PC Lint vs. splint

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View
I'm trying to decide which static checker to recommend, and deciding
between PC Lint (which costs some cash) and splint (which costs setup
time).  Does anyone here have experience with both, and can comment
on their preference?

Has anyone been so dissatisfied with splint that they switched to
PC Lint, and did PC Lint solve the problem(s) that caused the
dissatisfaction?

I have a more specific question, too, for users of PC Lint. I was just
browsing the mailing list archives for splint, and found a mention
where splint will complain about the following:
Quoted text here. Click to load it
UINT8 n;

static foo(void) {
  n = 5;
}
<<<

because 5 is an int instead of an unsigned 8 bit int. Workarounds for
this in the code are just ugly style wise, like casting (which may
hide a real problem) or assigning  n = 'x05'.  When that warning is
turned off, a valid warning is also surpressed, as in this case:

Quoted text here. Click to load it
UINT8   n;
UINT16  k;

static foo(void) {
  n = k;
}
<<<

How does PC Lint handle these cases?

Thanks,
Jeanne
(not my real email address - this account was set up long ago)

Re: PC Lint vs. splint

Quoted text here. Click to load it
If you need c++ then PC Lint is the only option that I found so I didn't go
too far down the splint route.

Peter



Re: PC Lint vs. splint

Quoted text here. Click to load it

PC-lint is an awesome tool, and cheap.  Splint (lclint) is a good
tool, and free.

If you want to lint C++, PC-lint will do a good job of this.  AFAIK,
splint is C only.

Quoted text here. Click to load it

FWIW, I've used PC-lint for years (since the late 1980's), and have
only played with lclint (precursor to splint), so I may not be the
responder you're looking for.

Quoted text here. Click to load it

I would be surprised if splint flagged that.  Have you tried it?

At a PPOE I used a compiler that would flag

   extern void fn(unsigned char);

   fn(0);

because converting the int (0) to unsigned char might lose significant
bits.  But that (and your example) are beyond picky -- they're just
plain wrong.

Quoted text here. Click to load it

Assuming you mean '\x05'...

That wouldn't make sense because '\x05' is every bit as much an int as
5 is.

Quoted text here. Click to load it

Here is a slightly modified version of your test code runt through
PC-lint:

Quoted text here. Click to load it
C:\Dave>type ltst.c

typedef unsigned char UINT8;
typedef unsigned short UINT16;

UINT8   n, m;
UINT16  k;

static foo(void) {
  m = 5;
  n = k;
}

C:\Dave>lint-nt -u ltst.c
PC-lint for C/C++ (NT) Ver. 8.00q, Copyright Gimpel Software 1985-2004

--- Module:   ltst.c
                 _
static foo(void) {
ltst.c  7  Info 808: No explicit type given symbol 'foo', int assumed
       _
  n = k;
ltst.c  9  Info 734: Loss of precision (assignment) (16 bits to 8
bits)
_
}
ltst.c  10  Warning 533: function 'foo(void)' should return a value
(see line
    7)
ltst.c  7  Info 830: Location cited in prior message

    --- Wrap-up for Module: ltst.c

Warning 528: Symbol 'foo(void)' (line 7, file ltst.c) not referenced
ltst.c  7  Info 830: Location cited in prior message

Quoted text here. Click to load it

The "-u" option specifies a "unit lint," so messages such as "no main"
are suppressed.

Note I had to add the typedefs.  The "m=5" line did not generate a
message, but "n=k" did.  Also note the fact that foo was declared with
implicit int was noted, as well as the fact it does not return a
value, and was not used, even though declared static.

Making some slight modifications produces this result:

Quoted text here. Click to load it
C:\Dave>type ltst.c
typedef unsigned char UINT8;
typedef unsigned short UINT16;

UINT8   n, m;
UINT16  k;

void foo(void) {
  m = 5;
  n = k & 0xFF;
}


C:\Dave>lint-nt -u ltst.c
PC-lint for C/C++ (NT) Ver. 8.00q, Copyright Gimpel Software 1985-2004

--- Module:   ltst.c

C:\Dave>
Quoted text here. Click to load it

I.e., no messages.  PC-lint is smart enough to see you've purposely
chopped off the MSB of k before storing it in n, so it generates no
message.  A cast would work as well.

Two features that set PC-lint apart from splint (or any other lint
AFAIK) are its customization features and its flexibility in
selectively suppressing messages.  

The former is indidpensible when dealing with compilers for small
embedded targets (dealing with things like in-line assembly and
special syntax for I/O registers).

The latter lets you suppress a message for an entire lint session, a
single file, between a particular pair of braces, on a single line,
within a single expression, or for a set of symbols.  I can expand on
this if you're interested.

Also see www.gimpel.com for more info.  Regards,

                               -=Dave
--
Change is inevitable, progress is not.

