> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Derek M Jones
> Sent: Friday, 01 August, 2008 07:50
>
> >>> - struct operation op;
> >>> + struct operation op = {0,0,0,0,0};
> >> This adds extra runtime overhead, but clearly does not fix
> any real
> >> bug, unlike the other kinds of changes provided.
> >
> > It's also unnecessarily verbose, since:
> >
> > struct operation op = {0};
> >
> > will initialize all members of op appropriately...
>
> Verbosity (redundancy) has its uses. In this case it
> provides the opportunity for tools to check whether the
> number of fields expected by the developer is the same as the
> number of fields that appear in the code.
Not in the general case. The initializer {0, 0} will correctly
initialize any aggregate with two or more fields, and should not produce
a diagnostic if the type has more than two fields.
See ISO 9899:1999 6.7.8 #21: "If there are fewer initializers in a
brace-enclosed list than there are elements or members of an aggregate,
or fewer characters in a string literal used to initialize an array of
known size than there are elements in the array, the remainder of the
aggregate shall be initialized implicitly the same as objects that have
static storage duration".
Of course, an implementation (or any other tool) can produce any
diagnostics it wants, but one in this case would lead to far too many
false positives when run against typical well-written code. So it would
have to be an option, and code would have to be written to cater to it;
and that being the case, it could equally well be some kind of
annotation.
And to what end? Often aggregate data types are partly abstract for
consumers, and the initializing code doesn't need to, and shouldn't,
know how many fields the structure has.
APIs that use aggregate types are often defined in terms of:
- include header X
- define struct Y
- set Y.a and Y.b
- call Z passing Y
Such an API, if written sensibly, can tolerate changes to the structure
in the implementation that are not reflected by source changes in the
consumer, provided the consumer initializes the structure correctly.
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus
_______________________________________________
splint-discuss mailing list
splint-discuss@mail.cs.virginia.edu
http://www.cs.virginia.edu/mailman/listinfo/splint-discuss
