Pelles C forum

General => Chit-Chat => Topic started by: JohnF on August 20, 2009, 08:56:11 am

Title: Splint
Post by: JohnF on August 20, 2009, 08:56:11 am
Has anyone managed to get Splint working, specifically when using windows headers?

It would be a good additional tool to have.

Splint is a tool for statically checking C programs for security vulnerabilities and coding mistakes.

John
Title: Re: Splint
Post by: TimoVJL on August 23, 2009, 08:22:29 am
I found this from net:
http://www.splint.org/vc.splintrc (http://www.splint.org/vc.splintrc)
.splintrc
Code: [Select]
-I.
-D_M_IX86=400
-DWIN32
-D_NTSYSTEM
-D_WIN32_WINNT=0x0400
-DWINVER=600
-DNOGDI
-DNOKERNEL
-DNOUSER
-DWIN32_LEAN_AND_MEAN
-likelybool
-D__int64=long
-D_int64=int
-D_wtoi=atoi
-DSTRICT
Title: Re: Splint
Post by: JohnF on August 23, 2009, 11:16:54 am
Thanks, yes I have that one.

I've managed to compile a version of Splint, it's huge, for me anyway. Have changed the way it loads its .splintrc to be splint.flags - seems more reasonable.

The .splintrc file (or splint.flags) btw has to be in the folder where splint is testing, not in the bin folder which is what I thought at first.

I've added -DHWND=void to that splintrc list that you showed.

Anyway, it's a good tool but getting it to accept windows headers will not be easy.

John
Title: Re: Splint
Post by: TimoVJL on August 24, 2009, 07:04:55 am
Can you put that splint.exe and those PellesC projectfiles to your homesite ?
Title: Re: Splint
Post by: JohnF on August 24, 2009, 08:26:27 am
The Splint.exe requires splint.flags to be in the folder you are testing which you will find in the bin folder..

The project on my site is here


http://www.johnfindlay.plus.com/pellesc/splint-3.0.1.6-2.win32.zip
 (http://www.johnfindlay.plus.com/pellesc/splint-3.0.1.6-2.win32.zip)

I have removed many files that were gcc specific, the original package can be had from here


http://www.splint.org/downloads/binaries/splint-3.0.1.6-2.win32.zip
 (http://www.splint.org/downloads/binaries/splint-3.0.1.6-2.win32.zip)

EDIT: for anyone interested - set up splint.exe to be called as a tool form the IDE. Set it to capture the output from splint.exe.

Arguments example - $(FileDir)\*.c

John
Title: Re: Splint
Post by: TimoVJL on August 25, 2009, 12:53:59 pm
I'm now testing Splint 3.1.1
From: http://lclint.cs.virginia.edu/downloads/binaries/splint-3.1.1.win32.zip (http://lclint.cs.virginia.edu/downloads/binaries/splint-3.1.1.win32.zip)

In PellesC IDE Tools:

Menu text:  Splint-3.1.1
Command:   C:\CODE\Splint-3.1.1\bin\Splint.exe
Arguments: $(FilePath)  -f C:\CODE\Splint-3.1.1\bin\.splintrc

Use output tab

Result using windef.h :

Splint 3.1.1 --- 12 April 2003

C:\Program Files\PellesC6\Include\Win\winnt.h(3012,13):
    Parse Error. (For help on parse errors, see splint -help parseerrors.)
*** Cannot continue.
*** Program return 1 ***

Title: Re: Splint
Post by: JohnF on August 25, 2009, 02:12:41 pm
Yes that's the problem.

If you try it on an C files that doesn't use any windows stuff it should be ok.

>>Arguments: $(FilePath)  -f C:\CODE\Splint-3.1.1\bin\.splintrc

However I'm not sure why you are calling up the .splintrc file, you should be testing a C file. Or have I misunderstood?

John
Title: Re: Splint
Post by: TimoVJL on August 25, 2009, 02:37:30 pm
>>Arguments: $(FilePath)  -f C:\CODE\Splint-3.1.1\bin\.splintrc

This way you don't have to worry about that working directory.
Title: Re: Splint
Post by: JohnF on August 25, 2009, 03:10:42 pm
>>Arguments: $(FilePath)  -f C:\CODE\Splint-3.1.1\bin\.splintrc

This way you don't have to worry about that working directory.


