0

Here's the code

int main(){
    int a=1;
    a=2;
    a=3;
    return a;
}

I checked the code with splint and it says "no warnings". Actually, a is reassigned 3 before the old value 2 is used. This may sign a potential defect.

What command-line arguments should I pass to find the flaw, or splint just ignores the problem?

ricyn
  • 1
  • 1
    This is known as a “dead store” in case that helps find anything. – Davis Herring May 06 '19 at 03:50
  • 2
    The people who designed split get to decide what it checks. Just guessing, but since splint's focus is on security, and a dead store is no security problem, this doesn't seem like something it's meant to catch. The coding errors it does find are likely to be related to security. E.g. a buffer write overrun could be deliberate or inadvertent. In the first case it's an attack. In the second it's a coding error. – Gene May 06 '19 at 04:09
  • splint is a dead project that hasn't been updated in over a decade. Why use it over modern alternatives like clang-tidy? – Shawn May 06 '19 at 04:19
  • Hi @Shawn, you're right. I'm actually looking for alternatives that work with embedded development. I'm gonna try clang-tidy. – ricyn May 06 '19 at 06:23
  • @Gene I understand this may not be a problem, but I just suffered from a problem caused by a careless "dead store", so I really want a static analyzer to warn me, or at least notify me when it happens. – ricyn May 06 '19 at 06:29
  • Clang-tidy (or clang-check) is great, but unfortunately, it seems unfriendly to projects built with compilers other than clang. @Shawn – ricyn May 06 '19 at 07:50

0 Answers0