p></td>
8316 <td valign="top" style=
8317 'width:238.15pt;padding:0in 5.4pt 0in 5.4pt'>
8318 <p class="TextFontCX">Unchecked macros have no lowercase
8319 letters.</p></td></tr>
8321 <td valign="top" style=
8322 'width:189.35pt;padding:0in 5.4pt 0in 5.4pt'>
8323 <p class="TextFontCX"><span class="Flag"><span style=
8324 'font-size:10.0pt'>-type-prefix</span></span> <span class=
8326 'font-size:10.0pt'>"T^&*"</span></span></p></td>
8327 <td valign="top" style=
8328 'width:238.15pt;padding:0in 5.4pt 0in 5.4pt'>
8329 <p class="TextFontCX">All type names begin with <span class=
8330 "CodeText"><span style='font-size:10.0pt'>T</span></span> followed
8331 by an uppercase letter. The rest of the name is all lowercase
8332 letters.</p></td></tr>
8334 <td valign="top" style=
8335 'width:189.35pt;padding:0in 5.4pt 0in 5.4pt'>
8336 <p class="TextFontCX"><span class="Flag"><span style=
8337 'font-size:10.0pt'>+type-prefix-exclude</span></span></p></td>
8338 <td valign="top" style=
8339 'width:238.15pt;padding:0in 5.4pt 0in 5.4pt'>
8340 <p class="TextFontCX">No identifier that does not name a
8341 user-defined type name begins with the type name
8342 prefix.</p></td></tr>
8344 <td valign="top" style=
8345 'width:189.35pt;padding:0in 5.4pt 0in 5.4pt'>
8346 <p class="TextFontCX"><span class="Flag"><span style=
8347 'font-size:10.0pt'>-file-static-prefix</span></span>
8348 <span class="Flag"><span style=
8349 'font-size:10.0pt'>"^&&&"</span></span></p></td>
8350 <td valign="top" style=
8351 'width:238.15pt;padding:0in 5.4pt 0in 5.4pt'>
8352 <p class="TextFontCX">File static scope variables begin with an
8353 uppercase letter and three lowercase letters.</p></td></tr>
8355 <td valign="top" style=
8356 'width:189.35pt;padding:0in 5.4pt 0in 5.4pt'>
8357 <p class="TextFontCX"><span class="Flag"><span style=
8358 'font-size:10.0pt'>-proto-param-prefix "p_"</span></span></p></td>
8359 <td valign="top" style=
8360 'width:238.15pt;padding:0in 5.4pt 0in 5.4pt'>
8361 <p class="TextFontCX">All parameters in prototypes must begin with
8362 <span class="CodeText"><span style=
8363 'font-size:10.0pt'>p_</span></span>.</p></td></tr>
8365 <td valign="top" style=
8366 'width:189.35pt;padding:0in 5.4pt 0in 5.4pt'>
8367 <p class="TextFontCX"><span class="Flag"><span style=
8368 'font-size:10.0pt'>-glob-var-prefix "G"</span></span></p></td>
8369 <td valign="top" style=
8370 'width:238.15pt;padding:0in 5.4pt 0in 5.4pt'>
8371 <p class="TextFontCX">All global variables start with
8372 <span class="CodeText"><span style=
8373 'font-size:10.0pt'>G</span></span>.</p></td></tr>
8375 <td valign="top" style=
8376 'width:189.35pt;padding:0in 5.4pt 0in 5.4pt'>
8377 <p class="TextFontCX"><span class="Flag"><span style=
8378 'font-size:10.0pt'>+glob-var-prefix-exclude</span></span></p></td>
8379 <td valign="top" style=
8380 'width:238.15pt;padding:0in 5.4pt 0in 5.4pt'>
8381 <p class="TextFontCX">No identifier that is not a
8382 global variable starts with <span class=
8383 "CodeText"><span style='font-size:10.0pt'>G</span></span>.</p></td></tr></table>
8384 <p class="beforelist"> </p>
8385 <p class="beforelist">The prefix for parameters in function
8386 prototypes is useful for making sure parameter names are not in
8387 conflict with macros defined before the function prototype.
8388 In most cases, it may be preferable to not name prototype
8389 parameters. If the <span class="Flag"><span style=
8390 'font-size:10.0pt'>proto-param-name</span></span> flag is set,
8391 an error is reported for any named parameter in a prototype
8392 declaration. If a <span class="Flag"><span style=
8393 'font-size:10.0pt'>proto-param-prefix</span></span> is set, no
8394 error is reported for unnamed parameters.</p>
8395 <p class="TextFontCX">It may also be useful to check the names of
8396 prototype parameters correspond to the names in definitions.
8397 While using header files as documentation is not generally
8398 recommended, it is common enough practice that it makes sense to
8399 check that parameter names are consistent. A discrepancy may
8400 indicate an error in the parameter order in the function
8401 prototype. If <span class="Flag"><span style=
8402 'font-size:10.0pt'>proto-param-match</span></span> is set,
8403 Splint will report an error if the name of a definition parameter
8404 does not match the corresponding prototype parameter (after
8405 removing the <span class="Flag"><span style=
8406 'font-size:10.0pt'>protoparamprefix</span></span>).</p>
8408 <table class="MsoNormalTable" border="0" cellspacing="0"
8409 cellpadding="0" style=
8410 'margin-left:9.9pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'>
8412 <td valign="top" style=
8413 'width:22.0pt;border-top:solid black 1.5pt; border-left:solid black 1.5pt;border-bottom:none;border-right:none; padding:0in 5.4pt 0in 5.4pt'>
8414 <p class="TextFontCX"><span class="CodeText"><span style=
8415 'font-size:10.0pt'>^</span></span></p></td>
8416 <td valign="top" style=
8417 'width:401.55pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
8418 <p class="TextFontCX">Any uppercase letter, <span class=
8419 "CodeText"><span style=
8420 'font-size:10.0pt'>A</span></span>-<span class=
8421 "CodeText"><span style=
8422 'font-size:10.0pt'>Z</span></span></p></td></tr>
8424 <td valign="top" style=
8425 'width:22.0pt;border:none;border-left:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
8426 <p class="TextFontCX"><span class="CodeText"><span style=
8427 'font-size:10.0pt'>&</span></span></p></td>
8428 <td valign="top" style=
8429 'width:401.55pt;border:none;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
8430 <p class="TextFontCX">Any lowercase letter, <span class=
8431 "CodeText"><span style=
8432 'font-size:10.0pt'>a</span></span>-<span class=
8433 "CodeText"><span style=
8434 'font-size:10.0pt'>z</span></span></p></td></tr>
8436 <td valign="top" style=
8437 'width:22.0pt;border:none;border-left:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
8438 <p class="TextFontCX"><span class="CodeText"><span style=
8439 'font-size:10.0pt'>%</span></span></p></td>
8440 <td valign="top" style=
8441 'width:401.55pt;border:none;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
8442 <p class="TextFontCX">Any character that is not an uppercase letter
8443 (allows lowercase letters, digits and underscore)</p></td></tr>
8445 <td valign="top" style=
8446 'width:22.0pt;border:none;border-left:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
8447 <p class="TextFontCX"><span class="CodeText"><span style=
8448 'font-size:10.0pt'>~</span></span></p></td>
8449 <td valign="top" style=
8450 'width:401.55pt;border:none;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
8451 <p class="TextFontCX">Any character that is not a lowercase letter
8452 (allows uppercase letters, digits and underscore)</p></td></tr>
8454 <td valign="top" style=
8455 'width:22.0pt;border:none;border-left:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
8456 <p class="TextFontCX"><span class="CodeText"><span style=
8457 'font-size:10.0pt'>$</span></span></p></td>
8458 <td valign="top" style=
8459 'width:401.55pt;border:none;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
8460 <p class="TextFontCX">Any letter (<span class=
8461 "CodeText"><span style=
8462 'font-size:10.0pt'>a</span></span>-<span class=
8463 "CodeText"><span style='font-size:10.0pt'>z</span></span>,
8464 <span class="CodeText"><span style=
8465 'font-size:10.0pt'>A</span></span>-<span class=
8466 "CodeText"><span style=
8467 'font-size:10.0pt'>Z</span></span>)</p></td></tr>
8469 <td valign="top" style=
8470 'width:22.0pt;border:none;border-left:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
8471 <p class="TextFontCX"><span class="CodeText"><span style=
8472 'font-size:10.0pt'>/</span></span></p></td>
8473 <td valign="top" style=
8474 'width:401.55pt;border:none;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
8475 <p class="TextFontCX">Any letter or digit (<span class=
8476 "CodeText"><span style=
8477 'font-size:10.0pt'>A</span></span>-<span class=
8478 "CodeText"><span style='font-size:10.0pt'>Z</span></span>,
8479 <span class="CodeText"><span style=
8480 'font-size:10.0pt'>a</span></span>-<span class=
8481 "CodeText"><span style='font-size:10.0pt'>z</span></span>,
8482 <span class="CodeText"><span style=
8483 'font-size:10.0pt'>0</span></span>-<span class=
8484 "CodeText"><span style=
8485 'font-size:10.0pt'>9</span></span>)</p></td></tr>
8487 <td valign="top" style=
8488 'width:22.0pt;border:none;border-left:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
8489 <p class="TextFontCX"><span class="CodeText"><span style=
8490 'font-size:10.0pt'>?</span></span></p></td>
8491 <td valign="top" style=
8492 'width:401.55pt;border:none;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
8493 <p class="TextFontCX">Any character valid in a C
8494 identifier</p></td></tr>
8496 <td valign="top" style=
8497 'width:22.0pt;border-top:none;border-left:solid black 1.5pt; border-bottom:solid black 1.5pt;border-right:none;padding:0in 5.4pt 0in 5.4pt'>
8498 <p class="TextFontCX"><span class="CodeText"><span style=
8499 'font-size:10.0pt'>#</span></span></p></td>
8500 <td valign="top" style=
8501 'width:401.55pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
8502 <p class="TextFontCX" style='page-break-after: avoid'>Any digit,
8503 <span class="CodeText"><span style=
8504 'font-size:10.0pt'>0</span></span>-<span class=
8505 "CodeText"><span style=
8506 'font-size:10.0pt'>9</span></span></p></td></tr></table>
8507 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
8509 <td valign="top" style=
8510 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
8511 <p class="MsoCaption"><a name="_Toc534824625"></a><a name=
8512 "_Ref347220245"></a><a name="_Ref347220226"></a><a name=
8513 "_Toc347255399"></a><a name="_Ref347222037"></a><a name=
8514 "_Ref347222045"></a><a name="_Ref534824531">Figure 23</a>.
8515 Prefix Character Codes</p></td></tr></table></center>
8516 <h2 style='margin-left:0in;text-indent:0in'><a name=
8517 "_Toc534975020"></a><a name="_Ref348079479"></a><a name=
8518 "_Ref347240790"></a><a name="_Toc344355427">12.3<span style=
8519 'font:7.0pt "Times New Roman"'> </span>
8520 Naming Restrictions</a></h2>
8521 <p class="TextFontCX">Additional naming restrictions can be used to
8522 check that names do no conflict with names reserved for the
8523 standard library, and that identifier are sufficiently distinct
8524 (either for the compiler and linker, or for the programmer.)
8525 Restrictions may be different for names that are needed by the
8526 linker (<i>external</i> names) and names that are only needed
8527 during compilations (<i>internal</i> names). Names of
8528 non-<span class="CodeText"><span style=
8529 'font-size:10.0pt'>static</span></span> functions and global
8530 variables are external; all other names are internal.</p>
8531 <p class="Sidebar" align="right"><a name=
8532 "_Ref350062822"></a><a name="_Ref348845288"></a><a name=
8533 "_Toc344355429"></a><a name="_Ref343248602"> </a></p>
8534 <p class="Sidebar" align="right">The decision to retain the old
8535 six-character case-insensitive restriction on significance was most
8537 <p class="Sidebar" align="right" style='text-align:right'><i>ANSI C
8539 <h3 style='margin-left:0in;text-indent:0in'><a name=
8540 "_Toc534975021">12.3.1<span style=
8541 'font:7.0pt "Times New Roman"'> </span> Reserved
8543 <p class="TextFontCX">Many names are reserved for the
8544 implementation and standard library. A complete list of
8545 reserved names can be found in [vdL, p. 126-128]. Some name
8546 prefixes such as <span class="CodeText"><span style=
8547 'font-size:10.0pt'>str</span></span> followed by a lowercase
8548 character are reserved for future library extensions. Most C
8549 compilers do not detect naming conflicts, and they can lead to
8550 unpredictable program behavior. If <span class=
8551 "Flag"><span style='font-size:10.0pt'>ansi-reserved</span></span>
8552 is on, Splint warns about external names that conflict with
8553 reserved names. If <span class="Flag"><span style=
8554 'font-size:10.0pt'>ansi-reserved-internal</span></span> is on,
8555 warnings are also produced for internal names.</p>
8556 <p class="TextFontCX"> </p>
8557 <p class="TextFontCX">If <span class="Flag"><span style=
8558 'font-size:10.0pt'>+cpp-names</span></span> is set, Splint warns
8559 about identifier names that are keywords or reserved words in
8560 C++. This is useful if the code may later be compiled with a
8561 C++ compiler (of course, this is not enough to ensure the meaning
8562 of the code is not changed when it is compiled as C++.)</p>
8563 <h3 style='margin-left:0in;text-indent:0in'><a name=
8564 "_Toc534975022">12.3.2<span style=
8565 'font:7.0pt "Times New Roman"'> </span> Distinct
8567 <p class="TextFontCX">Splint can check that names differ within a
8568 given number of characters, optionally ignoring alphabetic case and
8569 differences between characters that look similar. The number
8570 of significant characters may be different for external and
8571 internal names. </p>
8572 <p class="TextFontCX"> </p>
8573 <p class="TextFontCX">Using <span class="Flag"><span style=
8574 'font-size:10.0pt'>+distinct-external-names</span></span> sets
8575 the number of significant characters for external names to six and
8576 makes alphabetical case insignificant for external names.
8577 This is the minimum significance acceptable in an ANSI-conforming
8578 compiler. Most modern compilers exceed these minimums (which
8579 are particularly hard to follow if one uses the Czech or Slovak
8580 naming convention). The number of significant characters can
8581 be changed using the <span class="Flag"><span style=
8582 'font-size:10.0pt'>external-name-length
8583 <i><number></i></span></span> flag. If
8584 <span class="Flag"><span style=
8585 'font-size:10.0pt'>external-name-case-insensitive</span></span>
8586 is on, alphabetical case is ignored in comparing external
8587 names. Splint reports identifiers that differ only in
8588 alphabetic case.</p>
8589 <p class="TextFontCX">For internal identifiers, a conforming
8590 compiler must recognize at least 31 characters and treat
8591 alphabetical cases distinctly. Nevertheless, it may still be
8592 useful to check that internal names are more distinct then required
8593 by the compiler to minimize the likelihood that identifiers are
8594 confused in the program. Analogously to external names, the
8595 <span class="Flag"><span style=
8596 'font-size:10.0pt'>internal-name-length</span></span><span class="Flag">
8598 'font-size:10.0pt'> <i><number></i></span></span> flag
8599 sets the number of significant characters in an internal name and
8600 <span class="Flag"><span style=
8601 'font-size:10.0pt'>internal-name-case-insensitive</span></span>
8602 sets the case sensitivity. The <span class=
8603 "Flag"><span style='font-size:10.0pt'>internal-name-look-alike</span></span>
8604 flag further restricts distinctions between
8605 identifiers. When set, similar-looking characters match
8606 — the lowercase letter <span class=
8607 "CodeText"><span style='font-size:10.0pt'>l</span></span>
8608 matches the uppercase letter <span class=
8609 "CodeText"><span style='font-size:10.0pt'>I</span></span> and
8610 the number <span class="CodeText"><span style=
8611 'font-size:10.0pt'>1</span></span>; the letter <span class=
8612 "CodeText"><span style='font-size:10.0pt'>O</span></span> or
8613 <span class="CodeText"><span style=
8614 'font-size:10.0pt'>o</span></span> matches the number
8615 <span class="CodeText"><span style=
8616 'font-size:10.0pt'>0</span></span>; <span class=
8617 "CodeText"><span style='font-size:10.0pt'>5</span></span>
8618 matches <span class="CodeText"><span style=
8619 'font-size:10.0pt'>S</span></span>; and <span class=
8620 "CodeText"><span style='font-size:10.0pt'>2</span></span>
8621 matches <span class="CodeText"><span style=
8622 'font-size:10.0pt'>Z</span></span>. Identifiers that
8623 are not distinct except for look-alike characters will
8624 produce an error message. External names are also
8625 internal names, so they must satisfy both the external and
8626 internal distinct identifier checks. Figure 24 provides
8627 some examples of distinct name checking.</p>
8629 <table class="MsoNormalTable" border="0" cellspacing="0"
8630 cellpadding="0" style=
8631 'margin-left:9.9pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'>
8633 <td valign="top" style=
8634 'width:166.5pt;border:solid black 1.5pt; border-bottom:none;background:black;padding:0in 5.4pt 0in 5.4pt'>
8635 <p class="TextFontCX" align="center" style='text-align:center'>
8636 <span class="Keyword"><b><span style=
8637 'font-size:10.0pt; color:white'>names.c</span></b></span></p></td>
8638 <td valign="top" style=
8639 'width:256.5pt;border-top:solid black 1.5pt; border-left:none;border-bottom:none;border-right:solid black 1.5pt; background:black;padding:0in 5.4pt 0in 5.4pt'>
8640 <p class="TextFontCX" align="center" style='text-align:center'>
8641 <b><span style='color:white'>Running
8642 Splint</span></b></p></td></tr>
8644 <td valign="top" style=
8645 'width:166.5pt;border:solid black 1.5pt; border-top:none;padding:0in 5.4pt 0in 5.4pt'>
8646 <p class="Verbatim"><span class="Line"><span style=
8647 'font-size:8.0pt'> </span></span>char *stringrev (char
8649 <p class="Verbatim"> </p>
8650 <p class="Verbatim"><span class="Line"><span style=
8651 'font-size:8.0pt'>3</span></span> int f (int x)</p>
8652 <p class="Verbatim"><span class="Line"><span style=
8653 'font-size:8.0pt'> </span></span> {</p>
8654 <p class="Verbatim"><span class="Line"><span style=
8655 'font-size:8.0pt'>5</span></span> int lookalike = 1;</p>
8656 <p class="Verbatim"><span class="Line"><span style=
8657 'font-size:8.0pt'>6</span></span> int looka1ike = 2;</p>
8658 <p class="Verbatim"> </p>
8659 <p class="Verbatim"> if (x > 3)</p>
8660 <p class="Verbatim"> {</p>
8661 <p class="Verbatim"><span class="Line"><span style=
8662 'font-size:8.0pt'>10</span></span> int x =
8664 <p class="Verbatim"> x +=
8666 <p class="Verbatim"> }</p>
8667 <p class="Verbatim"> </p>
8668 <p class="Verbatim"> return x;</p>
8669 <p class="Verbatim">}
8670 </p></td>
8671 <td valign="top" style=
8672 'width:256.5pt;border-top:none;border-left: none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
8673 <p class="lclintrun">> splint names.c
8674 +distinctinternalnames </p>
8675 <p class="lclintrun">
8676
8677 +internalnamelookalike +isoreserved</p>
8678 <p class="lclintrun"> </p>
8679 <p class="lclintrun">names.c:1: Name stringreverse is reserved for
8681 <p class="lclintrun"> library extensions.
8682 Functions that begin with</p>
8683 <p class="lclintrun"> "str" and a lowercase
8684 letter may be added to</p>
8685 <p class="lclintrun"> <stdlib.h> or
8686 <string.h>. (ISO99:7.26.9)</p>
8687 <p class="lclintrun">names.c:6: Internal identifier looka1ike is
8689 <p class="lclintrun"> distinguishable from
8690 lookalike except by lookalike</p>
8691 <p class="lclintrun"> characters</p>
8692 <p class="lclintrun"> names.c:5: Declaration of
8694 <p class="lclintrun">names.c:10: Variable x shadows outer
8696 <p class="lclintrun" style='page-break-after:avoid'>
8697 names.c:3: Previous declaration of x: int</p></td></tr></table>
8698 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
8700 <td valign="top" style=
8701 'padding-top:5.05pt;padding-right: 9.35pt;padding-bottom:5.05pt;padding-left:9.35pt'>
8702 <p class="MsoCaption"><a name="_Ref343085825"></a><a name=
8703 "_Ref343085797"></a><a name="_Ref343065542"></a><a name=
8704 "_Ref349992283"></a><a name="_Ref534642902"></a><a name=
8705 "_Ref534642319"></a><a name="_Toc534824626"></a><a name=
8706 "_Ref534823650">Figure 24</a>. Distinct
8707 Names</p></td></tr></table></center>
8708 <h1 style='margin-left:0in;text-indent:0in'><a name=
8709 "_Ref534981356"></a><a name="_Ref534978939"></a><a name=
8710 "_Toc534975023">13<span style=
8711 'font:7.0pt "Times New Roman"'> </span>
8712 <a id="completeness" name="completeness">
8713 Completeness</a></a></h1>
8714 <p class="TextFontCX">Splint can report warnings for unused
8715 declarations and exported declarations that are not used
8717 <h2 style='margin-left:0in;text-indent:0in'><a name=
8718 "_Toc534975024"></a><a name="_Ref534744216">13.1<span style=
8719 'font:7.0pt "Times New Roman"'> </span>
8720 Unused Declarations</a></h2>
8721 <p class="TextFontCX">Splint detects constants, functions,
8722 parameters, variables, types, enumerator members, and structure or
8723 union fields that are declared but never used. The flags
8724 <span class="Flag"><span style=
8725 'font-size:10.0pt'>constuse</span></span>, <span class=
8726 "Flag"><span style='font-size:10.0pt'>fcnuse</span></span>,
8727 <span class="Flag"><span style=
8728 'font-size:10.0pt'>paramuse</span></span>, <span class=
8729 "Flag"><span style='font-size:10.0pt'>varuse</span></span>,
8730 <span class="Flag"><span style=
8731 'font-size:10.0pt'>typeuse</span></span>, <span class=
8732 "Flag"><span style='font-size:10.0pt'>enummemuse</span></span> and
8733 <span class="Flag"><span style=
8734 'font-size:10.0pt'>fielduse</span></span> control whether unused
8735 declaration errors are reported for each kind of declaration.
8736 Errors for exported declarations are reported only if
8737 <span class="Flag"><span style=
8738 'font-size:10.0pt'>topuse</span></span> is on (see Section
8740 <p class="TextFontCX"><a name="_Ref349900444"></a><a name=
8741 "_Ref349850608"></a><a name="_Ref349850429"> </a></p>
8742 <p class="TextFontCX">The <span class="Annot"><span style=
8743 'font-size:10.0pt'>/*@unused@*/</span></span> annotation can
8744 be used before a declaration to indicate that the item declared
8745 need not be used. Unused declaration errors are not reported
8746 for identifiers declared with <span class=
8747 "Annot"><span style='font-size:10.0pt'>unused</span></span><a name="_Toc344355432">
8748 </a><a name="_Ref343110935">.</a></p>
8749 <h2 style='margin-left:0in;text-indent:0in'><a name=
8750 "_Toc534975025"></a><a name="_Toc344355433"></a><a name=
8751 "_Ref343110504">13.2<span style=
8752 'font:7.0pt "Times New Roman"'> </span>
8753 Complete</a> Programs</h2>
8754 <p class="TextFontCX">Splint can be used on both complete and
8755 partial programs. When checking complete programs,
8756 additional checks can be done to ensure that every identifier
8757 declared by the program is defined and used, and that functions
8758 that do not need to be exported are declared <span class=
8759 "CodeText"><span style='font-size:10.0pt'>static</span></span>.</p>
8760 <p class="TextFontCX"> </p>
8761 <p class="TextFontCX">Splint checks that all declared variables and
8762 functions are defined (controlled by <span class=
8763 "Flag"><span style='font-size:10.0pt'>compdef</span></span><span class="Flag">
8764 <span style='font-size:10.0pt'>)</span></span>. Declarations
8765 of functions and variables that are defined in an external library,
8766 may be preceded by <span class="Annot"><span style=
8767 'font-size:10.0pt'>/*@external@*/</span></span> to suppress
8768 undefined declaration errors.</p>
8769 <p class="TextFontCX"> </p>
8770 <p class="TextFontCX">Splint reports external declarations that are
8771 unused (controlled by <span class="Flag"><span style=
8772 'font-size:10.0pt'>topuse</span></span>). Which declarations
8773 are reported also depends on the declaration use flags (Section
8774 13.1). The <span class="Flag"><span style=
8775 'font-size:10.0pt'>+partial</span></span> flag sets flags for
8776 checking a partial system. Top-level unused declarations,
8777 undefined declarations, and unnecessary external names are not
8778 reported if <span class="Flag"><span style=
8779 'font-size:10.0pt'>+partial</span></span> is set.</p>
8780 <h3 style='margin-left:0in;text-indent:0in'><a name=
8781 "_Toc534975026">13.2.1<span style=
8782 'font:7.0pt "Times New Roman"'> </span>
8783 Unnecessarily External Names</a></h3>
8784 <p class="TextFontCX">Splint can report variables and functions
8785 that are declared with global scope (i.e., without using
8786 <span class="CodeText"><span style=
8787 'font-size:10.0pt'>static</span></span>), that are not used outside
8788 the file in which they are defined. In a stand-alone system,
8789 these identifiers should usually be declared using
8790 <span class="CodeText"><span style=
8791 'font-size:10.0pt'>static</span></span> to limit their
8792 scope. If the <span class="Flag"><span style=
8793 'font-size:10.0pt'>export-static</span></span> flag is on,
8794 Splint will report declarations that could have file
8795 scope. It should only be used when all relevant source
8796 files are listed on the Splint command line; otherwise,
8797 variables and functions may be incorrectly identified as only
8798 used in the file scope since Splint did not process the other
8799 file in which they are used.</p>
8800 <h3 style='margin-left:0in;text-indent:0in'><a name=
8801 "_Toc534975027">13.2.2<span style=
8802 'font:7.0pt "Times New Roman"'> </span>
8803 Declarations Missing from Headers</a></h3>
8804 <p class="TextFontCX">A common practice in C programming styles, is
8805 that every function or variable exported by <span class=
8806 "Keyword"><i><span style=
8807 'font-size:10.0pt;font-family:Arial;color:windowtext'>M</span></i></span><span class="Keyword">
8809 'font-size:10.0pt;font-family:Arial;color:windowtext'>.c</span></span>
8810 is declared in <span class="Keyword"><i><span style=
8811 'font-size:10.0pt;font-family: Arial;color:windowtext'>M</span></i></span><span class="Keyword">
8813 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>.
8814 If the <span class="Flag"><span style=
8815 'font-size:10.0pt'>export-header</span></span> flag is on, Splint
8816 will report exported declarations in <span class=
8817 "Keyword"><i><span style=
8818 'font-size:10.0pt;font-family:Arial;color:windowtext'>M</span></i></span><span class="Keyword">
8820 'font-size:10.0pt;font-family:Arial;color:windowtext'>.c</span></span>
8821 that are not declared in <span class=
8822 "Keyword"><i><span style='font-size:10.0pt; font-family:Arial;color:windowtext'>
8823 M</span></i></span><span class="Keyword"><span style=
8824 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>.</p>
8825 <h1 style='margin-left:0in;text-indent:0in'><a name=
8826 "_Toc534975028"></a><a name="_Ref534642392"></a><a name=
8827 "_Ref349900301">14<span style=
8828 'font:7.0pt "Times New Roman"'> </span>
8829 <a id="libraries" name="libraries">
8830 Libraries</a> and Header File Inclusion</a></h1>
8831 <p class="TextFontCX">Libraries can be used to record interface
8832 information. A library containing information about the
8833 standard C Library is used to enable checking of library
8834 calls. Program libraries can be created to enable fast
8835 checking of single modules in a large program.</p>
8836 <h2 style='margin-left:0in;text-indent:0in'><a name=
8837 "_Toc534975029"></a><a name="_Ref534035506"></a><a name=
8838 "_Ref348801560"></a><a name="_Ref347465531"></a><a name=
8839 "_Ref344887939"></a><a name="_Toc344355445">14.1<span style=
8840 'font:7.0pt "Times New Roman"'> </span>
8841 Standard Librar</a>ies</h2>
8842 <p class="TextFontCX">In order to check calls to library functions,
8843 Splint uses an annotated standard library. This contains more
8844 information about function interfaces then is available in the
8845 system header files since it uses annotations. Further, it
8846 contains only those functions documented in the ISO C99
8847 standard. Many systems include extra functions in their
8848 system libraries; programs that use these functions cannot be
8849 compiled on other systems that do not provide them. Certain
8850 types defined by the library are treated as abstract types
8851 (e.g., a program should not rely on how the <span class=
8852 "CodeText"><span style='font-size:10.0pt'>FILE</span></span> type
8853 is implemented). When checking source code, Splint does
8854 include system headers corresponding to files in the library, but
8855 instead uses the library description of the standard library.</p>
8856 <p class="TextFontCX"> </p>
8857 <p class="TextFontCX">The Splint distribution includes several
8858 different standard libraries: the ANSI standard library, the POSIX
8859 standard library<a href="#_ftn19" name="_ftnref19" title=
8860 ""><span class="MsoFootnoteReference"><span class=
8861 "MsoFootnoteReference"><span style=
8862 'font-size:11.0pt;font-family:"Times New Roman"'>[19]</span></span></span></a>,
8863 and a UNIX library based on the Open Group’s Single Unix
8864 Specification. Each library comes in two versions: the
8865 standard version and the strict version.</p>
8866 <h3 style='margin-left:0in;text-indent:0in'><a name=
8867 "_Toc534975030">14.1.1<span style=
8868 'font:7.0pt "Times New Roman"'> </span> ISO
8869 Standard Library</a></h3>
8870 <p class="TextFontCX">The default behavior of Splint is to use the
8871 ISO standard library (loaded from <span class=
8872 "CodeText"><span style=
8873 'font-size:10.0pt'>standard.lcd</span></span>). This library
8874 is based on the standard library described in the ISO C99
8876 <h3 style='margin-left:0in;text-indent:0in'><a name=
8877 "_Toc534975031">14.1.2<span style=
8878 'font:7.0pt "Times New Roman"'> </span> POSIX
8880 <p class="TextFontCX">The POSIX library is selected by the
8881 <span class="Flag"><span style=
8882 'font-size:10.0pt'>+posixlib</span></span> flag. The
8883 POSIX library is based on the IEEE Std 1003.1-1990. </p>
8884 <h3 style='margin-left:0in;text-indent:0in'><a name=
8885 "_Toc534975032">14.1.3<span style=
8886 'font:7.0pt "Times New Roman"'> </span> UNIX
8888 <p class="afterlist">The UNIX library is selected by the
8889 <span class="Flag"><span style=
8890 'font-size:10.0pt'>+unixlib</span></span> flag. This library
8891 is based on the Open Group’s Single Unix Specification,
8892 Version 2. In the UNIX library, <span class=
8893 "CodeText"><span style='font-size:10.0pt'>free</span></span> is
8894 declared with a non-null parameter. ISO specifies that
8895 <span class="CodeText"><span style=
8896 'font-size:10.0pt'>free</span></span> should handle the argument
8897 <span class="CodeText"><span style=
8898 'font-size:10.0pt'>NULL</span></span>, but several UNIX platforms
8899 crash if <span class="CodeText"><span style=
8900 'font-size:10.0pt'>NULL</span></span> is passed to
8901 <span class="CodeText"><span style=
8902 'font-size:10.0pt'>free</span></span>.</p>
8903 <h3 style='margin-left:0in;text-indent:0in'><a name=
8904 "_Toc534975033">14.1.4<span style=
8905 'font:7.0pt "Times New Roman"'> </span> Strict
8907 <p class="TextFontCX">Stricter versions of the libraries are used
8908 is the <span class="Flag"><span style=
8909 'font-size:10.0pt'>-ansi-strict</span></span>, <span class=
8911 'font-size:10.0pt'>posix-strict-lib</span></span> or
8912 <span class="Flag"><span style=
8913 'font-size:10.0pt'>unix-strict-lib</span></span> flag is used.
8914 These libraries use a stricter interpretation of the library.
8915 They will detect more errors in some programs, but may to produce
8916 many spurious errors for typical code.</p>
8917 <p class="TextFontCX"> </p>
8918 <p class="beforelist">The differences between the standard
8919 libraries and the strict libraries are:</p>
8920 <p class="MsoListBullet"><span style=
8921 'font-family:Symbol'>·<span style=
8922 'font:7.0pt "Times New Roman"'> </span></span>
8923 The standard libraries declare the printing functions
8924 (<span class="CodeText"><span style=
8925 'font-size:10.0pt'>fprintf</span></span>, <span class=
8926 "CodeText"><span style=
8927 'font-size:10.0pt'>printf</span></span>, and <span class=
8928 "CodeText"><span style=
8929 'font-size:10.0pt'>sprintf</span></span>) that may return
8930 error codes to return <span class="CodeText"><span style=
8931 'font-size:10.0pt'>int</span></span> or <span class=
8932 "CodeText"><span style=
8933 'font-size:10.0pt'>void</span></span>. This prevents
8934 typical programs from leading to deluge of ignored return
8935 value errors, but may mean some relevant errors are not
8936 detected. In the strict library, they are declared to
8937 return <span class="CodeText"><span style=
8938 'font-size:10.0pt'>int</span></span>, so ignored return value
8939 errors will be reported (depending on other flag
8940 settings). Programs should check that this return value
8941 is non-negative.</p>
8942 <p class="MsoListBullet"><span style=
8943 'font-family:Symbol'>·<span style=
8944 'font:7.0pt "Times New Roman"'> </span></span>
8945 The standard libraries declare some parameters and return values to
8946 be alternate types (<span class="CodeText"><span style=
8947 'font-size:10.0pt'>int</span></span> or <span class=
8948 "CodeText"><span style='font-size:10.0pt'>bool</span></span>, or
8949 <span class="CodeText"><span style=
8950 'font-size:10.0pt'>int</span></span> or <span class=
8951 "CodeText"><span style=
8952 'font-size:10.0pt'>char</span></span>). The ISO C99 standard
8953 specifies these types as <span class="CodeText"><span style=
8954 'font-size: 10.0pt'>int</span></span> to be compatible with older
8955 versions of the library, but logically they make more sense as
8956 <span class="CodeText"><span style=
8957 'font-size:10.0pt'>bool</span></span> or <span class=
8958 "CodeText"><span style='font-size:10.0pt'>char</span></span>.
8959 In the strict library, the stronger type is used. The
8960 parameter to <span class="CodeText"><span style=
8961 'font-size:10.0pt'>assert</span></span> is <span class=
8962 "CodeText"><span style='font-size:10.0pt'>int</span></span> or
8963 <span class="CodeText"><span style=
8964 'font-size:10.0pt'>bool</span></span> in the standard library, and
8965 <span class="CodeText"><span style=
8966 'font-size:10.0pt'>bool</span></span> in the strict library.
8967 The parameter to the character functions <span class=
8968 "CodeText"><span style='font-size:10.0pt'>isalnum</span></span>,
8969 <span class="CodeText"><span style=
8970 'font-size:10.0pt'>isalpha</span></span>, <span class=
8971 "CodeText"><span style='font-size:10.0pt'>iscntrl</span></span>,
8972 <span class="CodeText"><span style=
8973 'font-size:10.0pt'>isdigit</span></span>, <span class=
8974 "CodeText"><span style='font-size:10.0pt'>isgraph</span></span>,
8975 <span class="CodeText"><span style=
8976 'font-size:10.0pt'>islower</span></span>, <span class=
8977 "CodeText"><span style='font-size:10.0pt'>isprint</span></span>,
8978 <span class="CodeText"><span style=
8979 'font-size:10.0pt'>ispunct</span></span>, <span class=
8980 "CodeText"><span style='font-size:10.0pt'>isspace</span></span>,
8981 <span class="CodeText"><span style=
8982 'font-size:10.0pt'>isupper</span></span>, <span class=
8983 "CodeText"><span style='font-size:10.0pt'>isxdigit</span></span>,
8984 <span class="CodeText"><span style=
8985 'font-size:10.0pt'>tolower</span></span> and
8986 <span class="CodeText"><span style=
8987 'font-size:10.0pt'>toupper</span></span> is <span class=
8988 "CodeText"><span style='font-size:10.0pt'>char</span></span>
8989 or <span class="CodeText"><span style=
8990 'font-size:10.0pt'>unsigned char</span></span> or
8991 <span class="CodeText"><span style=
8992 'font-size:10.0pt'>int</span></span> in the standard library
8993 and <span class="CodeText"><span style=
8994 'font-size:10.0pt'>char</span></span> in the strict
8995 library. The type of the return value of the character
8996 classification functions (all of the previous character
8997 functions except <span class="CodeText"><span style=
8998 'font-size:10.0pt'>tolower</span></span> and <span class=
8999 "CodeText"><span style=
9000 'font-size:10.0pt'>toupper</span></span>) is <span class=
9001 "CodeText"><span style='font-size:10.0pt'>bool</span></span>
9002 or <span class="CodeText"><span style=
9003 'font-size:10.0pt'>int</span></span> in the standard library
9004 and <span class="CodeText"><span style=
9005 'font-size:10.0pt'>bool</span></span> in the strict
9006 library. The type of the first parameter to
9007 <span class="CodeText"><span style=
9008 'font-size:10.0pt'>ungetc</span></span> is <span class=
9009 "CodeText"><span style='font-size:10.0pt'>char</span></span>
9010 or <span class="CodeText"><span style=
9011 'font-size:10.0pt'>int</span></span> in the standard library
9012 and <span class="CodeText"><span style=
9013 'font-size:10.0pt'>char</span></span> in the strict library
9014 (<span class="CodeText"><span style=
9015 'font-size:10.0pt'>EOF</span></span> should not be passed to
9016 <span class="CodeText"><span style=
9017 'font-size:10.0pt'>ungetc</span></span>). The second
9018 parameter to <span class="CodeText"><span style=
9019 'font-size:10.0pt'>strchr</span></span> and <span class=
9020 "CodeText"><span style=
9021 'font-size:10.0pt'>strrchr</span></span> is <span class=
9022 "CodeText"><span style='font-size:10.0pt'>char</span></span>
9023 or <span class="CodeText"><span style=
9024 'font-size:10.0pt'>int</span></span> in the standard library
9025 and <span class="CodeText"><span style=
9026 'font-size:10.0pt'>char</span></span> in the strict
9028 <p class="MsoListBullet"><span style=
9029 'font-family:Symbol'>·<span style=
9030 'font:7.0pt "Times New Roman"'> </span></span>
9031 The global variables <span class="CodeText"><span style=
9032 'font-size:10.0pt'>stdin</span></span>, <span class=
9033 "CodeText"><span style=
9034 'font-size:10.0pt'>stdout</span></span> and <span class=
9035 "CodeText"><span style=
9036 'font-size:10.0pt'>stderr</span></span> are declared as
9037 <span class="CodeText"><span style=
9038 'font-size:10.0pt'>unchecked</span></span> variables (see Section
9039 7.2) in the standard libraries. In the strict libraries, they
9040 are<span class="CodeText"><span style=
9041 'font-size:10.0pt'>checked</span></span>.</p>
9042 <p class="MsoListBullet"><span style=
9043 'font-family:Symbol'>·<span style=
9044 'font:7.0pt "Times New Roman"'> </span></span>
9045 The global variable <span class="CodeText"><span style=
9046 'font-size:10.0pt'>errno</span></span> is declared
9047 <span class="CodeText"><span style=
9048 'font-size:10.0pt'>unchecked</span></span> in the
9049 standard libraries, but declared <span class=
9050 "CodeText"><span style=
9051 'font-size:10.0pt'>checkedstrict</span></span> in the
9052 strict libraries.</p>
9053 <p class="TextFontCX"> </p>
9054 <p class="TextFontCX">If no library flag is used, Splint will load
9055 the standard library, <span class="Keyword"><span style=
9056 'font-size:10.0pt;font-family:Arial;color:windowtext'>standard.lcd</span></span>.
9057 If <span class="Flag"><span style=
9058 'font-size:10.0pt'>+nolib</span></span> is set, no library is
9059 loaded. The library source files can easily be modified, and
9060 new libraries created to better suit a particular application.</p>
9061 <h2 style='margin-left:0in;text-indent:0in'><a name=
9062 "_Toc534975034"></a><a name="_Toc344355447">14.2<span style=
9063 'font:7.0pt "Times New Roman"'> </span>
9064 Generating Libraries</a></h2>
9065 <p class="TextFontCX">To enable running Splint on large systems,
9066 mechanisms are provided for creating libraries containing necessary
9067 information. This means source files can be checked
9068 independently, after a library has been created. The command line
9069 option <span class="Flag"><span style=
9070 'font-size:10.0pt'>-dump</span></span> <span class=
9071 "Flag"><span style='font-size:10.0pt'><i>library</i></span></span>
9072 stores information in the file <span class=
9073 "Keyword"><i><span style='font-size:10.0pt; font-family:Arial;color:windowtext'>
9074 library</span></i></span> (the default extension <span class=
9075 "Keyword"><span style=
9076 'font-size:10.0pt;font-family:Arial; color:windowtext'>.lcd</span></span>
9077 is added). Then, <span class="Flag"><span style=
9078 'font-size:10.0pt'>-load</span></span> <span class=
9079 "Flag"><span style='font-size:10.0pt'><i>library</i></span></span>
9080 loads the library. The library contains interface information
9081 from the files checked when the library was created.</p>
9082 <h3 style='margin-left:0in;text-indent:0in'><a name=
9083 "_Toc534975035">14.2.1<span style=
9084 'font:7.0pt "Times New Roman"'> </span> Generating
9085 the Standard Libraries</a></h3>
9086 <p class="TextFontCX">The standard libraries are generated from
9087 header files included in the Splint distribution. Some
9088 libraries are generated from more than one header file. Since
9089 the POSIX library subsumes the standard library, the headers for
9090 the standard and POSIX libraries are combined to produce the POSIX
9091 library. Similarly, the UNIX library is composed of the
9092 standard, POSIX and UNIX headers. The header files include
9093 some sections that are conditionally selected by defining
9094 <span class="CodeText"><span style=
9095 'font-size:10.0pt'>STRICT</span></span>. The commands to
9096 generate the standard libraries are:</p>
9097 <p class="example" style=
9098 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:.2in;margin-bottom:.0001pt'>
9099 splint -nolib ansi.h -dump ansi</p>
9100 <p class="example" style=
9101 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:.2in;margin-bottom:.0001pt'>
9102 splint -nolib -DSTRICT ansi.h -dump ansistrict</p>
9103 <p class="example" style=
9104 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:.2in;margin-bottom:.0001pt'>
9105 splint -nolib ansi.h posix.h -dump posix</p>
9106 <p class="example" style=
9107 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:.2in;margin-bottom:.0001pt'>
9108 splint -nolib -DSTRICT ansi.h posix.h -dump posixstrict</p>
9109 <p class="example" style=
9110 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:.2in;margin-bottom:.0001pt'>
9111 splint -nolib ansi.h posix.h unix.h -dump unix</p>
9112 <p class="example" style=
9113 'margin-top:0in;margin-right:.2in;margin-bottom:0in; margin-left:.2in;margin-bottom:.0001pt'>
9114 splint -nolib -DSTRICT ansi.h posix.h unix.h -dump unixstrict</p>
9115 <h2 style='margin-left:0in;text-indent:0in'><a name=
9116 "_Ref534979539"></a><a name="_Toc534975036"></a><a name=
9117 "_Ref348080056"></a><a name="_Toc344355448">14.3<span style=
9118 'font:7.0pt "Times New Roman"'> </span>
9119 Header File Inclusion</a></h2>
9120 <p class="TextFontCX">The standard behavior of Splint on
9122 <p class="example"><span class="Keyword"><span style=
9123 'font-size:10.0pt'>#include <<i>X</i>.h></span></span></p>
9124 <p class="TextFontCX">is to search for a file named
9125 <span class="Keyword"><i><span style=
9126 'font-size:10.0pt;font-family:Arial; color:windowtext'>X</span></i></span><span class="Keyword">
9128 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>
9129 on the include search path (set using <span class=
9130 "Flag"><span style='font-size: 10.0pt'>–I</span></span>) and
9131 then the system base include path (read from the <span class=
9132 "CodeText"><span style='font-size:10.0pt'>include</span></span>
9133 environment variable if set or using a default value, usually
9134 <span class="Keyword"><span style=
9135 'font-size:10.0pt;font-family:Arial;color:windowtext'>/usr/include</span></span>).
9136 If <span class="Keyword"><i><span style=
9137 'font-size:10.0pt;font-family:Arial; color:windowtext'>X</span></i></span><span class="Keyword">
9139 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>
9140 is the name of a header file in a loaded standard library and
9141 <span class="Keyword"><i><span style=
9142 'font-size:10.0pt;font-family:Arial;color:windowtext'>X</span></i></span><span class="Keyword">
9144 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>
9145 is found in a directory that is a system directory (as set by the
9146 <span class="Flag"><span style=
9147 'font-size:10.0pt'>-sysdirs</span></span> flag; the default is
9148 <span class="Keyword"><span style=
9149 'font-size:10.0pt;font-family:Arial;color:windowtext'>/usr/include</span></span>),
9150 <span class="Keyword"><i><span style=
9151 'font-size:10.0pt;font-family:Arial; color:windowtext'>X</span></i></span><span class="Keyword">
9153 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>
9154 will not be included if <span class="Flag"><span style=
9155 'font-size:10.0pt'>+skip-iso-headers</span></span> or
9156 <span class="Flag"><span style=
9157 'font-size:10.0pt'>+skip-posix-headers</span></span> (depending
9158 on whether <span class="Keyword"><i><span style=
9159 'font-size:10.0pt;font-family:Arial;color:windowtext'>X</span></i></span><span class="Keyword">
9161 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>
9162 is an ISO or POSIX header file) is on (both are on by
9163 default). To force all headers to be included normally, use
9164 <span class="Flag"><span style=
9165 'font-size: 10.0pt'>‑skip-iso-headers</span></span>. </p>
9166 <p class="TextFontCX"> </p>
9167 <p class="TextFontCX">Sometimes headers in system directories
9168 contain non-standard syntax that Splint is unable to parse.
9169 The <span class="Flag"><span style=
9170 'font-size:10.0pt'>+skip-sys-headers</span></span> flag may be
9171 used to prevent any include file in a system directory from being
9173 <p class="TextFontCX"> </p>
9174 <p class="TextFontCX">Splint is fast enough that it can be run on
9175 medium-size (10,000 line) programs without performance
9176 concerns. Libraries can be used to enable efficient checking
9177 of small modules in large programs. To further improve
9178 performance, header file inclusion can be optimized.</p>
9179 <p class="TextFontCX"> </p>
9180 <p class="TextFontCX">When processing a complete system in which
9181 many files include the same headers, a large fraction of processing
9182 time is wasted re-reading header files unnecessarily. If you
9183 are checking a 100-file program, and every file includes
9184 <span class="Flag"><span style=
9185 'font-size:10.0pt;font-family:Arial;color:windowtext'>utils.h</span></span>,
9186 Splint will have to process <span class=
9187 "Keyword"><span style='font-size:10.0pt; font-family:Arial;color:windowtext'>
9188 utils.h</span></span> 100 times (as would most C compilers).
9189 If the <span class="Flag"><span style=
9190 'font-size:10.0pt'>+single-include</span></span> flag is used, each
9191 header file is processed only once. Single header file
9192 processing produces a significant efficiency improvement when
9193 checking large programs split into many files, but is only safe if
9194 the same header file included in different contexts always has the
9195 same meaning (i.e., it does not depend on preprocessor variable
9196 defined differently at different inclusion sites).</p>
9197 <p class="TextFontCX"> </p>
9198 <p class="TextFontCX">When processing a single file in a large
9199 system, a large fraction of the time is spent processing included
9200 header files. This can be avoided if the information in the
9201 header files is stored in a library instead. If
9202 <span class="Flag"><span style=
9203 'font-size:10.0pt'>+never-include</span></span> is set,
9204 inclusion of files ending in <span class="Flag"><span style=
9205 'font-size: 10.0pt;font-family:Arial;color:windowtext'>.h</span></span>
9206 is prevented. Files with different suffixes are
9207 included normally. To do this the header files must not
9208 include any expanded macros. That is, the header file must be
9209 processed with <span class="Flag"><span style=
9210 'font-size:10.0pt'>+all-macros</span></span>, and there must
9211 be no <span class="Annot"><span style=
9212 'font-size:10.0pt'>/*@notfunction@*/</span></span> control
9213 comments in the header. Then, the <span class=
9215 'font-size:10.0pt'>+never-include</span></span> flag may be
9216 used to prevent inclusion of header files. Alternately,
9217 non-function macros can be moved to a different file with a
9218 name that does not end in <span class="Keyword"><span style=
9219 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>.
9220 Remember, that this file must be included directly from the
9221 <span class="Keyword"><span style=
9222 'font-size:10.0pt;font-family:Arial;color:windowtext'>.c</span></span>
9223 file, since if it is included from an <span class=
9224 "Keyword"><span style=
9225 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>
9226 file indirectly, that <span class="Keyword"><span style=
9227 'font-size:10.0pt; font-family:Arial;color:windowtext'>.h</span></span>
9228 file is ignored so the other file is never included.</p>
9229 <p class="TextFontCX"> </p>
9230 <p class="TextFontCX">These options can be used for significant
9231 performance improvements on large systems. The performance
9232 depends on how the code is structured, but checking a single module
9233 in a large program is several times faster if libraries and
9234 <span class="Flag"><span style=
9235 'font-size:10.0pt'>+noinclude</span></span> are used.</p>
9236 <h3 style='margin-left:0in;text-indent:0in'><a name=
9237 "_Toc534975037">14.3.1<span style=
9238 'font:7.0pt "Times New Roman"'> </span>
9239 Preprocessing Constants</a></h3>
9240 <p class="TextFontCX">Splint defines the preprocessor constant
9241 <span class="CodeText"><span style=
9242 'font-size:10.0pt'>S_SPLINT_S</span></span> when preprocessing
9243 source files. If you want to include code that is processed
9244 only when Splint is used, surround the code with</p>
9245 <p class="TextFontCX" align="left" style='text-align: left'>
9246 <span class="Keyword"><span style=
9247 'font-size:10.0pt'> </span></span></p>
9248 <p class="TextFontCX" align="left" style='text-align: left'>
9249 <span class="Keyword"><span style='font-size:10.0pt'># ifdef
9250 S_SPLINT_S</span></span></p>
9251 <p class="TextFontCX" align="left" style='text-align: left'>
9252 …</p>
9253 <p class="TextFontCX"><span class="Keyword"><span style=
9254 'font-size:10.0pt'># endif</span></span></p>
9255 <p class="MsoHeading7" style='margin-left:0in;text-indent:0in'>
9256 <a name="_Toc534975038"></a><a name="_Toc344355451"></a><a name=
9257 "_Ref343065611">Appendix A<span style=
9258 'font:7.0pt "Times New Roman"'> </span>
9259 <a id="availability" name="availability">
9260 Availability</a></a></p>
9261 <p class="afterlist">The web home page for Splint is
9262 <span class="Keyword"><span style=
9263 'font-size:10.0pt;font-family:Arial;color:windowtext'><a href=
9264 "http://www.splint.org/">http://www.splint.org</a></span></span>.
