How to Use PC-Lint (1)

PC-Lint is a static analysis tool for C/C ++ software code. It not only checks common syntax errors, but also potential errors, for example, array access out of bounds, memory leakage, uninitialized variables, and null pointers. Use PC-lint to check the code before the unit test to detect potential errors in the program in advance and improve the Code
Quality.
This article mainly introduces PC-lint from two aspects. The first part is to install and integrate with different tools, and the second part is the use of PC-lint.

1. Install PC-lint and how to integrate it into vc6.0 and source insight
1.1 install PC-Lint
(1) Download PC-Lint (PC-Lint 8.00 W ).
(2) decompress the downloaded package to drive D and rename the folder as PC-lint. In this way, the path is D:/PC-lint.
Note: This is also called? :) Well, it seems that installation-free is more appropriate.
1.2 integrate PC-Lint into vc6.0
1.2.1 static code analysis for a single C/C ++
(1) copy 3 File lib-w32.lnt, env-vc6.lnt, co-msc60.lnt under D:/PC-Lint/LNT to D:/PC-Lint.
(2) Open the co-msc60.lnt, change the last line of the file "lib-ole.lnt" to "D:/PC-Lint/LNT/lib-ole.lnt", that is, add an absolute path to the front, this file cannot be found in subsequent steps.
(3) create STD. LNT and options. LNT files under D:/PC-Lint/. The contents of STD. LNT are as follows:

Note: the path behind-I is the installation path of VC 6.0 and its header file path; options. LNT can be empty temporarily.
(4) In the menu bar of vc6.0, tools ---> customize... --> Tools creates an item named pclint and fills in
"Command" entry: D:/PC-Lint/lint-nt.exe
"Argument" entry:-u d:/PC-Lint/STD. lnt d:/PC-Lint/env-vc6.lnt "$ (filepath )"

Then, check the use output window.
(5) A pclint option is added under tools in the menu bar of vc6.0. After opening a VC project, you can use this option to perform static code analysis on a single C/C ++ file.

1.2.2 perform static code analysis on a vc6.0 Project
The following steps are based on the first three steps in 1.2.1.
(1) first to the http://www.weihenstephan.de /~ Syring/Win32/unxutils.zipdownload unxutils.zip. You need to use commands such as find in UNIX to find the C and C ++ files in the current directory, and then send them to the lint program for processing.
(2)decompress unxutils.zip to drive D. The path is D:/unxutils.
(3) A pclint_prj option is added under tools in the menu bar of vc6.0. After opening a VC project, you can use this option to perform static code analysis on a single C/C ++ file.
Enter "command": D:/unxutils/usr/local/wbin/find.exe
Enter $ (filedir)-name *. c-o-name *. CPP | D:/unxutils/usr/local/wbin/xargs D:/PC-Lint/lint-NT-I "d:/unxutils/usr/local"-U D: /PC-Lint/STD. lnt d:/PC-Lint/env-vc6.lnt

Then, check the use output window.
(4) A pclint_prj option is added under tools in the menu bar of vc6.0. After opening a VC project, you can use this option to perform static code analysis on the VC project.
Note: the path in the parameter must be specified in the "argument" field. If you do not use the above path, you can replace the path in the parameter with the new path, to avoid errors caused by re-writing parameters.

1.3 integrate PC-Lint into source insight 3.5
1.3.1 static code analysis for a single C/C ++
(1) Open sourceinsight, select options --> Custom commands --> Add, and enter pclint
(2) Enter: D:/PC-Lint/lint-NT-u d:/PC-Lint/STD. lnt d:/PC-Lint/env-vc6.lnt % F in run
(3) You do not need to enter dir. Check iconic window, capture output, and parse links in output, and select file and then line.
(4) click menu... on the right ..., in the pop-up interface, select view in the drop-down box menu, select <End of menu> in the menu cotents below, and click Insert on the right.
(5) you can see the newly created pclint under the source insight 3.5 menu view, open any source file of the project to be analyzed, and run pclint to perform static code analysis.

