How do I trigger Splint's abstract type checker?

Question

I want to use Splint to detect implicit casts between typedefs with the same underlying type, such as in the following code:

typedef int counter;
typedef int delta;

static int func(int a, int b, int c)
{
    return a + b + c;
}

int main(void)
{
    int a = 5;
    counter b = a;
    delta c = (int) 8;
    return func(a, b, c);
}

It looks like I can use Splint for this, but it doesn't produce any warnings. Even annotating both typedefs as abstract doesn't trigger it.

How do I get Splint to do "strong" type checking like this?

score 1 · Answer 1 · answered Jul 22 '14 at 17:19

Since you're using the types in the same file in which they're declared, Splint assumes that the file has access to the abstract type. You need to tell Splint that the file doesn't have access to the abstract type's internals using @noaccess@. For example, you can do

typedef /*@abstract@*/ int counter; /*@noaccess counter@*/
typedef /*@abstract@*/ int delta; /*@noaccess delta@*/

int main(void)
{
  int a = 5;
  counter /*@unused@*/ b = a;
  delta /*@unused@*/ c = (int) 8;
  return 0;
}

Note that you'll get a warning not only when assigning to b, but also to c, even with the cast.

How do I trigger Splint's abstract type checker?

1 Answers1