splint

[Miroslaw Dobrzanski-Neumann <mne mosaic-ag com>]

Good morning,

Have you considered the use of a lint tool for checking the correctness of
code?

The GPL tool "splint" is able to detect error in memory usage. All you need to
do is to add annotations to types, variables functions and parameter (as C
stylized comments) where needed. This has also an important side effect of
documenting the interfaces.

An example taken from gstring.h

GString* g_string_new (const gchar *init);

What happens with the parameter init? is it held by GString?
with
GString* g_string_new (/* temp@*/ const gchar *init);
one say init is neither freed nor aliased by the function.


Usage of annotations:

- Without annotation (the default will be taken)
  void f (char *p);
  or
  void f (/* temp@*/ char *p);

  the function f neither consume nor aliases the parameter p. So it is safe to
  call it with any storage

- memory consumption
  void f (/* only@*/ char *p);

  the function f consume the parameter p. p may not be used after a call to f
  f () must free p or assign / pass it to another consumer

- memory may ba aliased inside the function.
  void f (/* dependent@*/ char *p);

  generally care should be taken when after the function returns.

There are much more annotations which can precise describe the semantic of
code. splint does much more checking as a compiler (even gcc) can do.

p.s.
http://www.spling.org
-- 
Miroslaw Dobrzanski-Neumann

MOSAIC SOFTWARE AG
Base Development and Research
Tel +49-2225-882-291
Fax +49-2225-882-201
Office: mne mosaic-ag com
Home:   mirek-dn freenet de