Menu
▾
▴
#15 Internal Bug at sRef.c:2978
$ splint test.c | grep bug
Splint 3.1.2 --- 14 Oct 2010
test.c:23:27: *** Internal Bug at sRef.c:2978:
Bad sref, kind = 1684368999 [errno: 25]
*** Please report bug to splint-bug@splint.org ***
(attempting to continue, results may be incorrect)
test.c:23:27: *** Internal Bug at sRef.c:2982: sRef.c:2982: llassert failed:
FALSE: Reached dead code! [errno: 25]
*** Please report bug to splint-bug@splint.org ***
(attempting to continue, results may be incorrect)
including: testcase(test.c) and output with valgrind
option
-unqualified-trans
can fix this
It looks some problems with CheckTransfer function.
some output from valgrind.
==3586== Invalid read of size 4
==3586== at 0x80E421C: sRef_unparseWithArgs (sRef.c:2907)
==3586== by 0x80FCA11: stateInfo_display (stateInfo.c:475)
==3586== by 0x80E4753: sRef_showAliasInfo (sRef.c:7942)
==3586== by 0x80B017C: checkTransferAux (transferChecks.c:3826)
==3586== by 0x80B1177: checkTransfer (transferChecks.c:4413)
==3586== by 0x80B190E: transferChecks_assign (transferChecks.c:2459)
==3586== by 0x810BB51: doAssign (exprNode.c:11245)
==3586== by 0x8113CB2: exprNode_assign (exprNode.c:6283)
==3586== by 0x804D2DC: yyparse (cgrammar.c:5479)
==3586== by 0x8120AF3: main (llmain.c:881)
==3586== Address 0x4a0df9c is 68 bytes inside a block of size 80 free'd
==3586== at 0x400551D: free (vg_replace_malloc.c:325)
==3586== by 0x80C89A7: sRefTable_clear (sRefTable.c:104)
==3586== by 0x80EA28C: sRef_exitFunctionScope (sRef.c:824)
==3586== by 0x806EAB7: context_exitFunction (context.c:2558)
==3586== by 0x804C6C9: yyparse (cgrammar.c:4981)
==3586== by 0x8120AF3: main (llmain.c:881)
Thank you. This is a legitimate bug that is reproducible.