On Wed, Apr 21, 2010 at 10:19:34AM -0700, Harold Lee wrote: > I've used static analysis tools before, and they find many many more > bugs than compilers do. > > http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis > > They list tools for Python, Perl, PHP and JavaScript, proving that > dynamic languages can be safe too. These tools go much farther than a > type system by following the data flow in and out of functions. > > http://stackoverflow.com/questions/141498/what-open-source-c-static-analysis-tools-are-available > > It looks like the OSS splint program would find that infinite loop - > see the example here: > http://en.wikipedia.org/wiki/Splint_%28programming_tool%29
splint certainly provides useful output. I changed my code around so that the boundary condition would be -1 and use greater than. As splint warns, 0 could be confusing. I rant splint on both. In the case of the boundary condition -1 (Version 2), it warns that I am using two different types in my compare. Very nice. brian // Version 1. Compare to zero #include <stdio.h> int main() { int a[] = {5,6,8,3,4}; unsigned int i; // Compares to 0 for (i= (sizeof(a) -1)/sizeof(int) ; i >= 0; i--) { printf("%d\n",a[i]); } return 0; } br...@lamaquina:~/school/Project/practice$ splint test_loop.c Splint 3.1.2 --- 03 May 2009 test_loop.c: (in function main) test_loop.c:8:8: Assignment of arbitrary unsigned integral type to unsigned int: i = (sizeof((a)) - 1) / sizeof(int) To ignore type qualifiers in type comparisons use +ignorequals. test_loop.c:8:40: Comparison of unsigned value involving zero: i >= 0 An unsigned value is used in a comparison with zero in a way that is either a bug or confusing. (Use -unsignedcompare to inhibit warning) Finished checking --- 2 code warnings // Version 2 #include <stdio.h> int main() { int a[] = {5,6,8,3,4}; unsigned int i; // Version 2. Compare to -1 for (i= (sizeof(a) -1)/sizeof(int) ; i > -1; i--) { printf("%d\n",a[i]); } return 0; } br...@lamaquina:~/school/Project/practice$ splint test_loop.c Splint 3.1.2 --- 03 May 2009 test_loop.c: (in function main) test_loop.c:8:8: Assignment of arbitrary unsigned integral type to unsigned int: i = (sizeof((a)) - 1) / sizeof(int) To ignore type qualifiers in type comparisons use +ignorequals. test_loop.c:8:40: Operands of > have incompatible types (unsigned int, int): i > -1 To ignore signs in type comparisons use +ignoresigns Finished checking --- 2 code warnings -- Brian Lavender http://www.brie.com/brian/ "For every complex problem there is an answer that is clear, simple, and wrong." - H. L. Mencken _______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech