与“int”相关的 Microsoft 的 SAL Deref=1 属性范围?
我开始认为 Microsoft 的 SAL(源注释语言)是个好东西,并且研究了该语言和 注释属性。
我对 SAL 的“Deref”属性与“int”参数的使用有一个一般性问题。让我用 isalpha() 函数的 SAL 来说明我的问题,该函数取自 ctype.h 包含文件,运行 Visual Studio 10:
[返回值:SA_Post(MustCheck=SA_Yes)] int __cdecl isalpha([SA_Pre(Null=SA_No)] [SA_Pre(Deref=1,有效=SA_Yes,访问=SA_Read)] int_C);
如果单个参数_C是“int”,那么“[SA_Pre(Deref=1,Valid=SA_Yes,Access=SA_Read)]”是什么意思?如何以一种有意义的方式取消引用一次 int (Deref=1)?
我能想到的唯一解释是注释指出整数是对 ctype 内部字节数组的引用。静态分析器如何利用这个注释?
I've come round to the idea that Microsoft's SAL (Source Annotation Language) is a good thing, and have studied the language and the meaning of annotation properties.
I have a general question about the use of SAL's "Deref" property in connection with an "int" parameter. Let me illustrate my question with the SAL for the isalpha() function, taken from the ctype.h include file, running Visual Studio 10:
[returnvalue:SA_Post(MustCheck=SA_Yes)]
int __cdecl
isalpha([SA_Pre(Null=SA_No)]
[SA_Pre(Deref=1,Valid=SA_Yes,Access=SA_Read)]
int _C);
If the single parameter _C is an "int", what does "[SA_Pre(Deref=1,Valid=SA_Yes,Access=SA_Read)]" mean? How can one dereference an int once (Deref=1) in a meaningful way?
The only explanation I can think of is that the annotation states that the integer is a reference into ctype's internal byte array. How could a static analyzer take advantage of this annotation?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
看起来您已经粘贴了 isalpha 声明的预处理版本。我在 ctype.h 中看到的是:
标量参数(int 等)允许使用
_In_,以便让开发人员明确表示该参数严格来说是输入参数。这有点多余,但仍然正确(毕竟,您不能通过值传递标量返回值)。注释
_In_是一个宏,它会在您上面粘贴时展开,以表达输入指针的语义。指针。静态分析器会识别何时将_In_应用于标量参数并忽略它,因为 Null 和 Deref=1 对 int 都没有多大意义。在任何其他上下文中,除了作为
_In_注释的一部分之外,int 上的 Deref=1 没有任何意义。通常,使用
_In_样式语法比 SA_Pre 和 SA_Post 更好,除非您确实想研究像这样的底层实现细节。What it looks like is that you've pasted in the pre-processed version of the isalpha declaration. What I see in ctype.h is:
_In_is allowed on scalar parameters (int, etc.) in order to let developers explicitly express that the parameter is strictly an input parameter. This is kind of redundant, but still true (after all, you can't return a value via a pass-by-value scalar).The annotation
_In_is a macro that expands as you've pasted above in order to express the semantics of an input pointer. The static analyzer recognizes when_In_is being applied to a scalar parameter and ignores it, since neither the Null nor the Deref=1 makes much sense on an int.In any other context, besides being part of an
_In_annotation, Deref=1 on an int would make no sense.It's generally better to be using the
_In_-style syntax rather than the SA_Pre and SA_Post, unless you really want to be looking into the underlying implementation details like this.