9265 It includes this guide in HTML format, samples demonstrating
9266 Splint, and links to related web sites. Splint is
9267 available as source code and binary executables for several
9268 platforms. Splint may be freely distributed and
9269 modified under the GNU General Public License. The
9270 latest development code is available through SourceForge.</p>
9271 <p class="TextFontCX"> </p>
9272 <p class="TextFontCX">Splint development is largely driven by
9273 suggestions and comments from users. We are also very
9274 interested in hearing about your experiences using Splint in
9275 developing or maintaining programs, enforcing coding standards, or
9276 teaching courses. For general information, suggestions, and
9277 questions on Splint send mail to <span class=
9278 "Keyword"><span style='font-size:10.0pt;font-family:Arial;color:windowtext'>
9279 splint@cs.virginia.edu</span></span>.</p>
9280 <p class="TextFontCX"> </p>
9281 <p class="TextFontCX">To report a bug in Splint send a message to
9282 <span class="Keyword"><span style=
9283 'font-size:10.0pt;font-family: Arial;color:windowtext'>splint-bug@cs.virginia.edu</span></span>.</p>
9284 <p class="TextFontCX"> </p>
9285 <p class="beforelist">There are two mailing lists associated with
9287 <p class="URL"><span class="Keyword"><span style=
9288 'font-family:Arial;color:windowtext'>splint-announce@virginia.edu</span></span></p>
9289 <p class="IndentText">Reserved for announcements of new releases
9290 and bug fixes. All users should add themselves to this
9292 <p class="URL"><span class="Keyword"><span style=
9293 'font-family:Arial;color:windowtext'>splint-interest@virginia.edu</span></span></p>
9294 <p class="IndentText">Informal discussions on the use and
9295 development of Splint. </p>
9296 <p class="TextFontCX"> </p>
9297 <p class="TextFontCX"><a name="_Ref344882161"></a><a name=
9298 "_Ref344871249"></a><a name="_Ref344870532"></a><a name=
9299 "_Ref344870294">To subscribe to a mailing list, send a message
9300 to</a> <span class="PlainText"><span style=
9301 'font-size:10.0pt;font-family:Arial'>majordomo@virginia.edu</span></span>
9302 containing the body</p>
9303 <p class="URL"><span class="Keyword"><span style=
9304 'font-family:Arial;color:windowtext'>subscribe
9305 splint-announce</span></span><span style=
9306 'font-size:11.0pt;font-family:"Times New Roman"'>or</span>
9307 <span class="Keyword"><span style=
9308 'font-family:Arial;color:windowtext'>subscribe
9309 splint-interest</span></span><a name=
9310 "_Ref348343340"></a><a name="_Ref348330382">.</a></p>
9311 <p class="MsoHeading7" style='margin-left:0in;text-indent:0in'>
9312 <a name="_Toc534975039"></a><a name="_Ref397875360">Appendix
9314 'font:7.0pt "Times New Roman"'> </span>
9315 <a id="flags" name="flags">
9317 </a><a name="_Toc344355437"></a></p>
9318 <p class="beforelist">There are four different types of flags:</p>
9319 <p class="MsoListBullet"><span style=
9320 'font-family:Symbol'>·<span style=
9321 'font:7.0pt "Times New Roman"'> </span></span>
9322 Global flags for controlling initializations and global
9324 <p class="MsoListBullet"><span style=
9325 'font-family:Symbol'>·<span style=
9326 'font:7.0pt "Times New Roman"'> </span></span>
9327 Message format flags for controlling how messages are displayed</p>
9328 <p class="MsoListBullet"><span style=
9329 'font-family:Symbol'>·<span style=
9330 'font:7.0pt "Times New Roman"'> </span></span>
9331 Mode selectors for coarse control of Splint checking</p>
9332 <p class="MsoListBullet"><span style=
9333 'font-family:Symbol'>·<span style=
9334 'font:7.0pt "Times New Roman"'> </span></span>
9335 Checking flags that control checking and what classes of messages
9337 <p class="afterlist">Global flags can be used in initialization
9338 files and at the command line; all other flags may also be used in
9339 control comments.</p>
9340 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
9341 <a name="_Toc534975050">Key</a></p>
9342 <p class="beforelist">To the left of each flag name is a flag
9343 descriptor encoding what kind of flag it is and its default
9344 value. The descriptions are:</p>
9346 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
9347 height="14" align="left">
9349 <td valign="top" align="left" height="14" style=
9350 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
9351 <p class="TextFontCX" align="center" style=
9352 'text-align:center;background:#CCCCCC'><span style=
9353 'font-size:10.0pt'>P:</span> <span class="Flag"><span style=
9354 'font-size:10.0pt'>-</span></span></p></td></tr></table></div>
9355 <p class="TextFontCX">A <i>plain</i> flag. The value after
9356 the colon gives the default setting (e.g., this flag is
9358 <p class="TextFontCX"> </p>
9360 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
9361 height="14" align="left">
9363 <td valign="top" align="left" height="14" style=
9364 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
9365 <p class="TextFontCX" align="center" style=
9366 'text-align:center;background:#CCCCCC'><span style=
9367 'font-size:10.0pt'>m:</span><span class="Flag"><span style=
9368 'font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
9369 <p class="TextFontCX">A <i>mode checking flag</i>. The value
9370 of the flag is set by the mode selector. The four signs give
9371 the setting in the weak, standard, checks and strict modes. (e.g.,
9372 this flag is off in the weak and standard modes, and on in the
9373 checks and strict modes.)</p>
9374 <p class="TextFontCX"> </p>
9376 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
9377 height="14" align="left">
9379 <td valign="top" align="left" height="14" style=
9380 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
9381 <p class="TextFontCX" align="center" style=
9382 'text-align:center;background:#CCCCCC'><span style=
9383 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
9384 <p class="TextFontCX">A <i>shortcut</i> flag. This flag sets
9385 other flags, so it has no default value.</p>
9386 <p class="MsoHeading8" style='margin-left:0in;text-indent:0in'>
9387 <a name="_Toc534975061">Flag Name Abbreviations</a></p>
9388 <p class="beforelist">Within a flag name, abbreviations may be
9389 used. Figure 25 shows the flag name abbreviations. The
9390 expanded and short forms are interchangeable in flag names.</p>
9392 <table class="MsoNormalTable" border="0" cellspacing="0"
9393 cellpadding="0" style=
9394 'margin-left:99.9pt;border-collapse:collapse;margin-left:-2.25pt; margin-right:-2.25pt'>
9396 <td valign="top" style=
9397 'width:171.0pt;border:none;border-bottom:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
9398 <p class="TextFontCX" align="center" style='text-align:center'>
9399 Expanded Form</p></td>
9400 <td valign="top" style=
9401 'width:67.5pt;border:none;border-bottom:solid black 1.5pt; padding:0in 5.4pt 0in 5.4pt'>
9402 <p class="TextFontCX" align="center" style='text-align:center'>
9403 Short Form</p></td></tr>
9405 <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'>
9406 <p class="TextFontCX"><span class="Flag"><span style=
9407 'font-size:10.0pt'>constant</span></span></p></td>
9408 <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'>
9409 <p class="TextFontCX"><span class="Flag"><span style=
9410 'font-size:10.0pt'>const</span></span></p></td></tr>
9412 <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'>
9413 <p class="TextFontCX"><span class="Flag"><span style=
9414 'font-size:10.0pt'>declaration</span></span></p></td>
9415 <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'>
9416 <p class="TextFontCX"><span class="Flag"><span style=
9417 'font-size:10.0pt'>decl</span></span></p></td></tr>
9419 <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'>
9420 <p class="TextFontCX"><span class="Flag"><span style=
9421 'font-size:10.0pt'>function</span></span></p></td>
9422 <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'>
9423 <p class="TextFontCX"><span class="Flag"><span style=
9424 'font-size:10.0pt'>fcn</span></span></p></td></tr>
9426 <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'>
9427 <p class="TextFontCX"><span class="Flag"><span style=
9428 'font-size:10.0pt'>global</span></span></p></td>
9429 <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'>
9430 <p class="TextFontCX"><span class="Flag"><span style=
9431 'font-size:10.0pt'>glob</span></span></p></td></tr>
9433 <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'>
9434 <p class="TextFontCX"><span class="Flag"><span style=
9435 'font-size:10.0pt'>implicit</span></span><span class=
9437 'font-size:10.0pt;font-family:"Times New Roman"'>,</span></span>
9438 <span class="Flag"><span style=
9439 'font-size:10.0pt'>implied</span></span></p></td>
9440 <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'>
9441 <p class="TextFontCX"><span class="Flag"><span style=
9442 'font-size:10.0pt'>imp</span></span></p></td></tr>
9444 <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'>
9445 <p class="TextFontCX"><span class="Flag"><span style=
9446 'font-size:10.0pt'>iterator</span></span></p></td>
9447 <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'>
9448 <p class="TextFontCX"><span class="Flag"><span style=
9449 'font-size:10.0pt'>iter</span></span></p></td></tr>
9451 <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'>
9452 <p class="TextFontCX"><span class="Flag"><span style=
9453 'font-size:10.0pt'>length</span></span></p></td>
9454 <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'>
9455 <p class="TextFontCX"><span class="Flag"><span style=
9456 'font-size:10.0pt'>len</span></span></p></td></tr>
9458 <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'>
9459 <p class="TextFontCX"><span class="Flag"><span style=
9460 'font-size:10.0pt'>modifies</span></span></p></td>
9461 <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'>
9462 <p class="TextFontCX"><span class="Flag"><span style=
9463 'font-size:10.0pt'>mods</span></span></p></td></tr>
9465 <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'>
9466 <p class="TextFontCX"><span class="Flag"><span style=
9467 'font-size:10.0pt'>modify</span></span></p></td>
9468 <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'>
9469 <p class="TextFontCX"><span class="Flag"><span style=
9470 'font-size:10.0pt'>mod</span></span></p></td></tr>
9472 <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'>
9473 <p class="TextFontCX"><span class="Flag"><span style=
9474 'font-size:10.0pt'>memory</span></span></p></td>
9475 <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'>
9476 <p class="TextFontCX"><span class="Flag"><span style=
9477 'font-size:10.0pt'>mem</span></span></p></td></tr>
9479 <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'>
9480 <p class="TextFontCX"><span class="Flag"><span style=
9481 'font-size:10.0pt'>parameter</span></span></p></td>
9482 <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'>
9483 <p class="TextFontCX"><span class="Flag"><span style=
9484 'font-size:10.0pt'>param</span></span></p></td></tr>
9486 <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'>
9487 <p class="TextFontCX"><span class="Flag"><span style=
9488 'font-size:10.0pt'>pointer</span></span></p></td>
9489 <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'>
9490 <p class="TextFontCX" style='page-break-after: avoid'>
9491 <span class="Flag"><span style=
9492 'font-size:10.0pt'>ptr</span></span></p></td></tr>
9494 <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'>
9495 <p class="TextFontCX"><span class="Flag"><span style=
9496 'font-size:10.0pt'>return</span></span></p></td>
9497 <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'>
9498 <p class="TextFontCX"><span class="Flag"><span style=
9499 'font-size:10.0pt'>ret</span></span></p></td></tr>
9501 <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'>
9502 <p class="TextFontCX"><span class="Flag"><span style=
9503 'font-size:10.0pt'>variable</span></span></p></td>
9504 <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'>
9505 <p class="TextFontCX"><span class="Flag"><span style=
9506 'font-size:10.0pt'>var</span></span></p></td></tr>
9508 <td valign="top" style='width:171.0pt;padding:0in 5.4pt 0in 5.4pt'>
9509 <p class="TextFontCX"><span class="Flag"><span style=
9510 'font-size:10.0pt'>unconstrained, unconst</span></span></p></td>
9511 <td valign="top" style='width:67.5pt;padding:0in 5.4pt 0in 5.4pt'>
9512 <p class="TextFontCX" style='page-break-after: avoid'>
9513 <span class="Flag"><span style=
9514 'font-size:10.0pt'>uncon</span></span></p></td></tr></table>
9515 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0">
9517 <td valign="top" style=
9518 'padding-top:.1in;padding-right: 9.35pt;padding-bottom:.1in;padding-left:9.35pt'>
9519 <p class="MsoCaption"><a name="_Toc534824627"></a><a name=
9520 "_Ref534824456">Figure 25</a>. Flag Name
9521 Abbreviations</p></td></tr></table></center>
9522 <p class="beforelist">The expanded and short forms are
9523 interchangeable in flag names.</p>
9524 <p class="beforelist">For example, <span class=
9525 "Flag"><span style='font-size:10.0pt'>globsimpmodsnothing</span></span>
9526 and <span class="Flag"><span style=
9527 'font-size:10.0pt'>globalsimpliesmodifiesnothing</span></span>
9528 denote the same flag. Abbreviations in flag names allow
9529 pronounceable, descriptive names to be used without making
9530 flag names excessively long (although one must admit even
9531 <span class="Flag"><span style=
9532 'font-size:10.0pt'>globsimpmodsnothing</span></span> is a bit
9534 <p class="TextFontCX">To make flag names more readable, the space,
9535 dash (<span class="Flag"><span style=
9536 'font-size:10.0pt'>-</span></span>), and underscore
9537 (<span class="Flag"><span style=
9538 'font-size:10.0pt'>_</span></span>) characters may be used
9539 inside a flag name. Hence, <span class=
9541 'font-size:10.0pt'>globals-implies-modifies-nothing</span></span>,
9542 <span class="Flag"><span style=
9543 'font-size:10.0pt'>glob_imps_­mods­nothing</span></span>
9544 and <span class="Flag"><span style=
9545 'font-size:10.0pt'>globsimpmodsnothing</span></span> are
9547 <p class="MsoHeading8" style='margin-left:0in;text-indent:0in'>
9548 <a name="_Toc534975040">Global Flags</a></p>
9549 <p class="TextFontCX">Global flags can be set at the command line
9550 or in an options file, but cannot be set locally using stylized
9551 comments. These flags control on-line help, initialization
9552 files, pre-processor flags, libraries and output.</p>
9553 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
9554 <a name="_Toc534975041">Help</a></p>
9555 <p class="beforelist">On-line help provides documentation on Splint
9556 operation and flags. When a help flag is used, no checking is
9557 done by Splint. Help flags may be preceded by
9558 <span class="Flag"><span style=
9559 'font-size:10.0pt'>-</span></span> or <span class=
9560 "Flag"><span style='font-size:10.0pt'>+</span></span>.</p>
9561 <p class="TextFontCX"><span class="Flag"><span style=
9562 'font-size:10.0pt'>help</span></span></p>
9563 <p class="IndentText">Display general help overview, including list
9564 of additional help topics.</p>
9565 <p class="TextFontCX"><span class="Flag"><span style=
9566 'font-size:10.0pt'>help</span></span> <span class=
9568 'font-size:10.0pt'><topic></span></span></p>
9569 <p class="indentbefore">Display help on <i><topic></i>.
9570 Available topics:</p>
9571 <table class="MsoNormalTable" border="0" cellspacing="0"
9572 cellpadding="0" style=
9573 'width:400.5pt;margin-left:27.9pt;border-collapse:collapse'>
9575 <td valign="top" style=
9576 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'>
9577 <p class="TextFontCX" style='text-indent:5.4pt'><span class=
9579 'font-size:10.0pt'>annotations</span></span></p></td>
9580 <td valign="top" style=
9581 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'>
9582 <p class="TextFontCX" align="left" style='text-align:left'>describe
9583 annotations</p></td></tr>
9585 <td valign="top" style=
9586 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'>
9587 <p class="TextFontCX"><span class="Flag"><span style=
9588 'font-size:10.0pt'>comments</span></span></p></td>
9589 <td valign="top" style=
9590 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'>
9591 <p class="TextFontCX" align="left" style='text-align:left'>describe
9592 control comments</p></td></tr>
9594 <td valign="top" style=
9595 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'>
9596 <p class="TextFontCX"><span class="Flag"><span style=
9597 'font-size:10.0pt'>flags</span></span></p></td>
9598 <td valign="top" style=
9599 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'>
9600 <p class="TextFontCX" align="left" style='text-align:left'>describe
9601 flag categories</p></td></tr>
9603 <td valign="top" style=
9604 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'>
9605 <p class="TextFontCX"><span class="Flag"><span style=
9606 'font-size:10.0pt'>flags
9607 <i><category></i></span></span></p></td>
9608 <td valign="top" style=
9609 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'>
9610 <p class="TextFontCX" align="left" style='text-align:left'>all
9611 flags pertaining to <category> (one of the categories listed
9612 by <span class="Flag"><span style='font-size:10.0pt'>splint -help
9613 flags</span></span>)</p></td></tr>
9615 <td valign="top" style=
9616 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'>
9617 <p class="TextFontCX"><span class="Flag"><span style=
9618 'font-size:10.0pt'>flags alpha</span></span>
9619 </p></td>
9620 <td valign="top" style=
9621 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'>
9622 <p class="TextFontCX" align="left" style='text-align:left'>all
9623 flags in alphabetical order</p></td></tr>
9625 <td valign="top" style=
9626 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'>
9627 <p class="TextFontCX"><span class="Flag"><span style=
9628 'font-size:10.0pt'>flags full</span></span></p></td>
9629 <td valign="top" style=
9630 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'>
9631 <p class="TextFontCX" align="left" style='text-align:left'>print a
9632 full description of all flags</p></td></tr>
9634 <td valign="top" style=
9635 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'>
9636 <p class="TextFontCX"><span class="Flag"><span style=
9637 'font-size:10.0pt'>mail</span></span></p></td>
9638 <td valign="top" style=
9639 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'>
9640 <p class="TextFontCX" align="left" style='text-align:left'>print
9641 information on mailing lists</p></td></tr>
9643 <td valign="top" style=
9644 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'>
9645 <p class="TextFontCX"><span class="Flag"><span style=
9646 'font-size:10.0pt'>modes</span></span></p></td>
9647 <td valign="top" style=
9648 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'>
9649 <p class="TextFontCX" align="left" style='text-align:left'>flags
9650 settings in modes</p></td></tr>
9652 <td valign="top" style=
9653 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'>
9654 <p class="TextFontCX"><span class="Flag"><span style=
9655 'font-size:10.0pt'>prefixcodes</span></span></p></td>
9656 <td valign="top" style=
9657 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'>
9658 <p class="TextFontCX" align="left" style='text-align:left'>
9659 character codes for setting namespace prefixes</p></td></tr>
9661 <td valign="top" style=
9662 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'>
9663 <p class="TextFontCX"><span class="Flag"><span style=
9664 'font-size:10.0pt'>references</span></span></p></td>
9665 <td valign="top" style=
9666 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'>
9667 <p class="TextFontCX" align="left" style='text-align:left'>print
9668 references to relevant papers and web sites</p></td></tr>
9670 <td valign="top" style=
9671 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'>
9672 <p class="TextFontCX"><span class="Flag"><span style=
9673 'font-size:10.0pt'>vars</span></span></p></td>
9674 <td valign="top" style=
9675 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'>
9676 <p class="TextFontCX" align="left" style='text-align:left'>describe
9677 environment variables</p></td></tr>
9679 <td valign="top" style=
9680 'width:144.65pt;padding:0in 5.4pt 0in 5.4pt'>
9681 <p class="TextFontCX"><span class="Flag"><span style=
9682 'font-size:10.0pt'>version</span></span></p></td>
9683 <td valign="top" style=
9684 'width:255.85pt;padding:0in 5.4pt 0in 5.4pt'>
9685 <p class="TextFontCX" align="left" style='text-align:left'>print
9686 maintainer and version information</p>
9687 <p class="TextFontCX" align="left" style='text-align:left'>
9688 </p></td></tr></table>
9689 <p class="afterlist"><span class="Flag"><span style=
9690 'font-size:10.0pt'>help</span></span> <span class=
9692 'font-size:10.0pt'><flag></span></span></p>
9693 <p class="IndentText">Describe flag <i><flag></i>. (May
9694 list several flags.)</p>
9695 <p class="TextFontCX"><span class="Flag"><span style=
9696 'font-size:10.0pt'>warn-flags</span></span></p>
9697 <p class="IndentText">Display a warning when a flag is set in a
9698 surprising way. An error is reported if an obsolete flag is
9699 set, a flag is set to its current value (i.e., the
9700 <span class="Flag"><span style=
9701 'font-size:10.0pt'>+</span></span> or <span class=
9702 "Flag"><span style='font-size:10.0pt'>-</span></span> may be
9703 wrong), or a mode selector flag is set after mode checking
9704 flags that will be reset by the mode were set. By
9705 default, <span class="Flag"><span style=
9706 'font-size:10.0pt'>+warn-flags</span></span> is on. To
9707 suppress flag warnings, use <span class="Flag"><span style=
9708 'font-size:10.0pt'>‑warn-flags</span></span>.</p>
9710 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
9711 height="14" align="left">
9713 <td valign="top" align="left" height="14" style=
9714 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
9715 <p class="TextFontCX" align="center" style=
9716 'text-align:center;background:#CCCCCC'><span style=
9717 'font-size:10.0pt'>P:</span> <span class=
9718 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
9719 <p class="TextFontCX"><span class="Flag"><span style=
9720 'font-size:10.0pt'>warn-rc</span></span></p>
9721 <p class="IndentText">There was a problem reading an initialization
9724 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
9725 height="14" align="left">
9727 <td valign="top" align="left" height="14" style=
9728 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
9729 <p class="TextFontCX" align="center" style=
9730 'text-align:center;background:#CCCCCC'><span style=
9731 'font-size:10.0pt'>P:</span> <span class=
9732 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
9733 <p class="TextFontCX"><span class="Flag"><span style=
9734 'font-size:10.0pt'>bad-flag</span></span></p>
9735 <p class="IndentText">A flag is not recognized or used in an
9738 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
9739 height="14" align="left">
9741 <td valign="top" align="left" height="14" style=
9742 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
9743 <p class="TextFontCX" align="center" style=
9744 'text-align:center;background:#CCCCCC'><span style=
9745 'font-size:10.0pt'>P:</span> <span class=
9746 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
9747 <p class="TextFontCX"><span class="Flag"><span style=
9748 'font-size:10.0pt'>fileextensions</span></span></p>
9749 <p class="IndentText">Warn when command line file does not have a
9750 recognized extension.</p>
9751 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
9752 <a name="_Toc534975042">Initialization</a></p>
9753 <p class="beforelist">These flags control directories and files
9754 used by Splint. They may be used from the command line or in
9755 an options file, but may not be used as control comments in the
9756 source code. Except where noted. they have the same meaning
9757 preceded by <span class="Flag"><span style=
9758 'font-size:10.0pt'>-</span></span> or <span class=
9759 "Flag"><span style='font-size:10.0pt'>+</span></span>. </p>
9760 <p class="TextFontCX"><span class="Flag"><span style=
9761 'font-size:10.0pt'>tmpdir</span></span> <span class=
9763 'font-size:10.0pt'><i><directory></i></span></span></p>
9764 <p class="IndentText">Set directory for writing temp files.
9765 Default is <span class="ProgramNameChar"><span style=
9766 'font-size:10.0pt'>/tmp/</span></span>.</p>
9767 <p class="TextFontCX"><span class="Flag"><span style=
9768 'font-size:10.0pt'>I<i><directory></i></span></span></p>
9769 <p class="IndentText">Add directory to path searched for C include
9770 files. Note there is no space after the <span class=
9771 "Flag"><span style='font-size:10.0pt'>I</span></span>, to be
9772 consistent with C preprocessor flags.</p>
9773 <p class="TextFontCX"><span class="Flag"><span style=
9774 'font-size:10.0pt'>S<i><directory></i></span></span></p>
9775 <p class="IndentText">Add directory to path search for
9776 <span class="ProgramNameChar"><span style=
9777 'font-size:10.0pt'>.lcl</span></span> specification
9779 <p class="IndentText"> </p>
9780 <p class="TextFontCX"><span class="Flag"><span style=
9781 'font-size:10.0pt'>larchpath</span></span> <span class=
9783 'font-size:10.0pt'><i><path></i></span></span></p>
9784 <p class="IndentText">Set path to search for library files.
9785 Overrides <span class="CodeText"><span style=
9786 'font-size:10.0pt'>LARCH_PATH</span></span> environment
9788 <p class="TextFontCX"><span class="Flag"><span style=
9789 'font-size:10.0pt'>lclimportdir</span></span> <span class=
9791 'font-size:10.0pt'><i><directory></i></span></span></p>
9792 <p class="IndentText">Set directory to search for LCL import
9793 files. Overrides<span class="CodeText"><span style=
9794 'font-size:10.0pt'>LCLIMPORTDIR</span></span> environment
9796 <p class="IndentText"> </p>
9797 <p class="TextFontCX"><span class="Flag"><span style=
9798 'font-size:10.0pt'>f</span></span> <span class=
9799 "Flag"><span style='font-size:10.0pt'><i><file></i></span></span></p>
9800 <p class="MsoNormal" style='margin-left:13.5pt'>Load options from
9801 <span class="Flag"><i><span style=
9802 'font-size:10.0pt'><file></span></i></span>. If this
9803 flag is used from the command line, the default <span class=
9804 "FileNameChar"><span style=
9805 'font-size:10.0pt'>~/.splintrc</span></span> file is not
9806 loaded. This flag may be used in an options file to include
9807 another options file.</p>
9808 <p class="TextFontCX"><span class="Flag"><span style=
9809 'font-size:10.0pt'>i</span></span> <span class=
9810 "Flag"><span style='font-size:10.0pt'><i><file></i></span></span></p>
9811 <p class="MsoNormal" style='margin-left:13.5pt'>Set LCL
9812 initilization file.</p>
9813 <p class="TextFontCX"><span class="Flag"><span style=
9814 'font-size:10.0pt'>nof</span></span></p>
9815 <p class="IndentText">Prevents the default options files
9816 (<span class="FileNameChar"><span style=
9817 'font-size:10.0pt'>./.splintrc</span></span>and <span class=
9818 "FileNameChar"><span style=
9819 'font-size:10.0pt'>~/.splintrc</span></span>) from being
9820 loaded. (Setting <span class="Flag"><span style=
9821 'font-size:10.0pt'>-nof</span></span> overrides <span class=
9822 "Flag"><span style='font-size:10.0pt'>+nof</span></span>, causing
9823 the options files to be loaded normally.)</p>
9824 <p class="TextFontCX"><span class="Flag"><span style=
9825 'font-size:10.0pt'>sys-dirs</span></span></p>
9826 <p class="IndentText">Set directories for system files (default is
9827 <span class="FileNameChar"><span style=
9828 'font-size:10.0pt'>/usr/</span></span>). Separate directories
9829 with the path separator for your operating system (e.g.,
9830 semi-colons for Windows or colons for Unix: <span class=
9831 "FileNameChar"><span style=
9832 'font-size:10.0pt'>/usr/include:/usr/local/lib</span></span>).
9833 Flag settings propagate to files in a system directory. If
9834 <span class="Flag"><span style=
9835 'font-size:10.0pt'>-sys-dir-errors</span></span> is set, no errors
9836 are reported for files in system directories.</p>
9837 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
9838 <a name="_Toc534975043"></a><a name=
9839 "_Ref345883190">Pre-processor</a></p>
9841 <p class="beforelist">These flags are used to define or undefine
9842 pre-processor constants. The <span class=
9843 "Flag"><span style='font-size:10.0pt'>-I<i><directory></i></span></span>
9844 flag is also passed to the C pre-processor.</p>
9845 <p class="TextFontCX"><span class="Flag"><span style=
9846 'font-size:10.0pt'>D<initializer></span></span></p>
9847 <p class="IndentText">Passed to the C pre-processor.</p>
9849 <p class="FileName0" style='margin-left:0in'><span class=
9850 "Flag">U<initializer></span></p>
9851 <p class="IndentText">Passed to the C pre-processor.</p>
9854 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
9855 height="14" align="left">
9857 <td valign="top" align="left" height="14" style=
9858 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
9859 <p class="TextFontCX" align="center" style=
9860 'text-align:center;background:#CCCCCC'><span style=
9861 'font-size:10.0pt'>P:</span> <span class=
9862 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
9863 <p class="TextFontCX"><span class="Flag"><span style=
9864 'font-size:10.0pt'>unrecogdirective</span></span></p>
9865 <p class="IndentText">Preprocessor directive is not recognized.
9869 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
9870 height="14" align="left">
9872 <td valign="top" align="left" height="14" style=
9873 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
9874 <p class="TextFontCX" align="center" style=
9875 'text-align:center;background:#CCCCCC'><span style=
9876 'font-size:10.0pt'>P:</span> <span class=
9877 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
9878 <p class="TextFontCX"><span class="Flag"><span style=
9879 'font-size:10.0pt'>preproc</span></span></p>
9880 <p class="IndentText">Preprocessing error.
9884 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
9885 <a name="_Toc534975044">Libraries</a></p>
9886 <p class="beforelist">These flags control the creation and use of
9888 <p class="TextFontCX"><span class="Flag"><span style=
9889 'font-size:10.0pt'>dump</span></span> <span class=
9891 'font-size:10.0pt'><i><file></i></span></span></p>
9892 <p class="IndentText">Save state in <span class=
9893 "Flag"><i><span style=
9894 'font-size: 10.0pt'><file></span></i></span> for
9895 loading. The default extension <span class=
9896 "ProgramNameChar"><span style='font-size:10.0pt'>.lcd</span></span>
9897 is added if <span class="Flag"><i><span style=
9898 'font-size:10.0pt'><file></span></i></span> has no
9900 <p class="TextFontCX"><span class="Flag"><span style=
9901 'font-size:10.0pt'>load</span></span><span class=
9902 "Flag"><span style='font-size:10.0pt'> <i><file></i></span></span></p>
9903 <p class="IndentText">Load state from <span class=
9904 "Flag"><i><span style=
9905 'font-size: 10.0pt'><file></span></i></span> (created by
9906 <span class="Flag"><span style=
9907 'font-size:10.0pt'>-dump</span></span>). The default
9908 extension <span class="FileNameChar"><span style=
9909 'font-size:10.0pt'>.lcd</span></span> is added if
9910 <span class="Flag"><i><span style=
9911 'font-size:10.0pt'><file></span></i></span> has no
9912 extension. Only one library file may be loaded.</p>
9913 <p class="betweenlists">By default, the standard library is loaded
9914 if the <span class="Flag"><span style=
9915 'font-size:10.0pt'>-load</span></span> flag is not used to load a
9916 user library. If no user library is loaded, one of the
9917 following flags may be used to select a different standard
9918 library. Precede the flag by <span class=
9919 "Flag"><span style='font-size:10.0pt'>+</span></span> to load
9920 the described library (or to prevent a library from being
9921 loaded using <span class="Flag"><span style=
9922 'font-size:10.0pt'>no-lib</span></span>). See Section 14.1
9923 for information on the provided libraries.</p>
9924 <p class="TextFontCX"><span class="Flag"><span style=
9925 'font-size:10.0pt'>no-lib</span></span></p>
9926 <p class="IndentText">Do not load any library. This prevents
9927 the standard library from being loaded.</p>
9928 <p class="TextFontCX"><span class="Flag"><span style=
9929 'font-size:10.0pt'>ansi-lib</span></span></p>
9930 <p class="IndentText">Use the ANSI standard library (selected by
9932 <p class="TextFontCX"><span class="Flag"><span style=
9933 'font-size:10.0pt'>strict-lib</span></span></p>
9934 <p class="IndentText">Use strict version of the ANSI standard
9936 <p class="TextFontCX"><span class="Flag"><span style=
9937 'font-size:10.0pt'>posix-lib</span></span></p>
9938 <p class="IndentText">Use the POSIX standard library.</p>
9939 <p class="TextFontCX"><span class="Flag"><span style=
9940 'font-size:10.0pt'>posix-strict-lib</span></span></p>
9941 <p class="IndentText">Use the strict version of the POSIX standard
9943 <p class="TextFontCX"><span class="Flag"><span style=
9944 'font-size:10.0pt'>unix-lib</span></span></p>
9945 <p class="IndentText">Use UNIX version of standard library.</p>
9946 <p class="TextFontCX"><span class="Flag"><span style=
9947 'font-size:10.0pt'>unix-strict-lib</span></span></p>
9948 <p class="IndentText">Use the strict version of the UNIX standard
9950 <p class="IndentText"> </p>
9951 <p class="TextFontCX"><span class="Flag"><span style=
9952 'font-size:10.0pt'>which-lib</span></span></p>
9953 <p class="IndentText">Print out the standard library filename and
9954 creation information.</p>
9957 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
9958 height="14" align="left">
9960 <td valign="top" align="left" height="14" style=
9961 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
9962 <p class="TextFontCX" align="center" style=
9963 'text-align:center;background:#CCCCCC'><span style=
9964 'font-size:10.0pt'>P:</span> <span class=
9965 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
9966 <p class="TextFontCX"><span class="Flag"><span style=
9967 'font-size:10.0pt'>newdecl</span></span></p>
9968 <p class="IndentText">There is a new declaration that is not declared in a loaded library or
9969 earlier file. (Use this flag to check for consistency against a library.)
9974 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
9975 height="14" align="left">
9977 <td valign="top" align="left" height="14" style=
9978 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
9979 <p class="TextFontCX" align="center" style=
9980 'text-align:center;background:#CCCCCC'><span style=
9981 'font-size:10.0pt'>P:</span> <span class=
9982 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
9983 <p class="TextFontCX"><span class="Flag"><span style=
9984 'font-size:10.0pt'>impconj</span></span></p>
9985 <p class="IndentText">Make all alternate types implicit (useful for making system libraries).
9988 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
9989 <a name="_Toc534975045">Output</a></p>
9990 <p class="beforelist">These flags control what additional
9991 information Splint prints. Setting <span class=
9993 'font-size:10.0pt'>+<i><flag></i></span></span> causes the
9994 described information to be printed; setting <span class=
9996 'font-size:10.0pt'>-<i><flag></i></span></span> prevents
9997 it. By default, all these flags are off.</p>
9998 <p class="TextFontCX"><span class="Flag"><span style=
9999 'font-size:10.0pt'>use-stderr</span></span></p>
10000 <p class="IndentText">Send error messages to standard error
10001 (instead of standard output).</p>
10002 <p class="TextFontCX"><span class="Flag"><span style=
10003 'font-size:10.0pt'>show-summary</span></span></p>
10004 <p class="IndentText">Show a summary of all errors reported and
10005 suppressed. Counts of suppressed errors are not necessarily
10006 correct since turning a flag off may prevent some checking from
10007 being done to save computation, and errors that are not reported
10008 may propagate differently from when they are reported.</p>
10009 <p class="TextFontCX"><span class="Flag"><span style=
10010 'font-size:10.0pt'>show-scan</span></span></p>
10011 <p class="IndentText">Show file names are they are processed.</p>
10012 <p class="TextFontCX"><span class="Flag"><span style=
10013 'font-size:10.0pt'>show-all-uses</span></span></p>
10014 <p class="IndentText">Show list of uses of all external identifiers
10015 sorted by number of uses.</p>
10016 <p class="TextFontCX"><span class="Flag"><span style=
10017 'font-size:10.0pt'>stats</span></span></p>
10018 <p class="IndentText">Display number of lines processed and
10020 <p class="TextFontCX"><span class="Flag"><span style=
10021 'font-size:10.0pt'>time-dist</span></span></p>
10022 <p class="IndentText">Display distribution of where checking time
10024 <p class="TextFontCX"><span class="Flag"><span style=
10025 'font-size:10.0pt'>quiet</span></span></p>
10026 <p class="IndentText">Suppress herald and error count. (If
10027 <span class="Flag"><span style=
10028 'font-size:10.0pt'>quiet</span></span> is not set, Splint prints
10029 out a herald with version information before checking begins, and a
10030 line summarizing the total number of errors reported.)</p>
10032 <p class="TextFontCX"><span class="Flag"><span style=
10033 'font-size:10.0pt'>iso-lib</span></span></p>
10034 <p class="IndentText">Use library based on the ISO standard library specification.
10037 <p class="TextFontCX"><span class="Flag"><span style=
10038 'font-size:10.0pt'>warn-unix-lib</span></span></p>
10039 <p class="IndentText">
10040 Warn when the unix library is used. Unix library may not be compatible with all platforms.
10043 <p class="TextFontCX"><span class="Flag"><span style=
10044 'font-size:10.0pt'>which-lib</span></span></p>
10045 <p class="IndentText">Print out the standard library filename and
10046 creation information.</p>
10051 <p class="TextFontCX"><span class="Flag"><span style=
10052 'font-size:10.0pt'>limit</span></span> <span class=
10053 "Flag"><span style=
10054 'font-size:10.0pt'><i><number></i></span></span></p>
10055 <p class="IndentText">At most <span class=
10056 "Flag"><i><span style='font-size:10.0pt'><number></span></i></span>
10057 similar errors are reported consecutively. Further
10058 errors are suppressed, and a message showing the number of
10059 suppressed messages is printed.</p>
10062 <p class="TextFontCX"><span class="Flag"><span style=
10063 'font-size:10.0pt'>message-stream</span></span> <span class=
10064 "Flag"><span style=
10065 'font-size:10.0pt'><i><file></i></span></span></p>
10066 <p class="IndentText">
10067 Send status messages to <i><span style='font-size:10.0pt'><file></span></i>.
10071 <p class="TextFontCX"><span class="Flag"><span style=
10072 'font-size:10.0pt'>message-stream-stdout</span></span> <span class=
10073 "Flag"><span style=
10074 'font-size:10.0pt'></span></span></p>
10075 <p class="IndentText">
10076 Send status messages to standard output stream.
10080 <p class="TextFontCX"><span class="Flag"><span style=
10081 'font-size:10.0pt'>message-stream-stderr</span></span> <span class=
10082 "Flag"><span style=
10083 'font-size:10.0pt'></span></span></p>
10084 <p class="IndentText">
10085 Send status messages to standard error stream.
10089 <p class="TextFontCX"><span class="Flag"><span style=
10090 'font-size:10.0pt'>warning-stream</span></span> <span class=
10091 "Flag"><span style=
10092 'font-size:10.0pt'><i><file></i></span></span></p>
10093 <p class="IndentText">
10094 Send warnings to <i><span style='font-size:10.0pt'><file></span></i>.
10098 <p class="TextFontCX"><span class="Flag"><span style=
10099 'font-size:10.0pt'>warning-stream-stdout</span></span> <span class=
10100 "Flag"><span style=
10101 'font-size:10.0pt'></span></span></p>
10102 <p class="IndentText">
10103 Send warnings to standard output stream.
10107 <p class="TextFontCX"><span class="Flag"><span style=
10108 'font-size:10.0pt'>warning-stream-stderr</span></span> <span class=
10109 "Flag"><span style=
10110 'font-size:10.0pt'></span></span></p>
10111 <p class="IndentText">
10112 Send warnings to standard error stream.
10116 <p class="TextFontCX"><span class="Flag"><span style=
10117 'font-size:10.0pt'>error-stream</span></span> <span class=
10118 "Flag"><span style=
10119 'font-size:10.0pt'><i><file></i></span></span></p>
10120 <p class="IndentText">
10121 Send fatal errors to <i><span style='font-size:10.0pt'><file></span></i>.
10125 <p class="TextFontCX"><span class="Flag"><span style=
10126 'font-size:10.0pt'>error-stream-stdout</span></span> <span class=
10127 "Flag"><span style=
10128 'font-size:10.0pt'></span></span></p>
10129 <p class="IndentText">
10130 Send fatal errors to standard output stream.
10134 <p class="TextFontCX"><span class="Flag"><span style=
10135 'font-size:10.0pt'>error-stream-stderr</span></span> <span class=
10136 "Flag"><span style=
10137 'font-size:10.0pt'></span></span></p>
10138 <p class="IndentText">
10139 Send fatal errors to standard error stream.
10143 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
10144 <a name="_Toc534975046">Expected Errors</a></p>
10145 <p class="beforelist">Normally, Splint will expect to report no
10146 errors. The exit status will be success (<span class=
10147 "Keyword"><span style='font-size:10.0pt'>0</span></span>) if no
10148 errors are reported, and failure if any errors are reported.
10149 Flags can be used to set the expected number of reported
10150 errors. Because of the provided error suppression mechanisms,
10151 these options should probably not be used for final checking real
10152 programs but may be useful in developing programs using make.</p>
10153 <p class="TextFontCX"><span class="Flag"><span style=
10154 'font-size:10.0pt'>expect</span></span> <span class=
10155 "Flag"><span style=
10156 'font-size:10.0pt'><i><number></i></span></span></p>
10157 <p class="IndentText">Exactly <span class=
10158 "Flag"><i><span style='font-size:10.0pt'><number></span></i></span>
10159 code errors are expected. Splint will exit with failure
10160 exit status unless <span class="Flag"><i><span style=
10161 'font-size:10.0pt'><number></span></i></span> code
10162 errors are detected.</p>
10163 <p class="MsoHeading8" style='margin-left:0in;text-indent:0in'>
10164 <a name="_Toc534975047">Message Format</a></p>
10165 <p class="beforelist">These flags control how messages are
10166 printed. They may be set at the command line, in options
10167 files, or locally in syntactic comments. The
10168 <span class="Flag"><span style=
10169 'font-size:10.0pt'>line-len</span></span> and <span class=
10170 "Flag"><span style='font-size:10.0pt'>limit</span></span>
10171 flags may be preceded by <span class="Flag"><span style=
10172 'font-size:10.0pt'>+</span></span> or <span class=
10173 "Flag"><span style='font-size:10.0pt'>-</span></span> with
10174 the same meaning; for the other flags, <span class=
10175 "Flag"><span style='font-size: 10.0pt'>+</span></span> turns
10176 on the describe printing and <span class="Flag"><span style=
10177 'font-size:10.0pt'>-</span></span> turns it off. The
10178 box to the left of each flag gives its default value.</p>
10180 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10181 height="14" align="left">
10183 <td valign="top" align="left" height="14" style=
10184 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10185 <p class="TextFontCX" align="center" style=
10186 'text-align:center;background:#CCCCCC'><span class=
10187 "Flag"><span style=
10188 'font-size:10.0pt'>+</span></span></p></td></tr></table></div>
10189 <p class="TextFontCX"><span class="Flag"><span style=
10190 'font-size:10.0pt'>show-column</span></span></p>
10191 <p class="IndentText">Show column number where error is found.</p>
10193 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10194 height="14" align="left">
10196 <td valign="top" align="left" height="14" style=
10197 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10198 <p class="TextFontCX" align="center" style=
10199 'text-align:center;background:#CCCCCC'><span class=
10200 "Flag"><span style=
10201 'font-size:10.0pt'>+</span></span></p></td></tr></table></div>
10202 <p class="TextFontCX"><span class="Flag"><span style=
10203 'font-size:10.0pt'>show-func</span></span></p>
10204 <p class="IndentText">Show name of function (or macro) definition
10205 containing error. The function name is printed once before
10206 the first message detected in that function.</p>
10208 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10209 height="14" align="left">
10211 <td valign="top" align="left" height="14" style=
10212 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10213 <p class="TextFontCX" align="center" style=
10214 'text-align:center;background:#CCCCCC'><span class=
10215 "Flag"><span style=
10216 'font-size:10.0pt'>-</span></span></p></td></tr></table></div>
10217 <p class="TextFontCX"><span class="Flag"><span style=
10218 'font-size:10.0pt'>show-all-conjs</span></span></p>
10219 <p class="IndentText">Show all possible alternate types (see
10222 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10223 height="14" align="left">
10225 <td valign="top" align="left" height="14" style=
10226 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10227 <p class="TextFontCX" align="center" style=
10228 'text-align:center;background:#CCCCCC'><span class=
10229 "Flag"><span style=
10230 'font-size:10.0pt'>-</span></span></p></td></tr></table></div>
10231 <p class="TextFontCX"><span class="Flag"><span style=
10232 'font-size:10.0pt'>paren-file-format</span></span></p>
10233 <p class="IndentText">Use <span class="Flag"><i><span style=
10234 'font-size:10.0pt'><file></span></i></span><span class=
10235 "CodeText"><span style=
10236 'font-size:10.0pt'>(</span></span><span class=
10237 "Flag"><i><span style='font-size:10.0pt'><line></span></i></span><span class="CodeText">
10238 <span style='font-size:10.0pt'>)</span></span> format in
10239 messages. (Default is + for Win32 for compatibility with
10240 Microsoft VisualStudio.)</p>
10242 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10243 height="14" align="left">
10245 <td valign="top" align="left" height="14" style=
10246 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10247 <p class="TextFontCX" align="center" style=
10248 'text-align:center;background:#CCCCCC'><span class=
10249 "Flag"><span style=
10250 'font-size:10.0pt'>+</span></span></p></td></tr></table></div>
10251 <p class="TextFontCX"><span class="Flag"><span style=
10252 'font-size:10.0pt'>hints</span></span></p>
10253 <p class="IndentText">Provide hints describing an error and how a
10254 message may be suppressed for the first error reported in each
10257 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10258 height="14" align="left">
10260 <td valign="top" align="left" height="14" style=
10261 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10262 <p class="TextFontCX" align="center" style=
10263 'text-align:center;background:#CCCCCC'><span class=
10264 "Flag"><span style=
10265 'font-size:10.0pt'>-</span></span></p></td></tr></table></div>
10266 <p class="TextFontCX"><span class="Flag"><span style=
10267 'font-size:10.0pt'>force-hints</span></span></p>
10268 <p class="IndentText">Provide hints for all errors reported, even
10269 if the hint has already been displayed for the same error
10272 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10273 height="14" align="left">
10275 <td valign="top" align="left" height="14" style=
10276 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10277 <p class="TextFontCX" align="center" style=
10278 'text-align:center;background:#CCCCCC'><span class=
10279 "Flag"><span style=
10280 'font-size:10.0pt'>80</span></span></p></td></tr></table></div>
10281 <p class="TextFontCX"><span class="Flag"><span style=
10282 'font-size:10.0pt'>line-len</span></span> <span class=
10283 "Flag"><span style=
10284 'font-size:10.0pt'><i><number></i></span></span></p>
10285 <p class="IndentText">Set length of maximum message line to
10286 <span class="Flag"><i><span style=
10287 'font-size:10.0pt'><number></span></i></span>
10288 characters. Splint will split messages longer than
10289 <span class="Flag"><i><span style=
10290 'font-size: 10.0pt'><number></span></i></span> characters
10291 long into multiple lines.</p>
10294 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10295 height="14" align="left">
10297 <td valign="top" align="left" height="14" style=
10298 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10299 <p class="TextFontCX" align="center" style=
10300 'text-align:center;background:#CCCCCC'><span class=
10301 "Flag"><span style=
10302 'font-size:10.0pt'>3</span></span></p></td></tr></table></div>
10303 <p class="TextFontCX"><span class="Flag"><span style=
10304 'font-size:10.0pt'>indentspaces</span></span> <span class=
10305 "Flag"><span style=
10306 'font-size:10.0pt'><i><number></i></span></span></p>
10307 <p class="IndentText">
10308 Set the number of spaces to indent sub-messages.
10313 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10314 height="14" align="left">
10316 <td valign="top" align="left" height="14" style=
10317 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10318 <p class="TextFontCX" align="center" style=
10319 'text-align:center;background:#CCCCCC'><span class=
10320 "Flag"><span style=
10321 'font-size:10.0pt'>3</span></span></p></td></tr></table></div>
10322 <p class="TextFontCX"><span class="Flag"><span style=
10323 'font-size:10.0pt'>locindentspaces</span></span> <span class=
10324 "Flag"><span style=
10325 'font-size:10.0pt'><i><number></i></span></span></p>
10326 <p class="IndentText">
10327 Set number of spaces to indent sub-messages that start with file locations.
10333 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10334 height="14" align="left">
10336 <td valign="top" align="left" height="14" style=
10337 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10338 <p class="TextFontCX" align="center" style=
10339 'text-align:center;background:#CCCCCC'><span class=
10340 "Flag"><span style=
10341 'font-size:10.0pt'>-</span></span></p></td></tr></table></div>
10342 <p class="TextFontCX"><span class="Flag"><span style=
10343 'font-size:10.0pt'>showdeephistory</span></span> <span class=
10344 "Flag"><span style=
10345 'font-size:10.0pt'></span></span></p>
10346 <p class="IndentText">
10347 Show all available information about storage mentioned in warnings.
10351 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10352 height="14" align="left">
10354 <td valign="top" align="left" height="14" style=
10355 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10356 <p class="TextFontCX" align="center" style=
10357 'text-align:center;background:#CCCCCC'><span class=
10358 "Flag"><span style=
10359 'font-size:10.0pt'>-</span></span></p></td></tr></table></div>
10360 <p class="TextFontCX"><span class="Flag"><span style=
10361 'font-size:10.0pt'>showloadloc</span></span> <span class=
10362 "Flag"><span style=
10363 'font-size:10.0pt'></span></span></p>
10364 <p class="IndentText">
10365 Show location information for load files.
10370 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10371 height="14" align="left">
10373 <td valign="top" align="left" height="14" style=
10374 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10375 <p class="TextFontCX" align="center" style=
10376 'text-align:center;background:#CCCCCC'><span class=
10377 "Flag"><span style=
10378 'font-size:10.0pt'>-</span></span></p></td></tr></table></div>
10379 <p class="TextFontCX"><span class="Flag"><span style=
10380 'font-size:10.0pt'>csv</span></span> <span class=
10381 "Flag"><span style=
10382 'font-size:10.0pt'></span></span></p>
10383 <p class="IndentText">
10384 Produce comma-separated values (CSV) warnings output file.
10389 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10390 height="14" align="left">
10392 <td valign="top" align="left" height="14" style=
10393 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10394 <p class="TextFontCX" align="center" style=
10395 'text-align:center;background:#CCCCCC'><span class=
10396 "Flag"><span style=
10397 'font-size:10.0pt'>-</span></span></p></td></tr></table></div>
10398 <p class="TextFontCX"><span class="Flag"><span style=
10399 'font-size:10.0pt'>csvoverwrite</span></span> <span class=
10400 "Flag"><span style=
10401 'font-size:10.0pt'></span></span></p>
10402 <p class="IndentText">
10403 Overwrite exisiting CVS output file Show location information for load files.
10408 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10409 height="14" align="left">
10411 <td valign="top" align="left" height="14" style=
10412 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10413 <p class="TextFontCX" align="center" style=
10414 'text-align:center;background:#CCCCCC'><span class=
10415 "Flag"><span style=
10416 'font-size:10.0pt'>-</span></span></p></td></tr></table></div>
10417 <p class="TextFontCX"><span class="Flag"><span style=
10418 'font-size:10.0pt'>htmlfileformat</span></span> <span class=
10419 "Flag"><span style=
10420 'font-size:10.0pt'></span></span></p>
10421 <p class="IndentText">
10422 Show file locations as links.
10427 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10428 height="14" align="left">
10430 <td valign="top" align="left" height="14" style=
10431 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10432 <p class="TextFontCX" align="center" style=
10433 'text-align:center;background:#CCCCCC'><span class=
10434 "Flag"><span style=
10435 'font-size:10.0pt'>+</span></span></p></td></tr></table></div>
10436 <p class="TextFontCX"><span class="Flag"><span style=
10437 'font-size:10.0pt'>streamoverwrite</span></span> <span class=
10438 "Flag"><span style=
10439 'font-size:10.0pt'></span></span></p>
10440 <p class="IndentText">
10441 Warn and exit if a stream output file would overwrite an existing file.
10445 <p class="MsoHeading8" style='margin-left:0in;text-indent:0in'>
10446 <a name="_Toc534975048">Mode Selector Flags</a></p>
10447 <p class="TextFontCX">Mode selects flags set the mode checking
10448 flags to predefined values. They provide a quick coarse-grain
10449 way of controlling what classes of errors are reported. Specific
10450 checking flags may be set after a mode flag to override the mode
10451 settings. Mode flags may be used locally, however the mode
10452 settings will override specific command line flag settings. A
10453 warning is produced if a mode flag is used after a mode checking
10454 flag has been set.</p>
10455 <p class="TextFontCX"> </p>
10456 <p class="beforelist">These are brief descriptions to give a
10457 general idea of what each mode does. To see the complete flag
10458 settings in each mode, use <span class="Flag"><span style=
10459 'font-size:10.0pt'>splint -help modes</span></span>. A mode flag
10460 has the same effect when used with either <span class=
10461 "Flag"><span style='font-size:10.0pt'>+</span></span> or
10462 <span class="Flag"><span style=
10463 'font-size:10.0pt'>-</span></span>.</p>
10464 <p class="TextFontCX"><span class="Flag"><span style=
10465 'font-size:10.0pt'>weak</span></span></p>
10466 <p class="IndentText">Weak checking, intended for typical
10467 unannotated C code. No modifies checking, macro checking, rep
10468 exposure, or clean interface checking is done. Return values
10469 of type <span class="CodeText"><span style=
10470 'font-size:10.0pt'>int</span></span> may be ignored. The
10471 types <span class="CodeText"><span style=
10472 'font-size:10.0pt'>bool</span></span>, <span class=
10473 "CodeText"><span style='font-size:10.0pt'>int</span></span>,
10474 <span class="CodeText"><span style=
10475 'font-size:10.0pt'>char</span></span> and user-defined
10476 <span class="CodeText"><span style=
10477 'font-size:10.0pt'>enum</span></span> types are all
10478 equivalent. Old style declarations are unreported.</p>
10479 <p class="TextFontCX"><span class="Flag"><span style=
10480 'font-size:10.0pt'>standard</span></span></p>
10481 <p class="IndentText">The default mode. All checking done by
10482 <span class="Flag"><span style=
10483 'font-size:10.0pt'>weak</span></span>, plus modifies checking,
10484 global, alias checking, use all parameters, using released storage,
10485 ignored return values or any type, macro checking, unreachable
10486 code, infinite loops, and fall through cases. The types
10487 <span class="CodeText"><span style=
10488 'font-size:10.0pt'>bool</span></span>, <span class=
10489 "CodeText"><span style='font-size:10.0pt'>int</span></span> and
10490 <span class="CodeText"><span style=
10491 'font-size:10.0pt'>char</span></span> are distinct. Old style
10492 declarations are reported.</p>
10493 <p class="TextFontCX"> <span class="Flag"><span style=
10494 'font-size:10.0pt'>checks</span></span></p>
10495 <p class="IndentText">Moderately strict checking. All
10496 checking done by <span class="Flag"><span style=
10497 'font-size:10.0pt'>standard</span></span>, plus must modification
10498 checking, rep exposure, return alias, memory management and
10499 complete interfaces.</p>
10500 <p class="TextFontCX"><span class="Flag"><span style=
10501 'font-size:10.0pt'>strict</span></span></p>
10502 <p class="IndentText">Absurdly strict checking. All checking
10503 done by <span class="Flag"><span style=
10504 'font-size:10.0pt'>checks</span></span>, plus modifications and
10505 global variables used in unspecified functions, strict standard
10506 library, and strict typing of C operators. A special reward will be
10507 presented to the first person to produce a real program that
10508 produces no errors with <span class="Flag"><span style=
10509 'font-size:10.0pt'>strict</span></span> checking.</p>
10510 <p class="MsoHeading8" style='margin-left:0in;text-indent:0in'>
10511 <a name="_Ref344798116"></a><a name="_Toc534975049">Checking
10513 <p class="TextFontCX">These flags control checking done by
10514 Splint. They may be set locally using syntactic comments,
10515 from the command line, or in an options file. Some flags
10516 directly control whether a certain class of message is
10517 reported. Preceding the flag by <span class=
10518 "Flag"><span style='font-size:10.0pt'>+</span></span> turns
10519 reporting on, and preceding the flag by <span class=
10520 "Flag"><span style='font-size:10.0pt'>-</span></span> turns
10521 reporting off. Other flags control checking less directly by
10522 determining default values (what annotations are implicit), making
10523 types equivalent (to prevent certain type errors), controlling
10524 representation access, etc. For these flags, the effect of
10525 <span class="Flag"><span style='font-size:10.0pt'>+</span></span>
10526 is described, and the effect of <span class=
10527 "Flag"><span style='font-size:10.0pt'>-</span></span> is the
10528 opposite (or explicitly explained if there is no clear
10529 opposite). The organization of this section mirrors
10531 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
10532 <a name="_Toc534975051"></a>
10533 <a name="_Toc534975056">Null
10534 Dereferences</a> <span class="TextFontCXChar"><span style=
10535 'font-size:11.0pt; font-weight:normal'>(Section
10536 2)</span></span></p>
10539 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10540 height="14" align="left">
10542 <td valign="top" align="left" height="14" style=
10543 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10544 <p class="TextFontCX" align="center" style=
10545 'text-align:center;background:#CCCCCC'><span style=
10546 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
10547 <p class="TextFontCX"><span class="Flag"><span style=
10548 'font-size:10.0pt'>null</span></span></p>
10549 <p class="IndentText">A possibly null pointer may be dereferenced,
10550 or used somewhere a non-null pointer is expected. (sets nulldref, nullpass, nullassign, and nullstate</p>
10553 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10554 height="14" align="left">
10556 <td valign="top" align="left" height="14" style=
10557 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10558 <p class="TextFontCX" align="center" style=
10559 'text-align:center;background:#CCCCCC'><span style=
10560 'font-size:10.0pt'>m:</span><span class=
10561 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
10562 <p class="TextFontCX"><span class="Flag"><span style=
10563 'font-size:10.0pt'>
10566 <p class="IndentText">A possibly null pointer is dereferenced. Value is either the result of a function which may return null (in which case,
10567 code should check it is not null), or a global, parameter or structure field declared with the null qualifier.
10573 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10574 height="14" align="left">
10576 <td valign="top" align="left" height="14" style=
10577 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10578 <p class="TextFontCX" align="center" style=
10579 'text-align:center;background:#CCCCCC'><span style=
10580 'font-size:10.0pt'>m:</span><span class=
10581 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
10582 <p class="TextFontCX"><span class="Flag"><span style=
10583 'font-size:10.0pt'>
10586 <p class="IndentText">
10587 A possibly null pointer is passed as a parameter corresponding to a formal parameter with no /*@null@*/ annotation. If NULL may be
10588 used for this parameter, add a /*@null@*/ annotation to the function parameter declaration.
10591 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10592 height="14" align="left">
10594 <td valign="top" align="left" height="14" style=
10595 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10596 <p class="TextFontCX" align="center" style=
10597 'text-align:center;background:#CCCCCC'><span style=
10598 'font-size:10.0pt'>m:</span><span class=
10599 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
10600 <p class="TextFontCX"><span class="Flag"><span style=
10601 'font-size:10.0pt'>
10604 <p class="IndentText">
10605 Function returns a possibly null pointer, but is not declared using /*@null@*/ annotation of result. If function may return NULL, add /*@null@*/ annotation to the return value declaration.
10609 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10610 height="14" align="left">
10612 <td valign="top" align="left" height="14" style=
10613 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10614 <p class="TextFontCX" align="center" style=
10615 'text-align:center;background:#CCCCCC'><span style=
10616 'font-size:10.0pt'>m:</span><span class=
10617 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
10618 <p class="TextFontCX"><span class="Flag"><span style=
10619 'font-size:10.0pt'>
10622 <p class="IndentText">
10623 A possibly null pointer is reachable from a parameter or global variable that is not declared using a /*@null@*/ annotation.
10628 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10629 height="14" align="left">
10631 <td valign="top" align="left" height="14" style=
10632 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10633 <p class="TextFontCX" align="center" style=
10634 'text-align:center;background:#CCCCCC'><span style=
10635 'font-size:10.0pt'>m:</span><span class=
10636 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
10637 <p class="TextFontCX"><span class="Flag"><span style=
10638 'font-size:10.0pt'>
10641 <p class="IndentText">
10642 A reference with no null annotation is assigned or initialized to NULL. Use /*@null@*/ to declare the reference as a possibly null pointer.
10645 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
10646 <a name="_Toc534975055">Use Before Definition</a>
10647 <span class="TextFontCXChar"><span style=
10648 'font-size:11.0pt; font-weight:normal'>(Section
10649 3)</span></span></p>
10651 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10652 height="14" align="left">
10654 <td valign="top" align="left" height="14" style=
10655 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10656 <p class="TextFontCX" align="center" style=
10657 'text-align:center;background:#CCCCCC'><span style=
10658 'font-size:10.0pt'>m:</span><span class=
10659 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
10660 <p class="TextFontCX"><span class="Flag"><span style=
10661 'font-size:10.0pt'>usedef</span></span></p>
10662 <p class="IndentText">The value of a location that may not be
10663 initialized on some execution path is used.</p>
10665 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10666 height="14" align="left">
10668 <td valign="top" align="left" height="14" style=
10669 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10670 <p class="TextFontCX" align="center" style=
10671 'text-align:center;background:#CCCCCC'><span style=
10672 'font-size:10.0pt'>m:</span><span class=
10673 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
10674 <p class="TextFontCX"><span class="Flag"><span style=
10675 'font-size:10.0pt'>impouts</span></span></p>
10676 <p class="IndentText">Allow unannotated pointer parameters to
10677 functions to be implicit out parameters.</p>
10679 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10680 height="14" align="left">
10682 <td valign="top" align="left" height="14" style=
10683 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10684 <p class="TextFontCX" align="center" style=
10685 'text-align:center;background:#CCCCCC'><span style=
10686 'font-size:10.0pt'>m:</span><span class=
10687 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
10688 <p class="TextFontCX"><span class="Flag"><span style=
10689 'font-size:10.0pt'>compdef</span></span></p>
10690 <p class="IndentText">Storage derivable from a parameter, return
10691 value or global variable is not completely defined.</p>
10693 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10694 height="14" align="left">
10696 <td valign="top" align="left" height="14" style=
10697 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10698 <p class="TextFontCX" align="center" style=
10699 'text-align:center;background:#CCCCCC'><span style=
10700 'font-size:10.0pt'>m:</span><span class=
10701 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
10702 <p class="TextFontCX"><span class="Flag"><span style=
10703 'font-size:10.0pt'>uniondef</span></span></p>
10704 <p class="IndentText">No field of a union is defined. (No
10705 error is reported if at least one union field is defined.)</p>
10707 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10708 height="14" align="left">
10710 <td valign="top" align="left" height="14" style=
10711 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10712 <p class="TextFontCX" align="center" style=
10713 'text-align:center;background:#CCCCCC'><span style=
10714 'font-size:10.0pt'>m:</span><span class=
10715 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
10716 <p class="TextFontCX"><span class="Flag"><span style=
10717 'font-size:10.0pt'>mustdefine</span></span></p>
10718 <p class="IndentText">Parameter declared with <span class=
10719 "Keyword"><span style='font-size:10.0pt'>out</span></span> is not
10720 defined before return or scope exit.</p>
10723 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
10726 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10727 height="14" align="left">
10729 <td valign="top" align="left" height="14" style=
10730 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10731 <p class="TextFontCX" align="center" style=
10732 'text-align:center;background:#CCCCCC'><span style=
10733 'font-size:10.0pt'>P:</span><span class=
10734 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
10735 <p class="TextFontCX"><span class="Flag"><span style=
10736 'font-size:10.0pt'>
10739 <p class="IndentText">
10740 Initializer does not set every field in the structure.
10745 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10746 height="14" align="left">
10748 <td valign="top" align="left" height="14" style=
10749 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10750 <p class="TextFontCX" align="center" style=
10751 'text-align:center;background:#CCCCCC'><span style=
10752 'font-size:10.0pt'>P:</span><span class=
10753 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
10754 <p class="TextFontCX"><span class="Flag"><span style=
10755 'font-size:10.0pt'>
10758 <p class="IndentText">
10759 Initializer does not define all elements of a declared array.
10764 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10765 height="14" align="left">
10767 <td valign="top" align="left" height="14" style=
10768 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10769 <p class="TextFontCX" align="center" style=
10770 'text-align:center;background:#CCCCCC'><span style=
10771 'font-size:10.0pt'>P:</span><span class=
10772 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
10773 <p class="TextFontCX"><span class="Flag"><span style=
10774 'font-size:10.0pt'>
10777 <p class="IndentText">
10778 Initializer block contains more elements than the size of a declared array.
10783 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10784 height="14" align="left">
10786 <td valign="top" align="left" height="14" style=
10787 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10788 <p class="TextFontCX" align="center" style=
10789 'text-align:center;background:#CCCCCC'><span style=
10790 'font-size:10.0pt'>m:</span><span class=
10791 "Keyword"><span style='font-size:10.0pt'>---</span></span></p></td></tr></table></div>
10792 <p class="TextFontCX"><span class="Flag"><span style=
10793 'font-size:10.0pt'>
10796 <p class="IndentText">
10797 Pointer parameters to unspecified functions may be implicit <span class=
10798 "Keyword"><span style='font-size:10.0pt'>out</span></span> parameters.
10801 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
10802 Declarations<span class="TextFontCXChar"><span style=
10803 'font-size:11.0pt; font-weight:normal'></span></span>
10804 <span class="TextFontCXChar">
10806 'font-size:11.0pt; font-weight:normal'>)</span></span></p>
10809 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10810 height="14" align="left">
10812 <td valign="top" align="left" height="14" style=
10813 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10814 <p class="TextFontCX" align="center" style=
10815 'text-align:center;background:#CCCCCC'><span style=
10816 'font-size:10.0pt'>m:</span><span class=
10817 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
10818 <p class="TextFontCX"><span class="Flag"><span style=
10819 'font-size:10.0pt'>
10822 <p class="IndentText">
10823 A function, variable or constant is redefined with a different type.
10827 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10828 height="14" align="left">
10830 <td valign="top" align="left" height="14" style=
10831 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10832 <p class="TextFontCX" align="center" style=
10833 'text-align:center;background:#CCCCCC'><span style=
10834 'font-size:10.0pt'>m:</span><span class=
10835 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
10836 <p class="TextFontCX"><span class="Flag"><span style=
10837 'font-size:10.0pt'>
10840 <p class="IndentText">
10841 A function type is dereferenced. The ANSI standard allows this because of
10842 implicit conversion of function designators, however the dereference is unnecessary.