Re: PC Lint vs. splint
Quoted text here. Click to load it

I did, and indeed, splint complains about it. Splint also complains about
things like "if (n < 5)" when n is unsigned.

Meindert



Re: PC Lint vs. splint
Quoted text here. Click to load it

Yup.  IMO, splint is pretty much useless unless.  You either
have to disable so many warnings that it lets bugs through, or
you have to put in a half-dozen typecasts in every line of
code.  The sheer unreadability of the latter will probably
create more bugs than turning off the warnings.

--
Grant Edwards                   grante             Yow!  I think my CAREER
                                  at               is RUINED!!
We've slightly trimmed the long signature. Click to see the full one.
Re: PC Lint vs. splint

Quoted text here. Click to load it

I have, and it does unless you tell it to consider all integer
types equivalent.  As was posted earlier, that then disable
warnings for things like this:

uint8_t b;
uint32_t l;

[...]

b = l;
 
Quoted text here. Click to load it

I thought so when I posted it to the splint mailing list.
Nobody really seemed to care.

Quoted text here. Click to load it

Splint doesn't think so.

Quoted text here. Click to load it

That's what a reasonable person would expect.  That's not what
split does.  It considers the two lines sematically equivalent
since '5' is an 'int'.  You either get warnings on both or
neither. At the point where splint generates the warning, the
only information left is that the RHS was an 'INT'.  It has
discarded the information that it was a literal that will fit
into 8 bits.  To get reasonable behavior from splint would
require extensive modifications.

Quoted text here. Click to load it

Last time I checked the Unix versions were hideously expensive,
but I should check again.

--
Grant Edwards                   grante             Yow!  ... Get me a GIN
                                  at               and TONIC!!...make it
We've slightly trimmed the long signature. Click to see the full one.
Re: PC Lint vs. splint

Quoted text here. Click to load it

Yup, still is.  A node locked copy ofr Windows is $240, a node
locked copy for Linux is $1000.   What a bunch of maroons...

--
Grant Edwards                   grante             Yow!  This ASEXUAL
                                  at               PIG really BOILS
We've slightly trimmed the long signature. Click to see the full one.
Re: PC Lint vs. splint

Quoted text here. Click to load it

Maroons?  That's a bit harsh, though I have never understood their
FlexeLint pricing, even if it is distributed in source form.

Note, however, the Windoze version includes DOS and OS/2 binaries, and
the Win32 version is a console app.  I have seen speculation it could
run in DOSEMU or wine or something similar.  Never tried it myself,
though.  They have a 30-day money back guarantee...

Regards,

                               -=Dave
--
Change is inevitable, progress is not.

Re: PC Lint vs. splint

Quoted text here. Click to load it

Really?  I'll have to pay attention to my Bugs Bunny cartoons
closer -- I didn't think it was a very harsh term.

Quoted text here. Click to load it

The fact that it's in obfuscated source files doesn't increase
the value to the customer, so why should the price be higher?
The attitude that an app for Linux should cost 5X the price for
the same app on XP (a much more expensive system both SW-wise
and HW-wise) seems quite silly and outdated.  Just the type of
thing that would cause Bugs to exclaim "What a maroon!"

I'm also alergic to node-locked stuff.  I've been burned too
many times when a motherboard, disk drive, or whatnot died and
I had to cough up a pile of cash for the privledge of running a
program I already paid for once.

Quoted text here. Click to load it

Probably so.  I'm sure it would run under Win4Lin, but it's a
lot of hassle either way and exceeds my pain threshold.
Cranking up the warnings on gcc does a fair job.

Quoted text here. Click to load it

--
Grant Edwards                   grante             Yow!  Is this my STOP??
                                  at              
We've slightly trimmed the long signature. Click to see the full one.
Re: PC Lint vs. splint

Quoted text here. Click to load it
[...]
Quoted text here. Click to load it

Exactly my point.  Which is why I don't understand it.

[...]

Quoted text here. Click to load it

I think you're reading too much into the phrase "non-floating," or
maybe "A single user on a computer workstation."  AFAIK, there is no
software licensing management for FlexeLint (there certainly is none
for PC-lint).

The only restriction of that type I see in the "workstation" license
is that it forbids you to access the program through a network.  If
your mobo, hard drive, or whatever failed, I expect you could replace
any part or all of the system and legally continue to use the program
under the terms of the license.  But, of course, IANAL.  You could ask
Gimpel if you have any questions.  IME, they're very reasonable to
deal with.

Quoted text here. Click to load it

In at least one sense you're right.  If you can't be bothered to run
lint, it won't do you any good.  But IMHO, the greater pain is trying
to work _without_ lint.

Quoted text here. Click to load it

Compilers are much better at this than they were when I began using
PC-lint.  But they still don't come close.