1.3.2 static code analysis for a project
The following steps are performed on the basis of 1.2.2.
(1) Open sourceinsight, select options --> Custom commands --> Add, and enter pclint_prj.
(2) Enter:
D:/unxutils/usr/local/wbin/find.exe % d-name *. c-o-name *. CPP | D:/unxutils/usr/local/wbin/xargs D:/PC-Lint/lint-NT-I "d:/unxutils/usr/local"-U D: /PC-Lint/STD. lnt d:/PC-Lint/env-vc6.lnt
(3) You do not need to enter dir. Check iconic window, capture output, and parse links in output, and select file and then line.
(4) click menu... on the right ..., in the pop-up interface, select view in the drop-down box menu, select <End of menu> in the menu cotents below, and click Insert on the right.
(5) you can see the newly created pclint_prj under the source insight 3.5 menu view. Open the project and run pclint_prj to analyze the static code of the project.

2. PC-Lint usage

2.1 important files and programs under the PC-Lint directory
Lint-nt.exe: executable program for PC-lint.
Config.exe: the configuration file program of PC-lint.
Pc-lint.pdf: PC-Lint PDF format online manual, most of the content in this article is from.
Msg.txt: detailed explanation of the error message number.
LNT/: Some things in this directory are worth understanding.
Co-... LNT: the Optional compilation file of the specified compiler.
CO. LNT: A common optional compilation file.
SL-... C standard library file module of non-ANSI Compiler
SL. C: common standard library file module for non-ANSI Compilers
Env-... LNT: Optional files on different platforms, including MS Visual Studio and various other editing tools.
Lib-... LNT: Optional files, specific "challenging" library files.
Au-... LNT: Optional file, the test conditions recommended by the authors.

2.2 Introduction to PC-Lint
2.2.1 error message No.
For most error messages, PC-Lint provides an associated error number. If the error number is less than 1000, it is assigned to the C language. If the error number is greater than 1000, it is assigned to the C ++ language. What about 1000? It is retained. First read a table.
C ++ Warning Level
Syntax error (syntax errors) 1-199 1001-1199 1
Internal error (internal errors) 200-299 0
Fatal errors 300-399 0
Alert (warnings) 400-699 1400-1699 2
Prompt (Informational) 700-899 1700-1899 3
Optional information (elective notes) 900-999 1900-1999 4

For C language, 1 ~ 199 is a syntax error; 200 ~ 299 is a PC-Lint internal error and should never happen; 300 ~ 399 is a fatal error, usually because it exceeds certain limits; 400 ~ 699 is a warning message indicating that an error may exist in the checked program. 700 ~ 899 indicates the prompt information. The prompt information may be incorrect or legal, depending on your programming style. 900 ~ 999 is optional information and is not automatically output.

PC-Lint provides the advanced level setting option-wlevel. The default level is 3. -W0,-W1,-W2,-W3, and-W4 can generate alarms of the corresponding alarm level and lower level in the preceding table. The lower the level, the more important the alarm is. Similarly, the wlib (level) option is also provided to handle the header file alert level of the library function. The default level is also 3, which has the same meaning as the former.

2.2.2 option rules
You can use the plus sign "+" and minus sign "-" To insert a comment into the code to restore and block the specified checked options. The format is as follows:
/* Lint option1 option2... optional Commentary */
Or
// Lint option1 option2... optional commentary
Note: The lint must be in lowercase, and the option line cannot exceed 80 characters. Otherwise, a fatal error occurs. The error message number is 323. If the option is indeed long, you can use line breaks. In addition, the Code of the blocked and restored options can be placed in the macro definition. After the macro is expanded, these options will take effect.

2.2.3 space in Option
Because spaces are used to separate options, they can only appear next to parentheses or are referenced by spaces themselves (for example, operator new has spaces in the middle of syntax requirements ). For example:
-Esym (534, printf, scanf, operator new)
-Esym (534, printf, scanf, operator new)
-Esym (534, printf, scanf, operator new)
For the third, the space appears next to the parentheses, and also appears at the referenced place (operator new ). In addition, it is invalid to have two spaces between operator and new because it violates the syntax rules. In addition, double quotation marks ("") can be used to protect spaces. For example:
-"DWORD = unsigned short"

2.2.4 option category
There are more than 300 pC-Lint options, which can be divided into the following categories:
(1) forbidden error message
You can use "-e" to disable specified error messages and use "+ E" to restore specified error messages. If messages are not allowed to be output, the PC-Lint processing process is not affected. By the way, we mentioned "-wlevl". This option disables the display of messages at the specified level or above.

1) Format 1:
-E # disable the specified error message. # indicates a number or a number match character. The error message number is #.
+ E # restore the specified error message. The error message number is #.