10846 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10847 height="14" align="left">
10849 <td valign="top" align="left" height="14" style=
10850 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10851 <p class="TextFontCX" align="center" style=
10852 'text-align:center;background:#CCCCCC'><span style=
10853 'font-size:10.0pt'>m:</span><span class=
10854 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
10855 <p class="TextFontCX"><span class="Flag"><span style=
10856 'font-size:10.0pt'>
10859 <p class="IndentText">
10860 A declaration of an immutable object uses a redundant observer qualifier.
10865 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10866 height="14" align="left">
10868 <td valign="top" align="left" height="14" style=
10869 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10870 <p class="TextFontCX" align="center" style=
10871 'text-align:center;background:#CCCCCC'><span style=
10872 'font-size:10.0pt'>m:</span><span class=
10873 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
10874 <p class="TextFontCX"><span class="Flag"><span style=
10875 'font-size:10.0pt'>
10878 <p class="IndentText">
10879 A declaration of an unsharable object uses a sharing annotation.
10882 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
10883 Types <span class="TextFontCXChar"><span style=
10884 'font-size:11.0pt; font-weight:normal'>(Section</span></span>
10885 <span class="TextFontCXChar"><span style=
10886 'font-size:11.0pt; font-weight:normal'>4</span></span>
10887 <span class="TextFontCXChar">
10889 'font-size:11.0pt; font-weight:normal'>)</span></span></p>
10890 <p class="IndentText"> </p>
10893 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10894 height="14" align="left">
10896 <td valign="top" align="left" height="14" style=
10897 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10898 <p class="TextFontCX" align="center" style=
10899 'text-align:center;background:#CCCCCC'><span style=
10900 'font-size:10.0pt'>P:</span> <span class=
10901 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
10902 <p class="TextFontCX"><span class="Flag"><span style=
10903 'font-size:10.0pt'>
10906 <p class="IndentText">Type mismatch.</p>
10909 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10910 height="14" align="left">
10912 <td valign="top" align="left" height="14" style=
10913 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10914 <p class="TextFontCX" align="center" style=
10915 'text-align:center;background:#CCCCCC'><span style=
10916 'font-size:10.0pt'>P:</span> <span class=
10917 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
10918 <p class="TextFontCX"><span class="Flag"><span style=
10919 'font-size:10.0pt'>
10920 string-literal-too-long
10922 <p class="IndentText">
10923 A string literal is assigned to a char array too small to hold it.
10927 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10928 height="14" align="left">
10930 <td valign="top" align="left" height="14" style=
10931 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10932 <p class="TextFontCX" align="center" style=
10933 'text-align:center;background:#CCCCCC'><span style=
10934 'font-size:10.0pt'>m:</span> <span class=
10935 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
10936 <p class="TextFontCX"><span class="Flag"><span style=
10937 'font-size:10.0pt'>
10938 string-literal-no-room
10940 <p class="IndentText">
10941 A string literal is assigned to a char array that is not big enough to hold the null terminator.
10946 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10947 height="14" align="left">
10949 <td valign="top" align="left" height="14" style=
10950 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10951 <p class="TextFontCX" align="center" style=
10952 'text-align:center;background:#CCCCCC'><span style=
10953 'font-size:10.0pt'>m:</span> <span class=
10954 "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div>
10955 <p class="TextFontCX"><span class="Flag"><span style=
10956 'font-size:10.0pt'>
10957 string-literal-no-room-final-null
10959 <p class="IndentText">
10960 A string literal is assigned to a char array that is not big enough to
10961 hold the final null terminator. This may not be a problem because a null
10962 character has been explictedly included in the string literal using an
10967 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10968 height="14" align="left">
10970 <td valign="top" align="left" height="14" style=
10971 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10972 <p class="TextFontCX" align="center" style=
10973 'text-align:center;background:#CCCCCC'><span style=
10974 'font-size:10.0pt'>m:</span> <span class=
10975 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
10976 <p class="TextFontCX"><span class="Flag"><span style=
10977 'font-size:10.0pt'>
10978 string-literal-smaller
10980 <p class="IndentText">
10981 A string literal is assigned to a char array that smaller than the string literal needs.
10986 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
10987 height="14" align="left">
10989 <td valign="top" align="left" height="14" style=
10990 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
10991 <p class="TextFontCX" align="center" style=
10992 'text-align:center;background:#CCCCCC'><span style=
10993 'font-size:10.0pt'>m:</span> <span class=
10994 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
10995 <p class="TextFontCX"><span class="Flag"><span style=
10996 'font-size:10.0pt'>
10999 <p class="IndentText">
11000 Type of initial values for enum members must be int.
11003 <p class="Heading10">Boolean Types <span class=
11004 "HeadingNote"><span style=
11005 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span>
11006 <span class="HeadingNote"><span style=
11007 'font-size:10.5pt;font-weight:normal;font-style: normal'>4.2</span></span><span class="HeadingNote">
11009 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p>
11010 <p class="TextFontCX">These flags control the type name used to
11011 represent Booleans, and whether the Boolean type is abstract.</p>
11012 <p class="TextFontCX"> </p>
11014 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11015 height="14" align="left">
11017 <td valign="top" align="left" height="14" style=
11018 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11019 <p class="TextFontCX" align="center" style=
11020 'text-align:center;background:#CCCCCC'><span style=
11021 'font-size:10.0pt'>P:</span> <span class=
11022 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
11023 <p class="TextFontCX"><span class="Flag"><span style=
11024 'font-size:10.0pt'>bool</span></span></p>
11025 <p class="IndentText">Boolean type is an abstract type.</p>
11027 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11028 height="14" align="left">
11030 <td valign="top" align="left" height="14" style=
11031 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11032 <p class="TextFontCX" align="center" style=
11033 'text-align:center;background:#CCCCCC'><span style=
11034 'font-size:10.0pt'>P:</span> <span class="Flag"><span style=
11035 'font-size:10.0pt'>bool</span></span></p></td></tr></table></div>
11036 <p class="TextFontCX"><span class="Flag"><span style=
11037 'font-size:10.0pt'>booltype</span></span> <span class=
11038 "Flag"><span style=
11039 'font-size:10.0pt'><i><name></i></span></span></p>
11040 <p class="IndentText">Set name of Boolean type to
11041 <i><name></i>.</p>
11043 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11044 height="14" align="left">
11046 <td valign="top" align="left" height="14" style=
11047 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11048 <p class="TextFontCX" align="center" style=
11049 'text-align:center;background:#CCCCCC'><span style=
11050 'font-size:10.0pt'>P:</span><span class="Flag"><span style=
11051 'font-size:10.0pt'>FALSE</span></span></p></td></tr></table></div>
11052 <p class="TextFontCX"><span class="Flag"><span style=
11053 'font-size:10.0pt'>boolfalse</span></span> <span class=
11054 "Flag"><span style=
11055 'font-size:10.0pt'><i><name></i></span></span></p>
11056 <p class="IndentText">Set name of Boolean false to
11057 <i><name></i>.</p>
11059 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11060 height="14" align="left">
11062 <td valign="top" align="left" height="14" style=
11063 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11064 <p class="TextFontCX" align="center" style=
11065 'text-align:center;background:#CCCCCC'><span style=
11066 'font-size:10.0pt'>P:</span> <span class="Flag"><span style=
11067 'font-size:10.0pt'>TRUE</span></span></p></td></tr></table></div>
11068 <p class="TextFontCX"><span class="Flag"><span style=
11069 'font-size:10.0pt'>booltrue</span></span> <span class=
11070 "Flag"><span style=
11071 'font-size:10.0pt'><i><name></i></span></span></p>
11072 <p class="IndentText">Set name of Boolean true to
11073 <i><name></i>.</p>
11076 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11077 height="14" align="left">
11079 <td valign="top" align="left" height="14" style=
11080 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11081 <p class="TextFontCX" align="center" style=
11082 'text-align:center;background:#CCCCCC'><span style=
11083 'font-size:10.0pt'>P:</span> <span class=
11084 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
11085 <p class="TextFontCX"><span class="Flag"><span style=
11086 'font-size:10.0pt'>
11089 <p class="IndentText">
11090 Splint has found a type which appears to be the boolean type. Use the -booltype, -boolfalse and -booltrue flags to change the name of the default boolean type.
11094 <p class="Heading10"><a name="_Ref344871224">Predicates</a></p>
11096 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11097 height="14" align="left">
11099 <td valign="top" align="left" height="14" style=
11100 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11101 <p class="TextFontCX" align="center" style=
11102 'text-align:center;background:#CCCCCC'><span style=
11103 'font-size:10.0pt'>m:</span><span class=
11104 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
11105 <p class="TextFontCX"><span class="Flag"><span style=
11106 'font-size:10.0pt'>pred-bool-ptr</span></span></p>
11107 <p class="IndentText">Type of condition test is a pointer.</p>
11109 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11110 height="14" align="left">
11112 <td valign="top" align="left" height="14" style=
11113 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11114 <p class="TextFontCX" align="center" style=
11115 'text-align:center;background:#CCCCCC'><span style=
11116 'font-size:10.0pt'>m:</span><span class=
11117 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
11118 <p class="TextFontCX"><span class="Flag"><span style=
11119 'font-size:10.0pt'>pred-bool-int</span></span></p>
11120 <p class="IndentText">Type of condition test is an integral
11123 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11124 height="14" align="left">
11126 <td valign="top" align="left" height="14" style=
11127 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11128 <p class="TextFontCX" align="center" style=
11129 'text-align:center;background:#CCCCCC'><span style=
11130 'font-size:10.0pt'>m:</span><span class=
11131 "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div>
11132 <p class="TextFontCX"><span class="Flag"><span style=
11133 'font-size:10.0pt'>pred-bool-others</span></span></p>
11134 <p class="IndentText">Type of condition test is not a Boolean,
11135 pointer or integral type.</p>
11137 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11138 height="14" align="left">
11140 <td valign="top" align="left" height="14" style=
11141 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11142 <p class="TextFontCX" align="center" style=
11143 'text-align:center;background:#CCCCCC'><span style=
11144 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
11145 <p class="TextFontCX"><span class="Flag"><span style=
11146 'font-size:10.0pt'>pred-bool</span></span></p>
11147 <p class="IndentText">Sets <span class="Flag"><span style=
11148 'font-size:10.0pt'>predboolint</span></span>, <span class=
11149 "Flag"><span style='font-size:10.0pt'>predboolptr</span></span> and
11150 <span class="Flag"><span style=
11151 'font-size:10.0pt'>preboolothers</span></span>.</p>
11153 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11154 height="14" align="left">
11156 <td valign="top" align="left" height="14" style=
11157 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11158 <p class="TextFontCX" align="center" style=
11159 'text-align:center;background:#CCCCCC'><span style=
11160 'font-size:10.0pt'>P:</span> <span class=
11161 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
11162 <p class="TextFontCX"><span class="Flag"><span style=
11163 'font-size:10.0pt'>pred-assign</span></span></p>
11164 <p class="IndentText">The condition test is an assignment
11165 expression. If an assignment is intended, add an extra parentheses
11166 nesting (e.g., <span class="CodeText"><span style=
11167 'font-size:10.0pt'>if ((a = b))</span></span> ...).</p>
11168 <p class="Heading10">Primitive Operations</p>
11170 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11171 height="14" align="left">
11173 <td valign="top" align="left" height="14" style=
11174 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11175 <p class="TextFontCX" align="center" style=
11176 'text-align:center;background:#CCCCCC'><span style=
11177 'font-size:10.0pt'>m:</span><span class=
11178 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
11179 <p class="TextFontCX"><span class="Flag"><span style=
11180 'font-size:10.0pt'>ptr-arith</span></span></p>
11181 <p class="IndentText">Arithmetic involving pointer and integer.</p>
11184 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11185 height="14" align="left">
11187 <td valign="top" align="left" height="14" style=
11188 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11189 <p class="TextFontCX" align="center" style=
11190 'text-align:center;background:#CCCCCC'><span style=
11191 'font-size:10.0pt'>m:</span> <span class=
11192 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
11193 <p class="TextFontCX"><span class="Flag"><span style=
11194 'font-size:10.0pt'>
11197 <p class="IndentText">
11198 Pointer arithmetic using a possibly null pointer and integer.
11203 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11204 height="14" align="left">
11206 <td valign="top" align="left" height="14" style=
11207 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11208 <p class="TextFontCX" align="center" style=
11209 'text-align:center;background:#CCCCCC'><span style=
11210 'font-size:10.0pt'>m:</span> <span class=
11211 "Keyword"><span style='font-size:10.0pt'>++--</span></span></p></td></tr></table></div>
11212 <p class="TextFontCX"><span class="Flag"><span style=
11213 'font-size:10.0pt'>
11216 <p class="IndentText">
11217 The operand of a boolean operator is not a boolean. Use +ptrnegate to allow ! to be used on pointers.
11220 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11221 height="14" align="left">
11223 <td valign="top" align="left" height="14" style=
11224 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11225 <p class="TextFontCX" align="center" style=
11226 'text-align:center;background:#CCCCCC'><span style=
11227 'font-size:10.0pt'>m:</span><span class=
11228 "Keyword"><span style='font-size:10.0pt'>++--</span></span></p></td></tr></table></div>
11229 <p class="TextFontCX"><span class="Flag"><span style=
11230 'font-size:10.0pt'>ptr-negate</span></span></p>
11231 <p class="IndentText">Allow the operand of the <span class=
11232 "CodeText"><span style='font-size:10.0pt'>!</span></span> operator
11233 to be a pointer.</p>
11235 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11236 height="14" align="left">
11238 <td valign="top" align="left" height="14" style=
11239 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11240 <p class="TextFontCX" align="center" style=
11241 'text-align:center;background:#CCCCCC'><span style=
11242 'font-size:10.0pt'>m:</span><span class=
11243 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
11244 <p class="TextFontCX"><span class="Flag"><span style=
11245 'font-size:10.0pt'>bitwise-signed</span></span><span class=
11246 "Flag"><span style='font-size:10.0pt'> </span></span></p>
11247 <p class="IndentText">An operand to a bitwise operator is not an
11248 unsigned value. This may have unexpected results depending on the
11249 signed representations.</p>
11253 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11254 height="14" align="left">
11256 <td valign="top" align="left" height="14" style=
11257 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11258 <p class="TextFontCX" align="center" style=
11259 'text-align:center;background:#CCCCCC'><span style=
11260 'font-size:10.0pt'>m:</span> <span class=
11261 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
11262 <p class="TextFontCX"><span class="Flag"><span style=
11263 'font-size:10.0pt'>
11264 shiftimplementation
11266 <p class="IndentText">
11267 The left operand to a shift operator may be negative (behavior is implementation-defined).
11272 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11273 height="14" align="left">
11275 <td valign="top" align="left" height="14" style=
11276 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11277 <p class="TextFontCX" align="center" style=
11278 'text-align:center;background:#CCCCCC'><span style=
11279 'font-size:10.0pt'>m:</span> <span class=
11280 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
11281 <p class="TextFontCX"><span class="Flag"><span style=
11282 'font-size:10.0pt'>
11285 <p class="IndentText">
11286 The right operand to a shift operator may be negative (behavior undefined).
11290 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11291 height="14" align="left">
11293 <td valign="top" align="left" height="14" style=
11294 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11295 <p class="TextFontCX" align="center" style=
11296 'text-align:center;background:#CCCCCC'><span style=
11297 'font-size:10.0pt'>m:</span><span class=
11298 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
11299 <p class="TextFontCX"><span class="Flag"><span style=
11300 'font-size:10.0pt'>shift-signed</span></span></p>
11301 <p class="IndentText">The left operand to a shift operator is not
11302 an unsigned value.</p>
11304 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11305 height="14" align="left">
11307 <td valign="top" align="left" height="14" style=
11308 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11309 <p class="TextFontCX" align="center" style=
11310 'text-align:center;background:#CCCCCC'><span style=
11311 'font-size:10.0pt'>m:</span><span class=
11312 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
11313 <p class="TextFontCX"><span class="Flag"><span style=
11314 'font-size:10.0pt'>strict-ops</span></span></p>
11315 <p class="IndentText">Primitive operation does not type check
11318 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11319 height="14" align="left">
11321 <td valign="top" align="left" height="14" style=
11322 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11323 <p class="TextFontCX" align="center" style=
11324 'text-align:center;background:#CCCCCC'><span style=
11325 'font-size:10.0pt'>m:</span><span class=
11326 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
11327 <p class="TextFontCX"><span class="Flag"><span style=
11328 'font-size:10.0pt'>sizeof-type</span></span></p>
11329 <p class="IndentText">Operand of <span class=
11330 "CodeText"><span style='font-size:10.0pt'>sizeof</span></span>
11331 operator is a type. (Safer to use <span class=
11332 "CodeText"><span style='font-size:10.0pt'>int *x = sizeof
11333 (*x);</span></span> instead of <span class=
11334 "CodeText"><span style='font-size:10.0pt'>sizeof
11335 (int)</span></span>.)</p>
11336 <p class="Heading10">Array Formal Parameters</p>
11337 <p class="TextFontCX">These flags control reporting of common
11338 errors caused by confusion about the semantics of array formal
11340 <p class="TextFontCX"> </p>
11342 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11343 height="14" align="left">
11345 <td valign="top" align="left" height="14" style=
11346 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11347 <p class="TextFontCX" align="center" style=
11348 'text-align:center;background:#CCCCCC'><span style=
11349 'font-size:10.0pt'>P:</span> <span class=
11350 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
11351 <p class="TextFontCX"><span class="Flag"><span style=
11352 'font-size:10.0pt'>sizeof-formal-array</span></span></p>
11353 <p class="IndentText">The <span class="CodeText"><span style=
11354 'font-size:10.0pt'>sizeof</span></span> operator is used on a
11355 parameter declared as an array. (In many instances this has
11356 unexpected behavior, since the result is the size of a pointer to
11357 the element type, not the number of elements in the array.)</p>
11358 <p class="IndentText"> </p>
11360 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11361 height="14" align="left">
11363 <td valign="top" align="left" height="14" style=
11364 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11365 <p class="TextFontCX" align="center" style=
11366 'text-align:center;background:#CCCCCC'><span style=
11367 'font-size:10.0pt'>P:</span> <span class=
11368 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
11369 <p class="TextFontCX"><span class="Flag"><span style=
11370 'font-size:10.0pt'>fixed-formal-array</span></span></p>
11371 <p class="IndentText">An array formal parameter is declared with a
11372 fixed size (e.g., <span class="CodeText"><span style=
11373 'font-size:10.0pt'>int x[20]</span></span>). This is likely
11374 to be confusing, since the size is ignored.</p>
11376 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11377 height="14" align="left">
11379 <td valign="top" align="left" height="14" style=
11380 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11381 <p class="TextFontCX" align="center" style=
11382 'text-align:center;background:#CCCCCC'><span style=
11383 'font-size:10.0pt'>P:</span> <span class=
11384 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
11385 <p class="TextFontCX"><span class="Flag"><span style=
11386 'font-size:10.0pt'>formal-array</span></span></p>
11387 <p class="IndentText">A formal parameter is declared as an
11388 array. This is probably not a problem, but can be confusing
11389 since it is treated as a pointer. </p>
11390 <p class="Heading10">Format Codes</p>
11392 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11393 height="14" align="left">
11395 <td valign="top" align="left" height="14" style=
11396 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11397 <p class="TextFontCX" align="center" style=
11398 'text-align:center;background:#CCCCCC'><span style=
11399 'font-size:10.0pt'>P:</span> <span class=
11400 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
11401 <p class="TextFontCX"><span class="Flag"><span style=
11402 'font-size:10.0pt'>format-code</span></span></p>
11403 <p class="IndentText">Invalid format code in format string for
11404 <span class="Annot"><span style=
11405 'font-size:10.0pt'>printflike</span></span> or <span class=
11406 "Annot"><span style='font-size:10.0pt'>scanflike</span></span>
11409 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11410 height="14" align="left">
11412 <td valign="top" align="left" height="14" style=
11413 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11414 <p class="TextFontCX" align="center" style=
11415 'text-align:center;background:#CCCCCC'><span style=
11416 'font-size:10.0pt'>P:</span> <span class=
11417 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
11418 <p class="TextFontCX"><span class="Flag"><span style=
11419 'font-size:10.0pt'>format-type</span></span></p>
11420 <p class="IndentText">Type-mismatch in parameter corresponding to
11421 format code in a <span class="Annot"><span style=
11422 'font-size:10.0pt'>printflike</span></span> or <span class=
11423 "Annot"><span style='font-size:10.0pt'>scanflike</span></span>
11427 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11428 height="14" align="left">
11430 <td valign="top" align="left" height="14" style=
11431 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11432 <p class="TextFontCX" align="center" style=
11433 'text-align:center;background:#CCCCCC'><span style=
11434 'font-size:10.0pt'>P:</span> <span class=
11435 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
11436 <p class="TextFontCX"><span class="Flag"><span style=
11437 'font-size:10.0pt'>format-const</span></span></p>
11438 <p class="IndentText">Format parameter is not known at compile-time. This can lead to security vulnerabilities because the arguments cannot be type checked.</p>
11440 <p class="Heading10">Main</p>
11442 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11443 height="14" align="left">
11445 <td valign="top" align="left" height="14" style=
11446 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11447 <p class="TextFontCX" align="center" style=
11448 'text-align:center;background:#CCCCCC'><span style=
11449 'font-size:10.0pt'>P:</span> <span class=
11450 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
11451 <p class="TextFontCX"><span class="Flag"><span style=
11452 'font-size:10.0pt'>main-type</span></span></p>
11453 <p class="IndentText">Type of <span class=
11454 "CodeText"><span style='font-size:10.0pt'>main</span></span>
11455 does not match expected type (function returning an
11456 <span class="CodeText"><span style=
11457 'font-size:10.0pt'>int</span></span>, taking no parameters or
11458 two parameters of type <span class="CodeText"><span style=
11459 'font-size:10.0pt'>int</span></span> and <span class=
11460 "CodeText"><span style='font-size:10.0pt'>char
11461 **</span></span>.)</p>
11462 <p class="Heading10">Comparisons</p>
11464 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11465 height="14" align="left">
11467 <td valign="top" align="left" height="14" style=
11468 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11469 <p class="TextFontCX" align="center" style=
11470 'text-align:center;background:#CCCCCC'><a name=
11471 "boolcompare"></a><a name="boolprose"><span style=
11472 'font-size:10.0pt'>m:</span></a><span class=
11473 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
11474 <p class="TextFontCX"><span class="Flag"><span style=
11475 'font-size:10.0pt'>bool-compare</span></span></p>
11476 <p class="IndentText">Comparison between Boolean values. This
11477 is dangerous since there may be multiple true values as any
11478 non-zero value is interpreted as true.</p>
11480 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11481 height="14" align="left">
11483 <td valign="top" align="left" height="14" style=
11484 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11485 <p class="TextFontCX" align="center" style=
11486 'text-align:center;background:#CCCCCC'><span style=
11487 'font-size:10.0pt'>m:</span><span class=
11488 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
11489 <p class="TextFontCX"><span class="Flag"><span style=
11490 'font-size:10.0pt'>real-compare</span></span></p>
11491 <p class="IndentText">Comparison involving <span class=
11492 "CodeText"><span style='font-size:10.0pt'>float</span></span> or
11493 <span class="CodeText"><span style=
11494 'font-size:10.0pt'>double</span></span> values. This is
11495 dangerous since it may produce unexpected results because floating
11496 point representations are inexact.</p>
11498 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11499 height="14" align="left">
11501 <td valign="top" align="left" height="14" style=
11502 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11503 <p class="TextFontCX" align="center" style=
11504 'text-align:center;background:#CCCCCC'><span style=
11505 'font-size:10.0pt'>m:</span><span class=
11506 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
11507 <p class="TextFontCX"><span class="Flag"><span style=
11508 'font-size:10.0pt'>ptr-compare</span></span></p>
11509 <p class="IndentText">Comparison between pointer and number.</p>
11512 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11513 height="14" align="left">
11515 <td valign="top" align="left" height="14" style=
11516 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11517 <p class="TextFontCX" align="center" style=
11518 'text-align:center;background:#CCCCCC'><span style=
11519 'font-size:10.0pt'>m:</span><span class=
11520 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
11521 <p class="TextFontCX"><span class="Flag"><span style=
11522 'font-size:10.0pt'>unsigned-compare</span></span></p>
11523 <p class="IndentText">
11524 An unsigned value is used in a comparison with zero in a way that is either a bug or confusing.
11527 <p class="Heading10">Type Equivalence</p>
11529 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11530 height="14" align="left">
11532 <td valign="top" align="left" height="14" style=
11533 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11534 <p class="TextFontCX" align="center" style=
11535 'text-align:center;background:#CCCCCC'><a name=
11536 "globs"></a><span style=
11537 'font-size:10.0pt'>m:</span><span class="Keyword"><span style='font-size: 10.0pt'>
11538 +---</span></span></p></td></tr></table></div>
11539 <p class="TextFontCX"><span class="Flag"><span style=
11540 'font-size:10.0pt'>void-abstract</span></span></p>
11541 <p class="IndentText">Allow <span class=
11542 "CodeText"><span style='font-size:10.0pt'>void
11543 *</span></span> to match pointers to abstract types.
11544 (Casting a pointer to an abstract type to a pointer to
11545 <span class="CodeText"><span style=
11546 'font-size:10.0pt'>void</span></span> is okay if <span class=
11547 "Flag"><span style=
11548 'font-size:10.0pt'>+void-abstract</span></span> is set.)</p>
11550 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11551 height="14" align="left">
11553 <td valign="top" align="left" height="14" style=
11554 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11555 <p class="TextFontCX" align="center" style=
11556 'text-align:center;background:#CCCCCC'><span style=
11557 'font-size:10.0pt'>P: +</span></p></td></tr></table></div>
11558 <p class="TextFontCX"><span class="Flag"><span style=
11559 'font-size:10.0pt'>cast-fcn-ptr</span></span></p>
11560 <p class="IndentText"> A pointer to a function is cast to (or
11561 used as) a pointer to void (or vice versa).</p>
11563 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11564 height="14" align="left">
11566 <td valign="top" align="left" height="14" style=
11567 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11568 <p class="TextFontCX" align="center" style=
11569 'text-align:center;background:#CCCCCC'><span style=
11570 'font-size:10.0pt'>m:</span><span class=
11571 "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div>
11572 <p class="TextFontCX"><span class="Flag"><span style=
11573 'font-size:10.0pt'>forward-decl</span></span></p>
11574 <p class="IndentText">Forward declarations of pointers to abstract
11575 representation match abstract type.</p>
11577 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11578 height="14" align="left">
11580 <td valign="top" align="left" height="14" style=
11581 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11582 <p class="TextFontCX" align="center" style=
11583 'text-align:center;background:#CCCCCC'><span style=
11584 'font-size:10.0pt'>m:</span><span class=
11585 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
11586 <p class="TextFontCX"><span class="Flag"><span style=
11587 'font-size:10.0pt'>imp-type</span></span></p>
11588 <p class="IndentText">A variable declaration has no explicit
11589 type. The type is implicitly int.</p>
11591 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11592 height="14" align="left">
11594 <td valign="top" align="left" height="14" style=
11595 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11596 <p class="TextFontCX" align="center" style=
11597 'text-align:center;background:#CCCCCC'><span style=
11598 'font-size:10.0pt'>P:</span> <span class=
11599 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
11600 <p class="TextFontCX"><span class="Flag"><span style=
11601 'font-size:10.0pt'>incomplete-type</span></span></p>
11602 <p class="IndentText">A formal parameter is declared with an
11603 incomplete type (e.g., <span class="Keyword"><span style=
11604 'font-size:10.0pt'>int[][]</span></span>).</p>
11606 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11607 height="14" align="left">
11609 <td valign="top" align="left" height="14" style=
11610 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11611 <p class="TextFontCX" align="center" style=
11612 'text-align:center;background:#CCCCCC'><span style=
11613 'font-size:10.0pt'>m:</span><span class=
11614 "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div>
11615 <p class="TextFontCX"><span class="Flag"><span style=
11616 'font-size:10.0pt'>char-index</span></span></p>
11617 <p class="IndentText">Allow <span class=
11618 "CodeText"><span style='font-size:10.0pt'>char</span></span>
11619 to index arrays.</p>
11621 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11622 height="14" align="left">
11624 <td valign="top" align="left" height="14" style=
11625 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11626 <p class="TextFontCX" align="center" style=
11627 'text-align:center;background:#CCCCCC'><span style=
11628 'font-size:10.0pt'>m:</span><span class=
11629 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
11630 <p class="TextFontCX"><span class="Flag"><span style=
11631 'font-size:10.0pt'>enum-index</span></span></p>
11632 <p class="IndentText">Allow members of <span class=
11633 "CodeText"><span style='font-size:10.0pt'>enum</span></span>type to
11636 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11637 height="14" align="left">
11639 <td valign="top" align="left" height="14" style=
11640 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11641 <p class="TextFontCX" align="center" style=
11642 'text-align:center;background:#CCCCCC'><span style=
11643 'font-size:10.0pt'>m:</span><span class=
11644 "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div>
11645 <p class="TextFontCX"><span class="Flag"><span style=
11646 'font-size:10.0pt'>bool-int</span></span></p>
11647 <p class="IndentText">Make <span class=
11648 "CodeText"><span style='font-size:10.0pt'>bool</span></span>
11649 and <span class="CodeText"><span style=
11650 'font-size:10.0pt'>int</span></span> are equivalent.
11651 (No type errors are reported when a Boolean is used where an
11652 integral type is expected and vice versa.)</p>
11654 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11655 height="14" align="left">
11657 <td valign="top" align="left" height="14" style=
11658 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11659 <p class="TextFontCX" align="center" style=
11660 'text-align:center;background:#CCCCCC'><span style=
11661 'font-size:10.0pt'>m:</span><span class=
11662 "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div>
11663 <p class="TextFontCX"><span class="Flag"><span style=
11664 'font-size:10.0pt'>char-int</span></span></p>
11665 <p class="IndentText">Make <span class=
11666 "CodeText"><span style='font-size:10.0pt'>char</span></span>
11667 and <span class="CodeText"><span style=
11668 'font-size:10.0pt'>int</span></span> types equivalent</p>
11671 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11672 height="14" align="left">
11674 <td valign="top" align="left" height="14" style=
11675 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11676 <p class="TextFontCX" align="center" style=
11677 'text-align:center;background:#CCCCCC'><span style=
11678 'font-size:10.0pt'>m:</span><span class=
11679 "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div>
11680 <p class="TextFontCX"><span class="Flag"><span style=
11681 'font-size:10.0pt'>charunsignedchar</span></span></p>
11682 <p class="IndentText">To allow <span class=
11683 "CodeText"><span style='font-size:10.0pt'>char</span></span>
11684 and <span class="CodeText"><span style=
11685 'font-size:10.0pt'>unsigned char</span></span> types to match use
11686 <span class="Flag"><span style=
11687 'font-size:10.0pt'>+charunsignedchar</span></span>
11691 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11692 height="14" align="left">
11694 <td valign="top" align="left" height="14" style=
11695 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11696 <p class="TextFontCX" align="center" style=
11697 'text-align:center;background:#CCCCCC'><span style=
11698 'font-size:10.0pt'>m:</span><span class=
11699 "Keyword"><span style='font-size:10.0pt'>++--</span></span></p></td></tr></table></div>
11700 <p class="TextFontCX"><span class="Flag"><span style=
11701 'font-size:10.0pt'>enum-int</span></span></p>
11702 <p class="IndentText">Make <span class=
11703 "CodeText"><span style='font-size:10.0pt'>enum</span></span>
11704 and <span class="CodeText"><span style=
11705 'font-size:10.0pt'>int</span></span> types equivalent</p>
11707 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11708 height="14" align="left">
11710 <td valign="top" align="left" height="14" style=
11711 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11712 <p class="TextFontCX" align="center" style=
11713 'text-align:center;background:#CCCCCC'><span style=
11714 'font-size:10.0pt'>m:</span><span class=
11715 "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div>
11716 <p class="TextFontCX"><span class="Flag"><span style=
11717 'font-size:10.0pt'>float-double</span></span></p>
11718 <p class="IndentText">Make <span class=
11719 "CodeText"><span style='font-size:10.0pt'>float</span></span>
11720 and <span class="CodeText"><span style=
11721 'font-size:10.0pt'>double</span></span> types equivalent</p>
11723 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11724 height="14" align="left">
11726 <td valign="top" align="left" height="14" style=
11727 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11728 <p class="TextFontCX" align="center" style=
11729 'text-align:center;background:#CCCCCC'><span style=
11730 'font-size:10.0pt'>m:</span><span class=
11731 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
11732 <p class="TextFontCX"><span class="Flag"><span style=
11733 'font-size:10.0pt'>ignore-quals</span></span></p>
11734 <p class="IndentText">Ignore type qualifiers (<span class=
11735 "CodeText"><span style='font-size:10.0pt'>long</span></span>,
11736 <span class="CodeText"><span style=
11737 'font-size:10.0pt'>short</span></span>, <span class=
11738 "CodeText"><span style=
11739 'font-size:10.0pt'>unsigned</span></span>).</p>
11741 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11742 height="14" align="left">
11744 <td valign="top" align="left" height="14" style=
11745 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11746 <p class="TextFontCX" align="center" style=
11747 'text-align:center;background:#CCCCCC'><span style=
11748 'font-size:10.0pt'>m:</span><span class=
11749 "Keyword"><span style='font-size:10.0pt'>++--</span></span></p></td></tr></table></div>
11750 <p class="TextFontCX"><span class="Flag"><span style=
11751 'font-size:10.0pt'>relax-quals</span></span></p>
11752 <p class="IndentText">Report qualifier mismatches only if dangerous
11753 (information may be lost since a larger type is assigned to (or
11754 passed as) a smaller one or a comparison uses <span class=
11755 "CodeText"><span style='font-size:10.0pt'>signed</span></span> and
11756 <span class="CodeText"><span style=
11757 'font-size:10.0pt'>unsigned</span></span> values.)</p>
11759 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11760 height="14" align="left">
11762 <td valign="top" align="left" height="14" style=
11763 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11764 <p class="TextFontCX" align="center" style=
11765 'text-align:center;background:#CCCCCC'><span style=
11766 'font-size:10.0pt'>m:</span><span class=
11767 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
11768 <p class="TextFontCX"><span class="Flag"><span style=
11769 'font-size:10.0pt'>ignore-signs</span></span></p>
11770 <p class="IndentText">Ignore signs in type comparisons
11771 (<span class="CodeText"><span style=
11772 'font-size:10.0pt'>unsigned</span></span> matches
11773 <span class="CodeText"><span style=
11774 'font-size:10.0pt'>signed</span></span>).</p>
11775 <p class="IndentText"> </p>
11777 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11778 height="14" align="left">
11780 <td valign="top" align="left" height="14" style=
11781 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11782 <p class="TextFontCX" align="center" style=
11783 'text-align:center;background:#CCCCCC'><span style=
11784 'font-size:10.0pt'>P:</span> <span class=
11785 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
11786 <p class="TextFontCX"><span class="Flag"><span style=
11787 'font-size:10.0pt'>long-integral</span></span></p>
11788 <p class="IndentText">Allow long type to match an arbitrary
11789 integral type (e.g., <span class="CodeText"><span style=
11790 'font-size:10.0pt'>dev_t</span></span>).</p>
11792 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11793 height="14" align="left">
11795 <td valign="top" align="left" height="14" style=
11796 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11797 <p class="TextFontCX" align="center" style=
11798 'text-align:center;background:#CCCCCC'><span style=
11799 'font-size:10.0pt'>m:</span><span class=
11800 "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div>
11801 <p class="TextFontCX"><span class="Flag"><span style=
11802 'font-size:10.0pt'>long-unsigned-integral</span></span></p>
11803 <p class="IndentText">Allow unsigned long type to match an
11804 arbitrary integral type (e.g., <span class=
11805 "CodeText"><span style='font-size:10.0pt'>dev_t</span></span>).</p>
11807 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11808 height="14" align="left">
11810 <td valign="top" align="left" height="14" style=
11811 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11812 <p class="TextFontCX" align="center" style=
11813 'text-align:center;background:#CCCCCC'><span style=
11814 'font-size:10.0pt'>P:</span> <span class=
11815 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
11816 <p class="TextFontCX"><span class="Flag"><span style=
11817 'font-size:10.0pt'>match-any-integral</span></span></p>
11818 <p class="IndentText">Allow any integral type to match an
11821 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11822 height="14" align="left">
11824 <td valign="top" align="left" height="14" style=
11825 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11826 <p class="TextFontCX" align="center" style=
11827 'text-align:center;background:#CCCCCC'><span style=
11828 'font-size:10.0pt'>P:</span> <span class=
11829 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
11830 <p class="TextFontCX"><span class="Flag"><span style=
11831 'font-size:10.0pt'>long-unsigned-unsigned-integral</span></span></p>
11832 <p class="IndentText">Allow unsigned long type to match an
11833 arbitrary unsigned integral type (e.g., <span class=
11834 "CodeText"><span style=
11835 'font-size:10.0pt'>size_t</span></span>).</p>
11837 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11838 height="14" align="left">
11840 <td valign="top" align="left" height="14" style=
11841 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11842 <p class="TextFontCX" align="center" style=
11843 'text-align:center;background:#CCCCCC'><span style=
11844 'font-size:10.0pt'>m:</span><span class=
11845 "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div>
11846 <p class="TextFontCX"><span class="Flag"><span style=
11847 'font-size:10.0pt'>long-signed-integral</span></span></p>
11848 <p class="IndentText">Allow long type to match an arbitrary signed
11849 integral type (e.g., <span class="CodeText"><span style=
11850 'font-size:10.0pt'>ssize_t</span></span>).</p>
11851 <p class="TextFontCX"><span class="Flag"><span style=
11852 'font-size:10.0pt'> </span></span></p>
11854 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11855 height="14" align="left">
11857 <td valign="top" align="left" height="14" style=
11858 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11859 <p class="TextFontCX" align="center" style=
11860 'text-align:center;background:#CCCCCC'><span style=
11861 'font-size:10.0pt'>P:</span> <span class=
11862 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
11863 <p class="TextFontCX"><span class="Flag"><span style=
11864 'font-size:10.0pt'>num-literal</span></span></p>
11865 <p class="IndentText">Integer literals can be used as floats.</p>
11867 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11868 height="14" align="left">
11870 <td valign="top" align="left" height="14" style=
11871 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11872 <p class="TextFontCX" align="center" style=
11873 'text-align:center;background:#CCCCCC'><span style=
11874 'font-size:10.0pt'>P:</span> <span class=
11875 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
11876 <p class="TextFontCX"><span class="Flag"><span style=
11877 'font-size:10.0pt'>char-int-literal</span></span></p>
11878 <p class="IndentText">A character constant may be used as an
11879 <span class="CodeText"><span style=
11880 'font-size:10.0pt'>int</span></span>.</p>
11882 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11883 height="14" align="left">
11885 <td valign="top" align="left" height="14" style=
11886 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11887 <p class="TextFontCX" align="center" style=
11888 'text-align:center;background:#CCCCCC'><span style=
11889 'font-size:10.0pt'>P:</span> <span class=
11890 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
11891 <p class="TextFontCX"><span class="Flag"><span style=
11892 'font-size:10.0pt'>zero-ptr</span></span></p>
11893 <p class="IndentText">Literal <span class=
11894 "CodeText"><span style='font-size:10.0pt'>0</span></span> may
11895 be used as a pointer.</p>
11897 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11898 height="14" align="left">
11900 <td valign="top" align="left" height="14" style=
11901 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11902 <p class="TextFontCX" align="center" style=
11903 'text-align:center;background:#CCCCCC'><span style=
11904 'font-size:10.0pt'>P:</span> <span class=
11905 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
11906 <p class="TextFontCX"><span class="Flag"><span style=
11907 'font-size:10.0pt'>zero-bool</span></span></p>
11908 <p class="IndentText">Treat <span class=
11909 "CodeText"><span style='font-size:10.0pt'>0</span></span> as a boolean.
11912 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11913 height="14" align="left">
11915 <td valign="top" align="left" height="14" style=
11916 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11917 <p class="TextFontCX" align="center" style=
11918 'text-align:center;background:#CCCCCC'><span style=
11919 'font-size:10.0pt'>P:</span> <span class=
11920 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
11921 <p class="TextFontCX"><span class="Flag"><span style=
11922 'font-size:10.0pt'>relax-types</span></span></p>
11923 <p class="IndentText">Allow all numeric types to match.</p>
11927 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11928 height="14" align="left">
11930 <td valign="top" align="left" height="14" style=
11931 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11932 <p class="TextFontCX" align="center" style=
11933 'text-align:center;background:#CCCCCC'><span style=
11934 'font-size:10.0pt'>m:</span> <span class=
11935 "Keyword"><span style='font-size:10.0pt'>+---</span></span></p></td></tr></table></div>
11936 <p class="TextFontCX"><span class="Flag"><span style=
11937 'font-size:10.0pt'>shortint</span></span></p>
11938 <p class="IndentText">
11939 Make short int and int types equivalent.
11941 <p class="Heading10"><a name="_Toc534975052">Abstract Types</a>
11942 <span class="TextFontCXChar"><span style=
11943 'font-size:11.0pt; font-weight:normal'>(Section</span></span>
11944 <span class="TextFontCXChar"><span style=
11945 'font-size:11.0pt; font-weight:normal'>4.3</span></span><span class="TextFontCXChar">
11947 'font-size:11.0pt; font-weight:normal'>)</span></span></p>
11952 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11953 height="14" align="left">
11955 <td valign="top" align="left" height="14" style=
11956 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11957 <p class="TextFontCX" align="center" style=
11958 'text-align:center;background:#CCCCCC'><span style=
11959 'font-size:10.0pt'>P:</span> <span class=
11960 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
11961 <p class="TextFontCX"><span class="Flag"><span style=
11962 'font-size:10.0pt'>abstract</span></span></p>
11963 <p class="IndentText">A data abstraction barrier is violated</p>
11965 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11966 height="14" align="left">
11968 <td valign="top" align="left" height="14" style=
11969 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11970 <p class="TextFontCX" align="center" style=
11971 'text-align:center;background:#CCCCCC'><span style=
11972 'font-size:10.0pt'>P:</span> <span class="Flag"><span style=
11973 'font-size:10.0pt'>-</span></span></p></td></tr></table></div>
11974 <p class="TextFontCX"><span class="Flag"><span style=
11975 'font-size:10.0pt'>imp-abstract</span></span></p>
11976 <p class="IndentText">Implicit <span class=
11977 "Annot"><span style='font-size:10.0pt'>abstract</span></span>
11978 annotation for type declarations that do not use <span class=
11979 "Annot"><span style=
11980 'font-size:10.0pt'>concrete</span></span>.</p>
11982 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
11983 height="14" align="left">
11985 <td valign="top" align="left" height="14" style=
11986 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
11987 <p class="TextFontCX" align="center" style=
11988 'text-align:center;background:#CCCCCC'><span style=
11989 'font-size:10.0pt'>m:</span><span class="Flag"><span style=
11990 'font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
11991 <p class="TextFontCX"><span class="Flag"><span style=
11992 'font-size:10.0pt'>mut-rep</span></span></p>
11993 <p class="IndentText">Representation of mutable type has sharing
11995 <p class="Heading10">Access <span class=
11996 "TextFontCXChar"><span style=
11997 'font-size:11.0pt; font-weight:normal'>(Section
11998 4.3.1)</span></span></p>
12000 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12001 height="14" align="left">
12003 <td valign="top" align="left" height="14" style=
12004 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12005 <p class="TextFontCX" align="center" style=
12006 'text-align:center;background:#CCCCCC'><span style=
12007 'font-size:10.0pt'>P: +</span></p></td></tr></table></div>
12008 <p class="TextFontCX"><span class="Flag"><span style=
12009 'font-size:10.0pt'>access-module</span></span></p>
12010 <p class="IndentText">An abstract type defined in
12011 <span class="ProgramNameChar"><i>M</i></span><span class=
12012 "ProgramNameChar">.h</span> (or specified in <span class=
12013 "ProgramNameChar"><i>M</i></span><span class=
12014 "ProgramNameChar">.lcl</span>) is accessible in <span class=
12015 "ProgramNameChar"><i>M</i></span><span class=
12016 "ProgramNameChar">.c</span>.</p>
12018 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12019 height="14" align="left">
12021 <td valign="top" align="left" height="14" style=
12022 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12023 <p class="TextFontCX" align="center" style=
12024 'text-align:center;background:#CCCCCC'><span style=
12025 'font-size:10.0pt'>P:</span> <span class=
12026 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
12027 <p class="TextFontCX"><span class="Flag"><span style=
12028 'font-size:10.0pt'>access-file</span></span></p>
12029 <p class="IndentText">An abstract type named <span class=
12030 "CodeText"><i><span style='font-size:10.0pt'>type</span></i></span>
12031 is accessible in files named <span class=
12032 "ProgramNameChar"><i>type</i></span><span class=
12033 "ProgramNameChar">.*</span></p>
12035 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12036 height="14" align="left">
12038 <td valign="top" align="left" height="14" style=
12039 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12040 <p class="TextFontCX" align="center" style=
12041 'text-align:center;background:#CCCCCC'><span style=
12042 'font-size:10.0pt'>P:</span> <span class=
12043 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
12044 <p class="MsoListBullet"><span class="Flag"><span style=
12045 'font-size:10.0pt'>access-czech</span></span></p>
12046 <p class="IndentText">An abstract type named <span class=
12047 "CodeText"><i><span style='font-size:10.0pt'>type</span></i></span>
12048 may be accessible in a function named <span class=
12049 "CodeText"><i><span style=
12050 'font-size:10.0pt'>type_name</span></i></span>. (Section
12053 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12054 height="14" align="left">
12056 <td valign="top" align="left" height="14" style=
12057 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12058 <p class="TextFontCX" align="center" style=
12059 'text-align:center;background:#CCCCCC'><span style=
12060 'font-size:10.0pt'>P:</span> <span class=
12061 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
12062 <p class="MsoListBullet"><span class="Flag"><span style=
12063 'font-size:10.0pt'>access-slovak</span></span></p>
12064 <p class="IndentText">An abstract type named <span class=
12065 "CodeText"><i><span style='font-size:10.0pt'>type</span></i></span>
12066 may be accessible in a function named <span class=
12067 "CodeText"><i><span style=
12068 'font-size:10.0pt'>typeName</span></i></span>.
12069 (Section.12.1.2)</p>
12071 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12072 height="14" align="left">
12074 <td valign="top" align="left" height="14" style=
12075 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12076 <p class="TextFontCX" align="center" style=
12077 'text-align:center;background:#CCCCCC'><span style=
12078 'font-size:10.0pt'>P:</span> <span class=
12079 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
12080 <p class="MsoListBullet"><span class="Flag"><span style=
12081 'font-size:10.0pt'>access-czechoslovak</span></span></p>
12082 <p class="IndentText">An abstract type named <span class=
12083 "CodeText"><i><span style='font-size:10.0pt'>type</span></i></span>
12084 may be accessible in a function named <span class=
12085 "CodeText"><i><span style=
12086 'font-size:10.0pt'>type_name</span></i></span> or
12087 <span class="CodeText"><i><span style=
12088 'font-size:10.0pt'>typeName</span></i></span>. (Section
12091 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12092 height="14" align="left">
12094 <td valign="top" align="left" height="14" style=
12095 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12096 <p class="TextFontCX" align="center" style=
12097 'text-align:center;background:#CCCCCC'><span style=
12098 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
12099 <p class="TextFontCX"><span class="Flag"><span style=
12100 'font-size:10.0pt'>access-all</span></span></p>
12101 <p class="IndentText">Sets <span class="Flag"><span style=
12102 'font-size:10.0pt'>access-module</span></span>, <span class=
12103 "Flag"><span style='font-size:10.0pt'>access-file</span></span> and
12104 <span class="Flag"><span style=
12105 'font-size:10.0pt'>access-czech</span></span>.</p>
12106 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
12107 <a name="_Toc534975053">Memory Management</a> <span class=
12108 "TextFontCXChar"><span style=
12109 'font-size:11.0pt; font-weight:normal'>(Section</span></span>
12110 <span class="TextFontCXChar"><span style=
12111 'font-size:11.0pt; font-weight:normal'>5</span></span><span class="TextFontCXChar">
12113 'font-size:11.0pt; font-weight:normal'>)</span></span></p>
12114 <p class="TextFontCX">Reporting of memory management errors is
12115 controlled by flags setting checking and implicit annotations and
12116 code annotations. </p>
12117 <p class="Heading10">Deallocation Errors <span class=
12118 "TextFontCXChar"><span style=
12119 'font-size:11.0pt; font-weight:normal'>(Section
12120 5.2)</span></span></p>
12122 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12123 height="14" align="left">
12125 <td valign="top" align="left" height="14" style=
12126 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12127 <p class="TextFontCX" align="center" style=
12128 'text-align:center;background:#CCCCCC'><span style=
12129 'font-size:10.0pt'>m:</span><span class=
12130 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12131 <p class="TextFontCX"><span class="Flag"><span style=
12132 'font-size:10.0pt'>use-released</span></span></p>
12133 <p class="IndentText">Storage used after it may have been
12136 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12137 height="14" align="left">
12139 <td valign="top" align="left" height="14" style=
12140 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12141 <p class="TextFontCX" align="center" style=
12142 'text-align:center;background:#CCCCCC'><span style=
12143 'font-size:10.0pt'>m:</span><span class=
12144 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
12145 <p class="TextFontCX"><span class="Flag"><span style=
12146 'font-size:10.0pt'>strict-use-released</span></span></p>
12147 <p class="IndentText">An array element used after it may have been
12149 <p class="Heading10">Inconsistent Branches</p>
12151 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12152 height="14" align="left">
12154 <td valign="top" align="left" height="14" style=
12155 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12156 <p class="TextFontCX" align="center" style=
12157 'text-align:center;background:#CCCCCC'><span style=
12158 'font-size:10.0pt'>m:</span><span class=
12159 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12160 <p class="TextFontCX"><span class="Flag"><span style=
12161 'font-size:10.0pt'>branch-state</span></span></p>
12162 <p class="IndentText">Storage has inconsistent states of alternate
12163 paths through a branch (e.g., it is released in the true branch of
12164 an if-statement, but there is no else branch.)</p>
12166 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12167 height="14" align="left">
12169 <td valign="top" align="left" height="14" style=
12170 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12171 <p class="TextFontCX" align="center" style=
12172 'text-align:center;background:#CCCCCC'><span style=
12173 'font-size:10.0pt'>m:</span><span class=
12174 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
12175 <p class="TextFontCX"><span class="Flag"><span style=
12176 'font-size:10.0pt'>strict-branch-state</span></span></p>
12177 <p class="IndentText">Storage through array fetch has inconsistent
12178 states of alternate paths through a branch. Since array
12179 elements are not checked accurately, this may lead to spurious
12182 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12183 height="14" align="left">
12185 <td valign="top" align="left" height="14" style=
12186 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12187 <p class="TextFontCX" align="center" style=
12188 'text-align:center;background:#CCCCCC'><span style=
12189 'font-size:10.0pt'>m:</span><span class=
12190 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
12191 <p class="TextFontCX"><span class="Flag"><span style=
12192 'font-size:10.0pt'>dep-arrays</span></span></p>
12193 <p class="IndentText">Treat array elements as <span class=
12194 "Annot"><span style='font-size:10.0pt'>dependent</span></span>
12195 storage. Checking of array elements cannot be done accurately
12196 by Splint. If <span class="Flag"><span style=
12197 'font-size:10.0pt'>dep-arrays</span></span> is not set, array
12198 elements are assumed to be independent, so code that releases the
12199 same element more than once will produce no error. If
12200 <span class="Flag"><span style=
12201 'font-size:10.0pt'>dep-arrays</span></span> is set, array elements
12202 are assumed to be dependent, so code that releases the same element
12203 more that once will produce an error, but code that releases
12204 different elements correctly will produce a spurious error.</p>
12205 <p class="Heading10">Memory Leaks</p>
12207 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12208 height="14" align="left">
12210 <td valign="top" align="left" height="14" style=
12211 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12212 <p class="TextFontCX" align="center" style=
12213 'text-align:center;background:#CCCCCC'><span style=
12214 'font-size:10.0pt'>m:</span><span class=
12215 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12216 <p class="TextFontCX"><span class="Flag"><span style=
12217 'font-size:10.0pt'>must-free</span></span></p>
12218 <p class="IndentText">Allocated storage was not released before
12219 return or scope exit. Errors are reported for
12220 <span class="Annot"><span style=
12221 'font-size:10.0pt'>only</span></span>, <span class=
12222 "Annot"><span style='font-size:10.0pt'>fresh</span></span> or
12223 <span class="Annot"><span style=
12224 'font-size:10.0pt'>owned</span></span> storage.</p>
12228 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12229 height="14" align="left">
12231 <td valign="top" align="left" height="14" style=
12232 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12233 <p class="TextFontCX" align="center" style=
12234 'text-align:center;background:#CCCCCC'><span style=
12235 'font-size:10.0pt'>m:</span><span class=
12236 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12237 <p class="TextFontCX"><span class="Flag"><span style=
12238 'font-size:10.0pt'>mustfreefresh</span></span></p>
12239 <p class="IndentText">
12240 Allocated storage was not released before return or scope exit. Errors are reported for
12241 <span class="Annot"><span style='font-size:10.0pt'>fresh</span></span> storage
12246 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12247 height="14" align="left">
12249 <td valign="top" align="left" height="14" style=
12250 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12251 <p class="TextFontCX" align="center" style=
12252 'text-align:center;background:#CCCCCC'><span style=
12253 'font-size:10.0pt'>m:</span><span class=
12254 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12255 <p class="TextFontCX"><span class="Flag"><span style=
12256 'font-size:10.0pt'>mustfreeonly</span></span></p>
12257 <p class="IndentText">
12258 Allocated storage was not released before return or scope exit. Errors are reported for
12259 <span class="Annot"><span style='font-size:10.0pt'>only</span></span> storage
12263 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12264 height="14" align="left">
12266 <td valign="top" align="left" height="14" style=
12267 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12268 <p class="TextFontCX" align="center" style=
12269 'text-align:center;background:#CCCCCC'><span style=
12270 'font-size:10.0pt'>shortcut</span><span class=
12271 "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div>
12272 <p class="TextFontCX"><span class="Flag"><span style=
12273 'font-size:10.0pt'>memchecks</span></span></p>
12274 <p class="IndentText">
12275 Sets all dynamic memory checking flags
12277 "Flag"><span style='font-size:10.0pt'>memimplicit, mustfree, mustdefine, mustnotalias, null, memtrans</span> </span>).
