Subj : Re: Problem in jsscope.c? To : netscape.public.mozilla.jseng From : Robert O'Callahan Date : Tue Sep 21 2004 06:33 pm Brendan Eich wrote: > MA wrote: >> Brendan Eich wrote in message >> news:<414F3751.40003@meer.net>... >> >>> It may be that Klocwork's static analysis is not up to reasoning >>> completely about the code, and my analysis (and intent and design and >>> review when writing this code) is correct. Otherwise, you'd have to >>> point out how the invariant that the last chunk is never empty is >>> violated. >> >> Well, that answers my question. I just wanted to be sure that the >> intention >> was to ensure that kids[0] is never NULL. Although code in lines 678 - >> 683 >> makes sure of that, its not sufficient. The code that adds a new >> chunk to the list of chunks also has to make sure that kids[0] of new >> chunk is non-null, and the rest of the code must not mess around >> with it. > > Sure, else why allocate the chunk? ;-) > >> IMO, neither Klocwork nor any other software can be expected to verify >> that. > > We may be past the limits of static analysis of C code. Maybe Rob can > read back in this thread and comment. Right, there's nothing that could automatically figure out this code. Rob -- Robert O'Callahan http://ocallahan.org "If we claim to be without sin, we deceive ourselves and the truth is not in us. If we confess our sins, he is faithful and just and will forgive us our sins and purify us from all unrighteousness." 1 Johnn 1:8-9 .