An Introduction to PC-lint

Agenda:Introduction

Features

Usage

The true value of PC-lint

Version 1.20

C makes it easy to shoot yourself in the foot...(Bjarne Stroustrup)

An Introduction to PC-lint

C is a powerfulbut dangerouslanguage

Classic C Mistakes

Only to name a few...Array out-of-bounds access

Null pointer dereferencing

Using a variable before initialization

Order of evaluation of operands

Integer overflow

Assignment where check for equality was intended

Illegal printf/scanf format strings

Forgetting to handle a case in switch statement

Passing macro arguments with side effects

...C++ makes it harder, but when you do, it blows your whole leg off.(Bjarne Stroustrup)

An Introduction to PC-lint

The same holdsfor C++

Classic C++ Mistakes

Only to name a few...Forgetting to initialize class members

Initializing class members in the wrong order

Forgetting to declare the base class destructor virtual

Forgetting to implement the assignment op

Using auto_ptr on containers

Memory and resource leaks

Unhandled exceptions

Leaking exceptions from destructors

Order of static initialization

The Case For Static Code Checking

C and C++ are powerful but dangerousEven if code works, it might not be portable/future-proofAlignment issues

Size of scalars

Compiler-specific features

Traditional testing (checking at run-time)Might not detect all issues

Is expensive

However: static checking is not meant as a replacement for testing!

What is Lint/PC-lint?

LintEtymology: undesired fibers and fluff in sheep's wool

Seventh version (V7) of Unix (1979)

Part of PCC (portable C compiler)

PC-lint Commercial version for C and C++

Produced by Gimpel Software, USA.

First version appeared 1985

Current version is 9.00

FlexeLint: for Unix/Linux

What is Lint/PC-lint?

PC-lintWorks similar to a compiler

Checks code statically ('at compile-time')

Doesn't produce machine code

Performs thousands of checks and will produce the appropriate warnings, so-called "issues" or "messages

Examples

Let's have a look at some code...

What's wrong with this C code?

1#include 2#define SUM(x, y) (x) + (y) 3unsigned long* PerformGizmoAlgorithm(int a, int b) { 4 unsigned long vector[8] = {143, 33, 2l, 76, 83, 222, 45, 45}; 5 int i; 6 7 for (i = 0; i < 8; ++i); 8 vector[i + 1] = vector[i] * SUM(a, b); 910 return vector;11}

What's wrong with this C code?

1#include 2#define SUM(x, y) (x) + (y) 3unsigned long* PerformGizmoAlgorithm(int a, int b) { 4 unsigned long vector[8] = {143, 33, 2l, 76, 83, 222, 45, 45}; 5 int i; 6 7 for (i = 0; i < 8; ++i); 8 vector[i + 1] = vector[i] * SUM(a, b); 910 return vector;11}

file.c:2 I 773 Expression-like macro 'SUM' not parenthesized file.c:7 I 722 Suspicious use of ; file.c:8 W 539 Did not expect positive indentation from line 7 file.c:8 I 737 Loss of sign in promotion from int to unsigned long file.c:8 W 661 Possible access of out-of-bounds pointer (1 beyond end of data) by operator '[' file.c:8 W 661 Possible access of out-of-bounds pointer (2 beyond end of data) by operator '[' file.c:10 W 604 Returning address of auto variable 'vector' file.c:0 I 766 Header file '/usr/include/stdio.h' not used in module 'file.c' file.c:4 W 620 Suspicious constant (L or one?)Would you have
found all of these
issues?

What's wrong with this C++ code?

1 class Base { 2 char* mp; 3 int mCount; 4 public: 5 Base(int aCount = 0) { mCount = aCount; if(mCount > 0) mp = new char[mCount]; } 6 void printRuntimeType() { cout