next up previous
Next: The control flow graph Up: Analysis Previous: Analysis
Gasta Homepage: Home page

Introduction

If we look the Figure 8, LCLint will produce errors like this : 

sample.c:8:10: Possibly null storage ptrTemp 
returned as non-null: ptrTemp
Function returns a possibly null pointer, 
but is not declared using /*@null@*/ 
annotation of result.  If function may return 
NULL, add /*@null@*/ annotation to the return 
value declaration. (-nullret will suppress 
message) sample.c:7:13: Storage ptrTemp may 
become null.
This kind of warnings can be suppressed by annotations like shown in the second code on Figure 7. For the moment, annotations must be provided by the user and, our goal is to provide a tool which will automatically annotate the source code. It has two advantages. First, it will suppress false alarms generated by LCLint and secondly, it will help to understand legacy code. In the example, you will know by annotations that mymalloc() can return an incomplete and maybe null pointer.

To automatically annotate the source code, we split our work in three part. The first one is the extraction of the control flow graph (CFG) using our visitor. We produce one CFG per function. The second step is the implentation of an iterative algorithm for reaching annotations inspired by this described in [1] known as iterative algoritm for reaching definitions. Then, the last work is the extension of the analysis to a set of functions.

Figure 7: sample.c without LCLint annotations
\fbox{\begin{minipage}{7cm} \begin{small} \begin{tabbing} t \= tt \= \kill \\ ... ...;\\ \>\>return ptrTemp;\\ \>\}\\ \par \end{tabbing}\end{small}\end{minipage}}

Figure 8: sample.c with LCLint annotations
\fbox{\begin{minipage}{7cm} \begin{small} \begin{tabbing} t \= tt \= \kill \\ ... ...;\\ \>\>return ptrTemp;\\ \>\}\\ \par \end{tabbing}\end{small}\end{minipage}}

next up previous
Next: The control flow graph Up: Analysis Previous: Analysis
Guillaume Thouvenin 2001-10-01