I haven't had much time to work with lclint (now splint) in a while,
but I've been looking over the updated manual. Some of the new
features look really spiffy.
I notice, though, that it still doesn't understand realloc:
int main ()
{
char *p, *q;
p = malloc (42);
q = realloc (p, 14);
return 0;
}
This function gets no diagnostics, but it's wrong; whether realloc
succeeds or fails, one of the blocks will be leaked. If I drop 'q'
and the realloc call, splint does properly complain about the memory
leak.
Scanning the one-html-file version of the manual, I found no mention
of realloc at all. I think it's a rather important limitation to
point out -- and, perhaps, some ways to work around it.
The method I tried out last time was to create a function that would
accept a pointer to allocated storage and a size, and would return (by
return value and passed-in pointer) a pointer to allocated storage and
an indication of whether the size change was effective. Within the
function, I disabled the relevant warnings. It seemed to work okay.
Naturally, having splint actually understand realloc's behavior would
be far better, including the size of available storage space in both
success and failures cases, but I understand that's a difficult thing
to accomplish.
Ken
