Overall I think the idea of extending splint to additional
non-pOSIX API's is perfectly sane and useful Static annotations
have a usage case, for automated QA testing, for detecting
mis-use of API's and more.
But there are gonna be gotchas:
1) API's change in the "real world"
Whatever you carry in splint MUST be maintained somehow.
There's the additional pain of whatever works on, say
rhel6 with sqlite-3.6.23.1 may not be useful "portably".
C'est la vie (but you need to warn users up front).
2) Manually applying annotations is quite a chore
Literally months if not years of my life has
been spent staring at splint spewage. Like all
lint-like approaches there's an _ENORMOUS_ amount
of warnings that need to be studied if working carefully.
Automated tools (like what ISPRAS is doing, also sensitive to
' splint annotations) are gonna be needed to succeed in populating
a store of statically annotated API's imho.
3) the splint C parser has some issues still
Finding which file had "parser errors" by bisecting
the file inputs using splint, while much improved, still
has a ways to go to Just Work. You other additions to
splint (seen while annotating) are quite nice, get a new
release out for splint, you have nothing to be embarrased about imho.
(aside)
ISPRAS == Institute of System Programming, Russian Academy of Sciences
These are the people who are putting meat & muscle into LSB "standard"
interface testing. The tools ISPRAS is developing are quite pleasant to
use, with web displays and low barriers to entry. See this link
http://linuxtesting.org/upstream-tracker/
for one extremely useful (imho) tool tracking ABI's through versions.
I can attest to the quality of the tool because two interfaces
that I am responsible for creating/maintaining RPM & POPT are there.
The tool does indeed find problem areas accurately.
Another tool is their "shallow testing" scripts (which are quite easy
to extend with pre- and post- code snippet templates in XML called
abi-compliance-checker.pl
api-sanity-autotest.pl
which you can find a copy of in scripts/ from a top level check-out from
cvs -d :ext:anonym...@rpm5.org:/v/rpm/cvs get rpm
in the scripts/ sub-directory (I'm too lazy to find the link through
linuxfoundation atm -- I posted here on the splint mailing list
a couple months back).
With a little work at automation, and perhaps asking LSB or ISPRAS
to start generating splint files that Just Drop In automagically,
I think you have a very very sound approach to using splint
on OSS software.
hth
73 de Jeff
_______________________________________________
splint-discuss mailing list
splint-discuss@mail.cs.virginia.edu
http://www.cs.virginia.edu/mailman/listinfo/splint-discuss