12281 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12282 height="14" align="left">
12284 <td valign="top" align="left" height="14" style=
12285 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12286 <p class="TextFontCX" align="center" style=
12287 'text-align:center;background:#CCCCCC'><span style=
12288 'font-size:10.0pt'>m:</span><span class=
12289 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12290 <p class="TextFontCX"><span class="Flag"><span style=
12291 'font-size:10.0pt'>comp-destroy</span></span></p>
12292 <p class="IndentText">All only references derivable from
12293 <span class="Annot"><span style='font-size:10.0pt'>out
12294 only</span></span> parameter of type <span class=
12295 "CodeText"><span style='font-size:10.0pt'>void *</span></span> must
12296 be released. (This is the type of the parameter to
12297 <span class="CodeText"><span style=
12298 'font-size:10.0pt'>free</span></span>, but may also be used for
12299 user-defined deallocation functions.)</p>
12301 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12302 height="14" align="left">
12304 <td valign="top" align="left" height="14" style=
12305 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12306 <p class="TextFontCX" align="center" style=
12307 'text-align:center;background:#CCCCCC'><span style=
12308 'font-size:10.0pt'>m:</span><span class=
12309 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
12310 <p class="TextFontCX"><span class="Flag"><span style=
12311 'font-size:10.0pt'>strict-destroy</span></span></p>
12312 <p class="IndentText">Report complete destruction errors for array
12313 elements that may have been released. (If <span class=
12314 "Flag"><span style='font-size:10.0pt'>strict-destroy</span></span>
12315 is not set, Splint will assume that if any array element was
12316 released, the entire array was correctly released.)</p>
12317 <p class="Heading10">Transfer Errors</p>
12318 <p class="beforelist">A transfer error is reported when storage is
12319 transferred (by an assignment, passing a parameter, or returning)
12320 in a way that is inconsistent.</p>
12322 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12323 height="14" align="left">
12325 <td valign="top" align="left" height="14" style=
12326 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12327 <p class="TextFontCX" align="center" style=
12328 'text-align:center;background:#CCCCCC'><span style=
12329 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
12330 <p class="TextFontCX"><span class="Flag"><span style=
12331 'font-size:10.0pt'>mem-trans</span></span></p>
12332 <p class="IndentText">Sets all memory transfer errors flags.</p>
12334 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12335 height="14" align="left">
12337 <td valign="top" align="left" height="14" style=
12338 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12339 <p class="TextFontCX" align="center" style=
12340 'text-align:center;background:#CCCCCC'><span style=
12341 'font-size:10.0pt'>m:</span><span class=
12342 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12343 <p class="TextFontCX"><span class="Flag"><span style=
12344 'font-size:10.0pt'>only-trans</span></span></p>
12345 <p class="IndentText">Only storage transferred to non-only
12346 reference (memory leak).</p>
12348 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12349 height="14" align="left">
12351 <td valign="top" align="left" height="14" style=
12352 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12353 <p class="TextFontCX" align="center" style=
12354 'text-align:center;background:#CCCCCC'><span style=
12355 'font-size:10.0pt'>m:</span><span class=
12356 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12357 <p class="TextFontCX"><span class="Flag"><span style=
12358 'font-size:10.0pt'>ownedtrans</span></span></p>
12359 <p class="IndentText">Owned storage transferred to non-owned
12360 reference (memory leak).</p>
12362 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12363 height="14" align="left">
12365 <td valign="top" align="left" height="14" style=
12366 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12367 <p class="TextFontCX" align="center" style=
12368 'text-align:center;background:#CCCCCC'><span style=
12369 'font-size:10.0pt'>m:</span><span class=
12370 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12371 <p class="TextFontCX"><span class="Flag"><span style=
12372 'font-size:10.0pt'>fresh-trans</span></span></p>
12373 <p class="IndentText">Newly-allocated storage transferred to
12374 non-only reference (memory leak).</p>
12376 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12377 height="14" align="left">
12379 <td valign="top" align="left" height="14" style=
12380 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12381 <p class="TextFontCX" align="center" style=
12382 'text-align:center;background:#CCCCCC'><span style=
12383 'font-size:10.0pt'>m:</span><span class=
12384 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12385 <p class="TextFontCX"><span class="Flag"><span style=
12386 'font-size:10.0pt'>shared-trans</span></span></p>
12387 <p class="IndentText">Shared storage transferred to non-shared
12390 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12391 height="14" align="left">
12393 <td valign="top" align="left" height="14" style=
12394 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12395 <p class="TextFontCX" align="center" style=
12396 'text-align:center;background:#CCCCCC'><span style=
12397 'font-size:10.0pt'>m:</span><span class=
12398 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12399 <p class="TextFontCX"><span class="Flag"><span style=
12400 'font-size:10.0pt'>dependent-trans</span></span></p>
12401 <p class="IndentText">Inconsistent <span class=
12402 "Annot"><span style='font-size:10.0pt'>dependent</span></span>
12403 transfer. Dependent storage is transferred to a non-dependent
12406 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12407 height="14" align="left">
12409 <td valign="top" align="left" height="14" style=
12410 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12411 <p class="TextFontCX" align="center" style=
12412 'text-align:center;background:#CCCCCC'><span style=
12413 'font-size:10.0pt'>m:</span><span class=
12414 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12415 <p class="TextFontCX"><span class="Flag"><span style=
12416 'font-size:10.0pt'>temp-trans</span></span></p>
12417 <p class="IndentText">Temporary storage (associated with a
12418 <span class="Annot"><span style=
12419 'font-size:10.0pt'>temp</span></span> formal parameter) is
12420 transferred to a non-temporary reference. The storage may be
12421 released or new aliases created.</p>
12423 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12424 height="14" align="left">
12426 <td valign="top" align="left" height="14" style=
12427 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12428 <p class="TextFontCX" align="center" style=
12429 'text-align:center;background:#CCCCCC'><span style=
12430 'font-size:10.0pt'>m:</span><span class=
12431 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12432 <p class="TextFontCX"><span class="Flag"><span style=
12433 'font-size:10.0pt'>kept-trans</span></span></p>
12434 <p class="IndentText">Kept storage (storage what was passed as
12435 <span class="Annot"><span style=
12436 'font-size:10.0pt'>keep</span></span>) transferred to non-temporary
12439 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12440 height="14" align="left">
12442 <td valign="top" align="left" height="14" style=
12443 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12444 <p class="TextFontCX" align="center" style=
12445 'text-align:center;background:#CCCCCC'><span style=
12446 'font-size:10.0pt'>m:</span><span class=
12447 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12448 <p class="TextFontCX"><span class="Flag"><span style=
12449 'font-size:10.0pt'>keep-trans</span></span></p>
12450 <p class="IndentText">Keep storage is transferred in a way that may
12451 add a new alias to it, or release it.</p>
12453 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12454 height="14" align="left">
12456 <td valign="top" align="left" height="14" style=
12457 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12458 <p class="TextFontCX" align="center" style=
12459 'text-align:center;background:#CCCCCC'><span style=
12460 'font-size:10.0pt'>m:</span><span class=
12461 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12462 <p class="TextFontCX"><span class="Flag"><span style=
12463 'font-size:10.0pt'>refcount-trans</span></span></p>
12464 <p class="IndentText">Reference counted storage is transferred in
12465 an inconsistent way.</p>
12467 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12468 height="14" align="left">
12470 <td valign="top" align="left" height="14" style=
12471 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12472 <p class="TextFontCX" align="center" style=
12473 'text-align:center;background:#CCCCCC'><span style=
12474 'font-size:10.0pt'>m:</span><span class=
12475 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12476 <p class="TextFontCX"><span class="Flag"><span style=
12477 'font-size:10.0pt'>newref-trans</span></span></p>
12478 <p class="IndentText">A new reference transferred to a reference
12479 counted reference (reference count is not set correctly).</p>
12481 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12482 height="14" align="left">
12484 <td valign="top" align="left" height="14" style=
12485 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12486 <p class="TextFontCX" align="center" style=
12487 'text-align:center;background:#CCCCCC'><span style=
12488 'font-size:10.0pt'>m:</span><span class=
12489 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12490 <p class="TextFontCX"><span class="Flag"><span style=
12491 'font-size:10.0pt'>immediate-trans</span></span></p>
12492 <p class="IndentText">An immediate address (result of
12493 <span class="CodeText"><span style=
12494 'font-size:10.0pt'>&</span></span>) is transferred
12495 inconsistently.</p>
12497 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12498 height="14" align="left">
12500 <td valign="top" align="left" height="14" style=
12501 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12502 <p class="TextFontCX" align="center" style=
12503 'text-align:center;background:#CCCCCC'><span style=
12504 'font-size:10.0pt'>m:</span><span class=
12505 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12506 <p class="TextFontCX"><span class="Flag"><span style=
12507 'font-size:10.0pt'>static-trans</span></span></p>
12508 <p class="IndentText">Static storage is transferred in an
12509 inconsistent way.</p>
12511 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12512 height="14" align="left">
12514 <td valign="top" align="left" height="14" style=
12515 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12516 <p class="TextFontCX" align="center" style=
12517 'text-align:center;background:#CCCCCC'><span style=
12518 'font-size:10.0pt'>m:</span><span class=
12519 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12520 <p class="TextFontCX"><span class="Flag"><span style=
12521 'font-size:10.0pt'>expose-trans</span></span></p>
12522 <p class="IndentText">Inconsistent exposure transfer. Exposed
12523 storage is transferred to a non-<span class=
12524 "Annot"><span style='font-size:10.0pt'>exposed</span></span>,
12525 non-<span class="Annot"><span style=
12526 'font-size:10.0pt'>observer</span></span> reference.</p>
12528 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12529 height="14" align="left">
12531 <td valign="top" align="left" height="14" style=
12532 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12533 <p class="TextFontCX" align="center" style=
12534 'text-align:center;background:#CCCCCC'><span style=
12535 'font-size:10.0pt'>m:</span><span class=
12536 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12537 <p class="TextFontCX"><span class="Flag"><span style=
12538 'font-size:10.0pt'>observer-trans</span></span></p>
12539 <p class="IndentText">Inconsistent <span class=
12540 "Annot"><span style='font-size:10.0pt'>observer</span></span>
12541 transfer. Observer storage is transferred to a non-observer
12544 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12545 height="14" align="left">
12547 <td valign="top" align="left" height="14" style=
12548 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12549 <p class="TextFontCX" align="center" style=
12550 'text-align:center;background:#CCCCCC'><span style=
12551 'font-size:10.0pt'>m:</span><span class=
12552 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12553 <p class="TextFontCX"><span class="Flag"><span style=
12554 'font-size:10.0pt'>unqualified-trans</span></span></p>
12555 <p class="IndentText">Unqualified storage is transferred in an
12556 inconsistent way.</p>
12557 <p class="Heading11">Initializers</p>
12559 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12560 height="14" align="left">
12562 <td valign="top" align="left" height="14" style=
12563 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12564 <p class="TextFontCX" align="center" style=
12565 'text-align:center;background:#CCCCCC'><span style=
12566 'font-size:10.0pt'>m:</span><span class=
12567 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
12568 <p class="TextFontCX"><span class="Flag"><span style=
12569 'font-size:10.0pt'>only-unq-global-trans</span></span></p>
12570 <p class="IndentText">Only storage transferred to an unqualified
12571 global or static reference. This may lead to a memory leak, since
12572 the new reference is not necessarily released.</p>
12574 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12575 height="14" align="left">
12577 <td valign="top" align="left" height="14" style=
12578 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12579 <p class="TextFontCX" align="center" style=
12580 'text-align:center;background:#CCCCCC'><span style=
12581 'font-size:10.0pt'>m:</span><span class=
12582 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
12583 <p class="TextFontCX"><span class="Flag"><span style=
12584 'font-size:10.0pt'>static-init-trans</span></span></p>
12585 <p class="IndentText">Static storage is used as an initial value in
12586 an inconsistent way.</p>
12588 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12589 height="14" align="left">
12591 <td valign="top" align="left" height="14" style=
12592 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12593 <p class="TextFontCX" align="center" style=
12594 'text-align:center;background:#CCCCCC'><span style=
12595 'font-size:10.0pt'>m:</span><span class=
12596 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
12597 <p class="TextFontCX"><span class="Flag"><span style=
12598 'font-size:10.0pt'>unqualified-init-trans</span></span></p>
12599 <p class="IndentText">Unqualified storage is used as an initial
12600 value in an inconsistent way.</p>
12601 <p class="Heading11">Derived Storage</p>
12603 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12604 height="14" align="left">
12606 <td valign="top" align="left" height="14" style=
12607 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12608 <p class="TextFontCX" align="center" style=
12609 'text-align:center;background:#CCCCCC'><span style=
12610 'font-size:10.0pt'>m:</span><span class=
12611 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12612 <p class="TextFontCX"><span class="Flag"><span style=
12613 'font-size:10.0pt'>comp-mem-pass</span></span></p>
12614 <p class="IndentText">Storage derivable from a parameter does not
12615 match the alias kind expected for the formal parameter.</p>
12616 <p class="Heading11">Stack References</p>
12618 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12619 height="14" align="left">
12621 <td valign="top" align="left" height="14" style=
12622 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12623 <p class="TextFontCX" align="center" style=
12624 'text-align:center;background:#CCCCCC'><span style=
12625 'font-size:10.0pt'>m:</span><span class=
12626 "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div>
12627 <p class="TextFontCX"><span class="Flag"><span style=
12628 'font-size:10.0pt'>stack-ref</span></span></p>
12629 <p class="IndentText">A stack reference is pointed to by an
12630 external reference when the function returns. Since the call
12631 frame will be destroyed when the function returns the return value
12632 will point to dead storage. (Section 5.2.6)</p>
12633 <p class="Heading10">Implicit Memory Annotations <span class=
12634 "HeadingNote"><span style=
12635 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span>
12636 <span class="HeadingNote"><span style=
12637 'font-size:10.5pt;font-weight:normal;font-style: normal'>5.3</span></span><span class="HeadingNote">
12639 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p>
12643 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12644 height="14" align="left">
12646 <td valign="top" align="left" height="14" style=
12647 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12648 <p class="TextFontCX" align="center" style=
12649 'text-align:center;background:#CCCCCC'><span style=
12650 'font-size:10.0pt'>shortcut</span> <span class=
12651 "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div>
12652 <p class="TextFontCX"><span class="Flag"><span style=
12653 'font-size:10.0pt'>all-imp-only</span></span></p>
12654 <p class="IndentText">Sets
12655 <span class="Flag"><span style=
12656 'font-size:10.0pt'>
12657 glob-imp-only, ret-imp-only, struct-imp-only, specglobimponly, specretimponly
12660 <span class="Flag"><span style=
12661 'font-size:10.0pt'>
12668 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12669 height="14" align="left">
12671 <td valign="top" align="left" height="14" style=
12672 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12673 <p class="TextFontCX" align="center" style=
12674 'text-align:center;background:#CCCCCC'><span style=
12675 'font-size:10.0pt'>P:</span> <span class=
12676 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
12677 <p class="TextFontCX"><span class="Flag"><span style=
12678 'font-size:10.0pt'>glob-imp-only</span></span></p>
12679 <p class="IndentText">Assume unannotated global storage is
12684 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12685 height="14" align="left">
12687 <td valign="top" align="left" height="14" style=
12688 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12689 <p class="TextFontCX" align="center" style=
12690 'text-align:center;background:#CCCCCC'><span style=
12691 'font-size:10.0pt'>P:</span> <span class=
12692 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
12693 <p class="TextFontCX"><span class="Flag"><span style=
12694 'font-size:10.0pt'>param-imp-temp</span></span></p>
12695 <p class="IndentText">Assume unannotated parameter is
12696 <span class="Annot"><span style=
12697 'font-size:10.0pt'>temp</span></span>.</p>
12699 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12700 height="14" align="left">
12702 <td valign="top" align="left" height="14" style=
12703 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12704 <p class="TextFontCX" align="center" style=
12705 'text-align:center;background:#CCCCCC'><span style=
12706 'font-size:10.0pt'>P:</span> <span class=
12707 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
12708 <p class="TextFontCX"><span class="Flag"><span style=
12709 'font-size:10.0pt'>ret-imp-only</span></span></p>
12710 <p class="IndentText">Assume unannotated returned storage is
12711 <span class="Annot"><span style=
12712 'font-size:10.0pt'>only</span></span>.</p>
12714 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12715 height="14" align="left">
12717 <td valign="top" align="left" height="14" style=
12718 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12719 <p class="TextFontCX" align="center" style=
12720 'text-align:center;background:#CCCCCC'><span style=
12721 'font-size:10.0pt'>P:</span> <span class=
12722 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
12723 <p class="TextFontCX"><span class="Flag"><span style=
12724 'font-size:10.0pt'>struct-imp-only</span></span></p>
12725 <p class="IndentText">Assume unannotated structure or union field
12726 is <span class="Annot"><span style=
12727 'font-size:10.0pt'>only</span></span>.</p>
12729 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12730 height="14" align="left">
12732 <td valign="top" align="left" height="14" style=
12733 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12734 <p class="TextFontCX" align="center" style=
12735 'text-align:center;background:#CCCCCC'><span style=
12736 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
12737 <p class="TextFontCX"><span class="Flag"><span style=
12738 'font-size:10.0pt'>code-imp-only</span></span></p>
12739 <p class="IndentText">Sets <span class="Flag"><span style=
12740 'font-size:10.0pt'>glob-imp-only</span></span>, <span class=
12741 "Flag"><span style='font-size:10.0pt'>ret-imp-only</span></span>
12742 and <span class="Flag"><span style=
12743 'font-size:10.0pt'>struct-imp-only</span></span>.</p>
12745 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12746 height="14" align="left">
12748 <td valign="top" align="left" height="14" style=
12749 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12750 <p class="TextFontCX" align="center" style=
12751 'text-align:center;background:#CCCCCC'><span style=
12752 'font-size:10.0pt'>m:</span><span class=
12753 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12754 <p class="TextFontCX"><span class="Flag"><span style=
12755 'font-size:10.0pt'>mem-imp</span></span></p>
12756 <p class="IndentText">Report memory errors for unqualified
12759 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12760 height="14" align="left">
12762 <td valign="top" align="left" height="14" style=
12763 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12764 <p class="TextFontCX" align="center" style=
12765 'text-align:center;background:#CCCCCC'><span style=
12766 'font-size:10.0pt'>m:</span><span class=
12767 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
12768 <p class="TextFontCX"><span class="Flag"><span style=
12769 'font-size:10.0pt'>pass-unknown</span></span></p>
12770 <p class="IndentText">Passing a value as an unannotated parameter
12771 clears its annotation. This will prevent many spurious errors
12772 from being report for unannotated programs, but eliminates the
12773 possibility of detecting many errors.</p>
12774 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
12775 <a name="_Toc534975054">Sharing</a> <span class=
12776 "TextFontCXChar"><span style=
12777 'font-size:11.0pt; font-weight:normal'>(Section
12778 6)</span></span></p>
12779 <p class="Heading10">Aliasing <span class=
12780 "TextFontCXChar"><span style=
12781 'font-size:11.0pt; font-weight:normal'>(Section</span></span>
12782 <span class="TextFontCXChar"><span style=
12783 'font-size:11.0pt; font-weight:normal'>6.1</span></span><span class="TextFontCXChar">
12785 'font-size:11.0pt; font-weight:normal'>)</span></span></p>
12787 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12788 height="14" align="left">
12790 <td valign="top" align="left" height="14" style=
12791 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12792 <p class="TextFontCX" align="center" style=
12793 'text-align:center;background:#CCCCCC'><span style=
12794 'font-size:10.0pt'>m:</span><span class=
12795 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12796 <p class="TextFontCX"><span class="Flag"><span style=
12797 'font-size:10.0pt'>alias-unique</span></span></p>
12798 <p class="IndentText">An actual parameter that is passed as a
12799 <span class="Annot"><span style=
12800 'font-size:10.0pt'>unique</span></span> formal parameter is aliased
12801 by another parameter or global variable.</p>
12803 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12804 height="14" align="left">
12806 <td valign="top" align="left" height="14" style=
12807 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12808 <p class="TextFontCX" align="center" style=
12809 'text-align:center;background:#CCCCCC'><span style=
12810 'font-size:10.0pt'>m:</span><span class=
12811 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12812 <p class="TextFontCX"><span class="Flag"><span style=
12813 'font-size:10.0pt'>may-alias-unique</span></span></p>
12814 <p class="IndentText">An actual parameter that is passed as a
12815 <span class="Annot"><span style=
12816 'font-size:10.0pt'>unique</span></span> formal parameter may be
12817 aliased by another parameter or global variable.</p>
12819 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12820 height="14" align="left">
12822 <td valign="top" align="left" height="14" style=
12823 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12824 <p class="TextFontCX" align="center" style=
12825 'text-align:center;background:#CCCCCC'><span style=
12826 'font-size:10.0pt'>m:</span><span class=
12827 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12828 <p class="TextFontCX"><span class="Flag"><span style=
12829 'font-size:10.0pt'>must-not-alias</span></span></p>
12830 <p class="IndentText">An alias has been added to a
12831 <span class="Annot"><span style=
12832 'font-size:10.0pt'>temp</span></span>-qualifier parameter
12833 or global that is visible externally when the function
12836 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12837 height="14" align="left">
12839 <td valign="top" align="left" height="14" style=
12840 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12841 <p class="TextFontCX" align="center" style=
12842 'text-align:center;background:#CCCCCC'><span style=
12843 'font-size:10.0pt'>m:</span><span class=
12844 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
12845 <p class="TextFontCX"><span class="Flag"><span style=
12846 'font-size:10.0pt'>ret-alias</span></span></p>
12847 <p class="IndentText">A function returns an alias to parameter or
12849 <p class="Heading10">Exposure <span class=
12850 "HeadingNote"><span style='font-size: 10.5pt;font-weight:normal;font-style:normal'>
12851 (Section</span></span> <span class="HeadingNote"><span style=
12852 'font-size:10.5pt;font-weight:normal;font-style: normal'>6.2</span></span><span class="HeadingNote">
12854 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p>
12856 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12857 height="14" align="left">
12859 <td valign="top" align="left" height="14" style=
12860 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12861 <p class="TextFontCX" align="center" style=
12862 'text-align:center;background:#CCCCCC'><span style=
12863 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
12864 <p class="TextFontCX"><span class="Flag"><span style=
12865 'font-size:10.0pt'>rep-expose</span></span></p>
12866 <p class="IndentText">The internal representation of an abstract
12867 type is visible to the caller. This means clients may have
12868 access to a pointer into the abstract representation. (Sets
12869 <span class="Flag"><span style=
12870 'font-size:10.0pt'>assign-expose</span></span>, <span class=
12871 "Flag"><span style='font-size:10.0pt'>ret-expose</span></span>, and
12872 <span class="Flag"><span style=
12873 'font-size:10.0pt'>cast-expose</span></span>.)</p>
12875 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12876 height="14" align="left">
12878 <td valign="top" align="left" height="14" style=
12879 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12880 <p class="TextFontCX" align="center" style=
12881 'text-align:center;background:#CCCCCC'><span style=
12882 'font-size:10.0pt'>m:</span><span class=
12883 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
12884 <p class="TextFontCX"><span class="Flag"><span style=
12885 'font-size:10.0pt'>assign-expose</span></span></p>
12886 <p class="IndentText">Abstract representation is exposed by an
12887 assignment or passed parameter.</p>
12889 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12890 height="14" align="left">
12892 <td valign="top" align="left" height="14" style=
12893 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12894 <p class="TextFontCX" align="center" style=
12895 'text-align:center;background:#CCCCCC'><span style=
12896 'font-size:10.0pt'>m:</span><span class=
12897 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
12898 <p class="TextFontCX"><span class="Flag"><span style=
12899 'font-size:10.0pt'>cast-expose</span></span></p>
12900 <p class="IndentText">Abstract representation is exposed through a
12903 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12904 height="14" align="left">
12906 <td valign="top" align="left" height="14" style=
12907 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12908 <p class="TextFontCX" align="center" style=
12909 'text-align:center;background:#CCCCCC'><span style=
12910 'font-size:10.0pt'>m:</span><span class=
12911 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
12912 <p class="TextFontCX"><span class="Flag"><span style=
12913 'font-size:10.0pt'>ret-expose</span></span></p>
12914 <p class="IndentText">Abstract representation is exposed by a
12916 <p class="Heading11">Observer Modifications</p>
12918 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12919 height="14" align="left">
12921 <td valign="top" align="left" height="14" style=
12922 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12923 <p class="TextFontCX" align="center" style=
12924 'text-align:center;background:#CCCCCC'><span style=
12925 'font-size:10.0pt'>P:</span> <span class=
12926 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
12927 <p class="TextFontCX"><span class="Flag"><span style=
12928 'font-size:10.0pt'>mod-observer</span></span></p>
12929 <p class="IndentText">Possible modification of observer
12932 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12933 height="14" align="left">
12935 <td valign="top" align="left" height="14" style=
12936 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12937 <p class="TextFontCX" align="center" style=
12938 'text-align:center;background:#CCCCCC'><span style=
12939 'font-size:10.0pt'>m:</span><span class=
12940 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
12941 <p class="TextFontCX"><span class="Flag"><span style=
12942 'font-size:10.0pt'>mod-observer-uncon</span></span></p>
12943 <p class="IndentText">Storage declared with observer may be
12944 modified through a call to an unconstrained function.</p>
12945 <p class="Heading11">String Literals <span class=
12946 "TextFontCXChar"><span style=
12947 'font-weight: normal;font-style:normal'>(Section
12948 6.2.1)</span></span></p>
12950 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12951 height="14" align="left">
12953 <td valign="top" align="left" height="14" style=
12954 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12955 <p class="TextFontCX" align="center" style=
12956 'text-align:center;background:#CCCCCC'><span style=
12957 'font-size:10.0pt'>m:</span><span class=
12958 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
12959 <p class="TextFontCX"><span class="Flag"><span style=
12960 'font-size:10.0pt'>read-only-trans</span></span></p>
12961 <p class="IndentText">Report memory transfer errors for
12962 initializations to read-only string literals</p>
12964 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12965 height="14" align="left">
12967 <td valign="top" align="left" height="14" style=
12968 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12969 <p class="TextFontCX" align="center" style=
12970 'text-align:center;background:#CCCCCC'><span style=
12971 'font-size:10.0pt'>m:</span><span class=
12972 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
12973 <p class="TextFontCX"><span class="Flag"><span style=
12974 'font-size:10.0pt'>read-only-strings</span></span></p>
12975 <p class="IndentText">String literals are read-only (ISO
12976 semantics). An error is reported if a string literal may be
12977 modified or released.</p>
12978 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
12979 Function Interfaces <span class="TextFontCXChar"><span style=
12980 'font-size:11.0pt;font-weight:normal'>(Section</span></span>
12981 <span class="TextFontCXChar"><span style=
12982 'font-size:11.0pt; font-weight:normal'>7</span></span><span class="TextFontCXChar">
12984 'font-size:11.0pt; font-weight:normal'>)</span></span></p>
12985 <p class="Heading10">Modification <span class=
12986 "TextFontCXChar"><span style=
12987 'font-size:11.0pt; font-weight:normal'>(Section
12988 7.1)</span></span></p>
12990 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
12991 height="14" align="left">
12993 <td valign="top" align="left" height="14" style=
12994 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
12995 <p class="TextFontCX" align="center" style=
12996 'text-align:center;background:#CCCCCC'><span style=
12997 'font-size:10.0pt'>P:</span> <span class=
12998 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
12999 <p class="TextFontCX"><span class="Flag"><span style=
13000 'font-size:10.0pt'>modifies</span></span></p>
13001 <p class="IndentText">Undocumented modification of caller-visible
13002 state. Without <span class="Flag"><span style=
13003 'font-size:10.0pt'>+moduncon</span></span>, modification errors are
13004 only reported in the definitions of functions declared with a
13005 modifies clause (or specified).</p>
13007 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13008 height="14" align="left">
13010 <td valign="top" align="left" height="14" style=
13011 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13012 <p class="TextFontCX" align="center" style=
13013 'text-align:center;background:#CCCCCC'><span style=
13014 'font-size:10.0pt'>m:</span><span class=
13015 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
13016 <p class="TextFontCX"><span class="Flag"><span style=
13017 'font-size:10.0pt'>must-mod</span></span></p>
13018 <p class="IndentText">Documented modification is not
13019 detected. An object listed in the modifies clause for a
13020 function, is not modified by the implementation.</p>
13022 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13023 height="14" align="left">
13025 <td valign="top" align="left" height="14" style=
13026 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13027 <p class="TextFontCX" align="center" style=
13028 'text-align:center;background:#CCCCCC'><span style=
13029 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
13030 <p class="TextFontCX"><span class="Flag"><span style=
13031 'font-size:10.0pt'>mod-uncon</span></span></p>
13032 <p class="IndentText">Report modification errors in functions
13033 declared without a modifies clause.(Sets <span class=
13034 "Flag"><span style='font-size:10.0pt'>mod-nomods</span></span>,
13035 <span class="Flag"><span style=
13036 'font-size:10.0pt'>mod-globs-nomods</span></span> and
13037 <span class="Flag"><span style=
13038 'font-size:10.0pt'>mod-strict-globs-nomods</span></span>.)</p>
13040 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13041 height="14" align="left">
13043 <td valign="top" align="left" height="14" style=
13044 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13045 <p class="TextFontCX" align="center" style=
13046 'text-align:center;background:#CCCCCC'><span style=
13047 'font-size:10.0pt'>m:</span><span class=
13048 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
13049 <p class="TextFontCX"><span class="Flag"><span style=
13050 'font-size:10.0pt'>mod-nomods</span></span></p>
13051 <p class="IndentText">Report modification errors (not involving
13052 global variables) in functions declared without a modifies
13055 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13056 height="14" align="left">
13058 <td valign="top" align="left" height="14" style=
13059 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13060 <p class="TextFontCX" align="center" style=
13061 'text-align:center;background:#CCCCCC'><span style=
13062 'font-size:10.0pt'>m:</span><span class=
13063 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
13064 <p class="TextFontCX"><span class="Flag"><span style=
13065 'font-size:10.0pt'>mod-uncon-nomods</span></span></p>
13066 <p class="IndentText">An unconstrained function is called in a
13067 function body where modifications are checked. Since the
13068 unconstrained function may modify anything, there may be undetected
13069 modifications in the checked function.</p>
13071 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13072 height="14" align="left">
13074 <td valign="top" align="left" height="14" style=
13075 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13076 <p class="TextFontCX" align="center" style=
13077 'text-align:center;background:#CCCCCC'><span style=
13078 'font-size:10.0pt'>m:</span><span class=
13079 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
13080 <p class="TextFontCX"><span class="Flag"><span style=
13081 'font-size:10.0pt'>mod-internal-strict</span></span></p>
13082 <p class="IndentText">A function that modifies <span class=
13083 "Annot"><span style='font-size:10.0pt'>internalState</span></span>
13084 is called from a function that does not list <span class=
13085 "Annot"><span style='font-size:10.0pt'>internalState</span></span>
13086 in its modifies clause.</p>
13088 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13089 height="14" align="left">
13091 <td valign="top" align="left" height="14" style=
13092 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13093 <p class="TextFontCX" align="center" style=
13094 'text-align:center;background:#CCCCCC'><span style=
13095 'font-size:10.0pt'>m:</span><span class=
13096 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
13097 <p class="TextFontCX"><span class="Flag"><span style=
13098 'font-size:10.0pt'>mod-file-sys</span></span></p>
13099 <p class="IndentText">A function modifies the file system but does
13100 not list <span class="Annot"><span style=
13101 'font-size:10.0pt'>fileSystem</span></span> in its modifies
13103 <p class="Heading10">Global Variables <span class=
13104 "HeadingNote"><span style=
13105 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span>
13106 <span class="HeadingNote"><span style=
13107 'font-size:10.5pt;font-weight:normal;font-style: normal'>7.2</span></span><span class="HeadingNote">
13109 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p>
13110 <p class="beforelist"><a name="globflags"></a>Errors involving the
13111 use and modification of global and file static variables are
13112 reported depending on flag settings, annotations where the global
13113 variable is declared, and whether or not the function where the
13114 global is used was declared with a globals clause.</p>
13116 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13117 height="14" align="left">
13119 <td valign="top" align="left" height="14" style=
13120 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13121 <p class="TextFontCX" align="center" style=
13122 'text-align:center;background:#CCCCCC'><span style=
13123 'font-size:10.0pt'>P:</span> <span class=
13124 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
13125 <p class="TextFontCX"><span class="Flag"><span style=
13126 'font-size:10.0pt'>globs</span></span></p>
13127 <p class="IndentText">Undocumented use of a checked global variable
13128 in a function with a globals list.</p>
13130 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13131 height="14" align="left">
13133 <td valign="top" align="left" height="14" style=
13134 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13135 <p class="TextFontCX" align="center" style=
13136 'text-align:center;background:#CCCCCC'><span style=
13137 'font-size:10.0pt'>m:</span><span class=
13138 "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div>
13139 <p class="TextFontCX"><span class="Flag"><span style=
13140 'font-size:10.0pt'>glob-use</span></span></p>
13141 <p class="IndentText">A global listed in the globals list is not
13142 used in the implementation.</p>
13144 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13145 height="14" align="left">
13147 <td valign="top" align="left" height="14" style=
13148 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13149 <p class="TextFontCX" align="center" style=
13150 'text-align:center;background:#CCCCCC'><span style=
13151 'font-size:10.0pt'>m:</span><span class=
13152 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
13153 <p class="TextFontCX"><span class="Flag"><span style=
13154 'font-size:10.0pt'>glob-noglobs</span></span></p>
13155 <p class="IndentText">Use of a checked global in a function with no
13158 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13159 height="14" align="left">
13161 <td valign="top" align="left" height="14" style=
13162 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13163 <p class="TextFontCX" align="center" style=
13164 'text-align:center;background:#CCCCCC'><span style=
13165 'font-size:10.0pt'>m:</span><span class=
13166 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
13167 <p class="TextFontCX"><span class="Flag"><span style=
13168 'font-size:10.0pt'>internal-globs</span></span></p>
13169 <p class="IndentText">Undocumented use of internal state (should
13170 have <span class="Annot"><span style='font-size:10.0pt'>globals
13171 internalState</span></span>).</p>
13173 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13174 height="14" align="left">
13176 <td valign="top" align="left" height="14" style=
13177 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13178 <p class="TextFontCX" align="center" style=
13179 'text-align:center;background:#CCCCCC'><span style=
13180 'font-size:10.0pt'>m:</span><span class=
13181 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
13182 <p class="TextFontCX"><span class="Flag"><span style=
13183 'font-size:10.0pt'>internal-globs-noglobs</span></span></p>
13184 <p class="TextFontCX">
13185 Use of internal state in function with no globals list.</p>
13187 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13188 height="14" align="left">
13190 <td valign="top" align="left" height="14" style=
13191 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13192 <p class="TextFontCX" align="center" style=
13193 'text-align:center;background:#CCCCCC'><span style=
13194 'font-size:10.0pt'>m:</span><span class=
13195 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13196 <p class="TextFontCX"><span class="Flag"><span style=
13197 'font-size:10.0pt'>glob-state</span></span></p>
13198 <p class="IndentText">A function returns with global in
13199 inconsistent state (null or undefined)</p>
13201 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13202 height="14" align="left">
13204 <td valign="top" align="left" height="14" style=
13205 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13206 <p class="TextFontCX" align="center" style=
13207 'text-align:center;background:#CCCCCC'><span style=
13208 'font-size:10.0pt'>m:</span><span class=
13209 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
13210 <p class="TextFontCX"><span class="Flag"><span style=
13211 'font-size:10.0pt'>all-globs</span></span></p>
13212 <p class="IndentText">Report use and modification errors for
13213 globals not annotated with <span class="Annot"><span style=
13214 'font-size:10.0pt'>unchecked</span></span>.</p>
13216 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13217 height="14" align="left">
13219 <td valign="top" align="left" height="14" style=
13220 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13221 <p class="TextFontCX" align="center" style=
13222 'text-align:center;background:#CCCCCC'><span style=
13223 'font-size:10.0pt'>m:</span><span class=
13224 "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div>
13225 <p class="TextFontCX"><span class="Flag"><span style=
13226 'font-size:10.0pt'>check-strict-globs</span></span></p>
13227 <p class="IndentText">Report use and modification errors for
13228 <span class="Annot"><span style=
13229 'font-size:10.0pt'>checkedstrict</span></span> globals.</p>
13230 <p class="Heading11">Modification of Global Variables</p>
13232 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13233 height="14" align="left">
13235 <td valign="top" align="left" height="14" style=
13236 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13237 <p class="TextFontCX" align="center" style=
13238 'text-align:center;background:#CCCCCC'><span style=
13239 'font-size:10.0pt'>m:</span><span class=
13240 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13241 <p class="TextFontCX"><span class="Flag"><span style=
13242 'font-size:10.0pt'>mod-globs</span></span></p>
13243 <p class="IndentText">Undocumented modification of a checked global
13246 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13247 height="14" align="left">
13249 <td valign="top" align="left" height="14" style=
13250 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13251 <p class="TextFontCX" align="center" style=
13252 'text-align:center;background:#CCCCCC'><span style=
13253 'font-size:10.0pt'>m:</span><span class=
13254 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
13255 <p class="TextFontCX"><span class="Flag"><span style=
13256 'font-size:10.0pt'>mod-globs-unchecked</span></span></p>
13257 <p class="IndentText">Undocumented modification of an
13258 <span class="Annot"><span style=
13259 'font-size:10.0pt'>unchecked</span></span>
13260 global variable.</p>
13262 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13263 height="14" align="left">
13265 <td valign="top" align="left" height="14" style=
13266 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13267 <p class="TextFontCX" align="center" style=
13268 'text-align:center;background:#CCCCCC'><span style=
13269 'font-size:10.0pt'>m:</span><span class=
13270 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
13271 <p class="TextFontCX"><span class="Flag"><span style=
13272 'font-size:10.0pt'>mod-globs-nomods</span></span></p>
13273 <p class="IndentText">Undocumented modification of a checked global
13274 variable in a function with no modifies clause.</p>
13276 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13277 height="14" align="left">
13279 <td valign="top" align="left" height="14" style=
13280 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13281 <p class="TextFontCX" align="center" style=
13282 'text-align:center;background:#CCCCCC'><span style=
13283 'font-size:10.0pt'>m:</span><span class=
13284 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
13285 <p class="TextFontCX"><span class="Flag"><span style=
13286 'font-size:10.0pt'>mod-strict-globs-nomods</span></span></p>
13287 <p class="IndentText">Undocumented modification of a
13288 <span class="Annot"><span style=
13289 'font-size:10.0pt'>checkedstrict</span></span>
13290 global variable in a function declared with no modifies
13292 <p class="Heading11">Globals Lists and Modifies Clauses</p>
13294 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13295 height="14" align="left">
13297 <td valign="top" align="left" height="14" style=
13298 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13299 <p class="TextFontCX" align="center" style=
13300 'text-align:center;background:#CCCCCC'><span style=
13301 'font-size:10.0pt'>m:</span><span class=
13302 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
13303 <p class="TextFontCX"><span class="Flag"><span style=
13304 'font-size:10.0pt'>warn-missing-globs</span></span></p>
13305 <p class="IndentText">Global variable used in modifies clause is
13306 not listed in globals list. (The global is added to the
13309 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13310 height="14" align="left">
13312 <td valign="top" align="left" height="14" style=
13313 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13314 <p class="TextFontCX" align="center" style=
13315 'text-align:center;background:#CCCCCC'><span style=
13316 'font-size:10.0pt'>m:</span><span class=
13317 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
13318 <p class="TextFontCX"><span class="Flag"><span style=
13319 'font-size:10.0pt'>warn-missing-globs-noglobs</span></span></p>
13320 <p class="IndentText">Global variable used in modifies clause of a
13321 function with no globals list.</p>
13323 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13324 height="14" align="left">
13326 <td valign="top" align="left" height="14" style=
13327 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13328 <p class="TextFontCX" align="center" style=
13329 'text-align:center;background:#CCCCCC'><span style=
13330 'font-size:10.0pt'>m:</span><span class=
13331 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
13332 <p class="TextFontCX"><span class="Flag"><span style=
13333 'font-size:10.0pt'>globs-imp-mods-nothing</span></span></p>
13334 <p class="IndentText">A function declared with a globals list but
13335 no modifies clause is assumed to modify nothing.</p>
13337 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13338 height="14" align="left">
13340 <td valign="top" align="left" height="14" style=
13341 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13342 <p class="TextFontCX" align="center" style=
13343 'text-align:center;background:#CCCCCC'><span style=
13344 'font-size:10.0pt'>m:</span><span class=
13345 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
13346 <p class="TextFontCX"><span class="Flag"><span style=
13347 'font-size:10.0pt'>mods-imp-noglobs</span></span></p>
13348 <p class="IndentText">A function declared with a modifies clause
13349 but no globals list is assumed to use no globals.</p>
13350 <p class="Heading11">Implicit Checking Annotations</p>
13352 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13353 height="14" align="left">
13355 <td valign="top" align="left" height="14" style=
13356 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13357 <p class="TextFontCX" align="center" style=
13358 'text-align:center;background:#CCCCCC'><span style=
13359 'font-size:10.0pt'>m:</span><span class=
13360 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
13361 <p class="TextFontCX"><span class="Flag"><span style=
13362 'font-size:10.0pt'>imp-checked-globs</span></span></p>
13363 <p class="IndentText">Implicit <span class=
13364 "Annot"><span style='font-size:10.0pt'>checked</span></span> annotation
13365 on global variables with no checking annotation.</p>
13367 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13368 height="14" align="left">
13370 <td valign="top" align="left" height="14" style=
13371 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13372 <p class="TextFontCX" align="center" style=
13373 'text-align:center;background:#CCCCCC'><span style=
13374 'font-size:10.0pt'>m:</span><span class=
13375 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
13376 <p class="TextFontCX"><span class="Flag"><span style=
13377 'font-size:10.0pt'>imp-checked-statics</span></span></p>
13378 <p class="IndentText">Implicit <span class=
13379 "Annot"><span style='font-size:10.0pt'>checked</span></span> qualifier
13380 file static scope variables with no checking annotation.</p>
13382 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13383 height="14" align="left">
13385 <td valign="top" align="left" height="14" style=
13386 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13387 <p class="TextFontCX" align="center" style=
13388 'text-align:center;background:#CCCCCC'><span style=
13389 'font-size:10.0pt'>m:</span><span class=
13390 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
13391 <p class="TextFontCX"><span class="Flag"><span style=
13392 'font-size:10.0pt'>imp-checkmod-globs</span></span></p>
13393 <p class="IndentText">Implicit <span class=
13394 "Annot"><span style='font-size:10.0pt'>checkmod</span></span>
13395 qualifier on global variables with no checking
13397 <p class="IndentText"><span class="Flag"><span style=
13398 'font-size:10.0pt'> </span></span></p>
13400 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13401 height="14" align="left">
13403 <td valign="top" align="left" height="14" style=
13404 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13405 <p class="TextFontCX" align="center" style=
13406 'text-align:center;background:#CCCCCC'><span style=
13407 'font-size:10.0pt'>m:</span><span class=
13408 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
13409 <p class="TextFontCX"><span class="Flag"><span style=
13410 'font-size:10.0pt'>imp-checkmod-statics</span></span></p>
13411 <p class="IndentText">Implicit <span class=
13412 "Annot"><span style='font-size:10.0pt'>checkmod</span></span>
13413 qualifier file static scope variables with no checking
13416 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13417 height="14" align="left">
13419 <td valign="top" align="left" height="14" style=
13420 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13421 <p class="TextFontCX" align="center" style=
13422 'text-align:center;background:#CCCCCC'><span style=
13423 'font-size:10.0pt'>m:</span><span class=
13424 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
13425 <p class="TextFontCX"><span class="Flag"><span style=
13426 'font-size:10.0pt'>imp-checkedstrict-globs</span></span></p>
13427 <p class="IndentText">Implicit <span class=
13428 "Annot"><span style='font-size:10.0pt'>checked</span></span>
13429 qualifier on global variables with no checking
13432 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13433 height="14" align="left">
13435 <td valign="top" align="left" height="14" style=
13436 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13437 <p class="TextFontCX" align="center" style=
13438 'text-align:center;background:#CCCCCC'><span style=
13439 'font-size:10.0pt'>m:</span><span class=
13440 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
13441 <p class="TextFontCX"><span class="Flag"><span style=
13442 'font-size:10.0pt'>imp-checkedstrict-statics</span></span></p>
13443 <p class="IndentText">Implicit <span class=
13444 "Annot"><span style='font-size:10.0pt'>checked</span></span>
13445 qualifier file static scope variables with no checking
13448 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13449 height="14" align="left">
13451 <td valign="top" align="left" height="14" style=
13452 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13453 <p class="TextFontCX" align="center" style=
13454 'text-align:center;background:#CCCCCC'><span style=
13455 'font-size:10.0pt'>m:</span><span class=
13456 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
13457 <p class="TextFontCX"><span class="Flag"><span style=
13458 'font-size:10.0pt'>imp-checkmod-internals</span></span></p>
13459 <p class="IndentText">Implicit <span class=
13460 "Annot"><span style='font-size:10.0pt'>checkmod</span></span>
13461 qualifier on function scope static variables with no checking
13464 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13465 height="14" align="left">
13467 <td valign="top" align="left" height="14" style=
13468 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13469 <p class="TextFontCX" align="center" style=
13470 'text-align:center;background:#CCCCCC'><span style=
13471 'font-size:10.0pt'>m:</span><span class=
13472 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13473 <p class="IndentText" style='margin-left:0in'><span class=
13474 "Keyword"><span style='font-size:10.0pt'> </span></span></p>
13475 <p class="Heading11">Global Aliasing</p>
13477 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13478 height="14" align="left">
13480 <td valign="top" align="left" height="14" style=
13481 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13482 <p class="TextFontCX" align="center" style=
13483 'text-align:center;background:#CCCCCC'><span style=
13484 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
13485 <p class="TextFontCX"><span class="Flag"><span style=
13486 'font-size:10.0pt'>glob-alias</span></span></p>
13487 <p class="IndentText">Function returns with global aliasing
13488 external state (sets <span class="Flag"><span style=
13489 'font-size:10.0pt'>checkstrict-glob-alias</span></span>,
13490 <span class="Flag"><span style=
13491 'font-size:10.0pt'>checked-glob-alias</span></span>,
13492 c<span class="Flag"><span style=
13493 'font-size:10.0pt'>heckmod-glob-alias</span></span> and
13494 <span class="Flag"><span style=
13495 'font-size:10.0pt'>unchecked-glob-alias</span></span>).</p>
13497 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13498 height="14" align="left">
13500 <td valign="top" align="left" height="14" style=
13501 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13502 <p class="TextFontCX" align="center" style=
13503 'text-align:center;background:#CCCCCC'><span style=
13504 'font-size:10.0pt'>m:</span><span class=
13505 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13506 <p class="TextFontCX"><span class="Flag"><span style=
13507 'font-size:10.0pt'>checkstrict-glob-alias</span></span></p>
13508 <p class="IndentText">Function returns with a <span class=
13509 "Annot"><span style='font-size:10.0pt'>checkedstrict</span></span>
13510 global aliasing external state.</p>
13512 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13513 height="14" align="left">
13515 <td valign="top" align="left" height="14" style=
13516 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13517 <p class="TextFontCX" align="center" style=
13518 'text-align:center;background:#CCCCCC'><span style=
13519 'font-size:10.0pt'>m:</span><span class=
13520 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13521 <p class="TextFontCX"><span class="Flag"><span style=
13522 'font-size:10.0pt'>checked-glob-alias</span></span></p>
13523 <p class="IndentText">Function returns with a <span class=
13524 "Annot"><span style='font-size:10.0pt'>checked</span></span>
13525 global aliasing external state.</p>
13527 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13528 height="14" align="left">
13530 <td valign="top" align="left" height="14" style=
13531 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13532 <p class="TextFontCX" align="center" style=
13533 'text-align:center;background:#CCCCCC'><span style=
13534 'font-size:10.0pt'>m:</span><span class=
13535 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13536 <p class="TextFontCX"><span class="Flag"><span style=
13537 'font-size:10.0pt'>checkmod-glob-alias</span></span></p>
13538 <p class="IndentText">Function returns with a <span class=
13539 "Annot"><span style='font-size:10.0pt'>checkmod</span></span>
13540 global aliasing external state.</p>
13542 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13543 height="14" align="left">
13545 <td valign="top" align="left" height="14" style=
13546 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13547 <p class="TextFontCX" align="center" style=
13548 'text-align:center;background:#CCCCCC'><span style=
13549 'font-size:10.0pt'>m:</span><span class=
13550 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
13551 <p class="TextFontCX"><span class="Flag"><span style=
13552 'font-size:10.0pt'>unchecked-glob-alias</span></span></p>
13553 <p class="IndentText">Function returns with an <span class=
13554 "Annot"><span style='font-size:10.0pt'>unchecked</span></span>
13555 global aliasing external state.</p>
13556 <p class="Heading10">Declaration Consistency <span style=
13557 'font-weight:normal'>(Section 7.3)</span></p>
13559 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13560 height="14" align="left">
13562 <td valign="top" align="left" height="14" style=
13563 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13564 <p class="TextFontCX" align="center" style=
13565 'text-align:center;background:#CCCCCC'><span style=
13566 'font-size:10.0pt'>m:</span><span class=
13567 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13568 <p class="TextFontCX"><span class="Flag"><span style=
13569 'font-size:10.0pt'>incon-defs</span></span></p>
13570 <p class="IndentText">Identifier redeclared or redefined with
13571 inconsistent type.</p>
13573 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13574 height="14" align="left">
13576 <td valign="top" align="left" height="14" style=
13577 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13578 <p class="TextFontCX" align="center" style=
13579 'text-align:center;background:#CCCCCC'><span style=
13580 'font-size:10.0pt'>m:</span><span class=
13581 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13582 <p class="TextFontCX"><span class="Flag"><span style=
13583 'font-size:10.0pt'>incon-defs-lib</span></span></p>
13584 <p class="IndentText">Identifier defined in a library is redefined
13585 with inconsistent type.</p>
13587 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13588 height="14" align="left">
13590 <td valign="top" align="left" height="14" style=
13591 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13592 <p class="TextFontCX" align="center" style=
13593 'text-align:center;background:#CCCCCC'><span style=
13594 'font-size:10.0pt'>m:</span><span class=
13595 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
13596 <p class="TextFontCX"><span class="Flag"><span style=
13597 'font-size:10.0pt'>overload</span></span></p>
13598 <p class="IndentText">Standard library function overloaded.</p>
13600 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13601 height="14" align="left">
13603 <td valign="top" align="left" height="14" style=
13604 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13605 <p class="TextFontCX" align="center" style=
13606 'text-align:center;background:#CCCCCC'><span style=
13607 'font-size:10.0pt'>m:</span><span class=
13608 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13609 <p class="TextFontCX"><span class="Flag"><span style=
13610 'font-size:10.0pt'>match-fields</span></span></p>
13611 <p class="IndentText">A <span class="CodeText"><span style=
13612 'font-size:10.0pt'>struct</span></span> or <span class=
13613 "CodeText"><span style='font-size:10.0pt'>enum</span></span> type
13614 is redefined with inconsistent fields or members.</p>
13615 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
13616 <a name="_Toc534975057">Macros</a> <span class=
13617 "TextFontCXChar"><span style=
13618 'font-size:11.0pt; font-weight:normal'>(Section</span></span>
13619 <span class="TextFontCXChar"><span style=
13620 'font-size:11.0pt; font-weight:normal'>11</span></span><span class="TextFontCXChar">
13622 'font-size:11.0pt; font-weight:normal'>)</span></span></p>
13623 <p class="TextFontCX">These flags control expansion and checking of
13624 macro definitions and invocations.</p>
13625 <p class="Heading10">Macro Expansion</p>
13626 <p class="beforelist">These flags control which macros are checked
13627 as functions or constants, and which are expanded in the
13628 pre-processing phase. Macros preceded by <span class=
13629 "Annot"><span style=
13630 'font-size:10.0pt'>/*@notfunction@*/</span></span> are never
13631 expanded regardless of these flag settings. These flags may
13632 be used in source-file control comments.</p>
13634 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13635 height="14" align="left">
13637 <td valign="top" align="left" height="14" style=
13638 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13639 <p class="TextFontCX" align="center" style=
13640 'text-align:center;background:#CCCCCC'><span style=
13641 'font-size:10.0pt'>P:</span> <span class=
13642 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
13643 <p class="TextFontCX"><span class="Flag"><span style=
13644 'font-size:10.0pt'>fcn-macros</span></span></p>
13645 <p class="IndentText">Macros defined with parameter lists are not
13646 expanded and are checked as functions.</p>
13648 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13649 height="14" align="left">
13651 <td valign="top" align="left" height="14" style=
13652 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13653 <p class="TextFontCX" align="center" style=
13654 'text-align:center;background:#CCCCCC'><span style=
13655 'font-size:10.0pt'>P:</span> <span class=
13656 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
13657 <p class="TextFontCX"><span class="Flag"><span style=
13658 'font-size:10.0pt'>const-macros</span></span></p>
13659 <p class="IndentText">Macros defined without parameter lists are
13660 not expanded and are checked as constants.</p>
13662 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13663 height="14" align="left">
13665 <td valign="top" align="left" height="14" style=
13666 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13667 <p class="TextFontCX" align="center" style=
13668 'text-align:center;background:#CCCCCC'><span style=
13669 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
13670 <p class="TextFontCX"><span class="Flag"><span style=
13671 'font-size:10.0pt'>all-macros</span></span></p>
13672 <p class="IndentText">Sets <span class="Flag"><span style=
13673 'font-size:10.0pt'>fcn-macros</span></span> and <span class=
13674 "Flag"><span style=
13675 'font-size:10.0pt'>const-macros</span></span>.</p>
13677 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13678 height="14" align="left">
13680 <td valign="top" align="left" height="14" style=
13681 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13682 <p class="TextFontCX" align="center" style=
13683 'text-align:center;background:#CCCCCC'><span style=
13684 'font-size:10.0pt'>P:</span> <span class=
13685 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
13686 <p class="TextFontCX"><span class="Flag"><span style=
13687 'font-size:10.0pt'>lib-macros</span></span></p>
13688 <p class="IndentText">Macros defining identifiers declared in a
13689 loaded library are not expanded and are checked according to the
13690 library information.<span class="Flag"><span style=
13691 'font-size:10.0pt'> </span></span></p>
13692 <p class="Heading10">Macro Definitions</p>
13693 <p class="beforelist">These flags control what errors are reported
13694 in macro definitions.</p>
13696 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13697 height="14" align="left">
13699 <td valign="top" align="left" height="14" style=
13700 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13701 <p class="TextFontCX" align="center" style=
13702 'text-align:center;background:#CCCCCC'><span style=
13703 'font-size:10.0pt'>m:</span><span class=
13704 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13705 <p class="TextFontCX"><span class="Flag"><span style=
13706 'font-size:10.0pt'>macro-stmt</span></span></p>
13707 <p class="IndentText">Macro definition is not syntactically
13708 equivalent to function. This means if the macro is used as a
13709 statement (e.g., <span class="CodeText"><span style=
13710 'font-size:10.0pt'>if (test) macro();</span></span>) unexpected
13711 behavior may result. One fix is to surround the macro body
13712 with <span class="CodeText"><span style='font-size:10.0pt'>do {
13713 … } while (FALSE)</span></span>.</p>
13715 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13716 height="14" align="left">
13718 <td valign="top" align="left" height="14" style=
13719 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13720 <p class="TextFontCX" align="center" style=
13721 'text-align:center;background:#CCCCCC'><span style=
13722 'font-size:10.0pt'>m:</span><span class=
13723 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13724 <p class="TextFontCX"><span class="Flag"><span style=
13725 'font-size:10.0pt'>macro-return</span></span></p>
13726 <p class="IndentText">
13727 The body of a macro declared as a function uses a
13728 <span class="CodeText"><span style='font-size:10.0pt'>return</span></span>
13729 statement. This exhibits behavior that could not be implemented by a function.
13732 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13733 height="14" align="left">
13735 <td valign="top" align="left" height="14" style=
13736 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13737 <p class="TextFontCX" align="center" style=
13738 'text-align:center;background:#CCCCCC'><span style=
13739 'font-size:10.0pt'>m:</span><span class=
13740 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13741 <p class="TextFontCX"><span class="Flag"><span style=
13742 'font-size:10.0pt'>macro-assign</span></span></p>
13743 <p class="IndentText">A macro parameter is used as the left side of
13744 an assignment expression.</p>
13746 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13747 height="14" align="left">
13749 <td valign="top" align="left" height="14" style=
13750 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13751 <p class="TextFontCX" align="center" style=
13752 'text-align:center;background:#CCCCCC'><span style=
13753 'font-size:10.0pt'>m:</span><span class=
13754 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13755 <p class="TextFontCX"><span class="Flag"><span style=
13756 'font-size:10.0pt'>macro-parens</span></span></p>
13757 <p class="IndentText">A macro parameter is used without parentheses
13758 (in potentially dangerous context).</p>
13760 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13761 height="14" align="left">
13763 <td valign="top" align="left" height="14" style=
13764 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13765 <p class="TextFontCX" align="center" style=
13766 'text-align:center;background:#CCCCCC'><span style=
13767 'font-size:10.0pt'>m:</span><span class=
13768 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
13769 <p class="TextFontCX"><span class="Flag"><span style=
13770 'font-size:10.0pt'>macro-empty</span></span></p>
13771 <p class="IndentText">Macro definition of a function is
13772 empty. </p>
13774 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13775 height="14" align="left">
13777 <td valign="top" align="left" height="14" style=
13778 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13779 <p class="TextFontCX" align="center" style=
13780 'text-align:center;background:#CCCCCC'><span style=
13781 'font-size:10.0pt'>m:</span><span class=
13782 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13783 <p class="TextFontCX"><span class="Flag"><span style=
13784 'font-size:10.0pt'>macro-redef</span></span></p>
13785 <p class="IndentText">Macro is redefined. There is another
13786 macro defined with the same name.</p>
13788 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13789 height="14" align="left">
13791 <td valign="top" align="left" height="14" style=
13792 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13793 <p class="TextFontCX" align="center" style=
13794 'text-align:center;background:#CCCCCC'><span style=
13795 'font-size:10.0pt'>m:</span><span class=
13796 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13797 <p class="TextFontCX"><span class="Flag"><span style=
13798 'font-size:10.0pt'>macro-unrecog</span></span> </p>
13799 <p class="IndentText">An unrecognized identifier appears in a macro
13800 definition. Since the identifier may be defined where the
13801 macro is used, this could be okay, but Splint will not be able to
13802 check the unrecognized identifier appropriately.</p>
13803 <p class="Heading11">Corresponding Declarations</p>
13805 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13806 height="14" align="left">
13808 <td valign="top" align="left" height="14" style=
13809 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13810 <p class="TextFontCX" align="center" style=
13811 'text-align:center;background:#CCCCCC'><span style=
13812 'font-size:10.0pt'>m:</span><span class=
13813 "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div>
13814 <p class="TextFontCX"><span class="Flag"><span style=
13815 'font-size:10.0pt'>macro-match-name</span></span></p>
13816 <p class="IndentText">An <span class="Annot"><span style=
13817 'font-size:10.0pt'>iter</span></span> or <span class=
13818 "Annot"><span style=
13819 'font-size:10.0pt'>constant</span></span> macro is defined
13820 using a different name from the one used in the previous syntactic
13823 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13824 height="14" align="left">
13826 <td valign="top" align="left" height="14" style=
13827 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13828 <p class="TextFontCX" align="center" style=
13829 'text-align:center;background:#CCCCCC'><span style=
13830 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
13831 <p class="TextFontCX"><span class="Flag"><span style=
13832 'font-size:10.0pt'>macro-decl</span></span></p>
13833 <p class="IndentText">A macro definition has no corresponding
13834 declaration. (Sets <span class="Flag"><span style=
13835 'font-size:10.0pt'>macrofcndecl</span></span> and
13836 <span class="Flag"><span style=
13837 'font-size:10.0pt'>macroconstdecl</span></span>.)</p>
13839 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13840 height="14" align="left">
13842 <td valign="top" align="left" height="14" style=
13843 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13844 <p class="TextFontCX" align="center" style=
13845 'text-align:center;background:#CCCCCC'><span style=
13846 'font-size:10.0pt'>m:</span><span class=
13847 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13848 <p class="TextFontCX"><span class="Flag"><span style=
13849 'font-size:10.0pt'>macro-fcn-decl</span></span></p>
13850 <p class="IndentText">Macro definition with parameter list has no
13851 corresponding function prototype. Without a prototype, the types of
13852 the macro result and parameters are unknown.</p>
13854 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13855 height="14" align="left">
13857 <td valign="top" align="left" height="14" style=
13858 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13859 <p class="TextFontCX" align="center" style=
13860 'text-align:center;background:#CCCCCC'><span style=
13861 'font-size:10.0pt'>m:</span><span class=
13862 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13863 <p class="TextFontCX"><span class="Flag"><span style=
13864 'font-size:10.0pt'>macro-const-decl</span></span></p>
13865 <p class="IndentText">A macro definition without parameter list has
13866 no corresponding constant declaration.<span class=
13867 "Flag"><span style=
13868 'font-size: 10.0pt'> </span></span></p>
13870 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13871 height="14" align="left">
13873 <td valign="top" align="left" height="14" style=
13874 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13875 <p class="TextFontCX" align="center" style=
13876 'text-align:center;background:#CCCCCC'><span style=
13877 'font-size:10.0pt'>P:</span> <span class=
13878 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
13879 <p class="TextFontCX"><span class="Flag"><span style=
13880 'font-size:10.0pt'>next-line-macros</span></span></p>
13881 <p class="IndentText">A constant or iter declaration is not
13882 immediately followed by a macro definition.</p>
13883 <p class="Heading10">Side Effect Free Parameters <span class=
13884 "HeadingNote"><span style=
13885 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span>
13886 <span class="HeadingNote"><span style=
13887 'font-size:10.5pt;font-weight:normal;font-style: normal'>11.2.1</span></span><span class="HeadingNote">
13889 'font-size: 10.5pt;font-weight:normal;font-style:normal'>)</span></span></p>
13890 <p class="beforelist">These flags control error reporting for
13891 parameters with inconsistent side effects in invocations of checked
13892 function macros and function calls.</p>
13894 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13895 height="14" align="left">
13897 <td valign="top" align="left" height="14" style=
13898 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13899 <p class="TextFontCX" align="center" style=
13900 'text-align:center;background:#CCCCCC'><span style=
13901 'font-size:10.0pt'>m:</span><span class=
13902 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
13903 <p class="TextFontCX"><span class="Flag"><span style=
13904 'font-size:10.0pt'>sef-params</span></span></p>
13905 <p class="IndentText">An actual parameter with side effects is
13906 passed as a formal parameter declared with <span class=
13907 "Annot"><span style='font-size:10.0pt'>sef</span></span>.</p>
13909 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13910 height="14" align="left">
13912 <td valign="top" align="left" height="14" style=
13913 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13914 <p class="TextFontCX" align="center" style=
13915 'text-align:center;background:#CCCCCC'><span style=
13916 'font-size:10.0pt'>m:</span><span class=
13917 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
13918 <p class="TextFontCX"><span class="Flag"><span style=
13919 'font-size:10.0pt'>sef-uncon</span></span></p>
13920 <p class="IndentText">An actual parameter involving a call to an
13921 unconstrained function (declared without modifies clause) that may
13922 modify anything is passed as a <span class=
13923 "Annot"><span style='font-size:10.0pt'>sef</span></span>
13925 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
13926 <a name="_Toc534975058">Iterators</a></p>
13928 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13929 height="14" align="left">
13931 <td valign="top" align="left" height="14" style=
13932 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13933 <p class="TextFontCX" align="center" style=
13934 'text-align:center;background:#CCCCCC'><span style=
13935 'font-size:10.0pt'>P:</span> <span class=
13936 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
13937 <p class="TextFontCX"><span class="Flag"><span style=
13938 'font-size:10.0pt'>iterbalance</span></span></p>
13939 <p class="IndentText">Iter is not balanced with end
13940 <span class="CodeText"><span style='font-size:10.0pt'> <iter></span></span>.
