I'm trying to decide which static checker to recommend, and deciding between PC Lint (which costs some cash) and splint (which costs setup time). Does anyone here have experience with both, and can comment on their preference?
Has anyone been so dissatisfied with splint that they switched to PC Lint, and did PC Lint solve the problem(s) that caused the dissatisfaction?
I have a more specific question, too, for users of PC Lint. I was just browsing the mailing list archives for splint, and found a mention where splint will complain about the following:
PC-lint is an awesome tool, and cheap. Splint (lclint) is a good tool, and free.
If you want to lint C++, PC-lint will do a good job of this. AFAIK, splint is C only.
FWIW, I've used PC-lint for years (since the late 1980's), and have only played with lclint (precursor to splint), so I may not be the responder you're looking for.
C:\Dave>type ltst.c
typedef unsigned char UINT8; typedef unsigned short UINT16;
--- Module: ltst.c _ static foo(void) { ltst.c 7 Info 808: No explicit type given symbol 'foo', int assumed _ n = k; ltst.c 9 Info 734: Loss of precision (assignment) (16 bits to 8 bits) _ } ltst.c 10 Warning 533: function 'foo(void)' should return a value (see line 7) ltst.c 7 Info 830: Location cited in prior message
--- Wrap-up for Module: ltst.c
Warning 528: Symbol 'foo(void)' (line 7, file ltst.c) not referenced ltst.c 7 Info 830: Location cited in prior message
The "-u" option specifies a "unit lint," so messages such as "no main" are suppressed.
Note I had to add the typedefs. The "m=5" line did not generate a message, but "n=k" did. Also note the fact that foo was declared with implicit int was noted, as well as the fact it does not return a value, and was not used, even though declared static.
Making some slight modifications produces this result:
C:\Dave>type ltst.c typedef unsigned char UINT8; typedef unsigned short UINT16;
I.e., no messages. PC-lint is smart enough to see you've purposely chopped off the MSB of k before storing it in n, so it generates no message. A cast would work as well.
Two features that set PC-lint apart from splint (or any other lint AFAIK) are its customization features and its flexibility in selectively suppressing messages.
The former is indidpensible when dealing with compilers for small embedded targets (dealing with things like in-line assembly and special syntax for I/O registers).
The latter lets you suppress a message for an entire lint session, a single file, between a particular pair of braces, on a single line, within a single expression, or for a set of symbols. I can expand on this if you're interested.
I have, and it does unless you tell it to consider all integer types equivalent. As was posted earlier, that then disable warnings for things like this:
uint8_t b; uint32_t l;
[...]
b = l;
I thought so when I posted it to the splint mailing list. Nobody really seemed to care.
Splint doesn't think so.
That's what a reasonable person would expect. That's not what split does. It considers the two lines sematically equivalent since '5' is an 'int'. You either get warnings on both or neither. At the point where splint generates the warning, the only information left is that the RHS was an 'INT'. It has discarded the information that it was a literal that will fit into 8 bits. To get reasonable behavior from splint would require extensive modifications.
Last time I checked the Unix versions were hideously expensive, but I should check again.
--
Grant Edwards grante Yow! ... Get me a GIN
at and TONIC!!...make it
visi.com HAIR TONIC!!
Yup. IMO, splint is pretty much useless unless. You either have to disable so many warnings that it lets bugs through, or you have to put in a half-dozen typecasts in every line of code. The sheer unreadability of the latter will probably create more bugs than turning off the warnings.
--
Grant Edwards grante Yow! I think my CAREER
at is RUINED!!
visi.com
Maroons? That's a bit harsh, though I have never understood their FlexeLint pricing, even if it is distributed in source form.
Note, however, the Windoze version includes DOS and OS/2 binaries, and the Win32 version is a console app. I have seen speculation it could run in DOSEMU or wine or something similar. Never tried it myself, though. They have a 30-day money back guarantee...