But you need to tell it where the C files are.

Arguments - $(FileDir)\*.c

Slpnit.exe will look in that folder for the .splintrc automatically.

John
Title: Re: Splint
Post by: Stefan Pendl on August 25, 2009, 03:17:58 pm
>>Arguments: $(FilePath)  -f C:\CODE\Splint-3.1.1\bin\.splintrc

This way you don't have to worry about that working directory.
But you need to tell it where the C files are.

Arguments - $(FileDir)\*.c

Slpnit.exe will look in that folder for the .splintrc automatically.
I think the -f switch is keeping you from the need to copy the configuration file to any folder containing source code to check, which in turn keeps it simple to update the settings if needed and check again.

No littering of the disk too.
Title: Re: Splint
Post by: JohnF on August 25, 2009, 03:22:42 pm
Oh, ok.

Of course you might want different splintrc files for different projects.

John

Title: Re: Splint
Post by: Stefan Pendl on August 25, 2009, 03:29:57 pm
Since this is a .rc file it is a UNIX utility, where you usually have the following order of precedence for .rc files:

For Windows the developer has to make sure to search for system-wide, user-specific and location-specific setting files.
Title: Re: Splint
Post by: JohnF on August 25, 2009, 03:48:01 pm
Since this is a .rc file it is a UNIX utility, where you usually have the following order of precedence for .rc files:
  • application installation folder
  • system configuration folder
  • executing user home folder
  • current working folder

For Windows the developer has to make sure to search for system-wide, user-specific and location-specific setting files.


Thanks for the information, I know nothing of Unix.

John
Title: Re: Splint
Post by: TimoVJL on August 26, 2009, 01:13:00 pm
http://lclint.cs.virginia.edu/downloads/binaries/splint-3.1.1.win32.zip
http://www.cs.virginia.edu/pipermail/splint-discuss/2006-May/000772.html
This config goes thru windows.h in PellesC 6 and i can check my own code too.
Code: [Select]
##### BEGIN .splintrc #####

-booltype BOOL

#naming

#-globalprefix g_
#+globalprefixexclude

#includes

-I.
-IC:\Progra~1\PellesC6\include
-IC:\Progra~1\PellesC6\include\Win

#Visual Studio .NET

-D_M_IX86=600
-DWIN32
-D_WIN32
-D_NTSYSTEM
-D_WIN32_WINNT=0x0400
-DWINVER=600
-DNOGDI
-DNOKERNEL
-DNOUSER
-DWIN32_LEAN_AND_MEAN
-likelybool
-D__int64=long
-D_int64=int
#-DHWND=void
-D_wtoi=atoi
-DSTRICT
-D__try=
-D__except(x)=
-Dlint
-DGetExceptionCode()=1
-noret
-nullret

-larchpath C:\CODE\Splint-3.1.1\lib
-lclimportdir C:\CODE\Splint-3.1.1\imports
-linelen 255

##### END .splintrc #####
Edit 2009-08-27: import -> imports
Title: Re: Splint
Post by: JohnF on August 26, 2009, 01:38:58 pm
I'm sure you have improved things but I get

------------------------------------------
D:\PellesC\Projects\pro\pro.c(24,1): Macro WIN32_LEAN_AND_MEAN already defined
  (0): Previous definition of WIN32_LEAN_AND_MEAN
D:\PellesC\Include\Win\winnt.h(2255,33): Parse Error. (For help on parse errors, see splint -help parseerrors.)
*** Cannot continue.
*** Program return 1 ***
-------------------------------------------

The second error in winnt.h is this line.

    RtlApplicationVerifierStop((Code), \

I'll have to make time to study all the options.

Thanks.