13944 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13945 height="14" align="left">
13947 <td valign="top" align="left" height="14" style=
13948 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13949 <p class="TextFontCX" align="center" style=
13950 'text-align:center;background:#CCCCCC'><span style=
13951 'font-size:10.0pt'>P:</span> <span class=
13952 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
13953 <p class="TextFontCX"><span class="Flag"><span style=
13954 'font-size:10.0pt'>iteryield</span></span></p>
13955 <p class="IndentText">Iter yield parameter is inappropriate.
13959 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13960 height="14" align="left">
13962 <td valign="top" align="left" height="14" style=
13963 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13964 <p class="TextFontCX" align="center" style=
13965 'text-align:center;background:#CCCCCC'><span style=
13966 'font-size:10.0pt'>P:</span> <span class=
13967 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
13968 <p class="TextFontCX"><span class="Flag"><span style=
13969 'font-size:10.0pt'>has-yield</span></span></p>
13970 <p class="IndentText">An iterator has been declared with no
13971 parameters annotated with <span class="Annot"><span style=
13972 'font-size:10.0pt'>yield</span></span>.</p>
13974 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
13975 <a name="_Toc534975059">Naming Conventions</a> <span class=
13976 "TextFontCXChar"><span style=
13977 'font-size:11.0pt; font-weight:normal'>(Section
13978 12)</span></span></p>
13980 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13981 height="14" align="left">
13983 <td valign="top" align="left" height="14" style=
13984 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
13985 <p class="TextFontCX" align="center" style=
13986 'text-align:center;background:#CCCCCC'><span style=
13987 'font-size:10.0pt'>P:</span> <span class=
13988 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
13989 <p class="TextFontCX"><span class="Flag"><span style=
13990 'font-size:10.0pt'>name-checks</span></span></p>
13991 <p class="IndentText">Turns all name checking on or off without
13992 changing other settings.</p>
13993 <p class="Heading10">Type-Based Naming Conventions
13994 <span style='font-size:10.5pt; font-weight:normal'>(Section
13996 <p class="Heading11">Czech Naming Convention</p>
13998 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
13999 height="14" align="left">
14001 <td valign="top" align="left" height="14" style=
14002 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14003 <p class="TextFontCX" align="center" style=
14004 'text-align:center;background:#CCCCCC'><span style=
14005 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
14006 <p class="TextFontCX"><span class="Flag"><span style=
14007 'font-size:10.0pt'>czech</span></span></p>
14008 <p class="IndentText">Selects complete Czech naming convention
14009 (sets <span class="Flag"><span style=
14010 'font-size:10.0pt'>access-czech</span></span>, <span class=
14011 "Flag"><span style='font-size:10.0pt'>czech-fcns</span></span>,
14012 <span class="Flag"><span style=
14013 'font-size:10.0pt'>czech-vars</span></span>, <span class=
14014 "Flag"><span style='font-size:10.0pt'>czech-consts</span></span>,
14015 <span class="Flag"><span style=
14016 'font-size:10.0pt'>czech-macros</span></span>, and
14017 <span class="Flag"><span style=
14018 'font-size:10.0pt'>czech-types</span></span>).</p>
14020 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14021 height="14" align="left">
14023 <td valign="top" align="left" height="14" style=
14024 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14025 <p class="TextFontCX" align="center" style=
14026 'text-align:center;background:#CCCCCC'><span style=
14027 'font-size:10.0pt'>P:</span> <span class=
14028 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
14029 <p class="TextFontCX"><span class="Flag"><span style=
14030 'font-size:10.0pt'>access-czech</span></span></p>
14031 <p class="IndentText">Allow access to abstract types following
14032 Czech naming convention. The representation of an abstract
14033 type named <span class="CodeText"><i><span style=
14034 'font-size:10.0pt'>t</span></i></span> is accessible in the
14035 definition of a function or constant named <span class=
14036 "CodeText"><i><span style=
14037 'font-size:10.0pt'>t_name</span></i></span>.</p>
14039 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14040 height="14" align="left">
14042 <td valign="top" align="left" height="14" style=
14043 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14044 <p class="TextFontCX" align="center" style=
14045 'text-align:center;background:#CCCCCC'><span style=
14046 'font-size:10.0pt'>P:</span> <span class=
14047 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14048 <p class="TextFontCX"><span class="Flag"><span style=
14049 'font-size:10.0pt'>czech-fcns</span></span></p>
14050 <p class="IndentText">Function or iterator name is not consistent
14051 with Czech naming convention.</p>
14053 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14054 height="14" align="left">
14056 <td valign="top" align="left" height="14" style=
14057 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14058 <p class="TextFontCX" align="center" style=
14059 'text-align:center;background:#CCCCCC'><span style=
14060 'font-size:10.0pt'>P:</span> <span class=
14061 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14062 <p class="TextFontCX"><span class="Flag"><span style=
14063 'font-size:10.0pt'>czech-vars</span></span></p>
14064 <p class="IndentText"> Variable name is not consistent with
14065 Czech naming convention.</p>
14067 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14068 height="14" align="left">
14070 <td valign="top" align="left" height="14" style=
14071 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14072 <p class="TextFontCX" align="center" style=
14073 'text-align:center;background:#CCCCCC'><span style=
14074 'font-size:10.0pt'>P:</span> <span class=
14075 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14076 <p class="TextFontCX"><span class="Flag"><span style=
14077 'font-size:10.0pt'>czech-macros</span></span></p>
14078 <p class="IndentText"> Expanded macro name is not consistent
14079 with Czech naming convention.</p>
14081 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14082 height="14" align="left">
14084 <td valign="top" align="left" height="14" style=
14085 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14086 <p class="TextFontCX" align="center" style=
14087 'text-align:center;background:#CCCCCC'><span style=
14088 'font-size:10.0pt'>P:</span> <span class=
14089 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14090 <p class="TextFontCX"><span class="Flag"><span style=
14091 'font-size:10.0pt'>czech-consts</span></span></p>
14092 <p class="IndentText">Constant name is not consistent with Czech
14093 naming convention.</p>
14095 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14096 height="14" align="left">
14098 <td valign="top" align="left" height="14" style=
14099 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14100 <p class="TextFontCX" align="center" style=
14101 'text-align:center;background:#CCCCCC'><span style=
14102 'font-size:10.0pt'>P:</span> <span class=
14103 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14104 <p class="TextFontCX"><span class="Flag"><span style=
14105 'font-size:10.0pt'>czech-types</span></span></p>
14106 <p class="IndentText">Type name is not consistent with Czech naming
14107 convention. Czech type names must not use the underscore
14109 <p class="Heading11">Slovak Naming Convention</p>
14111 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14112 height="14" align="left">
14114 <td valign="top" align="left" height="14" style=
14115 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14116 <p class="TextFontCX" align="center" style=
14117 'text-align:center;background:#CCCCCC'><span style=
14118 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
14119 <p class="TextFontCX"><span class="Flag"><span style=
14120 'font-size:10.0pt'>slovak</span></span></p>
14121 <p class="IndentText">Selects complete Slovak naming convention
14122 (sets <span class="Flag"><span style=
14123 'font-size:10.0pt'>access-slovak</span></span>, <span class=
14124 "Flag"><span style='font-size:10.0pt'>slovak-fcns</span></span>,
14125 <span class="Flag"><span style=
14126 'font-size:10.0pt'>slovak-vars</span></span>, <span class=
14127 "Flag"><span style='font-size:10.0pt'>slovak-consts</span></span>,
14128 <span class="Flag"><span style=
14129 'font-size:10.0pt'>slovak-macros</span></span>, and
14130 <span class="Flag"><span style=
14131 'font-size:10.0pt'>slovak-types</span></span>).</p>
14133 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14134 height="14" align="left">
14136 <td valign="top" align="left" height="14" style=
14137 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14138 <p class="TextFontCX" align="center" style=
14139 'text-align:center;background:#CCCCCC'><span style=
14140 'font-size:10.0pt'>P:</span> <span class=
14141 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14142 <p class="TextFontCX"><span class="Flag"><span style=
14143 'font-size:10.0pt'>access-slovak</span></span></p>
14144 <p class="IndentText">Allow access to abstract types following
14145 Slovak naming convention. The representation of an abstract type
14146 named <span class="CodeText"><i><span style=
14147 'font-size:10.0pt'>t</span></i></span> is accessible in the
14148 definition of a function or constant named <span class=
14149 "CodeText"><i><span style=
14150 'font-size:10.0pt'>tName</span></i></span>.</p>
14152 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14153 height="14" align="left">
14155 <td valign="top" align="left" height="14" style=
14156 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14157 <p class="TextFontCX" align="center" style=
14158 'text-align:center;background:#CCCCCC'><span style=
14159 'font-size:10.0pt'>P:</span> <span class=
14160 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14161 <p class="TextFontCX"><span class="Flag"><span style=
14162 'font-size:10.0pt'>slovak-fcns</span></span></p>
14163 <p class="IndentText">Function or iterator name is not consistent
14164 with Slovak naming convention.</p>
14166 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14167 height="14" align="left">
14169 <td valign="top" align="left" height="14" style=
14170 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14171 <p class="TextFontCX" align="center" style=
14172 'text-align:center;background:#CCCCCC'><span style=
14173 'font-size:10.0pt'>P:</span> <span class=
14174 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14175 <p class="TextFontCX"><span class="Flag"><span style=
14176 'font-size:10.0pt'>slovak-macros</span></span></p>
14177 <p class="IndentText">Expanded macro name is not consistent with
14178 Slovak naming convention.</p>
14180 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14181 height="14" align="left">
14183 <td valign="top" align="left" height="14" style=
14184 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14185 <p class="TextFontCX" align="center" style=
14186 'text-align:center;background:#CCCCCC'><span style=
14187 'font-size:10.0pt'>P:</span> <span class=
14188 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14189 <p class="TextFontCX"><span class="Flag"><span style=
14190 'font-size:10.0pt'>slovak-vars</span></span></p>
14191 <p class="IndentText"> Variable name is not consistent with
14192 Slovak naming convention.</p>
14194 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14195 height="14" align="left">
14197 <td valign="top" align="left" height="14" style=
14198 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14199 <p class="TextFontCX" align="center" style=
14200 'text-align:center;background:#CCCCCC'><span style=
14201 'font-size:10.0pt'>P:</span> <span class=
14202 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14203 <p class="TextFontCX"><span class="Flag"><span style=
14204 'font-size:10.0pt'>slovak-consts</span></span></p>
14205 <p class="IndentText"> Constant name is not consistent with
14206 Slovak naming convention.</p>
14208 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14209 height="14" align="left">
14211 <td valign="top" align="left" height="14" style=
14212 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14213 <p class="TextFontCX" align="center" style=
14214 'text-align:center;background:#CCCCCC'><span style=
14215 'font-size:10.0pt'>P:</span> <span class=
14216 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14217 <p class="TextFontCX"><span class="Flag"><span style=
14218 'font-size:10.0pt'>slovak-types</span></span></p>
14219 <p class="IndentText">Type name is not consistent with Slovak
14220 naming convention. Slovak type names may not include
14221 uppercase letters.</p>
14222 <p class="Heading11">Czechoslovak Naming Convention</p>
14224 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14225 height="14" align="left">
14227 <td valign="top" align="left" height="14" style=
14228 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14229 <p class="TextFontCX" align="center" style=
14230 'text-align:center;background:#CCCCCC'><span style=
14231 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
14232 <p class="TextFontCX"><span class="Flag"><span style=
14233 'font-size:10.0pt'>czechoslovak</span></span></p>
14234 <p class="IndentText">Selects complete Czechoslovak naming
14235 convention (sets <span class="Flag"><span style=
14236 'font-size:10.0pt'>access-czechoslovak</span></span>,
14237 <span class="Flag"><span style=
14238 'font-size:10.0pt'>czechoslovak-fcns</span></span>,
14239 <span class="Flag"><span style=
14240 'font-size:10.0pt'>czechoslovak-vars</span></span>,
14241 <span class="Flag"><span style=
14242 'font-size:10.0pt'>czechoslovak-consts</span></span>,
14243 <span class="Flag"><span style=
14244 'font-size:10.0pt'>czechoslovak-macros</span></span>, and
14245 <span class="Flag"><span style=
14246 'font-size:10.0pt'>czechoslovak-types</span></span>).</p>
14248 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14249 height="14" align="left">
14251 <td valign="top" align="left" height="14" style=
14252 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14253 <p class="TextFontCX" align="center" style=
14254 'text-align:center;background:#CCCCCC'><span style=
14255 'font-size:10.0pt'>P:</span> <span class=
14256 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14257 <p class="TextFontCX"><span class="Flag"><span style=
14258 'font-size:10.0pt'>access-czechoslovak</span></span></p>
14259 <p class="IndentText">Allow access to abstract types by
14260 Czechoslovak naming convention. The representation of an abstract
14261 type named <span class="CodeText"><i><span style=
14262 'font-size:10.0pt'>t</span></i></span> is accessible in the
14263 definition of a function or constant named <span class=
14264 "CodeText"><i><span style=
14265 'font-size:10.0pt'>t_name</span></i></span> or <span class=
14266 "CodeText"><i><span style=
14267 'font-size:10.0pt'>tName</span></i></span>.</p>
14269 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14270 height="14" align="left">
14272 <td valign="top" align="left" height="14" style=
14273 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14274 <p class="TextFontCX" align="center" style=
14275 'text-align:center;background:#CCCCCC'><span style=
14276 'font-size:10.0pt'>P:</span> <span class=
14277 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14278 <p class="TextFontCX"><span class="Flag"><span style=
14279 'font-size:10.0pt'>czechoslovak-fcns</span></span></p>
14280 <p class="IndentText"> Function name is not consistent with
14281 Czechoslovak naming convention.</p>
14283 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14284 height="14" align="left">
14286 <td valign="top" align="left" height="14" style=
14287 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14288 <p class="TextFontCX" align="center" style=
14289 'text-align:center;background:#CCCCCC'><span style=
14290 'font-size:10.0pt'>P:</span> <span class=
14291 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14292 <p class="TextFontCX"><span class="Flag"><span style=
14293 'font-size:10.0pt'>czechoslovak-macros</span></span></p>
14294 <p class="IndentText">Expanded macro name is not consistent with
14295 Czechoslovak naming convention.</p>
14297 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14298 height="14" align="left">
14300 <td valign="top" align="left" height="14" style=
14301 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14302 <p class="TextFontCX" align="center" style=
14303 'text-align:center;background:#CCCCCC'><span style=
14304 'font-size:10.0pt'>P:</span> <span class=
14305 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14306 <p class="TextFontCX"><span class="Flag"><span style=
14307 'font-size:10.0pt'>czechoslovak-vars</span></span></p>
14308 <p class="IndentText">Variable name is not consistent with
14309 Czechoslovak naming convention.</p>
14311 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14312 height="14" align="left">
14314 <td valign="top" align="left" height="14" style=
14315 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14316 <p class="TextFontCX" align="center" style=
14317 'text-align:center;background:#CCCCCC'><span style=
14318 'font-size:10.0pt'>P:</span> <span class=
14319 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14320 <p class="TextFontCX"><span class="Flag"><span style=
14321 'font-size:10.0pt'>czechoslovak-consts</span></span></p>
14322 <p class="IndentText">Constant name is not consistent with
14323 Czechoslovak naming convention.</p>
14325 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14326 height="14" align="left">
14328 <td valign="top" align="left" height="14" style=
14329 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14330 <p class="TextFontCX" align="center" style=
14331 'text-align:center;background:#CCCCCC'><span style=
14332 'font-size:10.0pt'>P:</span> <span class=
14333 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14334 <p class="TextFontCX"><span class="Flag"><span style=
14335 'font-size:10.0pt'>czechoslovak-types</span></span></p>
14336 <p class="IndentText">Type name is not consistent with Czechoslovak
14337 naming convention. Czechoslovak type names may not include
14338 uppercase letters or the underscore character.</p>
14339 <p class="Heading10">Namespace Prefixes <span style=
14340 'font-size:10.5pt; font-weight:normal'>(Section 12.2)</span></p>
14341 <p class="TextFontCX"><span class="Flag"><span style=
14342 'font-size:10.0pt'>macro-var-prefix</span></span><span class=
14343 "Flag"><span style='font-size:10.0pt'> <i><prefix
14344 string></i></span></span></p>
14345 <p class="IndentText">Set namespace prefix for variables declared
14346 in a macro body. (Default is <span class=
14347 "CodeText"><span style='font-size:10.0pt'>m_</span></span>.)</p>
14349 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14350 height="14" align="left">
14352 <td valign="top" align="left" height="14" style=
14353 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14354 <p class="TextFontCX" align="center" style=
14355 'text-align:center;background:#CCCCCC'>P: <span class=
14356 "Keyword"><span style=
14357 'font-size:10.0pt'>+</span></span></p></td></tr></table></div>
14358 <p class="TextFontCX"><span class="Flag"><span style=
14359 'font-size:10.0pt'>macro-var-prefix-exclude</span></span></p>
14360 <p class="IndentText">A variable declared outside a macro body
14361 starts with the <span class="Flag"><span style=
14362 'font-size:10.0pt'>macro-var-prefix</span></span>.</p>
14363 <p class="TextFontCX"><span class="Flag"><span style=
14364 'font-size:10.0pt'>tag-prefix</span></span><span class=
14365 "Flag"><span style='font-size:10.0pt'> <i><prefix
14366 string></i></span></span></p>
14367 <p class="IndentText">Set namespace prefix of <span class=
14368 "CodeText"><span style='font-size:10.0pt'>struct</span></span>,
14369 <span class="CodeText"><span style=
14370 'font-size:10.0pt'>union</span></span> or <span class=
14371 "CodeText"><span style='font-size:10.0pt'>enum</span></span> tag
14374 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14375 height="14" align="left">
14377 <td valign="top" align="left" height="14" style=
14378 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14379 <p class="TextFontCX" align="center" style=
14380 'text-align:center;background:#CCCCCC'><span style=
14381 'font-size:10.0pt'>P:</span> <span class=
14382 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14383 <p class="TextFontCX"><span class="Flag"><span style=
14384 'font-size:10.0pt'>tag-prefix-exclude</span></span></p>
14385 <p class="IndentText">An identifier that is not a tag starts with
14386 the <span class="Flag"><span style=
14387 'font-size:10.0pt'>tagprefix</span></span>.</p>
14388 <p class="TextFontCX"><span class="Flag"><span style=
14389 'font-size:10.0pt'>enum-prefix</span></span><span class=
14390 "Flag"><span style='font-size:10.0pt'> <i><prefix
14391 string></i></span></span></p>
14392 <p class="IndentText">Set namespace prefix for <span class=
14393 "CodeText"><span style='font-size:10.0pt'>enum</span></span>
14396 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14397 height="14" align="left">
14399 <td valign="top" align="left" height="14" style=
14400 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14401 <p class="TextFontCX" align="center" style=
14402 'text-align:center;background:#CCCCCC'><span style=
14403 'font-size:10.0pt'>P:</span> <span class=
14404 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14405 <p class="TextFontCX"><span class="Flag"><span style=
14406 'font-size:10.0pt'>enum-prefix-exclude</span></span></p>
14407 <p class="IndentText">An identifier that is not an
14408 <span class="CodeText"><span style=
14409 'font-size:10.0pt'>enum</span></span> member starts with the
14410 <span class="Flag"><span style=
14411 'font-size:10.0pt'>enumprefix</span></span>.</p>
14412 <p class="TextFontCX"><span class="Flag"><span style=
14413 'font-size:10.0pt'>file-static-prefix</span></span><span class="Flag">
14414 <span style='font-size:10.0pt'> <i><prefix
14415 string></i></span></span></p>
14416 <p class="IndentText">Set namespace prefix for file
14417 <span class="CodeText"><span style=
14418 'font-size:10.0pt'>static</span></span> declarations.</p>
14420 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14421 height="14" align="left">
14423 <td valign="top" align="left" height="14" style=
14424 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14425 <p class="TextFontCX" align="center" style=
14426 'text-align:center;background:#CCCCCC'><span style=
14427 'font-size:10.0pt'>P:</span> <span class=
14428 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14429 <p class="TextFontCX"><span class="Flag"><span style=
14430 'font-size:10.0pt'>file-static-prefix-exclude</span></span></p>
14431 <p class="IndentText">An identifier that is not file static starts
14432 with the <span class="Flag"><span style=
14433 'font-size:10.0pt'>filestaticprefix</span></span>.</p>
14434 <p class="TextFontCX"><span class="Flag"><span style=
14435 'font-size:10.0pt'>global-prefix</span></span><span class=
14436 "Flag"><span style='font-size:10.0pt'> <i><prefix
14437 string></i></span></span></p>
14438 <p class="IndentText">Set namespace prefix for global
14441 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14442 height="14" align="left">
14444 <td valign="top" align="left" height="14" style=
14445 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14446 <p class="TextFontCX" align="center" style=
14447 'text-align:center;background:#CCCCCC'><span style=
14448 'font-size:10.0pt'>P:</span> <span class=
14449 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14450 <p class="TextFontCX"><span class="Flag"><span style=
14451 'font-size:10.0pt'>global-prefix-exclude</span></span></p>
14452 <p class="IndentText">An identifier that is not a global variable
14453 starts with the <span class="Flag"><span style=
14454 'font-size:10.0pt'>globalprefix</span></span>.</p>
14455 <p class="TextFontCX"><span class="Flag"><span style=
14456 'font-size:10.0pt'>type-prefix</span></span><span class=
14457 "Flag"><span style='font-size:10.0pt'> <i><prefix
14458 string></i></span></span></p>
14459 <p class="IndentText">Set namespace prefix for user-defined
14462 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14463 height="14" align="left">
14465 <td valign="top" align="left" height="14" style=
14466 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14467 <p class="TextFontCX" align="center" style=
14468 'text-align:center;background:#CCCCCC'><span style=
14469 'font-size:10.0pt'>P:</span> <span class=
14470 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14471 <p class="TextFontCX"><span class="Flag"><span style=
14472 'font-size:10.0pt'>type-prefix-exclude</span></span></p>
14473 <p class="IndentText">An identifier that is not a type name starts
14474 with the <span class="Flag"><span style=
14475 'font-size:10.0pt'>typeprefix</span></span>.</p>
14476 <p class="TextFontCX"><span class="Flag"><span style=
14477 'font-size:10.0pt'>external-prefix</span></span><span class=
14478 "Flag"><span style='font-size:10.0pt'> <i><prefix
14479 string></i></span></span></p>
14480 <p class="IndentText">Set namespace prefix for external
14483 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14484 height="14" align="left">
14486 <td valign="top" align="left" height="14" style=
14487 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14488 <p class="TextFontCX" align="center" style=
14489 'text-align:center;background:#CCCCCC'><span style=
14490 'font-size:10.0pt'>P:</span> <span class=
14491 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14492 <p class="TextFontCX"><span class="Flag"><span style=
14493 'font-size:10.0pt'>external-prefix-exclude</span></span></p>
14494 <p class="IndentText">An identifier that is not external starts
14495 with the <span class="Flag"><span style=
14496 'font-size:10.0pt'>externalprefix</span></span>.</p>
14497 <p class="TextFontCX"><span class="Flag"><span style=
14498 'font-size:10.0pt'>local-prefix</span></span><span class=
14499 "Flag"><span style='font-size:10.0pt'> <i><prefix
14500 string></i></span></span></p>
14501 <p class="IndentText">Set namespace prefix for local variables.</p>
14503 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14504 height="14" align="left">
14506 <td valign="top" align="left" height="14" style=
14507 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14508 <p class="TextFontCX" align="center" style=
14509 'text-align:center;background:#CCCCCC'><span style=
14510 'font-size:10.0pt'>P:</span> <span class=
14511 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14512 <p class="TextFontCX"><span class="Flag"><span style=
14513 'font-size:10.0pt'>local-prefix-exclude</span></span></p>
14514 <p class="IndentText"> An identifier that is not a local
14515 variable starts with the <span class="Flag"><span style=
14516 'font-size:10.0pt'>localprefix</span></span>.</p>
14517 <p class="TextFontCX"><span class="Flag"><span style=
14518 'font-size:10.0pt'>unchecked-macro-prefix</span></span><span class="Flag">
14519 <span style='font-size:10.0pt'> <i><prefix
14520 string></i></span></span></p>
14521 <p class="IndentText">Set namespace prefix for unchecked
14524 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14525 height="14" align="left">
14527 <td valign="top" align="left" height="14" style=
14528 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14529 <p class="TextFontCX" align="center" style=
14530 'text-align:center;background:#CCCCCC'><span style=
14531 'font-size:10.0pt'>P:</span> <span class=
14532 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14533 <p class="TextFontCX"><span class="Flag"><span style=
14534 'font-size:10.0pt'>unchecked-macro-prefix-exclude</span></span></p>
14535 <p class="IndentText">An identifier that is not the name of an
14536 unchecked macro starts with the <span class=
14537 "Flag"><span style='font-size:10.0pt'>uncheckedmacroprefix</span></span>.</p>
14538 <p class="TextFontCX"><span class="Flag"><span style=
14539 'font-size:10.0pt'>const-prefix</span></span><span class=
14540 "Flag"><span style='font-size:10.0pt'> <i><prefix
14541 string></i></span></span></p>
14542 <p class="IndentText">Set namespace prefix for constants.</p>
14544 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14545 height="14" align="left">
14547 <td valign="top" align="left" height="14" style=
14548 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14549 <p class="TextFontCX" align="center" style=
14550 'text-align:center;background:#CCCCCC'><span style=
14551 'font-size:10.0pt'>P:</span> <span class=
14552 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14553 <p class="TextFontCX"><span class="Flag"><span style=
14554 'font-size:10.0pt'>const-prefix-exclude</span></span></p>
14555 <p class="IndentText">An identifier that is not a constant starts
14556 with the <span class="Flag"><span style=
14557 'font-size:10.0pt'>constantprefix</span></span>.</p>
14558 <p class="TextFontCX"><span class="Flag"><span style=
14559 'font-size:10.0pt'>iter-prefix</span></span><span class=
14560 "Flag"><span style='font-size:10.0pt'> <i><prefix
14561 string></i></span></span></p>
14562 <p class="IndentText">Set namespace prefix for iterators.</p>
14564 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14565 height="14" align="left">
14567 <td valign="top" align="left" height="14" style=
14568 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14569 <p class="TextFontCX" align="center" style=
14570 'text-align:center;background:#CCCCCC'><span style=
14571 'font-size:10.0pt'>P:</span> <span class=
14572 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14573 <p class="TextFontCX"><span class="Flag"><span style=
14574 'font-size:10.0pt'>iter-prefix-exclude</span></span></p>
14575 <p class="IndentText">An identifier that is not an
14576 <span class="Flag"><span style=
14577 'font-size:10.0pt'>iter</span></span> starts with the
14578 <span class="Flag"><span style=
14579 'font-size:10.0pt'>iterprefix</span></span>.</p>
14580 <p class="TextFontCX"><span class="Flag"><span style=
14581 'font-size:10.0pt'>proto-param-prefix</span></span><span class="Flag">
14582 <span style='font-size:10.0pt'> <i><prefix
14583 string></i></span></span></p>
14584 <p class="IndentText">Set namespace prefix for parameters in
14585 function prototypes.</p>
14587 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14588 height="14" align="left">
14590 <td valign="top" align="left" height="14" style=
14591 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14592 <p class="TextFontCX" align="center" style=
14593 'text-align:center;background:#CCCCCC'><span style=
14594 'font-size:10.0pt'>P:</span> <span class=
14595 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14596 <p class="TextFontCX"><span class="Flag"><span style=
14597 'font-size:10.0pt'>proto-param-prefix-exclude</span></span></p>
14598 <p class="IndentText">An identifier that is not a parameter in a
14599 function prototype starts with the <span class=
14600 "Flag"><span style='font-size:10.0pt'>protoprarmprefix</span></span>.</p>
14602 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14603 height="14" align="left">
14605 <td valign="top" align="left" height="14" style=
14606 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14607 <p class="TextFontCX" align="center" style=
14608 'text-align:center;background:#CCCCCC'><span style=
14609 'font-size:10.0pt'>m:</span><span class=
14610 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
14611 <p class="TextFontCX"><span class="Flag"><span style=
14612 'font-size:10.0pt'>proto-param-name</span></span></p>
14613 <p class="IndentText">A parameter in a function prototype has a
14614 name (can interfere with macro definitions).</p>
14616 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14617 height="14" align="left">
14619 <td valign="top" align="left" height="14" style=
14620 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14621 <p class="TextFontCX" align="center" style=
14622 'text-align:center;background:#CCCCCC'><span style=
14623 'font-size:10.0pt'>m:</span><span class=
14624 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
14625 <p class="TextFontCX"><span class="Flag"><span style=
14626 'font-size:10.0pt'>proto-param-match</span></span></p>
14627 <p class="IndentText">The name of a parameter in a function
14628 definition does not match the corresponding name of the parameter
14629 in a function prototype (after removing the <span class=
14630 "Flag"><span style=
14631 'font-size:10.0pt'>protoparamprefix</span></span>).</p>
14632 <p class="Heading10">Naming Restrictions <span style=
14633 'font-size:10.5pt; font-weight:normal'>(Section 12.3)</span></p>
14635 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14636 height="14" align="left">
14638 <td valign="top" align="left" height="14" style=
14639 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14640 <p class="TextFontCX" align="center" style=
14641 'text-align:center;background:#CCCCCC'><span style=
14642 'font-size:10.0pt'>m:</span><span class=
14643 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
14644 <p class="TextFontCX"><span class="Flag"><span style=
14645 'font-size:10.0pt'>shadow</span></span></p>
14646 <p class="IndentText">Declaration reuses name visible in outer
14648 <p class="Heading11">Reserved Names</p>
14650 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14651 height="14" align="left">
14653 <td valign="top" align="left" height="14" style=
14654 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14655 <p class="TextFontCX" align="center" style=
14656 'text-align:center;background:#CCCCCC'><span style=
14657 'font-size:10.0pt'>m:</span><span class=
14658 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
14659 <p class="TextFontCX"><span class="Flag"><span style=
14660 'font-size:10.0pt'>ansi-reserved</span></span></p>
14661 <p class="IndentText">External name conflicts with name reserved
14662 for the compiler or standard library.</p>
14664 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14665 height="14" align="left">
14667 <td valign="top" align="left" height="14" style=
14668 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14669 <p class="TextFontCX" align="center" style=
14670 'text-align:center;background:#CCCCCC'><span style=
14671 'font-size:10.0pt'>m:</span><span class=
14672 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
14673 <p class="TextFontCX"><span class="Flag"><span style=
14674 'font-size:10.0pt'>ansi-reserved-internal</span></span></p>
14675 <p class="IndentText"> Internal name conflicts with name
14676 reserved for the compiler or standard library.</p>
14679 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14680 height="14" align="left">
14682 <td valign="top" align="left" height="14" style=
14683 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14684 <p class="TextFontCX" align="center" style=
14685 'text-align:center;background:#CCCCCC'><span style=
14686 'font-size:10.0pt'>m:</span><span class=
14687 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
14688 <p class="TextFontCX"><span class="Flag"><span style=
14689 'font-size:10.0pt'>iso-reserved</span></span></p>
14690 <p class="IndentText">
14691 External name is reserved for system use by ISO C99 standard.
14695 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14696 height="14" align="left">
14698 <td valign="top" align="left" height="14" style=
14699 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14700 <p class="TextFontCX" align="center" style=
14701 'text-align:center;background:#CCCCCC'><span style=
14702 'font-size:10.0pt'>m:</span><span class=
14703 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
14704 <p class="TextFontCX"><span class="Flag"><span style=
14705 'font-size:10.0pt'>iso-reserved-internal</span></span></p>
14706 <p class="IndentText">
14707 Internal name is reserved for system in ISO C99 standard (this should not be necessary unless you are worried about C library implementations that violate the standard and use macros).
14711 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14712 height="14" align="left">
14714 <td valign="top" align="left" height="14" style=
14715 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14716 <p class="TextFontCX" align="center" style=
14717 'text-align:center;background:#CCCCCC'><span style=
14718 'font-size:10.0pt'>m:</span><span class=
14719 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
14720 <p class="TextFontCX"><span class="Flag"><span style=
14721 'font-size:10.0pt'>cpp-names</span></span></p>
14722 <p class="IndentText">Internal or external name conflicts with a
14723 C++ reserved word. (Will cause problems if program is
14724 compiled with a C++ compiler.)</p>
14725 <p class="Heading11">Distinct External Names</p>
14727 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14728 height="14" align="left">
14730 <td valign="top" align="left" height="14" style=
14731 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14732 <p class="TextFontCX" align="center" style=
14733 'text-align:center;background:#CCCCCC'><span style=
14734 'font-size:10.0pt'>P:</span> <span class=
14735 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14736 <p class="TextFontCX"><span class="Flag"><span style=
14737 'font-size:10.0pt'>distinct-external-names</span></span></p>
14738 <p class="IndentText">An external name is not distinguishable from
14739 another external name using <span class="Flag"><span style=
14740 'font-size:10.0pt'>externalnamelen</span></span><i> </i>significant
14743 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14744 height="14" align="left">
14746 <td valign="top" align="left" height="14" style=
14747 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14748 <p class="TextFontCX" align="center" style=
14749 'text-align:center;background:#CCCCCC'><span style=
14750 'font-size:10.0pt'>P: 6</span></p></td></tr></table></div>
14751 <p class="TextFontCX"><span class="Flag"><span style=
14752 'font-size:10.0pt'>external-name-len</span></span><span class="Flag">
14754 'font-size:10.0pt'> <i><number></i></span></span></p>
14755 <p class="IndentText">Sets the number of significant characters in
14756 an external name (ANSI default minimum is 6). Sets
14757 <span class="Flag"><span style=
14758 'font-size:10.0pt'>+distinct-external-names</span></span>.</p>
14760 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14761 height="14" align="left">
14763 <td valign="top" align="left" height="14" style=
14764 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14765 <p class="TextFontCX" align="center" style=
14766 'text-align:center;background:#CCCCCC'><span style=
14767 'font-size:10.0pt'>P:</span> <span class=
14768 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14769 <p class="TextFontCX"><span class="Flag"><span style=
14770 'font-size:10.0pt'>external-name-case-insensitive</span></span></p>
14771 <p class="IndentText">Make alphabetic case insignificant in
14772 external names. According to ANSI standard, case need not be
14773 significant in an external name. If <span class=
14774 "Flag"><span style=
14775 'font-size:10.0pt'>+distinct-external-names</span></span> is
14776 not set, sets <span class="Flag"><span style=
14777 'font-size:10.0pt'>+distinct-external-names</span></span> with
14778 unlimited external name length.</p>
14779 <p class="Heading11">Distinct Internal Names</p>
14781 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14782 height="14" align="left">
14784 <td valign="top" align="left" height="14" style=
14785 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14786 <p class="TextFontCX" align="center" style=
14787 'text-align:center;background:#CCCCCC'><span style=
14788 'font-size:10.0pt'>m:</span><span class=
14789 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
14790 <p class="TextFontCX"><span class="Flag"><span style=
14791 'font-size:10.0pt'>distinct-internal-names</span></span></p>
14792 <p class="IndentText">An internal name is not distinguishable from
14793 another internal name using <span class="Flag"><span style=
14794 'font-size:10.0pt'>internalnamelen</span></span> significant
14795 characters. (Also effected by <span class=
14796 "Flag"><span style=
14797 'font-size:10.0pt'>internal-name-case-insensitive</span></span> and
14798 <span class="Flag"><span style=
14799 'font-size:10.0pt'>internal-name-lookalike</span></span>.)</p>
14801 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14802 height="14" align="left">
14804 <td valign="top" align="left" height="14" style=
14805 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14806 <p class="TextFontCX" align="center" style=
14807 'text-align:center;background:#CCCCCC'><span style=
14808 'font-size:10.0pt'>P:</span> <span class="Flag"><span style=
14809 'font-size:10.0pt'>31</span></span></p></td></tr></table></div>
14810 <p class="TextFontCX"><span class="Flag"><span style=
14811 'font-size:10.0pt'>internal-name-len</span></span><span class="Flag">
14813 'font-size:10.0pt'> <i><number></i></span></span></p>
14814 <p class="IndentText">Set the number of significant characters in
14815 an internal name. Sets <span class="Flag"><span style=
14816 'font-size:10.0pt'>+distinct-internal-names</span></span>.</p>
14818 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14819 height="14" align="left">
14821 <td valign="top" align="left" height="14" style=
14822 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14823 <p class="TextFontCX" align="center" style=
14824 'text-align:center;background:#CCCCCC'><span style=
14825 'font-size:10.0pt'>P:</span> <span class=
14826 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14827 <p class="TextFontCX"><span class="Flag"><span style=
14828 'font-size:10.0pt'>internal-name-case-insensitive</span></span></p>
14829 <p class="IndentText">Set whether case is significant an internal
14830 names (<span class="Flag"><span style=
14831 'font-size:10.0pt'>-internal-name-case-insensitive</span></span> means
14832 case is significant). If <span class=
14833 "Flag"><span style='font-size:10.0pt'>+distinct-internal-names</span></span> is
14834 not set, sets <span class="Flag"><span style=
14835 'font-size:10.0pt'>+distinct-internal-names</span></span>
14836 with unlimited internal name length.</p>
14838 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14839 height="14" align="left">
14841 <td valign="top" align="left" height="14" style=
14842 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14843 <p class="TextFontCX" align="center" style=
14844 'text-align:center;background:#CCCCCC'><span style=
14845 'font-size:10.0pt'>P:</span> <span class=
14846 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
14847 <p class="TextFontCX"><span class="Flag"><span style=
14848 'font-size:10.0pt'>internal-name-lookalike</span></span></p>
14849 <p class="IndentText"> Set whether similar looking characters
14850 (e.g., “<span class="Keyword"><span style=
14851 'font-size:10.0pt'>1</span></span>” and
14852 “<span class="Keyword"><span style=
14853 'font-size:10.0pt'>l</span></span>”) match in internal
14855 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
14856 Control Flow <span class="TextFontCXChar"><span style=
14857 'font-size:11.0pt; font-weight:normal'>(Section
14858 8)</span></span></p>
14859 <p class="Heading10">Undefined Evaluation Order <span class=
14860 "HeadingNote"><span style=
14861 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span>
14862 <span class="HeadingNote"><span style=
14863 'font-size:10.5pt;font-weight:normal;font-style: normal'>8.2</span></span><span class="HeadingNote">
14865 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p>
14867 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14868 height="14" align="left">
14870 <td valign="top" align="left" height="14" style=
14871 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14872 <p class="TextFontCX" align="center" style=
14873 'text-align:center;background:#CCCCCC'><span style=
14874 'font-size:10.0pt'>m:</span><span class=
14875 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
14876 <p class="Heading10" style='margin:0in;margin-bottom:.0001pt'>
14877 <span class="Flag"><span style=
14878 'font-size:10.0pt;font-weight:normal'>eval-order</span></span></p>
14879 <p class="IndentText">Behavior of an expression is unspecified or
14880 implementation-dependent because sub-expressions contain
14881 interfering side effects that may be evaluated in any order.</p>
14883 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14884 height="14" align="left">
14886 <td valign="top" align="left" height="14" style=
14887 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14888 <p class="TextFontCX" align="center" style=
14889 'text-align:center;background:#CCCCCC'><span style=
14890 'font-size:10.0pt'>m:</span><span class=
14891 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
14892 <p class="TextFontCX"><span class="Flag"><span style=
14893 'font-size:10.0pt'>eval-order-uncon</span></span></p>
14894 <p class="IndentText">An expression may be undefined because a
14895 sub-expression contains a call to an unconstrained function (no
14896 modifies clause) that may modify something that may be modified or
14897 used by another sub-expression.</p>
14898 <p class="Heading10">Problematic Control Structures
14899 <span class="HeadingNote"><span style=
14900 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span>
14901 <span class="HeadingNote"><span style=
14902 'font-size:10.5pt;font-weight:normal;font-style: normal'>8.3</span></span><span class="HeadingNote">
14904 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p>
14906 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14907 height="14" align="left">
14909 <td valign="top" align="left" height="14" style=
14910 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14911 <p class="TextFontCX" align="center" style=
14912 'text-align:center;background:#CCCCCC'><span style=
14913 'font-size:10.0pt'>m:</span><span class=
14914 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
14915 <p class="TextFontCX"><span class="Flag"><span style=
14916 'font-size:10.0pt'>inf-loops</span></span></p>
14917 <p class="IndentText">Likely infinite loop is detected (Section
14920 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14921 height="14" align="left">
14923 <td valign="top" align="left" height="14" style=
14924 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14925 <p class="TextFontCX" align="center" style=
14926 'text-align:center;background:#CCCCCC'><span style=
14927 'font-size:10.0pt'>m:</span><span class=
14928 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
14929 <p class="TextFontCX"><span class="Flag"><span style=
14930 'font-size:10.0pt'>inf-loops-uncon</span></span></p>
14931 <p class="IndentText">Likely infinite loop is detected. Loop
14932 test or body calls an unconstrained function that may produce an
14933 undetected modification.</p>
14935 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14936 height="14" align="left">
14938 <td valign="top" align="left" height="14" style=
14939 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14940 <p class="TextFontCX" align="center" style=
14941 'text-align:center;background:#CCCCCC'><span style=
14942 'font-size:10.0pt'>m:</span><span class=
14943 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
14944 <p class="TextFontCX"><span class="Flag"><span style=
14945 'font-size:10.0pt'>elseif-complete</span></span></p>
14946 <p class="IndentText">There is no finals else following an else if
14947 construct (Section 8.3.5).</p>
14950 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14951 height="14" align="left">
14953 <td valign="top" align="left" height="14" style=
14954 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14955 <p class="TextFontCX" align="center" style=
14956 'text-align:center;background:#CCCCCC'><span style=
14957 'font-size:10.0pt'>m:</span><span class=
14958 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
14959 <p class="TextFontCX"><span class="Flag"><span style=
14960 'font-size:10.0pt'>case-break</span></span></p>
14961 <p class="IndentText">There is a non-empty case in a switch not
14962 followed by a <span class="CodeText"><span style=
14963 'font-size:10.0pt'>break</span></span><span class=
14964 "HeadingNote"><span style=
14965 'font-size:10.5pt;font-style:normal'>(Section</span></span>
14966 <span class="HeadingNote"><span style=
14967 'font-size:10.5pt;font-style:normal'>8.3.2</span></span><span class="HeadingNote">
14969 'font-size:10.5pt;font-style:normal'>).</span></span></p>
14973 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14974 height="14" align="left">
14976 <td valign="top" align="left" height="14" style=
14977 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14978 <p class="TextFontCX" align="center" style=
14979 'text-align:center;background:#CCCCCC'><span style=
14980 'font-size:10.0pt'>m:</span><span class=
14981 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
14982 <p class="TextFontCX"><span class="Flag"><span style=
14983 'font-size:10.0pt'>first-case</span></span></p>
14984 <p class="IndentText">
14985 The first statement after a switch is not a case.
14990 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
14991 height="14" align="left">
14993 <td valign="top" align="left" height="14" style=
14994 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
14995 <p class="TextFontCX" align="center" style=
14996 'text-align:center;background:#CCCCCC'><span style=
14997 'font-size:10.0pt'>m:</span><span class=
14998 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
14999 <p class="TextFontCX"><span class="Flag"><span style=
15000 'font-size:10.0pt'>Duplicate-case</span></span></p>
15001 <p class="IndentText">
15002 Duplicate cases in switch.
15006 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15007 height="14" align="left">
15009 <td valign="top" align="left" height="14" style=
15010 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15011 <p class="TextFontCX" align="center" style=
15012 'text-align:center;background:#CCCCCC'><span style=
15013 'font-size:10.0pt'>m:</span><span class=
15014 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
15015 <p class="TextFontCX"><span class="Flag"><span style=
15016 'font-size:10.0pt'>miss-case</span></span></p>
15017 <p class="IndentText">A switch on an <span class=
15018 "CodeText"><span style='font-size: 10.0pt'>enum</span></span> type
15019 is missing a case for a member of the enumerator.</p>
15022 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15023 height="14" align="left">
15025 <td valign="top" align="left" height="14" style=
15026 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15027 <p class="TextFontCX" align="center" style=
15028 'text-align:center;background:#CCCCCC'><span style=
15029 'font-size:10.0pt'>P</span><span class=
15030 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
15031 <p class="TextFontCX"><span class="Flag"><span style=
15032 'font-size:10.0pt'>emptyreturn
15034 <p class="IndentText">Empty return in function declared to return value.</p>
15037 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15038 height="14" align="left">
15040 <td valign="top" align="left" height="14" style=
15041 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15042 <p class="TextFontCX" align="center" style=
15043 'text-align:center;background:#CCCCCC'><span style=
15044 'font-size:10.0pt'>P</span><span class=
15045 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
15046 <p class="TextFontCX"><span class="Flag"><span style=
15047 'font-size:10.0pt'>alwaysexits
15049 <p class="IndentText">
15050 Loop predicate always exits.
15054 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15055 height="14" align="left">
15057 <td valign="top" align="left" height="14" style=
15058 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15059 <p class="TextFontCX" align="center" style=
15060 'text-align:center;background:#CCCCCC'><span style=
15061 'font-size:10.0pt'>shortcut</span><span class=
15062 "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div>
15063 <p class="TextFontCX"><span class="Flag"><span style=
15064 'font-size:10.0pt'>loop-exec</span></span></p>
15065 <p class="IndentText">Assume all loops execute at least once.
15066 This effects use-before-definition and memory checking.
15067 It should probably not be used globally, but may be used
15068 surrounding a particular loop that is known to always execute to
15069 prevent spurious messages.
15071 <span class="Flag"><span style=
15072 'font-size:10.0pt'>
15073 for-loop-exec, while-loop-exec and iter-loop-exec
15078 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15079 height="14" align="left">
15081 <td valign="top" align="left" height="14" style=
15082 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15083 <p class="TextFontCX" align="center" style=
15084 'text-align:center;background:#CCCCCC'><span style=
15085 'font-size:10.0pt'>P</span><span class=
15086 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
15087 <p class="TextFontCX"><span class="Flag"><span style=
15088 'font-size:10.0pt'>for-loop-exec
15090 <p class="IndentText">
15091 Assume all<span class=
15092 "CodeText"><span style='font-size: 10.0pt'>
15095 loops execute at least once. This effects use-before-definition
15096 and memory checking. It should probably not be used globally, but may be used
15097 surrounding a particular loop that is known to always execute to prevent spurious messages.
15103 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15104 height="14" align="left">
15106 <td valign="top" align="left" height="14" style=
15107 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15108 <p class="TextFontCX" align="center" style=
15109 'text-align:center;background:#CCCCCC'><span style=
15110 'font-size:10.0pt'>P</span><span class=
15111 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
15112 <p class="TextFontCX"><span class="Flag"><span style=
15113 'font-size:10.0pt'>while-loop-exec
15115 <p class="IndentText">
15116 Assume all<span class=
15117 "CodeText"><span style='font-size: 10.0pt'>
15120 loops execute at least once. This effects use-before-definition
15121 and memory checking. It should probably not be used globally, but may be used
15122 surrounding a particular loop that is known to always execute to prevent spurious messages.
15127 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15128 height="14" align="left">
15130 <td valign="top" align="left" height="14" style=
15131 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15132 <p class="TextFontCX" align="center" style=
15133 'text-align:center;background:#CCCCCC'><span style=
15134 'font-size:10.0pt'>P</span><span class=
15135 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
15136 <p class="TextFontCX"><span class="Flag"><span style=
15137 'font-size:10.0pt'>iter-loop-exec
15139 <p class="IndentText">
15140 Assume all<span class=
15141 "CodeText"><span style='font-size: 10.0pt'>
15144 loops execute at least once. This effects use-before-definition
15145 and memory checking. It should probably not be used globally, but may be used
15146 surrounding a particular loop that is known to always execute to prevent spurious messages.
15152 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15153 height="14" align="left">
15155 <td valign="top" align="left" height="14" style=
15156 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15157 <p class="TextFontCX" align="center" style=
15158 'text-align:center;background:#CCCCCC'><span style=
15159 'font-size:10.0pt'>P</span><span class=
15160 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
15161 <p class="TextFontCX"><span class="Flag"><span style=
15162 'font-size:10.0pt'>obvious-loop-exec
15164 <p class="IndentText">
15165 Assume loop that can be determined to always execute always does.
15168 <p class="Heading10">Deep Break <span class=
15169 "TextFontCXChar"><span style=
15170 'font-size:11.0pt; font-weight:normal'>(Section</span></span>
15171 <span class="TextFontCXChar"><span style=
15172 'font-size:11.0pt; font-weight:normal'>8.3.3</span></span><span class="TextFontCXChar">
15174 'font-size:11.0pt; font-weight:normal'>)</span></span></p>
15176 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15177 height="14" align="left">
15179 <td valign="top" align="left" height="14" style=
15180 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15181 <p class="TextFontCX" align="center" style=
15182 'text-align:center;background:#CCCCCC'><span style=
15183 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
15184 <p class="TextFontCX"><span class="Flag"><span style=
15185 'font-size:10.0pt'>deep-break</span></span></p>
15186 <p class="IndentText">Report errors for <span class=
15187 "CodeText"><span style='font-size:10.0pt'>break</span></span>
15188 statements inside a nested <span class=
15189 "CodeText"><span style='font-size:10.0pt'>while</span></span>,
15190 <span class="CodeText"><span style=
15191 'font-size:10.0pt'>for</span></span> or <span class=
15192 "CodeText"><span style=
15193 'font-size:10.0pt'>switch</span></span>. (Sets all
15194 nested break and continue flags.)</p>
15196 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15197 height="14" align="left">
15199 <td valign="top" align="left" height="14" style=
15200 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15201 <p class="TextFontCX" align="center" style=
15202 'text-align:center;background:#CCCCCC'><span style=
15203 'font-size:10.0pt'>m:</span><span class=
15204 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
15205 <p class="MsoListBullet"><span class="Flag"><span style=
15206 'font-size:10.0pt'>loop-loop-break</span></span></p>
15207 <p class="IndentText"><span class="TextFontCXChar">There is
15208 a</span> <span class="CodeText"><span style=
15209 'font-size:10.0pt'>break</span></span> inside a <span class=
15210 "CodeText"><span style='font-size:10.0pt'>while</span></span>,
15211 <span class="CodeText"><span style=
15212 'font-size:10.0pt'>for</span></span> or iterator loop that is
15213 inside a <span class="CodeText"><span style=
15214 'font-size: 10.0pt'>while</span></span>, <span class=
15215 "CodeText"><span style='font-size:10.0pt'>for</span></span> or
15216 iterator loop. Mark with <span class="Annot"><span style=
15217 'font-size:10.0pt'>/*@innerbreak@*/</span></span> to suppress the
15220 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15221 height="14" align="left">
15223 <td valign="top" align="left" height="14" style=
15224 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15225 <p class="TextFontCX" align="center" style=
15226 'text-align:center;background:#CCCCCC'><span style=
15227 'font-size:10.0pt'>m:</span><span class=
15228 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
15229 <p class="MsoListBullet"><span class="Flag"><span style=
15230 'font-size:10.0pt'>switch-loop-break</span></span></p>
15231 <p class="IndentText"><span class="TextFontCXChar">There is
15232 a</span><span class="CodeText"><span style=
15233 'font-size:10.0pt'>break</span></span> inside a <span class=
15234 "CodeText"><span style='font-size:10.0pt'>while</span></span>,
15235 <span class="CodeText"><span style=
15236 'font-size:10.0pt'>for</span></span> or iterator loop that is
15237 inside a <span class="CodeText"><span style=
15238 'font-size: 10.0pt'>switch</span></span> statement. Mark with
15239 <span class="Annot"><span style=
15240 'font-size:10.0pt'>/*@loopbreak@*/</span></span>.</p>
15242 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15243 height="14" align="left">
15245 <td valign="top" align="left" height="14" style=
15246 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15247 <p class="TextFontCX" align="center" style=
15248 'text-align:center;background:#CCCCCC'><span style=
15249 'font-size:10.0pt'>m:</span><span class=
15250 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
15251 <p class="MsoListBullet"><span class="Flag"><span style=
15252 'font-size:10.0pt'>loop-switch-break</span></span></p>
15253 <p class="IndentText"><span class="TextFontCXChar">There is
15254 a</span><span class="CodeText"><span style=
15255 'font-size:10.0pt'>break</span></span> inside a <span class=
15256 "CodeText"><span style='font-size:10.0pt'>switch</span></span>
15257 statement that is inside a <span class=
15258 "CodeText"><span style='font-size:10.0pt'>while</span></span>,
15259 <span class="CodeText"><span style=
15260 'font-size:10.0pt'>for</span></span> or iterator loop.
