(610) 584-4261 sales@gimpel.com
Request Evaluation Online Demo Blog
Gimpel Software LLC Logo   Gimpel Software PC-lint Plus Order Evaluate Support About
Static Analysis with PC-lint Plus

On This Page

What is PC-lint Plus?
A Short Example
Coding Standards
MISRA Support
Flexible Message Suppression
Documentation and Support
Source Code Security

See Also

For PC-lint / FlexeLint users
Static vs Dynamic Analysis
Representative Checks
Famous Software Bugs

What is PC-lint Plus?

PC-lint Plus is a static analysis tool that finds defects in software by analyzing the C and C++ source code.

Like a compiler, PC-lint Plus parses your source code files, performs semantic analysis, and builds an abstract syntax tree to represent your program. From there, PC-lint Plus employs various mechanisms including Data Flow Analysis, Value Tracking, read-write analysis, Strong Type checking, function semantic validation, and many other technologies to provide a robust and holistic analysis of both individual files and an entire project.

PC-lint Plus then reports its findings using clear, concise, and actionable diagnostics that are easy to understand. The diagnostic message format is fully customizable and includes precise location information and context necessary to quickly address defects. PC-lint Plus can be run from the command line, integrated into your build process or continuous integration system, or run from within your IDE.

A Short Example

To see PC-lint Plus in action, consider the following example:
#include <stdlib.h>
#include <string.h>

struct book {
    unsigned id; 
    unsigned category;
    char *title;
};

const char *get_title(unsigned id);
unsigned get_category(unsigned id);

struct book make_book(unsigned id) {
    struct book b;
    const char *title = get_title(id);

    b.id = id; 
    b.title = malloc(strlen(title + 1));
    strcpy(b.title, title);

    return b;
}

void foo() {
    struct book b = make_book(123);
    if (b.category < 100) { /* ... */ }
}
                

While this program probably won't produce any warnings from your compiler (try it with the highest warning level), it contains multiple defects that PC-lint Plus will uncover:
warning 668: possibly passing null pointer to function
    'strcpy(char *__restrict, const char *__restrict)', arg. no. 1
    strcpy(b.title, title);
           ^
supplemental 831: argument passing yields &(uninitialized)?
    strcpy(b.title, title);
           ^~~~~~~
supplemental 831: assignment yields &(uninitialized)? C
    b.title = malloc(strlen(title + 1));
    ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~
                

The malloc function can return a null pointer and passing a null pointer to strcpy results in undefined behavior. Checking the return value of malloc will suppress this message. The supplemental messages demonstrate how PC-lint Plus determined that the pointer might be null (the return value of malloc was stored in b.title which was then passed to strcpy).
warning 432: suspicious argument to dynamic allocation function
    b.title = malloc(strlen(title + 1));
                                  ^ ~
                

The intention was to allocate enough space for both the string and the nul character terminator but the + 1 was accidentally placed in the wrong spot (it should have been malloc(strlen(title) + 1)) so the result is that the allocation is 2 bytes too short. This will result in a buffer overflow in the call to strcpy.
warning 530: 'book::category' is likely uninitialized
    if (b.category < 100) { /* ... */ }
        ^
                

The make_book function fails to initialize the category member which is now used before being initialized.

Each diagnostic that PC-lint Plus produces has an accompanying message number that can be used for message customization and suppression purposes. Messages are documented in the PC-lint Plus Reference Manual and message descriptions can also be obtained from PC-lint Plus using the -help option. For example, to see the description of message 432, you can run PC-lint Plus with the option -help=432 which yields:
warning 432
suspicious argument to dynamic allocation function

    The following pattern was detected:
    
        malloc( strlen(e+1) )
     where e is some expression. This is suspicious because it closely
    resembles the commonly used pattern:
    
        malloc( strlen(e)+1 )
    
    If you really intended to use the first pattern then an equivalent
    expression that will not raise this error is:
    
        malloc( strlen(e)-1 )

                

The -help option can also be used to obtain help for the various options supported by PC-lint Plus.