For example:
/* Line-504 */
... Code .....
/* Lineplus 504 */
The first line closes the error message numbered 504, And the last line re-opens the error message numbered 504. The number can also contain the matching symbol ,'? 'Matches a single character, and "*" matches multiple characters.
For example:
(1)-E7 ???, 700 ~ 799 error messages in this range.
(2)-E1 *, all error messages starting with 1 are closed.
The matching characters can also be used in-esym,-elib,-elibsym,-efile,-efunc,-emacro,-etemplate,-E (#), -- E (#), -E {#} and-e {#}.

2) Format 2:
-E (# [, #]...) indicates that the specified error message is disabled for the next expression. After the expression ends, the forbidden error message is automatically restored. # indicates a number or a number matching character. The error message number is #.
For example:
A =/* lint-E (413) */* (char *) 0;
It is equivalent to the following statement:
A =/* lint-save-E413 */* (char *) 0
/* Lint-Restore */;
The previous method is simpler and more effective.

3) Format 3:
-- E (# [, #]...) is wider than the pipe above. It is valid for the entire expression. For example, we can see the difference between it and the above.
For example:
A =/* lint -- E (413) */* (int *) 0 + * (char *) 0;
The entire expression is * (int *) 0 + * (char *) 0, and the next expression is * (int *) 0. The difference is clear. In this example, two error messages numbered 413 are forbidden. If-E (413) is used, only the first error message numbered 413 is forbidden.

4) format 4:
-E {# [, #]…} Valid for the next statement or statement
For example:
// Lint-E {715} suppress "K not referenced"
Void F (int n, unsigned U, int K)
{
// Lint-E {732} suppress "loss of sign"
U = N; // 732 not issued
// Lint-E {713} suppress "loss of precision"
If (N)
{
N = u; // The 713 not issued
}
// 715 not issued
We can see from the example that this format is placed before the function, then it will take effect for the entire function. Before the value assignment statement, it will only take effect for the value assignment statement, before the if or while statement, this statement takes effect. If you set this option before class definition or namespace declaration in C ++, the error messages specified in the Code in the entire class or namespace are disabled.

5) format 5:
-- E {# [, #]… } Is valid for the entire code body in the region. The {} area may contain complex statements, function bodies, C ++ classes, struct or consortium definitions, and C ++ namespaces. If this option is placed in front of a module, but there is no {} before the module, it will take effect for the entire module.

6) format 6:
! E # only valid for the row in which it is located.
If (X = F (34) // lint! E720
Y = y/X;
In this example, only error messages numbered 720 are forbidden for that row. Let's take a look at the usage of the C language code:
If (X = F (34)/* lint! E720 */
Y = y/X;
If you want to disable more error messages and cannot use wildcards, you can use the following method:
N = u/-1; // lint! E573! E721

7) format 7:
-The ealetter parameter does not match.

8) format 8:
-Efile (#, file [, file]...) inhibits and
+ Efile (#, file [, file]...) re-enables

9) format 9:
-Efunc (#, symbol [, symbol]...) inhibits and
+ Efunc (#, symbol [, symbol]...) re-enables

10) format 10:
-Elib (# [, #]...) inhibits and
+ Elib (# [, #]...) re-enables

11) Format 11:
-Elibsym (# [, #]...) inhibits
+ Elibsym (# [, #]...) re-enables

12) format 12:
-Emacro (#, symbol ,...)
+ Emacro (#, symbol ,...)

13) format 13:
-Emacro (#), symbol ,...)
-- Emacro (#), symbol ,...)
-Emacro ({#}, symbol ,... )
-- Emacro ({#}, symbol ,... )

14) format 14:
-Esym (#, symbol [, symbol]...) inhibits and
+ Esym (#, symbol [, symbol]...) re-enables
Disables and restores the error message of the specified symbol. Here is an example of C ++ (which is unlikely to happen in practical applications ):
Class X
{
Void F (double, INT );
};
The analysis results will prompt that a line of member X: F (double, INT) is not referenced. to block this message, you can use
-Esym (754, X: F)
The complete signature of the symbol is X: F (double, INT). However, the symbol name is X: F, and the symbol name can be used to disable the emergence of error messages. In addition, the-esym and-e # options are independent. For example:
-E714 + esym (714, alpha)
For Alpha, It disables error messages numbered 714. The second option does not restore error messages numbered 714, unless there is a corresponding-esym (714, alpha ).