15261 Mark with /<span class="Annot"><span style=
15262 'font-size:10.0pt'>*@switchbreak@*/</span></span>.</p>
15264 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15265 height="14" align="left">
15267 <td valign="top" align="left" height="14" style=
15268 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15269 <p class="TextFontCX" align="center" style=
15270 'text-align:center;background:#CCCCCC'><span style=
15271 'font-size:10.0pt'>m:</span><span class=
15272 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
15273 <p class="MsoListBullet" style='margin-left:0in;text-indent:0in'>
15274 <span class="Flag"><span style=
15275 'font-size:10.0pt'>switch-switch-break</span></span></p>
15276 <p class="IndentText"><span class="TextFontCXChar">There is
15277 a</span><span class="CodeText"><span style=
15278 'font-size:10.0pt'>break</span></span> inside a <span class=
15279 "CodeText"><span style='font-size:10.0pt'>switch</span></span>
15280 statement that is inside another <span class=
15281 "CodeText"><span style='font-size: 10.0pt'>switch</span></span>
15282 statement. Mark with <span class="Annot"><span style=
15283 'font-size:10.0pt'>/*@innerbreak@*/</span></span>.</p>
15285 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15286 height="14" align="left">
15288 <td valign="top" align="left" height="14" style=
15289 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15290 <p class="TextFontCX" align="center" style=
15291 'text-align:center;background:#CCCCCC'><span style=
15292 'font-size:10.0pt'>m:</span><span class=
15293 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
15294 <p class="TextFontCX"><span class="Flag"><span style=
15295 'font-size:10.0pt'>loop-loop-continue</span></span></p>
15296 <p class="IndentText">There is a <span class=
15297 "CodeText"><span style='font-size: 10.0pt'>continue</span></span>
15298 inside a while, for or iterator loop that is inside a while,
15299 for or iterator loop. Mark with <span class=
15300 "Annot"><span style=
15301 'font-size:10.0pt'>/*@innercontinue@*/</span></span>.</p>
15302 <p class="Heading10">Loop and if Bodies <span class=
15303 "TextFontCXChar"><span style=
15304 'font-size:11.0pt; font-weight:normal'>(Section
15305 8.3.4)</span></span></p>
15307 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15308 height="14" align="left">
15310 <td valign="top" align="left" height="14" style=
15311 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15312 <p class="TextFontCX" align="center" style=
15313 'text-align:center;background:#CCCCCC'><span style=
15314 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
15315 <p class="TextFontCX"><span class="Flag"><span style=
15316 'font-size:10.0pt'>all-empty</span></span></p>
15317 <p class="IndentText">An if, while or for statement has no body
15318 (sets <span class="Flag"><span style=
15319 'font-size:10.0pt'>if-empty</span></span>, <span class=
15320 "Flag"><span style=
15321 'font-size:10.0pt'>while-empty</span></span> and
15322 <span class="Flag"><span style=
15323 'font-size:10.0pt'>for-empty</span></span>.)</p>
15325 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15326 height="14" align="left">
15328 <td valign="top" align="left" height="14" style=
15329 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15330 <p class="TextFontCX" align="center" style=
15331 'text-align:center;background:#CCCCCC'><span style=
15332 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
15333 <p class="TextFontCX"><span class="Flag"><span style=
15334 'font-size:10.0pt'>all-block</span></span></p>
15335 <p class="IndentText">The body of an <span class=
15336 "CodeText"><span style='font-size: 10.0pt'>if</span></span>,
15337 <span class="CodeText"><span style=
15338 'font-size:10.0pt'>while</span></span> or <span class=
15339 "CodeText"><span style='font-size:10.0pt'>for</span></span>
15340 statement is not a block (sets <span class=
15341 "Flag"><span style='font-size:10.0pt'>if-block</span></span>,
15342 <span class="Flag"><span style=
15343 'font-size:10.0pt'>while-block</span></span> and
15344 <span class="Flag"><span style=
15345 'font-size:10.0pt'>for-block</span></span>.)</p>
15347 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15348 height="14" align="left">
15350 <td valign="top" align="left" height="14" style=
15351 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15352 <p class="TextFontCX" align="center" style=
15353 'text-align:center;background:#CCCCCC'><span style=
15354 'font-size:10.0pt'>m:</span><span class=
15355 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
15356 <p class="TextFontCX"><span class="Flag"><span style=
15357 'font-size:10.0pt'>while-empty</span></span></p>
15358 <p class="IndentText">A while statement has no body.</p>
15360 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15361 height="14" align="left">
15363 <td valign="top" align="left" height="14" style=
15364 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15365 <p class="TextFontCX" align="center" style=
15366 'text-align:center;background:#CCCCCC'><span style=
15367 'font-size:10.0pt'>m:</span><span class=
15368 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
15369 <p class="TextFontCX"><span class="Flag"><span style=
15370 'font-size:10.0pt'>while-block</span></span></p>
15371 <p class="IndentText"> The body of a <span class=
15372 "CodeText"><span style='font-size: 10.0pt'>while</span></span>
15373 statement is not a block</p>
15375 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15376 height="14" align="left">
15378 <td valign="top" align="left" height="14" style=
15379 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15380 <p class="TextFontCX" align="center" style=
15381 'text-align:center;background:#CCCCCC'><span style=
15382 'font-size:10.0pt'>m:</span><span class=
15383 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
15384 <p class="TextFontCX"><span class="Flag"><span style=
15385 'font-size:10.0pt'>for-empty</span></span></p>
15386 <p class="IndentText">A <span class="CodeText"><span style=
15387 'font-size:10.0pt'>for</span></span> statement has no body.</p>
15389 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15390 height="14" align="left">
15392 <td valign="top" align="left" height="14" style=
15393 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15394 <p class="TextFontCX" align="center" style=
15395 'text-align:center;background:#CCCCCC'><span style=
15396 'font-size:10.0pt'>m:</span><span class=
15397 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
15398 <p class="TextFontCX"><span class="Flag"><span style=
15399 'font-size:10.0pt'>for-block</span></span></p>
15400 <p class="IndentText">The body of a <span class=
15401 "CodeText"><span style='font-size: 10.0pt'>for</span></span>
15402 statement is not a block.</p>
15404 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15405 height="14" align="left">
15407 <td valign="top" align="left" height="14" style=
15408 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15409 <p class="TextFontCX" align="center" style=
15410 'text-align:center;background:#CCCCCC'><span style=
15411 'font-size:10.0pt'>m:</span><span class=
15412 "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div>
15413 <p class="TextFontCX"><span class="Flag"><span style=
15414 'font-size:10.0pt'>if-empty</span></span></p>
15415 <p class="IndentText">An <span class="CodeText"><span style=
15416 'font-size:10.0pt'>if</span></span> statement has no body.</p>
15418 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15419 height="14" align="left">
15421 <td valign="top" align="left" height="14" style=
15422 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15423 <p class="TextFontCX" align="center" style=
15424 'text-align:center;background:#CCCCCC'><span style=
15425 'font-size:10.0pt'>m:</span><span class=
15426 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
15427 <p class="TextFontCX"><span class="Flag"><span style=
15428 'font-size:10.0pt'>ifblock</span></span></p>
15429 <p class="IndentText">The body of an <span class=
15430 "CodeText"><span style='font-size: 10.0pt'>if</span></span>
15431 statement is not a block.</p>
15432 <p class="Heading10">Suspicious Statements <span class=
15433 "TextFontCXChar"><span style=
15434 'font-size:11.0pt; font-weight:normal'>(Section
15435 8.4)</span></span></p>
15437 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15438 height="14" align="left">
15440 <td valign="top" align="left" height="14" style=
15441 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15442 <p class="TextFontCX" align="center" style=
15443 'text-align:center;background:#CCCCCC'><span style=
15444 'font-size:10.0pt'>m:</span><span class=
15445 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
15446 <p class="TextFontCX"><span class="Flag"><span style=
15447 'font-size:10.0pt'>unreachable</span></span></p>
15448 <p class="IndentText">Code is not reached on any possible
15451 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15452 height="14" align="left">
15454 <td valign="top" align="left" height="14" style=
15455 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15456 <p class="TextFontCX" align="center" style=
15457 'text-align:center;background:#CCCCCC'><span style=
15458 'font-size:10.0pt'>m:</span><span class=
15459 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
15460 <p class="TextFontCX"><span class="Flag"><span style=
15461 'font-size:10.0pt'>noeffect</span></span></p>
15462 <p class="IndentText">Statement has no effect.</p>
15464 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15465 height="14" align="left">
15467 <td valign="top" align="left" height="14" style=
15468 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15469 <p class="TextFontCX" align="center" style=
15470 'text-align:center;background:#CCCCCC'><span style=
15471 'font-size:10.0pt'>m:</span><span class=
15472 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
15473 <p class="TextFontCX"><span class="Flag"><span style=
15474 'font-size:10.0pt'>noeffect-uncon</span></span></p>
15475 <p class="IndentText">Statement involving call to unconstrained
15476 function may have no effect.</p>
15478 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15479 height="14" align="left">
15481 <td valign="top" align="left" height="14" style=
15482 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15483 <p class="TextFontCX" align="center" style=
15484 'text-align:center;background:#CCCCCC'><span style=
15485 'font-size:10.0pt'>m:</span><span class=
15486 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
15487 <p class="TextFontCX"><span class="Flag"><span style=
15488 'font-size:10.0pt'>noret</span></span></p>
15489 <p class="IndentText">There is a path with no <span class=
15490 "Keyword"><span style='font-size:10.0pt'>return</span></span> in a
15491 function declared to return a non-<span class=
15492 "Keyword"><span style='font-size:10.0pt'>void</span></span>
15494 <p class="Heading10">Ignored Return Values <span class=
15495 "TextFontCXChar"><span style=
15496 'font-size:11.0pt; font-weight:normal'>(Section</span></span>
15497 <span class="TextFontCXChar"><span style=
15498 'font-size:11.0pt; font-weight:normal'>8.4.2</span></span><span class="TextFontCXChar">
15500 'font-size:11.0pt; font-weight:normal'>)</span></span></p>
15501 <p class="beforelist">These flags control when errors are reported
15502 for function calls that do not use the return value. Casting
15503 the function call to <span class="CodeText"><span style=
15504 'font-size:10.0pt'>void</span></span> or declaring the called
15505 function to return <span class="Annot"><span style=
15506 'font-size:10.0pt'>/*@alt void@*/</span></span>.</p>
15508 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15509 height="14" align="left">
15511 <td valign="top" align="left" height="14" style=
15512 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15513 <p class="TextFontCX" align="center" style=
15514 'text-align:center;background:#CCCCCC'><span style=
15515 'font-size:10.0pt'>m:</span><span class=
15516 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
15517 <p class="TextFontCX"><span class="Flag"><span style=
15518 'font-size:10.0pt'>ret-val-bool</span></span></p>
15519 <p class="IndentText">Return value of type <span class=
15520 "CodeText"><span style='font-size:10.0pt'>bool</span></span>
15523 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15524 height="14" align="left">
15526 <td valign="top" align="left" height="14" style=
15527 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15528 <p class="TextFontCX" align="center" style=
15529 'text-align:center;background:#CCCCCC'><span style=
15530 'font-size:10.0pt'>m:</span><span class=
15531 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
15532 <p class="TextFontCX"><span class="Flag"><span style=
15533 'font-size:10.0pt'>ret-val-int</span></span></p>
15534 <p class="IndentText">Return value of type <span class=
15535 "CodeText"><span style='font-size:10.0pt'>int</span></span>
15538 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15539 height="14" align="left">
15541 <td valign="top" align="left" height="14" style=
15542 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15543 <p class="TextFontCX" align="center" style=
15544 'text-align:center;background:#CCCCCC'><span style=
15545 'font-size:10.0pt'>m:</span><span class=
15546 "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div>
15547 <p class="TextFontCX"><span class="Flag"><span style=
15548 'font-size:10.0pt'>ret-val-other</span></span></p>
15549 <p class="IndentText">Return value of type other than
15550 <span class="CodeText"><span style=
15551 'font-size:10.0pt'>bool</span></span> or <span class=
15552 "CodeText"><span style='font-size:10.0pt'>int</span></span>
15555 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15556 height="14" align="left">
15558 <td valign="top" align="left" height="14" style=
15559 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15560 <p class="TextFontCX" align="center" style=
15561 'text-align:center;background:#CCCCCC'><span style=
15562 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
15563 <p class="TextFontCX"><span class="Flag"><span style=
15564 'font-size:10.0pt'>ret-val</span></span></p>
15565 <p class="IndentText">Return value ignored (Sets <span class=
15566 "Flag"><span style='font-size:10.0pt'>retvalbool</span></span>,
15567 <span class="Flag"><span style=
15568 'font-size:10.0pt'>retvalint</span></span>, <span class=
15569 "Flag"><span style=
15570 'font-size:10.0pt'>retvalother</span></span>.)</p>
15572 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
15573 Memory Bounds <span class="HeadingNote"><span style=
15574 'font-size:10.5pt;font-weight:normal;font-style: normal'>(Section</span></span>
15575 <span class="HeadingNote"><span style=
15576 'font-size:10.5pt;font-weight:normal;font-style: normal'>9</span></span>)
15579 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15580 height="14" align="left">
15582 <td valign="top" align="left" height="14" style=
15583 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15584 <p class="TextFontCX" align="center" style=
15585 'text-align:center;background:#CCCCCC'><span style=
15586 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
15587 <p class="TextFontCX"><span class="Flag"><span style=
15588 'font-size:10.0pt'>bounds</span></span></p>
15589 <p class="IndentText">
15590 Memory read or write may be out of bounds of allocated storage
15592 "Flag"><span style='font-size:10.0pt'>boundsread</span></span>
15594 <span class="Flag"><span style=
15595 'font-size:10.0pt'>boundswrite</span></span>
15599 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15600 height="14" align="left">
15602 <td valign="top" align="left" height="14" style=
15603 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15604 <p class="TextFontCX" align="center" style=
15605 'text-align:center;background:#CCCCCC'><span style=
15606 'font-size:10.0pt'>m:</span><span class=
15607 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
15608 <p class="TextFontCX"><span class="Flag"><span style=
15609 'font-size:10.0pt'>boundsread</span></span></p>
15610 <p class="IndentText">
15611 A memory read references memory beyond the allocated storage
15612 (also sets <span class=
15613 "Flag"><span style='font-size:10.0pt'>likelyboundsread</span></span>.
15617 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15618 height="14" align="left">
15620 <td valign="top" align="left" height="14" style=
15621 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15622 <p class="TextFontCX" align="center" style=
15623 'text-align:center;background:#CCCCCC'><span style=
15624 'font-size:10.0pt'>m:</span><span class=
15625 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
15626 <p class="TextFontCX"><span class="Flag"><span style=
15627 'font-size:10.0pt'>boundswrite</span></span></p>
15628 <p class="IndentText">
15629 A memory write may write to an address beyond the allocated buffer
15630 (also sets <span class=
15631 "Flag"><span style='font-size:10.0pt'>likelyboundswrite</span></span>.
15635 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15636 height="14" align="left">
15638 <td valign="top" align="left" height="14" style=
15639 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15640 <p class="TextFontCX" align="center" style=
15641 'text-align:center;background:#CCCCCC'><span style=
15642 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
15643 <p class="TextFontCX"><span class="Flag"><span style=
15644 'font-size:10.0pt'>likelybounds</span></span></p>
15645 <p class="IndentText">
15646 Likely memory read or write is likely to be out of bounds of allocated storage
15648 "Flag"><span style='font-size:10.0pt'>likelyboundsread</span></span>
15650 <span class="Flag"><span style=
15651 'font-size:10.0pt'>likelyboundswrite)</span></span>
15656 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15657 height="14" align="left">
15659 <td valign="top" align="left" height="14" style=
15660 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15661 <p class="TextFontCX" align="center" style=
15662 'text-align:center;background:#CCCCCC'><span style=
15663 'font-size:10.0pt'>m:</span><span class=
15664 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
15665 <p class="TextFontCX"><span class="Flag"><span style=
15666 'font-size:10.0pt'>likelyboundsread</span></span></p>
15667 <p class="IndentText">
15668 A likely memory read references memory beyond the allocated storage
15669 (also sets <span class=
15670 "Flag"><span style='font-size:10.0pt'>likelyboundsread</span></span>.
15674 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15675 height="14" align="left">
15677 <td valign="top" align="left" height="14" style=
15678 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15679 <p class="TextFontCX" align="center" style=
15680 'text-align:center;background:#CCCCCC'><span style=
15681 'font-size:10.0pt'>m:</span><span class=
15682 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
15683 <p class="TextFontCX"><span class="Flag"><span style=
15684 'font-size:10.0pt'>likelyboundswrite</span></span></p>
15685 <p class="IndentText">
15686 A memory write is likely to write to an address beyond the allocated buffer.
15690 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15691 height="14" align="left">
15693 <td valign="top" align="left" height="14" style=
15694 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15695 <p class="TextFontCX" align="center" style=
15696 'text-align:center;background:#CCCCCC'><span style=
15697 'font-size:10.0pt'>m:</span><span class=
15698 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
15699 <p class="TextFontCX"><span class="Flag">fcnpost<span style=
15700 'font-size:10.0pt'></span></span></p>
15701 <p class="IndentText">
15702 Display function post conditions.
15707 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15708 height="14" align="left">
15710 <td valign="top" align="left" height="14" style=
15711 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15712 <p class="TextFontCX" align="center" style=
15713 'text-align:center;background:#CCCCCC'><span style=
15714 'font-size:10.0pt'>m:</span><span class=
15715 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
15716 <p class="TextFontCX"><span class="Flag">redundantconstraints<span style=
15717 'font-size:10.0pt'></span></span></p>
15718 <p class="IndentText">
15719 Display seemingly redundant conditions.
15722 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15723 height="14" align="left">
15725 <td valign="top" align="left" height="14" style=
15726 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15727 <p class="TextFontCX" align="center" style=
15728 'text-align:center;background:#CCCCCC'><span style=
15729 'font-size:10.0pt'>m:</span><span class=
15730 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
15731 <p class="TextFontCX"><span class="Flag">checkpost<span style=
15732 'font-size:10.0pt'></span></span></p>
15733 <p class="IndentText">
15734 The functions implementation may not satidfy a post condition given in an ensures clause.
15739 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15740 height="14" align="left">
15742 <td valign="top" align="left" height="14" style=
15743 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15744 <p class="TextFontCX" align="center" style=
15745 'text-align:center;background:#CCCCCC'><span style=
15746 'font-size:10.0pt'>P-</span><span class=
15747 "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div>
15748 <p class="TextFontCX"><span class="Flag">showconstraintparens<span style=
15749 'font-size:10.0pt'></span></span></p>
15750 <p class="IndentText">
15751 Display parentheses around constraint terms.
15754 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15755 height="14" align="left">
15757 <td valign="top" align="left" height="14" style=
15758 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15759 <p class="TextFontCX" align="center" style=
15760 'text-align:center;background:#CCCCCC'><span style=
15761 'font-size:10.0pt'>P+</span><span class=
15762 "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div>
15763 <p class="TextFontCX"><span class="Flag">showconstraintlocation<span style=
15764 'font-size:10.0pt'></span></span></p>
15765 <p class="IndentText">
15766 Display location for every constraint generated.
15769 <p class="beforelist">
15770 The following flags are mainly of interest to Splint developers. The default values are adequate in normal use. They are included for completeness.
15774 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15775 height="14" align="left">
15777 <td valign="top" align="left" height="14" style=
15778 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15779 <p class="TextFontCX" align="center" style=
15780 'text-align:center;background:#CCCCCC'><span style=
15781 'font-size:10.0pt'>P-</span><span class=
15782 "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div>
15783 <p class="TextFontCX"><span class="Flag">
15785 <span style='font-size:10.0pt'></span></span></p>
15786 <p class="IndentText">
15787 Perform buffer overflow checking even if the errors would be inhibited.
15793 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15794 height="14" align="left">
15796 <td valign="top" align="left" height="14" style=
15797 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15798 <p class="TextFontCX" align="center" style=
15799 'text-align:center;background:#CCCCCC'><span style=
15800 'font-size:10.0pt'>P-</span><span class=
15801 "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div>
15802 <p class="TextFontCX"><span class="Flag">
15804 <span style='font-size:10.0pt'></span></span></p>
15805 <p class="IndentText">
15806 Generate implicit constraints for functions. This is an experimental option.
15807 Currently this option reduces the number of bounds errors but causes real error to be missed.
15812 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15813 height="14" align="left">
15815 <td valign="top" align="left" height="14" style=
15816 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15817 <p class="TextFontCX" align="center" style=
15818 'text-align:center;background:#CCCCCC'><span style=
15819 'font-size:10.0pt'>P-</span><span class=
15820 "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div>
15821 <p class="TextFontCX"><span class="Flag">
15823 <span style='font-size:10.0pt'></span></span></p>
15824 <p class="IndentText">
15825 This flags affects the internal constraint resolution.  If set, the internal constraint resolution is more accurate.  The performance impact is minimal so there is little reason not to have this flag set.</p>
15827 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
15828 Extensible Checking <span class="HeadingNote"><span style=
15829 'font-size:10.5pt;font-weight:normal;font-style: normal'>(Section</span></span>
15830 <span class="HeadingNote"><span style=
15831 'font-size:10.5pt;font-weight:normal;font-style: normal'>13</span></span><span class="HeadingNote">
15833 'font-size:10.5pt;font-weight:normal;font-style: normal'>)</span></span></p>
15837 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15838 height="14" align="left">
15840 <td valign="top" align="left" height="14" style=
15841 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15842 <p class="TextFontCX" align="center" style=
15843 'text-align:center;background:#CCCCCC'><span style=
15844 'font-size:10.0pt'>P-</span><span class=
15845 "Keyword"><span style='font-size:10.0pt'></span></span></p></td></tr></table></div>
15846 <p class="TextFontCX"><span class="Flag">
15848 <span style='font-size:10.0pt'></span></span></p>
15849 <p class="IndentText">
15850 Load meta state declaration and corresponding xh file.
15855 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15856 height="14" align="left">
15858 <td valign="top" align="left" height="14" style=
15859 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15860 <p class="TextFontCX" align="center" style=
15861 'text-align:center;background:#CCCCCC'><span style=
15862 'font-size:10.0pt'>m:</span><span class=
15863 "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div>
15864 <p class="TextFontCX"><span class="Flag">
15866 <span style='font-size:10.0pt'></span></span></p>
15867 <p class="IndentText">
15868 Transfer violates user-defined state rules.
15873 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15874 height="14" align="left">
15876 <td valign="top" align="left" height="14" style=
15877 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15878 <p class="TextFontCX" align="center" style=
15879 'text-align:center;background:#CCCCCC'><span style=
15880 'font-size:10.0pt'>m:</span><span class=
15881 "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div>
15882 <p class="TextFontCX"><span class="Flag">
15884 <span style='font-size:10.0pt'></span></span></p>
15885 <p class="IndentText">
15886 Control path merge violates user-defined state merge rules.
15889 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
15890 Completeness <span class="HeadingNote"><span style=
15891 'font-size:10.5pt;font-weight:normal;font-style: normal'>(Section</span></span>
15892 <span class="HeadingNote"><span style=
15893 'font-size:10.5pt;font-weight:normal;font-style: normal'>13</span></span><span class="HeadingNote">
15895 'font-size:10.5pt;font-weight:normal;font-style: normal'>)</span></span></p>
15896 <p class="Heading10">Unused Declarations <span class=
15897 "HeadingNote"><span style=
15898 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span>
15899 <span class="HeadingNote"><span style=
15900 'font-size:10.5pt;font-weight:normal;font-style: normal'>13.1</span></span><span class="HeadingNote">
15902 'font-size:10.5pt;font-weight:normal;font-style: normal'>)</span></span></p>
15903 <p class="beforelist">These flags control when errors are reported
15904 for declarations that are never used. The <span class=
15905 "Annot"><span style='font-size:10.0pt'>unused</span></span>
15906 annotation can be used to prevent unused errors from being report
15907 for a particular declaration.</p>
15909 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15910 height="14" align="left">
15912 <td valign="top" align="left" height="14" style=
15913 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15914 <p class="TextFontCX" align="center" style=
15915 'text-align:center;background:#CCCCCC'><span style=
15916 'font-size:10.0pt'>m:</span><span class=
15917 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
15918 <p class="TextFontCX"><span class="Flag"><span style=
15919 'font-size:10.0pt'>top-use</span></span></p>
15920 <p class="IndentText">An external declaration is not used in any
15923 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15924 height="14" align="left">
15926 <td valign="top" align="left" height="14" style=
15927 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15928 <p class="TextFontCX" align="center" style=
15929 'text-align:center;background:#CCCCCC'><span style=
15930 'font-size:10.0pt'>m:</span><span class=
15931 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
15932 <p class="TextFontCX"><span class="Flag"><span style=
15933 'font-size:10.0pt'>const-use</span></span></p>
15934 <p class="IndentText">Constant never used.</p>
15936 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15937 height="14" align="left">
15939 <td valign="top" align="left" height="14" style=
15940 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15941 <p class="TextFontCX" align="center" style=
15942 'text-align:center;background:#CCCCCC'><span style=
15943 'font-size:10.0pt'>m:</span><span class=
15944 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
15945 <p class="TextFontCX"><span class="Flag"><span style=
15946 'font-size:10.0pt'>enum-mem-use</span></span></p>
15947 <p class="IndentText">Member of enumerator never used.</p>
15949 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15950 height="14" align="left">
15952 <td valign="top" align="left" height="14" style=
15953 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15954 <p class="TextFontCX" align="center" style=
15955 'text-align:center;background:#CCCCCC'><span style=
15956 'font-size:10.0pt'>m:</span><span class=
15957 "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div>
15958 <p class="TextFontCX"><span class="Flag"><span style=
15959 'font-size:10.0pt'>var-use</span></span></p>
15960 <p class="IndentText">Variable never used.</p>
15962 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15963 height="14" align="left">
15965 <td valign="top" align="left" height="14" style=
15966 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15967 <p class="TextFontCX" align="center" style=
15968 'text-align:center;background:#CCCCCC'><span style=
15969 'font-size:10.0pt'>m:</span><span class=
15970 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
15971 <p class="TextFontCX"><span class="Flag"><span style=
15972 'font-size:10.0pt'>param-use</span></span></p>
15973 <p class="IndentText">Function parameter never used.</p>
15975 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15976 height="14" align="left">
15978 <td valign="top" align="left" height="14" style=
15979 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15980 <p class="TextFontCX" align="center" style=
15981 'text-align:center;background:#CCCCCC'><span style=
15982 'font-size:10.0pt'>m:</span><span class=
15983 "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div>
15984 <p class="TextFontCX"><span class="Flag"><span style=
15985 'font-size:10.0pt'>fcn-use</span></span></p>
15986 <p class="IndentText">Function is never used.</p>
15988 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
15989 height="14" align="left">
15991 <td valign="top" align="left" height="14" style=
15992 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
15993 <p class="TextFontCX" align="center" style=
15994 'text-align:center;background:#CCCCCC'><span style=
15995 'font-size:10.0pt'>m:</span><span class=
15996 "Keyword"><span style='font-size:10.0pt'>++++</span></span></p></td></tr></table></div>
15997 <p class="TextFontCX"><span class="Flag"><span style=
15998 'font-size:10.0pt'>type-use</span></span></p>
15999 <p class="IndentText">Defined type never used.</p>
16001 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16002 height="14" align="left">
16004 <td valign="top" align="left" height="14" style=
16005 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16006 <p class="TextFontCX" align="center" style=
16007 'text-align:center;background:#CCCCCC'><span style=
16008 'font-size:10.0pt'>m:</span><span class=
16009 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
16010 <p class="TextFontCX"><span class="Flag"><span style=
16011 'font-size:10.0pt'>field-use</span></span></p>
16012 <p class="IndentText">Field of structure or union type is never
16015 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16016 height="14" align="left">
16018 <td valign="top" align="left" height="14" style=
16019 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16020 <p class="TextFontCX" align="center" style=
16021 'text-align:center;background:#CCCCCC'><span style=
16022 'font-size:10.0pt'>m:</span><span class=
16023 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
16024 <p class="TextFontCX"><span class="Flag"><span style=
16025 'font-size:10.0pt'>unused-special</span></span></p>
16026 <p class="IndentText">Declaration in a special file (corresponding
16027 to <span class="ProgramNameChar">.l</span> or <span class=
16028 "ProgramNameChar">.y</span> file) is unused.</p>
16029 <p class="Heading10">Complete Programs <span class=
16030 "TextFontCXChar"><span style=
16031 'font-size:11.0pt; font-weight:normal'>(Section
16032 13.2)</span></span></p>
16034 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16035 height="14" align="left">
16037 <td valign="top" align="left" height="14" style=
16038 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16039 <p class="TextFontCX" align="center" style=
16040 'text-align:center;background:#CCCCCC'><span style=
16041 'font-size:10.0pt'>m:</span><span class=
16042 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
16043 <p class="TextFontCX"><span class="Flag"><span style=
16044 'font-size:10.0pt'>decl-undef</span></span></p>
16045 <p class="IndentText">Function, variable, iterator or constant
16046 declared but never defined.</p>
16048 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16049 height="14" align="left">
16051 <td valign="top" align="left" height="14" style=
16052 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16053 <p class="TextFontCX" align="center" style=
16054 'text-align:center;background:#CCCCCC'><span style=
16055 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
16056 <p class="TextFontCX"><span class="Flag"><span style=
16057 'font-size:10.0pt'>partial</span></span></p>
16058 <p class="IndentText">Check as partial system (sets
16059 <span class="Flag"><span style=
16060 'font-size:10.0pt'>-decl-undef</span></span>, <span class=
16061 "Flag"><span style=
16062 'font-size:10.0pt'>-export-local</span></span> and
16063 prevents checking of macros in headers without corresponding
16064 <span class="ProgramNameChar">.c</span> files.)</p>
16065 <p class="Heading10">Exports</p>
16067 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16068 height="14" align="left">
16070 <td valign="top" align="left" height="14" style=
16071 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16072 <p class="TextFontCX" align="center" style=
16073 'text-align:center;background:#CCCCCC'><span style=
16074 'font-size:10.0pt'>m:</span><span class=
16075 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
16076 <p class="TextFontCX"><span class="Flag"><span style=
16077 'font-size:10.0pt'>export-local</span></span></p>
16078 <p class="IndentText">A declaration is exported but not used
16079 outside this module. (Declaration can use the
16080 <span class="CodeText"><span style=
16081 'font-size: 10.0pt'>static</span></span> qualifier.)</p>
16083 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16084 height="14" align="left">
16086 <td valign="top" align="left" height="14" style=
16087 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16088 <p class="TextFontCX" align="center" style=
16089 'text-align:center;background:#CCCCCC'><span style=
16090 'font-size:10.0pt'>m:</span><span class=
16091 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
16092 <p class="TextFontCX"><span class="Flag"><span style=
16093 'font-size:10.0pt'>export-header</span></span></p>
16094 <p class="IndentText">A declaration (other than a variable) is
16095 exported but does not appear in a header file.</p>
16097 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16098 height="14" align="left">
16100 <td valign="top" align="left" height="14" style=
16101 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16102 <p class="TextFontCX" align="center" style=
16103 'text-align:center;background:#CCCCCC'><span style=
16104 'font-size:10.0pt'>m:</span><span class=
16105 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
16106 <p class="TextFontCX"><span class="Flag"><span style=
16107 'font-size:10.0pt'>export-header-var</span></span></p>
16108 <p class="IndentText">A variable declaration is exported but does
16109 not appear in a header file.</p>
16110 <p class="Heading10">Unrecognized Identifiers</p>
16112 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16113 height="14" align="left">
16115 <td valign="top" align="left" height="14" style=
16116 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16117 <p class="TextFontCX" align="center" style=
16118 'text-align:center;background:#CCCCCC'><span style=
16119 'font-size:10.0pt'>P:</span> <span class=
16120 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16121 <p class="TextFontCX"><span class="Flag"><span style=
16122 'font-size:10.0pt'>unrecog</span></span></p>
16123 <p class="IndentText">An unrecognized identifier is used.</p>
16125 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16126 height="14" align="left">
16128 <td valign="top" align="left" height="14" style=
16129 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16130 <p class="TextFontCX" align="center" style=
16131 'text-align:center;background:#CCCCCC'><span style=
16132 'font-size:10.0pt'>P:</span> <span class=
16133 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16134 <p class="TextFontCX"><span class="Flag"><span style=
16135 'font-size:10.0pt'>sys-unrecog</span></span></p>
16136 <p class="IndentText">Report unrecognized identifiers that start
16137 with the system prefix, <span class="Keyword"><span style=
16138 'font-size:10.0pt'>__</span></span> (two underscores).</p>
16140 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16141 height="14" align="left">
16143 <td valign="top" align="left" height="14" style=
16144 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16145 <p class="TextFontCX" align="center" style=
16146 'text-align:center;background:#CCCCCC'><span style=
16147 'font-size:10.0pt'>P:</span> <span class=
16148 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
16149 <p class="TextFontCX"><span class="Flag"><span style=
16150 'font-size:10.0pt'>repeat-unrecog</span></span></p>
16151 <p class="IndentText">Report multiple messages for unrecognized
16152 identifiers. If <span class="Flag"><span style=
16153 'font-size:10.0pt'>repeatunrecog</span></span> is not set, an error
16154 is reported only the first time a particular unrecognized
16155 identifier appears in the file.</p>
16156 <p class="Heading10">Multiple Definition and Declarations</p>
16158 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16159 height="14" align="left">
16161 <td valign="top" align="left" height="14" style=
16162 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16163 <p class="TextFontCX" align="center" style=
16164 'text-align:center;background:#CCCCCC'><span style=
16165 'font-size:10.0pt'>P:</span> <span class=
16166 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16167 <p class="TextFontCX"><span class="Flag"><span style=
16168 'font-size:10.0pt'>redef</span></span></p>
16169 <p class="IndentText">A function or variable is defined more than
16172 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16173 height="14" align="left">
16175 <td valign="top" align="left" height="14" style=
16176 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16177 <p class="TextFontCX" align="center" style=
16178 'text-align:center;background:#CCCCCC'><span style=
16179 'font-size:10.0pt'>m:</span><span class=
16180 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
16181 <p class="TextFontCX"><span class="Flag"><span style=
16182 'font-size:10.0pt'>redecl</span></span></p>
16183 <p class="IndentText">An identifier is declared more than once.</p>
16185 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16186 height="14" align="left">
16188 <td valign="top" align="left" height="14" style=
16189 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16190 <p class="TextFontCX" align="center" style=
16191 'text-align:center;background:#CCCCCC'><span style=
16192 'font-size:10.0pt'>m:</span><span class=
16193 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
16194 <p class="TextFontCX"><span class="Flag"><span style=
16195 'font-size:10.0pt'>nested-extern</span></span></p>
16196 <p class="IndentText">An <span class="Keyword"><span style=
16197 'font-size:10.0pt'>extern</span></span> declaration is used inside
16198 a function body.</p>
16199 <p class="Heading10">ISO Conformance</p>
16201 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16202 height="14" align="left">
16204 <td valign="top" align="left" height="14" style=
16205 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16206 <p class="TextFontCX" align="center" style=
16207 'text-align:center;background:#CCCCCC'><span style=
16208 'font-size:10.0pt'>m:</span><span class=
16209 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
16210 <p class="TextFontCX"><span class="Flag"><span style=
16211 'font-size:10.0pt'>noparams</span></span></p>
16212 <p class="IndentText">A function is declared without a parameter
16213 list prototype.</p>
16215 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16216 height="14" align="left">
16218 <td valign="top" align="left" height="14" style=
16219 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16220 <p class="TextFontCX" align="center" style=
16221 'text-align:center;background:#CCCCCC'><span style=
16222 'font-size:10.0pt'>m:</span><span class=
16223 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
16224 <p class="TextFontCX"><span class="Flag"><span style=
16225 'font-size:10.0pt'>old-style</span></span></p>
16226 <p class="IndentText">Function definition is in old style
16227 syntax. Standard prototype syntax is preferred.</p>
16229 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16230 height="14" align="left">
16232 <td valign="top" align="left" height="14" style=
16233 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16234 <p class="TextFontCX" align="center" style=
16235 'text-align:center;background:#CCCCCC'><span style=
16236 'font-size:10.0pt'>m:</span><span class=
16237 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
16238 <p class="TextFontCX"><span class="Flag"><span style=
16239 'font-size:10.0pt'>exit-arg</span></span></p>
16240 <p class="IndentText">Argument to <span class=
16241 "CodeText"><span style=
16242 'font-size: 10.0pt'>exit</span></span> has implementation
16243 defined behavior. The only valid arguments to
16244 <span class="CodeText"><span style=
16245 'font-size:10.0pt'>exit</span></span> are <span class=
16246 "CodeText"><span style=
16247 'font-size:10.0pt'>EXIT_SUCCESS</span></span>, <span class=
16248 "CodeText"><span style=
16249 'font-size:10.0pt'>EXIT_FAILURE</span></span> and
16250 <span class="CodeText"><span style=
16251 'font-size:10.0pt'>0</span></span>. An error is
16252 reported if Splint can determine statically that the argument
16253 to <span class="CodeText"><span style=
16254 'font-size:10.0pt'>exit</span></span> is not one of
16257 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16258 height="14" align="left">
16260 <td valign="top" align="left" height="14" style=
16261 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16262 <p class="TextFontCX" align="center" style=
16263 'text-align:center;background:#CCCCCC'><span style=
16264 'font-size:10.0pt'>P:</span> <span class=
16265 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16266 <p class="TextFontCX"><span class="Flag"><span style=
16267 'font-size:10.0pt'>use-varargs</span></span></p>
16268 <p class="IndentText">Report if <span class=
16269 "CodeText"><span style='font-size:10.0pt'><varargs.h></span></span>
16270 is used (should use <span class=
16271 "ProgramNameChar"><span style='font-size:10.0pt'>stdarg.h</span></span>).</p>
16272 <p class="Heading10">Limits</p>
16273 <p class="beforelist">The ANSI Standard includes limits on minimum
16274 numbers that a conforming compiler must support. Whether of
16275 not a particular compiler exceeds these limits, it is worth
16276 checking that a program does not exceed them so that other
16277 compilers may safely compile it. In addition, exceeding a
16278 limit may indicate a problem in the code (e.g., it is too complex
16279 if the control nest depth limit is exceeded) that should be fixed
16280 regardless of the compiler. Splint checks the following
16281 limits. For each limit, the maximum value may be set from the
16282 command line (or locally using a stylized comment). The
16283 minimum limits were increased for the ISO C99 specification.
16284 If the <span class="Flag"><span style=
16285 'font-size:10.0pt'>iso99-limits</span></span> flag is used, all
16286 limits are checked with the minimum values of an ISO C99 conforming
16287 compiler. If the <span class="Flag"><span style=
16288 'font-size:10.0pt'>ansi89-limits</span></span> flag is used, all
16289 limits are checked with the minimum values of an ANSI C89
16290 conforming compiler.</p>
16292 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16293 height="14" align="left">
16295 <td valign="top" align="left" height="14" style=
16296 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16297 <p class="TextFontCX" align="center" style=
16298 'text-align:center;background:#CCCCCC'><span style=
16299 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
16300 <p class="TextFontCX"><span class="Flag"><span style=
16301 'font-size:10.0pt'>ansi89-limits</span></span></p>
16302 <p class="IndentText">Check for violations of minimum limits
16303 prescribed by ANSI C89 standard (sets <span class=
16304 "Flag"><span style=
16305 'font-size:10.0pt'>control-nest-depth</span></span>,
16306 <span class="Flag"><span style=
16307 'font-size:10.0pt'>string-literal-len</span></span>,
16308 <span class="Flag"><span style=
16309 'font-size:10.0pt'>include-nest</span></span>, <span class=
16310 "Flag"><span style=
16311 'font-size:10.0pt'>num-struct-fields</span></span>, and
16312 <span class="Flag"><span style=
16313 'font-size:10.0pt'>num-enum-members</span></span>).</p>
16315 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16316 height="14" align="left">
16318 <td valign="top" align="left" height="14" style=
16319 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16320 <p class="TextFontCX" align="center" style=
16321 'text-align:center;background:#CCCCCC'><span style=
16322 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
16323 <p class="TextFontCX"><span class="Flag"><span style=
16324 'font-size:10.0pt'>iso99-limits</span></span></p>
16325 <p class="IndentText">Check for violations of minimum limits
16326 prescribed by ISO C99 standard (sets <span class=
16327 "Flag"><span style=
16328 'font-size:10.0pt'>control-nest-depth</span></span>,
16329 <span class="Flag"><span style=
16330 'font-size:10.0pt'>string-literal-len</span></span>,
16331 <span class="Flag"><span style=
16332 'font-size:10.0pt'>include-nest</span></span>, <span class=
16333 "Flag"><span style=
16334 'font-size:10.0pt'>num-struct-fields</span></span>, and
16335 <span class="Flag"><span style=
16336 'font-size:10.0pt'>num-enum-members</span></span>).</p>
16339 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16340 height="14" align="left">
16342 <td valign="top" align="left" height="14" style=
16343 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16344 <p class="TextFontCX" align="center" style=
16345 'text-align:center;background:#CCCCCC'><span style=
16346 'font-size:10.0pt'>m:</span><span class=
16347 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
16348 <p class="TextFontCX"><span class="Flag"><span style=
16349 'font-size:10.0pt'>control-nest-depth</span></span><span class="Flag">
16351 'font-size:10.0pt'> <i><number></i></span></span></p>
16352 <p class="IndentText">Set maximum nesting depth of compound
16353 statements, iteration control structures, and selection control
16354 structures (ISO C99 minimum is 63; ANSI C89 minimum is 15).</p>
16356 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16357 height="14" align="left">
16359 <td valign="top" align="left" height="14" style=
16360 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16361 <p class="TextFontCX" align="center" style=
16362 'text-align:center;background:#CCCCCC'><span style=
16363 'font-size:10.0pt'>m:</span><span class=
16364 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
16365 <p class="TextFontCX"><span class="Flag"><span style=
16366 'font-size:10.0pt'>string-literal-len</span></span><span class="Flag">
16368 'font-size:10.0pt'> <i><number></i></span></span></p>
16369 <p class="IndentText">Set maximum length of string literals (ISO
16370 C99 minimum is 4095; ANSI C89 minimum is 509).</p>
16372 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16373 height="14" align="left">
16375 <td valign="top" align="left" height="14" style=
16376 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16377 <p class="TextFontCX" align="center" style=
16378 'text-align:center;background:#CCCCCC'><span style=
16379 'font-size:10.0pt'>m:</span><span class=
16380 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
16381 <p class="TextFontCX"><span class="Flag"><span style=
16382 'font-size:10.0pt'>num-struct-fields</span></span><span class="Flag">
16384 'font-size:10.0pt'> <i><number></i></span></span></p>
16385 <p class="IndentText">Set maximum number of fields in a
16386 <span class="CodeText"><span style=
16387 'font-size:10.0pt'>struct</span></span> or <span class=
16388 "CodeText"><span style='font-size:10.0pt'>union</span></span>
16389 (ISO C99 minimum is 1023; ANSI minimum is 127).</p>
16391 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16392 height="14" align="left">
16394 <td valign="top" align="left" height="14" style=
16395 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16396 <p class="TextFontCX" align="center" style=
16397 'text-align:center;background:#CCCCCC'><span style=
16398 'font-size:10.0pt'>m:</span><span class=
16399 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
16400 <p class="TextFontCX"><span class="Flag"><span style=
16401 'font-size:10.0pt'>num-enum-members</span></span><span class=
16402 "Flag"><span style=
16403 'font-size:10.0pt'> <i><number></i></span></span></p>
16404 <p class="IndentText">Set maximum number of members of an
16405 <span class="CodeText"><span style=
16406 'font-size:10.0pt'>enum</span></span> type (ISO C99 minimum is
16407 1023; ANSI minimum is 127).</p>
16409 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16410 height="14" align="left">
16412 <td valign="top" align="left" height="14" style=
16413 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16414 <p class="TextFontCX" align="center" style=
16415 'text-align:center;background:#CCCCCC'><span style=
16416 'font-size:10.0pt'>m:</span><span class=
16417 "Keyword"><span style='font-size:10.0pt'>--++</span></span></p></td></tr></table></div>
16418 <p class="TextFontCX"><span class="Flag"><span style=
16419 'font-size:10.0pt'>include-nest</span></span><span class=
16420 "Flag"><span style=
16421 'font-size:10.0pt'> <i><number></i></span></span></p>
16422 <p class="IndentText">Set maximum number of nested
16423 <span class="CodeText"><span style=
16424 'font-size:10.0pt'>#include</span></span> files (ISO C99
16425 minimum is 63; ANSI minimum is 8).</p>
16426 <p class="Heading10">Header Inclusion <a name=
16427 "_Ref344793948"><span class="TextFontCXChar"><span style=
16428 'font-size:11.0pt; font-weight:normal'>(Section</span></span></a>
16429 <span class="TextFontCXChar"><span style=
16430 'font-size:11.0pt; font-weight:normal'>14.3</span></span><span class="TextFontCXChar">
16432 'font-size:11.0pt; font-weight:normal'>)</span></span></p>
16434 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16435 height="14" align="left">
16437 <td valign="top" align="left" height="14" style=
16438 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16439 <p class="TextFontCX" align="center" style=
16440 'text-align:center;background:#CCCCCC'><span style=
16441 'font-size:10.0pt'>P:</span> <span class=
16442 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16443 <p class="TextFontCX"><span class="Flag"><span style=
16444 'font-size:10.0pt'>skip-ansi-headers</span></span></p>
16445 <p class="IndentText">Prevent inclusion of header files in a system
16446 directory with names that match standard ANSI headers. The
16447 symbolic information in the standard library is used instead.
16448 Flag in effect only if a library that includes the standard library is
16449 used. The ANSI headers are: <span class=
16450 "CodeText"><span style='font-size:10.0pt'>assert</span></span>,
16452 "CodeText"><span style='font-size:10.0pt'>ctype</span></span>,
16453 <span class="CodeText"><span style=
16454 'font-size:10.0pt'>errno</span></span>,
16455 <span class="CodeText"><span style=
16456 'font-size:10.0pt'>float</span></span>,
16458 "CodeText"><span style='font-size:10.0pt'>limits</span></span>,
16459 <span class="CodeText"><span style=
16460 'font-size:10.0pt'>locale</span></span>, <span class=
16461 "CodeText"><span style='font-size:10.0pt'>math</span></span>,
16462 <span class="CodeText"><span style=
16463 'font-size:10.0pt'>setjmp</span></span>, <span class=
16464 "CodeText"><span style='font-size:10.0pt'>signal</span></span>,
16465 <span class="CodeText"><span style=
16466 'font-size:10.0pt'>stdarg</span></span>,
16467 <span class="CodeText"><span style=
16468 'font-size:10.0pt'>stddef</span></span>, <span class=
16469 "CodeText"><span style='font-size:10.0pt'>stdio</span></span>,
16470 <span class="CodeText"><span style=
16471 'font-size:10.0pt'>stdlib</span></span>,
16473 "CodeText"><span style='font-size:10.0pt'>strings</span></span>,
16475 "CodeText"><span style='font-size:10.0pt'>string</span></span>,
16477 "CodeText"><span style='font-size:10.0pt'>time</span></span>,
16478 and <span class="CodeText"><span style=
16479 'font-size:10.0pt'>wchar</span></span>.
16483 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16484 height="14" align="left">
16486 <td valign="top" align="left" height="14" style=
16487 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16488 <p class="TextFontCX" align="center" style=
16489 'text-align:center;background:#CCCCCC'><span style=
16490 'font-size:10.0pt'>P:</span> <span class=
16491 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16492 <p class="TextFontCX"><span class="Flag"><span style=
16493 'font-size:10.0pt'>skip-iso-headers</span></span></p>
16494 <p class="IndentText">Prevent inclusion of header files in a system
16495 directory with names that match standard ISO C99 headers. The
16496 symbolic information in the standard library is used instead.
16497 In effect only if a library that includes the standard library is
16498 used. The ISO C99 headers are: <span class=
16499 "CodeText"><span style='font-size:10.0pt'>assert</span></span>,
16500 <span class="CodeText"><span style=
16501 'font-size:10.0pt'>complex</span></span>, <span class=
16502 "CodeText"><span style='font-size:10.0pt'>ctype</span></span>,
16503 <span class="CodeText"><span style=
16504 'font-size:10.0pt'>errno</span></span>, <span class=
16505 "CodeText"><span style='font-size:10.0pt'>fenv</span></span>,
16506 <span class="CodeText"><span style=
16507 'font-size:10.0pt'>float</span></span>, <span class=
16508 "CodeText"><span style='font-size:10.0pt'>inttypes</span></span>,
16509 <span class="CodeText"><span style=
16510 'font-size:10.0pt'>iso646</span></span>, <span class=
16511 "CodeText"><span style='font-size:10.0pt'>limits</span></span>,
16512 <span class="CodeText"><span style=
16513 'font-size:10.0pt'>locale</span></span>, <span class=
16514 "CodeText"><span style='font-size:10.0pt'>math</span></span>,
16515 <span class="CodeText"><span style=
16516 'font-size:10.0pt'>setjmp</span></span>, <span class=
16517 "CodeText"><span style='font-size:10.0pt'>signal</span></span>,
16518 <span class="CodeText"><span style=
16519 'font-size:10.0pt'>stdarg</span></span>, <span class=
16520 "CodeText"><span style='font-size:10.0pt'>stdbool</span></span>,
16521 <span class="CodeText"><span style=
16522 'font-size:10.0pt'>stddef</span></span>, <span class=
16523 "CodeText"><span style='font-size:10.0pt'>stdio</span></span>,
16524 <span class="CodeText"><span style=
16525 'font-size:10.0pt'>stdlib</span></span>, <span class=
16526 "CodeText"><span style='font-size:10.0pt'>string</span></span>,
16527 <span class="CodeText"><span style=
16528 'font-size:10.0pt'>tgmath</span></span>, <span class=
16529 "CodeText"><span style='font-size:10.0pt'>time</span></span>,
16530 <span class="CodeText"><span style=
16531 'font-size:10.0pt'>wchar</span></span>, and <span class=
16532 "CodeText"><span style='font-size:10.0pt'>wctype</span></span>.</p>
16536 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16537 height="14" align="left">
16539 <td valign="top" align="left" height="14" style=
16540 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16541 <p class="TextFontCX" align="center" style=
16542 'text-align:center;background:#CCCCCC'><span style=
16543 'font-size:10.0pt'>P:</span> <span class=
16544 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16545 <p class="TextFontCX"><span class="Flag"><span style=
16546 'font-size:10.0pt'>skip-posix-headers</span></span></p>
16547 <p class="IndentText">Prevent inclusion of header files in a system
16548 directory with names that match standard POSIX headers. The
16549 symbolic information in the standard library is used instead.
16550 In effect only if a library that includes the POSIX library is
16551 used. The skipped POSIX headers are: <span class=
16552 "CodeText"><span style='font-size:10.0pt'>dirent</span></span>,
16553 <span class="CodeText"><span style=
16554 'font-size:10.0pt'>fcntl</span></span>, <span class=
16555 "CodeText"><span style='font-size:10.0pt'>grp</span></span>,
16556 <span class="CodeText"><span style=
16557 'font-size:10.0pt'>pwd</span></span>, <span class=
16558 "CodeText"><span style='font-size:10.0pt'>termios</span></span>,
16559 <span class="CodeText"><span style=
16560 'font-size:10.0pt'>sys/stat</span></span>, <span class=
16561 "CodeText"><span style='font-size:10.0pt'>sys/times</span></span>,
16562 <span class="CodeText"><span style=
16563 'font-size:10.0pt'>sys/types</span></span>, <span class=
16564 "CodeText"><span style=
16565 'font-size:10.0pt'>sys/utsname</span></span>, <span class=
16566 "CodeText"><span style='font-size:10.0pt'>sys/wait</span></span>,
16567 <span class="CodeText"><span style=
16568 'font-size:10.0pt'>unistd</span></span>, and <span class=
16569 "CodeText"><span style='font-size:10.0pt'>utime</span></span>.</p>
16572 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16573 height="14" align="left">
16575 <td valign="top" align="left" height="14" style=
16576 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16577 <p class="TextFontCX" align="center" style=
16578 'text-align:center;background:#CCCCCC'><span style=
16579 'font-size:10.0pt'>P:</span> <span class=
16580 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16581 <p class="TextFontCX"><span class="Flag"><span style=
16582 'font-size:10.0pt'>warn-posix-headers</span></span></p>
16583 <p class="IndentText">Report use of a POSIX header when checking a
16584 program with a non-POSIX library.</p>
16585 <p class="IndentText"> </p>
16588 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16589 height="14" align="left">
16591 <td valign="top" align="left" height="14" style=
16592 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16593 <p class="TextFontCX" align="center" style=
16594 'text-align:center;background:#CCCCCC'><span style=
16595 'font-size:10.0pt'>P:</span> <span class=
16596 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16597 <p class="TextFontCX"><span class="Flag"><span style=
16598 'font-size:10.0pt'>warn-unix-headers</span></span></p>
16599 <p class="IndentText">
16600 Warn the user that the unix library may not be compatible with all platforms.
16604 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16605 height="14" align="left">
16607 <td valign="top" align="left" height="14" style=
16608 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16609 <p class="TextFontCX" align="center" style=
16610 'text-align:center;background:#CCCCCC'><span style=
16611 'font-size:10.0pt'>P:</span> <span class=
16612 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
16613 <p class="TextFontCX"><span class="Flag"><span style=
16614 'font-size:10.0pt'>skip-sys-headers</span></span></p>
16615 <p class="IndentText">Prevent inclusion of all header files in
16616 system directories.</p>
16618 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16619 height="14" align="left">
16621 <td valign="top" align="left" height="14" style=
16622 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16623 <p class="TextFontCX" align="center" style=
16624 'text-align:center;background:#CCCCCC'><span style=
16625 'font-size:10.0pt'>P:</span> <span class=
16626 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16627 <p class="TextFontCX"><span class="Flag"><span style=
16628 'font-size:10.0pt'>sys-dir-expand-macros</span></span></p>
16629 <p class="IndentText">Expand macros in system directories
16630 regardless of other settings, except for macros corresponding to
16631 names defined in a load library.</p>
16633 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16634 height="14" align="left">
16636 <td valign="top" align="left" height="14" style=
16637 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16638 <p class="TextFontCX" align="center" style=
16639 'text-align:center;background:#CCCCCC'><span style=
16640 'font-size:10.0pt'>m:</span><span class=
16641 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
16642 <p class="TextFontCX"><span class="Flag"><span style=
16643 'font-size:10.0pt'>sys-dir-errors</span></span></p>
16644 <p class="IndentText">Report errors in files in system directories
16645 (set by <span class="Flag"><span style=
16646 'font-size:10.0pt'>-sys-dirs</span></span>). </p>
16647 <p class="IndentText"><span class="HeadingNote"><span style=
16648 'font-size:10.5pt; font-style:normal'> </span></span></p>
16651 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16652 height="14" align="left">
16654 <td valign="top" align="left" height="14" style=
16655 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16656 <p class="TextFontCX" align="center" style=
16657 'text-align:center;background:#CCCCCC'><span style=
16658 'font-size:10.0pt'>P:</span><span class=
16659 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16660 <p class="TextFontCX"><span class="Flag"><span style=
16661 'font-size:10.0pt'>
16664 <p class="IndentText">
16665 Warn when a system file was listed as a command line file but Splint
16666 is not set to report errors for system files. This prevents accidentally missing warnings
16667 in system files when Splint is run in a system directory.
16671 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16672 height="14" align="left">
16674 <td valign="top" align="left" height="14" style=
16675 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16676 <p class="TextFontCX" align="center" style=
16677 'text-align:center;background:#CCCCCC'><span style=
16678 'font-size:10.0pt'>global:</span> <span class=
16679 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
16680 <p class="TextFontCX"><span class="Flag"><span style=
16681 'font-size:10.0pt'>single-include</span></span></p>
16682 <p class="IndentText">Optimize header inclusion to only include
16683 each header file once.</p>
16685 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16686 height="14" align="left">
16688 <td valign="top" align="left" height="14" style=
16689 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16690 <p class="TextFontCX" align="center" style=
16691 'text-align:center;background:#CCCCCC'><span style=
16692 'font-size:10.0pt'>global:</span> <span class=
16693 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
16694 <p class="TextFontCX"><span class="Flag"><span style=
16695 'font-size:10.0pt'>never-include</span></span></p>
16696 <p class="IndentText">Use library information instead of including
16700 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16701 height="14" align="left">
16703 <td valign="top" align="left" height="14" style=
16704 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16705 <p class="TextFontCX" align="center" style=
16706 'text-align:center;background:#CCCCCC'><span style=
16707 'font-size:10.0pt'>global:</span> <span class=
16708 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
16709 <p class="TextFontCX"><span class="Flag"><span style=
16710 'font-size:10.0pt'>case-insensitive-filenames</span></span></p>
16711 <p class="IndentText">
16712 File names are case insensitive (file.h and FILE.H are the same file).
16717 <p class="Heading10">Comments</p>
16718 <p class="beforelist">These flags control how syntactic comments
16719 are interpreted.</p>
16721 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16722 height="14" align="left">
16724 <td valign="top" align="left" height="14" style=
16725 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16726 <p class="TextFontCX" align="center" style=
16727 'text-align:center;background:#CCCCCC'><span style=
16728 'font-size:10.0pt'>P:</span> <span class="Flag"><span style=
16729 'font-size:10.0pt'>@</span></span></p></td></tr></table></div>
16730 <p class="TextFontCX"><span class="Flag"><span style=
16731 'font-size:10.0pt'>comment-char</span></span> <span class=
16732 "Flag"><i><span style=
16733 'font-size:10.0pt'><char></span></i></span></p>
16734 <p class="IndentText">Set the marker character for syntactic
16735 comments. Comments beginning with <span class=
16736 "CodeText"><span style=
16737 'font-size:10.0pt'>/*</span></span><span class=
16738 "Flag"><i><span style=
16739 'font-size:10.0pt'><char></span></i></span> are interpreted
16742 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16743 height="14" align="left">
16745 <td valign="top" align="left" height="14" style=
16746 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16747 <p class="TextFontCX" align="center" style=
16748 'text-align:center;background:#CCCCCC'><span style=
16749 'font-size:10.0pt'>P:</span> <span class=
16750 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
16751 <p class="TextFontCX"><span class="Flag"><span style=
16752 'font-size:10.0pt'>noaccess</span></span></p>
16753 <p class="IndentText">Ignore access comments.</p>
16755 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16756 height="14" align="left">
16758 <td valign="top" align="left" height="14" style=
16759 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16760 <p class="TextFontCX" align="center" style=
16761 'text-align:center;background:#CCCCCC'><span style=
16762 'font-size:10.0pt'>P:</span> <span class=
16763 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
16764 <p class="TextFontCX"><span class="Flag"><span style=
16765 'font-size:10.0pt'>nocomments</span></span></p>
16766 <p class="IndentText">Ignore all stylized comments.</p>
16768 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16769 height="14" align="left">
16771 <td valign="top" align="left" height="14" style=
16772 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16773 <p class="TextFontCX" align="center" style=
16774 'text-align:center;background:#CCCCCC'><span style=
16775 'font-size:10.0pt'>P:</span> <span class=
16776 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16777 <p class="TextFontCX"><span class="Flag"><span style=
16778 'font-size:10.0pt'>sup-counts</span></span></p>
16779 <p class="IndentText">Actual number of errors does not match number
16780 in <span class="Annot"><span style=
16781 'font-size:10.0pt'>/*@i</span></span><span class=
16782 "Annot"><span style=
16783 'font-size:10.0pt'><n>@*/</span></span></p>
16785 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16786 height="14" align="left">
16788 <td valign="top" align="left" height="14" style=
16789 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16790 <p class="TextFontCX" align="center" style=
16791 'text-align:center;background:#CCCCCC'><span style=
16792 'font-size:10.0pt'>P:</span> <span class=
16793 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16794 <p class="TextFontCX"><span class="Flag"><span style=
16795 'font-size:10.0pt'>lint-comments</span></span></p>
16796 <p class="IndentText">Interpret traditional lint comments
16797 (<span class="CodeText"><span style=
16798 'font-size:10.0pt'>/*FALLTHROUGH*/</span></span>,
16799 <span class="CodeText"><span style=
16800 'font-size:10.0pt'>/*NOTREACHED*/</span></span>, <span class=
16801 "CodeText"><span style=
16802 'font-size:10.0pt'>/*PRINTFLIKE*/</span></span>).</p>
16804 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16805 height="14" align="left">
16807 <td valign="top" align="left" height="14" style=
16808 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16809 <p class="TextFontCX" align="center" style=
16810 'text-align:center;background:#CCCCCC'><span style=
16811 'font-size:10.0pt'>m:</span><span class=
16812 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
16813 <p class="TextFontCX"><span class="Flag"><span style=
16814 'font-size:10.0pt'>warn-lint-comments</span></span></p>
16815 <p class="IndentText">Print a warning and suggest an alternative
16816 when a traditional lint comment is used. </p>
16818 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16819 height="14" align="left">
16821 <td valign="top" align="left" height="14" style=
16822 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16823 <p class="TextFontCX" align="center" style=
16824 'text-align:center;background:#CCCCCC'><span style=
16825 'font-size:10.0pt'>P: +</span></p></td></tr></table></div>
16826 <p class="TextFontCX"><span class="Flag"><span style=
16827 'font-size:10.0pt'>unrecog-comments</span></span></p>
16828 <p class="IndentText">Stylized comment is unrecognized.</p>
16831 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16832 height="14" align="left">
16834 <td valign="top" align="left" height="14" style=
16835 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16836 <p class="TextFontCX" align="center" style=
16837 'text-align:center;background:#CCCCCC'><span style=
16838 'font-size:10.0pt'>P: +</span></p></td></tr></table></div>
16839 <p class="TextFontCX"><span class="Flag"><span style=
16840 'font-size:10.0pt'>unrecog-flag-comments</span></span></p>
16841 <p class="IndentText">
16842 Semantic comment attempts to set a flag that is not recognized.
16847 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16848 height="14" align="left">
16850 <td valign="top" align="left" height="14" style=
16851 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16852 <p class="TextFontCX" align="center" style=
16853 'text-align:center;background:#CCCCCC'><span style=
16854 'font-size:10.0pt'>P: +</span></p></td></tr></table></div>
16855 <p class="TextFontCX"><span class="Flag"><span style=
16856 'font-size:10.0pt'>annotationerror
16858 <p class="IndentText">
16859 A declaration uses an invalid annotation.
16864 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16865 height="14" align="left">
16867 <td valign="top" align="left" height="14" style=
16868 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16869 <p class="TextFontCX" align="center" style=
16870 'text-align:center;background:#CCCCCC'><span style=
16871 'font-size:10.0pt'>P: +</span></p></td></tr></table></div>
16872 <p class="TextFontCX"><span class="Flag"><span style=
16873 'font-size:10.0pt'>commenterror
16875 <p class="IndentText">
16876 A syntactic comment is used inconsistently.
16879 <p class="Heading10">Parsing</p>
16881 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16882 height="14" align="left">
16884 <td valign="top" align="left" height="14" style=
16885 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16886 <p class="TextFontCX" align="center" style=
16887 'text-align:center;background:#CCCCCC'><span style=
16888 'font-size:10.0pt'>P:</span> <span class=
16889 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
16890 <p class="TextFontCX"><span class="Flag"><span style=
16891 'font-size:10.0pt'>continue-comment</span></span></p>
16892 <p class="IndentText">A line continuation marker
16893 (<span class="CodeText"><span style=
16894 'font-size:10.0pt'>\</span></span>) appears inside a comment
16895 on the same line as the comment close. Preprocessors should
16896 handle this correctly, but it causes problems for some
16899 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16900 height="14" align="left">
16902 <td valign="top" align="left" height="14" style=
16903 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16904 <p class="TextFontCX" align="center" style=
16905 'text-align:center;background:#CCCCCC'><span style=
16906 'font-size:10.0pt'>P:</span> <span class=
16907 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16908 <p class="TextFontCX"><span class="Flag"><span style=
16909 'font-size:10.0pt'>nest-comment</span></span></p>
16910 <p class="IndentText">A comment open sequence (<span class=
16911 "CodeText"><span style='font-size:10.0pt'>/*</span></span>) appears
16912 inside a comment. This usually indicates that an earlier
16913 comment was not closed.</p>
16916 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16917 height="14" align="left">
16919 <td valign="top" align="left" height="14" style=
16920 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16921 <p class="TextFontCX" align="center" style=
16922 'text-align:center;background:#CCCCCC'><span style=
16923 'font-size:10.0pt'>P:</span> <span class=
16924 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
16925 <p class="TextFontCX"><span class="Flag"><span style=
16926 'font-size:10.0pt'>slashslashcomment</span></span></p>
16927 <p class="IndentText">A
16929 "CodeText"><span style='font-size:10.0pt'>//</span></span>
16930 comment is used.  ISO C99 allows
16932 "CodeText"><span style='font-size:10.0pt'>//</span></span>
16933 comments, but earlier standards did not.
