by 
WANG
The syntax of the C/C++ language has the flexibility that no other language has. This flexibility brings about an increase in code efficiency, but it also makes the code writing very arbitrarily. In addition, the C/C++ compiler does not enforce the type. Checking and not doing any border checks increases the possibility of hidden dangers in the code. If you can find these potential errors before the code submission test, you can greatly reduce the pressure on testers and reduce the cost of debugging software projects, but the traditional C / C + + compiler can not do anything about this task, this task can only be dedicated The code check tool was completed and PC-Lint came into being.
PC-Lint is a static analysis tool for C/C++ software code developed by GIMPEL SOFTWARE. Its full name is PC-Lint for C/C++. PC-Lint can be used on Windows, MS-DOS and OS/2 platforms. Published as an executable file. PC-lint has a broad customer base around the world, and many large software development organizations use PC-Lint inspection as the first step in code walkthrough. PC-Lint not only can perform global analysis of programs, identify array subscripts that are not properly verified, report uninitialized variables, warn of using null pointers and redundant code, but also effectively help you propose many programs for space utilization. Improvement in operational efficiency.
The following examples show the power of the PC-Lint tool:
1:
2:char *report( int m, int n, char *p )
3:{
4: int result;
5: char *temp;
6: long nm;
7: int i, k, kk;
8: char name[11] = "Joe Jakeson";
9:
10: nm = n * m;
11: temp = p == "" ? "null" : p;
12: for( i = 0; i<m; I++ ) {
14: k++;
15: kk = i;
16: }
17:
18: if( k== 1 ) result = nm;
19: else if( kk > 0 ) result = 1;
20: else if( kk < 0 ) result = -1;
21:
22: if( m == result ) return( temp );
23: else return( name );
24:}
This is a piece of C code that can be checked by most common C compilers, but PC-Lint can detect errors and potential problems: Line 8 drops the ending null character when assigning a value to the name array, 10th The multiplication precision of the line will be out of alignment. Even if the length of the long is longer than the int, the precision will be misaligned due to the sign bit. The comparison of the 11th line is problematic. The variable k of the 14th line is not initialized. The kk of line 15 may not be initialized, the result of line 22 may not be initialized, and the line 23 returns the address of a local object.
For a small program, most programmers can find the errors in the above, but finding them out of a large software with thousands of lines of code will be a cumbersome task, and no one can guarantee to find All of these problems. If you use PC-Lint, you can check for these errors with a simple compilation, which will save a lot of development time. in some sense. PC-Lint is a more rigorous compiler that can check for general syntax errors and check for grammatical requirements, but it is likely to be a potential, hard-to-find error.
PC-Lint can detect a lot of syntax errors and grammatically correct logic errors. PC-Lint assigns an error number to most error messages. The error number with a number less than 1000 is assigned to C language, and the number is greater than 1000. The number is used to illustrate C++ error messages. The following table lists the detailed classification of PC-Lint alarm messages:
| Error description | C |
| Grammatical errors | 1-199 |
| internal error | 200-299 |
| Fatal error | 300-399 |
| Alarm | 400-699 |
| Message | 700-800 |
| Optional information | 900-999 |
Take the C language as an example, where the number 1-199 refers to the syntax error that the general compiler also generates; the number 200-299 is the internal error of the PC-Lint program, such errors do not appear in the code; 300-399 refers to a system fatal error caused by memory limitations and the like. The prompt information appearing in number 400-999 is classified according to the possibility of hidden code problems: where number 400-699 refers to the alarm information generated by the problem in the code being checked; the number 700-899 appears The information, the probability of generating an error is lower than the alarm information, but it may still be due to code problems. The numbers 900-999 are optional and they will not be checked by default unless you specify them in the options.
PC-Lint provides alarm level setting options similar to many compilers - wLevel and the alarm level of the header file of the processing function library - wlib (Level), which is divided into the following levels. The default alarm level is 3:
-w0 does not generate information (except for fatal errors)
-w1 only generates error messages -- no alarms and other prompts
-w2 only error and alarm information
-w3 generates error, alarm and other prompt information (this is the default setting)
-w4 generates all information
PC-Lint checks are classified into many types, including strong type checking, variable value tracking, semantic information, assignment order checking, weak definition checking, format checking, indent checking, const variable checking, and volatile variable checking.
The following is a description of the commonly used code checking types of PC-Lint, and an example of the possible alarm information and the usage of common options under each check type:
The strong type checking option "-strong" and its auxiliary (supplement) option "-index" can strongly check the type of data defined by the typedef to ensure that only variables of the same type can be assigned to each other.
Variable value initialization tracking technology is mainly to track the initialization process of the value of the variable, and its associated LINT message is mainly 644, 645 ("variable may not be initialized"), 771, 772 ("unreliable initialization"), 530 ("uninitialized"), and 1401 - 1403 ("member... not initialized").
The variable value tracking technique collects information from assignment statements, initializations, and conditional statements, and the parameters of the function are defaulted to the correct range, and an alarm is generated only if the information that can be collected from the function does not match this. Messages related to variable value tracking are:
(1) Access address out of bounds message (messages 415, 661, 796)
(2) Messages divided by 0 (54, 414, 795)
(3) Incorrect use of NULL pointers (413, 613, 794)
(4) Illegal pointer creation error (416, 662, 797)
(5) Redundant Boolean Test (774)
In some cases, although we can know the exact value according to the code, PC-Lint can't get the range of the value of the variable in all cases. At this time, some false alarm information will be generated. We can use the assert statement to increase the variable. A method of value range information to suppress the generation of these erroneous alarm messages.
PC-Lint's function value tracking function keeps track of the values of the variables that will be passed to the function (as a function parameter), which are used to initialize the function parameters when a function call occurs. This tracking function is used to determine the return value, record additional function calls, and of course can be used to detect errors.
An alert 564 is generated when the value of an expression depends on the order of the assignments. This is a very common problem in the C/C++ language, but few compilers analyze this situation. such as
n++ + n
This statement is ambiguous. When the left + operation is executed first, its value will be one greater than the value of the first execution on the right. The more common example is this:
a[i] = i++;
f( i++, n + i );
In the first example, it seems that the self-add operation should be executed after the array index calculation, but if the right assignment is executed before the left assignment operation, then the self-add operation will be executed before the array index calculation. Although the assignment operation should seem to indicate an order of operations, it is actually not available. The second example is ambiguous because the order in which the parameter values of the function are evaluated is not guaranteed. The operators that guarantee the order of assignment are Boolean and (&&) or (||) and conditional assignments (? :) and commas (,).
The weak definition here contains the following: macro definitions, typedef names, declarations, structures, unions, and enum types. Because these things may be over-defined and not used in the module, PC-Lint has a lot of messages to check for these problems. Messages 749-769 and 1749-1769 of PC-Lint are reserved for use as weak definition hints.
(1) When no reference to a file #include header file is used by the file, PC-Lint will issue a 766 alert.
(2) In order to prevent a header file from becoming too large and bloated to prevent redundant declarations, PC-Lint will issue a 759 alarm when the object declaration in a header file is not referenced by an external module.
(3) When a variable or function is only used inside the module, PC-Lint will generate a 765 alarm to indicate that the variable or function should be declared static.