Really? I'll have to pay attention to my Bugs Bunny cartoons closer -- I didn't think it was a very harsh term.
The fact that it's in obfuscated source files doesn't increase the value to the customer, so why should the price be higher? The attitude that an app for Linux should cost 5X the price for the same app on XP (a much more expensive system both SW-wise and HW-wise) seems quite silly and outdated. Just the type of thing that would cause Bugs to exclaim "What a maroon!"
I'm also alergic to node-locked stuff. I've been burned too many times when a motherboard, disk drive, or whatnot died and I had to cough up a pile of cash for the privledge of running a program I already paid for once.
Probably so. I'm sure it would run under Win4Lin, but it's a lot of hassle either way and exceeds my pain threshold. Cranking up the warnings on gcc does a fair job.
--
Grant Edwards grante Yow! Is this my STOP??
at
visi.com
At the time I started contracting for a new client, I was a PC Lint user. I needed to lint the client's code looking for (among other things) header files that were included without necessity. Not wanting the client to pay for PC Lint, I decided to try splint. After a moderately length setup session, I discovered that (to my knowledge) splint does not report such things (unused header files). Having discovered that, and being unimpressed with splint in general compared to PC Lint, I recommended that the client purchase PC Lint and after others evaluated it also, they ended up with a site license.
I don't think you can go wrong with PC Lint. IMHO, it's small price is worth it compared to what I've experienced of the free stuff.
There is nothing to stop you from checking your Linux code on your Windows machine except that it's not quite so convenient. I copy it from the Linux machine to Windows to get the worst errors out then return it.
I have previously used splint and currently use PCLint. Splint was good, but it did need a lot of setting up and had some problems with unwanted warning that are hard to individually suppress (such as the example you gave). PCLint is better, especially for strong typing, and it is easier to tailor to your needs. I you have time to spare, I would try splint first. If it is being bought for your work, I would get PCLint.
PCLint can be configured to ignore the assignment of constants when it does its type checking (I use this setup to avoid this very problem).
Thank you everyone for your responses. It looks to me as though PC Lint is what I'll recommend at work. The vast majority of the code is in C, and there's a tiny percentage of C++. However, that may change.
I have another question for those who use either tool; how the speed of a lint run compare to building your code? Is it faster? Slower? How much?
I'm asking because we have code that's shared across multiple projects. When you check in a file that is used by another project, that project gets updated too. The advanages are that everyone gets to benefit from the updates right away, but the downsides are that what works in one project may break another. Maybe someone used a #defined value from a non-shared file in a shared file, or something similar. Folks usually don't bother building all of the other projects that share their file before checking in code, due to looming deadlines on their own projects. They usually get away with it, but it sure can be a headache when you have to make sure updating your sandbox won't cause a break before you actually update it. It's impractical to ask people to always check every affected build before checking in updates, because it would take several hours to build every flavor of every project, during which time there may have been more updates. Of course we have an automated builder so it doesn't get out of control. But, if lint is fast enough, people could lint the other projects before checking in their code.
Of course, I could always try it once we have it. But, knowing this ahead of time could help make the argument to purchase.
Lint is _much_ faster. It's often so quick that my knee-jerk reaction is "Oops, what went wrong?... Oh, it's just done."
The current project I'm working on is fairly small. About 6k of code using avr-gcc. Consisting of 7 .c and 7 .h files totaling about 112k of code on the disk. Building and linking the object files using make takes about 3 seconds (2.77 according to the system clock) on my system. Linting everything with "make lint" takes less than a second (0.36 seconds, identical to performing a make with an up-to-date build). Removing make from the equation and linting everything from the command line takes even less time (0.16 seconds). These are crude timings, performed by running batch files that look something like:
time < nul make time < nul
PC-lint has the ability to create "lint object" files so you only have to lint what actually has changed. But IME linting an entire project takes so little time that it's not been worthwhile to use them.
Exactly my point. Which is why I don't understand it.
[...]