16937 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16938 height="14" align="left">
16940 <td valign="top" align="left" height="14" style=
16941 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16942 <p class="TextFontCX" align="center" style=
16943 'text-align:center;background:#CCCCCC'><span style=
16944 'font-size:10.0pt'>P: +</span></p></td></tr></table></div>
16945 <p class="TextFontCX"><span class="Flag"><span style=
16946 'font-size:10.0pt'>duplicate-quals</span></span></p>
16947 <p class="IndentText">Report duplicate type qualifiers (e.g.,
16948 <span class="CodeText"><span style='font-size:10.0pt'>unsigned
16949 unsigned</span></span>).</p>
16951 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16952 height="14" align="left">
16954 <td valign="top" align="left" height="14" style=
16955 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16956 <p class="TextFontCX" align="center" style=
16957 'text-align:center;background:#CCCCCC'><span style=
16958 'font-size:10.0pt'>P:</span> <span class=
16959 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16960 <p class="TextFontCX"><span class="Flag"><span style=
16961 'font-size:10.0pt'>gnu-extensions</span></span></p>
16962 <p class="IndentText">Support some GNU and Microsoft language
16966 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16967 height="14" align="left">
16969 <td valign="top" align="left" height="14" style=
16970 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16971 <p class="TextFontCX" align="center" style=
16972 'text-align:center;background:#CCCCCC'><span style=
16973 'font-size:10.0pt'>P:</span> <span class=
16974 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
16975 <p class="TextFontCX"><span class="Flag"><span style=
16976 'font-size:10.0pt'>syntax</span></span></p>
16977 <p class="IndentText">Parse error.</p>
16980 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
16981 height="14" align="left">
16983 <td valign="top" align="left" height="14" style=
16984 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
16985 <p class="TextFontCX" align="center" style=
16986 'text-align:center;background:#CCCCCC'><span style=
16987 'font-size:10.0pt'>P:</span> <span class=
16988 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
16989 <p class="TextFontCX"><span class="Flag"><span style=
16990 'font-size:10.0pt'>try-to-recover</span></span></p>
16991 <p class="IndentText">Try to recover from a parse error. If
16992 <span class="Flag"><span style=
16993 'font-size:10.0pt'>trytorecover</span></span> is not set, Splint
16994 will abort checking after a parse error is detected. If it is
16995 set, Splint will attempt to recover, but Splint does performs only
16996 minimal error recovery. It is likely that trying to recover
16997 after a parse error will lead to an internal assertion failing.</p>
17000 <p class="Heading10">Warn use</p>
17003 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17004 height="14" align="left">
17006 <td valign="top" align="left" height="14" style=
17007 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17008 <p class="TextFontCX" align="center" style=
17009 'text-align:center;background:#CCCCCC'><span style=
17010 'font-size:10.0pt'>m:</span> <span class=
17011 "Keyword"><span style='font-size:10.0pt'>-+++
17012 </span></span></p></td></tr></table></div>
17013 <p class="TextFontCX"><span class="Flag"><span style=
17014 'font-size:10.0pt'>
17017 <p class="IndentText">
17018 Use of function that may lead to buffer overflow.
17022 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17023 height="14" align="left">
17025 <td valign="top" align="left" height="14" style=
17026 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17027 <p class="TextFontCX" align="center" style=
17028 'text-align:center;background:#CCCCCC'><span style=
17029 'font-size:10.0pt'>m:</span> <span class=
17030 "Keyword"><span style='font-size:10.0pt'>++++
17031 </span></span></p></td></tr></table></div>
17032 <p class="TextFontCX"><span class="Flag"><span style=
17033 'font-size:10.0pt'>
17036 <p class="IndentText">
17037 Use of function that may lead to buffer overflow.
17043 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17044 height="14" align="left">
17046 <td valign="top" align="left" height="14" style=
17047 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17048 <p class="TextFontCX" align="center" style=
17049 'text-align:center;background:#CCCCCC'><span style=
17050 'font-size:10.0pt'>m:</span> <span class=
17051 "Keyword"><span style='font-size:10.0pt'>--++
17052 </span></span></p></td></tr></table></div>
17053 <p class="TextFontCX"><span class="Flag"><span style=
17054 'font-size:10.0pt'>
17055 implementationoptional
17057 <p class="IndentText">
17058 Use of a declarator that is implementation optional, not required by ISO99.
17063 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17064 height="14" align="left">
17066 <td valign="top" align="left" height="14" style=
17067 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17068 <p class="TextFontCX" align="center" style=
17069 'text-align:center;background:#CCCCCC'><span style=
17070 'font-size:10.0pt'>m:</span> <span class=
17071 "Keyword"><span style='font-size:10.0pt'>--++
17072 </span></span></p></td></tr></table></div>
17073 <p class="TextFontCX"><span class="Flag"><span style=
17074 'font-size:10.0pt'>
17077 <p class="IndentText">
17078 Non-reentrant function should not be used in multithreaded code.
17082 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17083 height="14" align="left">
17085 <td valign="top" align="left" height="14" style=
17086 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17087 <p class="TextFontCX" align="center" style=
17088 'text-align:center;background:#CCCCCC'><span style=
17089 'font-size:10.0pt'>m:</span> <span class=
17090 "Keyword"><span style='font-size:10.0pt'>--++
17091 </span></span></p></td></tr></table></div>
17092 <p class="TextFontCX"><span class="Flag"><span style=
17093 'font-size:10.0pt'>
17096 <p class="IndentText">
17097 Use of function that may have implementation-dependent behavior.
17102 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17103 height="14" align="left">
17105 <td valign="top" align="left" height="14" style=
17106 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17107 <p class="TextFontCX" align="center" style=
17108 'text-align:center;background:#CCCCCC'><span style=
17109 'font-size:10.0pt'>m:</span> <span class=
17110 "Keyword"><span style='font-size:10.0pt'>--++
17111 </span></span></p></td></tr></table></div>
17112 <p class="TextFontCX"><span class="Flag"><span style=
17113 'font-size:10.0pt'>
17116 <p class="IndentText">
17117 Call to function restricted to superusers.
17122 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17123 height="14" align="left">
17125 <td valign="top" align="left" height="14" style=
17126 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17127 <p class="TextFontCX" align="center" style=
17128 'text-align:center;background:#CCCCCC'><span style=
17129 'font-size:10.0pt'>m:</span> <span class=
17130 "Keyword"><span style='font-size:10.0pt'>---+
17131 </span></span></p></td></tr></table></div>
17132 <p class="TextFontCX"><span class="Flag"><span style=
17133 'font-size:10.0pt'>
17136 <p class="IndentText">
17137 Possible time of check, time of use vulnerability.
17143 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17144 height="14" align="left">
17146 <td valign="top" align="left" height="14" style=
17147 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17148 <p class="TextFontCX" align="center" style=
17149 'text-align:center;background:#CCCCCC'><span style=
17150 'font-size:10.0pt'>m:</span> <span class=
17151 "Keyword"><span style='font-size:10.0pt'>----
17152 </span></span></p></td></tr></table></div>
17153 <p class="TextFontCX"><span class="Flag"><span style=
17154 'font-size:10.0pt'>
17157 <p class="IndentText">
17158 Use of function that need not be provided by UNIX implementations
17161 <p class="Heading10">ITS4 compatibility flags</p>
17165 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17166 height="14" align="left">
17168 <td valign="top" align="left" height="14" style=
17169 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17170 <p class="TextFontCX" align="center" style=
17171 'text-align:center;background:#CCCCCC'><span style=
17172 'font-size:10.0pt'>P:</span> <span class=
17173 "Keyword"><span style='font-size:10.0pt'>-
17174 </span></span></p></td></tr></table></div>
17175 <p class="TextFontCX"><span class="Flag"><span style=
17176 'font-size:10.0pt'>
17179 <p class="IndentText">
17180 Security vulnerability classified as most risky in its4 database.
17184 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17185 height="14" align="left">
17187 <td valign="top" align="left" height="14" style=
17188 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17189 <p class="TextFontCX" align="center" style=
17190 'text-align:center;background:#CCCCCC'><span style=
17191 'font-size:10.0pt'>P:</span> <span class=
17192 "Keyword"><span style='font-size:10.0pt'>-
17193 </span></span></p></td></tr></table></div>
17194 <p class="TextFontCX"><span class="Flag"><span style=
17195 'font-size:10.0pt'>
17198 <p class="IndentText">
17199 Security vulnerability classified as very risky in its4 database.
17204 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17205 height="14" align="left">
17207 <td valign="top" align="left" height="14" style=
17208 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17209 <p class="TextFontCX" align="center" style=
17210 'text-align:center;background:#CCCCCC'><span style=
17211 'font-size:10.0pt'>P:</span> <span class=
17212 "Keyword"><span style='font-size:10.0pt'>-
17213 </span></span></p></td></tr></table></div>
17214 <p class="TextFontCX"><span class="Flag"><span style=
17215 'font-size:10.0pt'>
17218 <p class="IndentText">
17219 Security vulnerability classified as risky in its4 database.
17224 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17225 height="14" align="left">
17227 <td valign="top" align="left" height="14" style=
17228 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17229 <p class="TextFontCX" align="center" style=
17230 'text-align:center;background:#CCCCCC'><span style=
17231 'font-size:10.0pt'>P:</span> <span class=
17232 "Keyword"><span style='font-size:10.0pt'>-
17233 </span></span></p></td></tr></table></div>
17234 <p class="TextFontCX"><span class="Flag"><span style=
17235 'font-size:10.0pt'>
17238 <p class="IndentText">
17239 Security vulnerability classified as moderate risk in its4 database.
17245 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17246 height="14" align="left">
17248 <td valign="top" align="left" height="14" style=
17249 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17250 <p class="TextFontCX" align="center" style=
17251 'text-align:center;background:#CCCCCC'><span style=
17252 'font-size:10.0pt'>P:</span> <span class=
17253 "Keyword"><span style='font-size:10.0pt'>-
17254 </span></span></p></td></tr></table></div>
17255 <p class="TextFontCX"><span class="Flag"><span style=
17256 'font-size:10.0pt'>
17259 <p class="IndentText">
17260 Security vulnerability classified as risky in its4 database.
17263 <p class="Heading10">Debug flags</p>
17266 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17267 height="14" align="left">
17269 <td valign="top" align="left" height="14" style=
17270 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17271 <p class="TextFontCX" align="center" style=
17272 'text-align:center;background:#CCCCCC'><span style=
17273 'font-size:10.0pt'>P:</span> <span class=
17274 "Keyword"><span style='font-size:10.0pt'>3
17275 </span></span></p></td></tr></table></div>
17276 <p class="TextFontCX"><span class="Flag"><span style=
17277 'font-size:10.0pt'>
17280 <p class="IndentText">
17281 Set maximum number of bugs detected before giving up.
17286 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17287 height="14" align="left">
17289 <td valign="top" align="left" height="14" style=
17290 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17291 <p class="TextFontCX" align="center" style=
17292 'text-align:center;background:#CCCCCC'><span style=
17293 'font-size:10.0pt'>m:</span> <span class=
17294 "Keyword"><span style='font-size:10.0pt'>----
17295 </span></span></p></td></tr></table></div>
17296 <p class="TextFontCX"><span class="Flag"><span style=
17297 'font-size:10.0pt'>
17300 <p class="IndentText">
17301 Perform buffer overflow checking even if the errors would be surpressed.
17307 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17308 height="14" align="left">
17310 <td valign="top" align="left" height="14" style=
17311 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17312 <p class="TextFontCX" align="center" style=
17313 'text-align:center;background:#CCCCCC'><span style=
17314 'font-size:10.0pt'>P:</span> <span class=
17315 "Keyword"><span style='font-size:10.0pt'>-
17316 </span></span></p></td></tr></table></div>
17317 <p class="TextFontCX"><span class="Flag"><span style=
17318 'font-size:10.0pt'>
17321 <p class="IndentText">
17322 Debug parsing. Prints bison generated debuging information.
17328 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17329 height="14" align="left">
17331 <td valign="top" align="left" height="14" style=
17332 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17333 <p class="TextFontCX" align="center" style=
17334 'text-align:center;background:#CCCCCC'><span style=
17335 'font-size:10.0pt'>P:</span> <span class=
17336 "Keyword"><span style='font-size:10.0pt'>-
17337 </span></span></p></td></tr></table></div>
17338 <p class="TextFontCX"><span class="Flag"><span style=
17339 'font-size:10.0pt'>
17342 <p class="IndentText">
17343 Do not delete temporary files.
17348 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17349 height="14" align="left">
17351 <td valign="top" align="left" height="14" style=
17352 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17353 <p class="TextFontCX" align="center" style=
17354 'text-align:center;background:#CCCCCC'><span style=
17355 'font-size:10.0pt'>P:</span> <span class=
17356 "Keyword"><span style='font-size:10.0pt'>-
17357 </span></span></p></td></tr></table></div>
17358 <p class="TextFontCX"><span class="Flag"><span style=
17359 'font-size:10.0pt'>
17362 <p class="IndentText">
17363 Do not pre-process input files.
17368 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
17369 height="14" align="left">
17371 <td valign="top" align="left" height="14" style=
17372 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
17373 <p class="TextFontCX" align="center" style=
17374 'text-align:center;background:#CCCCCC'><span style=
17375 'font-size:10.0pt'>P:</span> <span class=
17376 "Keyword"><span style='font-size:10.0pt'>-
17377 </span></span></p></td></tr></table></div>
17378 <p class="TextFontCX"><span class="Flag"><span style=
17379 'font-size:10.0pt'>
17382 <p class="IndentText">
17383 Display the source code location where a warning is produced.
17389 <p class="MsoHeading7" style='margin-left:0in;text-indent:0in'>
17390 <a name="_Toc534975062"></a><a name="_Ref348845752">Appendix
17392 'font:7.0pt "Times New Roman"'> </span>
17393 <a id="annotations" name="annotations">
17394 Annotations</a></a></p>
17395 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
17396 <a name="_Toc534975063"></a><a name="_Ref348010146">Suppressin</a>g
17398 <p class="beforelist">Several annotations are provided for
17399 suppressing messages. In general, it is usually better to use
17400 specific flags to suppress a particular error permanently, but the
17401 general error suppression flags may be more convenient for quickly
17402 suppressing messages for code that will be corrected or documented
17404 <p class="TextFontCX"><span class="Flag"><span style=
17405 'font-size:10.0pt'>ignore</span></span></p>
17406 <p class="TextFontCX"><span class="Flag"><span style=
17407 'font-size:10.0pt'>end</span></span></p>
17408 <p class="IndentText">No errors will be reported in code regions
17409 between <span class="Annot"><span style=
17410 'font-size:10.0pt'>/*@ignore@*/</span></span> and
17411 <span class="Annot"><span style=
17412 'font-size:10.0pt'>/*@end@*/</span></span>. These
17413 comments can be used to easily suppress an unlimited number
17414 of messages, but are dangerous since if real errors are
17415 introduced in the <span class="Flag"><span style=
17416 'font-size:10.0pt'>ignore</span></span>…<span class=
17417 "Flag"><span style='font-size:10.0pt'>end</span></span>
17418 region they will not be reported. The <span class=
17419 "Annot"><span style='font-size:10.0pt'>ignore</span></span>
17420 and <span class="Annot"><span style=
17421 'font-size:10.0pt'>end</span></span> comments must be matched
17422 — a warning is printed if the file ends in an ignore
17423 region or if <span class="Flag"><span style=
17424 'font-size:10.0pt'>ignore</span></span> is used inside ignore
17426 <p class="TextFontCX"><span class="Flag"><span style=
17427 'font-size:10.0pt'>i</span></span></p>
17428 <p class="IndentText">No errors will be reported from an
17429 <span class="Annot"><span style=
17430 'font-size:10.0pt'>/*@i@*/</span></span> comment to the end of the
17432 <p class="TextFontCX"><span class="Flag"><span style=
17433 'font-size:10.0pt'>i</span></span><span class=
17434 "Flag"><span style='font-size:10.0pt'><i><n></i></span></span></p>
17435 <p class="IndentText">No errors will be reported from an
17436 <span class="Annot"><span style=
17437 'font-size:10.0pt'>/*@i<i><n></i>@*/</span></span> (e.g.,
17438 <span class="Annot"><span style=
17439 'font-size:10.0pt'>/*@i3@*/</span></span>) comment to the end of
17440 the line. If there are not exactly <i>n</i> errors suppressed
17441 from the comment point to the end of the line, Splint will report
17442 an error. This is more robust than <span class=
17443 "Annot"><span style='font-size:10.0pt'>i</span></span> or
17444 <span class="Annot"><span style=
17445 'font-size:10.0pt'>ignore</span></span> since a message is
17446 generated if the expected number errors is not present. Since
17447 errors are not necessarily detected until after this file is
17448 processed (for example, and unused variable error), suppress count
17449 errors are reported after all files have been processed. The
17450 <span class="Flag"><span style=
17451 'font-size: 10.0pt'>‑supcounts</span></span> flag may be used
17452 to suppress these errors. This is useful when a system if
17453 being rechecked with different flag settings.</p>
17454 <p class="TextFontCX"><span class="Annot"><span style=
17455 'font-size:10.0pt'>t</span></span></p>
17456 <p class="TextFontCX"><span class="Flag"><span style=
17457 'font-size:10.0pt'>t<i><n></i></span></span></p>
17458 <p class="IndentText">Like <span class="Annot"><span style=
17459 'font-size:10.0pt'>i</span></span> and <span class=
17460 "Annot"><span style=
17461 'font-size:10.0pt'>i<i><n></i></span></span>, except
17462 controlled by <span class="Flag"><span style=
17463 'font-size:10.0pt'>+tmpcomments</span></span> flag. These can
17464 be used to temporarily suppress certain errors. Then,
17465 <span class="Flag"><span style=
17466 'font-size:10.0pt'>-tmpcomments</span></span> can be set to find
17468 <p class="MsoHeading8" style='margin-left:0in;text-indent:0in'>
17469 <a name="_Toc534975064">Syntactic Annotations</a></p>
17470 <p class="TextFontCX">The grammar below is the C syntax from
17471 [K&R,A13] modified to show the syntax of syntactic
17472 comments. Only productions effected by Splint annotations are
17473 shown. In the annotations, the <span class=
17474 "Annot"><span style='font-size:10.0pt'>@</span></span> represents
17475 the comment marker char, set by <span class=
17476 "Flag"><span style='font-size:10.0pt'>-commentchar</span></span> (default
17477 is <span class="Annot"><span style=
17478 'font-size:10.0pt'>@</span></span>).</p>
17479 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
17480 <a name="_Toc534975065">Functions</a></p>
17481 <p class="TextFontCX"><i>direct-declarator</i> <span style=
17482 'font-family:Symbol'>Þ</span></p>
17483 <p class="TextFontCX" style='text-indent:.5in'><i>
17484 direct-declarator</i> <span class="Annot"><span style=
17485 'font-size:10.0pt'>(</span></span><i>parameter-type-list<sub>opt</sub></i>
17486 <span class="Annot"><span style='font-size: 10.0pt'>)</span></span>
17487 <i>stateClause*<sub>opt</sub> globals<sub>opt</sub>
17488 modifies<sub>opt</sub></i></p>
17489 <p class="TextFontCX" style='text-indent:.5in'><i>|
17490 direct-declarator</i> <span class="Annot"><span style=
17491 'font-size:10.0pt'>(</span></span><i>identifier-list<sub>opt</sub></i>
17492 <span class="Annot"><span style='font-size: 10.0pt'>)</span></span>
17493 <i>stateClause*<sub>opt</sub> globals<sub>opt</sub>
17494 modifies<sub>opt</sub></i></p>
17495 <p class="TextFontCX"><i> </i></p>
17496 <p class="TextFontCX"><i>stateClause</i> <span style=
17497 'font-family:Symbol'>Þ</span> <span class=
17498 "Annot"><span style='font-size:10.0pt'>/*@</span></span> (
17499 <span class="Annot"><span style=
17500 'font-size:10.0pt'>uses</span></span> <i>|</i> <span class=
17501 "Annot"><span style='font-size:10.0pt'>sets</span></span>
17502 <i>|</i> <span class="Annot"><span style=
17503 'font-size:10.0pt'>defines</span></span> <i>|</i>
17504 <span class="Annot"><span style=
17505 'font-size:10.0pt'>allocates</span></span> <i>|</i>
17506 <span class="Annot"><span style=
17507 'font-size:10.0pt'>releases</span></span>)
17508 <i>reference,<sup>+</sup></i> <span class=
17509 "Annot"><span style='font-size:10.0pt'>;</span></span><i><sub>opt</sub></i>
17510 <span class="Annot"><span style=
17511 'font-size:10.0pt'>@*/</span></span></p>
17512 <p class="TextFontCX" align="right" style='text-align: right'>
17513 <i>
17514 |</i> <span class="Annot"><span style=
17515 'font-size:10.0pt'>/*@</span></span> ( <span class=
17516 "Annot"><span style='font-size:10.0pt'>ensures</span></span> |
17517 <span class="Annot"><span style=
17518 'font-size:10.0pt'>requires</span></span> ) <i>stateTag</i>
17519 <i>reference,<sup>+</sup></i> <span class=
17520 "Annot"><span style='font-size:10.0pt'>;</span></span><i><sub>opt</sub></i>
17521 <span class="Annot"><span style=
17522 'font-size:10.0pt'>@*/ </span></span>
17524 <p class="TextFontCX"><i> </i></p>
17525 <p class="TextFontCX"><i>stateTag</i> <span style=
17526 'font-family:Symbol'>Þ</span> <span class=
17527 "Annot"><span style='font-size: 10.0pt'>only</span></span>
17528 <i>|</i> <span class="Annot"><span style=
17529 'font-size: 10.0pt'>shared</span></span> <i>|</i>
17530 <span class="Annot"><span style=
17531 'font-size: 10.0pt'>owned</span></span> <i>|</i> <span class=
17532 "Annot"><span style=
17533 'font-size: 10.0pt'>dependent</span></span> <i>|</i>
17534 <span class="Annot"><span style=
17535 'font-size:10.0pt'>observer</span></span> <i>|</i>
17536 <span class="Annot"><span style=
17537 'font-size:10.0pt'>exposed</span></span> <i>|</i>
17538 <span class="Annot"><span style=
17539 'font-size:10.0pt'>isnull</span></span> <i>|</i> <span class=
17540 "Annot"><span style=
17541 'font-size:10.0pt'>notnull</span></span></p>
17542 <p class="TextFontCX" align="right" style=
17543 'text-align: right;text-indent:.5in'><i> |
17544 identifier </i>
17545 (Annotation defined by metastate definition, Section 10)</p>
17546 <p class="TextFontCX" style='text-indent:.5in'>
17547 <i> </i></p>
17548 <p class="TextFontCX"><i>globals</i> <span style=
17549 'font-family:Symbol'>Þ</span> <span class=
17550 "Annot"><span style='font-size: 10.0pt'>/*@globals</span></span>
17551 <i>globitem,<sup>+</sup></i> <span class="Annot"><span style=
17552 'font-size:10.0pt'>;</span></span><i><sub>opt</sub></i>
17553 <span class="Annot"><span style=
17554 'font-size:10.0pt'>@*/</span></span> <i>|</i> <span class=
17555 "Annot"><span style=
17556 'font-size:10.0pt'>/*@globals</span></span><i>declaration-list<sub>opt </sub></i>
17557 <span class="Annot"><span style=
17558 'font-size: 10.0pt'>;</span></span><i><sub>opt</sub></i><span class="Annot">
17559 <span style='font-size:10.0pt'>@*/</span></span><span class=
17560 "Keyword"><span style='font-size:10.0pt'> </span></span></p>
17561 <p class="TextFontCX"><i>globitem</i> <span style=
17562 'font-family:Symbol'>Þ</span> [ ( <span class=
17563 "Annot"><span style='font-size:10.0pt'>undef</span></span> |
17564 <span class="Annot"><span style=
17565 'font-size:10.0pt'>killed</span></span> )* ] <span class=
17566 "Keyword"><i><sub><span style=
17567 'font-size:10.5pt;font-family:"Times New Roman"'> </span></sub></i></span><i>
17568 identifier | </i> <span class="Annot"><span style=
17569 'font-size:10.0pt'>internalState</span></span><i>| </i>
17570 <span class="Annot"><span style=
17571 'font-size:10.0pt'>fileSystem</span></span></p>
17572 <p class="TextFontCX"><i> </i></p>
17573 <p class="TextFontCX"><i>modifies</i> <span style=
17574 'font-family:Symbol'>Þ</span> <span class=
17575 "Annot"><span style='font-size:10.0pt'>/*@modifies</span></span>
17576 (<span class="Annot"><span style=
17577 'font-size:10.0pt'>nothing</span></span> <i>|</i>
17578 (<i>expression</i> | <span class="Annot"><span style=
17579 'font-size:10.0pt'>internalState</span></span> | <span class=
17580 "Annot"><span style=
17581 'font-size:10.0pt'>fileSystem</span></span>)<i><sup>+</sup></i><span class="Annot">
17583 'font-size:10.0pt'>;</span></span><i><sub>opt</sub></i>)
17584 <span class="Annot"><span style=
17585 'font-size:10.0pt'>@*/</span></span><span class=
17586 "Keyword"><span style=
17587 'font-size:10.0pt'> </span></span></p>
17588 <p class="TextFontCX" align="right" style='text-align: right'>
17589 <span class="Keyword"><span style=
17590 'font-size:10.0pt'> </span></span> <i>|</i>
17591 <span class="Annot"><span style=
17592 'font-size:10.0pt'>/*@*/</span></span><span class=
17593 "Keyword"><span style='font-size:10.0pt'>
17594
17595 </span></span>(Abbreviation for
17596 no globals and modifies nothing.)</p>
17597 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
17598 <a name="_Toc534975066">Iterators</a> <span class=
17599 "TextFontCXChar"><span style=
17600 'font-size:11.0pt; font-weight:normal'>(Section
17601 11.4)</span></span></p>
17602 <p class="beforelist">The globals and modifies clauses for an
17603 iterator are the same as those for a function, except they are not
17604 enclosed by a comment, since the iterator is already a comment.</p>
17605 <p class="TextFontCX"><i>direct-declarator</i></p>
17606 <p class="TextFontCX" style='text-indent:.5in'><span style=
17607 'font-family:Symbol'>Þ</span> <span class=
17608 "Annot"><span style='font-size: 10.0pt'>/*@iter</span></span>
17609 <i>identifier</i> <span class="Annot"><span style=
17610 'font-size:10.0pt'>(</span></span><i>parameter-type-list<sub>opt</sub></i>
17611 <span class="Annot"><span style=
17612 'font-size:10.0pt'>)</span></span>
17613 <i>iterGlobals<sub>opt</sub> iterModifies<sub>opt</sub></i>
17614 <span class="Annot"><span style=
17615 'font-size:10.0pt'>@*/</span></span></p>
17616 <p class="TextFontCX"><i> </i></p>
17617 <p class="TextFontCX"><i>iter-globals</i> <span style=
17618 'font-family:Symbol'>Þ</span> <span class=
17619 "Annot"><span style='font-size: 10.0pt'>globals</span></span>
17620 <i>declaration-list<sub>opt</sub></i> <span class=
17621 "Annot"><span style=
17622 'font-size:10.0pt'>;</span></span><i><sub>opt</sub></i></p>
17623 <p class="TextFontCX"><i>iter-modifies</i> <span style=
17624 'font-family:Symbol'>Þ</span> <span class=
17625 "Annot"><span style='font-size: 10.0pt'>modifies</span></span><i>
17626 moditem,+</i><span class="Annot"><span style=
17627 'font-size:10.0pt'>;</span></span><i><sub>opt</sub></i><i>|</i>
17628 <span class="Annot"><span style=
17629 'font-size:10.0pt'> modifies
17630 nothing</span></span><span class="Annot"><span style=
17631 'font-size:10.0pt'>;</span></span><i><sub>opt</sub></i></p>
17632 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
17633 <a name="_Toc534975067">Constants</a> <span class=
17634 "TextFontCXChar"><span style=
17635 'font-size:11.0pt; font-weight:normal'>(Section
17636 11.1)</span></span></p>
17637 <p class="TextFontCX"><i>external-declaration</i>
17638 <span style='font-family:Symbol'>Þ</span> <span class=
17639 "Annot"><span style=
17640 'font-size: 10.0pt'>/*@constant</span></span> <i>declaration
17641 <sub> </sub></i><span class="Annot"><span style=
17642 'font-size:10.0pt'>;</span></span><i><sub>opt</sub></i><span class="Annot">
17643 <span style='font-size:10.0pt'>@*/</span></span></p>
17644 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
17645 <a name="_Toc534975068"></a><a name="_Ref344807420">Alternate
17646 Types</a> <span class="TextFontCXChar"><span style=
17647 'font-size:11.0pt; font-weight:normal'>(Section
17648 4.4)</span></span></p>
17649 <p class="beforelist">Alternate types may be used in the type
17650 specification of parameters and return values.</p>
17651 <p class="TextFontCX" align="left" style='text-align: left'>
17652 <i>extended-type</i><span style='font-family:Symbol'>Þ</span>
17653 <i>type-specifier alt-type <sub>opt</sub></i></p>
17654 <p class="TextFontCX"><i>alt-type</i> <span style=
17655 'font-family:Symbol'>Þ</span> <span class=
17656 "Annot"><span style='font-size: 10.0pt'>/*@alt</span></span>
17657 <i>basic-type,<sup>+</sup></i> <span class=
17658 "Annot"><span style='font-size:10.0pt'>@*/</span></span></p>
17659 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
17660 <a name="_Toc534975069">Declarator Annotations</a></p>
17661 <p class="TextFontCX">General annotations appear after
17662 <i>storage-class-specifier</i>s and before
17663 <i>type-specifier</i>s. Multiple annotations may be used in
17664 any order. Here, annotations are without the surrounding
17665 comment. In a declaration, the annotation would be surrounded
17666 by <span class="Annot"><span style=
17667 'font-size:10.0pt'>/*@</span></span> and <span class=
17668 "Annot"><span style='font-size:10.0pt'>@*/</span></span>. In
17669 a globals or modifies clause or iterator or constant declaration,
17670 no surrounding comments would be used since they are within a
17672 <p class="Heading10" align="left" style='text-align:left'>Type
17673 Definitions <span class="TextFontCXChar"><span style=
17674 'font-size:11.0pt; font-weight:normal'>(Section
17675 4.3)</span></span></p>
17676 <p class="beforelist">A type definition may use any either
17677 <span class="Annot"><span style=
17678 'font-size:10.0pt'>abstract</span></span> or <span class=
17679 "Annot"><span style='font-size:10.0pt'>concrete</span></span>,
17680 either <span class="Annot"><span style=
17681 'font-size:10.0pt'>mutable</span></span> or <span class=
17682 "Annot"><span style='font-size:10.0pt'>immutable</span></span>, and
17683 <span class="Annot"><span style=
17684 'font-size:10.0pt'>refcounted</span></span>. Only a pointer
17685 to a <span class="Annot"><span style=
17686 'font-size:10.0pt'>struct</span></span> may be declared with
17687 <span class="Annot"><span style=
17688 'font-size:10.0pt'>refcounted</span></span>. Mutability
17689 annotations may not be used with concrete types since concrete
17690 types inherit their mutability from the actual type.</p>
17691 <p class="TextFontCX"><span class="Annot"><span style=
17692 'font-size:10.0pt'>abstract</span></span></p>
17693 <p class="MsoNormal" style='margin-left:13.5pt'>Type is abstraction
17694 (representation is hidden from clients.)</p>
17695 <p class="TextFontCX"><span class="Annot"><span style=
17696 'font-size:10.0pt'>concrete</span></span></p>
17697 <p class="MsoNormal" style='margin-left:13.5pt'>Type is concrete
17698 (representation is visible to clients.)</p>
17699 <p class="TextFontCX"><span class="Annot"><span style=
17700 'font-size:10.0pt'>immutable</span></span></p>
17701 <p class="MsoNormal" style='margin-left:13.5pt'>Instances of the
17702 type cannot change value.</p>
17703 <p class="TextFontCX"><span class="Annot"><span style=
17704 'font-size:10.0pt'>mutable</span></span></p>
17705 <p class="MsoNormal" style='margin-left:13.5pt'>Instances of the
17706 type can change value.</p>
17707 <p class="TextFontCX"><span class="Annot"><span style=
17708 'font-size:10.0pt'>refcounted</span></span></p>
17709 <p class="IndentText">Reference counted (Section 5.4).</p>
17710 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
17711 <a name="_Toc534975070">Type Access</a></p>
17712 <p class="TextFontCX">Control comments may also be used to override
17713 type access settings.</p>
17714 <p class="TextFontCX"><span class="Annot"><span style=
17715 'font-size:10.0pt'> </span></span></p>
17716 <p class="TextFontCX"><span class="Annot"><span style=
17717 'font-size:10.0pt'>/*@access
17718 <i><type></i>,<sup>+</sup>@*/</span></span><span class=
17719 "Annot"><span style='font-size:10.0pt'> </span></span></p>
17720 <p class="IndentText">Allows the following code to access the
17721 representation of <span class="Annot"><i><span style=
17722 'font-size:10.0pt'><type></span></i></span>. Type
17723 access applies from the point of the comment to the end of the file
17724 or the next access control comment for this type.</p>
17725 <p class="TextFontCX"><span class="Annot"><span style=
17726 'font-size:10.0pt'>/*@noaccess</span></span> <span class=
17727 "Annot"><span style=
17728 'font-size:10.0pt'><i><type></i>,<sup>+</sup>@*/</span></span></p>
17729 <p class="IndentText">Restricts access to the representation of
17730 <span class="Annot"><i><span style=
17731 'font-size:10.0pt'><type></span></i></span>. The type
17732 in a <span class="Annot"><span style=
17733 'font-size:10.0pt'>noaccess</span></span> comment must have been
17734 declared as an abstract type. </p>
17735 <p class="Heading10">Global Variables <span class=
17736 "HeadingNote"><span style=
17737 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span>
17738 <span class="HeadingNote"><span style=
17739 'font-size:10.5pt;font-weight:normal;font-style: normal'>7.2</span></span><span class="HeadingNote">
17741 'font-size:10.5pt;font-weight:normal;font-style: normal'>)</span></span></p>
17742 <p class="beforelist">One check annotation may be used on a global
17743 or file-static variable declaration.</p>
17744 <p class="TextFontCX"><span class="Annot"><span style=
17745 'font-size:10.0pt'>unchecked</span></span></p>
17746 <p class="IndentText"><span class="Annot"><span style=
17747 'font-size:10.0pt;font-family: "Times New Roman"'>Weakest checking
17748 for global use.</span></span></p>
17749 <p class="TextFontCX"><span class="Annot"><span style=
17750 'font-size:10.0pt'>checkmod</span></span></p>
17751 <p class="IndentText"><span class="Annot"><span style=
17752 'font-size:10.0pt;font-family: "Times New Roman"'>Check
17753 modification by not use of global.</span></span></p>
17754 <p class="TextFontCX"><span class="Annot"><span style=
17755 'font-size:10.0pt'>checked</span></span></p>
17756 <p class="IndentText"><span class="Annot"><span style=
17757 'font-size:10.0pt;font-family: "Times New Roman"'>Check use and
17758 modification of global.</span></span></p>
17759 <p class="TextFontCX"><span class="Annot"><span style=
17760 'font-size:10.0pt'>checkedstrict</span></span></p>
17761 <p class="IndentText"><span class="Annot"><span style=
17762 'font-size:10.0pt;font-family: "Times New Roman"'>Check use of
17763 global, even in functions with no global list.</span></span></p>
17764 <p class="Heading10">Memory Management <span class=
17765 "HeadingNote"><span style=
17766 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span>
17767 <span class="HeadingNote"><span style=
17768 'font-size:10.5pt;font-weight:normal;font-style: normal'>3</span></span><span class="HeadingNote">
17770 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p>
17771 <p class="TextFontCX"><span class="Annot"><span style=
17772 'font-size:10.0pt'>dependent</span></span></p>
17773 <p class="IndentText"><span class="Annot"><span style=
17774 'font-size:10.0pt;font-family: "Times New Roman"'>A reference to
17775 externally-owned storage. (Section</span></span>
17776 <span class="Annot"><span style=
17777 'font-size:10.0pt;font-family:"Times New Roman"'>5.2.2</span></span><span class="Annot">
17779 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p>
17780 <p class="TextFontCX"><span class="Annot"><span style=
17781 'font-size:10.0pt'>keep</span></span></p>
17782 <p class="IndentText"><span class="Annot"><span style=
17783 'font-size:10.0pt;font-family: "Times New Roman"'>A parameter that
17784 is kept by the called function. The caller may use the
17785 storage after the call, but the called function is responsible for
17786 making sure it is deallocated. (Section</span></span>
17787 <span class="Annot"><span style=
17788 'font-size:10.0pt;font-family:"Times New Roman"'>5.2.4</span></span><span class="Annot">
17790 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p>
17791 <p class="TextFontCX"><span class="Annot"><span style=
17792 'font-size:10.0pt'>killref</span></span></p>
17793 <p class="IndentText">A <span class="Annot"><span style=
17794 'font-size:10.0pt'>refcounted</span></span> parameter. This
17795 reference is killed by the call. (Section 5.4)</p>
17796 <p class="TextFontCX"><span class="Annot"><span style=
17797 'font-size:10.0pt'>only</span></span></p>
17798 <p class="IndentText"><span class="Annot"><span style=
17799 'font-size:10.0pt;font-family: "Times New Roman"'>An unshared
17800 reference. Associated memory must be released before
17801 reference is lost.
17802 (Section </span></span><span class="Annot"><span style=
17803 'font-size:10.0pt;font-family:"Times New Roman"'>5.2</span></span><span class="Annot">
17805 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p>
17806 <p class="TextFontCX"><span class="Annot"><span style=
17807 'font-size:10.0pt'>owned</span></span></p>
17808 <p class="IndentText"><span class="Annot"><span style=
17809 'font-size:10.0pt;font-family: "Times New Roman"'>Storage may be
17810 shared by dependent references, but associated memory must be
17811 released before this reference is lost.
17812 (Section</span></span> <span class="Annot"><span style=
17813 'font-size:10.0pt;font-family:"Times New Roman"'>5.2.2</span></span><span class="Annot">
17815 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p>
17816 <p class="TextFontCX"><span class="Annot"><span style=
17817 'font-size:10.0pt'>shared</span></span></p>
17818 <p class="IndentText"><span class="Annot"><span style=
17819 'font-size:10.0pt;font-family: "Times New Roman"'>Shared reference
17820 that is never deallocated. (Section</span></span>
17821 <span class="Annot"><span style=
17822 'font-size:10.0pt;font-family:"Times New Roman"'>5.2.5</span></span><span class="Annot">
17824 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p>
17825 <p class="TextFontCX"><span class="Annot"><span style=
17826 'font-size:10.0pt'>temp</span></span></p>
17827 <p class="IndentText">A temporary parameter. May not be
17828 released, and new aliases to it may not be created. (Section
17830 <p class="Heading10">Aliasing <span class=
17831 "HeadingNote"><span style=
17832 'font-size: 10.5pt;font-weight:normal;font-style:normal'>(Section</span></span>
17833 <span class="HeadingNote"><span style=
17834 'font-size:10.5pt;font-weight:normal;font-style: normal'>6</span></span><span class="HeadingNote">
17836 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p>
17837 <p class="beforelist">Both alias annotations may be used on a
17838 parameter declaration.</p>
17839 <p class="TextFontCX"><span class="Annot"><span style=
17840 'font-size:10.0pt'>unique</span></span></p>
17841 <p class="IndentText"><span class="Annot"><span style=
17842 'font-size:10.0pt;font-family: "Times New Roman"'>Parameter that
17843 may not be aliased by any other reference visible to the function.
17844 (Section </span></span><span class="Annot"><span style=
17845 'font-size:10.0pt;font-family:"Times New Roman"'>6.1.1</span></span><span class="Annot">
17847 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p>
17848 <p class="TextFontCX"><span class="Annot"><span style=
17849 'font-size:10.0pt'>returned</span></span></p>
17850 <p class="IndentText"><span class="Annot"><span style=
17851 'font-size:10.0pt;font-family: "Times New Roman"'>Parameter that
17852 may be aliased by the return value. (Section</span></span>
17853 <span class="Annot"><span style=
17854 'font-size:10.0pt;font-family:"Times New Roman"'>6.1.2</span></span><span class="Annot">
17856 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p>
17857 <p class="Heading10">Exposure <span class=
17858 "HeadingNote"><span style=
17859 'font-size: 10.5pt;font-weight:normal;font-style:normal'>(Section</span></span>
17860 <span class="HeadingNote"><span style=
17861 'font-size:10.5pt;font-weight:normal;font-style: normal'>6.2</span></span><span class="HeadingNote">
17863 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p>
17864 <p class="TextFontCX"><span class="Annot"><span style=
17865 'font-size:10.0pt'>observer</span></span></p>
17866 <p class="IndentText"><span class="Annot"><span style=
17867 'font-size:10.0pt;font-family: "Times New Roman"'>Reference that
17868 cannot be modified. (Section</span></span> <span class=
17869 "Annot"><span style=
17870 'font-size:10.0pt;font-family:"Times New Roman"'>6.2.1</span></span><span class="Annot">
17872 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p>
17873 <p class="TextFontCX"><span class="Annot"><span style=
17874 'font-size:10.0pt'>exposed</span></span></p>
17875 <p class="IndentText"><span class="Annot"><span style=
17876 'font-size:10.0pt;font-family: "Times New Roman"'>Exposed reference
17877 to storage in another object. (Section</span></span>
17878 <span class="Annot"><span style=
17879 'font-size:10.0pt;font-family:"Times New Roman"'>6.2</span></span><span class="Annot">
17881 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p>
17882 <p class="Heading10">Definition State <span class=
17883 "HeadingNote"><span style=
17884 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span>
17885 <span class="HeadingNote"><span style=
17886 'font-size:10.5pt;font-weight:normal;font-style: normal'>3</span></span><span class="HeadingNote">
17888 'font-size:10.5pt;font-weight:normal;font-style: normal'>)</span></span></p>
17889 <p class="TextFontCX"><span class="Annot"><span style=
17890 'font-size:10.0pt'>out</span></span></p>
17891 <p class="IndentText"><span class="Annot"><span style=
17892 'font-size:10.0pt;font-family: "Times New Roman"'>Storage reachable
17893 from reference need not be defined.</span></span></p>
17894 <p class="TextFontCX"><span class="Annot"><span style=
17895 'font-size:10.0pt'>in</span></span></p>
17896 <p class="IndentText"><span class="Annot"><span style=
17897 'font-size:10.0pt;font-family: "Times New Roman"'>All storage
17898 reachable from reference must be defined.</span></span></p>
17899 <p class="TextFontCX"><span class="Annot"><span style=
17900 'font-size:10.0pt'>partial</span></span></p>
17901 <p class="IndentText"><span class="Annot"><span style=
17902 'font-size:10.0pt;font-family: "Times New Roman"'>Partially
17903 defined. A structure may have undefined fields. No
17904 errors reported when fields are used.</span></span></p>
17905 <p class="TextFontCX"><span class="Annot"><span style=
17906 'font-size:10.0pt'>reldef</span></span></p>
17907 <p class="IndentText"><span class="Annot"><span style=
17908 'font-size:10.0pt;font-family: "Times New Roman"'>Relax definition
17909 checking. No errors when reference is not defined, or when it
17910 is used.</span></span></p>
17911 <p class="Heading10">Global State <span class=
17912 "TextFontCXChar"><span style=
17913 'font-size:11.0pt; font-weight:normal'>(Section
17914 7.2.2)</span></span></p>
17915 <p class="TextFontCX">These annotations may only be used in globals
17916 lists. Both annotations may be used for the same variable, to
17917 mean the variable is undefined before and after the call.</p>
17918 <p class="TextFontCX"> </p>
17919 <p class="TextFontCX"><span class="Annot"><span style=
17920 'font-size:10.0pt'>undef</span></span></p>
17921 <p class="IndentText"><span class="Annot"><span style=
17922 'font-size:10.0pt;font-family: "Times New Roman"'>Variable is
17923 undefined before the call.</span></span></p>
17924 <p class="TextFontCX"><span class="Annot"><span style=
17925 'font-size:10.0pt'>killed</span></span></p>
17926 <p class="IndentText"><span class="Annot"><span style=
17927 'font-size:10.0pt;font-family: "Times New Roman"'>Variable is
17928 undefined after the call.</span></span></p>
17929 <p class="Heading10">Null State <span class=
17930 "HeadingNote"><span style=
17931 'font-size: 10.5pt;font-weight:normal;font-style:normal'>(Section</span></span>
17932 <span class="HeadingNote"><span style=
17933 'font-size:10.5pt;font-weight:normal;font-style: normal'>2</span></span><span class="HeadingNote">
17935 'font-size:10.5pt;font-weight:normal;font-style: normal'>)</span></span></p>
17936 <p class="TextFontCX"><span class="Annot"><span style=
17937 'font-size:10.0pt'>null</span></span></p>
17938 <p class="IndentText"><span class="Annot"><span style=
17939 'font-size:10.0pt;font-family: "Times New Roman"'>Possibly null
17940 pointer.</span></span></p>
17941 <p class="TextFontCX"><span class="Annot"><span style=
17942 'font-size:10.0pt'>notnull</span></span><span class=
17943 "Annot"><span style=
17944 'font-size:10.0pt'> </span></span></p>
17945 <p class="IndentText"><span class="Annot"><span style=
17946 'font-size:10.0pt;font-family: "Times New Roman"'>Non-null
17947 pointer.</span></span></p>
17948 <p class="TextFontCX"><span class="Annot"><span style=
17949 'font-size:10.0pt'>relnull</span></span></p>
17950 <p class="IndentText"><span class="Annot"><span style=
17951 'font-size:10.0pt;font-family: "Times New Roman"'>Relax null
17952 checking. No errors when</span></span> <span class=
17953 "CodeText"><span style=
17954 'font-size:10.0pt'>NULL</span></span><span class=
17955 "Annot"><span style=
17956 'font-size:10.0pt;font-family:"Times New Roman"'>is assigned to it,
17957 or when it is used as a non-null pointer.</span></span></p>
17958 <p class="Heading10">Null Predicates <span class=
17959 "HeadingNote"><span style=
17960 'font-size:10.5pt;font-weight:normal;font-style:normal'>(Section</span></span>
17961 <span class="HeadingNote"><span style=
17962 'font-size:10.5pt;font-weight:normal;font-style: normal'>2.1.1</span></span><span class="HeadingNote">
17964 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p>
17965 <p class="beforelist">A null predicate annotation may be used of
17966 the return value of a function returning a Boolean type, taking a
17967 possibly-null pointer for its first argument.</p>
17968 <p class="TextFontCX"><span class="Annot"><span style=
17969 'font-size:10.0pt'>nullwhentrue</span></span></p>
17970 <p class="IndentText"><span class="Annot"><span style=
17971 'font-size:10.0pt;font-family: "Times New Roman"'>If result is
17972 true, first parameter is</span></span> <span class=
17973 "CodeText"><span style=
17974 'font-size:10.0pt'>NULL</span></span><span class=
17975 "Annot"><span style=
17976 'font-size:10.0pt;font-family:"Times New Roman"'>.</span></span></p>
17977 <p class="TextFontCX"><span class="Annot"><span style=
17978 'font-size:10.0pt'>falsewhennull</span></span></p>
17979 <p class="IndentText"><span class="Annot"><span style=
17980 'font-size:10.0pt;font-family: "Times New Roman"'>If result
17981 is</span></span> <span class="CodeText"><span style=
17982 'font-size:10.0pt'>TRUE</span></span><span class=
17983 "Annot"><span style=
17984 'font-size:10.0pt;font-family:"Times New Roman"'>, first parameter
17985 is not</span></span> <span class="CodeText"><span style=
17986 'font-size:10.0pt'>NULL</span></span><span class=
17987 "Annot"><span style=
17988 'font-size:10.0pt;font-family:"Times New Roman"'>.</span></span></p>
17989 <p class="Heading10">Execution <span class=
17990 "HeadingNote"><span style=
17991 'font-size: 10.5pt;font-weight:normal;font-style:normal'>(Section</span></span>
17992 <span class="HeadingNote"><span style=
17993 'font-size:10.5pt;font-weight:normal;font-style: normal'>8.1</span></span><span class="HeadingNote">
17995 'font-size:10.5pt; font-weight:normal;font-style:normal'>)</span></span></p>
17996 <p class="beforelist">The <span class="Annot"><span style=
17997 'font-size:10.0pt'>noreturn</span></span>, <span class=
17998 "Annot"><span style='font-size:10.0pt'>maynotreturn</span></span>
17999 and <span class="Annot"><span style=
18000 'font-size:10.0pt'>alwaysreturn</span></span> annotations may be
18001 used on any function. The <span class=
18002 "Annot"><span style='font-size:10.0pt'>noreturnwhentrue</span></span>
18003 and <span class="Annot"><span style=
18004 'font-size:10.0pt'>noreturnwhenfalse</span></span>
18005 annotations may only be used on functions whose first
18006 argument is a Boolean. </p>
18007 <p class="TextFontCX"><span class="Annot"><span style=
18008 'font-size:10.0pt'>noreturn</span></span><span class=
18009 "Annot"><span style=
18010 'font-size:10.0pt'> </span></span></p>
18011 <p class="IndentText"><span class="Annot"><span style=
18012 'font-size:10.0pt;font-family: "Times New Roman"'>Function never
18013 returns.</span></span></p>
18014 <p class="TextFontCX"><span class="Annot"><span style=
18015 'font-size:10.0pt'>maynotreturn</span></span></p>
18016 <p class="IndentText"><span class="Annot"><span style=
18017 'font-size:10.0pt;font-family: "Times New Roman"'>Function may or
18018 may not return.</span></span></p>
18019 <p class="TextFontCX"><span class="Annot"><span style=
18020 'font-size:10.0pt'>noreturnwhentrue</span></span></p>
18021 <p class="IndentText"><span class="Annot"><span style=
18022 'font-size:10.0pt;font-family: "Times New Roman"'>Function does not
18023 return if first parameter is</span></span> <span class=
18024 "Keyword"><span style=
18025 'font-size:10.0pt'>TRUE</span></span><span class=
18026 "Annot"><span style=
18027 'font-size:10.0pt;font-family:"Times New Roman"'>.</span></span></p>
18028 <p class="TextFontCX"><span class="Annot"><span style=
18029 'font-size:10.0pt'>noreturnwhenfalse</span></span></p>
18030 <p class="IndentText"><span class="Annot"><span style=
18031 'font-size:10.0pt;font-family: "Times New Roman"'>Function does not
18032 return if first parameter if</span></span> <span class=
18033 "Keyword"><span style=
18034 'font-size:10.0pt'>FALSE</span></span><span class=
18035 "Annot"><span style=
18036 'font-size:10.0pt;font-family:"Times New Roman"'>.</span></span></p>
18037 <p class="TextFontCX"><span class="Annot"><span style=
18038 'font-size:10.0pt'>alwaysreturn</span></span></p>
18039 <p class="IndentText"><span class="Annot"><span style=
18040 'font-size:10.0pt;font-family: "Times New Roman"'>Function always
18041 returns.</span></span></p>
18042 <p class="Heading10">Side Effects <span style=
18043 'font-size:10.5pt;font-weight: normal'>(Section 11.2.1)</span></p>
18044 <p class="TextFontCX"><span class="Annot"><span style=
18045 'font-size:10.0pt'>sef</span></span></p>
18046 <p class="IndentText"><span class="Annot"><span style=
18047 'font-size:10.0pt;font-family:"Times New Roman"'>Corresponding
18048 actual parameter has no side effects.</span></span></p>
18049 <p class="Heading10">Declarations</p>
18050 <p class="beforelist">These annotations can be used on a
18051 declaration to control unused or undefined error reporting.</p>
18052 <p class="TextFontCX"><span class="Annot"><span style=
18053 'font-size:10.0pt'>unused</span></span></p>
18054 <p class="IndentText"><span class="Annot"><span style=
18055 'font-size:10.0pt;font-family: "Times New Roman"'>Identifier need
18056 not be used (no unused errors reported.)
18057 (Section</span></span> <span class="Annot"><span style=
18058 'font-size:10.0pt;font-family:"Times New Roman"'>13.1</span></span><span class="Annot">
18060 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p>
18061 <p class="TextFontCX"><span class="Annot"><span style=
18062 'font-size:10.0pt'>external</span></span></p>
18063 <p class="IndentText"><span class="Annot"><span style=
18064 'font-size:10.0pt;font-family: "Times New Roman"'>Identifier is
18065 defined externally (no undefined error reported.)
18066 (Section</span></span> <span class="Annot"><span style=
18067 'font-size:10.0pt;font-family:"Times New Roman"'>13.2</span></span><span class="Annot">
18069 'font-size:10.0pt;font-family:"Times New Roman"'>)</span></span></p>
18070 <p class="Heading10">Switch Statements</p>
18071 <p class="TextFontCX"><span class="Annot"><span style=
18072 'font-size:10.0pt'>fallthrough</span></span></p>
18073 <p class="IndentText"><span class="Annot"><span style=
18074 'font-size:10.0pt;font-family:"Times New Roman"'>Fall through
18075 case. No message is reported if the previous case may fall
18076 through into the one immediately after the</span></span>
18077 <span class="Annot"><span style=
18078 'font-size:10.0pt'>fallthrough</span></span><span class=
18079 "Annot"><span style=
18080 'font-size:10.0pt;font-family:"Times New Roman"'>.</span></span></p>
18081 <p class="Heading10">Break and Continue Statements
18082 <span class="TextFontCXChar"><span style=
18083 'font-size:11.0pt; font-weight:normal'>(Section
18084 8.3.3)</span></span></p>
18085 <p class="beforelist">These annotations are used before a
18086 <span class="CodeText"><span style=
18087 'font-size:10.0pt'>break</span></span> or <span class=
18088 "CodeText"><span style='font-size:10.0pt'>continue</span></span>
18090 <p class="TextFontCX"><span class="Annot"><span style=
18091 'font-size:10.0pt'>innerbreak</span></span></p>
18092 <p class="IndentText"><span class="Annot"><span style=
18093 'font-size:10.0pt;font-family: "Times New Roman"'>Break is breaking
18094 an inner loop or switch.</span></span></p>
18095 <p class="TextFontCX"><span class="Annot"><span style=
18096 'font-size:10.0pt'>loopbreak</span></span></p>
18097 <p class="IndentText"><span class="Annot"><span style=
18098 'font-size:10.0pt;font-family: "Times New Roman"'>Break is breaking
18099 a loop.</span></span></p>
18100 <p class="TextFontCX"><span class="Annot"><span style=
18101 'font-size:10.0pt'>switchbreak</span></span></p>
18102 <p class="IndentText"><span class="Annot"><span style=
18103 'font-size:10.0pt;font-family: "Times New Roman"'>Break is breaking
18104 a switch.</span></span></p>
18105 <p class="TextFontCX"><span class="Annot"><span style=
18106 'font-size:10.0pt'>innercontinue</span></span><span class=
18107 "Annot"><span style=
18108 'font-size:10.0pt'><i> </i></span></span></p>
18109 <p class="IndentText"><span class="Annot"><span style=
18110 'font-size:10.0pt;font-family: "Times New Roman"'>Continue is
18111 continuing an inner loop.</span></span></p>
18112 <p class="Heading10">Unreachable Code</p>
18113 <p class="beforelist">This annotation is used before a statement to
18114 prevent unreachable code errors.</p>
18115 <p class="TextFontCX"><span class="Annot"><span style=
18116 'font-size:10.0pt'>notreached</span></span></p>
18117 <p class="IndentText"><span class="Annot"><span style=
18118 'font-size:10.0pt;font-family: "Times New Roman"'>Statement may be
18119 unreachable.</span></span></p>
18120 <p class="Heading10">Format String Arguments </p>
18121 <p class="beforelist">These annotations are used immediately before
18122 a function declaration.</p>
18123 <p class="TextFontCX"><span class="Annot"><span style=
18124 'font-size:10.0pt'>printflike</span></span></p>
18125 <p class="IndentText"><span class="Annot"><span style=
18126 'font-size:10.0pt;font-family: "Times New Roman"'>Check variable
18127 arguments like</span></span> <span class=
18128 "CodeText"><span style='font-size:10.0pt'>printf</span></span><span class="Annot">
18130 'font-size:10.0pt;font-family:"Times New Roman"'>library
18131 function. </span></span></p>
18132 <p class="TextFontCX"><span class="Annot"><span style=
18133 'font-size:10.0pt'>scanflike</span></span></p>
18134 <p class="IndentText"><span class="Annot"><span style=
18135 'font-size:10.0pt;font-family: "Times New Roman"'>Check variable
18136 arguments like</span></span> <span class=
18137 "CodeText"><span style='font-size:10.0pt'>scanf</span></span><a name="_Toc344355453">
18138 </a><a name="_Ref343091002"></a><a name=
18139 "_Ref343065628"><span class="Annot"><span style=
18140 'font-size:10.0pt;font-family:"Times New Roman"'>library
18141 function.</span></span></a></p>
18142 <p class="Heading10"><a name="_Ref348789839">Use Warnings</a></p>
18143 <p class="beforelist">These annotations are used immediately before
18144 a function, variable or type declaration.</p>
18145 <p class="TextFontCX"><span class="Annot"><span style=
18146 'font-size:10.0pt'>warn <i><flag-specifier></i>
18147 <i><message></i></span></span></p>
18148 <p class="IndentText">Issue a warning (controlled by
18149 <span class="Flag"><span style=
18150 'font-size:10.0pt'>flag-specifier</span></span>) where this
18151 declarator is used.</p>
18152 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
18153 <a name="_Toc534975071">Macro Expansion</a></p>
18154 <p class="TextFontCX"><a href=
18155 "mailto:/*@notfunction@*/"><span class="Annot"><span style=
18156 'font-size:10.0pt'>/*@notfunction@*/</span></span></a></p>
18157 <p class="IndentText">The next macro definition is not intended to
18158 be a function, and should be expanded in line instead of checked as
18159 a macro function definition.</p>
18160 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
18161 <a name="_Toc534975072">Arbitrary Integral Types</a></p>
18162 <p class="TextFontCX">These annotations are used to represent
18163 arbitrary integral types. Syntactically, they replace the
18164 implicit <span class="Flag"><span style=
18165 'font-size:10.0pt'>int</span></span> type.</p>
18166 <p class="TextFontCX"> </p>
18167 <p class="TextFontCX"><span class="Annot"><span style=
18168 'font-size:10.0pt'>/*@integraltype@*/</span></span></p>
18169 <p class="IndentText">An arbitrary integral type. The actual
18170 type may be any one of <span class="CodeText"><span style=
18171 'font-size:10.0pt'>short</span></span>, <span class=
18172 "CodeText"><span style='font-size:10.0pt'>int</span></span>,
18173 <span class="CodeText"><span style=
18174 'font-size:10.0pt'>long</span></span>, <span class=
18175 "CodeText"><span style='font-size:10.0pt'>unsigned
18176 short</span></span>, <span class="CodeText"><span style=
18177 'font-size:10.0pt'>unsigned</span></span>, or <span class=
18178 "CodeText"><span style='font-size:10.0pt'>unsigned
18179 long</span></span>.</p>
18180 <p class="TextFontCX"><span class="Annot"><span style=
18181 'font-size:10.0pt'>/*@unsignedintegraltype@*/</span></span></p>
18182 <p class="IndentText">An arbitrary unsigned integral type.