John
Title: Re: Splint
Post by: TimoVJL on August 27, 2009, 07:36:17 am
I use splint.exe from this package:
http://lclint.cs.virginia.edu/downloads/binaries/splint-3.1.1.win32.zip (http://lclint.cs.virginia.edu/downloads/binaries/splint-3.1.1.win32.zip)

SplintTest.c
Code: [Select]
#define WIN32_DEFAULT_LIBS
#include <windows.h>

splintrc.ini
Code: [Select]
##### BEGIN .splintrc #####

-booltype BOOL

#naming

#-globalprefix g_
#+globalprefixexclude

#includes

-I.
-IC:\Progra~1\PellesC6\include
-IC:\Progra~1\PellesC6\include\Win

#Visual Studio .NET

-D_M_IX86=600
-DWIN32
-D_WIN32
-D_NTSYSTEM
-D_WIN32_WINNT=0x0400
-DWINVER=600
-DNOGDI
-DNOKERNEL
-DNOUSER
-DWIN32_LEAN_AND_MEAN
-likelybool
-D__int64=long
-D_int64=int
#-DHWND=void
-D_wtoi=atoi
-DSTRICT
-D__try=
-D__except(x)=
-Dlint
-DGetExceptionCode()=1
-noret
-nullret

-larchpath C:\CODE\Splint-3.1.1\lib
-lclimportdir C:\CODE\Splint-3.1.1\imports
-linelen 255

##### END .splintrc #####

Result:
Code: [Select]
Splint 3.1.1 --- 12 April 2003

C:\Progra~1\PellesC6\include\Win\winnt.h: (in function MemoryBarrier)
C:\Progra~1\PellesC6\include\Win\winnt.h(2728,42): Variable Barrier declared but not used
  A variable is declared but never used. Use /*@unused@*/ in front of declaration to suppress message. (Use -varuse to inhibit warning)
< Location unknown >: Field name reused:
  Code cannot be parsed.  For help on parse errors, see splint -help parseerrors. (Use -syntax to inhibit warning)
< Location unknown >: Previous use of
C:\Progra~1\PellesC6\include\Win\winnt.h: (in function RtlSecureZeroMemory)
C:\Progra~1\PellesC6\include\Win\winnt.h(4973,12): Test expression for while not BOOL, type SIZE_T: cnt
  Test expression type is not boolean or int. (Use -predboolint to inhibit warning)
C:\Progra~1\PellesC6\include\Win\winnt.h(4973,19): Assignment of int to char: *vptr = 0
  Types are incompatible. (Use -type to inhibit warning)
C:\Progra~1\PellesC6\include\Win\winnt.h(4975,12): Implicitly temp storage ptr returned as implicitly only: ptr
  Temp storage (associated with a formal parameter) is transferred to a non-temporary reference. The storage may be released or new aliases created. (Use -temptrans to inhibit warning)
< Location unknown >: Previous use of
< Location unknown >: Previous use of

Finished checking --- 5 code warnings
*** Program return 1 ***
Title: Re: Splint
Post by: JohnF on August 27, 2009, 08:38:33 am
Yes that's a better splint.exe. Using your splintrc settings I get this for FindFile.c