I think you're reading too much into the phrase "non-floating," or maybe "A single user on a computer workstation." AFAIK, there is no software licensing management for FlexeLint (there certainly is none for PC-lint).
The only restriction of that type I see in the "workstation" license is that it forbids you to access the program through a network. If your mobo, hard drive, or whatever failed, I expect you could replace any part or all of the system and legally continue to use the program under the terms of the license. But, of course, IANAL. You could ask Gimpel if you have any questions. IME, they're very reasonable to deal with.
In at least one sense you're right. If you can't be bothered to run lint, it won't do you any good. But IMHO, the greater pain is trying to work _without_ lint.
Compilers are much better at this than they were when I began using PC-lint. But they still don't come close.
So I actually have to be physically logged-in to that very machine with my keyboard, mouse and monitor connected to it? I can't use an X-Terminal with it? If /usr is mounted from a remote machine, I can't use it? What kind of maroon thinks up these things...
(Running splint against kernel sources is ... interesting)
cheers, Rich.
--
rich walker | Shadow Robot Company | rw@shadow.org.uk
technical director 251 Liverpool Road |
need a Hand? London N1 1LX | +UK 20 7700 2487
www.shadow.org.uk/products/newhand.shtml
Again, IANAL, but I believe you can. You are still the only user, and you are running the program on that one workstation, and that workstation isn't accessing the program over a network. The license doesn't say you are limited to a single keyboard or display. As long as you don't try to run the software on your local machine...
Well, they do have floating licenses, with the cost delta for additional simultaneous users at or below the cost for a single workstation license. Of course, those have an even higher entry point, and are limited to a LAN...
None of which explains why the cost of licensing FlexeLint is so much greater than PC-lint. My best guess is that support costs might be higher because of the distribution method.
But even at 4x the cost, that just means it takes a month to pay for itself rather than a week.
If FlexeLint is installed under /usr, I believe it does say that.
Just an average Joe (or above-average Jim) trying to make a living, I guess. I expect the FlexeLint licensing policies are costing Gimpel customers. I'm beginning to think it's not costing him any profits, however...
[...]
-W -DNDEBUG
Probably fair, as Grant said.
[...]
I don't know much about splint, so this didn't mean much to me. The project.lnt file for the project I'm current working on looks like this:
--- begin included file --- // Compiler definitions // c:\lint\lnt\co-gnu3.lnt // 2.95.3 and later
-si2 // Change int and ptr sizes for AVR
-sp2
//c:\lint\lnt\au-misra.lnt // MISRA checking
// Header file locations //
-i"C:\WinAVR\avr\include"
-i"C:\WinAVR\lib\gcc\avr\3.4.1\include"
// Project definitions //
-d__AVR_ATmega16__ // Compiler does this from MCU definition
-dOSC_FREQ=12000000 // Make file derives this from HZ
-dDBUG=0
-dHIGH_CAP=0
-dDISABLE_VBATT_TEST=0
// Error reporting suspension // // Some GNU macros return a value from bracketed expressions. //
-emacro(155,__LPM*)
// Interrupt vectors must be extern but aren't referenced //
-esym(714,__vector_*)
-esym(765,__vector_*)
// Global macros in header files might not all be used // Global typedefs might not all be used //
-esym(755,EE_*,IO_*,ADC_*,ADCSR_*)
-esym(756,S8,U8,S16,U16,S32,U32)
--- end included file ---
The options probably do what you expect. The -esym options disable a message for particular symbols, and -emacro disables the message during the invocation of the specified macros.
For example, I have a header file that defines typedefs for S8, U8, etc. Nowhere in this project do I have a signed 32-bit integer. Without the last line in the file shown above, I'd get a message 756 (global typedef not referenced) message for S32.
I don't have the MISRA checking options enabled (yet -- they're commented out). We're at the prototype stage at this point.
The subtitle of Chapter 14 (Living with Lint) of the PC-lint/FlexeLint manual is "Don't Kill the Messenger."
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.