[splint-discuss] Passed storage is stack
Carsten.Agger at tietoenator.com
Carsten.Agger at tietoenator.com
Wed Apr 23 07:21:45 PDT 2008
Here's another splint warning pattern which occurs very frequently in the code I'm reviewing:
struct_type s;
member_type m;
s = << ... >>
s.m = &m;
f(..., ..., &s, ..., ...);
Storage m.s reachable from passed parameter is stack (should be implicitly only): &s
Storage derivable from a parameter does not match the alias kind expected for
the formal parameter. (Use -compmempass to inhibit warning)
Enclosing the function call in /*@-compmempass@*/ ... /*@=compmempass@*/ would once again
not be a great option since we actually want the other parameters checked. So
what to do?
What I'd really like is to tell lint that yes, this storage is on the stack, but since the
function f will neither deallocate it nor keep it, this is quite okay.
I've tried to annotate the parameter corresponding to the structure (&s) as /*@dependent@*/,
and I've even tried to annotate the structure member (s.m) as /*@dependent@*/ too, but the
warning against stack storage continues.
Of course, an easy way out is:
s.m = (member_type *) malloc(sizeof(member_type));
f(..., ..., &s, ..., ...);
free(s.m);
... but while it actually works, it is not satisfactory - the first construction seems perfectly
all right from a memory management perspective, so I'd like a way to tell splint it's okay.
Any suggestions,
TIA & br
Carsten
More information about the splint-discuss
mailing list