Code: [Select]
Splint 3.1.1 --- 12 April 2003

D:\PellesC\Projects\Findfile_Uni\find.h(6,1): Macro WIN32_LEAN_AND_MEAN already defined
  Command Line: Previous definition of WIN32_LEAN_AND_MEAN
< Location unknown >: Field name reused:
  Code cannot be parsed.  For help on parse errors, see splint -help parseerrors. (Use -syntax to inhibit warning)
< Location unknown >: Previous use of
< Location unknown >: Previous use of
< Location unknown >: Previous use of
< Location unknown >: Previous use of
D:\PellesC\Projects\Findfile_Uni\FindFile.c(54,31): Static g_strDepends initialized to null value: g_strDepends = NULL
  A reference with no null annotation is assigned or initialized to NULL.  Use /*@null@*/ to declare the reference as a possibly null pointer. (Use -nullassign to inhibit warning)
D:\PellesC\Projects\Findfile_Uni\FindFile.c(54,31): Static g_strDepends initialized to null value: TCHAR * g_strDepends = NULL = NULL
D:\PellesC\Projects\Findfile_Uni\FindFile.c(65,45): Static pSubClassPictureBoxProc initialized to null value: pSubClassPictureBoxProc = NULL
D:\PellesC\Projects\Findfile_Uni\FindFile.c(65,45): Static pSubClassPictureBoxProc initialized to null value: WNDPROC pSubClassPictureBoxProc = NULL = NULL
D:\PellesC\Projects\Findfile_Uni\FindFile.c(66,43): Static pSubClassTextBoxProc initialized to null value: pSubClassTextBoxProc = NULL
D:\PellesC\Projects\Findfile_Uni\FindFile.c(66,43): Static pSubClassTextBoxProc initialized to null value: WNDPROC pSubClassTextBoxProc = NULL = NULL
D:\PellesC\Projects\Findfile_Uni\FindFile.c(67,47): Static pSubClassRenameEditBoxProc initialized to null value: pSubClassRenameEditBoxProc = NULL
D:\PellesC\Projects\Findfile_Uni\FindFile.c(67,47): Static pSubClassRenameEditBoxProc initialized to null value: WNDPROC pSubClassRenameEditBoxProc = NULL = NULL
D:\PellesC\Projects\Findfile_Uni\FindFile.c(68,43): Static pSubClassExtPaneProc initialized to null value: pSubClassExtPaneProc = NULL
D:\PellesC\Projects\Findfile_Uni\FindFile.c(68,43): Static pSubClassExtPaneProc initialized to null value: WNDPROC pSubClassExtPaneProc = NULL = NULL
D:\PellesC\Projects\Findfile_Uni\FindFile.c(93,19): Initializer block for g_dlg has 5 fields, but RD has 8 fields: 1, 3, 320, 203, 1
  Initializer does not set every field in the structure. (Use -fullinitblock to inhibit warning)
D:\PellesC\Projects\Findfile_Uni\FindFile.c(94,19): Initializer block for g_bk has 4 fields, but RD has 8 fields: 3, 4, 80, 204
D:\PellesC\Projects\Findfile_Uni\FindFile.c: (in function CallBackProc)
D:\PellesC\Projects\Findfile_Uni\FindFile.c(138,23): Initializer block for lvI has 1 field, but LVITEMA has 10 fields: 0
D:\PellesC\Projects\Findfile_Uni\FindFile.c(142,12): New fresh storage (type HWND) passed as implicitly temp (not released): GetDlgItem(g_hwndMain, 2)
  A memory leak has been detected. Storage allocated locally is not released before the last reference to it is lost. (Use -mustfreefresh to inhibit warning)
D:\PellesC\Projects\Findfile_Uni\FindFile.c(142,3): Return value (type HWND) ignored: SetFocus(GetDlgI...
  Result returned by function call is not used. If this is intended, can cast result to (void) to eliminate message. (Use -retvalother to inhibit warning)
D:\PellesC\Projects\Findfile_Uni\FindFile.c(147,34): New fresh storage (type HWND) passed as implicitly temp (not released): (GetDlgItem(g_hwndMain, 153))
D:\PellesC\Projects\Findfile_Uni\FindFile.c(149,3): Implicitly only storage lvI.pszText (type LPSTR) not released before assignment: lvI.pszText = NULL
  A memory leak has been detected. Only-qualified storage is not released before the last reference to it is lost. (Use -mustfreeonly to inhibit warning)
D:\PellesC\Projects\Findfile_Uni\FindFile.c(151,3): Return value (type LRESULT) ignored: SendDlgItemMessa...
D:\PellesC\Projects\Findfile_Uni\FindFile.c(157,28): Passed storage s not completely defined (*s is undefined): LoadStringA (..., s, ...)
  Storage derivable from a parameter, return value or global is not defined. Use /*@out@*/ to denote passed or returned storage which need not be defined. (Use -compdef to inhibit warning)
D:\PellesC\Projects\Findfile_Uni\FindFile.c(157,3): Return value (type int) ignored: LoadStringA(g_hI...
  Result returned by function call is not used. If this is intended, can cast result to (void) to eliminate message. (Use -retvalint to inhibit warning)
D:\PellesC\Projects\Findfile_Uni\FindFile.c(159,10): Parameter 1 (g_sGen0) to function strcat is declared unique but may be aliased externally by parameter 2 ((TCHAR *)name)
  A unique or only parameter may be aliased by some other parameter or visible global. (Use -mayaliasunique to inhibit warning)
D:\PellesC\Projects\Findfile_Uni\FindFile.c(160,3): Return value (type LRESULT) ignored: SendDlgItemMessa...
D:\PellesC\Projects\Findfile_Uni\FindFile.c(167,9): Parse Error. (For help on parse errors, see splint -help parseerrors.)
*** Cannot continue.
*** Program return 1 ***

Thanks for your input.

John