[splint-discuss] Splint-3.1.2 bugs - Mudflap
Derek M Jones
derek at knosof.co.uk
Fri Aug 1 07:33:02 PDT 2008
Michael,
>>> will initialize all members of op appropriately...
>> Verbosity (redundancy) has its uses. In this case it
>> provides the opportunity for tools to check whether the
>> number of fields expected by the developer is the same as the
>> number of fields that appear in the code.
>
> Not in the general case. The initializer {0, 0} will correctly
> initialize any aggregate with two or more fields, and should not produce
> a diagnostic if the type has more than two fields.
>
> See ISO 9899:1999 6.7.8 #21:
Full text here (plus commentary)
http://c0x.coding-guidelines.com/6.7.8.html
> Of course, an implementation (or any other tool) can produce any
> diagnostics it wants, but one in this case would lead to far too many
> false positives when run against typical well-written code. So it would
> have to be an option, and code would have to be written to cater to it;
> and that being the case, it could equally well be some kind of
> annotation.
False positives are a problem. However, redundancy is always useful in
that it provides an alternative view of the developers intent.
Inconsistency of intent is something that tools can zero in on.
There are two cases: 1) when too many initializers are provided (yes
a constraint error; but many compilers will happily 'recover' from it)
and 2) when insufficient initializers are present.
In both cases the developer may be unaware of changes to the number
of fields in the struct, or have incorrect beliefs about the number
of members.
Of course, if an array is involved it may be impractical to initialise
all of its elements.
--
Derek M. Jones tel: +44 (0) 1252 520 667
Knowledge Software Ltd mailto:derek at knosof.co.uk
Source code analysis http://www.knosof.co.uk
More information about the splint-discuss
mailing list