J
jacob navia
Many compilers check printf for errors, lcc-win32 too. But there are
other functions that would be worth to check, specially memset.
Memset is used mainly to clear a memory zone, receiving a pointer to
the start, the value (most of the time zero) and the size of the
memory array to clear.
Problems appear when the size given is not the size of the object
given as its first argument. For instance
void fn(void)
{
int array[128];
memset(array,0,128);
}
This will fail to clear the array entirely.
The compiler can check this kind of things when the size of the object
is known.
When the pointer given points to a structure/union/or array with known
size (i.e. its size is available at compilation time) I have added code
to check for this. If the size given is bigger than the size of the
object the compiler will now issue a warning. If the size is less, and
the value to set is zero, the compiler will issue a warning too, saying
that memset fails to clear completely the array.
Borderline cases:
What to do with unions?
You can use memset to clear a member of the union, without clearing the
whole union. I have choosen not to complain in this case. What do you think?
Other interesting cases arise with clearing of an array:
struct foo *p;
p = malloc(sizeof(struct foo)*123);
if (p) {
memset(p,0,123);
}
Supposing sizeof(struct foo) is 64, the given size is not
a multiple of the size of the structure.
Would it be possible to issue a warning here? or would it lead to
many "false positives" (unwarranted warnings) ?
Of course when the memory points to a primitive type (int/double, etc)
there is no way the compiler can check that the size given is
correct, specially of course in the case of chars, where sizeof is 1.
In other cases it should be a multiple of the element size, isn't it?
I.e. the size when clearing a int * should be a multiple of sizeof(int)
with a double * a multiple of sizeof double, etc.
What do you think?
Input appreciated.
Thanks for your time.
jacob
other functions that would be worth to check, specially memset.
Memset is used mainly to clear a memory zone, receiving a pointer to
the start, the value (most of the time zero) and the size of the
memory array to clear.
Problems appear when the size given is not the size of the object
given as its first argument. For instance
void fn(void)
{
int array[128];
memset(array,0,128);
}
This will fail to clear the array entirely.
The compiler can check this kind of things when the size of the object
is known.
When the pointer given points to a structure/union/or array with known
size (i.e. its size is available at compilation time) I have added code
to check for this. If the size given is bigger than the size of the
object the compiler will now issue a warning. If the size is less, and
the value to set is zero, the compiler will issue a warning too, saying
that memset fails to clear completely the array.
Borderline cases:
What to do with unions?
You can use memset to clear a member of the union, without clearing the
whole union. I have choosen not to complain in this case. What do you think?
Other interesting cases arise with clearing of an array:
struct foo *p;
p = malloc(sizeof(struct foo)*123);
if (p) {
memset(p,0,123);
}
Supposing sizeof(struct foo) is 64, the given size is not
a multiple of the size of the structure.
Would it be possible to issue a warning here? or would it lead to
many "false positives" (unwarranted warnings) ?
Of course when the memory points to a primitive type (int/double, etc)
there is no way the compiler can check that the size given is
correct, specially of course in the case of chars, where sizeof is 1.
In other cases it should be a multiple of the element size, isn't it?
I.e. the size when clearing a int * should be a multiple of sizeof(int)
with a double * a multiple of sizeof double, etc.
What do you think?
Input appreciated.
Thanks for your time.
jacob