Regards,

                               -=Dave
--
Change is inevitable, progress is not.

Re: PC Lint vs. splint

Quoted text here. Click to load it

That's ridiculous.  I can't ssh in from home and work?  I can't
work with an X window displayed on a different machine?

Bah.  Somebody should drag Gimpel into the 1990's.

Quoted text here. Click to load it

Except for the pricing and license terms, apparently.

--
Grant Edwards                   grante             Yow!  I was in a HOT
                                  at               TUB! I was NORMAL! I was
We've slightly trimmed the long signature. Click to see the full one.
Re: PC Lint vs. splint

Quoted text here. Click to load it
[...]
Quoted text here. Click to load it

Again, IANAL, but I believe you can.  You are still the only user, and
you are running the program on that one workstation, and that
workstation isn't accessing the program over a network.  The license
doesn't say you are limited to a single keyboard or display.  As long
as you don't try to run the software on your local machine...  

Quoted text here. Click to load it

Well, they do have floating licenses, with the cost delta for
additional simultaneous users at or below the cost for a single
workstation license.  Of course, those have an even higher entry
point, and are limited to a LAN...

None of which explains why the cost of licensing FlexeLint is so much
greater than PC-lint.  My best guess is that support costs might be
higher because of the distribution method.

But even at 4x the cost, that just means it takes a month to pay for
itself rather than a week.

Regards,

                               -=Dave
--
Change is inevitable, progress is not.

Re: PC Lint vs. splint
snipped-for-privacy@hotmail.com (Dave Hansen) writes:

[snip]
Quoted text here. Click to load it

So I actually have to be physically logged-in to that very machine with
my keyboard, mouse and monitor connected to it? I can't use an
X-Terminal with it? If /usr is mounted from a remote machine, I can't
use it? What kind of maroon thinks up these things...

Quoted text here. Click to load it

CFLAGS :=  -D__USE_GNU=1 -D__USE_MISC=1 -D__USE_BSD=1 -D_GNU_SOURCE=1 -O -Wall
-W -DNDEBUG
CFLAGS +=  -Wcast-align -Wpointer-arith -Wbad-function-cast -Wsign-compare
CFLAGS +=  -Wno-unused -Wundef  -Wmissing-noreturn -Wmissing-format-attribute

does pretty well for me.

Mind you, I have a .splintrc in every directory as well - typical
contents:

-I/usr/src/linux/include/ -I/usr/src/rtai/include/
-I/usr/lib/gcc-lib/i386-linux/3.2.3/include/ -I/usr/include

-realcompare
-predboolint
-boolops
-exportlocal
-fcnuse
-exitarg
-booltype bool
-fullinitblock
+charindex
+charint
-formattype
-castfcnptr
-shiftimplementation

-Dsizeof(x)=(size_t)(sizeof(x))
-D_GNU_SOURCE=1
-D__GNUC__=3
-D__GNUC_MINOR__=2
-D__STDC__
-D__signed__=
-D__const__=const
-D__inline__=inline
-D__attribute__(x)=
-D__const=const
-D__restrict=
-DKERNEL
-D__builtin_va_list=int

(Running splint against kernel sources is ... interesting)

cheers, Rich.

--
rich walker         |  Shadow Robot Company | snipped-for-privacy@shadow.org.uk
technical director     251 Liverpool Road   |
We've slightly trimmed the long signature. Click to see the full one.
Re: PC Lint vs. splint

Quoted text here. Click to load it
[...]
Quoted text here. Click to load it

It doesn't say that.

Quoted text here. Click to load it

It doesn't say that either.


Quoted text here. Click to load it

If FlexeLint is installed under /usr, I believe it does say that.

Quoted text here. Click to load it

Just an average Joe (or above-average Jim) trying to make a living, I
guess.  I expect the FlexeLint licensing policies are costing Gimpel
customers.  I'm beginning to think it's not costing him any profits,
however...

[...]

Quoted text here. Click to load it
-W -DNDEBUG
Quoted text here. Click to load it

Probably fair, as Grant said.

Quoted text here. Click to load it

[...]