15) format:
-ETD (typediff [,...]) inhibits
+ ETD (typediff [,...]) re-enables

16) format 16:
-Etemplate (# [, #]...)
+ Etemplate (# [, #]...)
Disable and restore the error message in the extended template (expanding templates.

(2) variable type size and alignment options
1) variable type and size options
This set of options allows you to set the size and alignment of various variable types. Because the default settings are the same in most compilers, it is usually unnecessary to set these parameters separately. The variable type size option is for a specific architecture, not a local architecture. For example, if you need to set int and pointers to 16 bits for the embedded system, you should specify:
Lint-si2-sp2...
The list below, # represents a small integer value, just a few:
-Sb # the number of bytes is #. The default value is-sb8,
-SBO # sizeof (bool) is changed to a parameter. The default value is 1,
-SC # sizeof (char) is changed to #. The default value is 1,
-SLC # sizeof (long char) is changed to #. The default value is 2,
...
2) alignment options
There are only two Optional comments to detect irregular alignment. Their error numbers are 958 and 959. The details are omitted.

(3) lengthy information options
The lengthy information option is controlled by starting with-V and + v. the lengthy information refers to some information related to the compilation process generated during the detection process, or, lengthy information is related to the frequency and type of messages during compilation. If-V is used, the lengthy information is sent to the standard output, but + V is used. The lengthy information is sent to the standard output and standard error. The + V option is useful if you want to redirect error messages to a file and view lengthy information and interpreted error messages on the terminal.

(4) Flag options
Start with + F, ++ F,-F, and -- F to introduce the flag. A flag uses an integer value internally. Think:
If the integer value is greater than 0
Off if the integer value is less than or equal to 0
By default, 1 is on and 0 is off. The relationship is as follows:
+ F...: Set the flag to 1 and set it to on
-F...: Set it to off by setting the flag to 0.
+ + F...: the flag position increases by 1.
-- F...: the flag space minus 1
The following two options are useful when you only set the local flag without affecting global settings.

(5) message display options
The message display option defines the message output format.
1) control the height of error messages.
The-H option is used to control the message height. The common format is as follows:
-H [s] [f] [f] [a] [B] [r] [Mn] [m] [M/] [I] n
S indicates the space after each message. We will not discuss anything else.
2) control the width of the error message.
The format is as follows:
-Width (W, indent)
Example:-width (99,4)
3) Message formatting options
The format is as follows:
-Format =...
3) Additional information options
The format is as follows:
-Append (errno, string)
(6) other options
1)-A requires strict use of ansi c/C ++.
Others are not introduced.

2.2.5 database file check
The library files here refer to the compiled library files, such as standard I/O libraries and third-party library files, such as Windows library files. The important feature of library files is as follows:
(1) source code of the library file is usually not available.
(2) The Library file is used in multiple programs that are being checked using PC-lint.
The header file of the library describes part of the library or the complete interface. For example:
Hello. c
# Include <stdio. h>
Main ()
{
Helloworld ();
Printf ("Hello World/N ");
}

If no "# include <stdio. h> "this line of code uses PC-lint to check the above Code. PC-Lint will complain that printf () is neither declared nor defined, and a 718 error message will be displayed. If "stdio. H" is used as the header file of a library file, PC-Lint does not require the source code of printf.

(1) Format 1:
+ Libclass (identifier [, identifier]...)
Specifies the header file named identifier as the library header file. Identifier is one of the following:
Angle: header files included in all angle brackets
Foreign: All header files under the directory in the search list
ANSI: Standard ansi c/C ++ header file
ALL: All header files
By default, + libclass (angle, foreign) is valid, which is why the hello. C Code does not require printf () source code.
(2) Format 2:
+ Libdir (directory [, Directory]...)
-Libdir (directory [, Directory]...)
Directory.
(3) Format 3:
+ Libh (file [, file]...)
-Libh (file [, file]...)
Add or remove header files that have been determined by + libclass and +/-libdir to provide source code as required or not. For example:
+ Libclass (ANSI, angle)
+ Libh (Windows. H, graphics. h)
+ Libh (OS. H)-libh (float. h)
All ANSI and angle (except float. h) are required, and the three windows. H, graphics. H, and OS. h are also treated as library header files.

