PC-Lint Plus für C/C++

Statische Analyse von C/C++ Quellcode

Hersteller: Gimpel Software

Aktuelle Version: 1.4.1 / Betriebssysteme: Windows 7/8/10 (32-/64-bit), Linux (64-bit) und MacOS.

Die Funktionsweise von PC-Lint Plus


PC-lint Plus is a static analysis tool that finds bugs, quirks, idiosyncrasies, and glitches in C and C++ programs. The purpose of this analysis is to determine potential problems in such programs before integration or porting, or to reveal unusual constructs that may be a source of subtle and, yet, undetected errors. Because it looks across several modules rather than just one, it can determine things that a compiler cannot. It is normally much fussier about many details than a compiler wants to be.

PC-lint Plus doesn’t just find bugs and potential bugs, such as null pointer dereference, out of bounds access, and improper operation order, it will also point out the use of dubious constructs and substandard practices that are likely to result in buggy code or code that is difficult to reason about. PC-lint Plus can also be configured to diagnose violations of common coding standard violations, such as the MISRA C and MISRA C++ guidelines. Each diagnostic message is assigned a unique number and a great deal of flexibility is provided for the control of when and how messages are delivered. In particular, the format of the messages emitted is extremely customizable and messages can be enabled/disabled for individual files, functions, lines and for specific symbols, calls, expressions, statements, types, etc.

PC-lint Plus also offers a number of distinguishing flagship features including:

  • Value Tracking
  • Strong Type Checking
  • Dimensional Analysis
  • User-defined Function Semantics

Flow of Execution
PC-Lint Plus Flow of Execution

By default, PC-lint Plus performs 2 passes over the source code. In each pass, a new thread is launched to process each file in your project. The -max_threads option controls the number of concurrent processing threads. Even if only one concurrent processing thread is requested, the processing of each file will take place in an independent thread.

In pass 0, most standard messages that do not require aggregate information about entire files or the entire project are emitted as PC-lint Plus examines the code. At the end of each module in pass 0, module wrap-up is performed and messages that rely on information gathered from the entirety of the module are issued (e.g. reports of unused entities not visible outside the module).

In pass 1, information gathered from all the modules in pass 0 is used to perform global wrap-up. During global wrap-up, messages that rely on this inter-module information are issued (e.g. reports of unused entities with external linkage). Value Tracking is also performed for calls between functions in different modules collected during intramodule Value Tracking during pass 0.

The -unit_check option stops execution before pass 1, effectively suppressing global wrap-up. This option is often used when analyzing a subset of a larger project. The -vt_passes option can be used to request additional Value Tracking passes after pass 1. The benefits of multiple Value Tracking passes is discussed in the manual in section 8.8 Interfunction Value Tracking.

Ein Beispiel

Consider the following C program (we have deliberately kept this example small and comprehensible):

1 char *report(short m, short n, char *p) {
2 int result;
3 char *temp;
4 long nm;
5 int i, k, kk;
6 char name[11] = "Joe Jakeson";
7 nm = n * m;
8 temp = p == "" ? "null" : p;
9 for (i = 0; i < m; i++) {
10 k++;
11 kk = i;
12 }
13 if (k == 1)
14 result = nm;
15 else if (kk > 0)
16 result = 1;
17 else if (kk < 0)
18 result = -1;
19 if (m == result)
20 return temp;
21 else
22 return name;
23 }

As far as most compilers are concerned, it is a valid C (or C++) program. However, it has a number of subtle errors and suspicious constructs that will be reported upon inspection by PC-lint Plus. Here is the default output of PC-lint Plus when processing this example (referred to as intro_example1.c below):

--- Module: intro_example1.c (C)
intro_example1.c 6 info 784: nul character truncated from string
    char name[11] = "Joe Jakeson";
intro_example1.c 22 warning 604: returning address of auto variable ’name’
    return name;
intro_example1.c 10 warning 530: ’k’ is likely uninitialized
intro_example1.c 5 supplemental 891: allocated here
    int i, k, kk;
intro_example1.c 8 info 779: string constant in comparison operator ’==’
    temp = p == "" ? "null" : p;
             ^  ~~

The default message format contains the file name and line number corresponding to the diagnostic, the message category (error, warning, etc.), the message number, and the text of the message. Following the main diagnostic line is the line of source code being referenced, followed by the message pointer (indicated by a caret) along with any applicable highlighting (indicated by tildes). We have added blank lines between the messages in this example. In some cases, multiple locations may be relevant to the diagnostic. In this case, the primary location is provided in the main message and one or more supplemental messages (the 891 messages above) follow with the other pertinent locations. In such cases, the supplemental messages should be considered as being "attached" to the immediately preceding primary message.

The format of the messages is fully customizable to allow integration with IDEs that expect a particular diagnostic format or other post-processing tools that require data formatted in XML, JSON, etc. The display of supplemental messages can be disabled, as can the display of extracted source lines and message pointers.

Diagnostics produced by PC-lint Plus fall into one of four categories: error, warning, info, and note. The default warning level is 3, which means that only errors, warnings, and infos are presented. Notes (also referred to as "elective notes" due to the fact that they are disabled by default), can be enabled by setting the warning level to 4 with the option -w4 or by enabling specific elective notes. Similarly, reducing the warning level or disabling individual messages that are enabled by default can be used to limit message output. Here is an example of some of the elective note messages that are emitted when processing the above example with the highest warning level:

intro_example1.c 5 note 9146: multiple declarators in a declaration
    int i, k, kk;
intro_example1.c 1 note 9403: function ’report’ parameter 2 has same
unqualified type (’short’) as previous parameter
    char *report(short m, short n, char *p) {
                 ~~~~~~~  ^
intro_example1.c 8 note 9050: dependence placed on operator precedence
(operand of ?:)
    temp = p == "" ? "null" : p;

Elective notes are not enabled by default because they do not necessarily represent a fault or likely defect but rather provide certain information that some users find informative.

PC-lint Plus communicates with the programmer via diagnostic messages and the programmer communicates with PC-lint Plus through the use of lint options. Options start with a + or - (except for the special !e option) and can appear on the command line, within lint option files, or in special comments within your source code. Options are processed in the order they are encountered, which means they can be used to temporarily alter the behavior of PC-lint Plus. Options are used to specify all configurable properties of PC-lint Plus, from the location of include directories and pre-defined macros, to which messages should be suppressed and how diagnostics should be communicated.


PC-Lint Plus ist von exida® zertifiziert für ISO 26262:2018 (ASIL D qualified) und IEC 61508:2010 (SIL 4 qualified).

Visual Lint

PC-Lint Plus ist ein reines Kommandozeilentool.
Das Add-On Visual Lint bietet eine komfortable grafische Bedieneroberfläche, sowie eine Integration in Visual Studio und Eclipse für PC-Lint Plus.