18183 The actual type may be any one of <span class=
18184 "CodeText"><span style='font-size:10.0pt'>unsigned
18185 short</span></span>, <span class="CodeText"><span style=
18186 'font-size:10.0pt'>unsigned</span></span>, or <span class=
18187 "CodeText"><span style='font-size:10.0pt'>unsigned
18188 long</span></span>.</p>
18189 <p class="TextFontCX"><span class="Annot"><span style=
18190 'font-size:10.0pt'>/*@signedintegraltype@*/</span></span></p>
18191 <p class="IndentText">An arbitrary signed integral type. The
18192 actual type may be any one of <span class=
18193 "CodeText"><span style='font-size:10.0pt'>short</span></span>,
18194 <span class="CodeText"><span style=
18195 'font-size:10.0pt'>int</span></span>, or <span class=
18196 "CodeText"><span style=
18197 'font-size:10.0pt'>long</span></span>.</p>
18198 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
18199 <a name="_Toc534975073"></a><a name="_Ref347471625">Traditional
18200 Lint Comments</a></p>
18201 <p class="TextFontCX">Some of the control comments supported by
18202 most standard UNIX lints are supported by Splint so legacy systems
18203 can be checked more easily. These comments are not lexically
18204 consistent with Splint comments, and their meanings are less
18205 precise (and may vary between different lint programs), so we
18206 recommend that Splint comments are used instead except for checking
18207 legacy systems already containing standard lint comments.</p>
18208 <p class="TextFontCX"> </p>
18209 <p class="beforelist">These standard lint comments supported by
18211 <p class="TextFontCX"><span class="Annot"><span style=
18212 'font-size:10.0pt'>/*FALLTHROUGH*/</span></span> (alternate
18213 misspelling, <span class="Annot"><span style=
18214 'font-size:10.0pt'>/*FALLTHRU*/</span></span>)</p>
18215 <p class="IndentText">Prevents errors for fall through cases.
18216 Same meaning as <span class="Annot"><span style=
18217 'font-size:10.0pt'>/*@fallthrough@*/</span></span>.</p>
18218 <p class="MsoListBullet"><span class="Annot"><span style=
18219 'font-size:10.0pt'>/*NOTREACHED*/</span></span></p>
18220 <p class="IndentText">Prevents errors about unreachable code (until
18221 the end of the function). Same meaning as <span class=
18222 "Annot"><span style=
18223 'font-size:10.0pt'>/*@notreached@*/</span></span>. </p>
18224 <p class="MsoListBullet"><span class="Annot"><span style=
18225 'font-size:10.0pt'>/*PRINTFLIKE*/</span></span></p>
18226 <p class="indentbefore">Arguments similar to the <span class=
18227 "CodeText"><span style='font-size:10.0pt'>printf</span></span>
18228 library function (there didn’t seem to be much of a consensus
18229 among standard lints as to exactly what this means). Splint
18231 <p class="IndentText"><span class="Annot"><span style=
18232 'font-size:10.0pt'>/*@printflike@*/</span></span></p>
18233 <p class="IndentText" style='margin-left:.5in'>Function takes zero
18234 or more arguments of any type, an unmodified <span class=
18235 "CodeText"><span style='font-size:10.0pt'>char *</span></span>
18236 format string argument and zero of more arguments of type and
18237 number dictated by the format string. Format codes are
18238 interpreted identically to the <span class=
18239 "CodeText"><span style='font-size:10.0pt'>printf</span></span>
18240 standard library function. May return a result of any
18241 type. (Splint interprets <span class=
18242 "Annot"><span style=
18243 'font-size:10.0pt'>/*PRINTFLIKE*/</span></span> as
18244 <span class="Annot"><span style=
18245 'font-size:10.0pt'>/*@printflike@*/</span></span>.)</p>
18246 <p class="IndentText"><span class="Annot"><span style=
18247 'font-size:10.0pt'>/*@scanflike@*/</span></span></p>
18248 <p class="IndentText" style='margin-left:.5in'>Like
18249 <span class="Annot"><span style=
18250 'font-size:10.0pt'>printflike</span></span>, except format
18251 codes are interpreted as in the <span class=
18252 "CodeText"><span style='font-size:10.0pt'>scanf</span></span>
18253 library function.</p>
18254 <p class="IndentText"> </p>
18255 <p class="MsoListBullet" style='margin-left:0in;text-indent:0in'>
18256 <span class="Annot"><span style=
18257 'font-size:10.0pt'>/*ARGSUSED*/</span></span></p>
18258 <p class="IndentText">Turns off unused parameter messages for this
18259 function. The control comment, <span class=
18260 "Annot"><span style=
18261 'font-size:10.0pt'>/*@‑paramuse</span></span><span class="Annot">
18262 <span style='font-size:10.0pt'>@*/</span></span> can be used to the
18263 same effect, or <span class="Annot"><span style=
18264 'font-size:10.0pt'>/*@unused@*/</span></span> can be used in
18265 individual parameter declarations.</p>
18266 <p class="IndentText"> </p>
18267 <p class="TextFontCX">Splint will ignore standard lint comments if
18268 <span class="Flag"><span style=
18269 'font-size:10.0pt'>-lint-comments</span></span> is used. If
18270 <span class="Flag"><span style=
18271 'font-size:10.0pt'>+warn-lint-comments</span></span> is used,
18272 Splint generates a message for standard lint comments and suggest
18273 replacements<a name="_Ref348801565">.</a></p>
18274 <p class="MsoHeading8" style='margin-left:0in;text-indent:0in'>
18275 <a name="_Toc534975074">Metastate Definitions</a></p>
18276 <p class="TextFontCX">The grammar for <span class=
18277 "ProgramNameChar">.mts</span> files is shown below.</p>
18278 <p class="MsoNormal"> </p>
18279 <p class="TextFontCX" align="left" style=
18280 'margin-left: .25in;text-align:left'><i><span lang=
18281 "FR">metastate</span></i> <span lang="FR"> </span>
18282 <span style='font-family:Symbol'>Þ</span> <span lang=
18283 "FR">[</span> <span class="Annot"><span style=
18284 'font-size:10.0pt'>global</span></span> <span lang="FR">]</span>
18285 <span class="Annot"><span style=
18286 'font-size:10.0pt'>attribute</span></span> <i><span lang=
18287 "FR">identifier clause*</span></i> <span class=
18288 "Annot"><span style='font-size: 10.0pt'>end</span></span></p>
18289 <p class="TextFontCX" align="left" style=
18290 'margin-left: .25in;text-align:left'><i><span lang=
18291 "FR">clause</span></i> <span lang=
18292 "FR"> </span> <span style=
18293 'font-family:Symbol'>Þ</span> <i><span lang=
18294 "FR">contextClause</span></i> <span lang="FR">| <i>valuesClause</i>
18295 | <i>defaultClause | defaultsClause</i></span></p>
18296 <p class="TextFontCX" align="left" style=
18297 'margin-left: .75in;text-align:left;text-indent:.25in'>
18298 <i><span lang="FR"> </span></i>
18299 <span lang="FR">| <i>annotationsClause</i> | <i>mergeClause |
18300 transfersClause | loserefClause</i></span></p>
18301 <p class="TextFontCX" align="left" style=
18302 'margin-left: 1.25in;text-align:left'><i><span lang="FR">|
18303 preconditionsClause | postconditionsClause</span></i></p>
18304 <p class="TextFontCX" align="left" style=
18305 'margin-left: .25in;text-align:left'><i><span lang=
18306 "FR">contextClause</span></i><span style=
18307 'font-family:Symbol'>Þ</span> <span class=
18308 "Annot"><span style='font-size: 10.0pt'>context</span></span>
18309 <i><span lang="FR">contextSelector</span></i></p>
18310 <p class="TextFontCX" align="left" style=
18311 'margin-left: .25in;text-align:left'><i><span lang=
18312 "FR">contextSelector</span></i> <span style=
18313 'font-family:Symbol'>Þ</span> <span lang="FR">(</span>
18314 <span class="Annot"><span style=
18315 'font-size:10.0pt'>parameter</span></span> <span lang="FR">|</span>
18316 <span class="Annot"><span style=
18317 'font-size:10.0pt'>reference</span></span> <span lang="FR">|</span>
18318 <span class="Annot"><span style=
18319 'font-size:10.0pt'>result</span></span> <span lang="FR">|</span>
18320 <span class="Annot"><span style=
18321 'font-size:10.0pt'>clause</span></span> <span lang="FR">|</span>
18322 <span class="Annot"><span style=
18323 'font-size:10.0pt'>literal</span></span> <span lang="FR">|</span>
18324 <span class="Annot"><span style=
18325 'font-size:10.0pt'>null</span></span> <span lang="FR">) [
18326 <i>type</i> ]</span></p>
18327 <p class="TextFontCX" align="left" style=
18328 'margin-left: .25in;text-align:left'><i><span lang=
18329 "FR">valuesClause</span></i><span style=
18330 'font-family:Symbol'>Þ</span> <span class=
18331 "Annot"><span style='font-size: 10.0pt'>oneof</span></span>
18332 <i>valueChoice</i>,*</p>
18333 <p class="TextFontCX" align="left" style=
18334 'margin-left: .25in;text-align:left'> </p>
18335 <p class="TextFontCX" align="left" style=
18336 'margin-left: .25in;text-align:left'><i><span lang=
18337 "FR">defaultClause</span></i> <span style=
18338 'font-family:Symbol'>Þ</span> <span class=
18339 "Annot"><span style='font-size: 10.0pt'>default</span></span>
18340 <i>valueChoide</i></p>
18341 <p class="TextFontCX" align="left" style=
18342 'margin-left: .25in;text-align:left'><i><span lang=
18343 "FR">defaultsClause</span></i><span style=
18344 'font-family:Symbol'>Þ</span> <span class=
18345 "Annot"><span style='font-size: 10.0pt'>defaults</span></span>
18346 <span lang="FR">( <i>contextSelector</i></span> <span class=
18347 "Annot"><span style='font-size:10.0pt'>==></span></span>
18348 <i>valueChoice</i> <span lang="FR">)*</span></p>
18349 <p class="TextFontCX" align="left" style=
18350 'margin-left: .25in;text-align:left'><i><span lang=
18351 "FR"> </span></i></p>
18352 <p class="TextFontCX" align="left" style=
18353 'margin-left: .25in;text-align:left'><i><span lang=
18354 "FR">annotationsClause</span></i><span style=
18355 'font-family:Symbol'>Þ</span> <span class=
18356 "Annot"><span style='font-size: 10.0pt'>annotations</span></span>
18357 ( <i>identifier</i> [ <i><span lang=
18358 "FR">contextSelector</span></i> <span lang="FR">]</span>
18359 <span class="Annot"><span style=
18360 'font-size: 10.0pt'>==></span></span> <i>valueChoice</i>
18361 )<i><span lang="FR">*</span></i></p>
18362 <p class="TextFontCX" align="left" style=
18363 'margin-left: .25in;text-align:left'><i><span lang=
18364 "FR"> </span></i></p>
18365 <p class="TextFontCX" align="left" style=
18366 'margin-left: .25in;text-align:left'><i><span lang=
18367 "FR">mergeClause</span></i><span style=
18368 'font-family:Symbol'>Þ</span> <span class=
18369 "Annot"><span style='font-size: 10.0pt'>merge</span></span> (
18370 <i>mergeItem</i> <span class="Annot"><span style=
18371 'font-size:10.0pt'>+</span></span> <i>mergeItem</i>
18372 <span class="Annot"><span style=
18373 'font-size:10.0pt'>==></span></span> <i>transferAction</i>
18374 )<i><span lang="FR">*</span></i></p>
18375 <p class="TextFontCX" align="left" style=
18376 'margin-left: .25in;text-align:left'><i><span lang=
18377 "FR">mergeItem</span></i><span style=
18378 'font-family:Symbol'>Þ</span> <i>valueChoice |</i>
18379 <span class="Annot"><span style=
18380 'font-size:10.0pt'>*</span></span></p>
18381 <p class="TextFontCX" align="left" style=
18382 'margin-left: .25in;text-align:left'><i><span lang=
18383 "FR"> </span></i></p>
18384 <p class="TextFontCX" align="left" style=
18385 'margin-left: .25in;text-align:left'><i><span lang=
18386 "FR">transfersClause</span></i><span style=
18387 'font-family:Symbol'>Þ</span> <span class=
18388 "Annot"><span style='font-size: 10.0pt'>transfers</span></span>
18389 ( <i>valueChoice</i> <span class="Annot"><span style=
18390 'font-size:10.0pt'>as</span></span>
18391 <i>valueChoice</i><span class="Annot"><span style=
18392 'font-size:10.0pt'>==></span></span> <i>transferAction</i>
18393 )<i><span lang="FR">*</span></i></p>
18394 <p class="TextFontCX" align="left" style=
18395 'margin-left: .25in;text-align:left'><i><span lang=
18396 "FR">loserefClause</span></i><span style=
18397 'font-family:Symbol'>Þ</span> <span class=
18398 "Annot"><span style='font-size: 10.0pt'>losereference</span></span>
18399 ( <i>valueChoice</i> <span class="Annot"><span style=
18400 'font-size:10.0pt'>==></span></span> <i>errorAction</i>
18401 )<i><span lang="FR">*</span></i></p>
18402 <p class="TextFontCX" align="left" style=
18403 'margin-left: .25in;text-align:left'><i><span lang=
18404 "FR"> </span></i></p>
18405 <p class="TextFontCX" align="left" style=
18406 'margin-left: .25in;text-align:left'><i><span lang=
18407 "FR">transferAction</span></i><span style=
18408 'font-family:Symbol'>Þ</span> <i>valueChoice |
18409 errorAction</i></p>
18410 <p class="TextFontCX" align="left" style=
18411 'margin-left: .25in;text-align:left'>
18412 <i>errorAction</i><span style='font-family:Symbol'>Þ</span>
18413 <span class="Annot"><span style=
18414 'font-size:10.0pt'>error</span></span> [ <i>stringLiteral</i>
18416 <p class="TextFontCX" align="left" style=
18417 'margin-left: .25in;text-align:left'><i><span lang=
18418 "FR"> </span></i></p>
18419 <p class="TextFontCX" align="left" style=
18420 'margin-left: .25in;text-align:left'><i><span lang=
18421 "FR">valueChoice</span></i><span style=
18422 'font-family:Symbol'>Þ</span>
18423 <i>identifier</i> </p>
18424 <p class="TextFontCX"> </p>
18425 <p class="MsoHeading7" style='margin-left:0in;text-indent:0in'>
18426 <a name="_Toc534975075"></a><a name="_Ref397875216"></a><a name=
18427 "_Ref350066976"></a><a name="_Ref348788300">Appendix
18428 D<span style='font:7.0pt "Times New Roman"'> </span>
18429 <a id="specifications" name="specifications">
18433 <p class="TextFontCX">Another way of providing more information
18434 about programs is to use formal specifications. Although this
18435 document has largely ignored specifications, Splint was originally
18436 designed to use the information in LCL specifications instead of
18437 source-code annotations. This document focuses on annotations
18438 since it takes less effort to add annotations to source code than
18439 to maintain an additional specification file. Annotations can
18440 express everything that can be expressed in LCL specifications that
18441 is relevant to Splint checking. However, LCL specifications
18442 can provide more precise documentation on program interfaces than
18443 is possible with Splint annotations. This appendix (extracted
18444 from [Evans94]) is a very brief introduction to LCL
18445 Specifications. For more information, consult
18446 [GH93]. </p>
18447 <p class="TextFontCX"> </p>
18448 <p class="TextFontCX">The Larch family of languages is a two-tiered
18449 approach to formal specification. A specification is built using
18450 two languages — the <i>Larch Shared Language</i> (LSL), which
18451 is independent of the implementation language, and a <i>Larch
18452 Interface Language</i> designed for the specific implementation
18453 language. An LSL specification defines <i>sorts</i>,
18454 analogous to abstract types in a programming language, and
18455 <i>operators</i>, analogous to procedures. It expresses the
18456 underlying semantics of an abstraction.</p>
18457 <p class="TextFontCX"> </p>
18458 <p class="TextFontCX">The interface language specifies an interface
18459 to an abstraction in a particular programming language. It
18460 captures the details of the interface needed by a client using the
18461 abstraction and places constraints on both correct implementations
18462 and uses of the module. The semantics of the interface are
18463 described using primitives and sorts and operators defined in LSL
18464 specifications. Interface languages have been designed for
18465 several programming languages.</p>
18466 <p class="TextFontCX"> </p>
18467 <p class="TextFontCX">LCL [GH93, Tan95] is a Larch interface
18468 language for Standard C. LCL uses a C-like syntax.
18469 Traditionally, a C module <span class=
18470 "Keyword"><i><span style='font-size:10.0pt;font-family:Arial; color:windowtext'>
18471 M</span></i></span> consists of a source file, <span class=
18472 "Keyword"><i><span style=
18473 'font-size:10.0pt;font-family:Arial;color:windowtext'>M</span></i></span><span class="Keyword">
18475 'font-size:10.0pt;font-family:Arial;color:windowtext'>.c</span></span>,
18476 and a header file, <span class="Keyword"><i><span style=
18477 'font-size:10.0pt; font-family:Arial;color:windowtext'>M</span></i></span><span class="Keyword">
18479 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>.
18480 The header file contains prototype declarations for functions,
18481 variables and constants exported by <span class=
18482 "Keyword"><i><span style=
18483 'font-size:10.0pt; font-family:Arial;color:windowtext'>M</span></i></span>,
18484 as well as those macro definitions that implement exported
18485 functions or constants, and definitions of exported types. When
18486 using LCL, a module includes two additional files —
18487 <span class="Keyword"><i><span style=
18488 'font-size:10.0pt;font-family:Arial;color:windowtext'>M</span></i></span><span class="Keyword">
18490 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lcl</span></span>,
18491 a formal specification of <span class=
18492 "Keyword"><i><span style='font-size:10.0pt; font-family:Arial;color:windowtext'>
18493 M</span></i></span>, and <span class=
18494 "Keyword"><i><span style='font-size:10.0pt;font-family:Arial;color:windowtext'>
18495 M</span></i></span><span class="Keyword"><span style=
18496 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lh</span></span>,
18497 which is derived by Splint (if the <span class=
18498 "Flag"><span style='font-size:10.0pt'>lh</span></span> flag
18499 is on) from <span class="Keyword"><i><span style=
18500 'font-size:10.0pt;font-family:Arial;color:windowtext'>M</span></i></span><span class="Keyword">
18502 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lcl</span></span>.
18503 Clients use <span class="Keyword"><i><span style=
18504 'font-size:10.0pt;font-family: Arial;color:windowtext'>M</span></i></span><span class="Keyword">
18506 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lcl</span></span>
18507 for documentation, and should not need to look at any
18508 implementation file. The derived file, <span class=
18509 "Keyword"><i><span style=
18510 'font-size:10.0pt;font-family: Arial;color:windowtext'>M</span></i></span><span class="Keyword">
18512 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lh</span></span>,
18513 contains include directives (if <span class=
18514 "Keyword"><i><span style=
18515 'font-size: 10.0pt;font-family:Arial;color:windowtext'>M</span></i></span>
18516 depends on other specified modules), prototypes of functions and
18517 declarations of variables as specified in <span class=
18518 "Keyword"><i><span style=
18519 'font-size:10.0pt;font-family: Arial;color:windowtext'>M</span></i></span><span class="Keyword">
18521 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lcl</span></span>.
18522 The file <span class="Keyword"><i><span style=
18523 'font-size:10.0pt;font-family:Arial; color:windowtext'>M</span></i></span><span class="Keyword">
18525 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>
18526 should include <span class="Keyword"><i><span style=
18527 'font-size:10.0pt;font-family: Arial;color:windowtext'>M</span></i></span><span class="Keyword">
18529 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lh</span></span>
18530 and retain the implementation aspects of the old <span class=
18531 "Keyword"><i><span style=
18532 'font-size:10.0pt;font-family:Arial;color:windowtext'>M</span></i></span><span class="Keyword">
18534 'font-size:10.0pt;font-family:Arial;color:windowtext'>.h</span></span>,
18535 but is no longer used for c<a name="_Ref348845779">lient
18536 documentation.</a></p>
18537 <p class="MsoHeading9" style='margin-left:0in;text-indent:0in'>
18538 <a name="_Toc534975076">Specification Flags</a></p>
18539 <p class="TextFontCX">These flags are relevant only when Splint is
18540 used with LCL specifications.</p>
18541 <p class="Heading10">Global Flags</p>
18542 <p class="TextFontCX"><span class="Flag"><span style=
18543 'font-size:10.0pt'>lcs</span></span></p>
18544 <p class="IndentText">Generate <span class=
18545 "Keyword"><span style='font-size:10.0pt; font-family:Arial;color:windowtext'>
18546 .lcs</span></span> files containing symbolic state of
18547 <span class="Keyword"><span style=
18548 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lcl</span></span>
18549 files (used for imports). By default <span class=
18550 "Keyword"><span style=
18551 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lcs</span></span>
18552 files are generated for each <span class=
18553 "Keyword"><span style='font-size:10.0pt; font-family:Arial;color:windowtext'>
18554 .lcl</span></span> file processed. Use <span class=
18555 "Flag"><span style='font-size:10.0pt'>-lcs</span></span> to prevent
18556 generation of <span class="Keyword"><span style=
18557 'font-size:10.0pt;font-family: Arial;color:windowtext'>.lcs</span></span>
18559 <p class="TextFontCX"><span class="Flag"><span style=
18560 'font-size:10.0pt'>lh</span></span></p>
18561 <p class="IndentText">Generate <span class=
18562 "Keyword"><span style='font-size:10.0pt; font-family:Arial;color:windowtext'>
18563 .lh</span></span> files. By default, <span class=
18564 "Flag"><span style='font-size:10.0pt'>-lh</span></span> is set and
18565 no <span class="Keyword"><span style=
18566 'font-size:10.0pt;font-family:Arial;color:windowtext'>.lh</span></span>
18567 files are generated. Use <span class=
18568 "Flag"><span style='font-size:10.0pt'>+lh</span></span> to
18569 enable <span class="Flag"><span style=
18570 'font-size:10.0pt'>.lh</span></span> file
18571 generation. </p>
18572 <p class="TextFontCX"><span class="Flag"><span style=
18573 'font-size:10.0pt'>i</span></span> <span class=
18574 "Flag"><span style='font-size:10.0pt'><file></span></span></p>
18575 <p class="IndentText">Set LCL initialization file to
18576 <span class="Flag"><i><span style=
18577 'font-size:10.0pt'><file></span></i></span>. The
18578 LCL initialization file is read if any <span class=
18579 "Keyword"><span style=
18580 'font-size: 10.0pt;font-family:Arial;color:windowtext'>.lcl</span></span>
18581 files are listed on the command line. The default file
18582 is <span class="Keyword"><span style=
18583 'font-size:10.0pt;font-family:Arial;color:windowtext'>lclinit.lci</span></span>,
18584 found on the <span class="Keyword"><span style=
18585 'font-size:10.0pt;font-family: Arial;color:windowtext'>LARCH_PATH</span></span>.</p>
18586 <p class="TextFontCX"><span class="Flag"><span style=
18587 'font-size:10.0pt'>lclexpect</span></span> <span class=
18588 "Flag"><span style=
18589 'font-size:10.0pt'><i><number></i></span></span></p>
18590 <p class="IndentText">Exactly <span class=
18591 "Flag"><i><span style='font-size:10.0pt'><number></span></i></span>
18592 specification errors are expected. Specification errors
18593 are errors detected when checking the specifications.
18594 They do not depend on the source code.</p>
18595 <p class="Heading10">Implicit Globals Checking Qualifiers</p>
18597 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18598 height="14" align="left">
18600 <td valign="top" align="left" height="14" style=
18601 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18602 <p class="TextFontCX" align="center" style=
18603 'text-align:center;background:#CCCCCC'><span style=
18604 'font-size:10.0pt'>m:</span><span class=
18605 "Keyword"><span style='font-size:10.0pt'>-++-</span></span></p></td></tr></table></div>
18606 <p class="TextFontCX"><span class="Flag"><span style=
18607 'font-size:10.0pt'>imp-checked-spec-globs</span></span></p>
18608 <p class="IndentText">Implicit <span class=
18609 "Annot"><span style='font-size:10.0pt'>checked</span></span>
18610 qualifier on global variables specified in an LCL file with
18611 no checking annotation.</p>
18613 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18614 height="14" align="left">
18616 <td valign="top" align="left" height="14" style=
18617 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18618 <p class="TextFontCX" align="center" style=
18619 'text-align:center;background:#CCCCCC'><span style=
18620 'font-size:10.0pt'>m:</span><span class=
18621 "Keyword"><span style='font-size:10.0pt'>----</span></span></p></td></tr></table></div>
18622 <p class="TextFontCX"><span class="Flag"><span style=
18623 'font-size:10.0pt'>imp-checkmod-spec-globs</span></span></p>
18625 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18626 height="14" align="left">
18628 <td valign="top" align="left" height="14" style=
18629 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18630 <p class="TextFontCX" align="center" style=
18631 'text-align:center;background:#CCCCCC'><span style=
18632 'font-size:10.0pt'>m:</span><span class=
18633 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
18634 <p class="IndentText">Implicit <span class=
18635 "Annot"><span style='font-size:10.0pt'>checkmod</span></span>
18636 qualifier on global variables specified in an LCL file with
18637 no checking annotation.</p>
18638 <p class="TextFontCX"><span class="Flag"><span style=
18639 'font-size:10.0pt'>imp-checkedstrict-spec-globs</span></span></p>
18640 <p class="IndentText">Implicit <span class=
18641 "Annot"><span style='font-size:10.0pt'>checked</span></span>
18642 qualifier on global variables specified in an LCL file with
18643 no checking annotation.</p>
18645 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18646 height="14" align="left">
18648 <td valign="top" align="left" height="14" style=
18649 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18650 <p class="TextFontCX" align="center" style=
18651 'text-align:center;background:#CCCCCC'><span style=
18652 'font-size:10.0pt'>P:</span> <span class=
18653 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
18654 <p class="Heading10">Implicit Annotations</p>
18655 <p class="TextFontCX"><span class="Flag"><span style=
18656 'font-size:10.0pt'>spec-glob-imp-only</span></span></p>
18657 <p class="IndentText">Implicit <span class=
18658 "Annot"><span style='font-size:10.0pt'>only</span></span>
18659 annotation on global variable declaration in an LCL file with
18660 no allocation annotation.</p>
18662 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18663 height="14" align="left">
18665 <td valign="top" align="left" height="14" style=
18666 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18667 <p class="TextFontCX" align="center" style=
18668 'text-align:center;background:#CCCCCC'><span style=
18669 'font-size:10.0pt'>P:</span> <span class=
18670 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
18671 <p class="TextFontCX"><span class="Flag"><span style=
18672 'font-size:10.0pt'>spec-ret-imp-only</span></span></p>
18673 <p class="IndentText">Implicit <span class=
18674 "Annot"><span style='font-size:10.0pt'>only</span></span>
18675 annotation on return value declaration in an LCL file with no
18676 allocation annotation.</p>
18678 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18679 height="14" align="left">
18681 <td valign="top" align="left" height="14" style=
18682 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18683 <p class="TextFontCX" align="center" style=
18684 'text-align:center;background:#CCCCCC'><span style=
18685 'font-size:10.0pt'>P:</span> <span class=
18686 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
18687 <p class="TextFontCX"><span class="Flag"><span style=
18688 'font-size:10.0pt'>spec-struct-imp-only</span></span></p>
18689 <p class="IndentText">Implicit <span class=
18690 "Annot"><span style='font-size:10.0pt'>only</span></span>
18691 annotation on structure field declarations in an LCL file
18692 with no allocation annotation.</p>
18694 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18695 height="14" align="left">
18697 <td valign="top" align="left" height="14" style=
18698 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18699 <p class="TextFontCX" align="center" style=
18700 'text-align:center;background:#CCCCCC'><span style=
18701 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
18702 <p class="TextFontCX"><span class="Flag"><span style=
18703 'font-size:10.0pt'>spec-imp-only</span></span></p>
18704 <p class="IndentText">Sets <span class="Flag"><span style=
18705 'font-size:10.0pt'>spec-glob-imp-only</span></span>,
18706 <span class="Flag"><span style=
18707 'font-size:10.0pt'>spec-ret-imp-only</span></span> and
18708 <span class="Flag"><span style=
18709 'font-size:10.0pt'>spec-struct-imp-only</span></span>.</p>
18710 <p class="Heading10">Macro Expansion</p>
18712 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18713 height="14" align="left">
18715 <td valign="top" align="left" height="14" style=
18716 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18717 <p class="TextFontCX" align="center" style=
18718 'text-align:center;background:#CCCCCC'><span style=
18719 'font-size:10.0pt'>P:</span> <span class=
18720 "Keyword"><span style='font-size:10.0pt'>+</span></span></p></td></tr></table></div>
18721 <p class="TextFontCX"><span class="Flag"><span style=
18722 'font-size:10.0pt'>spec-macros</span></span></p>
18723 <p class="IndentText">Macros defining specified identifiers are not
18724 expanded and are checked according to the
18725 specification.<span class="Flag"><span style=
18726 'font-size:10.0pt'> </span></span></p>
18728 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18729 height="14" align="left">
18731 <td valign="top" align="left" height="14" style=
18732 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18733 <p class="TextFontCX" align="center" style=
18734 'text-align:center;background:#CCCCCC'><span style=
18735 'font-size:10.0pt'>m:</span><span class=
18736 "Keyword"><span style='font-size:10.0pt'>-+++</span></span></p></td></tr></table></div>
18737 <p class="Heading10">Complete Programs and Specifications</p>
18738 <p class="TextFontCX"><span class="Flag"><span style=
18739 'font-size:10.0pt'>spec-undef</span></span></p>
18740 <p class="IndentText">Function, variable, iterator or constant
18741 specified but never defined.</p>
18743 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18744 height="14" align="left">
18746 <td valign="top" align="left" height="14" style=
18747 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18748 <p class="TextFontCX" align="center" style=
18749 'text-align:center;background:#CCCCCC'><span style=
18750 'font-size:10.0pt'>P:</span> <span class=
18751 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
18752 <p class="TextFontCX"><span class="Flag"><span style=
18753 'font-size:10.0pt'>spec-undecl</span></span></p>
18754 <p class="IndentText">Function, variable, iterator or constant
18755 specified but never declared.</p>
18757 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18758 height="14" align="left">
18760 <td valign="top" align="left" height="14" style=
18761 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18762 <p class="TextFontCX" align="center" style=
18763 'text-align:center;background:#CCCCCC'><span style=
18764 'font-size:10.0pt'>P:</span> <span class=
18765 "Keyword"><span style='font-size:10.0pt'>-</span></span></p></td></tr></table></div>
18766 <p class="TextFontCX"><span class="Flag"><span style=
18767 'font-size:10.0pt'>need-spec</span></span></p>
18769 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18770 height="14" align="left">
18772 <td valign="top" align="left" height="14" style=
18773 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18774 <p class="TextFontCX" align="center" style=
18775 'text-align:center;background:#CCCCCC'><span style=
18776 'font-size:10.0pt'>shortcut</span></p></td></tr></table></div>
18777 <p class="IndentText">There is information in the specification
18778 that is not duplicated in syntactic comments. Normally, this
18779 is not an error, but it may be useful to detect it to make sure
18780 checking incomplete systems without the specifications will still
18781 use this information.</p>
18782 <p class="TextFontCX"><span class="Flag"><span style=
18783 'font-size:10.0pt'>export-any</span></span></p>
18785 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18786 height="14" align="left">
18788 <td valign="top" align="left" height="14" style=
18789 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18790 <p class="TextFontCX" align="center" style=
18791 'text-align:center;background:#CCCCCC'><span style=
18792 'font-size:10.0pt'>m:</span><span class=
18793 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
18794 <p class="IndentText">An error is reported for any identifier that
18795 is exported but not specified. (Sets all export flags
18797 <p class="TextFontCX"><span class="Flag"><span style=
18798 'font-size:10.0pt'>export-const</span></span></p>
18799 <p class="IndentText">Constant exported but not specified.</p>
18801 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18802 height="14" align="left">
18804 <td valign="top" align="left" height="14" style=
18805 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18806 <p class="TextFontCX" align="center" style=
18807 'text-align:center;background:#CCCCCC'><span style=
18808 'font-size:10.0pt'>m:</span><span class=
18809 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
18810 <p class="TextFontCX"><span class="Flag"><span style=
18811 'font-size:10.0pt'>export-var</span></span></p>
18812 <p class="IndentText">Variable exported but not specified.</p>
18814 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18815 height="14" align="left">
18817 <td valign="top" align="left" height="14" style=
18818 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18819 <p class="TextFontCX" align="center" style=
18820 'text-align:center;background:#CCCCCC'><span style=
18821 'font-size:10.0pt'>m:</span><span class=
18822 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
18823 <p class="TextFontCX"><span class="Flag"><span style=
18824 'font-size:10.0pt'>export-fcn</span></span></p>
18825 <p class="IndentText">Function exported but not specified.</p>
18827 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18828 height="14" align="left">
18830 <td valign="top" align="left" height="14" style=
18831 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18832 <p class="TextFontCX" align="center" style=
18833 'text-align:center;background:#CCCCCC'><span style=
18834 'font-size:10.0pt'>m:</span><span class=
18835 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
18836 <p class="TextFontCX"><span class="Flag"><span style=
18837 'font-size:10.0pt'>export-iter</span></span></p>
18838 <p class="IndentText">Iterator exported but not specified.</p>
18840 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18841 height="14" align="left">
18843 <td valign="top" align="left" height="14" style=
18844 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18845 <p class="TextFontCX" align="center" style=
18846 'text-align:center;background:#CCCCCC'><span style=
18847 'font-size:10.0pt'>m:</span><span class=
18848 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
18849 <p class="TextFontCX"><span class="Flag"><span style=
18850 'font-size:10.0pt'>export-macro</span></span></p>
18851 <p class="IndentText">An expanded macro exported but not
18854 <table cellspacing="0" cellpadding="0" hspace="0" vspace="0"
18855 height="14" align="left">
18857 <td valign="top" align="left" height="14" style=
18858 'padding-top:0in;padding-right: 9.35pt;padding-bottom:0in;padding-left:9.35pt'>
18859 <p class="TextFontCX" align="center" style=
18860 'text-align:center;background:#CCCCCC'><span style=
18861 'font-size:10.0pt'>m:</span><span class=
18862 "Keyword"><span style='font-size:10.0pt'>---+</span></span></p></td></tr></table></div>
18863 <p class="TextFontCX"><span class="Flag"><span style=
18864 'font-size:10.0pt'>export-type</span></span></p>
18865 <p class="IndentText">Type definition exported but not
18867 <p class="MsoHeading7" style='margin-left:0in;text-indent:0in'>
18868 <a name="_Toc534975077"></a><a name="_Ref534642451"></a><a name=
18869 "_Toc344355450">Appendix E<span style=
18870 'font:7.0pt "Times New Roman"'> </span>
18871 <a id="annotated" name="annotated">
18872 Annotated Bibliography</a></a></p>
18873 <h4 style='margin-left:0in;text-indent:0in'>Splint</h4>
18874 <p class="TextFontCX">All of these papers are available at
18875 <span style='font-size:10.0pt;font-family:Arial'><a href=
18876 "http://www.splint.org/publications/">http://www.splint.org/publications/</a></span>. </p>
18877 <p class="TextFontCX"> </p>
18878 <p class="TextFontCX" align="left" style='text-align: left'>
18879 [Barker01] Chris Barker. <i>Static Error Checking of C Applications
18880 Ported from UNIX to WIN32 Systems Using LCLint</i>. Senior Thesis,
18881 University of Virginia Deptartment of Computer Science. May
18883 <p class="TextFontCX" align="left" style='text-align: left'>
18885 <p class="IndentText">Describes annotations and checks useful for
18886 porting applications.</p>
18887 <p class="TextFontCX" align="left" style='text-align: left'>
18889 <p class="TextFontCX" align="left" style='text-align: left'>
18890 [Evans94] David Evans. <i>Using specifications to check source
18891 code</i>. MIT/LCS/TR 628, Laboratory for Computer Science,
18892 MIT, June 1994.</p>
18893 <p class="TextFontCX" align="left" style='text-align: left'>
18895 <p class="IndentText">MIT SM Thesis. Describes research
18896 behind Splint, focusing on how specifications can be exploited to
18897 do lightweight checking. Includes case studies using
18899 <p class="TextFontCX" align="left" style='text-align: left'>
18901 <p class="TextFontCX" align="left" style='text-align: left'>
18902 [EGHT94] David Evans, John Guttag, Jim Horning and Yang Meng
18903 Tan. <i>LCL</i><i>int: A tool for using specifications to
18904 check code</i>. SIGSOFT Symposium on the Foundations of
18905 Software Engineering, December 1994.</p>
18906 <p class="TextFontCX" align="left" style='text-align: left'>
18908 <p class="IndentText">Somewhat obsolete introduction to
18909 LCLint. Shows how LCLint is used to find errors in a sample
18911 <p class="TextFontCX" align="left" style='text-align: left'>
18913 <p class="TextFontCX" align="left" style='text-align: left'>
18914 [Evans96] David Evans. <i>Static Detection of Dynamic Memory
18915 Errors</i>. SIGPLAN Conference on Programming Language Design
18916 and Implementation (PLDI ’96), Philadelphia, PA., May
18918 <p class="TextFontCX" align="left" style='text-align: left'>
18920 <p class="IndentText">Describes approach for exploiting annotations
18921 added to code to detect a wide class of errors. Focuses on
18922 memory management checks described in Section 5 of this
18924 <p class="TextFontCX" align="left" style='text-align: left'>
18926 <p class="TextFontCX" align="left" style='text-align: left'>
18927 [Evans00] David Evans. <i>Annotation-Assisted Lightweight
18928 Static Checking. </i> First International Workshop on
18929 Automated Program Analysis, Testing and Verification.
18930 February, 2000.</p>
18931 <p class="IndentText"> </p>
18932 <p class="IndentText">Short position paper describing research
18933 agenda behind Splint.</p>
18934 <p class="IndentText" style='margin-left:0in'> </p>
18935 <p class="IndentText" style='margin-left:0in'>[Evans02] David Evans
18936 and David Larochelle. <i>Improving Security Using Extensible
18937 Lightweight Static Analysis</i>. IEEE Software, Jan/Feb
18939 <p class="IndentText" style='margin-left:0in'> </p>
18940 <p class="IndentText">Most security attacks exploit instances of
18941 well-known classes of implementations flaws. This article
18942 describes how Splint can be used to detect common security
18943 vulnerabilities (including buffer overflows and format string
18944 vulnerabilities).</p>
18945 <p class="IndentText"> </p>
18946 <p class="IndentText" style='margin-left:0in'>[Larochelle01] David
18947 Larochelle and David Evans. Statically Detecting Likely
18948 Buffer Overflow Vulnerabilities. 2001 USENIX Security
18949 Symposium, Washington, D. C., August 13-17, 2001. </p>
18950 <p class="IndentText"> </p>
18951 <p class="IndentText">Buffer overflow attacks may be today's single
18952 most important security threat. This paper describes how Splint can
18953 be used to detect likely vulnerabilities through an analysis of the
18954 program source code and presents experience using our approach to
18955 detect buffer overflow vulnerabilities in two security-sensitive
18957 <p class="IndentText"> </p>
18958 <h4 style='margin-left:0in;text-indent:0in'>C</h4>
18959 <p class="TextFontCX" align="left" style='text-align: left'>[ISO99]
18960 International Standard ISO/IEC 9899. <i>Programming languages
18961 – C.</i> Second edition. December 1999.</p>
18962 <p class="IndentText"> </p>
18963 <p class="IndentText">International standard specification for C
18964 programming language. Approved by ANSI May 2000.</p>
18965 <p class="TextFontCX" align="left" style='text-align: left'>
18967 <p class="TextFontCX" align="left" style='text-align: left'>[KR88]
18968 Brian W. Kernighan and Dennis M. Ritchie. <i>The C
18969 Programming Language</i>, second edition. Prentice Hall, New
18971 <p class="TextFontCX" align="left" style='text-align: left'>
18973 <p class="IndentText">Standard reference for ANSI C. If you
18974 haven’t heard of this one, you probably didn’t get this
18975 far (unless you started at the back).</p>
18976 <p class="TextFontCX" align="left" style='text-align: left'>
18978 <p class="TextFontCX" align="left" style='text-align: left'>[vdL94]
18979 Peter van der Linden. <i>Expert C Programming: Deep C
18980 Secrets</i>. SunSoft Press, Prentice Hall, New Jersey,
18982 <p class="TextFontCX" align="left" style='text-align: left'>
18984 <p class="IndentText">Filled with useful information on the darker
18985 corners of C, as well as lots of industry anecdotes and
18986 humor. Splint’s reserved name checking is loosely based
18987 on the list of reserved names in this book.</p>
18988 <h4 style='margin-left:0in;text-indent:0in'>Methodology</h4>
18989 <p class="TextFontCX" align="left" style='text-align: left'>[GH93]
18990 John Guttag and James Horning with Stephen J. Garland, Kevin D.
18991 Jones, Andrés Modet, and Jeannette M. Wing. <i>Larch:
18992 Languages and Tools for Formal Specification</i>. Springer-Verlag,
18993 Texts and Monographs in Computer Science, 1993.</p>
18994 <p class="IndentText"> </p>
18995 <p class="IndentText">Overview of the Larch family of specification
18996 languages and related tools. Includes a chapter on LCL, the
18997 Larch C interface language, on which Splint is based.</p>
18998 <p class="IndentText" style='margin-left:0in'> </p>
18999 <p class="TextFontCX" align="left" style='text-align: left'>[LG86]
19000 Barbara Liskov and John Guttag. <i>Abstraction and
19001 Specification in Program Development</i>, MIT Press, Cambridge, MA,
19003 <p class="IndentText"> </p>
19004 <p class="IndentText">Describes a programming methodology using
19005 abstract types and specified interfaces. Much of the
19006 methodology upon which Splint is based comes from this book.
19007 Uses the CLU programming language. </p>
19008 <p class="IndentText"> </p>
19009 <p class="TextFontCX" align="left" style='text-align: left'>
19010 [Liskov01] Barbara Liskov with John Guttag. <i>Program
19011 Development in Java</i>, Addison Wesley, 2001.</p>
19012 <p class="IndentText"> </p>
19013 <p class="IndentText">An updated version of [LG86] for the Java
19014 programming language. </p>
19015 <p class="IndentText"> </p>
19016 <p class="TextFontCX" align="left" style='text-align: left'>[Tan95]
19017 Yang Meng Tan. <i>Formal Specification Techniques for
19018 Engineering Modular C</i>. Kluwer International Series in
19019 Software Engineering, Volume 1, Kluwer Academic Publishers, Boston,
19021 <p class="MsoNormal" align="left" style='text-align:left'>
19023 <p class="IndentText">Modified and updated version of MIT Ph D
19024 thesis, previously published as MIT/LCS/TR-619, 1994.
19025 Includes presentation of the semantics of LCL and a case study
19027 <p class="IndentText" style='margin-left:0in'> </p>
19028 <h4 style='margin-left:0in;text-indent:0in'>Secure Programming</h4>
19029 <p class="TextFontCX" align="left" style='text-align: left'>[Hat95]
19030 Les Hatton. <i>Safer C: Developing Software for
19031 High-integrity and Safety-critical Systems</i>. McGraw-Hill
19032 International Series in Software Engineering, 1995.</p>
19033 <p class="TextFontCX" align="left" style='text-align: left'>
19035 <p class="IndentText">A broad work on all aspects of developing
19036 safety-critical software, focusing on the C language.
19037 Provides good justification for the use of C in safety-critical
19038 systems, and the necessity of tool-supported programming
19039 standards. Splint users will be interested to see how many of
19040 the errors listed as only being dynamically detectable can be
19041 detected statically by Splint.</p>
19042 <p class="IndentText" style='margin-left:0in'> </p>
19043 <p class="IndentText" style='margin-left:0in'>[VM02] John Viega and
19044 Gary McGraw. <i>Building Secure Software: How to Avoid
19045 Security Problems the</i> <i>Right Way</i><i>.</i>
19046 Addison-Wesley, 2002.</p>
19047 <p class="IndentText">A comprehensive survey of techniques and
19048 principles for building secure programs.</p>
19049 <p class="IndentText" style='margin-left:0in'> </p>
19050 <p class="IndentText" style='margin-left:0in'>See also [Evans02]
19052 [Larochelle01].</p></center></center></center></center></center></center></center></center></center></center></center></div>
19054 'font-size:11.0pt;font-family:"Times New Roman"'><br clear="all"
19055 style='page-break-before:right'></span>
19058 'font-size:11.0pt;font-family:"Times New Roman"'><br clear="all"
19059 style='page-break-before:auto'></span>
19060 <div class="Section8">
19061 <p class="IndentText"> </p></div>
19062 <div><br clear="all">
19064 <hr align="left" size="1" width="33%">
19066 <p class="MsoFootnoteText"><a href="#_ftnref1" name="_ftn1"
19067 title=""><span class="MsoFootnoteReference"><span class=
19068 "MsoFootnoteReference"><span style=
19069 'font-size:10.0pt;font-family:"Times New Roman"'>[1]</span></span></span></a>
19070 Lint is a common programming tool for detecting anomalies in C
19071 programs. S. C. Johnson developed the original lint in the
19072 late seventies, mainly because early versions of C did not
19073 support function prototypes. Splint was originally named
19074 LCLint because it was originally intended to check for
19075 inconsistencies between LCL specifications and C
19076 implementations. To reflect divergence from LCL and
19077 increased focus on detecting security vulnerabilities, the name
19078 was changed to Splint, short for “Specification
19079 Lint” and “Secure Programming Lint”.</p></div>
19081 <p class="MsoFootnoteText"><a href="#_ftnref2" name="_ftn2"
19082 title=""><span class="MsoFootnoteReference"><span class=
19083 "MsoFootnoteReference"><span style=
19084 'font-size:10.0pt;font-family:"Times New Roman"'>[2]</span></span></span></a>
19085 The meta-notation, <span class="Annot">item,<sup>+</sup></span>
19086 is used to denote a comma separated list of items. For
19088
19089 <span class="Annot">/*@access mstring, intSet@*/</span></p>
19090 <p class="MsoFootnoteText">allows access to the representations of
19091 both <span class="CodeText">mstring</span> and <span class=
19092 "CodeText">intSet</span>.) </p></div>
19094 <p class="MsoFootnoteText"><a href="#_ftnref3" name="_ftn3"
19095 title=""><span class="MsoFootnoteReference"><span class=
19096 "MsoFootnoteReference"><span style=
19097 'font-size:10.0pt;font-family:"Times New Roman"'>[3]</span></span></span></a>
19098 This section is largely based on [Evans96]. It
19099 semi-formally defines some of the terms needed to describe
19100 memory management checking; if you are satisfied with an
19101 intuitive understanding of these terms, this section may be
19104 <p class="MsoFootnoteText"><a href="#_ftnref4" name="_ftn4"
19105 title=""><span class="MsoFootnoteReference"><span class=
19106 "MsoFootnoteReference"><span style=
19107 'font-size:10.0pt;font-family:"Times New Roman"'>[4]</span></span></span></a>
19108 This is similar to the LISP storage model, except that objects
19109 are typed.</p></div>
19111 <p class="TextFontCX"><a href="#_ftnref5" name="_ftn5" title=
19112 ""><span class="MsoFootnoteReference"><span class=
19113 "MsoFootnoteReference"><span style=
19114 'font-size:11.0pt;font-family:"Times New Roman"'>[5]</span></span></span></a>
19115 <span style='font-size:10.0pt'>Except</span> <span class=
19116 "CodeText"><span style=
19117 'font-size:10.0pt'>sizeof</span></span><span style=
19118 'font-size:10.0pt'>, which does not need the value of its
19119 argument.</span></p></div>
19121 <p class="TextFontCX"><a href="#_ftnref6" name="_ftn6" title=
19122 ""><span class="MsoFootnoteReference"><span class=
19123 "MsoFootnoteReference"><span style=
19124 'font-size:11.0pt;font-family:"Times New Roman"'>[6]</span></span></span></a>
19125 If the storage is not assigned to a reference, an internal
19126 reference is created to track the storage.</p></div>
19128 <p class="MsoFootnoteText"><a href="#_ftnref7" name="_ftn7"
19129 title=""><span class="MsoFootnoteReference"><span class=
19130 "MsoFootnoteReference"><span style=
19131 'font-size:10.0pt;font-family:"Times New Roman"'>[7]</span></span></span></a>
19132 The declaration of <span class="CodeText">free</span> has a
19133 <span class="Annot">null</span> annotation on the parameter
19134 to indicate that the argument may be <span class=
19135 "CodeText">NULL</span>. According to [ISO, 7.20.3.2],
19136 <span class="CodeText">NULL</span> may be passed to
19137 <span class="CodeText">free</span> without no action.
19138 On some UNIX platforms, passing <span class=
19139 "CodeText">NULL</span> to free causes a program crash so the
19140 UNIX version of the standard library specifies <span class=
19141 "CodeText">free</span> without the <span class=
19142 "Annot">null</span> annotation on its parameter. To check
19143 that allocated objects are completely destroyed (e.g., all
19144 unshared objects inside a structure are deallocated before
19145 the structure is deallocated), Splint checks that any
19146 parameter passed as an <span class="CodeText">out only void
19147 *</span> does not contain references to live, unshared
19148 objects. This makes sense, since such a parameter could
19149 not be used sensibly in any way other than deallocating its
19152 <p class="MsoFootnoteText"><a href="#_ftnref8" name="_ftn8"
19153 title=""><span class="MsoFootnoteReference"><span class=
19154 "MsoFootnoteReference"><span style=
19155 'font-size:10.0pt;font-family:"Times New Roman"'>[8]</span></span></span></a>
19156 In versions of Splint before 3.0, the <span class=
19157 "Annot">noreturn</span> annotation was named <span class=
19158 "Annot">exits</span>. The <span class=
19159 "Annot">noreturn</span> annotation means the same thing, but is
19160 a more appropriate name. For legacy code, Splint still
19161 supports the <span class="Annot">exits</span> annotations.
19162 Similarly, <span class="Annot">maynotreturn</span> replaces
19163 <span class="Annot">mayexit</span>, <span class=
19164 "Annot">noreturnwhentrue</span> replaces <span class=
19165 "Annot">truexit</span> and <span class=
19166 "Annot">noreturnwhenfalse</span> replaces <span class=
19167 "Annot">falseexit</span>.</p></div>
19169 <p class="MsoFootnoteText"><a href="#_ftnref9" name="_ftn9"
19170 title=""><span class="MsoFootnoteReference"><span class=
19171 "MsoFootnoteReference"><span style=
19172 'font-size:10.0pt;font-family:"Times New Roman"'>[9]</span></span></span></a>The
19173 <span class="Annot">sef</span> annotation denotes a parameter as
19174 side effect free (see Section 11.2.1). We use
19175 <span class="CodeText">bool /*@alt int@*/</span> as the type
19176 of the parameter, to indicate that it may be either a Boolean
19177 or an integer.</p></div>
19179 <p class="MsoFootnoteText"><a href="#_ftnref10" name="_ftn10"
19180 title=""><span class="MsoFootnoteReference"><span class=
19181 "MsoFootnoteReference"><span style=
19182 'font-size:10.0pt;font-family:"Times New Roman"'>[10]</span></span></span></a>
19183 Peter van der Linden estimates that default fall through is the
19184 wrong behavior 97% of the time. [vdL95, p. 37]</p></div>
19186 <p class="MsoFootnoteText"><a href="#_ftnref11" name="_ftn11"
19187 title=""><span class="MsoFootnoteReference"><span class=
19188 "MsoFootnoteReference"><span style=
19189 'font-size:10.0pt;font-family:"Times New Roman"'>[11]</span></span></span></a>
19190 “Software Glitch Cripples AT&T Network”,
19191 Telephony, 22 January 1990.</p></div>
19193 <p class="MsoFootnoteText"><a href="#_ftnref12" name="_ftn12"
19194 title=""><span class="MsoFootnoteReference"><span class=
19195 "MsoFootnoteReference"><span style=
19196 'font-size:10.0pt;font-family:"Times New Roman"'>[12]</span></span></span></a>
19197 See [Larochelle01] for information on internal aspects of the
19198 checking.</p></div>
19200 <p class="MsoFootnoteText"><a href="#_ftnref13" name="_ftn13"
19201 title=""><span class="MsoFootnoteReference"><span class=
19202 "MsoFootnoteReference"><span style=
19203 'font-size:10.0pt;font-family:"Times New Roman"'>[13]</span></span></span></a>
19204 This section is largely based on [Evans02].</p></div>
19206 <p class="MsoFootnoteText"><a href="#_ftnref14" name="_ftn14"
19207 title=""><span class="MsoFootnoteReference"><span class=
19208 "MsoFootnoteReference"><span style=
19209 'font-size:10.0pt;font-family:"Times New Roman"'>[14]</span></span></span></a>
19210 C. Cowan et al., <i>FormatGuard: Automatic Protection from
19211 printf Format String Vulnerabilities</i>. 10th Usenix
19212 Security Symposium, 2001.</p></div>
19214 <p class="MsoFootnoteText"><a href="#_ftnref15" name="_ftn15"
19215 title=""><span class="MsoFootnoteReference"><span class=
19216 "MsoFootnoteReference"><span style=
19217 'font-size:10.0pt;font-family:"Times New Roman"'>[15]</span></span></span></a>
19218 To be completely correct, all the macro parameters should be
19219 evaluated before the macro has any side effects. Splint
19220 does not check this.</p></div>
19222 <p class="MsoFootnoteText"><a href="#_ftnref16" name="_ftn16"
19223 title=""><span class="MsoFootnoteReference"><span class=
19224 "MsoFootnoteReference"><span style=
19225 'font-size:10.0pt;font-family:"Times New Roman"'>[16]</span></span></span></a>
19226 Functions that do not produce to the same result each time they
19227 are called with the same arguments should be declared to modify
19228 <span class="Annot">internalState</span> so they will lead to
19229 errors if they are passed as <span class="Annot">sef</span>
19230 parameters.</p></div>
19232 <p class="MsoFootnoteText"><a href="#_ftnref17" name="_ftn17"
19233 title=""><span class="MsoFootnoteReference"><span class=
19234 "MsoFootnoteReference"><span style=
19235 'font-size:10.0pt;font-family:"Times New Roman"'>[17]</span></span></span></a>
19236 The most renowned C naming convention is the Hungarian naming
19237 convention, introduced by Charles Simonyi [Simonyi, Charles, and
19238 Martin Heller. “The Hungarian
19239 Revolution.” <i>BYTE</i>, August 1991, p.
19240 131-38]. The names for Splint naming conventions follow
19241 the tradition of using Central European nationalities as
19242 mnemonics for naming conventions. The Splint conventions
19243 are similar to the Hungarian naming convention in that they
19244 encode type information in names, except that the Splint
19245 conventions encode the names of accessible abstract
19246 types instead of the type of the declaration of return
19247 value. Prefixes used in the Hungarian naming convention
19248 are not supported by Splint.</p>
19249 <p class="MsoFootnoteText"> </p></div>
19251 <p class="MsoFootnoteText"><a href="#_ftnref18" name="_ftn18"
19252 title=""><span class="MsoFootnoteReference"><span class=
19253 "MsoFootnoteReference"><span style=
19254 'font-size:10.0pt;font-family:"Times New Roman"'>[18]</span></span></span></a>
19255 Of course, namespace prefixes should really be described by
19256 regular expressions. If there is sufficient interest (that
19257 is, someone volunteers to program it), regular expressions will
19258 be supported in a future version of Splint.</p></div>
19260 <p class="MsoFootnoteText"><a href="#_ftnref19" name="_ftn19"
19261 title=""><span class="MsoFootnoteReference"><span class=
19262 "MsoFootnoteReference"><span style=
19263 'font-size:10.0pt;font-family:"Times New Roman"'>[19]</span></span></span></a>
19264 POSIX library was contributed by Jens
19265 Schweikhardt.</p></div></div>
19266 <!--#include virtual="footer.html"-->
andersk / splint.git / blob