I don't know much about splint, so this didn't mean much to me.  The
project.lnt file for the project I'm current working on looks like
this:

--- begin included file ---
// Compiler definitions
//
c:\lint\lnt\co-gnu3.lnt         // 2.95.3 and later
-si2                            // Change int and ptr sizes for AVR
-sp2

//c:\lint\lnt\au-misra.lnt        // MISRA checking

// Header file locations
//
-i"C:\WinAVR\avr\include"
-i"C:\WinAVR\lib\gcc\avr.4.1\include"

// Project definitions
//
-d__AVR_ATmega16__          // Compiler does this from MCU definition
-dOSC_FREQ12%000000         // Make file derives this from HZ
-dDBUG=0
-dHIGH_CAP=0
-dDISABLE_VBATT_TEST=0

// Error reporting suspension
//
// Some GNU macros return a value from bracketed expressions.
//
-emacro(155,__LPM*)

// Interrupt vectors must be extern but aren't referenced
//
-esym(714,__vector_*)
-esym(765,__vector_*)

// Global macros in header files might not all be used
// Global typedefs might not all be used
//
-esym(755,EE_*,IO_*,ADC_*,ADCSR_*)
-esym(756,S8,U8,S16,U16,S32,U32)

--- end included file ---

The options probably do what you expect.  The -esym options disable a
message for particular symbols, and -emacro disables the message
during the invocation of the specified macros.  

For example, I have a header file that defines typedefs for S8, U8,
etc.  Nowhere in this project do I have a signed 32-bit integer.
Without the last line in the file shown above, I'd get a message 756
(global typedef not referenced) message for S32.  

I don't have the MISRA checking options enabled (yet -- they're
commented out).  We're at the prototype stage at this point.

Quoted text here. Click to load it

The subtitle of Chapter 14 (Living with Lint) of the PC-lint/FlexeLint
manual is "Don't Kill the Messenger."

Regards,

                               -=Dave
--
Change is inevitable, progress is not.

Re: PC Lint vs. splint

Quoted text here. Click to load it

If the company even exists by the time that happens!

It's too bad there's not a law requiring companies discontinuing software
known to be in current use to place it in the public domain...

Rufus




Re: PC Lint vs. splint

Quoted text here. Click to load it
There is nothing to stop you from checking your Linux code on your Windows
machine except that it's not quite so convenient. I copy it from the Linux
machine to Windows to get the worst errors out then return it.

Regards,
Peter



Re: PC Lint vs. splint

Quoted text here. Click to load it

I would, but I really don't want to reward Gimple's
short-sightedness.

--
Grant Edwards                   grante             Yow!  The PINK SOCKS were
                                  at               ORIGINALLY from 1952!! But
We've slightly trimmed the long signature. Click to see the full one.
Re: PC Lint vs. splint
snipped-for-privacy@hotmail.com (Dave Hansen) wrote in message
Quoted text here. Click to load it

Thank you everyone for your responses. It looks to me as though PC Lint
is what I'll recommend at work. The vast majority of the code is in C,
and there's a tiny percentage of C++. However, that may change.

I have another question for those who use either tool; how the speed of
a lint run compare to building your code? Is it faster? Slower? How
much?

I'm asking because we have code that's shared across multiple projects.
When you check in a file that is used by another project, that project
gets updated too. The advanages are that everyone gets to benefit from
the updates right away, but the downsides are that what works in one
project may break another. Maybe someone used a #defined value from a
non-shared file in a shared file, or something similar. Folks usually
don't bother building all of the other projects that share their file
before checking in code, due to looming deadlines on their own projects.
They usually get away with it, but it sure can be a headache when you
have to make sure updating your sandbox won't cause a break before you
actually update it.  It's impractical to ask people to always check
every affected build before checking in updates, because it would take
several hours to build every flavor of every project, during which time
there may have been more updates. Of course we have an automated builder
so it doesn't get out of control. But, if lint is fast enough, people
could lint the other projects before checking in their code.

Of course, I could always try it once we have it. But, knowing this
ahead of time could help make the argument to purchase.

Thanks again,
Jeanne

(not my real email address)

Re: PC Lint vs. splint

[...]
Quoted text here. Click to load it

Lint is _much_ faster.  It's often so quick that my knee-jerk reaction
is "Oops, what went wrong?... Oh, it's just done."

The current project I'm working on is fairly small.  About 6k of code
using avr-gcc.  Consisting of 7 .c and 7 .h files totaling about 112k
of code on the disk.  Building and linking the object files using make
takes about 3 seconds (2.77 according to the system clock) on my
system.  Linting everything with "make lint" takes less than a second
(0.36 seconds, identical to performing a make with an up-to-date
build).  Removing make from the equation and linting everything from
the command line takes even less time (0.16 seconds).  These are crude
timings, performed by running batch files that look something like:

   time < nul
   make
   time < nul

PC-lint has the ability to create "lint object" files so you only have
to lint what actually has changed.  But IME linting an entire project
takes so little time that it's not been worthwhile to use them.

Regards,

                               -=Dave
--
Change is inevitable, progress is not.

Re: PC Lint vs. splint

Quoted text here. Click to load it
 
Sounds like you may also benefit from installing a decent version control
system with sand-boxing capabilities. That way you would not affect the
other projects in a haphazard way. They could get to benefit from updates
of the common source tree when they were good and ready for it.


--
********************************************************************
We've slightly trimmed the long signature. Click to see the full one.

Site Timeline