msg.txt

PC-Lint是一种静态代码检测工具

      Semantics.

419   Apparent data overrun for function 'Symbol', argument
      Integer exceeds argument Integer  -- This message is for
      data transfer functions such as memcpy, strcpy, fgets,
      etc. when the size indicated by the first cited argument
      (or arguments) exceeds the size of the buffer area cited
      by the second.  The message may also be issued for user
      functions via the -function option.  See Section 10.1
      Function Mimicry (function) and Section 10.2.1 Possible
      Semantics.

420   Apparent access beyond array for function 'Symbol',
      argument Integer exceeds Integer Reference  -- This
      message is issued for several library functions (such as
      fwrite, memcmp, etc.) wherein there is an apparent attempt
      to access more data than exist.  For example, if the
      length of data specified in the fwrite call exceeds the
      size of the data specified.  The function is specified by
      Symbol and the arguments are identified by argument
      number.  See also Section 10.1 Function Mimicry (function)
      and Section 10.2.1 Possible Semantics.

421   Caution -- function 'Symbol' is considered dangerous  --
      This message is issued (by default) for the built-in
      function gets.  This function is considered dangerous
      because there is no mechanism to ensure that the buffer
      provided as first argument will not overflow.  A well
      known computer virus (technically a worm) was created
      based on this defect.  Through the -function option, the
      user may designate other functions as dangerous.

422   Passing to function 'Symbol' a negative value (Integer),
      Context Reference  -- An integral value that appears to be
      negative is being passed to a function that is expecting
      only positive values for a particular argument.  The
      message contains the name of the function (Symbol), the
      questionable value (Integer) and the argument number
      (Context).  The function may be a standard library
      function designed to accept only positive values such as
      malloc or memcpy (third argument), or may have been
      identified by the user as such through the -function or
      -sem options.

      The negative integral value may in fact be unsigned.
      Thus:

		void *malloc( unsigned );
		void f()
		    {
		    int n = -1;
		    int *p;
		    p = malloc(n);                  // Warning 422
		    p = malloc( (unsigned) n );     // Warning 422
		    }

      will result in the warnings indicated.  Note that casting
      the expression does not inhibit the warning.

      There is a slight difference in behavior on 32-bit systems
      versus 16-bit systems.  If long is the same size as int
      (as in 32-bit systems) the warning is issued based upon
      the sign bit.  If long is larger than an int (as is true
      on typical 16-bit systems) the warning is issued if the
      value was a converted negative as in the examples above.
      It is not issued if an unsigned int has the high-order bit
      set.  This is because it is not unreasonable to malloc
      more that 32,176 bytes in a 16-bit system.

423   Creation of memory leak in assignment to variable 'Symbol'
      -- An assignment was made to a pointer variable
      (designated by Symbol), which appeared to already be
      holding the address of an allocated object, which had not
      been freed.  The allocation of memory, which is not freed,
      is considered a memory leak.

424   Inappropriate deallocation (Name1) for 'Name2' data.  --
      This message indicates that a deallocation (free(),
      delete, or delete[]) as specified by Name1 is
      inappropriate for the data being freed.   [12, Item 5]

      The kind of data (specified by Name2) is one or more of:
      malloc, new, new[], static, auto, member, modified or
      constant.  These have the meanings as described below:

	 Malloc            data is data obtained from a call
				to malloc, calloc or realloc.
	 new and new[]     data is data derived from calls to new.
	 Static            data is either static data within
				a function or external data.
	 auto              data is non-static data in a function.
	 Member            data is a component of a structure
			   (and hence can't be independently freed).
	 modified          data is the result of applying pointer
			   arithmetic to some other pointer.  E.g.

				 p = malloc(100);
				 free( p+1 );    // warning

			   p+1 is considered modified.

	 constant          data is the result of casting a
			   constant to a pointer.  E.g.

				 int *p = (int *) Ox80002;
				 free(p);    // warning

425   'Message' in processing semantic 'String' at token
      'String'  -- This warning is issued when a syntax error is
      encountered while processing a semantic option (-sem).
      The 'Message' depends upon the error.  The first 'String'
      represents the portion of the semantic being processed.
      The second 'String' denotes the token being scanned when
      the error is first noticed.

426   Call to function 'Symbol' violates semantic 'String'  --
      This Warning message is issued when a user semantic (as
      defined by -sem) is violated.  'String' is the subportion
      of the semantic that was violated.  For example:

		//lint -sem( f, 1n > 10 && 2n > 10 )
		void f( int, int );

		...

		f( 2, 20 );

      results in the message:

      Call to function 'f(int, int)' violates semantic '(1n>10)'

427   // comment terminates in \  -- A one-line comment
      terminates in the back-slash escape sequence.  This means
      that the next line will be absorbed in the comment (by a
      standards-conforming compiler -- not all compilers do the
      absorption, so beware).  It is much safer to end the line
      with something other than a back-slash.  Simply tacking on
      a period will do.  If you really intend the next line to
      be a comment, the line should be started with its own
      double slash (//).