2.2.6 strong type check
What is a strong type? C/C ++ variables all have types, and assigning values between different types may generate alerts. It can be said that the type of C/C ++ variables is strongly typed. There are strong types, and naturally there are weak types. For example, in some scripting languages, their variables do not have specific types and can be assigned values to each other. They are weak type languages. Why do I need to perform a strong type check when I use PC-lint to check C/C ++? Because data types defined by typedef can be avoided by the compiler. For example:
Typedef int count;
Typedef int bool;
Count N;
Bool stop;
...
N = stop;

For this piece of code, the compiler will not trigger an alarm, but the last line of code is wrong. Therefore, the strong type check option is necessary.
The strong type check options "-strong" and the additional options "-index" can fully or partially perform a strong type check on the data types defined by typedef to ensure that variables of the same type can be assigned values to each other.
(1) The format of the strong type check option strong is as follows:
-Strong (flags [, name]...)
Name is a strong type, flags is a specified attribute, and flags can be a, J, X, B, B, l, and F. If the name is omitted, all flags attributes of the data type defined by typedef cannot be recognized by other-strong options.

Flags parameter characters weakened
A I ignore Initialization
R ignore Return Statement
P ignore parameter transfer
A. Ignore the value assignment operation.
C ignores the situation where constants (including Integer constants and constant strings) are assigned to a strong type.
Z ignores zero assignment

X checks the type when assigning a strong variable to other variables. The weakening parameters I, R, P, A, C, and Z are also applicable to the same effect of X.
J. Check when strong and other types of operations (logical operations, relational operations, mathematical operations, etc.)
E ignore = ,! = And? : Operator
R ignore>,> =, <and <=
O ignore +,-, *,/, %, |, &, and ^
C check when the preceding operations are ignored for this strong type and constant
Z checks whether this strong type and zero perform the preceding operations.
The B type is boolean. Generally, only one name (name in the format) can be used, and it should be used together with other flags.
Option B has two functions:
1. For the purpose of strong type check, each boolean operator returns a type compatible with type. The boolean operator is the display
True or false. It also includes the four Relational operators mentioned above and two equal-and-negative operators !, Binary operators & |.
2. Check this strong type in all contexts for bolean value determination, such as the if statement and while statement. Otherwise, an alarm is triggered.
B only assumes that each bolean operator returns a type-compatible return value. Compared with option B, option B has relatively loose restrictions.
L library flag. No alarm is triggered when a strong object obtains a value from the library function or passes the value of a strong object as a parameter to the library function.
If F is used with B or B, it indicates that the bit fields of the 1-bit length should not be regarded as boolean. Otherwise, it indicates that the bit fields of the 1-bit length are assumed to be of the Boolean Type by default.

The order of these options does not affect the functionality, but the weakened characters of option A and option J must follow them. Option B and option B cannot be used at the same time. option F must be used with option B or option B. If you do not specify these options, -Strong declares that type is a strong type without any check. The following code demonstrates the usage of the-strong option:
// Lint-strong (AB, bool) <the option is inserted into the code as a comment>
Typedef int bool;
Bool gt (int A, B)
{
If (a) Return A> B; // OK
Else return 0; // warning
}
In the code, bool is declared as a strong type. If option B is not specified, the comparison operation in the first return statement will be considered as not matching the function type. The second return statement causes an alarm because 0 is not of the bool type. if you add the C option, for example,-strong (Acb, bool), this alarm will be disabled.
(2) another strong-type check option is index. The format is as follows:
-Index (flags, ixtype, sitype [, sitype]...)
This option is a supplement to the strong option, which can be used with the-strong option. This option specifies that ixtype is an exclusive index type. It can be used together with an array (or pointer) of the strong index type sitype, ixtype and sitype are assumed to be the type names later defined using the typedef declaration. Flags can be C or D. C allows ixtype and constant to be used as indexes, while D allows you to specify the dimension (dimensions) of the array without ixtype ).

(To be continued)

 

References
[1] http://hi.baidu.com/pwcrab/blog/item/0de00e25e52c9b6334a80f24.html
[2] http://blog.163.com/xjming487@126/blog/static/2129513520091192956296/
[3] http://blog.csdn.net/chenliangming/archive/2008/12/03/3440208.aspx
[4] http://hi.baidu.com/qiupingwu/blog/item/43c92101fabbea067bec2cc9.html