PC-lint Plus has a class of diagnostics called 'Elective Notes' that are disabled by default. If the above example is run with all messages enabled, PC-lint Plus will have quite a bit more to say.

You can try PC-lint Plus in your browser with our online demo.

Coding Standards

PC-lint Plus can check for violations of internal code guidelines as well as analyzing compliance with industry standards such as MISRA. Thousands of highly configurable messages can be enabled to support many different code guidelines; e.g. use of braces for control structures, assignment in conditional expressions, explicit clarification of operator precedence, and more. The exact set of desired messages can be specified in reusable configuration files to share between projects and teams.

For example,
int f(int x) {
    if (x > 5)
        return 10;
    return 20;
}
                

can be configured to emit:
file.cpp  3  note 9012: body should be a compound statement
    return 10;
    ^
                

This output was produced using the options -w1 +e9012 which uses warning level 1, the lowest warning level enabling only syntax errors, and then specifically enables message 9012.

Using default settings, the only message issued for this example would have been:
file.cpp  1  info 714: external symbol 'f' was defined but not referenced
int f(int x) {
    ^
                

because the default warning level excludes "elective notes" like message 9012.

Running with -w4 (warning level 4, the highest warning level corresponding to enabling all messages including elective notes) would emit:
file.cpp  1  note 970: use of modifier or type 'int' outside of a typedef
int f(int x) {
^
file.cpp  1  note 970: use of modifier or type 'int' outside of a typedef
int f(int x) {
      ^
file.cpp  1  note 957: function 'f' defined without a prototype in scope
int f(int x) {
    ^
file.cpp  1  note 9141: global declaration of symbol 'f'
int f(int x) {
    ^
file.cpp  1  note 979: function 'f' could be marked with a 'pure' semantic
int f(int x) {
    ^
file.cpp  3  note 904: return statement before end of function 'f'
        return 10;
        ^
file.cpp  3  note 9012: body should be a compound statement
        return 10;
        ^
file.cpp  1  note 952: parameter 'x' of function 'f(int)' could be const
int f(int x) {
          ^
file.cpp  1  info 714: external symbol 'f' was defined but not referenced
int f(int x) {
    ^
                

MISRA Support

PC-lint Plus provides industry-leading support for MISRA standards including MISRA C 2012, MISRA C 2004, and MISRA C++ 2008 as well as their addendums and corrigenda. Detailed information on which rules are supported, which messages are used to report them, and the extent to which they are supported is available in our manual and MISRA configuration files. We communicate extensively with the MISRA committee to implement even the smallest details and resolve ambiguities in the published text.

Clear and concise diagnostics make rule violations easy to understand:
void f(int);

void g(short a, short b) {
    f(a + b);
}
                

m1.c  4  note 9031: cannot assign a composite expression of essential type 
    'signed16' to an object of wider essential type 'signed32' [MISRA C 2012
    Rule 10.6, required]
    f(a + b);
      ^~~~~
                

MISRA checking can be quickly enabled using configuration files distributed with PC-lint Plus. Individual rules can be enabled and disabled, and messages can be controlled on a case-by-casis basis as described below.

Flexible Message Suppression

PC-lint Plus contains a variety of flexible ways to control message suppression, i.e. whether or not a particular instance of a message will be emitted or ignored. Messages can be enabled or suppressed globally, on a per-file, per-function, per-statement basis, depending on the names of the classes, structures, variables, functions, or macros that the message refers to, or on an individual line. PC-lint Plus can distinguish third-party or library source code from the rest of the project and separate suppression policies can be applied to such code.

Documentation and Support

PC-lint Plus is distributed with a well-organized manual in PDF format describing its configuration, operation, options, and messages. The introduction and installation sections help you get started quickly. Every option and message is described in detail and is easy to find with reference tables and an extensive table of contents. Changes between versions are documented in the revision history section.

Our skilled support team can answer any questions about PC-lint Plus and help you configure it for unusual and exotic compilers and toolchains.

Source Code Security

PC-lint Plus runs locally on your developer workstations or your own server. It does not connect to the internet or otherwise utilize a network connection. Your source code never leaves your machine. It does not submit "analytics" or any other form of usage data.