428   negative subscript (Integer) in operator 'String'  -- A
      negative integer was added to an array or to a pointer to
      an allocated area (allocated by malloc, operator new,
      etc.) This message is not given for pointers whose origin
      is unknown since a negative subscript is, in general,
      legal.

      The addition could have occurred as part of a subscript
      operation or as part of a pointer arithmetic operation.
      The operator is denoted by String.  The value of the
      integer is given by Integer.

429   Custodial pointer 'Symbol' (Location) has not been freed
      or returned  -- A pointer of auto storage class was
      allocated storage, which was neither freed nor returned to
      the caller.  This represents a "memory leak".  A pointer
      is considered custodial if it uniquely points to the
      storage area.  It is not considered custodial if it has
      been copied.  Thus:

		int *p = new int[20];  // p is a custodial pointer
		int *q = p;            // p is no longer custodial
		p = new int[20];       // p again becomes custodial
		q = p + 0;             // p remains custodial

      Here p does not lose its custodial property by merely
      participating in an arithmetic operation.

      A pointer can lose its custodial property by passing the
      pointer to a function.  If the parameter of the function
      is typed pointer to const or if the function is a library
      function, that assumption is not made.  For example

		p = malloc(10);
		strcpy (p, "hello");

      Then p still has custody of storage allocated.

      It is possible to indicate via semantic options that a
      function will take custody of a pointer.  See custodial(i)
      in Section 10.2.1 Possible Semantics.

430   Character '@', taken to specify variable location, is not
      standard C/C++  -- Many compilers for embedded systems
      have a declaration syntax that specifies a location in
      place of an initial value for a variable.  For example:

		int x @0x2000;

      specifies that variable x is actually location 0x2000.
      This message is a reminder that this syntax is
      non-standard (although quite common).  If you are using
      this syntax on purpose, suppress this message.

432   Suspicious argument to malloc  -- The following pattern
      was detected:

		malloc( strlen(e+1) )

      where e is some expression.  This is suspicious because it
      closely resembles the commonly used pattern:

		malloc( strlen(e)+1 )

      If you really intended to use the first pattern then an
      equivalent expression that will not raise this error is:

		malloc( strlen(e)-1 )

433   Allocated area not large enough for pointer  -- An
      allocation was assigned to a pointer whose reach extends
      beyond the area that was allocated.  This would usually
      happen only with library allocation routines such as
      malloc and calloc.  For example:

		int *p = malloc(1);

      This message is also provided for user-declared allocation
      functions.  For example, if a user's own allocation
      function is provided with the following semantic:

		-sem(ouralloc,@P==malloc(1n))

      We would report the same message.  Please note that it is
      necessary to designate that the returned area is freshly
      allocated (ala malloc).

      This message is always given in conjunction with the more
      general Informational Message  826.

434   White space ignored between back-slash and new-line  --
      According to the C and C++ standards, any back-slash
      followed immediately by a new-line results in the deletion
      of both characters.  For example:

		#define A  \
		   34

      defines A to be 34.  If a blank or tab intervenes between
      the back-slash and the new-line then according to a strict
      interpretation of the standard you have defined A to be a
      back-slash.  But this blank is invisible to the naked eye
      and hence could lead to confusion.  Worse, some compilers
      silently ignore the white-space and the program becomes
      non-portable.

      You should never deliberately place a blank at the end of
      a line and any such blanks should be removed.  If you
      really need to define a macro with a terminal back-slash
      you can use a comment as in:

		#define A \   /* commentary */

435   integral constant 'String' has precision Integer, use +fll
      to enable long long"  -- An integer constant was found
      that had a precision that was too large for a long but
      would fit within a long long.  Yet the +fll flag that
      enables the long long type was not set.

      Check the sizes that you specified for long (-sl#) and for
      long long (-sll#) and make sure they are correct.  Turn on
      +fll if your compiler supports long long. Otherwise use
      smaller constants.

436   Preprocessor directive in invocation of macro 'Symbol' at
      Location  -- A function like macro was invoked whose
      arguments extended for multiple lines, which included
      preprocessor statements.  This is almost certainly an
      error brought about by a missing right parenthesis.

      By the rules of Standard C the preprocessing directive is
      absorbed into the macro argument but then will not
      subsequently get executed.  For this reason some compilers
      treat the apparent preprocessor directive as a directive.
      This is logical but not portable.  It is therefore best to
      avoid this construct.

437   Passing struct 'Symbol' to ellipsis  -- A struct is being
      passed to a function at a parameter position identified by
      an ellipsis.  For example:

		void g()
		 {
		 struct A { int a; } x;
		 void f( int, ... );
		 f( 1, x );
		 ...

		 }

      This is sufficiently unusual that it is worth pointing out
      on the likelihood that this is unintended.  The situation
      becomes more severe in the case of a Non-POD struct  [10].
      In this case the behavior is considered undefined.

501   Expected signed type  -- The unary minus operator was
      applied to an unsigned type.  The resulting value is a
      positive unsigned quantity and may not be what was
      intended.

502   Expected unsigned type  -- Unary ~ being a bit o