[splint-discuss] RE: Help on "Storage x may become null" error

Wed Apr 18 12:10:50 EDT 2007

---Original Code/Message---
I've got code that looks kind of like this:

-----------------
typedef struct
{
  int a;
  int b;
  char c;
} MY_OWN_TYPE;

static MY_OWN_TYPE gAType;

void init( void )
{

  // create a list of my own types
  MY_OWN_TYPE * listOfMyOwnType[2];

  // initialize item 0 to non-null value
  listOfMyOwnType[0] = &gAType;
  // initialize item 1 to null value
  listOfMyOwnType[1] = NULL; 

  // initializes item 1 to non-null value
  initializeItem1( &listOfMyOwnType[1] );
  // ensure value is not null
  ASSERT( NULL != listOfMyOwnType[1] );

  // pass list to function who wants list
  useMyOwnList( listOfMyOwnType );

  return;
}
----------------------------

-----Wenzel, Bodo Wrote-----
From: splint-discuss-bounces at cs.virginia.edu
[mailto:splint-discuss-bounces at cs.virginia.edu] On Behalf Of Wenzel,
Bodo
Sent: Tuesday, April 17, 2007 11:31 PM
To: splint-discuss at ares.cs.Virginia.EDU
Subject: [splint-discuss] RE: Help on "Storage x may become null" error

> Would you mind to show us your splint commandline, the declarations
and annotations for the called function,
> and so on, so that it's possible to reproduce your problem, please?

I only have "splint +paren-file-format file.c" plus my include flags and
defines for my own code.  The "+paren-file-format" is because I am
running on a WIN32 system.  I think my biggest problem is that I don't
understand why splint would think my variable "listOfMyOwnType" would
EVER become NULL.  Maybe I need to review the C-language.  The above
code is a snippet of code I wrote (and didn't test/compile) to match my
scenario, but is not an exact replica of my code.

I annotated the line during testing from:
<code>
  MY_OWN_TYPE * listOfMyOwnType[2];
</code>

to:
<code>
/*@null@*/  MY_OWN_TYPE * listOfMyOwnType[2];
</code>

Before the annotation I get the warnings:
"""
Possibly null storage listOfMyOwnType[] derivable from parameter
     useMyOwnList (..., listOfMyOwnType, ...)
   A possibly null pointer is reachable from a parameter or global
variable that
   is not declared using a /*@null@*/ annotation. (Use -nullstate to
inhibit
   warning)
"""
Then:
"""
Storage listOfMyOwnType[] may become null.
"""

After I make the annotation I get the two previous warnings plus the
following:
"""
  Index of possibly null pointer listOfMyOwnType: listOfMyOwnType
   A possibly null pointer is dereferenced.  Value is either the result
of a
   function which may return null (in which case, code should check it
is not
   null), or a global, parameter or structure field declared with the
null
   qualifier. (Use -nullderef to inhibit warning)
"""

I am just not seeing where "listOfMyOwnType" may become null.  If I put
checks like:

if (NULL != listOfMyOwnType)
{
  listOfMyOwnType[0] = &gAType;
}

the warnings go away (surprise).  I have to put this test around each
use of the variable.  This doesn't seem like a reasonable solution for
the example given, that is why I sent an e-mail to the list, to figure
out a reasonable solution.

Thanks in advance,

--
Keith Prickett