«

Hi all.

Apologies, since this is more a tool question, than strictly a language
question, but hey, it seemed like an appropriate place to ask...

I'm a c newbie (and have been now for about 6 years!) and I'd like to use
an automatic tool to show me warnings about the following code:

#include <stdio.h>
int main(void){
int i=99999;
short s;
s=i;
printf("s is %d\n", s);
return 0;
}

Running splint against this gives:

another.c: (in function main)
another.c:5:3: Assignment of int to short int: s = i

which is exactly what I'm after. The downside? As soon as I use c99
constructs such as declaring variables after any statement, splint barfs
horribly with a "parse error" (I believe this is simply due to splint not
being updated to understand any c99 stuff yet).

I've already asked about gcc on the gcc-help mailing list, and apparently
the "-Wconversion" flag will soon do the same (although it doesn't at the
moment).

So I was wondering, what static verification tools do experienced C
programmers recommend at the moment? (or does everyone use splint, and
keep their c to c89/c90 rather than c99?)

Thanks in advance, Jaime

Op Wed, 6 Jun 2007 13:11:52 +0000 (UTC) schreef jaime:

> Hi all.
>
> Apologies, since this is more a tool question, than strictly a language
> question, but hey, it seemed like an appropriate place to ask...
>
> I'm a c newbie (and have been now for about 6 years!) and I'd like to use
> an automatic tool to show me warnings about the following code:
>
> #include <stdio.h>
> int main(void){
> int i=99999;
> short s;
> s=i;
> printf("s is %d\n", s);
> return 0;
> }
>
> Running splint against this gives:
>
> another.c: (in function main)
> another.c:5:3: Assignment of int to short int: s = i
>
> which is exactly what I'm after. The downside? As soon as I use c99
> constructs such as declaring variables after any statement, splint barfs
> horribly with a "parse error" (I believe this is simply due to splint not
> being updated to understand any c99 stuff yet).
>
> I've already asked about gcc on the gcc-help mailing list, and apparently
> the "-Wconversion" flag will soon do the same (although it doesn't at the
> moment).
>
> So I was wondering, what static verification tools do experienced C
> programmers recommend at the moment? (or does everyone use splint, and
> keep their c to c89/c90 rather than c99?)
>
This has nothing to do with c99 or c90.
What are (in your implememtation) sizeof(int) and sizeof(short)?
If CHAR_BIT is 8 and sizeof(short) is 2, 99999 won't fit in a short.
--
Coos

On Wed, 06 Jun 2007 20:22:13 +0200, Coos Haak wrote:

> Op Wed, 6 Jun 2007 13:11:52 +0000 (UTC) schreef jaime:
>
>> Hi all.
>>
>> Apologies, since this is more a tool question, than strictly a language
>> question, but hey, it seemed like an appropriate place to ask...
>>
>> I'm a c newbie (and have been now for about 6 years!) and I'd like to use
>> an automatic tool to show me warnings about the following code:
>>
>> #include <stdio.h>
>> int main(void){
>> int i=99999;
>> short s;
>> s=i;
>> printf("s is %d\n", s);
>> return 0;
>> }
>>
>> Running splint against this gives:
>>
>> another.c: (in function main)
>> another.c:5:3: Assignment of int to short int: s = i
>>
>> which is exactly what I'm after. The downside? As soon as I use c99
>> constructs such as declaring variables after any statement, splint barfs
>> horribly with a "parse error" (I believe this is simply due to splint not
>> being updated to understand any c99 stuff yet).
>>
>> I've already asked about gcc on the gcc-help mailing list, and apparently
>> the "-Wconversion" flag will soon do the same (although it doesn't at the
>> moment).
>>
>> So I was wondering, what static verification tools do experienced C
>> programmers recommend at the moment? (or does everyone use splint, and
>> keep their c to c89/c90 rather than c99?)
>>
> This has nothing to do with c99 or c90.
> What are (in your implememtation) sizeof(int) and sizeof(short)?
> If CHAR_BIT is 8 and sizeof(short) is 2, 99999 won't fit in a short.

Sorry - I can see I didn't explain myself very well.

I realize that fitting ints into shorts _isn't_ a c90/c99 issue, but splint
not being able to help me analyse my code _is_ a c90/c99 issue.

I write c, and I'd like to use tools to help me write better c. I'd like
to use splint, as it can show me easy-to-miss errors, like implicit
narrowing (an example of which I've given above), but if I write c99,
splint can't help me (if I write c90, splint _can_ help me).

As a clearer example, what tool can I use to point out the implicit
narrowing in the following piece of code?:

#include <stdio.h>
int main(void){
printf("Just a line to confuse splint");
int i=99999;
short s;
s=i;
printf("s is %d\n", s);
return 0;
}

splint returns:
another.c:4:6: Parse Error.

gcc is perfectly happy with this - no warnings, no (compile-time) errors.

But there's an implicit narrowing in there, that neither gcc nor splint
will tell me about. Do experienced c programmers check these things by
hand, or are there tools that help them?

jaime wrote:

> So I was wondering, what static verification tools do experienced C
> programmers recommend at the moment? (or does everyone use splint, and
> keep their c to c89/c90 rather than c99?)

I'm not planning on moving to C99 for a long time, currently I use my C code
on mainframes, as well as on embedded systems.

I do beleave the lint on Solaris has a -Xc99 flag, but I have not used it.

--
Tor <torust [at] online [dot] no>

Tor Rustad <> writes:
> jaime wrote:
>> So I was wondering, what static verification tools do experienced C
>> programmers recommend at the moment? (or does everyone use splint, and
>> keep their c to c89/c90 rather than c99?)
>
> I'm not planning on moving to C99 for a long time, currently I use
> my C code on mainframes, as well as on embedded systems.
>
> I do beleave the lint on Solaris has a -Xc99 flag, but I have not used it.

On Solaris 9, this program:

#include <stdio.h>
int main(void){
int i=99999;
short s;
s=i;
printf("s is %d\n", s);
double x;
return 0;
}

gives me this:

% lint -Xc99 c.c

variable unused in function
(7) x in main

assignment causes implicit narrowing conversion
(5)

function returns value which is always ignored
printf

The FAQ for splint says it implements most C99 features. I'm
surprised that mixing of declarations and statements isn't one of
them.

Note that *not* mixing declarations and statements is perfectly legal
in C99. You might consider restructuring your code. You can add
nested blocks if you need to.

--
Keith Thompson (The_Other_Keith) kst- <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"